Hello community, here is the log from the commit of package firewalld for openSUSE:Factory checked in at 2018-07-26 16:46:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firewalld (Old) and /work/SRC/openSUSE:Factory/.firewalld.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firewalld" Thu Jul 26 16:46:57 2018 rev:31 rq: version:0.5.3 Changes: -------- --- /work/SRC/openSUSE:Factory/firewalld/firewalld.changes 2018-07-25 16:03:21.224765075 +0200 +++ /work/SRC/openSUSE:Factory/.firewalld.new/firewalld.changes 2018-07-26 16:47:02.056054939 +0200 @@ -2,19 +1,0 @@ -Fri Jul 6 15:07:31 UTC 2018 - [email protected] - -- Update to 0.6.0. Some of the changes are: - * update translations - * firewall-config: Add ipv6-icmp to the protocol dropdown box (#348, bsc#1099698) - * core: logger: Remove world-readable bit from logfile (#349, bsc#1098986) - * IPv6 rpfilter: explicitly allow neighbor solicitation - * nftables backend (default) - * Added loads of new services - * firewall-cmd: add --check-config option - * firewall-offline-cmd: add --check-config option - * firewallctl: completely remove all code and references - * dbus: expose FirewallBackend - * dbus: fix erroneous fallback for AutomaticHelpers -- Remove patches which have made it upstream - * firewalld-add-additional-services.patch -- spec-cleaner fixes - -------------------------------------------------------------------- Old: ---- firewalld-0.6.0.tar.gz New: ---- firewalld-0.5.3.tar.gz firewalld-add-additional-services.patch firewalld-po-20180417.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firewalld.spec ++++++ --- /var/tmp/diff_new_pack.5G0QA0/_old 2018-07-26 16:47:02.580055633 +0200 +++ /var/tmp/diff_new_pack.5G0QA0/_new 2018-07-26 16:47:02.580055633 +0200 @@ -18,24 +18,28 @@ #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} - %define _fillupdir %{_localstatedir}/adm/fillup-templates + %define _fillupdir /var/adm/fillup-templates %endif + Name: firewalld -Version: 0.6.0 +Version: 0.5.3 Release: 0 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall License: GPL-2.0-or-later Group: Productivity/Networking/Security Url: http://www.firewalld.org Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source1: firewalld-po-20180417.tar.xz +# PATCH-FIX-SUSE: firewalld-add-additional-services.patch - https://github.com/firewalld/firewalld/pull/313 +Patch0: firewalld-add-additional-services.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: desktop-file-utils BuildRequires: docbook-xsl-stylesheets +BuildRequires: fdupes # Adding tools to BuildRequires as well so they can be autodetected # even though it is probably unlikely for paths to change in the future BuildRequires: ebtables -BuildRequires: fdupes BuildRequires: gettext BuildRequires: glib2-devel BuildRequires: gobject-introspection @@ -44,13 +48,11 @@ BuildRequires: ipset BuildRequires: iptables BuildRequires: libxslt-tools -BuildRequires: nftables BuildRequires: python3-devel BuildRequires: systemd-rpm-macros Requires: ebtables Requires: ipset Requires: iptables -Requires: nftables Requires: python3-firewall = %{version} Requires: sysconfig Requires(post): %fillup_prereq @@ -109,18 +111,21 @@ %lang_package %prep -%setup -q +%setup -q -a1 +%patch0 -p1 # bsc#1078223 rm config/services/high-availability.xml %build -export PYTHON="%{_bindir}/python3" +export PYTHON="python3" +sed -i "s|/usr/bin/python -Es|/usr/bin/python3 -Es|g" fix_python_shebang.sh +sed -i "s|python|python3|g" config/lockdown-whitelist.xml ./autogen.sh %configure \ --enable-sysconfig \ --enable-rpmmacros \ - --with-ifcfgdir="%{_sysconfdir}/network" + --with-ifcfgdir="/etc/sysconfig/network" # Normally documentation is shipped but this will ensure that missing # files will be generated. @@ -203,12 +208,12 @@ %{_bindir}/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %files -%doc README -%license COPYING +%doc COPYING README %{_sbindir}/firewalld %{_sbindir}/rcfirewalld %{_bindir}/firewall-cmd %{_bindir}/firewall-offline-cmd +%{_bindir}/firewallctl %dir %{_datadir}/bash-completion/completions %{_datadir}/bash-completion/completions/firewall-cmd %dir %{_libexecdir}/firewalld @@ -217,11 +222,14 @@ %dir %{_libexecdir}/firewalld/services %dir %{_libexecdir}/firewalld/zones %dir %{_libexecdir}/firewalld/helpers +%dir %{_libexecdir}/firewalld/xmlschema %{_libexecdir}/firewalld/icmptypes/*.xml %{_libexecdir}/firewalld/ipsets/README %{_libexecdir}/firewalld/services/*.xml %{_libexecdir}/firewalld/zones/*.xml %{_libexecdir}/firewalld/helpers/*.xml +%{_libexecdir}/firewalld/xmlschema/check.sh +%{_libexecdir}/firewalld/xmlschema/*.xsd %{_datadir}/polkit-1 %dir %{_sysconfdir}/dbus-1 %dir %{_sysconfdir}/dbus-1/system.d @@ -238,9 +246,10 @@ %{_unitdir}/firewalld.service %{_fillupdir}/sysconfig.%{name} %config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf -%{_mandir}/man1/firewall*cmd*.1%{?ext_man} -%{_mandir}/man1/firewalld*.1%{?ext_man} -%{_mandir}/man5/firewall*.5%{?ext_man} +%{_mandir}/man1/firewall*cmd*.1* +%{_mandir}/man1/firewalld*.1* +%{_mandir}/man1/firewallctl*.1* +%{_mandir}/man5/firewall*.5* %files -n python3-firewall %attr(0755,root,root) %dir %{python3_sitelib}/firewall @@ -273,7 +282,7 @@ %config(noreplace) %{_sysconfdir}/firewall/applet.conf %{_sysconfdir}/xdg/autostart/firewall-applet.desktop %{_datadir}/icons/hicolor/*/apps/firewall-applet*.* -%{_mandir}/man1/firewall-applet*.1%{?ext_man} +%{_mandir}/man1/firewall-applet*.1* %files -n firewall-config %dir %{_datadir}/firewalld @@ -286,7 +295,7 @@ %{_datadir}/appdata/firewall-config.appdata.xml %{_datadir}/icons/hicolor/*/apps/firewall-config*.* %{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml -%{_mandir}/man1/firewall-config*.1%{?ext_man} +%{_mandir}/man1/firewall-config*.1* %files lang -f %{name}.lang ++++++ firewalld-0.6.0.tar.gz -> firewalld-0.5.3.tar.gz ++++++ ++++ 44684 lines of diff (skipped) ++++++ firewalld-add-additional-services.patch ++++++ [mchandras]: Backport patch for additional firewalld services which don't exist in stable-0.5 branch. This can be removed when https://github.com/firewalld/firewalld/pull/313 is accepted diff --git a/config/Makefile.am b/config/Makefile.am index c202d8fe..9c402329 100644 --- a/config/Makefile.am +++ b/config/Makefile.am @@ -122,6 +122,9 @@ CONFIG_FILES = \ ipsets/README \ services/amanda-client.xml \ services/amanda-k5-client.xml \ + services/amqp.xml \ + services/amqps.xml \ + services/apcupsd.xml \ services/bacula-client.xml \ services/bacula.xml \ services/bgp.xml \ @@ -137,11 +140,15 @@ CONFIG_FILES = \ services/dhcpv6-client.xml \ services/dhcpv6.xml \ services/dhcp.xml \ + services/distcc.xml \ services/dns.xml \ services/docker-registry.xml \ services/docker-swarm.xml \ services/dropbox-lansync.xml \ services/elasticsearch.xml \ + services/etcd-client.xml \ + services/etcd-server.xml \ + services/finger.xml \ services/freeipa-ldaps.xml \ services/freeipa-ldap.xml \ services/freeipa-replication.xml \ @@ -179,6 +186,8 @@ CONFIG_FILES = \ services/mongodb.xml \ services/mosh.xml \ services/mountd.xml \ + services/mqtt.xml \ + services/mqtt-tls.xml \ services/mssql.xml \ services/ms-wbt.xml \ services/murmur.xml \ @@ -188,6 +197,7 @@ CONFIG_FILES = \ services/nmea-0183.xml \ services/nrpe.xml \ services/ntp.xml \ + services/nut.xml \ services/openvpn.xml \ services/ovirt-imageio.xml \ services/ovirt-storageconsole.xml \ @@ -211,11 +221,13 @@ CONFIG_FILES = \ services/rpc-bind.xml \ services/rsh.xml \ services/rsyncd.xml \ + services/salt-master.xml \ services/samba-client.xml \ services/samba.xml \ services/sane.xml \ services/sips.xml \ services/sip.xml \ + services/slp.xml \ services/smtp-submission.xml \ services/smtps.xml \ services/smtp.xml \ @@ -224,6 +236,8 @@ CONFIG_FILES = \ services/spideroak-lansync.xml \ services/squid.xml \ services/ssh.xml \ + services/svdrp.xml \ + services/svn.xml \ services/syncthing.xml \ services/syncthing-gui.xml \ services/synergy.xml \ @@ -238,7 +252,11 @@ CONFIG_FILES = \ services/upnp-client.xml \ services/vdsm.xml \ services/vnc-server.xml \ + services/wbem-http.xml \ services/wbem-https.xml \ + services/wsman.xml \ + services/wsmans.xml \ + services/xdmcp.xml \ services/xmpp-bosh.xml \ services/xmpp-client.xml \ services/xmpp-local.xml \ diff --git a/config/services/amqp.xml b/config/services/amqp.xml new file mode 100644 index 00000000..b9501d9e --- /dev/null +++ b/config/services/amqp.