rpms/firewalld
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI firewalld-1.3.4-15.el9_6

Browse Source
This commit is contained in:
eabdullin 2025-11-04 10:27:55 +00:00
parent c7a87b1462
commit ea412f88be
11 changed files with 494 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
SOURCES/0025-v2.3.0-test-functions-fix-iptables-normalization-for.patch Normal file
View File

@ -0,0 +1,38 @@
From 1557b7bd45499c738d17a97dbb1713a59faddc1f Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Mon, 1 Jul 2024 15:07:27 -0400
Subject: [PATCH 25/31] v2.3.0: test(functions): fix iptables normalization for
opt field
The sed expression didn't consume multiple spaces. All of the
normalization nuances are stacking. :(
@@ -3,5 +3,5 @@
IN_public_deny 0 -- ::/0 ::/0
IN_public_allow 0 -- ::/0 ::/0
IN_public_post 0 -- ::/0 ::/0
-ACCEPT 58 -- ::/0 ::/0
+ACCEPT 58 -- -- ::/0 ::/0
Fixes: 9a11ab13c109 ("test(functions): ip6tables: normalize opt field output")
(cherry picked from commit e3f44a77be2f64be1beb7441314c37a9d773c063)
---
src/tests/functions.at | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tests/functions.at b/src/tests/functions.at
index d1c89ed5b982..8b07908c667c 100644
--- a/src/tests/functions.at
+++ b/src/tests/functions.at
@@ -423,7 +423,7 @@ m4_define([IPXTABLES_LIST_RULES_NORMALIZE], [dnl
dnl commit 6e41c2d8747b ("iptables: xshared: Output '--' in the opt field
dnl in ipv6's fake mode") added "--" to the output of ip6tables. This regex
dnl adds the "--" for older ip6tables versions.
- -e ['s/^\([-a-zA-Z0-9_]\+\)[ ]\([^ ]*\)[ ][-]\?[-]\?[ ]\?/\1 \2 -- /g'] dnl
+ -e ['s/^\([-a-zA-Z0-9_]\+\)[ ]\+\([^ ]*\)[ ]\+[-]\?[-]\?[ ]\?/\1 \2 -- /g'] dnl
])
m4_define([IPTABLES_LIST_RULES_NORMALIZE], [dnl
--
2.48.1

46
SOURCES/0026-v2.4.0-test-add-scale-keyword-to-scale-tests.patch Normal file
View File

@ -0,0 +1,46 @@
From 3a306425ecdc2b6024449404cfffaa1b11234e24 Mon Sep 17 00:00:00 2001
From: Eric Garver <egarver@redhat.com>
Date: Thu, 21 Nov 2024 09:21:51 -0500
Subject: [PATCH 26/31] v2.4.0: test: add scale keyword to scale tests
This allows skipping scale tests or running them separately.
e.g. skip
# make check TESTSUITEFLAGS="-j6 -k !scale"
e.g. run scale tests separately and serially
# make check TESTSUITEFLAGS="-k scale"
(cherry picked from commit 106d3df926296163ed8a2aa7f924b4eb55b7b24f)
---
src/tests/regression/ipset_scale.at | 2 +-
src/tests/regression/rhbz1871298.at | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/tests/regression/ipset_scale.at b/src/tests/regression/ipset_scale.at
index 2ceef1a56816..0aef986434f0 100644
--- a/src/tests/regression/ipset_scale.at
+++ b/src/tests/regression/ipset_scale.at
@@ -1,5 +1,5 @@
FWD_START_TEST([ipset scale])
-AT_KEYWORDS(ipset gh738)
+AT_KEYWORDS(ipset gh738 scale)
dnl Create a huge ipset
AT_CHECK([touch ./entries], 0, [ignore])
diff --git a/src/tests/regression/rhbz1871298.at b/src/tests/regression/rhbz1871298.at
index 3a40e2a5ae13..e9fcfe69cf88 100644
--- a/src/tests/regression/rhbz1871298.at
+++ b/src/tests/regression/rhbz1871298.at
@@ -1,5 +1,5 @@
FWD_START_TEST([rich rule parsing bottleneck])
-AT_KEYWORDS(rich offline rhbz1871298)
+AT_KEYWORDS(rich offline rhbz1871298 scale)
AT_SKIP_IF([! NS_CMD([which timeout >/dev/null 2>&1])])
--
2.48.1

