Accepting request 399451 from security:netfilter

1

OBS-URL: https://build.opensuse.org/request/show/399451
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=7

0001-src-firewall-core-Drop-unneeded-python-shebangs.patch

@@ -0,0 +1,40 @@
+From 705742816112dffefd3233f2c8dda7c845c6e8b3 Mon Sep 17 00:00:00 2001
+From: Markos Chandras <mchandras@suse.de>
+Date: Tue, 31 May 2016 10:08:28 +0100
+Subject: [PATCH] src: firewall: core: Drop unneeded python shebangs
+
+The fw_ifcfg and fw_nm files are not supposed to be executed as
+standalone files but rather imported by the main firewalld code so drop
+the python shebangs. This also fixes a warning when building firewalld
+in openSUSE OBS:
+
+firewalld.noarch: W: non-executable-script
+/usr/lib/python2.7/site-packages/firewall/core/fw_nm.py 644 /usr/bin/python
+firewalld.noarch: W: non-executable-script
+/usr/lib/python2.7/site-packages/firewall/core/fw_ifcfg.py 644 /usr/bin/python
+---
+ src/firewall/core/fw_ifcfg.py | 1 -
+ src/firewall/core/fw_nm.py    | 1 -
+ 2 files changed, 2 deletions(-)
+
+diff --git a/src/firewall/core/fw_ifcfg.py b/src/firewall/core/fw_ifcfg.py
+index 442a6cc..33794a7 100644
+--- a/src/firewall/core/fw_ifcfg.py
++++ b/src/firewall/core/fw_ifcfg.py
+@@ -1,4 +1,3 @@
+-#!/usr/bin/python
+ # -*- coding: utf-8 -*-
+ #
+ # Copyright (C) 2010-2016 Red Hat, Inc.
+diff --git a/src/firewall/core/fw_nm.py b/src/firewall/core/fw_nm.py
+index 38ef8fd..3df94c4 100644
+--- a/src/firewall/core/fw_nm.py
++++ b/src/firewall/core/fw_nm.py
+@@ -1,4 +1,3 @@
+-#!/usr/bin/python
+ # -*- coding: utf-8 -*-
+ #
+ # Copyright (C) 2010-2016 Red Hat, Inc.
+-- 
+2.8.3
+

0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch

@@ -0,0 +1,35 @@
+From 9ed2c18357d45f8ec1f11723a1d98377387c1039 Mon Sep 17 00:00:00 2001
+From: Markos Chandras <mchandras@suse.de>
+Date: Tue, 31 May 2016 11:14:06 +0100
+Subject: [PATCH] firewall: core: fw_ifcfg: Quickly return if ifcfg directory
+ does not exist
+
+It's possible for the ifcfg directory to be missing or named differently
+so do not try to access it if it does not exist. This avoid warnings
+during firewalld start up like the following one:
+
+ERROR: Calling post func <function ifcfg_set_zone_of_interface at
+0x7fb2f0d4fc80> (('', 'enp3s0')) failed: [Errno 2] No such file or
+directory: '/etc/sysconfig/network-scripts'
+---
+ src/firewall/core/fw_ifcfg.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/firewall/core/fw_ifcfg.py b/src/firewall/core/fw_ifcfg.py
+index 33794a7..0b049a6 100644
+--- a/src/firewall/core/fw_ifcfg.py
++++ b/src/firewall/core/fw_ifcfg.py
+@@ -32,6 +32,10 @@ from firewall.core.io.ifcfg import ifcfg
+ def search_ifcfg_of_interface(interface):
+     """search ifcfg file for the interface in config.IFCFGDIR"""
+ 
++    # Return quickly if config.IFCFGDIR does not exist
++    if not os.path.exists(config.IFCFGDIR):
++        return None
++
+     filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface)
+     if os.path.exists(filename):
+         ifcfg_file = ifcfg(filename)
+-- 
+2.8.3
+

