From 873e363aa3d387352813e426a09aa91a586151b8 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Wed, 2 Oct 2019 13:48:46 -0400
Subject: [PATCH] rebase to v0.7.2

Resolves: rhbz 1757513
---
 .gitignore                                    |   1 +
 ...patch-to-default-to-iptables-backend.patch | 123 ------------------
 firewalld.spec                                |  11 +-
 sources                                       |   2 +-
 4 files changed, 9 insertions(+), 128 deletions(-)
 delete mode 100644 0001-fedora-patch-to-default-to-iptables-backend.patch

diff --git a/.gitignore b/.gitignore
index 20a765e..a249bb1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -55,3 +55,4 @@
 /firewalld-0.6.3.tar.gz
 /firewalld-0.6.4.tar.gz
 /firewalld-0.7.1.tar.gz
+/firewalld-0.7.2.tar.gz
diff --git a/0001-fedora-patch-to-default-to-iptables-backend.patch b/0001-fedora-patch-to-default-to-iptables-backend.patch
deleted file mode 100644
index cf17e88..0000000
--- a/0001-fedora-patch-to-default-to-iptables-backend.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From fe5db9f2c71ed9b1f4886ebc48938cd73de4fcdf Mon Sep 17 00:00:00 2001
-From: Eric Garver <eric@garver.life>
-Date: Thu, 25 Jul 2019 15:19:34 -0400
-Subject: [PATCH] fedora patch to default to iptables backend
-
----
- config/firewalld.conf                  |  7 -------
- src/firewall/config/__init__.py.in     |  2 +-
- src/firewall/core/io/firewalld_conf.py | 17 +++++++++++++++++
- src/tests/dbus/firewalld.conf.at       |  2 +-
- src/tests/functions.at                 |  4 ++--
- 5 files changed, 21 insertions(+), 11 deletions(-)
-
-diff --git a/config/firewalld.conf b/config/firewalld.conf
-index 423b7ea0733a..11e94c9cd9f6 100644
---- a/config/firewalld.conf
-+++ b/config/firewalld.conf
-@@ -50,13 +50,6 @@ LogDenied=off
- # Default: system
- AutomaticHelpers=system
- 
--# FirewallBackend
--# Selects the firewall backend implementation.
--# Choices are:
--#	- nftables (default)
--#	- iptables (iptables, ip6tables, ebtables and ipset)
--FirewallBackend=nftables
--
- # FlushAllOnReload
- # Flush all runtime rules on a reload. In previous releases some runtime
- # configuration was retained during a reload, namely; interface to zone
-diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
-index 5bb318c5b269..6e0854242105 100644
---- a/src/firewall/config/__init__.py.in
-+++ b/src/firewall/config/__init__.py.in
-@@ -129,6 +129,6 @@ FALLBACK_IPV6_RPFILTER = True
- FALLBACK_INDIVIDUAL_CALLS = False
- FALLBACK_LOG_DENIED = "off"
- FALLBACK_AUTOMATIC_HELPERS = "system"
--FALLBACK_FIREWALL_BACKEND = "nftables"
-+FALLBACK_FIREWALL_BACKEND = "iptables"
- FALLBACK_FLUSH_ALL_ON_RELOAD = True
- FALLBACK_RFC3964_IPV4 = True
-diff --git a/src/firewall/core/io/firewalld_conf.py b/src/firewall/core/io/firewalld_conf.py
-index c7a7ba283e0e..fca372368a40 100644
---- a/src/firewall/core/io/firewalld_conf.py
-+++ b/src/firewall/core/io/firewalld_conf.py
-@@ -259,6 +259,12 @@ class firewalld_conf(object):
-                     if key not in done:
-                         if (key in self._config and \
-                                 self._config[key] != value):
-+                            # Only write FirewallBackend if it's not the default.
-+                            # We will change the default in the future.
-+                            if key == "FirewallBackend" and \
-+                               self._config[key] == config.FALLBACK_FIREWALL_BACKEND:
-+                                done.append(key)
-+                                continue
-                             empty = False
-                             temp_file.write(u'%s=%s\n' %
-                                             (key, self._config[key]))
-@@ -266,6 +272,12 @@ class firewalld_conf(object):
-                         elif key in self._deleted:
-                             modified = True
-                         else:
-+                            # Only write FirewallBackend if it's not the default.
-+                            # We will change the default in the future.
