rebase package to v0.8.3
This commit is contained in:
Eric Garver
parent
a7f1445134
commit
7a590f5131
1
.gitignore
vendored
1
.gitignore
vendored
@ -59,3 +59,4 @@
|
||||
/firewalld-0.8.0.tar.gz
|
||||
/firewalld-0.8.1.tar.gz
|
||||
/firewalld-0.8.2.tar.gz
|
||||
/firewalld-0.8.3.tar.gz
|
||||
|
||||
@ -1,28 +0,0 @@
|
||||
From 6a2fd018666ab8c4877291f8f807a9943db74de3 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Garver <eric@garver.life>
|
||||
Date: Thu, 2 Apr 2020 14:42:22 -0400
|
||||
Subject: [PATCH 2/4] fix: nftables: ipset: port ranges for non-default
|
||||
protocols
|
||||
|
||||
Fixes: 2d1b0fe9fe74 ("fix: nftables: allow set intervals with concatenations")
|
||||
(cherry picked from commit e80f4fccfc771128affdc578ed37842d5d469ca9)
|
||||
---
|
||||
src/firewall/core/nftables.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
|
||||
index a9d5a45337bd..69ee63b32f8b 100644
|
||||
--- a/src/firewall/core/nftables.py
|
||||
+++ b/src/firewall/core/nftables.py
|
||||
@@ -1680,7 +1680,7 @@ class nftables(object):
|
||||
port_str = entry_tokens[i][index+1:]
|
||||
|
||||
try:
|
||||
- index = entry_tokens[i].index("-")
|
||||
+ index = port_str.index("-")
|
||||
except ValueError:
|
||||
fragment.append(port_str)
|
||||
else:
|
||||
--
|
||||
2.23.0
|
||||
|
||||
@ -1,43 +0,0 @@
|
||||
From a2b8a09b929901e14620aa802fd423f958c56188 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Garver <eric@garver.life>
|
||||
Date: Thu, 2 Apr 2020 14:38:45 -0400
|
||||
Subject: [PATCH 3/4] test: ipset: verify port ranges for non-default protocol
|
||||
|
||||
(cherry picked from commit c0ad3a0b3340a27c34b33128f756f64acc3a771b)
|
||||
---
|
||||
src/tests/cli/firewall-cmd.at | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/tests/cli/firewall-cmd.at b/src/tests/cli/firewall-cmd.at
|
||||
index 806af74221b6..0c008bc0d666 100644
|
||||
--- a/src/tests/cli/firewall-cmd.at
|
||||
+++ b/src/tests/cli/firewall-cmd.at
|
||||
@@ -739,6 +739,7 @@ FWD_START_TEST([ipset])
|
||||
dnl multi dimensional set with non default protocol
|
||||
FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip,port], 0, ignore)
|
||||
FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234], 0, ignore)
|
||||
+ FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,udp:1000-1002], 0, ignore)
|
||||
FWD_RELOAD
|
||||
FWD_CHECK([--ipset=foobar --add-entry=20.20.20.20,8080], 0, ignore)
|
||||
FWD_CHECK([--zone internal --add-source=ipset:foobar], 0, ignore)
|
||||
@@ -748,6 +749,7 @@ FWD_START_TEST([ipset])
|
||||
type ipv4_addr . inet_proto . inet_service
|
||||
flags interval
|
||||
elements = { 10.10.10.10 . sctp . 1234,
|
||||
+ 10.10.10.10 . udp . 1000-1002,
|
||||
20.20.20.20 . tcp . 8080 }
|
||||
}
|
||||
}
|
||||
@@ -765,6 +767,9 @@ FWD_START_TEST([ipset])
|
||||
Type: hash:ip,port
|
||||
Members:
|
||||
10.10.10.10,sctp:1234
|
||||
+ 10.10.10.10,udp:1000
|
||||
+ 10.10.10.10,udp:1001
|
||||
+ 10.10.10.10,udp:1002
|
||||
20.20.20.20,tcp:8080
|
||||
])
|
||||
FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4,sctp:8080], 0, ignore)
|
||||
--
|
||||
2.23.0
|
||||
|
||||
@ -1,50 +0,0 @@
|
||||
From 2ab7f9e793a51c9aebe08fff6226c38159ae2312 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Garver <eric@garver.life>
|
||||
Date: Thu, 2 Apr 2020 15:21:58 -0400
|
||||
Subject: [PATCH 4/4] test: log: verify logging still works after truncate
|
||||
|
||||
The log policy we ship presumes firewalld opens log files in append
|
||||
mode. This is because the logrotate policy uses "copytruncate". Lets
|
||||
verify that it actually works as expected.
