Hello community,
here is the log from the commit of package firewalld for openSUSE:Factory checked in at 2018-10-01 09:06:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/firewalld (Old)
and /work/SRC/openSUSE:Factory/.firewalld.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firewalld"
Mon Oct 1 09:06:07 2018 rev:37 rq:637406 version:0.6.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/firewalld/firewalld.changes 2018-09-20 11:38:41.100954340 +0200
+++ /work/SRC/openSUSE:Factory/.firewalld.new/firewalld.changes 2018-10-01 09:06:12.955851557 +0200
@@ -1,0 +2,44 @@
+Mon Sep 24 09:05:52 UTC 2018 - Markos Chandras
+
+- Add upstream patch to mark more strings as translatable which is
+ required by firewall UI when creating rich rules (bsc#1096542)
+ * 0001-Fix-translating-labels-392.patch
+
+-------------------------------------------------------------------
+Fri Sep 21 17:13:32 UTC 2018 - Luiz Angelo Daros de Luca
+
+- Add upstream patch to fix rich rules that uses ipset (bsc#1104990)
+ * 00002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch
+
+-------------------------------------------------------------------
+Thu Sep 20 07:27:33 UTC 2018 - Markos Chandras
+
+- Update to 0.6.2. Some of the changes are:
+ * update translations
+ * nftables: fix log-denied with values other than "all" or "off"
+ * fw_ipset: raise FirewallError if backend command fails
+ * ipset: only use "-exist" on restore
+ * fw_ipset: fix duplicate add of ipset entries
+ * *tables: For opened ports/protocols/etc match ct state new,untracked (bsc#1105821)
+ * ipXtables: increase wait lock to 10s
+ * nftables: fix rich rules ports/protocols/source ports not considering ct state
+ * ports: allow querying a single added by range
+ * fw_zone: do not change rich rule errors into warnings
+ * fw_zone: fix services with multiple destination IP versions (bsc#1105899)
+ * fw_zone: consider destination for protocols
+ * firewall/core/fw_nm: nm_get_zone_of_connection should return None or empty string instead of False (boo#1106319)
+ * fw: If direct rules fail to apply add a "Direct" label to error msg
+ * fw: if startup fails on reload, reapply non-perm config that survives reload
+ * nftables: fix rich rule audit log
+ * ebtables: replace RETURN policy with explicit RETURN at end of chain
+ * direct backends: allow build_chain() to build multiple rules
+ * fw: if failure occurs during startup set state to FAILED
+ * fw: on restart set policy from same function
+ * ebtables: drop support for broute table
+- Remove upstream patches
+ * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch
+ * 0001-fw_zone-consider-destination-for-protocols.patch
+ * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch
+ * firewalld-fix-firewalld-config-crash.patch
+
+-------------------------------------------------------------------
Old:
----
0001-fw_zone-consider-destination-for-protocols.patch
0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch
0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch
firewalld-0.6.1.tar.gz
firewalld-fix-firewalld-config-crash.patch
New:
----
0001-Fix-translating-labels-392.patch
0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch
firewalld-0.6.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ firewalld.spec ++++++
--- /var/tmp/diff_new_pack.RgIus5/_old 2018-10-01 09:06:13.499851089 +0200
+++ /var/tmp/diff_new_pack.RgIus5/_new 2018-10-01 09:06:13.503851086 +0200
@@ -21,7 +21,7 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: firewalld
-Version: 0.6.1
+Version: 0.6.2
Release: 0
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
License: GPL-2.0-or-later
@@ -30,14 +30,10 @@
Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
# PATCH-FIX-SUSE: 0001-firewall-backend-Switch-default-backend-to-iptables.patch (bsc#1102761)
Patch0: 0001-firewall-backend-Switch-default-backend-to-iptables.patch
