From a86d697d59d08a5f42f3eebbd2194f747f87c384 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Mon, 19 Mar 2018 15:31:35 -0400 Subject: [PATCH] remove obsolete patches --- ...ld-0.4.0-ALREADY_ENABLED_RHBZ1309754.patch | 251 ------------------ firewalld-0.4.0-tempdir_RHBZ1305175.patch | 26 -- firewalld-0.4.1-fr.patch | 13 - ...d-0.4.4.3-get_ipset_no_applied_check.patch | 91 ------- ..._icmptype_only_rich_rule_fix-cf50bd0.patch | 28 -- ...4.4.5-rich_source_validation-d69b7cb.patch | 59 ---- 6 files changed, 468 deletions(-) delete mode 100644 firewalld-0.4.0-ALREADY_ENABLED_RHBZ1309754.patch delete mode 100644 firewalld-0.4.0-tempdir_RHBZ1305175.patch delete mode 100644 firewalld-0.4.1-fr.patch delete mode 100644 firewalld-0.4.4.3-get_ipset_no_applied_check.patch delete mode 100644 firewalld-0.4.4.5-ipv6_icmptype_only_rich_rule_fix-cf50bd0.patch delete mode 100644 firewalld-0.4.4.5-rich_source_validation-d69b7cb.patch diff --git a/firewalld-0.4.0-ALREADY_ENABLED_RHBZ1309754.patch b/firewalld-0.4.0-ALREADY_ENABLED_RHBZ1309754.patch deleted file mode 100644 index 6b27c36..0000000 --- a/firewalld-0.4.0-ALREADY_ENABLED_RHBZ1309754.patch +++ /dev/null @@ -1,251 +0,0 @@ -From b81a595f83d269a56ef5e13105de5bfce392e187 Mon Sep 17 00:00:00 2001 -From: Jiri Popelka -Date: Mon, 22 Feb 2016 18:51:48 +0100 -Subject: [PATCH] Revert "firewall.client: Raise ALREADY/NOT _ENABLED errors" - -This reverts commit 14fecd41eb6be610179ff6e1b2534dd6171628be. ---- - src/firewall/client.py | 69 +++----------------------------------------------- - 1 file changed, 3 insertions(+), 66 deletions(-) - -diff --git a/src/firewall/client.py b/src/firewall/client.py -index 65be20a..1d562da 100644 ---- a/src/firewall/client.py -+++ b/src/firewall/client.py -@@ -29,7 +29,7 @@ import dbus.mainloop.glib - import slip.dbus - - from firewall.config import * --from firewall.errors import FirewallError, ALREADY_ENABLED, NOT_ENABLED -+from firewall.errors import FirewallError - from firewall.config.dbus import * - from firewall.core.base import DEFAULT_ZONE_TARGET - from firewall.dbus_utils import dbus_to_python -@@ -137,14 +137,10 @@ class FirewallClientZoneSettings(object): - def addService(self, service): - if service not in self.settings[5]: - self.settings[5].append(service) -- else: -- raise FirewallError(ALREADY_ENABLED, service) - @handle_exceptions - def removeService(self, service): - if service in self.settings[5]: - self.settings[5].remove(service) -- else: -- raise FirewallError(NOT_ENABLED, service) - @handle_exceptions - def queryService(self, service): - return service in self.settings[5] -@@ -159,14 +155,10 @@ class FirewallClientZoneSettings(object): - def addPort(self, port, protocol): - if (port,protocol) not in self.settings[6]: - self.settings[6].append((port,protocol)) -- else: -- raise FirewallError(ALREADY_ENABLED, "'%s:%s'" % (port, protocol)) - @handle_exceptions - def removePort(self, port, protocol): - if (port,protocol) in self.settings[6]: - self.settings[6].remove((port,protocol)) -- else: -- raise FirewallError(NOT_ENABLED, "'%s:%s'" % (port, protocol)) - @handle_exceptions - def queryPort(self, port, protocol): - return (port,protocol) in self.settings[6] -@@ -181,14 +173,10 @@ class FirewallClientZoneSettings(object): - def addProtocol(self, protocol): - if protocol not in self.settings[13]: - self.settings[13].append(protocol) -- else: -- raise FirewallError(ALREADY_ENABLED, protocol) - @handle_exceptions - def removeProtocol(self, protocol): - if protocol in self.settings[13]: - self.settings[13].remove(protocol) -- else: -- raise FirewallError(NOT_ENABLED, protocol) - @handle_exceptions - def queryProtocol(self, protocol): - return protocol in self.settings[13] -@@ -203,14 +191,10 @@ class FirewallClientZoneSettings(object): - def addIcmpBlock(self, icmptype): - if icmptype not in self.settings[7]: - self.settings[7].append(icmptype) -- else: -- raise FirewallError(ALREADY_ENABLED, icmptype) - @handle_exceptions - def removeIcmpBlock(self, icmptype): - if icmptype in self.settings[7]: - self.settings[7].remove(icmptype) -- else: -- raise FirewallError(NOT_ENABLED, icmptype) - @handle_exceptions - def queryIcmpBlock(self, icmptype): - return icmptype in self.settings[7] -@@ -236,9 +220,6 @@ class FirewallClientZoneSettings(object): - to_addr = '' - if (port,protocol,to_port,to_addr) not in self.settings[9]: - self.settings[9].append((port,protocol,to_port,to_addr)) -- else: -- raise FirewallError(ALREADY_ENABLED, "'%s:%s:%s:%s'" % \ -- (port, protocol, toport, toaddr)) - @handle_exceptions - def removeForwardPort(self, port, protocol, to_port, to_addr): - if to_port is None: -@@ -247,9 +228,6 @@ class FirewallClientZoneSettings(object): - to_addr = '' - if (port,protocol,to_port,to_addr) in self.settings[9]: - self.settings[9].remove((port,protocol,to_port,to_addr)) -- else: -- raise FirewallError(NOT_ENABLED, "'%s:%s:%s:%s'" % \ -- (port, protocol, toport, toaddr)) - @handle_exceptions - def queryForwardPort(self, port, protocol, to_port, to_addr): - if to_port is None: -@@ -268,14 +246,10 @@ class FirewallClientZoneSettings(object): - def addInterface(self, interface): - if interface not in self.settings[10]: - self.settings[10].append(interface) -- else: -- raise FirewallError(ALREADY_ENABLED, interface) - @handle_exceptions - def removeInterface(self, interface): - if interface in self.settings[10]: - self.settings[10].remove(interface) -- else: -- raise FirewallError(NOT_ENABLED, interface) - @handle_exceptions - def queryInterface(self, interface): - return interface in self.settings[10] -@@ -290,14 +264,10 @@ class FirewallClientZoneSettings(object): - def addSource(self, source): - if source not in self.settings[11]: - self.settings[11].append(source) -- else: -- raise FirewallError(ALREADY_ENABLED, source) - @handle_exceptions - def removeSource(self, source): - if source in self.settings[11]: - self.settings[11].remove(source) -- else: -- raise FirewallError(NOT_ENABLED, source) - @handle_exceptions - def querySource(self, source): - return source in self.settings[11] -@@ -314,15 +284,11 @@ class FirewallClientZoneSettings(object): - rule = str(Rich_Rule(rule_str=rule)) - if rule not in self.settings[12]: - self.settings[12].append(rule) -- else: -- raise FirewallError(ALREADY_ENABLED, rule) - @handle_exceptions - def removeRichRule(self, rule): - rule = str(Rich_Rule(rule_str=rule)) - if rule in self.settings[12]: - self.settings[12].remove(rule) -- else: -- raise FirewallError(NOT_ENABLED, rule) - @handle_exceptions - def queryRichRule(self, rule): - rule = str(Rich_Rule(rule_str=rule)) -@@ -734,14 +700,10 @@ class FirewallClientServiceSettings(object): - def addPort(self, port, protocol): - if (port,protocol) not in self.settings[3]: - self.settings[3].append((port,protocol)) -- else: -- raise FirewallError(ALREADY_ENABLED, "'%s:%s'" % (port, protocol)) - @handle_exceptions - def removePort(self, port, protocol): - if (port,protocol) in self.settings[3]: - self.settings[3].remove((port,protocol)) -- else: -- raise FirewallError(NOT_ENABLED, "'%s:%s'" % (port, protocol)) - @handle_exceptions - def queryPort(self, port, protocol): - return (port,protocol) in self.settings[3] -@@ -756,14 +718,10 @@ class FirewallClientServiceSettings(object): - def addProtocol(self, protocol): - if protocol not in self.settings[6]: - self.settings[6].append(protocol) -- else: -- raise FirewallError(ALREADY_ENABLED, protocol) - @handle_exceptions - def removeProtocol(self, protocol): - if protocol in self.settings[6]: - self.settings[6].remove(protocol) -- else: -- raise FirewallError(NOT_ENABLED, protocol) - @handle_exceptions - def queryProtocol(self, protocol): - return protocol in self.settings[6] -@@ -778,14 +736,10 @@ class FirewallClientServiceSettings(object): - def addModule(self, module): - if module not in self.settings[4]: - self.settings[4].append(module) -- else: -- raise FirewallError(ALREADY_ENABLED, module) - @handle_exceptions - def removeModule(self, module): - if module in self.settings[4]: - self.settings[4].remove(module) -- else: -- raise FirewallError(NOT_ENABLED, module) - @handle_exceptions - def queryModule(self, module): - return module in self.settings[4] -@@ -798,18 +752,11 @@ class FirewallClientServiceSettings(object): - self.settings[5] = destinations - @handle_exceptions - def setDestination(self, dest_type, address): -- if not dest_type in self.settings[5] or \ -- self.settings[5][dest_type] != address: -- self.settings[5][dest_type] = address -- else: -- raise FirewallError(ALREADY_ENABLED, "'%s:%s'" % \ -- (dest_type, address)) -+ self.settings[5][dest_type] = address - @handle_exceptions - def removeDestination(self, dest_type): - if dest_type in self.settings[5]: - del self.settings[5][dest_type] -- else: -- raise FirewallError(NOT_ENABLED, "'%s'" % dest_type) - @handle_exceptions - def queryDestination(self, dest_type, address): - return (dest_type in self.settings[5] and \ -@@ -865,17 +812,11 @@ class FirewallClientIPSetSettings(object): - self.settings[4] = options - @handle_exceptions - def addOption(self, key, value): -- if not key in self.settings[4] or self.settings[4][key] != value: -- self.settings[4][key] = value -- else: -- raise FirewallError(ALREADY_ENABLED, "'%s=%s'" % (key,value) -- if value else key) -+ self.settings[4][key] = value - @handle_exceptions - def removeOption(self, key): - if key in self.settings[4]: - del self.settings[4][key] -- else: -- raise FirewallError(NOT_ENABLED, key) - @handle_exceptions - def queryOption(self, key, value): - return key in self.settings[4] and self.settings[4][key] == value -@@ -890,14 +831,10 @@ class FirewallClientIPSetSettings(object): - def addEntry(self, entry): - if entry not in self.settings[5]: - self.settings[5].append(entry) -- else: -- raise FirewallError(ALREADY_ENABLED, entry) - @handle_exceptions - def removeEntry(self, entry): - if entry in self.settings[5]: - self.settings[5].remove(entry) -- else: -- raise FirewallError(NOT_ENABLED, entry) - @handle_exceptions - def queryEntry(self, entry): - return entry in self.settings[5] --- -2.5.0 - diff --git a/firewalld-0.4.0-tempdir_RHBZ1305175.patch b/firewalld-0.4.0-tempdir_RHBZ1305175.patch deleted file mode 100644 index 913e1c2..0000000 --- a/firewalld-0.4.0-tempdir_RHBZ1305175.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 7c6b91b1c32fe502d1a6ffc3e29f09481bcf7ab1 Mon Sep 17 00:00:00 2001 -From: Jiri Popelka -Date: Mon, 8 Feb 2016 13:42:41 +0100 -Subject: [PATCH 1/2] Make sure tempdir is created even in offline mode. - ---- - src/firewall/functions.py | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/firewall/functions.py b/src/firewall/functions.py -index 9b19139..6dbac26 100644 ---- a/src/firewall/functions.py -+++ b/src/firewall/functions.py -@@ -265,6 +265,9 @@ def firewalld_is_active(): - - def tempFile(): - try: -+ if not os.path.exists(FIREWALLD_TEMPDIR): -+ os.mkdir(FIREWALLD_TEMPDIR, 0o750) -+ - return tempfile.NamedTemporaryFile(mode='wt', prefix="temp.", - dir=FIREWALLD_TEMPDIR, delete=False) - except Exception as msg: --- -2.5.0 - diff --git a/firewalld-0.4.1-fr.patch b/firewalld-0.4.1-fr.patch deleted file mode 100644 index afc24a0..0000000 --- a/firewalld-0.4.1-fr.