diff --git a/.gitignore b/.gitignore index b91bbe4..1aba1ef 100644 --- a/.gitignore +++ b/.gitignore @@ -59,3 +59,4 @@ /firewalld-0.8.0.tar.gz /firewalld-0.8.1.tar.gz /firewalld-0.8.2.tar.gz +/firewalld-0.8.3.tar.gz diff --git a/0002-fix-nftables-ipset-port-ranges-for-non-default-proto.patch b/0002-fix-nftables-ipset-port-ranges-for-non-default-proto.patch deleted file mode 100644 index 7b5d0a9..0000000 --- a/0002-fix-nftables-ipset-port-ranges-for-non-default-proto.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 6a2fd018666ab8c4877291f8f807a9943db74de3 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 2 Apr 2020 14:42:22 -0400 -Subject: [PATCH 2/4] fix: nftables: ipset: port ranges for non-default - protocols - -Fixes: 2d1b0fe9fe74 ("fix: nftables: allow set intervals with concatenations") -(cherry picked from commit e80f4fccfc771128affdc578ed37842d5d469ca9) ---- - src/firewall/core/nftables.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py -index a9d5a45337bd..69ee63b32f8b 100644 ---- a/src/firewall/core/nftables.py -+++ b/src/firewall/core/nftables.py -@@ -1680,7 +1680,7 @@ class nftables(object): - port_str = entry_tokens[i][index+1:] - - try: -- index = entry_tokens[i].index("-") -+ index = port_str.index("-") - except ValueError: - fragment.append(port_str) - else: --- -2.23.0 - diff --git a/0003-test-ipset-verify-port-ranges-for-non-default-protoc.patch b/0003-test-ipset-verify-port-ranges-for-non-default-protoc.patch deleted file mode 100644 index c7a97e1..0000000 --- a/0003-test-ipset-verify-port-ranges-for-non-default-protoc.patch +++ /dev/null @@ -1,43 +0,0 @@ -From a2b8a09b929901e14620aa802fd423f958c56188 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 2 Apr 2020 14:38:45 -0400 -Subject: [PATCH 3/4] test: ipset: verify port ranges for non-default protocol - -(cherry picked from commit c0ad3a0b3340a27c34b33128f756f64acc3a771b) ---- - src/tests/cli/firewall-cmd.at | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/tests/cli/firewall-cmd.at b/src/tests/cli/firewall-cmd.at -index 806af74221b6..0c008bc0d666 100644 ---- a/src/tests/cli/firewall-cmd.at -+++ b/src/tests/cli/firewall-cmd.at -@@ -739,6 +739,7 @@ FWD_START_TEST([ipset]) - dnl multi dimensional set with non default protocol - FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip,port], 0, ignore) - FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234], 0, ignore) -+ FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,udp:1000-1002], 0, ignore) - FWD_RELOAD - FWD_CHECK([--ipset=foobar --add-entry=20.20.20.20,8080], 0, ignore) - FWD_CHECK([--zone internal --add-source=ipset:foobar], 0, ignore) -@@ -748,6 +749,7 @@ FWD_START_TEST([ipset]) - type ipv4_addr . inet_proto . inet_service - flags interval - elements = { 10.10.10.10 . sctp . 1234, -+ 10.10.10.10 . udp . 1000-1002, - 20.20.20.20 . tcp . 8080 } - } - } -@@ -765,6 +767,9 @@ FWD_START_TEST([ipset]) - Type: hash:ip,port - Members: - 10.10.10.10,sctp:1234 -+ 10.10.10.10,udp:1000 -+ 10.10.10.10,udp:1001 -+ 10.10.10.10,udp:1002 - 20.20.20.20,tcp:8080 - ]) - FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4,sctp:8080], 0, ignore) --- -2.23.0 - diff --git a/0004-test-log-verify-logging-still-works-after-truncate.patch b/0004-test-log-verify-logging-still-works-after-truncate.patch deleted file mode 100644 index 37ae347..0000000 --- a/0004-test-log-verify-logging-still-works-after-truncate.