Accepting request 482972 from home:markoschandras:network

- Update to version 0.4.4.4 * Drop references to fedorahosted.org from spec file and Makefile.am * firewall-config: Show invalid ipset type in the ipset dialog in the bad label * firewall.core.fw: Show icmptypes and ipsets with type errors in permanent env * firewall.server.firewalld: Provide information about the supported icmp types * firewall.core.fw_icmptype: Add ICMP type only if the type is supported * firewall.core.fw: New attributes ip{4,6}tables_supported_icmp_types * firewall.core.ipXtables: New method supported_icmp_types * firewall-config: Deactivate edit buttons if there are no items * firewall.core.io.zone: Fix permanent rich rules using icmp-type (rh#1434594) * firewall.core.fw_ipset: get_ipset may not ckeck if set is applied by default * firewall.core.fw_transaction: Use LastUpdatedOrderedDict for zone transactions - Remove upstream patch: * 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch OBS-URL: https://build.opensuse.org/request/show/482972 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=41
2017-03-28 14:14:15 +00:00 · 2017-03-28 14:14:15 +00:00 · e355cbd81e
commit e355cbd81e
parent 625969cb4e
5 changed files with 26 additions and 105 deletions
--- a/0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch
+++ b/0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch
@ -1,97 +0,0 @@
 From 7e7be5658c2b1a8aa130480ad8e1a7314c83bba9 Mon Sep 17 00:00:00 2001
 From: Thomas Woerner <twoerner@redhat.com>
 Date: Wed, 15 Feb 2017 11:11:40 +0100
 Subject: [PATCH] firewall.core.fw_ipset: get_ipset may not ckeck if set is
 applied by default
 This breaks the ipset overloading from /etc/firewalld/ipsets.
 Fixes: #206
 ---
 src/firewall/core/fw_ipset.py | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)
 diff --git a/src/firewall/core/fw_ipset.py b/src/firewall/core/fw_ipset.py
 index bbbc8eb9..952d1226 100644
 --- a/src/firewall/core/fw_ipset.py
 +++ b/src/firewall/core/fw_ipset.py
@@ -55,10 +55,11 @@ class FirewallIPSet(object):
     def has_ipsets(self):
         return len(self._ipsets) > 0
 -    def get_ipset(self, name):
 +    def get_ipset(self, name, applied=False):
         self.check_ipset(name)
         obj = self._ipsets[name]
 -        self.check_applied_obj(obj)
 +        if applied:
 +            self.check_applied_obj(obj)
         return obj
     def _error2warning(self, f, name, *args):
@@ -141,11 +142,11 @@ class FirewallIPSet(object):
     # TYPE
     def get_type(self, name):
 -        return self.get_ipset(name).type
 +        return self.get_ipset(name, applied=True).type
     # DIMENSION
     def get_dimension(self, name):
 -        return len(self.get_ipset(name).type.split(","))
 +        return len(self.get_ipset(name, applied=True).type.split(","))
     # APPLIED
@@ -164,7 +165,7 @@ class FirewallIPSet(object):
     # OPTIONS
     def get_family(self, name):
 -        obj = self.get_ipset(name)
 +        obj = self.get_ipset(name, applied=True)
         if "family" in obj.options:
             if obj.options["family"] == "inet6":
                 return "ipv6"
@@ -179,7 +180,7 @@ class FirewallIPSet(object):
         pass
     def add_entry(self, name, entry):
 -        obj = self.get_ipset(name)
 +        obj = self.get_ipset(name, applied=True)
         if "timeout" in obj.options and obj.options["timeout"] != "0":
             # no entries visible for ipsets with timeout
             raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
@@ -201,7 +202,7 @@ class FirewallIPSet(object):
                 obj.entries.append(entry)
     def remove_entry(self, name, entry):
 -        obj = self.get_ipset(name)
 +        obj = self.get_ipset(name, applied=True)
         if "timeout" in obj.options and obj.options["timeout"] != "0":
             # no entries visible for ipsets with timeout
             raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
@@ -222,7 +223,7 @@ class FirewallIPSet(object):
                 obj.entries.remove(entry)
     def query_entry(self, name, entry):
 -        obj = self.get_ipset(name)
 +        obj = self.get_ipset(name, applied=True)
         if "timeout" in obj.options and obj.options["timeout"] != "0":
             # no entries visible for ipsets with timeout
             raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
@@ -230,11 +231,11 @@ class FirewallIPSet(object):
         return entry in obj.entries
     def get_entries(self, name):
 -        obj = self.get_ipset(name)
 +        obj = self.get_ipset(name, applied=True)
         return obj.entries
     def set_entries(self, name, entries):
 -        obj = self.get_ipset(name)
 +        obj = self.get_ipset(name, applied=True)
         if "timeout" in obj.options and obj.options["timeout"] != "0":
             # no entries visible for ipsets with timeout
             raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
 -- 
 2.11.0
--- a/firewalld-0.4.4.3.tar.bz2
+++ b/firewalld-0.4.4.3.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:4dbd99b0f6a29306dc6c48daba706fe598689e9e077b461c7a592366c6605d07
 size 713876
--- a/firewalld-0.4.4.4.tar.gz
+++ b/firewalld-0.4.4.4.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:8726bb7c15c180191b81764072041bebd371664fcbc25a0eafffc35c707b3df9
 size 1131295
--- a/firewalld.changes
+++ b/firewalld.changes
@ -1,3 +1,21 @@
 -------------------------------------------------------------------
 Mon Mar 27 22:27:20 UTC 2017 - mchandras@suse.de
 - Update to version 0.4.4.4
  * Drop references to fedorahosted.org from spec file and Makefile.am
  * firewall-config: Show invalid ipset type in the ipset dialog in the bad label
  * firewall.core.fw: Show icmptypes and ipsets with type errors in permanent env
  * firewall.server.firewalld: Provide information about the supported icmp types
  * firewall.core.fw_icmptype: Add ICMP type only if the type is supported
  * firewall.core.fw: New attributes ip{4,6}tables_supported_icmp_types
  * firewall.core.ipXtables: New method supported_icmp_types
  * firewall-config: Deactivate edit buttons if there are no items
  * firewall.core.io.zone: Fix permanent rich rules using icmp-type (rh#1434594)
  * firewall.core.fw_ipset: get_ipset may not ckeck if set is applied by default
  * firewall.core.fw_transaction: Use LastUpdatedOrderedDict for zone transactions
 - Remove upstream patch:
  * 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch 
 -------------------------------------------------------------------
 Mon Feb 13 16:20:27 UTC 2017 - mchandras@suse.de
--- a/firewalld.spec
+++ b/firewalld.spec
@ -17,15 +17,15 @@
 Name:           firewalld
-Version:        0.4.4.3
+Version:        0.4.4.4
 Release:        0
 Summary:        A firewall daemon with D-Bus interface providing a dynamic firewall
 License:        GPL-2.0+
 Group:          Productivity/Networking/Security
 Url:            http://www.firewalld.org
-Source:         https://fedorahosted.org/released/%{name}/%{name}-%{version}.tar.bz2
+Source:         https://github.com/t-woerner/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-# PATCH-FIX-UPSTREAM: 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch (gh#t-woerner/firewalld#206)
+BuildRequires:  autoconf
-Patch:          0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch
+BuildRequires:  automake
 BuildRequires:  desktop-file-utils
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  gettext
@ -86,7 +86,7 @@ firewalld.
 %prep
 %setup -q
-%patch -p1
+./autogen.sh
 %build
 %configure --enable-sysconfig --enable-rpmmacros