diff --git a/0001-suse-ifcfg-files.patch b/0001-suse-ifcfg-files.patch
new file mode 100644
index 0000000..193beee
--- /dev/null
+++ b/0001-suse-ifcfg-files.patch
@@ -0,0 +1,168 @@
+Combined patch for https://github.com/firewalld/firewalld/pull/262
+- https://github.com/firewalld/firewalld/commit/593d3158e9147b230f6b2307dabe6b6d294a539f
+- https://github.com/firewalld/firewalld/commit/399cf02ffef846281a67421b2c1d1cf818af8f61
+- https://github.com/firewalld/firewalld/commit/278938d754b2ede993992987cc6c2418c82b85a0
+
+diff --git a/configure.ac b/configure.ac
+index 776e627b..7cd11758 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -67,6 +67,11 @@ AC_ARG_WITH([bashcompletiondir],
+ [BASHCOMPLETIONDIR=$withval], [BASHCOMPLETIONDIR="${datadir}/bash-completion/completions"])
+ AC_SUBST(BASHCOMPLETIONDIR)
+
++AC_ARG_WITH([ifcfgdir],
++ AS_HELP_STRING([--with-ifcfgdir=DIR], [The ifcfg configuration directory]),
++ [IFCFGDIR=$withval], [IFCFGDIR="/etc/sysconfig/network-scripts"])
++AC_SUBST(IFCFGDIR)
++
+ # Extend PATH to include /sbin etc in case we are building as non-root
+ FW_TOOLS_PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin"
+
+diff --git a/doc/xml/Makefile.am b/doc/xml/Makefile.am
+index db649b61..6df3b8c4 100644
+--- a/doc/xml/Makefile.am
++++ b/doc/xml/Makefile.am
+@@ -2,7 +2,8 @@ XSLTPROC = xsltproc
+
+ EXTRA_DIST = $(HTMLS:../html/%.html=%.xml) \
+ authors.xml notes.xml seealso.xml errorcodes.xml \
+- transform-man.xsl.in transform-html.xsl.in
++ transform-man.xsl.in transform-html.xsl.in \
++ firewalld.xml.in firewall-cmd.xml.in firewallctl.xml.in
+
+ man_MANS = $(man1_MANS) $(man5_MANS)
+ HTMLS = $(man1_MANS:../man/man1/%.1=../html/%.html) $(man5_MANS:../man/man5/%.5=../html/%.html)
+@@ -29,7 +30,8 @@ man5_MANS = \
+ ../man/man5/firewalld.zones.5
+
+ CLEAN_FILES = *~ errorcodes.xml
+-DISTCLEANFILES = $(man_MANS) $(HTMLS) transform-*.xsl
++DISTCLEANFILES = $(man_MANS) $(HTMLS) transform-*.xsl \
++ firewalld.xml firewall-cmd.xml firewallctl.xml
+
+ #SGML_CATALOG_FILES
+ #XSLTPROC_FLAGS = --catalogs --nonet --xinclude
+@@ -44,9 +46,9 @@ all: $(man_MANS) $(HTMLS)
+ clean:
+ -test -z "$(CLEAN_FILES)" || rm -f $(CLEAN_FILES)
+
+-../man/man1/firewall-cmd.1: errorcodes.xml
++../man/man1/firewall-cmd.1: errorcodes.xml firewall-cmd.xml
+
+-../html/firewall-cmd.html: errorcodes.xml
++../html/firewall-cmd.html: errorcodes.xml firewall-cmd.xml
+
+ ../man/man1/%.1: %.xml authors.xml notes.xml seealso.xml transform-man.xsl
+ $(XSLTPROC) -o $@ $(XSLTPROC_MAN_FLAGS) $<
+@@ -67,9 +69,16 @@ errorcodes.xml: ../../src/firewall/errors.py
+ edit = sed \
+ -e 's|\@PREFIX\@|$(prefix)|' \
+ -e 's|\@SYSCONFDIR\@|$(sysconfdir)|' \
+- -e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|'
++ -e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|' \
++ -e 's|\@IFCFGDIR\@|$(IFCFGDIR)|'
+
+ transform-man.xsl: transform-man.xsl.in
+ $(edit) $< >$@
+ transform-html.xsl: transform-html.xsl.in
+ $(edit) $< >$@
++firewall-cmd.xml: firewall-cmd.xml.in
++ $(edit) $< >$@
++firewalld.xml: firewalld.xml.in
++ $(edit) $< >$@
++firewallctl.xml: firewallctl.xml.in
++ $(edit) $< >$@
+diff --git a/doc/xml/firewall-cmd.xml b/doc/xml/firewall-cmd.xml.in
+similarity index 99%
+rename from doc/xml/firewall-cmd.xml
+rename to doc/xml/firewall-cmd.xml.in
+index 0b54b0be..80b1fbe1 100644
+--- a/doc/xml/firewall-cmd.xml
++++ b/doc/xml/firewall-cmd.xml.in
+@@ -910,7 +910,7 @@ For interfaces that are not under control of NetworkManager, firewalld tries to
+
+
+ As a end user you don't need this in most cases, because NetworkManager (or legacy network service) adds interfaces into zones automatically (according to option from ifcfg-interface file) if NM_CONTROLLED=no is not set.
