Hello community, here is the log from the commit of package firewalld for openSUSE:Factory checked in at 2017-11-19 11:11:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firewalld (Old) and /work/SRC/openSUSE:Factory/.firewalld.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firewalld" Sun Nov 19 11:11:22 2017 rev:21 rq:542569 version:0.4.4.6 Changes: -------- --- /work/SRC/openSUSE:Factory/firewalld/firewalld.changes 2017-11-14 14:45:06.242644367 +0100 +++ /work/SRC/openSUSE:Factory/.firewalld.new/firewalld.changes 2017-11-19 11:11:30.263139750 +0100 @@ -1,0 +2,44 @@ +Thu Nov 16 08:41:27 UTC 2017 - [email protected] + +- Add combined upstream patch to support SUSE ifcfg network files. + * 0001-suse-ifcfg-files.patch (gh#firewalld/firewalld#262, fate#323460) + +------------------------------------------------------------------- +Wed Nov 15 12:36:09 UTC 2017 - [email protected] + +- Update to version 0.4.4.6 + * firewall.core.fw_config: Fix check for icmp builtin name + * config.services: docker-swarm: fix incorrect attribute + * xmlschema/service.xsd: Fix protocol looking for name instead of value + * Add docker swarm service (gh#firewalld/firewalld#230) + * Adding FirewallD redis service (gh#firewalld/firewalld#248) + * Adding firewalld zabbix server and agent services (gh#firewalld/firewalld#221) + * firewall-offline-cmd: Don't require root for help output + * doc: firewall-cmd: Document --query-* options return codes + * firewall-cmd: Use colors only if output is a TTY + * core: Log unsupported ICMP types as informational only + * add bgp service to predefined services edit to config/Makefile.am + * Add git service + * Add kprop service + * minidlna definitions (gh#firewalld/firewalld#236) + * SpiderOak ONE listens on port 21327 and 21328 + * autogen.sh: Allow skipping configure via NOCONFIGURE env var + * Add missing ports to RH-Satellite-6 service + * Reload nf_conntrack sysctls after the module is loaded + * Add NFSv3 service. + * config/Makefile.am: Add murmur service (a95eed1) + * add new service IRC + * firewall.core.prog: Simplify runProg output: Combine stderr and stdout + * firewall.core.fw: Fix possible dict size change in for loop + * firewall.core.fw: Use new firewalld git repo in firewalld organization + * config/firewall-config.appdata.xml.in: Use new firewalld git repo in firewalld organization + * firewall.core.fw_zone: Rich-rule ICMP type: Error only for conflicting family + * firewall.core.rich: Add checks for Rich_Source validation + * Handle also IPv6 with the zone masquerade flag + * Add IPv6 support for forward-ports in zones + * firewall.command: Enable parse_forward_port to work with IPv6 adresses + * firewall.core.fw_zone: Fix IPv6 address in rich rule forward ports + * add Murmur (Mumble server) service +- spec file fixes to avoid rpmlint warnings about duplicate files. + +------------------------------------------------------------------- Old: ---- firewalld-0.4.4.5.tar.gz New: ---- 0001-suse-ifcfg-files.patch firewalld-0.4.4.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firewalld.spec ++++++ --- /var/tmp/diff_new_pack.cOFvrD/_old 2017-11-19 11:11:31.371099352 +0100 +++ /var/tmp/diff_new_pack.cOFvrD/_new 2017-11-19 11:11:31.371099352 +0100 @@ -17,13 +17,16 @@ Name: firewalld -Version: 0.4.4.5 +Version: 0.4.4.6 Release: 0 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall License: GPL-2.0+ Group: Productivity/Networking/Security Url: http://www.firewalld.org -Source: https://github.com/t-woerner/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +# PATCH-FIX-UPSTREAM: 0001-suse-ifcfg-files.patch. Combined patch to support ifcfg files on SUSE based on +# https://github.com/firewalld/firewalld/pull/262 +Patch: 0001-suse-ifcfg-files.