_service

@@ -1,7 +1,7 @@
 <services>
  <service name="verify_file" mode="localonly">
-  <param name="file">firewalld-0.4.1.2.tar.bz2</param>
+  <param name="file">firewalld-0.4.2.tar.bz2</param>
   <param name="verifier">sha1</param>
-  <param name="checksum">c7f3d04bd115b9a56a95fc7aee1a6d10559d2690</param>
+  <param name="checksum">d730129f592059ee97fc158861b44f8e7b201027</param>
  </service>
 </services>

drop-standard-output-error-systemd.patch

@@ -1,31 +0,0 @@
-From 497bb64353948ee18e402bcb00265708e0877ac0 Mon Sep 17 00:00:00 2001
-From: Markos Chandras <mchandras@suse.de>
-Date: Tue, 12 Jan 2016 11:47:45 +0000
-Subject: [PATCH] config: firewalld.service: Drop Standard{Output,Error}
-
-Drop the Standard{Output,Error}=null options so we can use the system
-logger to find out what firewalld is doing. It also helps when using
---debug in /etc/sysconfig/firewalld as well
----
-Upstream PR: https://github.com/t-woerner/firewalld/pull/67
----
- config/firewalld.service.in | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/config/firewalld.service.in b/config/firewalld.service.in
-index 08afe5b..3918835 100644
---- a/config/firewalld.service.in
-+++ b/config/firewalld.service.in
-@@ -9,9 +9,6 @@ Conflicts=iptables.service ip6tables.service ebtables.service ipset.service
- EnvironmentFile=-/etc/sysconfig/firewalld
- ExecStart=@sbindir@/firewalld --nofork --nopid $FIREWALLD_ARGS
- ExecReload=/bin/kill -HUP $MAINPID
--# supress to log debug and error output also to /var/log/messages
--StandardOutput=null
--StandardError=null
- Type=dbus
- BusName=org.fedoraproject.FirewallD1
- 
--- 
-2.6.2
-

firewalld-0.4.1.2.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c444c2d9dfbd4036e3a5508824655d729acd6fb633d90cc0e99903d53b6654fa
-size 604940

firewalld-0.4.2.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:329e44b7d8de2400222d602d6c87c368865531ffe4004c392803dbe55717068e
+size 649581

firewalld.changes

@@ -1,3 +1,58 @@
+-------------------------------------------------------------------
+Tue May 31 08:30:44 UTC 2016 - mchandras@suse.de
+
+- Update to version 0.4.2
+  * New module to search for and change ifcfg files for interfaces
+    not under control of NM
+  * firewall_config: Enhanced messages in status bar
+  * firewall-config: New message window as overlay if not connected
+  * firewall-config: Fix sentivity of option, view menus and main
+    paned if not connected
+  * firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls,
+    some cleanup
+  * firewall-[offline]cmd: Show target in zone information
+  * D-Bus: Completed masquerade methods in FirewallClientZoneSettings
+  * Fixed log-denied rules for icmp-blocks
+  * Keep sorting of interfaces, services, icmp-blocks and other
+    settings in zones
+  * Fixed runtime-to-permanent not to save interfaces under control
+    of NM
+  * New icmp-block-inversion flag in the zones
+  * ICMP type filtering in the zones
+  * New services: sip, sips, managesieve
+  * rich rules: Allow destination action (RHBZ#1163428)
+  * firewall-offline-cmd: New option -q/--quiet
+  * firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file
+  * firewall-[offline-]cmd: Fix option for setting the destination
+    address
+  * firewall-config: Fixed resizing behaviour
+  * New transaction model for speed ups in start, restart, stop and
+    other actions
+  * firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults
+  * Fixed memory leak in dbus_introspection_add_properties
+  * Landscape.io fixes, pylint calm downs
+  * New D-Bus getXnames methods to speed up firewall-config and firewall-cmd
+  * ebtables-restore: No support for COMMIT command
+  * Source port support in services, zones and rich rules
+  * firewall-offline-cmd: Added --{add,remove}-entries-from-file for ipsets
+  * firewall-config: New active bindings side bar for simple binding changes
+  * Reworked NetworkManager module
+  * Proper default zone handling for NM connections
+  * Try to set zone binding with NM if interface is under control of NM
+  * Code cleanup and bug fixes
+  * Include test suite in the release and install in /usr/share/firewalld/tests
+  * New Travis-CI configuration file
+  * Fixed more broken frensh translations
+  * Translation updates
+- Add upstream patches
+  * 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch: Removes
+    unneeded python shebangs
+  * 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch: Do
+    not try to access the network-scripts ifcfg directory.
+- Drop rejected patch
+  * drop-standard-output-error-systemd.patch
+- Minor spec file clean-up
+
 -------------------------------------------------------------------
 Fri May  6 20:56:42 UTC 2016 - jengelh@inai.de
 

