Hello community, here is the log from the commit of package yast2-firewall for openSUSE:Factory checked in at 2019-05-05 21:16:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-firewall (Old) and /work/SRC/openSUSE:Factory/.yast2-firewall.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-firewall" Sun May 5 21:16:37 2019 rev:76 rq:699444 version:4.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-firewall/yast2-firewall.changes 2019-04-01 12:34:42.981818860 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-firewall.new.5148/yast2-firewall.changes 2019-05-05 21:16:39.744499652 +0200 @@ -1,0 +2,7 @@ +Fri Apr 26 12:30:53 UTC 2019 - jreidinger <jreidin...@suse.com> + +- change proposal naming and add option to set cpu mitigations + (bsc#1128707) +- 4.2.0 + +------------------------------------------------------------------- Old: ---- yast2-firewall-4.1.11.tar.bz2 New: ---- yast2-firewall-4.2.0.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-firewall.spec ++++++ --- /var/tmp/diff_new_pack.l1QCVF/_old 2019-05-05 21:16:40.100500622 +0200 +++ /var/tmp/diff_new_pack.l1QCVF/_new 2019-05-05 21:16:40.104500633 +0200 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 4.1.11 +Version: 4.2.0 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -38,6 +38,8 @@ # ButtonBox widget Conflicts: yast2-ycp-ui-bindings < 2.17.3 +# CpiMitigations +Conflicts: yast2-bootloader < 4.2.1 Provides: yast2-config-firewall Obsoletes: yast2-config-firewall ++++++ yast2-firewall-4.1.11.tar.bz2 -> yast2-firewall-4.2.0.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.11/Dockerfile new/yast2-firewall-4.2.0/Dockerfile --- old/yast2-firewall-4.1.11/Dockerfile 2019-03-29 12:02:42.000000000 +0100 +++ new/yast2-firewall-4.2.0/Dockerfile 2019-04-29 16:06:25.000000000 +0200 @@ -1,3 +1,3 @@ -FROM yastdevel/ruby +FROM registry.opensuse.org/yast/head/containers/yast-ruby:latest COPY . /usr/src/app diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.11/package/yast2-firewall.changes new/yast2-firewall-4.2.0/package/yast2-firewall.changes --- old/yast2-firewall-4.1.11/package/yast2-firewall.changes 2019-03-29 12:02:42.000000000 +0100 +++ new/yast2-firewall-4.2.0/package/yast2-firewall.changes 2019-04-29 16:06:25.000000000 +0200 @@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Fri Apr 26 12:30:53 UTC 2019 - jreidinger <jreidin...@suse.com> + +- change proposal naming and add option to set cpu mitigations + (bsc#1128707) +- 4.2.0 + +------------------------------------------------------------------- Tue Mar 26 23:44:33 UTC 2019 - knut.anders...@suse.com - Autoyast: Export zone name explicitly as it has been removed from diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.11/package/yast2-firewall.spec new/yast2-firewall-4.2.0/package/yast2-firewall.spec --- old/yast2-firewall-4.1.11/package/yast2-firewall.spec 2019-03-29 12:02:42.000000000 +0100 +++ new/yast2-firewall-4.2.0/package/yast2-firewall.spec 2019-04-29 16:06:25.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 4.1.11 +Version: 4.2.0 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -38,6 +38,8 @@ # ButtonBox widget Conflicts: yast2-ycp-ui-bindings < 2.17.3 +# CpiMitigations +Conflicts: yast2-bootloader < 4.2.1 Provides: yast2-config-firewall Obsoletes: yast2-config-firewall diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.11/src/lib/y2firewall/clients/proposal.rb new/yast2-firewall-4.2.0/src/lib/y2firewall/clients/proposal.rb --- old/yast2-firewall-4.1.11/src/lib/y2firewall/clients/proposal.rb 2019-03-29 12:02:42.000000000 +0100 +++ new/yast2-firewall-4.2.0/src/lib/y2firewall/clients/proposal.rb 2019-04-29 16:06:25.000000000 +0200 @@ -22,6 +22,7 @@ # find current contact information at www.suse.com. require "yast" +require "erb" require "y2firewall/firewalld/api" require "y2firewall/proposal_settings" require "y2firewall/dialogs/proposal" @@ -45,7 +46,8 @@ LINK_ENABLE_SSHD = "firewall--enable_sshd".freeze, LINK_DISABLE_SSHD = "firewall--disable_sshd".freeze, LINK_OPEN_VNC = "firewall--open_vnc".freeze, - LINK_CLOSE_VNC = "firewall--close_vnc".freeze + LINK_CLOSE_VNC = "firewall--close_vnc".freeze, + LINK_CPU_MITIGATIONS = "firewall--cpu_mitigations".freeze ].freeze LINK_FIREWALL_DIALOG = "firewall".freeze @@ -60,11 +62,12 @@ end def description + # TODO: temporary dgettext only to avoid new translation { # Proposal title - "rich_text_title" => _("Firewall and SSH"), + "rich_text_title" => Yast::Builtins.dgettext("security", "Security"), # Menu entry label - "menu_title" => _("&Firewall and SSH"), + "menu_title" => Yast::Builtins.dgettext("ncurses-pkg", "&Security"), "id" => LINK_FIREWALL_DIALOG } end @@ -106,15 +109,56 @@ # Obtain and call the corresponding method for the clicked link. def call_proposal_action_for(link) action = link.gsub("firewall--", "") - @settings.public_send("#{action}!") + if action == "cpu_mitigations" + bootloader_dialog + else + @settings.public_send("#{action}!") + end end # Array with the available proposal descriptions. # # @return [Array<String>] services and ports descriptions def proposals - # Filter proposals with content and sort them - [firewall_proposal, sshd_proposal, ssh_port_proposal, vnc_fw_proposal].compact + # Filter proposals with content + [cpu_mitigations_proposal, firewall_proposal, sshd_proposal, + ssh_port_proposal, vnc_fw_proposal].compact + end + + # Returns the cpu mitigation part of the bootloader proposal description + # Returns nil if this part should be skipped + # @return [String] proposal html text + def cpu_mitigations_proposal + require "bootloader/bootloader_factory" + bl = ::Bootloader::BootloaderFactory.current + return nil if bl.name == "none" + + mitigations = bl.cpu_mitigations + + res = _("CPU Mitigations: ") + "<a href=\"#{LINK_CPU_MITIGATIONS}\">" + + ERB::Util.html_escape(mitigations.to_human_string) + "</a>" + log.info "mitigations output #{res.inspect}" + res + end + + def bootloader_dialog + require "bootloader/config_dialog" + Yast.import "Bootloader" + + begin + # do it in own dialog window + Yast::Wizard.CreateDialog + dialog = ::Bootloader::ConfigDialog.new(initial_tab: :kernel) + settings = Yast::Bootloader.Export + result = dialog.run + if result != :next + Yast::Bootloader.Import(settings) + else + Yast::Bootloader.proposed_cfg_changed = true + end + ensure + Yast::Wizard.CloseDialog + end end # Returns the VNC-port part of the firewall proposal description diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.11/test/lib/y2firewall/clients/proposal_test.rb new/yast2-firewall-4.2.0/test/lib/y2firewall/clients/proposal_test.rb --- old/yast2-firewall-4.1.11/test/lib/y2firewall/clients/proposal_test.rb 2019-03-29 12:02:42.000000000 +0100 +++ new/yast2-firewall-4.2.0/test/lib/y2firewall/clients/proposal_test.rb 2019-04-29 16:06:25.000000000 +0200 @@ -24,14 +24,19 @@ require "y2firewall/clients/proposal" describe Y2Firewall::Clients::Proposal do - let(:client) { described_class.new } + subject(:client) { described_class.new } let(:proposal_settings) { Y2Firewall::ProposalSettings.instance } + before do + # skip bootloader proposal to avoid build dependency on it + allow(subject).to receive(:cpu_mitigations_proposal) + end + describe "#initialize" do it "instantiates a new proposal settings" do expect(Y2Firewall::ProposalSettings).to receive(:instance) - client + described_class.new end end