From e0d9ea19ffdf51863a3318070a988c3370eecf8831b205b04474eca90ac428ca Mon Sep 17 00:00:00 2001 From: Markos Chandras Date: Mon, 16 Apr 2018 08:13:42 +0000 Subject: [PATCH] Accepting request 595607 from home:markoschandras:network - Backport upstream patches to add additional services (bsc#1082033) * firewalld-add-additional-services.patch OBS-URL: https://build.opensuse.org/request/show/595607 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=65 --- firewalld-add-additional-services.patch | 308 ++++++++++++++++++++++++ firewalld.changes | 6 + firewalld.spec | 3 + 3 files changed, 317 insertions(+) create mode 100644 firewalld-add-additional-services.patch diff --git a/firewalld-add-additional-services.patch b/firewalld-add-additional-services.patch new file mode 100644 index 0000000..fc4986d --- /dev/null +++ b/firewalld-add-additional-services.patch @@ -0,0 +1,308 @@ +[mchandras]: Backport patch for additional firewalld services which +don't exist in stable-0.5 branch. This can be removed when +https://github.com/firewalld/firewalld/pull/313 is accepted + +diff --git a/config/Makefile.am b/config/Makefile.am +index c202d8fe..9c402329 100644 +--- a/config/Makefile.am ++++ b/config/Makefile.am +@@ -122,6 +122,9 @@ CONFIG_FILES = \ + ipsets/README \ + services/amanda-client.xml \ + services/amanda-k5-client.xml \ ++ services/amqp.xml \ ++ services/amqps.xml \ ++ services/apcupsd.xml \ + services/bacula-client.xml \ + services/bacula.xml \ + services/bgp.xml \ +@@ -137,11 +140,15 @@ CONFIG_FILES = \ + services/dhcpv6-client.xml \ + services/dhcpv6.xml \ + services/dhcp.xml \ ++ services/distcc.xml \ + services/dns.xml \ + services/docker-registry.xml \ + services/docker-swarm.xml \ + services/dropbox-lansync.xml \ + services/elasticsearch.xml \ ++ services/etcd-client.xml \ ++ services/etcd-server.xml \ ++ services/finger.xml \ + services/freeipa-ldaps.xml \ + services/freeipa-ldap.xml \ + services/freeipa-replication.xml \ +@@ -179,6 +186,8 @@ CONFIG_FILES = \ + services/mongodb.xml \ + services/mosh.xml \ + services/mountd.xml \ ++ services/mqtt.xml \ ++ services/mqtt-tls.xml \ + services/mssql.xml \ + services/ms-wbt.xml \ + services/murmur.xml \ +@@ -188,6 +197,7 @@ CONFIG_FILES = \ + services/nmea-0183.xml \ + services/nrpe.xml \ + services/ntp.xml \ ++ services/nut.xml \ + services/openvpn.xml \ + services/ovirt-imageio.xml \ + services/ovirt-storageconsole.xml \ +@@ -211,11 +221,13 @@ CONFIG_FILES = \ + services/rpc-bind.xml \ + services/rsh.xml \ + services/rsyncd.xml \ ++ services/salt-master.xml \ + services/samba-client.xml \ + services/samba.xml \ + services/sane.xml \ + services/sips.xml \ + services/sip.xml \ ++ services/slp.xml \ + services/smtp-submission.xml \ + services/smtps.xml \ + services/smtp.xml \ +@@ -224,6 +236,8 @@ CONFIG_FILES = \ + services/spideroak-lansync.xml \ + services/squid.xml \ + services/ssh.xml \ ++ services/svdrp.xml \ ++ services/svn.xml \ + services/syncthing.xml \ + services/syncthing-gui.xml \ + services/synergy.xml \ +@@ -238,7 +252,11 @@ CONFIG_FILES = \ + services/upnp-client.xml \ + services/vdsm.xml \ + services/vnc-server.xml \ ++ services/wbem-http.xml \ + services/wbem-https.xml \ ++ services/wsman.xml \ ++ services/wsmans.xml \ ++ services/xdmcp.xml \ + services/xmpp-bosh.xml \ + services/xmpp-client.xml \ + services/xmpp-local.xml \ +diff --git a/config/services/amqp.xml b/config/services/amqp.xml +new file mode 100644 +index 00000000..b9501d9e +--- /dev/null ++++ b/config/services/amqp.xml +@@ -0,0 +1,6 @@ ++ ++ ++ amqp ++ The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for message-oriented middleware. ++ ++ +diff --git a/config/services/amqps.xml b/config/services/amqps.xml +new file mode 100644 +index 00000000..02bdae52 +--- /dev/null ++++ b/config/services/amqps.xml +@@ -0,0 +1,6 @@ ++ ++ ++ amqps ++ The Advanced Message Queuing Protocol (AMQP) over SSL is an open standard application layer protocol for message-oriented middleware. ++ ++ +diff --git a/config/services/apcupsd.xml b/config/services/apcupsd.xml +new file mode 100644 +index 00000000..fac9955c +--- /dev/null ++++ b/config/services/apcupsd.xml +@@ -0,0 +1,6 @@ ++ ++ ++ apcupsd ++ The American Power Conversion (APC) uninterruptible power supply (UPS) daemon protocol allows to monitor and control APC UPS devices. ++ ++ +diff --git a/config/services/distcc.xml b/config/services/distcc.xml +new file mode 100644 +index 00000000..f7b52ec8 +--- /dev/null ++++ b/config/services/distcc.xml +@@ -0,0 +1,6 @@ ++ ++ ++ distcc ++ Distcc is a protocol used for distributed compilation. ++ ++ +diff --git a/config/services/etcd-client.xml b/config/services/etcd-client.xml +new file mode 100644 +index 00000000..f0fb22af +--- /dev/null ++++ b/config/services/etcd-client.xml +@@ -0,0 +1,6 @@ ++ ++ ++ etcd Client ++ etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the client side port. ++ ++ +diff --git a/config/services/etcd-server.xml b/config/services/etcd-server.xml +new file mode 100644 +index 00000000..11688818 +--- /dev/null ++++ b/config/services/etcd-server.xml +@@ -0,0 +1,6 @@ ++ ++ ++ etcd Server ++ etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the server side port. ++ ++ +diff --git a/config/services/finger.xml b/config/services/finger.xml +new file mode 100644 +index 00000000..f42895f6 +--- /dev/null ++++ b/config/services/finger.xml +@@ -0,0 +1,6 @@ ++ ++ ++ finger ++ Finger is a protocol for obtaining information about users on remote hosts. ++ ++ +diff --git a/config/services/mqtt-tls.xml b/config/services/mqtt-tls.xml +new file mode 100644 +index 00000000..403455ae +--- /dev/null ++++ b/config/services/mqtt-tls.xml +@@ -0,0 +1,6 @@ ++ ++ ++ mqtt-tls ++ The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol uses TLS encryption. ++ ++ +diff --git a/config/services/mqtt.xml b/config/services/mqtt.xml +new file mode 100644 +index 00000000..ad262cbf +--- /dev/null ++++ b/config/services/mqtt.xml +@@ -0,0 +1,6 @@ ++ ++ ++ mqtt ++ The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol is unencrypted. ++ ++ +diff --git a/config/services/nut.xml b/config/services/nut.xml +new file mode 100644 +index 00000000..6e66d735 +--- /dev/null ++++ b/config/services/nut.xml +@@ -0,0 +1,7 @@ ++ ++ ++ NUT ++ Network UPS Tools (NUT) is a protocol that allows to monitor and control power devices like uninterruptible power supplies. ++ ++ ++ +diff --git a/config/services/salt-master.xml b/config/services/salt-master.xml +new file mode 100644 +index 00000000..799420e3 +--- /dev/null ++++ b/config/services/salt-master.xml +@@ -0,0 +1,7 @@ ++ ++ ++ Salt Master ++ Salt is a protocol used for infrastructure