39
SOURCES/0027-v2.4.0-fix-systemd-verify-firewalld-is-responsive-to.patch Normal file
View File

@ -0,0 +1,39 @@
From b5ed698e4393089a55f0e81d6b687c27affaca1a Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Tue, 4 Mar 2025 12:04:44 -0500
Subject: [PATCH 27/31] v2.4.0: fix(systemd): verify firewalld is responsive to
dbus
`systemctl start firewalld` will return as soon as firewalld claims the
well-known bus name. However, this is too early. Signal handlers, etc.
may not have been setup. To verify firewalld has completed its startup
and entered the GLib mainloop use ExecStartPost to check that it's
responsive to dbus calls. The ExecStartPost will block until its gets a
response or times out (dbus default is 20s). On the firewalld side, the
dbus call is buffered until the GLib mainloop handles it.
This fixes a race where a `systemctl reload` immediately after a start
could hit a timing window during which the signal handlers have not yet
been setup, thus killing firewalld.
Fixes: RHEL-77738
(cherry picked from commit 4ddfe5672e3a51e1c081b410144155553f256e91)
---
config/firewalld.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/config/firewalld.service.in b/config/firewalld.service.in
index b757a08f28dc..1c6b8f4d78dc 100644
--- a/config/firewalld.service.in
+++ b/config/firewalld.service.in
@@ -10,6 +10,7 @@ Documentation=man:firewalld(1)
[Service]
EnvironmentFile=-/etc/sysconfig/firewalld
ExecStart=@sbindir@/firewalld --nofork --nopid $FIREWALLD_ARGS
+ExecStartPost=@bindir@/firewall-cmd --state
ExecReload=/bin/kill -HUP $MAINPID
# supress to log debug and error output also to /var/log/messages
StandardOutput=null
--
2.48.1

25
SOURCES/0028-v2.4.0-fix-systemd-remove-unnecessary-comment.patch Normal file
View File

@ -0,0 +1,25 @@
From b61048559be0995beee05a5d61958a13f7bf1bb5 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Tue, 4 Mar 2025 12:10:46 -0500
Subject: [PATCH 28/31] v2.4.0: fix(systemd): remove unnecessary comment
(cherry picked from commit ad6f103e1d656d263116ef0178c08792e32aac84)
---
config/firewalld.service.in | 1 -
1 file changed, 1 deletion(-)
diff --git a/config/firewalld.service.in b/config/firewalld.service.in
index 1c6b8f4d78dc..cd7f772b8581 100644
--- a/config/firewalld.service.in
+++ b/config/firewalld.service.in
@@ -12,7 +12,6 @@ EnvironmentFile=-/etc/sysconfig/firewalld
ExecStart=@sbindir@/firewalld --nofork --nopid $FIREWALLD_ARGS
ExecStartPost=@bindir@/firewall-cmd --state
ExecReload=/bin/kill -HUP $MAINPID
-# supress to log debug and error output also to /var/log/messages
StandardOutput=null
StandardError=null
Type=dbus
--
2.48.1