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: desktop-file-utils @@ -32,12 +35,12 @@ # even though it is probably unlikely for paths to change in the future BuildRequires: ebtables BuildRequires: gettext -BuildRequires: ipset -BuildRequires: iptables BuildRequires: glib2-devel BuildRequires: gobject-introspection BuildRequires: hicolor-icon-theme BuildRequires: intltool +BuildRequires: ipset +BuildRequires: iptables BuildRequires: libxslt-tools BuildRequires: python3-devel BuildRequires: systemd-rpm-macros @@ -87,13 +90,15 @@ %prep %setup -q +%patch -p1 %build export PYTHON="python3" ./autogen.sh %configure \ --enable-sysconfig \ - --enable-rpmmacros + --enable-rpmmacros \ + --with-ifcfgdir="/etc/sysconfig/network" # Normally documentation is shipped but this will ensure that missing # files will be generated. @@ -184,6 +189,8 @@ %config %{_sysconfdir}/rpm/macros.firewalld %dir %{_sysconfdir}/dbus-1 %dir %{_sysconfdir}/dbus-1/system.d +%dir %{_sysconfdir}/modprobe.d +%config(noreplace) %{_sysconfdir}/modprobe.d/firewalld-sysctls.conf %dir %{_datadir}/firewalld/tests %attr(0750,root,root) %{_datadir}/firewalld/tests/*.sh %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf @@ -198,16 +205,8 @@ %{_localstatedir}/adm/fillup-templates/sysconfig.%{name} %config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf %attr(0755,root,root) %dir %{python3_sitelib}/firewall -%attr(0755,root,root) %dir %{python3_sitelib}/firewall/config -%attr(0755,root,root) %dir %{python3_sitelib}/firewall/core -%attr(0755,root,root) %dir %{python3_sitelib}/firewall/core/io -%attr(0755,root,root) %dir %{python3_sitelib}/firewall/server %{_datadir}/firewalld/__pycache__ %{python3_sitelib}/firewall/* -%{python3_sitelib}/firewall/config/* -%{python3_sitelib}/firewall/core/* -%{python3_sitelib}/firewall/core/io/* -%{python3_sitelib}/firewall/server/* %{_mandir}/man1/firewall*cmd*.1* %{_mandir}/man1/firewalld*.1* %{_mandir}/man1/firewallctl*.1* ++++++ 0001-suse-ifcfg-files.patch ++++++ Combined patch for https://github.com/firewalld/firewalld/pull/262 - https://github.com/firewalld/firewalld/commit/593d3158e9147b230f6b2307dabe6b6d294a539f - https://github.com/firewalld/firewalld/commit/399cf02ffef846281a67421b2c1d1cf818af8f61 - https://github.com/firewalld/firewalld/commit/278938d754b2ede993992987cc6c2418c82b85a0 diff --git a/configure.ac b/configure.ac index 776e627b..7cd11758 100644 --- a/configure.ac +++ b/configure.ac @@ -67,6 +67,11 @@ AC_ARG_WITH([bashcompletiondir], [BASHCOMPLETIONDIR=$withval], [BASHCOMPLETIONDIR="${datadir}/bash-completion/completions"]) AC_SUBST(BASHCOMPLETIONDIR) +AC_ARG_WITH([ifcfgdir], + AS_HELP_STRING([--with-ifcfgdir=DIR], [The ifcfg configuration directory]), + [IFCFGDIR=$withval], [IFCFGDIR="/etc/sysconfig/network-scripts"]) +AC_SUBST(IFCFGDIR) + # Extend PATH to include /sbin etc in case we are building as non-root FW_TOOLS_PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin" diff --git a/doc/xml/Makefile.am b/doc/xml/Makefile.am index db649b61..6df3b8c4 100644 --- a/doc/xml/Makefile.am +++ b/doc/xml/Makefile.am @@ -2,7 +2,8 @@ XSLTPROC = xsltproc EXTRA_DIST = $(HTMLS:../html/%.html=%.xml) \ authors.xml notes.xml seealso.xml errorcodes.xml \ - transform-man.xsl.in transform-html.xsl.in + transform-man.xsl.in