-# PATCH-FIX-UPSTREAM firewalld-fix-firewalld-config-crash.patch luc14n0@linuxmail.org -- fix firewall-config crash when nm_get_zone_of_connection returns "False"
-Patch1: firewalld-fix-firewalld-config-crash.patch
-# PATCH-FIX-UPSTREAM 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch (bsc#1105821)
-Patch2: 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch
-# PATCH-FIX-UPSTRΕΑΜ 0001-fw_zone-consider-destination-for-protocols.patch
-Patch3: 0001-fw_zone-consider-destination-for-protocols.patch
-# PATCH-FIX-UPSTREAM 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch (bsc#1108651)
-Patch4: 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch
+# PATCH-FIX-UPSTREAM: 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch (bsc#1104990)
+Patch1: 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch
+# PATCH-FIX-UPSTREAM: 0001-Fix-translating-labels-392.patch (bsc#1096542)
+Patch2: 0001-Fix-translating-labels-392.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: desktop-file-utils
@@ -123,8 +119,6 @@
%patch0 -p1
%patch1 -p1
%patch2 -p1
-%patch3 -p1
-%patch4 -p1
# bsc#1078223
rm config/services/high-availability.xml
++++++ 0001-Fix-translating-labels-392.patch ++++++
From 15fb48d04e576edb828abf321ae1e765822a4ee3 Mon Sep 17 00:00:00 2001
From: MeggyCal
Date: Thu, 20 Sep 2018 15:37:17 +0200
Subject: [PATCH] Fix translating labels (#392)
Fix for #344 was incomplete, the "flags" were not translating and the reported bug was still active.
Fixes: #344
(cherry picked from commit e657200927a9f0f41fbed95640cd47e2a5836c6f)
---
src/firewall-config.glade | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/firewall-config.glade b/src/firewall-config.glade
index 22bed58a..75c229b4 100644
--- a/src/firewall-config.glade
+++ b/src/firewall-config.glade
@@ -10135,10 +10135,10 @@
<property name="halign">start</property>
<property name="valign">start</property>
<items>
- <item>accept</item>
- <item>reject</item>
- <item>drop</item>
- <item>mark</item>
+ <item translatable="yes">accept</item>
+ <item translatable="yes">reject</item>
+ <item translatable="yes">drop</item>
+ <item translatable="yes">mark</item>
</items>
<signal name="changed" handler="on_richRuleDialog_changed" swapped="no"/>
</object>
--
2.19.0
++++++ 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch ++++++
From fa0bce3d45563e28b8beea1cb0ee325f4a82ebf9 Mon Sep 17 00:00:00 2001
From: Eric Garver
Date: Fri, 21 Sep 2018 15:55:50 -0400
Subject: [PATCH] fw_zone: expose _ipset_match_flags()
Rename __ipset_match_flags() to _ipset_match_flags() so it may be used
outside the class. With the iptables backend this fixes rich rules that
match a source using an ipset.
Fixes: #374
---
src/firewall/core/fw_zone.py | 2 +-
src/firewall/core/ipXtables.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index 2d794393..ca90f7fb 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -1519,7 +1519,7 @@ def _ipset_family(self, name):
def __ipset_type(self, name):
return self._fw.ipset.get_type(name)
- def __ipset_match_flags(self, name, flag):
+ def _ipset_match_flags(self, name, flag):
return ",".join([flag] * self._fw.ipset.get_dimension(name))
def _check_ipset_applied(self, name):
diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
index 66af2a26..02a518d2 100644
--- a/src/firewall/core/ipXtables.py
+++ b/src/firewall/core/ipXtables.py
@@ -852,7 +852,7 @@ def _rich_rule_source_fragment(self, rich_source):
rule_fragment += [ "-m", "set" ]
if rich_source.invert:
rule_fragment.append("!")
- flags = self._fw.zone.__ipset_match_flags(rich_source.ipset, "src")
+ flags = self._fw.zone._ipset_match_flags(rich_source.ipset, "src")
rule_fragment += [ "--match-set", rich_source.ipset, flags ]
return rule_fragment
++++++ firewalld-0.6.1.tar.gz -> firewalld-0.6.2.tar.gz ++++++
++++ 4405 lines of diff (skipped)