firewalld.spec

@@ -17,17 +17,19 @@
 
 
 Name:           firewalld
-Version:        0.4.1.2
+Version:        0.4.2
 Release:        0
 Summary:        A firewall daemon with D-Bus interface providing a dynamic firewall
 License:        GPL-2.0+
 Group:          Productivity/Networking/Security
 Url:            http://www.firewalld.org
 Source:         https://fedorahosted.org/released/%{name}/%{name}-%{version}.tar.bz2
-# PATCH-FIX-OPENSUSE: drop-standard-output-error-systemd.patch,
+# PATCH-FIX-UPSTREAM: 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch
-# https://github.com/t-woerner/firewalld/pull/67(pending) -- Do not supress
+# Drop python shebangs
-# stdout/stderr for firewalld
+Patch0:         0001-src-firewall-core-Drop-unneeded-python-shebangs.patch
-Patch0:         drop-standard-output-error-systemd.patch
+# PATCH-FIX-UPSTREAM: 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch
+# Do not access the ifcfg directory if it does not exist
+Patch1:         0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch
 BuildRequires:  desktop-file-utils
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  gettext
@@ -54,9 +56,7 @@ Requires(post): %fillup_prereq
 Recommends:     %{name}-lang
 Suggests:       susefirewall2-to-firewalld
 BuildArch:      noarch
-%if 0%{?suse_version} >= 1210
 BuildRequires:  systemd-rpm-macros
-%endif
 
 %description
 firewalld is a firewall service daemon that provides a dynamic customizable
@@ -91,6 +91,7 @@ firewalld.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 %configure --enable-sysconfig --enable-rpmmacros
@@ -182,7 +183,7 @@ fi
 %{_libexecdir}/firewalld/services/*.xml
 %{_libexecdir}/firewalld/zones/*.xml
 %{_datadir}/polkit-1
-%{_sysconfdir}/rpm/macros.firewalld
+%config %{_sysconfdir}/rpm/macros.firewalld
 %dir %{_sysconfdir}/dbus-1
 %dir %{_sysconfdir}/dbus-1/system.d
 %attr(0750,root,root) %dir %{_libexecdir}/firewalld
@@ -192,6 +193,7 @@ fi
 %attr(0750,root,root) %dir %{_libexecdir}/firewalld/services
 %attr(0750,root,root) %dir %{_libexecdir}/firewalld/zones
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld
+%attr(0750,root,root) %{_datadir}/firewalld/tests
 %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
 %config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes
@@ -230,6 +232,7 @@ fi
 %attr(0755,root,root) %{_bindir}/firewall-config
 %{_datadir}/firewalld/firewall-config.glade
 %attr(0755,root,root) %{_datadir}/firewalld/gtk3_chooserbutton.py*
+%attr(0755,root,root) %{_datadir}/firewalld/gtk3_niceexpander.py*
 %{_datadir}/applications/firewall-config.desktop
 %dir %{_datadir}/appdata
 %{_datadir}/appdata/firewall-config.appdata.xml