From 92dff91190b7a2e156972077f9949aeb91606829 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Thu, 10 Nov 2016 18:01:01 +0100 Subject: [PATCH] New firewalld version 0.4.4.1 Version 0.4.4.1: - firewall-config: Use proper source check in sourceDialog (fixes issue#162) - firewallctl: New support for helpers - Translation updates Version 0.4.4: - Fix dist-check - src/Makefile.am: Install new helper files - config/Makefile.am: Install helpers - Merged translations - Updated translations from zanata - firewalld.spec: Adapt requires for PyQt5 - firewall-applet: Fix fromUTF8 for python2 PyQt5 usage - firewall-applet: Use PyQt5 - firewall-config: New nf_conntrack_select dialog, use nf_conntrack_helpers D-Bus property - shell-completion/bash/firewall-cmd: Updates for helpers and also some fixes - src/tests/firewall-[offline-]cmd_test.sh: New helper tests, adapted module tests for services - doc/xml/seealso.xml: Add firewalld.helper(5) man page - doc/xml/seealso.xml: Add firewalld.ipset(5) man page - Fixed typo in firewalld.ipset(5) man page - Updated firewalld.dbus(5) man page - New firewalld.helper(5) man page - doc/xml/firewall-offline-cmd.xml: Updated firewall-offline-cmd man page - doc/xml/firewall-cmd.xml: Updated firewall-cmd man page - firewall-offline-cmd: New support for helpers - firewall-cmd: New support for helpers - firewall.command: New check_helper_family, check_module and print_helper_info methods - firewall.core.fw_test: Add helpers also to offline backend - firewall.server.config: New AutomaticHelpers property (rw) - firewall.server.config: Fix an dict size changed error for firewall.conf file changes - firewall.server.config: Make LogDenied property readwrite to be consistent - Some renames of nf_conntrack_helper* functions and structures, helpers is a dict - firewall.core.fw: Properly check helper setting in set_automatic_helpers - firewall.errors: Add missing BUILTIN_HELPER error code - No extra interface for helpers needed in runtime, dropped DBUS_INTERFACE_HELPER - firewall.server.firewalld: Drop unused queryHelper D-Bus method - New helpers Q.931 and RAS from nf_conntrack_h323 - firewall.core.io.helper: Allow dots in helper names, remove underscore - firewall.core.io.firewalld_conf: Fixed typo in FALLBACK_AUTOMATIC_HELPERS - firewall-[offline-]cmd: Use sys.excepthook to force exception_handler usage always - firewall.core.fw_config: new_X methods should also check builtins - firewall.client: Set helper family to "" if None - firewall.client: Add missing module string to FirewallClientHelperSettings.settings - config/firewalld.conf: Add possible values description for AutomaticHelpers - helpers/amanda.xml: Fix typo in helper module - firewall-config: Added support for helper module setting - firewall.client: Added support for helper module setting - firewall.server.config_helper: Added support for helper module setting - firewall.core.io.service, firewall.server.config_service: Only replace underscore by dash if module start with nf_conntrack_ - firewall.core.fw_zone: Use helper module instead of a generated name from helper name - helpers: Added kernel module - firewall.core.io.helper: Add module to helper - firewall-cmd: Removed duplicate --get-ipset-types from help output - firewall.core.fw_zone: Add zone bingings for PREROUTING in the raw table - firewall.core.ipXtables: Add PREROUTING default rules for zones in raw table - firewall-config: New support to handle helpers, new dialogs, new helper tab, .. - config/org.fedoraproject.FirewallConfig.gschema.xml.in: New show-helpers setting - firewall.client: New helper management for runtime and permanent configuration - firewall.server.firewalld: New runtime helper management, new nf_conntrack_helper property - firewall.server.config_service: Fix module name handling (no nf_conntrack_ prefix needed) - firewall.server.config: New permanent D-Bus helper management - New firewall.server.config_helper to provide the permanent D-Bus interface for helpers - firewall.core.fw_zone: Use helpers fw.nf_conntrack_helper for services using