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/po/fr.po b/po/fr.po -index a46c590..9647a73 100644 ---- a/po/fr.po -+++ b/po/fr.po -@@ -132,7 +132,7 @@ msgstr "Zone à protection active :" - - #: ../src/firewall-applet:233 ../src/firewall-applet:246 - msgid "Reset To Default" --msgstr "Réinitialiser aux paramètres par défaut\n" -+msgstr "Réinitialiser aux paramètres par défaut" - - #: ../src/firewall-applet:237 - msgid "Shields Down Zone:" diff --git a/firewalld-0.4.4.3-get_ipset_no_applied_check.patch b/firewalld-0.4.4.3-get_ipset_no_applied_check.patch deleted file mode 100644 index 149f9f4..0000000 --- a/firewalld-0.4.4.3-get_ipset_no_applied_check.patch +++ /dev/null @@ -1,91 +0,0 @@ -commit 7e7be5658c2b1a8aa130480ad8e1a7314c83bba9 -Author: Thomas Woerner -Date: Wed Feb 15 11:11:40 2017 +0100 - - firewall.core.fw_ipset: get_ipset may not ckeck if set is applied by default - - This breaks the ipset overloading from /etc/firewalld/ipsets. - Fixes: #206 - -diff --git a/src/firewall/core/fw_ipset.py b/src/firewall/core/fw_ipset.py -index bbbc8eb..952d122 100644 ---- a/src/firewall/core/fw_ipset.py -+++ b/src/firewall/core/fw_ipset.py -@@ -55,10 +55,11 @@ class FirewallIPSet(object): - def has_ipsets(self): - return len(self._ipsets) > 0 - -- def get_ipset(self, name): -+ def get_ipset(self, name, applied=False): - self.check_ipset(name) - obj = self._ipsets[name] -- self.check_applied_obj(obj) -+ if applied: -+ self.check_applied_obj(obj) - return obj - - def _error2warning(self, f, name, *args): -@@ -141,11 +142,11 @@ class FirewallIPSet(object): - # TYPE - - def get_type(self, name): -- return self.get_ipset(name).type -+ return self.get_ipset(name, applied=True).type - - # DIMENSION - def get_dimension(self, name): -- return len(self.get_ipset(name).type.split(",")) -+ return len(self.get_ipset(name, applied=True).type.split(",")) - - # APPLIED - -@@ -164,7 +165,7 @@ class FirewallIPSet(object): - # OPTIONS - - def get_family(self, name): -- obj = self.get_ipset(name) -+ obj = self.get_ipset(name, applied=True) - if "family" in obj.options: - if obj.options["family"] == "inet6": - return "ipv6" -@@ -179,7 +180,7 @@ class FirewallIPSet(object): - pass - - def add_entry(self, name, entry): -- obj = self.get_ipset(name) -+ obj = self.get_ipset(name, applied=True) - if "timeout" in obj.options and obj.options["timeout"] != "0": - # no entries visible for ipsets with timeout - raise FirewallError(errors.IPSET_WITH_TIMEOUT, name) -@@ -201,7 +202,7 @@ class FirewallIPSet(object): - obj.entries.append(entry) - - def remove_entry(self, name, entry): -- obj = self.get_ipset(name) -+ obj = self.get_ipset(name, applied=True) - if "timeout" in obj.options and obj.options["timeout"] != "0": - # no entries visible for ipsets with timeout - raise FirewallError(errors.IPSET_WITH_TIMEOUT, name) -@@ -222,7 +223,7 @@ class FirewallIPSet(object): - obj.entries.remove(entry) - - def query_entry(self, name, entry): -- obj = self.get_ipset(name) -+ obj = self.get_ipset(name, applied=True) - if "timeout" in obj.options and obj.options["timeout"] != "0": - # no entries visible for ipsets with timeout - raise FirewallError(errors.IPSET_WITH_TIMEOUT, name) -@@ -230,11 +231,11 @@ class FirewallIPSet(object): - return entry in obj.entries - - def get_entries(self, name): -- obj = self.get_ipset(name) -+ obj = self.get_ipset(name, applied=True) - return obj.entries - - def set_entries(self, name, entries): -- obj = self.get_ipset(name) -+ obj = self.get_ipset(name, applied=True) - if "timeout" in obj.options and obj.options["timeout"] != "0": - # no entries visible for ipsets with timeout - raise FirewallError(errors.IPSET_WITH_TIMEOUT, name) diff --git a/firewalld-0.4.4.5-ipv6_icmptype_only_rich_rule_fix-cf50bd0.patch b/firewalld-0.4.4.5-ipv6_icmptype_only_rich_rule_fix-cf50bd0.patch deleted file mode 100644 index db219c1..0000000 --- a/firewalld-0.4.4.5-ipv6_icmptype_only_rich_rule_fix-cf50bd0.patch +++ /dev/null @@ -1,28 +0,0 @@ -From cf50bd0004418abe1294f53b58387a181dfd2b51 Mon Sep 17 00:00:00 2001 -From: Thomas Woerner -Date: Thu, 8 Jun 2017 17:44:32 +0200 -Subject: [PATCH] firewall.core.fw_zone: Rich-rule ICMP type: Error only for - conflicting family - -Only raise error for an ICMP block in a rich-rule if a family has been -specified and conflicts with the ICMP destination. - -Fixes: RHBZ#1459921 ---- - src/firewall/core/fw_zone.py | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py -index 4f3f18c0..f47222e4 100644 ---- a/src/firewall/core/fw_zone.py -+++ b/src/firewall/core/fw_zone.py -@@ -1425,6 +1425,9 @@ def __rule_prepare(self, enable, zone, rule, mark_id, zone_transaction): - raise FirewallError(errors.INVALID_RULE, - "IcmpBlock not usable with accept action") - if ict.destination and ipv not in ict.destination: -+ if rule.family is None: -+ # Add for IPv4 or IPv6 depending on ict.destination -+ continue - raise FirewallError( - errors.INVALID_RULE, - "Icmp%s %s not usable with %s" % \ diff --git a/firewalld-0.4.4.5-rich_source_validation-d69b7cb.patch b/firewalld-0.4.4.5-rich_source_validation-d69b7cb.patch deleted file mode 100644 index cfd7828..0000000 --- a/firewalld-0.4.4.5-rich_source_validation-d69b7cb.patch +++ /dev/null @@ -1,59 +0,0 @@ -From d69b7cb2724f041f257b90184a64e28a667ee7e9 Mon Sep 17 00:00:00 2001 -From: Thomas Woerner -Date: Thu, 8 Jun 2017 15:31:11 +0200 -Subject: [PATCH] firewall.core.rich: Add checks for Rich_Source validation - -A rich-rule source needs to either contain a IP address, a MAC address or an -ipset. ---- - src/firewall/core/rich.py | 24 +++++++++++++++++------- - 1 file changed, 17 insertions(+), 7 deletions(-) - -diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py -index 3adcb4d9..04791da6 100644 ---- a/src/firewall/core/rich.py -+++ b/src/firewall/core/rich.py -@@ -46,15 +46,21 @@ def __init__(self, addr, mac, ipset, invert=False): - if self.ipset == "": - self.ipset = None - self.invert = invert -+ if self.addr is None and self.mac is None and self.ipset is None: -+ raise FirewallError(errors.INVALID_RULE, -+ "no address, mac and ipset") - - def __str__(self): -- if self.addr: -- x = ' address="%s"' % self.addr -- elif self.mac: -- x = ' mac="%s"' % self.mac -- elif self.ipset: -- x = ' ipset="%s"' % self.ipset -- return 'source%s%s' % (" NOT" if self.invert else "", x) -+ ret = 'source%s ' % (" NOT" if self.invert else "") -+ if self.addr is not None: -+ return ret + 'address="%s"' % self.addr -+ elif self.mac is not None: -+ return ret + 'mac="%s"' % self.mac -+ elif self.ipset is not None: -+ return ret + 'ipset="%s"' % self.ipset -+ else: -+ raise FirewallError(errors.INVALID_RULE, -+ "no address, mac and ipset") - - class Rich_Destination(object): - def __init__(self, addr, invert=False): -@@ -542,10 +548,14 @@ def check(self): - raise FirewallError(errors.INVALID_FAMILY) - if self.source.mac is not None: - raise FirewallError(errors.INVALID_RULE, "address and mac") -+ if self.source.ipset is not None: -+ raise FirewallError(errors.INVALID_RULE, "address and ipset") - if not functions.check_address(self.family, self.source.addr): - raise FirewallError(errors.INVALID_ADDR, str(self.source.addr)) - - elif self.source.mac is not None: -+ if self.source.ipset is not None: -+ raise FirewallError(errors.INVALID_RULE, "mac and ipset") - if not functions.check_mac(self.source.mac): - raise FirewallError(errors.INVALID_MAC, str(self.source.mac)) -