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>amqp</short> + <description>The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for message-oriented middleware.</description> + <port protocol="tcp" port="5672"/> +</service> diff --git a/config/services/amqps.xml b/config/services/amqps.xml new file mode 100644 index 00000000..02bdae52 --- /dev/null +++ b/config/services/amqps.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>amqps</short> + <description>The Advanced Message Queuing Protocol (AMQP) over SSL is an open standard application layer protocol for message-oriented middleware.</description> + <port protocol="tcp" port="5671"/> +</service> diff --git a/config/services/apcupsd.xml b/config/services/apcupsd.xml new file mode 100644 index 00000000..fac9955c --- /dev/null +++ b/config/services/apcupsd.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>apcupsd</short> + <description>The American Power Conversion (APC) uninterruptible power supply (UPS) daemon protocol allows to monitor and control APC UPS devices.</description> + <port port="3551" protocol="tcp"/> +</service> diff --git a/config/services/distcc.xml b/config/services/distcc.xml new file mode 100644 index 00000000..f7b52ec8 --- /dev/null +++ b/config/services/distcc.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>distcc</short> + <description>Distcc is a protocol used for distributed compilation.</description> + <port port="3632" protocol="tcp"/> +</service> diff --git a/config/services/etcd-client.xml b/config/services/etcd-client.xml new file mode 100644 index 00000000..f0fb22af --- /dev/null +++ b/config/services/etcd-client.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>etcd Client</short> + <description>etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the client side port.</description> + <port port="2379" protocol="tcp"/> +</service> diff --git a/config/services/etcd-server.xml b/config/services/etcd-server.xml new file mode 100644 index 00000000..11688818 --- /dev/null +++ b/config/services/etcd-server.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>etcd Server</short> + <description>etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the server side port.</description> + <port port="2380" protocol="tcp"/> +</service> diff --git a/config/services/finger.xml b/config/services/finger.xml new file mode 100644 index 00000000..f42895f6 --- /dev/null +++ b/config/services/finger.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>finger</short> + <description>Finger is a protocol for obtaining information about users on remote hosts.</description> + <port port="79" protocol="tcp"/> +</service> diff --git a/config/services/mqtt-tls.xml b/config/services/mqtt-tls.xml new file mode 100644 index 00000000..403455ae --- /dev/null +++ b/config/services/mqtt-tls.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>mqtt-tls</short> + <description>The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol uses TLS encryption.</description> + <port port="8883" protocol="tcp"/> +</service> diff --git a/config/services/mqtt.xml b/config/services/mqtt.xml new file mode 100644 index 00000000..ad262cbf --- /dev/null +++ b/config/services/mqtt.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>mqtt</short> + <description>The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol is unencrypted.