74
SOURCES/0029-v2.4.0-test-nftables-table-owner-use-grep-instead-of.patch Normal file
View File

@ -0,0 +1,74 @@
From 6ce8e4cf508d45e5b0d05192eb06dc0768dbbb56 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Wed, 7 May 2025 11:31:03 -0400
Subject: [PATCH 29/31] v2.4.0: test(nftables): table owner: use grep instead
of head
Using `head -n 2` will cause head to terminate early while the prior
commands in the pipeline still have output. This will trigger SIGPIPE
and in some cases causes messages on stderr. Use grep to consume all the
output.
Fixes: #1403
Fixes: e7728b843c2e ("test(nftables): table ownership")
--->8---
./nftables_table_owner.at:1: env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list table inet firewalld | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | head -n 2
--- /dev/null 2025-05-06 18:20:20.014443085 +0000
+++ /home/runner/work/firewalld/firewalld/src/tests/testsuite.dir/at-groups/228/stderr 2025-05-06 18:31:38.431177759 +0000
@@ -0,0 +1,2 @@
+/home/runner/work/firewalld/firewalld/src/tests/testsuite.dir/at-groups/228/test-source: line 409: printf: write error: Broken pipe
+/home/runner/work/firewalld/firewalld/src/tests/testsuite.dir/at-groups/228/test-source: line 409: echo: write error: Broken pipe
228. nftables_table_owner.at:1: FAILED (nftables_table_owner.at:
(cherry picked from commit 31e2584c5ada874639cbd80174c3fd745e392852)
---
src/tests/features/nftables_table_owner.at | 21 +++++----------------
1 file changed, 5 insertions(+), 16 deletions(-)
diff --git a/src/tests/features/nftables_table_owner.at b/src/tests/features/nftables_table_owner.at
index abc946da0ad7..dd9c3deed2ba 100644
--- a/src/tests/features/nftables_table_owner.at
+++ b/src/tests/features/nftables_table_owner.at
@@ -7,32 +7,21 @@ FWD_RELOAD()
AT_SKIP_IF([grep "Configuration has NftablesTableOwner=True, but it's not supported by nftables." ./firewalld.log])
-NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
- table inet firewalld { # progname firewalld
- flags owner,persist
-])])
+dnl Make sure it's initially working
+dnl
+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 0, [ignore])
dnl Test the transitions from On to Off
dnl
-
AT_CHECK([sed -i 's/^NftablesTableOwner=.*/NftablesTableOwner=no/' ./firewalld.conf])
FWD_RELOAD()
-
-NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
- table inet firewalld {
- chain mangle_PREROUTING {
-])])
+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 1)
dnl Test the transitions from Off to On
dnl
-
AT_CHECK([sed -i 's/^NftablesTableOwner=.*/NftablesTableOwner=yes/' ./firewalld.conf])
FWD_RELOAD()
-
-NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | head -n 2], 0, [m4_strip([dnl
- table inet firewalld { # progname firewalld
- flags owner,persist
-])])
+NS_CHECK([nft list table inet firewalld | TRIM_WHITESPACE | grep "flags owner,persist"], 0, [ignore])
FWD_END_TEST()
])
--
2.48.1

63
SOURCES/0030-v2.4.0-chore-ipset-remove-set_supported_types.patch Normal file
View File

@ -0,0 +1,63 @@
From c1ef9701fa5d33f2116a67f7e20c3c4f525c57f1 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Fri, 2 May 2025 16:33:14 -0400
Subject: [PATCH 30/31] v2.4.0: chore(ipset): remove set_supported_types()
"ipset --help" doesn't actual guarantee that the types are supported in
the kernel. As such, this probe is useless.
(cherry picked from commit 1e401a7d22d4d00be90330e171929c78ddd9b55b)
---
src/firewall/core/fw.py | 3 ---
src/firewall/core/ipset.py | 21 ---------------------
2 files changed, 24 deletions(-)
diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
index 557b6e527dbd..92574bc7e650 100644
--- a/src/firewall/core/fw.py
+++ b/src/firewall/core/fw.py
@@ -228,9 +228,6 @@ class Firewall(object):
self.ipset_supported_types = [ ]
# ipset is not usable
self.ipset_enabled = False
- else:
- # ipset is usable, get all supported types
- self.ipset_supported_types = self.ipset_backend.set_supported_types()
self.ip4tables_backend.fill_exists()
if not self.ip4tables_backend.restore_command_exists:
diff --git a/src/firewall/core/ipset.py b/src/firewall/core/ipset.py
index d8e0a1ab1e56..a7f0ce17a61b 100644
--- a/src/firewall/core/ipset.py
+++ b/src/firewall/core/ipset.py
@@ -93,27 +93,6 @@ class ipset(object):
raise FirewallError(errors.INVALID_NAME,
"ipset name '%s' is not valid" % name)
- def set_supported_types(self):
- """Return types that are supported by the ipset command and kernel"""
- ret = [ ]
- output = ""
- try:
- output = self.__run(["--help"])
- except ValueError as ex:
- log.debug1("ipset error: %s" % ex)
- lines = output.splitlines()
-
- in_types = False
- for line in lines:
- #print(line)
- if in_types:
- splits = line.strip().split(None, 2)
- if splits[0] not in ret and splits[0] in IPSET_TYPES:
- ret.append(splits[0])
- if line.startswith("Supported set types:"):
- in_types = True
- return ret
-
def check_type(self, type_name):
"""Check ipset type"""
if len(type_name) > IPSET_MAXNAMELEN or type_name not in IPSET_TYPES:
--
2.48.1