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 2ab7f9e793a51c9aebe08fff6226c38159ae2312 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 2 Apr 2020 15:21:58 -0400 -Subject: [PATCH 4/4] test: log: verify logging still works after truncate - -The log policy we ship presumes firewalld opens log files in append -mode. This is because the logrotate policy uses "copytruncate". Lets -verify that it actually works as expected. - -(cherry picked from commit e887c16512abd6a3051b0519ee9af344c9f08827) ---- - src/tests/regression/gh599.at | 16 ++++++++++++++++ - src/tests/regression/regression.at | 1 + - 2 files changed, 17 insertions(+) - create mode 100644 src/tests/regression/gh599.at - -diff --git a/src/tests/regression/gh599.at b/src/tests/regression/gh599.at -new file mode 100644 -index 000000000000..472f228ba2a9 ---- /dev/null -+++ b/src/tests/regression/gh599.at -@@ -0,0 +1,16 @@ -+FWD_START_TEST([writing to log after copytruncate]) -+AT_KEYWORDS(gh599) -+ -+AT_SKIP_IF([! NS_CMD([which truncate >/dev/null 2>&1])]) -+AT_SKIP_IF([! NS_CMD([which wc >/dev/null 2>&1])]) -+ -+dnl Verify we continue to write to the log file after it's truncated. That is, -+dnl simulate logrotate's copytruncate. -+NS_CHECK([truncate -s 0 ./firewalld.log]) -+ -+dnl generate some logs, anything will do since we have debug enabled. -+FWD_CHECK([--list-all], 0, [ignore], [ignore]) -+ -+NS_CHECK([sh -c 'let "$(cat ./firewalld.log | wc -c) > 0"']) -+ -+FWD_END_TEST -diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at -index 8042c3a27f89..2528ddd3fede 100644 ---- a/src/tests/regression/regression.at -+++ b/src/tests/regression/regression.at -@@ -27,3 +27,4 @@ m4_include([regression/gh509.at]) - m4_include([regression/gh567.at]) - m4_include([regression/rhbz1779835.at]) - m4_include([regression/gh330.at]) -+m4_include([regression/gh599.at]) --- -2.23.0 - diff --git a/firewalld.spec b/firewalld.spec index 6c6086a..bc37474 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -1,16 +1,13 @@ Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Name: firewalld -Version: 0.8.2 -Release: 4%{?dist} +Version: 0.8.3 +Release: 1%{?dist} URL: http://www.firewalld.org License: GPLv2+ Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz Source1: FedoraServer.xml Source2: FedoraWorkstation.xml Patch0: firewalld-0.2.6-MDNS-default.patch -Patch2: 0002-fix-nftables-ipset-port-ranges-for-non-default-proto.patch -Patch3: 0003-test-ipset-verify-port-ranges-for-non-default-protoc.patch -Patch4: 0004-test-log-verify-logging-still-works-after-truncate.patch BuildArch: noarch BuildRequires: autoconf BuildRequires: automake @@ -277,6 +274,9 @@ fi %{_mandir}/man1/firewall-config*.1* %changelog +* Wed Jul 01 2020 Eric Garver - 0.8.3-1 +- rebase package to v0.8.3 + * Tue May 26 2020 Miro HronĨok - 0.8.2-4 - Rebuilt for Python 3.9 diff --git a/sources b/sources index 4ff6adb..9fdb312 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (firewalld-0.8.2.tar.gz) = e3a27c7cf4002be9dec98234c76d25e6c57b4eb34a154adb25b0521171c00ca45dab4abbd1109a0288baea64439e88d625f824d516956ca4d94a32167b4f2ec5 +SHA512 (firewalld-0.8.3.tar.gz) = e3616a3149837d8f7221bbaa8eb069de06101b78f844c30a9e1aeb711d47abec6553743500cf4bda3e535ca326de9840aa2fd07903a61b6af3587848d643c03f