helpers - firewall.core.fw: New helper management, new _automatic_helpers and nf_conntrack_helper settings - firewall.core.fw_config: Add support for permanent helper handling - firewall.core.io.service: The module does not need to start with nf_conntrack_ anymore - firewall.functions: New functions to get and set nf_conntrack_helper kernel setting - firewall.core.io.firewalld_conf: New support for AutomaticHelpers setting - firewall.config.dbus: New D-Bus definitions for helpers, new DBUS_INTERFACE_REVISION 12 - New firewall.core.fw_helper providing FirewallHelper backend - New firewall.core.helper with HELPER_MAXNAMELEN definition - config/firewalld.conf: New AutomaticHelpers setting with description - firewall.config.__init__.py.in: New helpers variables - firewalld.spec: Add new helpers directory - config/Makefile.am: Install new helpers - New helper configuration files for amanda, ftp, irc, netbios-ns, pptp, sane, sip, snmp and tftp - firewall.core.io.helper: New IO handler for netfilter helpers - firewall.errors: New INVALID_HELPER error code - firewall.core.io.ifcfg: Use .bak for save files - firewall-config: Set internal log_denied setting after changing - firewall.server.config: Copy props before removing items - doc/xml/firewalld.ipset: Replaced icmptype name remains with ipset - firewall.core.fw_zone: Fix LOG rule placement for LogDenied - firewall.command: Use "source-ports" in print_zone_info - firewall.core.logger: Use syslog.openlog() and syslog.closelog() - firewall-[offline-]cmd man pages: Document --path-{zone,icmptype,ipset,service} - firewall-cmd: Enable --path-{zone,icmptype,service} options again - firewall.core.{ipXtables,ebtables}: Copy rule before extracting items in set_rules - firewall.core.fw: Do not abort transaction on failed ipv6_rpfilter rules - config/Makefile.am: Added cfengine, condor-collector and smtp-submission services - Makefile.am: New dist-check used in the archive target - src/Makefile.am: Reordered nobase_dist_python_DATA to be sorted - config/Makefile.am: New CONFIG_FILES variable to contain the config files - Merge pull request #150 from hspaans/master - Merge pull request #146 from canvon/bugfix/spelling - Merge pull request #145 from jcpunk/condor - Command line tools man pages: New section about sequence options and exit codes - Creating service file for SMTP-Submission. - Creating service file for CFEngine. - Fix typo in documentation: iptables mangle table - Only use sort on lists of main items, but not for item properties - firewall.core.io.io_object: import_config should not change ordering of lists - firewall.core.fw_transaction: Load helper modules in FirewallZoneTransaction - firewall.command: Fail with NOT_AUTHORIZED if authorization fails (RHBZ#1368549) - firewall.command: Fix sequence exit code with at least one succeeded item - Add condor collector service - firewall-cmd: Fixed --{get,set}-{description,short} for permanent zones - firewall.command: Do not use error code 254 for {ALREADY,NOT}_ENABLED sequences --- .gitignore | 1 + firewalld.spec | 118 +++++++++++++++++++++++++++++++++++++++++++++++-- sources | 2 +- 3 files changed, 117 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 6e4dd15..471692f 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,4 @@ /firewalld-0.4.3.1.tar.bz2 /firewalld-0.4.3.2.tar.bz2 /firewalld-0.4.3.3.tar.bz2 +/firewalld-0.4.4.1.tar.bz2 diff --git a/firewalld.spec b/firewalld.spec index c641ba8..f51207d 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -7,7 +7,7 @@ Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Name: firewalld -Version: 0.4.3.3 +Version: 0.4.4.1 Release: 1%{?dist} URL: http://www.firewalld.org License: GPLv2+ @@ -113,10 +113,10 @@ Requires: %{name} = %{version}-%{release} Requires: firewall-config = %{version}-%{release} Requires: hicolor-icon-theme %if 0%{?use_python3} -Requires: python3-PyQt4 +Requires: python3-qt5 Requires: python3-gobject %else -Requires: PyQt4 +Requires: python-qt5 Requires: pygobject3-base %endif Requires: libnotify @@ -306,6 +306,7 @@ fi %{_prefix}/lib/firewalld/ipsets/README %{_prefix}/lib/firewalld/services/*.xml %{_prefix}/lib/firewalld/zones/*.xml +%{_prefix}/lib/firewalld/helpers/*.xml %{_prefix}/lib/firewalld/xmlschema/check.sh %{_prefix}/lib/firewalld/xmlschema/*.xsd %attr(0750,root,root) %dir %{_sysconfdir}/firewalld @@ -319,6 +320,8 @@ fi %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/services %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/zones +%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/ipsets +%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/helpers %dir %{_datadir}/firewalld %dir %{_datadir}/firewalld/tests %{_datadir}/firewalld/tests @@ -402,6 +405,115 @@ fi %{_mandir}/man1/firewall-config*.1* %changelog +* Wed Nov 9 2016 Thomas Woerner - 0.4.4.1-1 +- firewall-config: Use proper source check in sourceDialog (fixes issue#162) +- firewallctl: New support for helpers +- Translation updates + +* Fri Oct 28 2016 Thomas Woerner - 0.4.4-1 +- Fix dist-check +- src/Makefile.am: Install new helper files +- config/Makefile.am: Install helpers +- Merged translations +- Updated translations from zanata +- firewalld.spec: Adapt requires for PyQt5 +- firewall-applet: Fix fromUTF8 for python2 PyQt5 usage +- firewall-applet: Use PyQt5 +- firewall-config: New nf_conntrack_select dialog, use nf_conntrack_helpers D-Bus property +- shell-completion/bash/firewall-cmd: Updates for helpers and also some fixes +- src/tests/firewall-[offline-]cmd_test.sh: New helper tests, adapted module tests for services +- doc/xml/seealso.xml: Add firewalld.helper(5) man page +- doc/xml/seealso.xml: Add firewalld.ipset(5) man page +- Fixed typo in firewalld.ipset(5) man page +- Updated firewalld.dbus(5) man page +- New firewalld.helper(5) man page +- doc/xml/firewall-offline-cmd.xml: Updated firewall-offline-cmd man page +- doc/xml/firewall-cmd.xml: Updated firewall-cmd man page +- firewall-offline-cmd: New support for helpers +- firewall-cmd: New support for helpers +- firewall.command: New check_helper_family, check_module and print_helper_info methods +- firewall.core.fw_test: Add helpers also to offline backend +- firewall.server.config: New AutomaticHelpers property (rw) +- firewall.server.config: Fix an dict size changed error for firewall.conf file changes +- firewall.server.config: Make LogDenied property readwrite to be consistent +- Some renames of nf_conntrack_helper* functions and structures, helpers is a dict +- firewall.core.fw: Properly check helper setting in set_automatic_helpers +- firewall.errors: Add missing BUILTIN_HELPER error code +- No extra interface for helpers needed in runtime, dropped DBUS_INTERFACE_HELPER +- firewall.server.firewalld: Drop unused queryHelper D-Bus method +- New helpers Q.931 and RAS from nf_conntrack_h323 +- firewall.core.io.helper: Allow dots in helper names, remove underscore +- firewall.core.io.firewalld_conf: Fixed typo in FALLBACK_AUTOMATIC_HELPERS +- firewall-[offline-]cmd: Use sys.excepthook to force exception_handler usage always +- firewall.core.fw_config: new_X methods should also check builtins +- firewall.client: Set helper family to "" if None +- firewall.client: Add missing module string to FirewallClientHelperSettings.settings +- config/firewalld.conf: Add possible values description for AutomaticHelpers +- helpers/amanda.xml: Fix typo in helper module +- firewall-config: Added support for helper module setting +- firewall.client: Added support for helper module setting +- firewall.server.config_helper: Added support for helper module setting +- firewall.core.io.service, firewall.server.config_service: Only replace underscore by dash if module start with nf_conntrack_ +- firewall.core.fw_zone: Use helper module instead of a generated name from helper name +- helpers: Added kernel module +- firewall.core.io.helper: Add module to helper +- firewall-cmd: Removed duplicate --get-ipset-types from help output +- firewall.core.fw_zone: Add zone bingings for PREROUTING in the raw table +- firewall.core.ipXtables: Add PREROUTING default rules for zones in raw table +- firewall-config: New