-+                            if key == "FirewallBackend" and \
-+                               value == config.FALLBACK_FIREWALL_BACKEND:
-+                                done.append(key)
-+                                continue
-                             empty = False
-                             temp_file.write(line+u"\n")
-                         done.append(key)
-@@ -279,6 +291,11 @@ class firewalld_conf(object):
-                     continue
-                 if key in ["MinimalMark"]: # omit deprecated from new config
-                     continue
-+                # Only write FirewallBackend if it's not the default.
-+                # We will change the default in the future.
-+                if key == "FirewallBackend" and \
-+                   value == config.FALLBACK_FIREWALL_BACKEND:
-+                    continue
-                 if not empty:
-                     temp_file.write(u"\n")
-                     empty = True
-diff --git a/src/tests/dbus/firewalld.conf.at b/src/tests/dbus/firewalld.conf.at
-index 45559311eabb..4c0b1ce84d3d 100644
---- a/src/tests/dbus/firewalld.conf.at
-+++ b/src/tests/dbus/firewalld.conf.at
-@@ -6,7 +6,7 @@ DBUS_GETALL([config], [config], 0, [dnl
- string "AutomaticHelpers" : variant string "system"
- string "CleanupOnExit" : variant string "no"
- string "DefaultZone" : variant string "public"
--string "FirewallBackend" : variant string "nftables"
-+string "FirewallBackend" : variant string "iptables"
- string "FlushAllOnReload" : variant string "yes"
- m4_if(no, HOST_SUPPORTS_NFT_FIB, [dnl
- string "IPv6_rpfilter" : variant string "no"],[dnl
-diff --git a/src/tests/functions.at b/src/tests/functions.at
-index 3771bb8bd5a7..ede3d37688e8 100644
---- a/src/tests/functions.at
-+++ b/src/tests/functions.at
-@@ -67,7 +67,7 @@ m4_define([FWD_START_TEST], [
-     m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [
-         AT_KEYWORDS(offline)
-     ], [
--        m4_define_default([FIREWALL_BACKEND], [nftables])
-+        m4_define_default([FIREWALL_BACKEND], [iptables])
- 
-         AT_KEYWORDS(FIREWALL_BACKEND)
- 
-@@ -75,7 +75,7 @@ m4_define([FWD_START_TEST], [
-         AT_CHECK([sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf])
- 
-         dnl set the appropriate backend
--        AT_CHECK([sed -i 's/^FirewallBackend.*/FirewallBackend=FIREWALL_BACKEND/' ./firewalld.conf])
-+        AT_CHECK([echo "FirewallBackend=FIREWALL_BACKEND" >> ./firewalld.conf])
- 
-         dnl fib matching is pretty new in nftables. Don't use rpfilter on older
-         dnl kernels.
--- 
-2.20.1
-
diff --git a/firewalld.spec b/firewalld.spec
index 8528da5..b8aed0f 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -1,14 +1,13 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
-Version: 0.7.1
-Release: 3%{?dist}
+Version: 0.7.2
+Release: 1%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
 Source1: FedoraServer.xml
 Source2: FedoraWorkstation.xml
 Patch0: firewalld-0.2.6-MDNS-default.patch
-Patch1: 0001-fedora-patch-to-default-to-iptables-backend.patch
 BuildArch: noarch
 BuildRequires: autoconf
 BuildRequires: automake
@@ -24,7 +23,7 @@ BuildRequires: iptables, ebtables, ipset
 BuildRequires: nftables
 BuildRequires: python3-devel
 Requires: iptables, ebtables, ipset
-Requires: nftables >= 0.9.0
+Requires: nftables >= 0.9.1
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@@ -274,6 +273,10 @@ fi
 %{_mandir}/man1/firewall-config*.1*
 
 %changelog
+* Wed Oct 02 2019 Eric Garver <egarver@redhat.com> - 0.7.2-1
+- rebase package to v0.7.2
+- remove patch to default to iptables
+
 * Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.7.1-3
 - Rebuilt for Python 3.8
 
diff --git a/sources b/sources
index 8aaf0e1..9800b56 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (firewalld-0.7.1.tar.gz) = beb1509e83db6358de07cdc88f952196adac2181d7f3366072d55eb34715a0eba72e63fa1c28f65fc9bf7dfaeb307752eecc63b1273ebd49e71f29ab5f2a4465
+SHA512 (firewalld-0.7.2.tar.gz) = 4a1f8e5c16741efb25975d5dd8f3681e313a9645fe622fd5ac3e94e88eebfd985edb63d92b2b93a2363d2f8d10fea50d1eea671f57b8535a820d3a0c4c94b8d6