41
SOURCES/0031-v2.4.0-fix-fw-start-remove-ipset-probe.patch Normal file
View File

@ -0,0 +1,41 @@
From 6b9c44e3fcc861342cb6624d35eac9d192ce1a2a Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Fri, 2 May 2025 16:37:27 -0400
Subject: [PATCH 31/31] v2.4.0: fix(fw): start: remove ipset probe
This probe is causing kernel modules to be loaded even if the ipset
backend will not be used due to "omit native ipsets". Since the backend
and iptables are deprecated lets just remove the probe and let it fail
at runtime.
Fixes: RHEL-36234
(cherry picked from commit ac20628701509165feaacab679c0699db2c7b8b8)
---
src/firewall/core/fw.py | 11 -----------
1 file changed, 11 deletions(-)
diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
index 92574bc7e650..877ad028d4e2 100644
--- a/src/firewall/core/fw.py
+++ b/src/firewall/core/fw.py
@@ -218,17 +218,6 @@ class Firewall(object):
raise FirewallError(errors.UNKNOWN_ERROR, "No IPv4 and IPv6 firewall.")
def _start_probe_backends(self):
- try:
- self.ipset_backend.set_list()
- except ValueError:
- if self.nftables_enabled:
- log.info1("ipset not usable, disabling ipset usage in firewall. Other set backends (nftables) remain usable.")
- else:
- log.warning("ipset not usable, disabling ipset usage in firewall.")
- self.ipset_supported_types = [ ]
- # ipset is not usable
- self.ipset_enabled = False
-
self.ip4tables_backend.fill_exists()
if not self.ip4tables_backend.restore_command_exists:
if self.ip4tables_backend.command_exists:
--
2.48.1

31
SOURCES/0032-v2.4.0-fix-systemd-allow-start-code-251-RUNNING_BUT_FAILED.patch Normal file
View File

@ -0,0 +1,31 @@
From 257dce8a7769d0b4268973065dfe0a77455d1ce6 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Mon, 2 Jun 2025 11:27:10 -0400
Subject: [PATCH] v2.4.0: fix(systemd): allow start code 251 (RUNNING_BUT_FAILED)
Do not fail to start the service if `firewall-cmd --state` returns this
error code. The daemon is started, but in a recovery mode due to invalid
configuration.
Fixes: 4ddfe5672e3a ("fix(systemd): verify firewalld is responsive to dbus")
(cherry picked from commit d52815e198f05378a3f34633adfedd29165cc64e)
---
config/firewalld.service.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/config/firewalld.service.in b/config/firewalld.service.in
index cd7f772b8581..bd8690fd87a6 100644
--- a/config/firewalld.service.in
+++ b/config/firewalld.service.in
@@ -11,6 +11,8 @@ Documentation=man:firewalld(1)
EnvironmentFile=-/etc/sysconfig/firewalld
ExecStart=@sbindir@/firewalld --nofork --nopid $FIREWALLD_ARGS
ExecStartPost=@bindir@/firewall-cmd --state
+# don't fail ExecStartPost on RUNNING_BUT_FAILED
+SuccessExitStatus=251
ExecReload=/bin/kill -HUP $MAINPID
StandardOutput=null
StandardError=null
--
2.47.1