support to handle helpers, new dialogs, new helper tab, .. +- config/org.fedoraproject.FirewallConfig.gschema.xml.in: New show-helpers setting +- firewall.client: New helper management for runtime and permanent configuration +- firewall.server.firewalld: New runtime helper management, new nf_conntrack_helper property +- firewall.server.config_service: Fix module name handling (no nf_conntrack_ prefix needed) +- firewall.server.config: New permanent D-Bus helper management +- New firewall.server.config_helper to provide the permanent D-Bus interface for helpers +- firewall.core.fw_zone: Use helpers fw.nf_conntrack_helper for services using helpers +- firewall.core.fw: New helper management, new _automatic_helpers and nf_conntrack_helper settings +- firewall.core.fw_config: Add support for permanent helper handling +- firewall.core.io.service: The module does not need to start with nf_conntrack_ anymore +- firewall.functions: New functions to get and set nf_conntrack_helper kernel setting +- firewall.core.io.firewalld_conf: New support for AutomaticHelpers setting +- firewall.config.dbus: New D-Bus definitions for helpers, new DBUS_INTERFACE_REVISION 12 +- New firewall.core.fw_helper providing FirewallHelper backend +- New firewall.core.helper with HELPER_MAXNAMELEN definition +- config/firewalld.conf: New AutomaticHelpers setting with description +- firewall.config.__init__.py.in: New helpers variables +- firewalld.spec: Add new helpers directory +- config/Makefile.am: Install new helpers +- New helper configuration files for amanda, ftp, irc, netbios-ns, pptp, sane, sip, snmp and tftp +- firewall.core.io.helper: New IO handler for netfilter helpers +- firewall.errors: New INVALID_HELPER error code +- firewall.core.io.ifcfg: Use .bak for save files +- firewall-config: Set internal log_denied setting after changing +- firewall.server.config: Copy props before removing items +- doc/xml/firewalld.ipset: Replaced icmptype name remains with ipset +- firewall.core.fw_zone: Fix LOG rule placement for LogDenied +- firewall.command: Use "source-ports" in print_zone_info +- firewall.core.logger: Use syslog.openlog() and syslog.closelog() +- firewall-[offline-]cmd man pages: Document --path-{zone,icmptype,ipset,service} +- firewall-cmd: Enable --path-{zone,icmptype,service} options again +- firewall.core.{ipXtables,ebtables}: Copy rule before extracting items in set_rules +- firewall.core.fw: Do not abort transaction on failed ipv6_rpfilter rules +- config/Makefile.am: Added cfengine, condor-collector and smtp-submission services +- Makefile.am: New dist-check used in the archive target +- src/Makefile.am: Reordered nobase_dist_python_DATA to be sorted +- config/Makefile.am: New CONFIG_FILES variable to contain the config files +- Merge pull request #150 from hspaans/master +- Merge pull request #146 from canvon/bugfix/spelling +- Merge pull request #145 from jcpunk/condor +- Command line tools man pages: New section about sequence options and exit codes +- Creating service file for SMTP-Submission. +- Creating service file for CFEngine. +- Fix typo in documentation: iptables mangle table +- Only use sort on lists of main items, but not for item properties +- firewall.core.io.io_object: import_config should not change ordering of lists +- firewall.core.fw_transaction: Load helper modules in FirewallZoneTransaction +- firewall.command: Fail with NOT_AUTHORIZED if authorization fails (RHBZ#1368549) +- firewall.command: Fix sequence exit code with at least one succeeded item +- Add condor collector service +- firewall-cmd: Fixed --{get,set}-{description,short} for permanent zones +- firewall.command: Do not use error code 254 for {ALREADY,NOT}_ENABLED sequences + * Tue Aug 16 2016 Thomas Woerner - 0.4.3.3-1 - Fix CVE-2016-5410: Firewall configuration can be modified by any logged in user diff --git a/sources b/sources index 0e2a058..d081081 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ecf7f90f765d662073088b7ac8346e5d firewalld-0.4.3.3.tar.bz2 +57aaca12bcea9436aada394468aae154 firewalld-0.4.4.1.tar.bz2