From 0d9fd449260b19841d2a35317e7741c13316706ae77f8dba7eeec90ff6b558f1 Mon Sep 17 00:00:00 2001 From: Markos Chandras Date: Wed, 1 Jun 2016 10:15:39 +0000 Subject: [PATCH] Accepting request 399135 from home:markoschandras:network - Update to version 0.4.2 * New module to search for and change ifcfg files for interfaces not under control of NM * firewall_config: Enhanced messages in status bar * firewall-config: New message window as overlay if not connected * firewall-config: Fix sentivity of option, view menus and main paned if not connected * firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls, some cleanup * firewall-[offline]cmd: Show target in zone information * D-Bus: Completed masquerade methods in FirewallClientZoneSettings * Fixed log-denied rules for icmp-blocks * Keep sorting of interfaces, services, icmp-blocks and other settings in zones * Fixed runtime-to-permanent not to save interfaces under control of NM * New icmp-block-inversion flag in the zones * ICMP type filtering in the zones * New services: sip, sips, managesieve * rich rules: Allow destination action (RHBZ#1163428) * firewall-offline-cmd: New option -q/--quiet * firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file * firewall-[offline-]cmd: Fix option for setting the destination address * firewall-config: Fixed resizing behaviour * New transaction model for speed ups in start, restart, stop and other actions * firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults * Fixed memory leak in dbus_introspection_add_properties * Landscape.io fixes, pylint calm downs OBS-URL: https://build.opensuse.org/request/show/399135 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=17 --- ...l-core-Drop-unneeded-python-shebangs.patch | 40 ++++++++++++++ ..._ifcfg-Quickly-return-if-ifcfg-direc.patch | 35 ++++++++++++ _service | 4 +- drop-standard-output-error-systemd.patch | 31 ----------- firewalld-0.4.1.2.tar.bz2 | 3 - firewalld-0.4.2.tar.bz2 | 3 + firewalld.changes | 55 +++++++++++++++++++ firewalld.spec | 19 ++++--- 8 files changed, 146 insertions(+), 44 deletions(-) create mode 100644 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch create mode 100644 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch delete mode 100644 drop-standard-output-error-systemd.patch delete mode 100644 firewalld-0.4.1.2.tar.bz2 create mode 100644 firewalld-0.4.2.tar.bz2 diff --git a/0001-src-firewall-core-Drop-unneeded-python-shebangs.patch b/0001-src-firewall-core-Drop-unneeded-python-shebangs.patch new file mode 100644 index 0000000..6a7debe --- /dev/null +++ b/0001-src-firewall-core-Drop-unneeded-python-shebangs.patch @@ -0,0 +1,40 @@ +From 705742816112dffefd3233f2c8dda7c845c6e8b3 Mon Sep 17 00:00:00 2001 +From: Markos Chandras +Date: Tue, 31 May 2016 10:08:28 +0100 +Subject: [PATCH] src: firewall: core: Drop unneeded python shebangs + +The fw_ifcfg and fw_nm files are not supposed to be executed as +standalone files but rather imported by the main firewalld code so drop +the python shebangs. This also fixes a warning when building firewalld +in openSUSE OBS: + +firewalld.noarch: W: non-executable-script +/usr/lib/python2.7/site-packages/firewall/core/fw_nm.py 644 /usr/bin/python +firewalld.noarch: W: non-executable-script +/usr/lib/python2.7/site-packages/firewall/core/fw_ifcfg.py 644 /usr/bin/python +--- + src/firewall/core/fw_ifcfg.py | 1 - + src/firewall/core/fw_nm.py | 1 - + 2 files changed, 2 deletions(-) + +diff --git a/src/firewall/core/fw_ifcfg.py b/src/firewall/core/fw_ifcfg.py +index 442a6cc..33794a7 100644 +--- a/src/firewall/core/fw_ifcfg.py ++++ b/src/firewall/core/fw_ifcfg.py +@@ -1,4 +1,3 @@ +-#!/usr/bin/python + # -*- coding: utf-8 -*- + # + # Copyright (C) 2010-2016 Red Hat, Inc. +diff --git a/src/firewall/core/fw_nm.py b/src/firewall/core/fw_nm.py +index 38ef8fd..3df94c4 100644 +--- a/src/firewall/core/fw_nm.py ++++ b/src/firewall/core/fw_nm.py +@@ -1,4 +1,3 @@ +-#!