</description> + <port port="1883" protocol="tcp"/> +</service> diff --git a/config/services/nut.xml b/config/services/nut.xml new file mode 100644 index 00000000..6e66d735 --- /dev/null +++ b/config/services/nut.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>NUT</short> + <description>Network UPS Tools (NUT) is a protocol that allows to monitor and control power devices like uninterruptible power supplies.</description> + <port port="3493" protocol="tcp"/> + <!-- <port port="3493" protocol="udp"/> according to upstream never really worked over UDP --> +</service> diff --git a/config/services/salt-master.xml b/config/services/salt-master.xml new file mode 100644 index 00000000..799420e3 --- /dev/null +++ b/config/services/salt-master.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>Salt Master</short> + <description>Salt is a protocol used for infrastructure management via a dynamic communication bus. These ports are required on the salt master node.</description> + <port port="4505" protocol="tcp"/> + <port port="4506" protocol="tcp"/> +</service> diff --git a/config/services/slp.xml b/config/services/slp.xml new file mode 100644 index 00000000..da60c651 --- /dev/null +++ b/config/services/slp.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>SLP</short> + <description>The Service Location Protocol (SLP) is used for discovering services in a local network without prior configuration.</description> + <port port="427" protocol="tcp"/> + <port port="427" protocol="udp"/> +</service> diff --git a/config/services/svdrp.xml b/config/services/svdrp.xml new file mode 100644 index 00000000..4462ebb0 --- /dev/null +++ b/config/services/svdrp.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>SVDRP</short> + <description>The Simple Video Disk Recorder Protocol (SVDRP) allows to control video disk recorder functionality.</description> + <port port="6419" protocol="tcp"/> + <port port="6419" protocol="udp"/> +</service> diff --git a/config/services/svn.xml b/config/services/svn.xml new file mode 100644 index 00000000..bdc6bf94 --- /dev/null +++ b/config/services/svn.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>Subversion</short> + <description>The custom, unencrypted protocol used the Subversion Version Control System.</description> + <port port="3690" protocol="tcp"/> +</service> diff --git a/config/services/wbem-http.xml b/config/services/wbem-http.xml new file mode 100644 index 00000000..4283854e --- /dev/null +++ b/config/services/wbem-http.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>wbem-http</short> + <description>Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments. This is the unencrypted protocol variant.</description> + <port protocol="tcp" port="5988"/> +</service> + diff --git a/config/services/wsman.xml b/config/services/wsman.xml new file mode 100644 index 00000000..fcb55570 --- /dev/null +++ b/config/services/wsman.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>wsman</short> + <description>Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol is unencrypted</description> + <port port="5985" protocol="tcp"/> +</service> diff --git a/config/services/wsmans.xml b/config/services/wsmans.xml new file mode 100644 index 00000000..8f2971b7 --- /dev/null +++ b/config/services/wsmans.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>wsmans</short> + <description>Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol uses TLS encryption.</description> + <port port="5986" protocol="tcp"/> +</service> diff --git a/config/services/xdmcp.xml b/config/services/xdmcp.xml new file mode 100644 index 00000000..5610e053 --- /dev/null +++ b/config/services/xdmcp.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>XDMCP</short> + <description>The X Display Manager Control Protocol (XDMCP) allows to remotely log in to an X desktop environment from any X Window System compatible client.</description> + <port port="177" protocol="tcp"/> + <port port="177" protocol="udp"/> +</service>