transform-html.xsl.in \ + firewalld.xml.in firewall-cmd.xml.in firewallctl.xml.in man_MANS = $(man1_MANS) $(man5_MANS) HTMLS = $(man1_MANS:../man/man1/%.1=../html/%.html) $(man5_MANS:../man/man5/%.5=../html/%.html) @@ -29,7 +30,8 @@ man5_MANS = \ ../man/man5/firewalld.zones.5 CLEAN_FILES = *~ errorcodes.xml -DISTCLEANFILES = $(man_MANS) $(HTMLS) transform-*.xsl +DISTCLEANFILES = $(man_MANS) $(HTMLS) transform-*.xsl \ + firewalld.xml firewall-cmd.xml firewallctl.xml #SGML_CATALOG_FILES #XSLTPROC_FLAGS = --catalogs --nonet --xinclude @@ -44,9 +46,9 @@ all: $(man_MANS) $(HTMLS) clean: -test -z "$(CLEAN_FILES)" || rm -f $(CLEAN_FILES) -../man/man1/firewall-cmd.1: errorcodes.xml +../man/man1/firewall-cmd.1: errorcodes.xml firewall-cmd.xml -../html/firewall-cmd.html: errorcodes.xml +../html/firewall-cmd.html: errorcodes.xml firewall-cmd.xml ../man/man1/%.1: %.xml authors.xml notes.xml seealso.xml transform-man.xsl $(XSLTPROC) -o $@ $(XSLTPROC_MAN_FLAGS) $< @@ -67,9 +69,16 @@ errorcodes.xml: ../../src/firewall/errors.py edit = sed \ -e 's|\@PREFIX\@|$(prefix)|' \ -e 's|\@SYSCONFDIR\@|$(sysconfdir)|' \ - -e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|' + -e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|' \ + -e 's|\@IFCFGDIR\@|$(IFCFGDIR)|' transform-man.xsl: transform-man.xsl.in $(edit) $< >$@ transform-html.xsl: transform-html.xsl.in $(edit) $< >$@ +firewall-cmd.xml: firewall-cmd.xml.in + $(edit) $< >$@ +firewalld.xml: firewalld.xml.in + $(edit) $< >$@ +firewallctl.xml: firewallctl.xml.in + $(edit) $< >$@ diff --git a/doc/xml/firewall-cmd.xml b/doc/xml/firewall-cmd.xml.in similarity index 99% rename from doc/xml/firewall-cmd.xml rename to doc/xml/firewall-cmd.xml.in index 0b54b0be..80b1fbe1 100644 --- a/doc/xml/firewall-cmd.xml +++ b/doc/xml/firewall-cmd.xml.in @@ -910,7 +910,7 @@ For interfaces that are not under control of NetworkManager, firewalld tries to </para> <para> As a end user you don't need this in most cases, because NetworkManager (or legacy network service) adds interfaces into zones automatically (according to <option>ZONE=</option> option from ifcfg-<replaceable>interface</replaceable> file) if <replaceable>NM_CONTROLLED=no</replaceable> is not set. - You should do it only if there's no /etc/sysconfig/network-scripts/ifcfg-<replaceable>interface</replaceable> file. + You should do it only if there's no @IFCFGDIR@/ifcfg-<replaceable>interface</replaceable> file. If there is such file and you add interface to zone with this <option>--add-interface</option> option, make sure the zone is the same in both cases, otherwise the behaviour would be undefined. Please also have a look at the <citerefentry><refentrytitle>firewalld</refentrytitle><manvolnum>1</manvolnum></citerefentry> man page in the <replaceable>Concepts</replaceable> section. For permanent association of interface with a zone, see also 'How to set or change a zone for a connection?' in <citerefentry><refentrytitle>firewalld.zones</refentrytitle><manvolnum>5</manvolnum></citerefentry>. diff --git a/doc/xml/firewallctl.xml b/doc/xml/firewallctl.xml.in similarity index 99% rename from doc/xml/firewallctl.xml rename to doc/xml/firewallctl.xml.in index 30be89f0..1c6d2f22 100644 --- a/doc/xml/firewallctl.xml +++ b/doc/xml/firewallctl.xml.in @@ -601,7 +601,7 @@ </para> <para> As a end user you don't need to create or change zone bindings of interfaces in most cases, because NetworkManager (or legacy network service) adds interfaces into zones automatically (according to <option>ZONE=</option> option from ifcfg-<replaceable>interface</replaceable> file) if <replaceable>NM_CONTROLLED=no</replaceable> is not set. - You should do it only if there's no /etc/sysconfig/network-scripts/ifcfg-<replaceable>interface</replaceable> file. + You should do it only if there's no @IFCFGDIR@/ifcfg-<replaceable>interface</replaceable> file. If there is such file and you add interface to zone with this <option>--add-interface</option> option, make sure the zone is the same in both cases, otherwise the behaviour would be undefined. Please also have a look at the <citerefentry><refentrytitle>firewalld</refentrytitle><manvolnum>1</manvolnum></citerefentry> man page in the <replaceable>Concepts</replaceable> section. For permanent association of interface with a zone, see also 'How to set or change a zone for a connection?' in <citerefentry><refentrytitle>firewalld.zones</refentrytitle><manvolnum>5</manvolnum></citerefentry>. diff --git a/doc/xml/firewalld.xml b/doc/xml/firewalld.xml.in similarity index 98% rename from doc/xml/firewalld.xml rename to doc/xml/firewalld.xml.in index f14c3034..de802059 100644 --- a/doc/xml/firewalld.xml +++ b/doc/xml/firewalld.xml.in @@ -130,7 +130,7 @@ </para> <para> You can add these interfaces to a zone with <command>firewall-cmd [--permanent] --zone=<replaceable>zone</replaceable> --add-interface=<replaceable>interface</replaceable></command>. - If there is a /etc/sysconfig/network-scripts/ifcfg-<replaceable>interface</replaceable> file, firewalld tries to change the ZONE=<replaceable>zone</replaceable> setting in this file. + If there is a @IFCFGDIR@/ifcfg-<replaceable>interface</replaceable> file, firewalld tries to change the ZONE=<replaceable>zone</replaceable> setting in this file. </para> <para> If firewalld gets reloaded, it will restore the interface bindings that were in place before reloading to keep interface bindings stable in the case of NetworkManager uncontrolled interfaces. diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in index a389c8bf..9262f075 100644 --- a/src/firewall/config/__init__.py.in +++ b/src/firewall/config/__init__.py.in @@ -88,7 +88,7 @@ FIREWALLD_DIRECT = ETC_FIREWALLD + '/direct.xml' LOCKDOWN_WHITELIST = ETC_FIREWALLD + '/lockdown-whitelist.xml' SYSCONFIGDIR = '/etc/sysconfig' -IFCFGDIR = SYSCONFIGDIR + '/network-scripts' +IFCFGDIR = "@IFCFGDIR@" SYSCTL_CONFIG = '/etc/sysctl.conf' diff --git a/src/firewall/core/fw_ifcfg.py b/src/firewall/core/fw_ifcfg.py index 0b049a64..b645ef37 100644 --- a/src/firewall/core/fw_ifcfg.py +++ b/src/firewall/core/fw_ifcfg.py @@ -36,13 +36,6 @@ def search_ifcfg_of_interface(interface): if not os.path.exists(config.IFCFGDIR): return None - filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface) - if os.path.exists(filename): - ifcfg_file = ifcfg(filename) - ifcfg_file.read() - if ifcfg_file.get("DEVICE") == interface: - return ifcfg_file - for filename in sorted(os.listdir(config.IFCFGDIR)): if not filename.startswith("ifcfg-"): continue @@ -57,6 +50,13 @@ def search_ifcfg_of_interface(interface): if ifcfg_file.get("DEVICE") == interface: return ifcfg_file + # Wasn't found above, so assume filename matches the device we want + filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface) + if os.path.exists(filename): + ifcfg_file = ifcfg(filename) + ifcfg_file.read() + return ifcfg_file + return None def ifcfg_set_zone_of_interface(zone, interface): ++++++ firewalld-0.4.4.5.tar.gz -> firewalld-0.4.4.6.tar.gz ++++++ ++++ 12565 lines of diff (skipped)