42
SOURCES/0033-v2.4.0-fix-policy-rich-verify-ipset-exists.patch Normal file
View File

@ -0,0 +1,42 @@
From b3c8cbff1bd9867150f804a8f7f67098de515d6b Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Tue, 3 Jun 2025 16:36:10 -0400
Subject: [PATCH 33/34] v2.4.0: fix(policy): rich: verify ipset exists
Fixes: RHEL-67103
Fixes: RHEL-67331
(cherry picked from commit bd9b7fe87f337aff29142034282e7156cb678b41)
---
src/firewall/core/io/policy.py | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/firewall/core/io/policy.py b/src/firewall/core/io/policy.py
index f9a1114d7969..de636631d28c 100644
--- a/src/firewall/core/io/policy.py
+++ b/src/firewall/core/io/policy.py
@@ -479,6 +479,22 @@ def common_check_config(obj, config, item, all_config, all_io_objects):
obj_type, obj.name, obj_rich.element.name
),
)
+ elif obj_rich.source and obj_rich.source.ipset:
+ if obj_rich.source.ipset not in all_io_objects["ipsets"]:
+ raise FirewallError(
+ errors.INVALID_IPSET,
+ "{} '{}': '{}' not among existing ipsets".format(
+ obj_type, obj.name, obj_rich.source.ipset
+ ),
+ )
+ elif obj_rich.destination and obj_rich.destination.ipset:
+ if obj_rich.destination.ipset not in all_io_objects["ipsets"]:
+ raise FirewallError(
+ errors.INVALID_IPSET,
+ "{} '{}': '{}' not among existing ipsets".format(
+ obj_type, obj.name, obj_rich.destination.ipset
+ ),
+ )
def common_writer(obj, handler):
# short
--
2.47.1

66
SOURCES/0034-v2.4.0-test-rich-rule-reference-invalid-ipset.patch Normal file
View File

@ -0,0 +1,66 @@
From 7d2e41d3bcbf23765efc01e55d73dda6c0bced78 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Tue, 3 Jun 2025 16:20:11 -0400
Subject: [PATCH 34/34] v2.4.0: test: rich: rule reference invalid ipset
Coverage: RHEL-67103
Coverage: RHEL-67331
(cherry picked from commit d99076a59692af306e4dd6c909351a69e80b082a)
---
src/tests/regression/RHEL-67103.at | 34 ++++++++++++++++++++++++++++++
src/tests/regression/regression.at | 1 +
2 files changed, 35 insertions(+)
create mode 100644 src/tests/regression/RHEL-67103.at
diff --git a/src/tests/regression/RHEL-67103.at b/src/tests/regression/RHEL-67103.at
new file mode 100644
index 000000000000..0cca717246bf
--- /dev/null
+++ b/src/tests/regression/RHEL-67103.at
@@ -0,0 +1,34 @@
+FWD_START_TEST([rich rule invalid ipset])
+AT_KEYWORDS(rich ipset RHEL-67103 RHEL-67331)
+
+dnl valid ipset
+FWD_CHECK([--permanent --new-ipset thisexists --type=hash:net], 0, [ignore])
+FWD_CHECK([--permanent --add-rich-rule="rule family=ipv4 source ipset=thisexists accept"], 0, [ignore])
+FWD_CHECK([--permanent --add-rich-rule="rule family=ipv4 destination ipset=thisexists accept"], 0, [ignore])
+FWD_RELOAD()
+
+dnl invalid ipset
+FWD_CHECK([ --add-rich-rule="rule family=ipv4 source ipset=doesnotexist accept"], 135, [ignore], [ignore])
+FWD_CHECK([--permanent --add-rich-rule="rule family=ipv4 source ipset=doesnotexist accept"], 135, [ignore], [ignore])
+FWD_CHECK([ --add-rich-rule="rule family=ipv4 destination ipset=doesnotexist accept"], 135, [ignore], [ignore])
+FWD_CHECK([--permanent --add-rich-rule="rule family=ipv4 destination ipset=doesnotexist accept"], 135, [ignore], [ignore])
+
+dnl verify checks for manually added XML
+AT_DATA([./zones/broken.xml], [m4_strip([dnl
+ <?xml version="1.0" encoding="utf-8"?>
+ <zone>
+ <short>broken</short>
+ <rule family="ipv4">
+ <source ipset="doesnotexist"/>
+ <accept/>
+ </rule>
+ <rule family="ipv4">
+ <destination ipset="doesnotexist"/>
+ <accept/>
+ </rule>
+ <forward/>
+ </zone>
+])])
+FWD_RELOAD(135, [ignore], [ignore])
+
+FWD_END_TEST([-e '/ERROR: INVALID_IPSET/d'])
diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
index e85641932b58..ea1357a91d44 100644
--- a/src/tests/regression/regression.at
+++ b/src/tests/regression/regression.at
@@ -57,3 +57,4 @@ m4_include([regression/ipset_scale.at])
m4_include([regression/gh1129.at])
m4_include([regression/gh1146.at])
m4_include([regression/rhbz2222044.at])
+m4_include([regression/RHEL-67103.at])
--
2.47.1