+- You should do it only if there's no /etc/sysconfig/network-scripts/ifcfg-interface file.
++ You should do it only if there's no @IFCFGDIR@/ifcfg-interface file.
+ If there is such file and you add interface to zone with this option, make sure the zone is the same in both cases, otherwise the behaviour would be undefined.
+ Please also have a look at the firewalld1 man page in the Concepts section.
+ For permanent association of interface with a zone, see also 'How to set or change a zone for a connection?' in firewalld.zones5.
+diff --git a/doc/xml/firewallctl.xml b/doc/xml/firewallctl.xml.in
+similarity index 99%
+rename from doc/xml/firewallctl.xml
+rename to doc/xml/firewallctl.xml.in
+index 30be89f0..1c6d2f22 100644
+--- a/doc/xml/firewallctl.xml
++++ b/doc/xml/firewallctl.xml.in
+@@ -601,7 +601,7 @@
+
+
+ As a end user you don't need to create or change zone bindings of interfaces in most cases, because NetworkManager (or legacy network service) adds interfaces into zones automatically (according to option from ifcfg-interface file) if NM_CONTROLLED=no is not set.
+- You should do it only if there's no /etc/sysconfig/network-scripts/ifcfg-interface file.
++ You should do it only if there's no @IFCFGDIR@/ifcfg-interface file.
+ If there is such file and you add interface to zone with this option, make sure the zone is the same in both cases, otherwise the behaviour would be undefined.
+ Please also have a look at the firewalld1 man page in the Concepts section.
+ For permanent association of interface with a zone, see also 'How to set or change a zone for a connection?' in firewalld.zones5.
+diff --git a/doc/xml/firewalld.xml b/doc/xml/firewalld.xml.in
+similarity index 98%
+rename from doc/xml/firewalld.xml
+rename to doc/xml/firewalld.xml.in
+index f14c3034..de802059 100644
+--- a/doc/xml/firewalld.xml
++++ b/doc/xml/firewalld.xml.in
+@@ -130,7 +130,7 @@
+
+
+ You can add these interfaces to a zone with firewall-cmd [--permanent] --zone=zone --add-interface=interface.
+- If there is a /etc/sysconfig/network-scripts/ifcfg-interface file, firewalld tries to change the ZONE=zone setting in this file.
++ If there is a @IFCFGDIR@/ifcfg-interface file, firewalld tries to change the ZONE=zone setting in this file.
+
+
+ If firewalld gets reloaded, it will restore the interface bindings that were in place before reloading to keep interface bindings stable in the case of NetworkManager uncontrolled interfaces.
+diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
+index a389c8bf..9262f075 100644
+--- a/src/firewall/config/__init__.py.in
++++ b/src/firewall/config/__init__.py.in
+@@ -88,7 +88,7 @@ FIREWALLD_DIRECT = ETC_FIREWALLD + '/direct.xml'
+ LOCKDOWN_WHITELIST = ETC_FIREWALLD + '/lockdown-whitelist.xml'
+
+ SYSCONFIGDIR = '/etc/sysconfig'
+-IFCFGDIR = SYSCONFIGDIR + '/network-scripts'
++IFCFGDIR = "@IFCFGDIR@"
+
+ SYSCTL_CONFIG = '/etc/sysctl.conf'
+
+diff --git a/src/firewall/core/fw_ifcfg.py b/src/firewall/core/fw_ifcfg.py
+index 0b049a64..b645ef37 100644
+--- a/src/firewall/core/fw_ifcfg.py
++++ b/src/firewall/core/fw_ifcfg.py
+@@ -36,13 +36,6 @@ def search_ifcfg_of_interface(interface):
+ if not os.path.exists(config.IFCFGDIR):
+ return None
+
+- filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface)
+- if os.path.exists(filename):
+- ifcfg_file = ifcfg(filename)
+- ifcfg_file.read()
+- if ifcfg_file.get("DEVICE") == interface:
+- return ifcfg_file
+-
+ for filename in sorted(os.listdir(config.IFCFGDIR)):
+ if not filename.startswith("ifcfg-"):
+ continue
+@@ -57,6 +50,13 @@ def search_ifcfg_of_interface(interface):
+ if ifcfg_file.get("DEVICE") == interface:
+ return ifcfg_file
+
++ # Wasn't found above, so assume filename matches the device we want
++ filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface)
++ if os.path.exists(filename):
++ ifcfg_file = ifcfg(filename)
++ ifcfg_file.read()
++ return ifcfg_file
++
+ return None
+
+ def ifcfg_set_zone_of_interface(zone, interface):
diff --git a/firewalld-0.4.4.5.tar.gz b/firewalld-0.4.4.5.tar.gz
deleted file mode 100644
index 08d74dd..0000000
--- a/firewalld-0.4.4.5.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:89419316e829a2cb086142acc4b1aeba45f20ecddf0ca236db5faf8ec8d12601
-size 1143500
diff --git a/firewalld-0.4.4.6.tar.gz b/firewalld-0.4.4.6.tar.gz
new file mode 100644
index 0000000..a37de7d
--- /dev/null
+++ b/firewalld-0.4.4.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a7bf9dd341f3f4c261fa8a8e217160ec815e9dbf32edc25aed44719a2273e94e
+size 1153574
diff --git a/firewalld.changes b/firewalld.changes
index 9a9efd8..8a71470 100644
--- a/firewalld.changes
+++ b/firewalld.changes
@@ -1,3 +1,47 @@
+-------------------------------------------------------------------
+Thu Nov 16 08:41:27 UTC 2017 - mchandras@suse.de
+
+- Add combined upstream patch to support SUSE ifcfg network files.
+ * 0001-suse-ifcfg-files.patch (gh#firewalld/firewalld#262, fate#323460)
+
+-------------------------------------------------------------------
+Wed Nov 15 12:36:09 UTC 2017 - mchandras@suse.de
+
+- Update to version 0.4.4.6
+ * firewall.core.fw_config: Fix check for icmp builtin name
+ * config.services: docker-swarm: fix incorrect attribute
+ * xmlschema/service.xsd: Fix protocol looking for name instead of value
+ * Add docker swarm service (gh#firewalld/firewalld#230)
+ * Adding FirewallD redis service (gh#firewalld/firewalld#248)
+ * Adding firewalld zabbix server and agent services (gh#firewalld/firewalld#221)
+ * firewall-offline-cmd: Don't require root for help output
+ * doc: firewall-cmd: Document --query-* options return codes
+ * firewall-cmd: Use colors only if output is a TTY
+ * core: Log unsupported ICMP types as informational only
+ * add bgp service to predefined services edit to config/Makefile.am
+ * Add git service
+ * Add kprop service
+ * minidlna definitions (gh#firewalld/firewalld#236)
+ * SpiderOak ONE listens on port 21327 and 21328
+ * autogen.sh: Allow skipping configure via NOCONFIGURE env var
+ * Add missing ports to RH-Satellite-6 service
+ * Reload nf_conntrack sysctls after the module is loaded
+ * Add NFSv3 service.
