rpms/firewalld
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Revert "fix(rich): non-printable characters removed from rich rules"

Browse Source
This commit is contained in:
Eric Garver 2021-01-06 14:34:06 -05:00
parent d689baa262
commit 3e47f58b1a
2 changed files with 110 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
0001-Revert-fix-rich-non-printable-characters-removed-fro.patch Normal file
View File

@ -0,0 +1,105 @@
From b03f875d6d654d6e7c47d314283a12e85f4239b8 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Wed, 6 Jan 2021 14:30:17 -0500
Subject: [PATCH] Revert "fix(rich): non-printable characters removed from rich
rules"
This reverts commit 9f597467e76888d895303ce7ccc094b7f05eb1b6.
---
src/firewall/core/rich.py | 2 --
src/firewall/functions.py | 10 +---------
src/tests/regression/regression.at | 1 -
src/tests/regression/rhbz1596304.at | 24 ------------------------
4 files changed, 1 insertion(+), 36 deletions(-)
delete mode 100644 src/tests/regression/rhbz1596304.at
diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py
index 03bc194c2b28..86c0c998a478 100644
--- a/src/firewall/core/rich.py
+++ b/src/firewall/core/rich.py
@@ -307,8 +307,6 @@ class Rich_Rule(object):
if not rule_str:
raise FirewallError(errors.INVALID_RULE, 'empty rule')
- rule_str = functions.stripNonPrintableCharacters(rule_str)
-
self.priority = 0
self.family = None
self.source = None
diff --git a/src/firewall/functions.py b/src/firewall/functions.py
index add2a497e2c8..de4e2442c4d8 100644
--- a/src/firewall/functions.py
+++ b/src/firewall/functions.py
@@ -27,8 +27,7 @@ __all__ = [ "PY2", "getPortID", "getPortRange", "portStr", "getServiceName",
"check_single_address", "check_mac", "uniqify", "ppid_of_pid",
"max_zone_name_len", "checkUser", "checkUid", "checkCommand",
"checkContext", "joinArgs", "splitArgs",
- "b2u", "u2b", "u2b_if_py2", "max_policy_name_len",
- "stripNonPrintableCharacters"]
+ "b2u", "u2b", "u2b_if_py2", "max_policy_name_len"]
import socket
import os
@@ -43,10 +42,6 @@ from firewall.config import FIREWALLD_TEMPDIR, FIREWALLD_PIDFILE
PY2 = sys.version < '3'
-NOPRINT_TRANS_TABLE = {
- i: None for i in range(0, sys.maxunicode + 1) if not chr(i).isprintable()
-}
-
def getPortID(port):
""" Check and Get port id from port string or port id using socket.getservbyname
@@ -316,9 +311,6 @@ def checkIPnMask(ip):
return False
return True
-def stripNonPrintableCharacters(rule_str):
- return rule_str.translate(NOPRINT_TRANS_TABLE)
-
def checkIP6nMask(ip):
if "/" in ip:
addr = ip[:ip.index("/")]
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
index dcd4f6df84ef..d619cc8ab9db 100644
--- a/src/tests/regression/regression.at
+++ b/src/tests/regression/regression.at
@@ -36,4 +36,3 @@ m4_include([regression/rhbz1483921.at])
m4_include([regression/rhbz1541077.at])
m4_include([regression/rhbz1855140.at])
m4_include([regression/rhbz1871298.at])
-m4_include([regression/rhbz1596304.at])
diff --git a/src/tests/regression/rhbz1596304.at b/src/tests/regression/rhbz1596304.at
deleted file mode 100644
index c20706c5a49a..000000000000
--- a/src/tests/regression/rhbz1596304.at
+++ /dev/null
@@ -1,24 +0,0 @@
-FWD_START_TEST([rich rules strip non-printable characters])
-AT_KEYWORDS(rich rhbz1596304)
-
-dnl source address contains a tab character
-FWD_CHECK([--permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="104.243.250.0/22 " port port=80 protocol=tcp accept'],0,ignore)
-FWD_RELOAD
-FWD_CHECK([--list-all | TRIM_WHITESPACE], 0, [m4_strip([dnl
- public
- target: default
- icmp-block-inversion: no
- interfaces:
- sources:
- services: dhcpv6-client ssh
- ports:
- protocols:
- forward: no
- masquerade: no
- forward-ports:
- source-ports:
- icmp-blocks:
- rich rules:
- rule family="ipv4" source address="104.243.250.0/22" port port="80" protocol="tcp" accept
- ])])
-FWD_END_TEST
--
2.28.0

6
firewalld.spec
View File

@ -1,13 +1,14 @@
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
Name: firewalld Name: firewalld
Version: 0.9.2 Version: 0.9.2
Release: 1%{?dist} Release: 2%{?dist}
URL: http://www.firewalld.org URL: http://www.firewalld.org
License: GPLv2+ License: GPLv2+
Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
Source1: FedoraServer.xml Source1: FedoraServer.xml
Source2: FedoraWorkstation.xml Source2: FedoraWorkstation.xml
Patch0: firewalld-0.2.6-MDNS-default.patch Patch0: firewalld-0.2.6-MDNS-default.patch
Patch1: 0001-Revert-fix-rich-non-printable-characters-removed-fro.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
@ -278,6 +279,9 @@ fi
%{_mandir}/man1/firewall-config*.1* %{_mandir}/man1/firewall-config*.1*
%changelog %changelog
* Wed Jan 06 2021 Eric Garver <eric@garver.life> - 0.9.2-2
- Revert "fix(rich): non-printable characters removed from rich rules"
* Tue Jan 05 2021 Eric Garver <eric@garver.life> - 0.9.2-1 * Tue Jan 05 2021 Eric Garver <eric@garver.life> - 0.9.2-1
- rebase package to v0.9.2 - rebase package to v0.9.2