|
||||
|
||||
(cherry picked from commit e887c16512abd6a3051b0519ee9af344c9f08827)
|
||||
---
|
||||
src/tests/regression/gh599.at | 16 ++++++++++++++++
|
||||
src/tests/regression/regression.at | 1 +
|
||||
2 files changed, 17 insertions(+)
|
||||
create mode 100644 src/tests/regression/gh599.at
|
||||
|
||||
diff --git a/src/tests/regression/gh599.at b/src/tests/regression/gh599.at
|
||||
new file mode 100644
|
||||
index 000000000000..472f228ba2a9
|
||||
--- /dev/null
|
||||
+++ b/src/tests/regression/gh599.at
|
||||
@@ -0,0 +1,16 @@
|
||||
+FWD_START_TEST([writing to log after copytruncate])
|
||||
+AT_KEYWORDS(gh599)
|
||||
+
|
||||
+AT_SKIP_IF([! NS_CMD([which truncate >/dev/null 2>&1])])
|
||||
+AT_SKIP_IF([! NS_CMD([which wc >/dev/null 2>&1])])
|
||||
+
|
||||
+dnl Verify we continue to write to the log file after it's truncated. That is,
|
||||
+dnl simulate logrotate's copytruncate.
|
||||
+NS_CHECK([truncate -s 0 ./firewalld.log])
|
||||
+
|
||||
+dnl generate some logs, anything will do since we have debug enabled.
|
||||
+FWD_CHECK([--list-all], 0, [ignore], [ignore])
|
||||
+
|
||||
+NS_CHECK([sh -c 'let "$(cat ./firewalld.log | wc -c) > 0"'])
|
||||
+
|
||||
+FWD_END_TEST
|
||||
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
|
||||
index 8042c3a27f89..2528ddd3fede 100644
|
||||
--- a/src/tests/regression/regression.at
|
||||
+++ b/src/tests/regression/regression.at
|
||||
@@ -27,3 +27,4 @@ m4_include([regression/gh509.at])
|
||||
m4_include([regression/gh567.at])
|
||||
m4_include([regression/rhbz1779835.at])
|
||||
m4_include([regression/gh330.at])
|
||||
+m4_include([regression/gh599.at])
|
||||
--
|
||||
2.23.0
|
||||
|
||||
@ -1,16 +1,13 @@
|
||||
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
|
||||
Name: firewalld
|
||||
Version: 0.8.2
|
||||
Release: 4%{?dist}
|
||||
Version: 0.8.3
|
||||
Release: 1%{?dist}
|
||||
URL: http://www.firewalld.org
|
||||
License: GPLv2+
|
||||
Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
|
||||
Source1: FedoraServer.xml
|
||||
Source2: FedoraWorkstation.xml
|
||||
Patch0: firewalld-0.2.6-MDNS-default.patch
|
||||
Patch2: 0002-fix-nftables-ipset-port-ranges-for-non-default-proto.patch
|
||||
Patch3: 0003-test-ipset-verify-port-ranges-for-non-default-protoc.patch
|
||||
Patch4: 0004-test-log-verify-logging-still-works-after-truncate.patch
|
||||
BuildArch: noarch
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
@ -277,6 +274,9 @@ fi
|
||||
%{_mandir}/man1/firewall-config*.1*
|
||||
|
||||
%changelog
|
||||
* Wed Jul 01 2020 Eric Garver <egarver@garver.life> - 0.8.3-1
|
||||
- rebase package to v0.8.3
|
||||
|
||||
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.8.2-4
|
||||
- Rebuilt for Python 3.9
|
||||
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (firewalld-0.8.2.tar.gz) = e3a27c7cf4002be9dec98234c76d25e6c57b4eb34a154adb25b0521171c00ca45dab4abbd1109a0288baea64439e88d625f824d516956ca4d94a32167b4f2ec5
|
||||
SHA512 (firewalld-0.8.3.tar.gz) = e3616a3149837d8f7221bbaa8eb069de06101b78f844c30a9e1aeb711d47abec6553743500cf4bda3e535ca326de9840aa2fd07903a61b6af3587848d643c03f
|
||||
|
||||
Loading…
Reference in New Issue
Block a user