/usr/bin/python + # -*- coding: utf-8 -*- + # + # Copyright (C) 2010-2016 Red Hat, Inc. +-- +2.8.3 + diff --git a/0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch b/0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch new file mode 100644 index 0000000..05ce74a --- /dev/null +++ b/0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch @@ -0,0 +1,35 @@ +From 9ed2c18357d45f8ec1f11723a1d98377387c1039 Mon Sep 17 00:00:00 2001 +From: Markos Chandras +Date: Tue, 31 May 2016 11:14:06 +0100 +Subject: [PATCH] firewall: core: fw_ifcfg: Quickly return if ifcfg directory + does not exist + +It's possible for the ifcfg directory to be missing or named differently +so do not try to access it if it does not exist. This avoid warnings +during firewalld start up like the following one: + +ERROR: Calling post func (('', 'enp3s0')) failed: [Errno 2] No such file or +directory: '/etc/sysconfig/network-scripts' +--- + src/firewall/core/fw_ifcfg.py | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/firewall/core/fw_ifcfg.py b/src/firewall/core/fw_ifcfg.py +index 33794a7..0b049a6 100644 +--- a/src/firewall/core/fw_ifcfg.py ++++ b/src/firewall/core/fw_ifcfg.py +@@ -32,6 +32,10 @@ from firewall.core.io.ifcfg import ifcfg + def search_ifcfg_of_interface(interface): + """search ifcfg file for the interface in config.IFCFGDIR""" + ++ # Return quickly if config.IFCFGDIR does not exist ++ if not os.path.exists(config.IFCFGDIR): ++ return None ++ + filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface) + if os.path.exists(filename): + ifcfg_file = ifcfg(filename) +-- +2.8.3 + diff --git a/_service b/_service index b6d5868..518c23a 100644 --- a/_service +++ b/_service @@ -1,7 +1,7 @@ - firewalld-0.4.1.2.tar.bz2 + firewalld-0.4.2.tar.bz2 sha1 - c7f3d04bd115b9a56a95fc7aee1a6d10559d2690 + d730129f592059ee97fc158861b44f8e7b201027 diff --git a/drop-standard-output-error-systemd.patch b/drop-standard-output-error-systemd.patch deleted file mode 100644 index ec77a41..0000000 --- a/drop-standard-output-error-systemd.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 497bb64353948ee18e402bcb00265708e0877ac0 Mon Sep 17 00:00:00 2001 -From: Markos Chandras -Date: Tue, 12 Jan 2016 11:47:45 +0000 -Subject: [PATCH] config: firewalld.service: Drop Standard{Output,Error} - -Drop the Standard{Output,Error}=null options so we can use the system -logger to find out what firewalld is doing. It also helps when using ---debug in /etc/sysconfig/firewalld as well ---- -Upstream PR: https://github.com/t-woerner/firewalld/pull/67 ---- - config/firewalld.service.in | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/config/firewalld.service.in b/config/firewalld.service.in -index 08afe5b..3918835 100644 ---- a/config/firewalld.service.in -+++ b/config/firewalld.service.in -@@ -9,9 +9,6 @@ Conflicts=iptables.service ip6tables.service ebtables.service ipset.service - EnvironmentFile=-/etc/sysconfig/firewalld - ExecStart=@sbindir@/firewalld --nofork --nopid $FIREWALLD_ARGS - ExecReload=/bin/kill -HUP $MAINPID --# supress to log debug and error output also to /var/log/messages --StandardOutput=null --StandardError=null - Type=dbus - BusName=org.fedoraproject.FirewallD1 - --- -2.6.2 - diff --git a/firewalld-0.4.1.2.tar.bz2 b/firewalld-0.4.1.2.tar.bz2 deleted file mode 100644 index 13ea292..0000000 --- a/firewalld-0.4.1.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c444c2d9dfbd4036e3a5508824655d729acd6fb633d90cc0e99903d53b6654fa -size 604940 diff --git a/firewalld-0.4.2.tar.bz2 b/firewalld-0.4.2.tar.bz2 new file mode 100644 index 0000000..f30dd43 --- /dev/null +++ b/firewalld-0.4.2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:329e44b7d8de2400222d602d6c87c368865531ffe4004c392803dbe55717068e +size 649581 diff --git a/firewalld.changes b/firewalld.changes index 00a1c2d..d9d33cb 100644 --- a/firewalld.changes +++ b/firewalld.changes @@ -1,3 +1,58 @@ +------------------------------------------------------------------- +Tue May 31 08:30:44 UTC 2016 - mchandras@suse.de + +- Update to version 0.4.2 + * New module to search for and change ifcfg files for interfaces + not under control of NM + * firewall_config: Enhanced messages in status bar + * firewall-config: New message window as overlay if not connected + * firewall-config: Fix sentivity of option, view menus and main + paned if not connected + * firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls, + some cleanup + * firewall-[offline]cmd: Show target in zone information + * D-Bus: Completed masquerade methods in FirewallClientZoneSettings + * Fixed log-denied rules for icmp-blocks + * Keep sorting of interfaces, services, icmp-blocks and other + settings in zones + * Fixed runtime-to-permanent not to save interfaces under control + of NM + * New icmp-block-inversion flag in the