Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/firewalld.git#3e47f58b1a0d6b17fa4269df239daec24090939c
2021-01-06 19:49:17 +00:00 · 2021-01-06 19:49:17 +00:00 · 4199368aba
commit 4199368aba
parent 93337bb75a
2 changed files with 111 additions and 2 deletions
--- a/0001-Revert-fix-rich-non-printable-characters-removed-fro.patch
+++ b/0001-Revert-fix-rich-non-printable-characters-removed-fro.patch
@ -0,0 +1,105 @@
+From b03f875d6d654d6e7c47d314283a12e85f4239b8 Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Wed, 6 Jan 2021 14:30:17 -0500
+Subject: [PATCH] Revert "fix(rich): non-printable characters removed from rich
+ rules"
+
+This reverts commit 9f597467e76888d895303ce7ccc094b7f05eb1b6.
+---
+ src/firewall/core/rich.py           |  2 --
+ src/firewall/functions.py           | 10 +---------
+ src/tests/regression/regression.at  |  1 -
+ src/tests/regression/rhbz1596304.at | 24 ------------------------
+ 4 files changed, 1 insertion(+), 36 deletions(-)
+ delete mode 100644 src/tests/regression/rhbz1596304.at
+
+diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py
+index 03bc194c2b28..86c0c998a478 100644
+--- a/src/firewall/core/rich.py
+++ b/src/firewall/core/rich.py
+@@ -307,8 +307,6 @@ class Rich_Rule(object):
+         if not rule_str:
+             raise FirewallError(errors.INVALID_RULE, 'empty rule')
+ 
+-        rule_str = functions.stripNonPrintableCharacters(rule_str)
+-
+         self.priority = 0
+         self.family = None
+         self.source = None
+diff --git a/src/firewall/functions.py b/src/firewall/functions.py
+index add2a497e2c8..de4e2442c4d8 100644
+--- a/src/firewall/functions.py
+++ b/src/firewall/functions.py
+@@ -27,8 +27,7 @@ __all__ = [ "PY2", "getPortID", "getPortRange", "portStr", "getServiceName",
+             "check_single_address", "check_mac", "uniqify", "ppid_of_pid",
+             "max_zone_name_len", "checkUser", "checkUid", "checkCommand",
+             "checkContext", "joinArgs", "splitArgs",
+-            "b2u", "u2b", "u2b_if_py2", "max_policy_name_len",
+-            "stripNonPrintableCharacters"]
+            "b2u", "u2b", "u2b_if_py2", "max_policy_name_len"]
+ 
+ import socket
+ import os
+@@ -43,10 +42,6 @@ from firewall.config import FIREWALLD_TEMPDIR, FIREWALLD_PIDFILE
+ 
+ PY2 = sys.version < '3'
+ 
+-NOPRINT_TRANS_TABLE = {
+-    i: None for i in range(0, sys.maxunicode + 1) if not chr(i).isprintable()
+-}
+-
+ def getPortID(port):
+     """ Check and Get port id from port string or port id using socket.getservbyname
+ 
+@@ -316,9 +311,6 @@ def checkIPnMask(ip):
+                 return False
+     return True
+ 
+-def stripNonPrintableCharacters(rule_str):
+-    return rule_str.translate(NOPRINT_TRANS_TABLE)
+-
+ def checkIP6nMask(ip):
+     if "/" in ip:
+         addr = ip[:ip.index("/")]
+diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
+index dcd4f6df84ef..d619cc8ab9db 100644
+--- a/src/tests/regression/regression.at
+++ b/src/tests/regression/regression.at
+@@ -36,4 +36,3 @@ m4_include([regression/rhbz1483921.at])
+ m4_include([regression/rhbz1541077.at])
+ m4_include([regression/rhbz1855140.at])
+ m4_include([regression/rhbz1871298.at])
+-m4_include([regression/rhbz1596304.at])
+diff --git a/src/tests/regression/rhbz1596304.at b/src/tests/regression/rhbz1596304.at
+deleted file mode 100644
+index c20706c5a49a..000000000000
+--- a/src/tests/regression/rhbz1596304.at
+++ /dev/null
+@@ -1,24 +0,0 @@
+-FWD_START_TEST([rich rules strip non-printable characters])
+-AT_KEYWORDS(rich rhbz1596304)
+-
+-dnl source address contains a tab character
+-FWD_CHECK([--permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="104.243.250.0/22	" port port=80 protocol=tcp accept'],0,ignore)
+-FWD_RELOAD
+-FWD_CHECK([--list-all | TRIM_WHITESPACE], 0, [m4_strip([dnl
+-        public
+-        target: default
+-        icmp-block-inversion: no
+-        interfaces:
+-        sources:
+-        services: dhcpv6-client ssh
+-        ports:
+-        protocols:
+-        forward: no
+-        masquerade: no
+-        forward-ports:
+-        source-ports:
+-        icmp-blocks:
+-        rich rules:
+-	rule family="ipv4" source address="104.243.250.0/22" port port="80" protocol="tcp" accept
+-    ])])
+-FWD_END_TEST
+-- 
+2.28.0
+
--- a/firewalld.spec
+++ b/firewalld.spec
@ -1,13 +1,14 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 0.9.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
 Source1: FedoraServer.xml
 Source2: FedoraWorkstation.xml
 Patch0: firewalld-0.2.6-MDNS-default.patch
+Patch1: 0001-Revert-fix-rich-non-printable-characters-removed-fro.patch
 BuildArch: noarch
 BuildRequires: autoconf
 BuildRequires: automake
@ -278,7 +279,10 @@ fi
 %{_mandir}/man1/firewall-config*.1*

 %changelog
-* Tue Jan 06 2021 Eric Garver <egarver@garver.life> - 0.9.2-1
+* Wed Jan 06 2021 Eric Garver <eric@garver.life> - 0.9.2-2
+- Revert "fix(rich): non-printable characters removed from rich rules"
+
+* Tue Jan 05 2021 Eric Garver <eric@garver.life> - 0.9.2-1
 - rebase package to v0.9.2

 * Thu Oct 01 2020 Eric Garver <egarver@garver.life> - 0.9.1-1