+ * config/Makefile.am: Add murmur service (a95eed1)
+ * add new service IRC
+ * firewall.core.prog: Simplify runProg output: Combine stderr and stdout
+ * firewall.core.fw: Fix possible dict size change in for loop
+ * firewall.core.fw: Use new firewalld git repo in firewalld organization
+ * config/firewall-config.appdata.xml.in: Use new firewalld git repo in firewalld organization
+ * firewall.core.fw_zone: Rich-rule ICMP type: Error only for conflicting family
+ * firewall.core.rich: Add checks for Rich_Source validation
+ * Handle also IPv6 with the zone masquerade flag
+ * Add IPv6 support for forward-ports in zones
+ * firewall.command: Enable parse_forward_port to work with IPv6 adresses
+ * firewall.core.fw_zone: Fix IPv6 address in rich rule forward ports
+ * add Murmur (Mumble server) service
+- spec file fixes to avoid rpmlint warnings about duplicate files.
+
-------------------------------------------------------------------
Wed Nov 8 17:25:40 UTC 2017 - mpluskal@suse.com
diff --git a/firewalld.spec b/firewalld.spec
index 156f810..886e17b 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -17,13 +17,16 @@
Name: firewalld
-Version: 0.4.4.5
+Version: 0.4.4.6
Release: 0
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
License: GPL-2.0+
Group: Productivity/Networking/Security
Url: http://www.firewalld.org
-Source: https://github.com/t-woerner/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+# PATCH-FIX-UPSTREAM: 0001-suse-ifcfg-files.patch. Combined patch to support ifcfg files on SUSE based on
+# https://github.com/firewalld/firewalld/pull/262
+Patch: 0001-suse-ifcfg-files.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: desktop-file-utils
@@ -32,12 +35,12 @@ BuildRequires: docbook-xsl-stylesheets
# even though it is probably unlikely for paths to change in the future
BuildRequires: ebtables
BuildRequires: gettext
-BuildRequires: ipset
-BuildRequires: iptables
BuildRequires: glib2-devel
BuildRequires: gobject-introspection
BuildRequires: hicolor-icon-theme
BuildRequires: intltool
+BuildRequires: ipset
+BuildRequires: iptables
BuildRequires: libxslt-tools
BuildRequires: python3-devel
BuildRequires: systemd-rpm-macros
@@ -87,13 +90,15 @@ firewalld.
%prep
%setup -q
+%patch -p1
%build
export PYTHON="python3"
./autogen.sh
%configure \
--enable-sysconfig \
- --enable-rpmmacros
+ --enable-rpmmacros \
+ --with-ifcfgdir="/etc/sysconfig/network"
# Normally documentation is shipped but this will ensure that missing
# files will be generated.
@@ -184,6 +189,8 @@ fi
%config %{_sysconfdir}/rpm/macros.firewalld
%dir %{_sysconfdir}/dbus-1
%dir %{_sysconfdir}/dbus-1/system.d
+%dir %{_sysconfdir}/modprobe.d
+%config(noreplace) %{_sysconfdir}/modprobe.d/firewalld-sysctls.conf
%dir %{_datadir}/firewalld/tests
%attr(0750,root,root) %{_datadir}/firewalld/tests/*.sh
%config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
@@ -198,16 +205,8 @@ fi
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf
%attr(0755,root,root) %dir %{python3_sitelib}/firewall
-%attr(0755,root,root) %dir %{python3_sitelib}/firewall/config
-%attr(0755,root,root) %dir %{python3_sitelib}/firewall/core
-%attr(0755,root,root) %dir %{python3_sitelib}/firewall/core/io
-%attr(0755,root,root) %dir %{python3_sitelib}/firewall/server
%{_datadir}/firewalld/__pycache__
%{python3_sitelib}/firewall/*
-%{python3_sitelib}/firewall/config/*
-%{python3_sitelib}/firewall/core/*
-%{python3_sitelib}/firewall/core/io/*
-%{python3_sitelib}/firewall/server/*
%{_mandir}/man1/firewall*cmd*.1*
%{_mandir}/man1/firewalld*.1*
%{_mandir}/man1/firewallctl*.1*