management via a dynamic communication bus. These ports are required on the salt master node. ++ ++ ++ +diff --git a/config/services/slp.xml b/config/services/slp.xml +new file mode 100644 +index 00000000..da60c651 +--- /dev/null ++++ b/config/services/slp.xml +@@ -0,0 +1,7 @@ ++ ++ ++ SLP ++ The Service Location Protocol (SLP) is used for discovering services in a local network without prior configuration. ++ ++ ++ +diff --git a/config/services/svdrp.xml b/config/services/svdrp.xml +new file mode 100644 +index 00000000..4462ebb0 +--- /dev/null ++++ b/config/services/svdrp.xml +@@ -0,0 +1,7 @@ ++ ++ ++ SVDRP ++ The Simple Video Disk Recorder Protocol (SVDRP) allows to control video disk recorder functionality. ++ ++ ++ +diff --git a/config/services/svn.xml b/config/services/svn.xml +new file mode 100644 +index 00000000..bdc6bf94 +--- /dev/null ++++ b/config/services/svn.xml +@@ -0,0 +1,6 @@ ++ ++ ++ Subversion ++ The custom, unencrypted protocol used the Subversion Version Control System. ++ ++ +diff --git a/config/services/wbem-http.xml b/config/services/wbem-http.xml +new file mode 100644 +index 00000000..4283854e +--- /dev/null ++++ b/config/services/wbem-http.xml +@@ -0,0 +1,7 @@ ++ ++ ++ wbem-http ++ Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments. This is the unencrypted protocol variant. ++ ++ ++ +diff --git a/config/services/wsman.xml b/config/services/wsman.xml +new file mode 100644 +index 00000000..fcb55570 +--- /dev/null ++++ b/config/services/wsman.xml +@@ -0,0 +1,6 @@ ++ ++ ++ wsman ++ Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol is unencrypted ++ ++ +diff --git a/config/services/wsmans.xml b/config/services/wsmans.xml +new file mode 100644 +index 00000000..8f2971b7 +--- /dev/null ++++ b/config/services/wsmans.xml +@@ -0,0 +1,6 @@ ++ ++ ++ wsmans ++ Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol uses TLS encryption. ++ ++ +diff --git a/config/services/xdmcp.xml b/config/services/xdmcp.xml +new file mode 100644 +index 00000000..5610e053 +--- /dev/null ++++ b/config/services/xdmcp.xml +@@ -0,0 +1,7 @@ ++ ++ ++ XDMCP ++ The X Display Manager Control Protocol (XDMCP) allows to remotely log in to an X desktop environment from any X Window System compatible client. ++ ++ ++ diff --git a/firewalld.changes b/firewalld.changes index f04c0f9..b6186c8 100644 --- a/firewalld.changes +++ b/firewalld.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Mar 16 07:58:50 UTC 2018 - mchandras@suse.de + +- Backport upstream patches to add additional services (bsc#1082033) + * firewalld-add-additional-services.patch + ------------------------------------------------------------------- Tue Mar 13 18:44:11 UTC 2018 - mchandras@suse.de diff --git a/firewalld.spec b/firewalld.spec index eb983d3..a5632d5 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -29,6 +29,8 @@ License: GPL-2.0-or-later Group: Productivity/Networking/Security Url: http://www.firewalld.org Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +# PATCH-FIX-SUSE: firewalld-add-additional-services.patch - https://github.com/firewalld/firewalld/pull/313 +Patch0: firewalld-add-additional-services.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: desktop-file-utils @@ -109,6 +111,7 @@ firewalld. %prep %setup -q +%patch0 -p1 # bsc#1078223 rm config/services/high-availability.xml