zones + * ICMP type filtering in the zones + * New services: sip, sips, managesieve + * rich rules: Allow destination action (RHBZ#1163428) + * firewall-offline-cmd: New option -q/--quiet + * firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file + * firewall-[offline-]cmd: Fix option for setting the destination + address + * firewall-config: Fixed resizing behaviour + * New transaction model for speed ups in start, restart, stop and + other actions + * firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults + * Fixed memory leak in dbus_introspection_add_properties + * Landscape.io fixes, pylint calm downs + * New D-Bus getXnames methods to speed up firewall-config and firewall-cmd + * ebtables-restore: No support for COMMIT command + * Source port support in services, zones and rich rules + * firewall-offline-cmd: Added --{add,remove}-entries-from-file for ipsets + * firewall-config: New active bindings side bar for simple binding changes + * Reworked NetworkManager module + * Proper default zone handling for NM connections + * Try to set zone binding with NM if interface is under control of NM + * Code cleanup and bug fixes + * Include test suite in the release and install in /usr/share/firewalld/tests + * New Travis-CI configuration file + * Fixed more broken frensh translations + * Translation updates +- Add upstream patches + * 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch: Removes + unneeded python shebangs + * 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch: Do + not try to access the network-scripts ifcfg directory. +- Drop rejected patch + * drop-standard-output-error-systemd.patch +- Minor spec file clean-up + ------------------------------------------------------------------- Fri May 6 20:56:42 UTC 2016 - jengelh@inai.de diff --git a/firewalld.spec b/firewalld.spec index 201a94a..c8218b0 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -17,17 +17,19 @@ Name: firewalld -Version: 0.4.1.2 +Version: 0.4.2 Release: 0 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall License: GPL-2.0+ Group: Productivity/Networking/Security Url: http://www.firewalld.org Source: https://fedorahosted.org/released/%{name}/%{name}-%{version}.tar.bz2 -# PATCH-FIX-OPENSUSE: drop-standard-output-error-systemd.patch, -# https://github.com/t-woerner/firewalld/pull/67(pending) -- Do not supress -# stdout/stderr for firewalld -Patch0: drop-standard-output-error-systemd.patch +# PATCH-FIX-UPSTREAM: 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch +# Drop python shebangs +Patch0: 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch +# PATCH-FIX-UPSTREAM: 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch +# Do not access the ifcfg directory if it does not exist +Patch1: 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch BuildRequires: desktop-file-utils BuildRequires: docbook-xsl-stylesheets BuildRequires: gettext @@ -54,9 +56,7 @@ Requires(post): %fillup_prereq Recommends: %{name}-lang Suggests: susefirewall2-to-firewalld BuildArch: noarch -%if 0%{?suse_version} >= 1210 BuildRequires: systemd-rpm-macros -%endif %description firewalld is a firewall service daemon that provides a dynamic customizable @@ -91,6 +91,7 @@ firewalld. %prep %setup -q %patch0 -p1 +%patch1 -p1 %build %configure --enable-sysconfig --enable-rpmmacros @@ -182,7 +183,7 @@ fi %{_libexecdir}/firewalld/services/*.xml %{_libexecdir}/firewalld/zones/*.xml %{_datadir}/polkit-1 -%{_sysconfdir}/rpm/macros.firewalld +%config %{_sysconfdir}/rpm/macros.firewalld %dir %{_sysconfdir}/dbus-1 %dir %{_sysconfdir}/dbus-1/system.d %attr(0750,root,root) %dir %{_libexecdir}/firewalld @@ -192,6 +193,7 @@ fi %attr(0750,root,root) %dir %{_libexecdir}/firewalld/services %attr(0750,root,root) %dir %{_libexecdir}/firewalld/zones %attr(0750,root,root) %dir %{_sysconfdir}/firewalld +%attr(0750,root,root) %{_datadir}/firewalld/tests %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf %config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes @@ -230,6 +232,7 @@ fi %attr(0755,root,root) %{_bindir}/firewall-config %{_datadir}/firewalld/firewall-config.glade %attr(0755,root,root) %{_datadir}/firewalld/gtk3_chooserbutton.py* +%attr(0755,root,root) %{_datadir}/firewalld/gtk3_niceexpander.py* %{_datadir}/applications/firewall-config.desktop %dir %{_datadir}/appdata %{_datadir}/appdata/firewall-config.appdata.xml