From e355cbd81ed5b944fc114a3c230ddeb60bc0cc8f830a27067efd2ddd402ce8d5 Mon Sep 17 00:00:00 2001 From: Markos Chandras Date: Tue, 28 Mar 2017 14:14:15 +0000 Subject: [PATCH] Accepting request 482972 from home:markoschandras:network - Update to version 0.4.4.4 * Drop references to fedorahosted.org from spec file and Makefile.am * firewall-config: Show invalid ipset type in the ipset dialog in the bad label * firewall.core.fw: Show icmptypes and ipsets with type errors in permanent env * firewall.server.firewalld: Provide information about the supported icmp types * firewall.core.fw_icmptype: Add ICMP type only if the type is supported * firewall.core.fw: New attributes ip{4,6}tables_supported_icmp_types * firewall.core.ipXtables: New method supported_icmp_types * firewall-config: Deactivate edit buttons if there are no items * firewall.core.io.zone: Fix permanent rich rules using icmp-type (rh#1434594) * firewall.core.fw_ipset: get_ipset may not ckeck if set is applied by default * firewall.core.fw_transaction: Use LastUpdatedOrderedDict for zone transactions - Remove upstream patch: * 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch OBS-URL: https://build.opensuse.org/request/show/482972 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=41 --- ..._ipset-get_ipset-may-not-ckeck-if-se.patch | 97 ------------------- firewalld-0.4.4.3.tar.bz2 | 3 - firewalld-0.4.4.4.tar.gz | 3 + firewalld.changes | 18 ++++ firewalld.spec | 10 +- 5 files changed, 26 insertions(+), 105 deletions(-) delete mode 100644 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch delete mode 100644 firewalld-0.4.4.3.tar.bz2 create mode 100644 firewalld-0.4.4.4.tar.gz diff --git a/0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch b/0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch deleted file mode 100644 index 0c892f8..0000000 --- a/0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 7e7be5658c2b1a8aa130480ad8e1a7314c83bba9 Mon Sep 17 00:00:00 2001 -From: Thomas Woerner -Date: Wed, 15 Feb 2017 11:11:40 +0100 -Subject: [PATCH] firewall.core.fw_ipset: get_ipset may not ckeck if set is - applied by default - -This breaks the ipset overloading from /etc/firewalld/ipsets. -Fixes: #206 ---- - src/firewall/core/fw_ipset.py | 21 +++++++++++---------- - 1 file changed, 11 insertions(+), 10 deletions(-) - -diff --git a/src/firewall/core/fw_ipset.py b/src/firewall/core/fw_ipset.py -index bbbc8eb9..952d1226 100644 ---- a/src/firewall/core/fw_ipset.py -+++ b/src/firewall/core/fw_ipset.py -@@ -55,10 +55,11 @@ class FirewallIPSet(object): - def has_ipsets(self): - return len(self._ipsets) > 0 - -- def get_ipset(self, name): -+ def get_ipset(self, name, applied=False): - self.check_ipset(name) - obj = self._ipsets[name] -- self.check_applied_obj(obj) -+ if applied: -+ self.check_applied_obj(obj) - return obj - - def _error2warning(self, f, name, *args): -@@ -141,11 +142,11 @@ class FirewallIPSet(object): - # TYPE - - def get_type(self, name): -- return self.get_ipset(name).type -+ return self.get_ipset(name, applied=True).type - - # DIMENSION - def get_dimension(self, name): -- return len(self.get_ipset(name).type.split(",")) -+ return len(self.get_ipset(name, applied=True).type.split(",")) - - # APPLIED - -@@ -164,7 +165,7 @@ class FirewallIPSet(object): - # OPTIONS - - def get_family(self, name): -- obj = self.get_ipset(name) -+ obj = self.get_ipset(name, applied=True) - if "family" in obj.options: - if obj.options["family"] == "inet6": - return "ipv6" -@@ -179,7 +180,7 @@ class FirewallIPSet(object): - pass - - def add_entry(self, name, entry): -- obj = self.get_ipset(name) -+ obj = self.get_ipset(name, applied=True) - if "timeout" in obj.options and obj.options["timeout"] != "0": - # no entries visible for ipsets with timeout - raise FirewallError(errors.IPSET_WITH_TIMEOUT, name) -@@ -201,7 +202,7 @@ class FirewallIPSet(object): - obj.entries.append(entry) - - def