30
SPECS/firewalld.spec
View File

@ -1,7 +1,7 @@
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
Name: firewalld
Version: 1.3.4
Release: 9%{?dist}
Release: 15%{?dist}
URL: http://www.firewalld.org
License: GPLv2+
Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.bz2
@ -29,6 +29,16 @@ Patch21: 0021-v2.2.0-test-nftables-table-ownership.patch
Patch22: 0022-v2.2.0-chore-service-remove-Conflicts-with-nftables.patch
Patch23: 0023-v2.2.0-fix-service-update-highest-port-number-for-ce.patch
Patch24: 0024-v2.2.0-feat-service-x-rootd-file-server.patch
Patch25: 0025-v2.3.0-test-functions-fix-iptables-normalization-for.patch
Patch26: 0026-v2.4.0-test-add-scale-keyword-to-scale-tests.patch
Patch27: 0027-v2.4.0-fix-systemd-verify-firewalld-is-responsive-to.patch
Patch28: 0028-v2.4.0-fix-systemd-remove-unnecessary-comment.patch
Patch29: 0029-v2.4.0-test-nftables-table-owner-use-grep-instead-of.patch
Patch30: 0030-v2.4.0-chore-ipset-remove-set_supported_types.patch
Patch31: 0031-v2.4.0-fix-fw-start-remove-ipset-probe.patch
Patch32: 0032-v2.4.0-fix-systemd-allow-start-code-251-RUNNING_BUT_FAILED.patch
Patch33: 0033-v2.4.0-fix-policy-rich-verify-ipset-exists.patch
Patch34: 0034-v2.4.0-test-rich-rule-reference-invalid-ipset.patch
BuildArch: noarch
BuildRequires: autoconf
BuildRequires: automake
@ -252,6 +262,24 @@ rm -rf %{buildroot}%{_datadir}/firewalld/testsuite
%{_mandir}/man1/firewall-config*.1*
%changelog
* Tue Jun 17 2025 Eric Garver <egarver@redhat.com> - 1.3.4-15
- fix(policy): rich: verify ipset exists
* Mon Jun 02 2025 Eric Garver <egarver@redhat.com> - 1.3.4-14
- fix(systemd): allow start code 251 (RUNNING_BUT_FAILED)
* Mon May 19 2025 Eric Garver <egarver@redhat.com> - 1.3.4-13
- fix(fw): start: remove ipset probe
* Mon May 19 2025 Eric Garver <egarver@redhat.com> - 1.3.4-12
- fix(systemd): verify firewalld is responsive to dbus
* Mon May 19 2025 Eric Garver <egarver@redhat.com> - 1.3.4-11
- test: add scale keyword to scale tests
* Mon May 19 2025 Eric Garver <egarver@redhat.com> - 1.3.4-10
- test(functions): fix iptables normalization for opt field
* Wed Nov 06 2024 Eric Garver <egarver@redhat.com> - 1.3.4-9
- feat(service): (x)rootd file server