Hello community, here is the log from the commit of package firewalld for openSUSE:Factory checked in at 2018-10-01 09:06:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firewalld (Old) and /work/SRC/openSUSE:Factory/.firewalld.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firewalld" Mon Oct 1 09:06:07 2018 rev:37 rq:637406 version:0.6.2 Changes: -------- --- /work/SRC/openSUSE:Factory/firewalld/firewalld.changes 2018-09-20 11:38:41.100954340 +0200 +++ /work/SRC/openSUSE:Factory/.firewalld.new/firewalld.changes 2018-10-01 09:06:12.955851557 +0200 @@ -1,0 +2,44 @@ +Mon Sep 24 09:05:52 UTC 2018 - Markos Chandras <[email protected]> + +- Add upstream patch to mark more strings as translatable which is + required by firewall UI when creating rich rules (bsc#1096542) + * 0001-Fix-translating-labels-392.patch + +------------------------------------------------------------------- +Fri Sep 21 17:13:32 UTC 2018 - Luiz Angelo Daros de Luca <[email protected]> + +- Add upstream patch to fix rich rules that uses ipset (bsc#1104990) + * 00002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch + +------------------------------------------------------------------- +Thu Sep 20 07:27:33 UTC 2018 - Markos Chandras <[email protected]> + +- Update to 0.6.2. Some of the changes are: + * update translations + * nftables: fix log-denied with values other than "all" or "off" + * fw_ipset: raise FirewallError if backend command fails + * ipset: only use "-exist" on restore + * fw_ipset: fix duplicate add of ipset entries + * *tables: For opened ports/protocols/etc match ct state new,untracked (bsc#1105821) + * ipXtables: increase wait lock to 10s + * nftables: fix rich rules ports/protocols/source ports not considering ct state + * ports: allow querying a single added by range + * fw_zone: do not change rich rule errors into warnings + * fw_zone: fix services with multiple destination IP versions (bsc#1105899) + * fw_zone: consider destination for protocols + * firewall/core/fw_nm: nm_get_zone_of_connection should return None or empty string instead of False (boo#1106319) + * fw: If direct rules fail to apply add a "Direct" label to error msg + * fw: if startup fails on reload, reapply non-perm config that survives reload + * nftables: fix rich rule audit log + * ebtables: replace RETURN policy with explicit RETURN at end of chain + * direct backends: allow build_chain() to build multiple rules + * fw: if failure occurs during startup set state to FAILED + * fw: on restart set policy from same function + * ebtables: drop support for broute table +- Remove upstream patches + * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch + * 0001-fw_zone-consider-destination-for-protocols.patch + * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch + * firewalld-fix-firewalld-config-crash.patch + +------------------------------------------------------------------- Old: ---- 0001-fw_zone-consider-destination-for-protocols.patch 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch firewalld-0.6.1.tar.gz firewalld-fix-firewalld-config-crash.patch New: ---- 0001-Fix-translating-labels-392.patch 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch firewalld-0.6.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firewalld.spec ++++++ --- /var/tmp/diff_new_pack.RgIus5/_old 2018-10-01 09:06:13.499851089 +0200 +++ /var/tmp/diff_new_pack.RgIus5/_new 2018-10-01 09:06:13.503851086 +0200 @@ -21,7 +21,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: firewalld -Version: 0.6.1 +Version: 0.6.2 Release: 0 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall License: GPL-2.0-or-later @@ -30,14 +30,10 @@ Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz # PATCH-FIX-SUSE: 0001-firewall-backend-Switch-default-backend-to-iptables.patch (bsc#1102761) Patch0: 0001-firewall-backend-Switch-default-backend-to-iptables.patch -# PATCH-FIX-UPSTREAM firewalld-fix-firewalld-config-crash.patch [email protected] -- fix firewall-config crash when nm_get_zone_of_connection returns "False" -Patch1: firewalld-fix-firewalld-config-crash.patch -# PATCH-FIX-UPSTREAM 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch (bsc#1105821) -Patch2: 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch -# PATCH-FIX-UPSTRΕΑΜ 0001-fw_zone-consider-destination-for-protocols.patch -Patch3: 0001-fw_zone-consider-destination-for-protocols.patch -# PATCH-FIX-UPSTREAM 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch (bsc#1108651) -Patch4: 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch +# PATCH-FIX-UPSTREAM: 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch (bsc#1104990) +Patch1: 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch +# PATCH-FIX-UPSTREAM: 0001-Fix-translating-labels-392.patch (bsc#1096542) +Patch2: 0001-Fix-translating-labels-392.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: desktop-file-utils @@ -123,8 +119,6 @@ %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 # bsc#1078223 rm config/services/high-availability.xml ++++++ 0001-Fix-translating-labels-392.patch ++++++ >From 15fb48d04e576edb828abf321ae1e765822a4ee3 Mon Sep 17 00:00:00 2001 From: MeggyCal <[email protected]> Date: Thu, 20 Sep 2018 15:37:17 +0200 Subject: [PATCH] Fix translating labels (#392) Fix for #344 was incomplete, the "flags" were not translating and the reported bug was still active. Fixes: #344 (cherry picked from commit e657200927a9f0f41fbed95640cd47e2a5836c6f) --- src/firewall-config.glade | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/firewall-config.glade b/src/firewall-config.glade index 22bed58a..75c229b4 100644 --- a/src/firewall-config.glade +++ b/src/firewall-config.glade @@ -10135,10 +10135,10 @@ <property name="halign">start</property> <property name="valign">start</property> <items> - <item>accept</item> - <item>reject</item> - <item>drop</item> - <item>mark</item> + <item translatable="yes">accept</item> + <item translatable="yes">reject</item> + <item translatable="yes">drop</item> + <item translatable="yes">mark</item> </items> <signal name="changed" handler="on_richRuleDialog_changed" swapped="no"/> </object> -- 2.19.0 ++++++ 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch ++++++ >From fa0bce3d45563e28b8beea1cb0ee325f4a82ebf9 Mon Sep 17 00:00:00 2001 From: Eric Garver <[email protected]> Date: Fri, 21 Sep 2018 15:55:50 -0400 Subject: [PATCH] fw_zone: expose _ipset_match_flags() Rename __ipset_match_flags() to _ipset_match_flags() so it may be used outside the class. With the iptables backend this fixes rich rules that match a source using an ipset. Fixes: #374 --- src/firewall/core/fw_zone.py | 2 +- src/firewall/core/ipXtables.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py index 2d794393..ca90f7fb 100644 --- a/src/firewall/core/fw_zone.py +++ b/src/firewall/core/fw_zone.py @@ -1519,7 +1519,7 @@ def _ipset_family(self, name): def __ipset_type(self, name): return self._fw.ipset.get_type(name) - def __ipset_match_flags(self, name, flag): + def _ipset_match_flags(self, name, flag): return ",".join([flag] * self._fw.ipset.get_dimension(name)) def _check_ipset_applied(self, name): diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py index 66af2a26..02a518d2 100644 --- a/src/firewall/core/ipXtables.py +++ b/src/firewall/core/ipXtables.py @@ -852,7 +852,7 @@ def _rich_rule_source_fragment(self, rich_source): rule_fragment += [ "-m", "set" ] if rich_source.invert: rule_fragment.append("!") - flags = self._fw.zone.__ipset_match_flags(rich_source.ipset, "src") + flags = self._fw.zone._ipset_match_flags(rich_source.ipset, "src") rule_fragment += [ "--match-set", rich_source.ipset, flags ] return rule_fragment ++++++ firewalld-0.6.1.tar.gz -> firewalld-0.6.2.tar.gz ++++++ ++++ 4405 lines of diff (skipped)