remove_entry(self, name, entry): -- obj = self.get_ipset(name) -+ obj = self.get_ipset(name, applied=True) - if "timeout" in obj.options and obj.options["timeout"] != "0": - # no entries visible for ipsets with timeout - raise FirewallError(errors.IPSET_WITH_TIMEOUT, name) -@@ -222,7 +223,7 @@ class FirewallIPSet(object): - obj.entries.remove(entry) - - def query_entry(self, name, entry): -- obj = self.get_ipset(name) -+ obj = self.get_ipset(name, applied=True) - if "timeout" in obj.options and obj.options["timeout"] != "0": - # no entries visible for ipsets with timeout - raise FirewallError(errors.IPSET_WITH_TIMEOUT, name) -@@ -230,11 +231,11 @@ class FirewallIPSet(object): - return entry in obj.entries - - def get_entries(self, name): -- obj = self.get_ipset(name) -+ obj = self.get_ipset(name, applied=True) - return obj.entries - - def set_entries(self, name, entries): -- obj = self.get_ipset(name) -+ obj = self.get_ipset(name, applied=True) - if "timeout" in obj.options and obj.options["timeout"] != "0": - # no entries visible for ipsets with timeout - raise FirewallError(errors.IPSET_WITH_TIMEOUT, name) --- -2.11.0 - diff --git a/firewalld-0.4.4.3.tar.bz2 b/firewalld-0.4.4.3.tar.bz2 deleted file mode 100644 index 1d96492..0000000 --- a/firewalld-0.4.4.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4dbd99b0f6a29306dc6c48daba706fe598689e9e077b461c7a592366c6605d07 -size 713876 diff --git a/firewalld-0.4.4.4.tar.gz b/firewalld-0.4.4.4.tar.gz new file mode 100644 index 0000000..1ba40c7 --- /dev/null +++ b/firewalld-0.4.4.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8726bb7c15c180191b81764072041bebd371664fcbc25a0eafffc35c707b3df9 +size 1131295 diff --git a/firewalld.changes b/firewalld.changes index c29ac4d..d4b7815 100644 --- a/firewalld.changes +++ b/firewalld.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Mon Mar 27 22:27:20 UTC 2017 - mchandras@suse.de + +- Update to version 0.4.4.4 + * Drop references to fedorahosted.org from spec file and Makefile.am + * firewall-config: Show invalid ipset type in the ipset dialog in the bad label + * firewall.core.fw: Show icmptypes and ipsets with type errors in permanent env + * firewall.server.firewalld: Provide information about the supported icmp types + * firewall.core.fw_icmptype: Add ICMP type only if the type is supported + * firewall.core.fw: New attributes ip{4,6}tables_supported_icmp_types + * firewall.core.ipXtables: New method supported_icmp_types + * firewall-config: Deactivate edit buttons if there are no items + * firewall.core.io.zone: Fix permanent rich rules using icmp-type (rh#1434594) + * firewall.core.fw_ipset: get_ipset may not ckeck if set is applied by default + * firewall.core.fw_transaction: Use LastUpdatedOrderedDict for zone transactions +- Remove upstream patch: + * 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch + ------------------------------------------------------------------- Mon Feb 13 16:20:27 UTC 2017 - mchandras@suse.de diff --git a/firewalld.spec b/firewalld.spec index 45502c6..c0553f5 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -17,15 +17,15 @@ Name: firewalld -Version: 0.4.4.3 +Version: 0.4.4.4 Release: 0 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall License: GPL-2.0+ Group: Productivity/Networking/Security Url: http://www.firewalld.org -Source: https://fedorahosted.org/released/%{name}/%{name}-%{version}.tar.bz2 -# PATCH-FIX-UPSTREAM: 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch (gh#t-woerner/firewalld#206) -Patch: 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch +Source: https://github.com/t-woerner/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +BuildRequires: autoconf +BuildRequires: automake BuildRequires: desktop-file-utils BuildRequires: docbook-xsl-stylesheets BuildRequires: gettext @@ -86,7 +86,7 @@ firewalld. %prep %setup -q -%patch -p1 +./autogen.sh %build %configure --enable-sysconfig --enable-rpmmacros