rebase package to v0.8.3

This commit is contained in:
Eric Garver 2020-07-01 15:54:31 -04:00
parent a7f1445134
commit 7a590f5131
6 changed files with 7 additions and 127 deletions

1
.gitignore vendored
View File

@ -59,3 +59,4 @@
/firewalld-0.8.0.tar.gz /firewalld-0.8.0.tar.gz
/firewalld-0.8.1.tar.gz /firewalld-0.8.1.tar.gz
/firewalld-0.8.2.tar.gz /firewalld-0.8.2.tar.gz
/firewalld-0.8.3.tar.gz

View File

@ -1,28 +0,0 @@
From 6a2fd018666ab8c4877291f8f807a9943db74de3 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Thu, 2 Apr 2020 14:42:22 -0400
Subject: [PATCH 2/4] fix: nftables: ipset: port ranges for non-default
protocols
Fixes: 2d1b0fe9fe74 ("fix: nftables: allow set intervals with concatenations")
(cherry picked from commit e80f4fccfc771128affdc578ed37842d5d469ca9)
---
src/firewall/core/nftables.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
index a9d5a45337bd..69ee63b32f8b 100644
--- a/src/firewall/core/nftables.py
+++ b/src/firewall/core/nftables.py
@@ -1680,7 +1680,7 @@ class nftables(object):
port_str = entry_tokens[i][index+1:]
try:
- index = entry_tokens[i].index("-")
+ index = port_str.index("-")
except ValueError:
fragment.append(port_str)
else:
--
2.23.0

View File

@ -1,43 +0,0 @@
From a2b8a09b929901e14620aa802fd423f958c56188 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Thu, 2 Apr 2020 14:38:45 -0400
Subject: [PATCH 3/4] test: ipset: verify port ranges for non-default protocol
(cherry picked from commit c0ad3a0b3340a27c34b33128f756f64acc3a771b)
---
src/tests/cli/firewall-cmd.at | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/tests/cli/firewall-cmd.at b/src/tests/cli/firewall-cmd.at
index 806af74221b6..0c008bc0d666 100644
--- a/src/tests/cli/firewall-cmd.at
+++ b/src/tests/cli/firewall-cmd.at
@@ -739,6 +739,7 @@ FWD_START_TEST([ipset])
dnl multi dimensional set with non default protocol
FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip,port], 0, ignore)
FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234], 0, ignore)
+ FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,udp:1000-1002], 0, ignore)
FWD_RELOAD
FWD_CHECK([--ipset=foobar --add-entry=20.20.20.20,8080], 0, ignore)
FWD_CHECK([--zone internal --add-source=ipset:foobar], 0, ignore)
@@ -748,6 +749,7 @@ FWD_START_TEST([ipset])
type ipv4_addr . inet_proto . inet_service
flags interval
elements = { 10.10.10.10 . sctp . 1234,
+ 10.10.10.10 . udp . 1000-1002,
20.20.20.20 . tcp . 8080 }
}
}
@@ -765,6 +767,9 @@ FWD_START_TEST([ipset])
Type: hash:ip,port
Members:
10.10.10.10,sctp:1234
+ 10.10.10.10,udp:1000
+ 10.10.10.10,udp:1001
+ 10.10.10.10,udp:1002
20.20.20.20,tcp:8080
])
FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4,sctp:8080], 0, ignore)
--
2.23.0

View File

@ -1,50 +0,0 @@
From 2ab7f9e793a51c9aebe08fff6226c38159ae2312 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Thu, 2 Apr 2020 15:21:58 -0400
Subject: [PATCH 4/4] test: log: verify logging still works after truncate
The log policy we ship presumes firewalld opens log files in append
mode. This is because the logrotate policy uses "copytruncate". Lets
verify that it actually works as expected.
(cherry picked from commit e887c16512abd6a3051b0519ee9af344c9f08827)
---
src/tests/regression/gh599.at | 16 ++++++++++++++++
src/tests/regression/regression.at | 1 +
2 files changed, 17 insertions(+)
create mode 100644 src/tests/regression/gh599.at
diff --git a/src/tests/regression/gh599.at b/src/tests/regression/gh599.at
new file mode 100644
index 000000000000..472f228ba2a9
--- /dev/null
+++ b/src/tests/regression/gh599.at
@@ -0,0 +1,16 @@
+FWD_START_TEST([writing to log after copytruncate])
+AT_KEYWORDS(gh599)
+
+AT_SKIP_IF([! NS_CMD([which truncate >/dev/null 2>&1])])
+AT_SKIP_IF([! NS_CMD([which wc >/dev/null 2>&1])])
+
+dnl Verify we continue to write to the log file after it's truncated. That is,
+dnl simulate logrotate's copytruncate.
+NS_CHECK([truncate -s 0 ./firewalld.log])
+
+dnl generate some logs, anything will do since we have debug enabled.
+FWD_CHECK([--list-all], 0, [ignore], [ignore])
+
+NS_CHECK([sh -c 'let "$(cat ./firewalld.log | wc -c) > 0"'])
+
+FWD_END_TEST
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
index 8042c3a27f89..2528ddd3fede 100644
--- a/src/tests/regression/regression.at
+++ b/src/tests/regression/regression.at
@@ -27,3 +27,4 @@ m4_include([regression/gh509.at])
m4_include([regression/gh567.at])
m4_include([regression/rhbz1779835.at])
m4_include([regression/gh330.at])
+m4_include([regression/gh599.at])
--
2.23.0

View File

@ -1,16 +1,13 @@
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
Name: firewalld Name: firewalld
Version: 0.8.2 Version: 0.8.3
Release: 4%{?dist} Release: 1%{?dist}
URL: http://www.firewalld.org URL: http://www.firewalld.org
License: GPLv2+ License: GPLv2+
Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
Source1: FedoraServer.xml Source1: FedoraServer.xml
Source2: FedoraWorkstation.xml Source2: FedoraWorkstation.xml
Patch0: firewalld-0.2.6-MDNS-default.patch Patch0: firewalld-0.2.6-MDNS-default.patch
Patch2: 0002-fix-nftables-ipset-port-ranges-for-non-default-proto.patch
Patch3: 0003-test-ipset-verify-port-ranges-for-non-default-protoc.patch
Patch4: 0004-test-log-verify-logging-still-works-after-truncate.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
@ -277,6 +274,9 @@ fi
%{_mandir}/man1/firewall-config*.1* %{_mandir}/man1/firewall-config*.1*
%changelog %changelog
* Wed Jul 01 2020 Eric Garver <egarver@garver.life> - 0.8.3-1
- rebase package to v0.8.3
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.8.2-4 * Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.8.2-4
- Rebuilt for Python 3.9 - Rebuilt for Python 3.9

View File

@ -1 +1 @@
SHA512 (firewalld-0.8.2.tar.gz) = e3a27c7cf4002be9dec98234c76d25e6c57b4eb34a154adb25b0521171c00ca45dab4abbd1109a0288baea64439e88d625f824d516956ca4d94a32167b4f2ec5 SHA512 (firewalld-0.8.3.tar.gz) = e3616a3149837d8f7221bbaa8eb069de06101b78f844c30a9e1aeb711d47abec6553743500cf4bda3e535ca326de9840aa2fd07903a61b6af3587848d643c03f