From ef8e49491c4e21a7a57a04e837076b1f31ac1f6e Mon Sep 17 00:00:00 2001
From: Eric Garver <egarver@redhat.com>
Date: Fri, 21 Sep 2018 12:22:24 -0400
Subject: [PATCH] rebase to v0.6.2

Resolves: rhbz 1624600
---
 .gitignore                                    |  1 +
 ...n-clear-zone-transaction-must-clear-.patch | 48 +++++++++++++++++++
 firewalld.spec                                | 10 +++-
 sources                                       |  2 +-
 4 files changed, 58 insertions(+), 3 deletions(-)
 create mode 100644 0001-fw_transaction-On-clear-zone-transaction-must-clear-.patch

diff --git a/.gitignore b/.gitignore
index a676fa2..b151d20 100644
--- a/.gitignore
+++ b/.gitignore
@@ -51,3 +51,4 @@
 /firewalld-0.5.3.tar.gz
 /firewalld-0.6.0.tar.gz
 /firewalld-0.6.1.tar.gz
+/firewalld-0.6.2.tar.gz
diff --git a/0001-fw_transaction-On-clear-zone-transaction-must-clear-.patch b/0001-fw_transaction-On-clear-zone-transaction-must-clear-.patch
new file mode 100644
index 0000000..c0373ef
--- /dev/null
+++ b/0001-fw_transaction-On-clear-zone-transaction-must-clear-.patch
@@ -0,0 +1,48 @@
+From 2e53fab83ac844c1d2fb2781116ad47b8900ab85 Mon Sep 17 00:00:00 2001
+From: Eric Garver <e@erig.me>
+Date: Fri, 21 Sep 2018 11:02:18 -0400
+Subject: [PATCH 1/2] fw_transaction: On clear zone transaction, must clear fw
+ and other zones
+
+Just like FirewallZoneTransaction.execute() that was spawned from a
+FirewallTransaction must call FirewallTransaction.exectue() we should
+also make sure the same is done for clear(). Otherwise we can end up
+with a partially cleared transaction. This gets really hairy if the
+FirewallTransaction contains many instances of FirewallZoneTransaction
+which is common during startup with non-default configuration.
+
+Fixes: #374
+---
+ src/firewall/core/fw_transaction.py | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/src/firewall/core/fw_transaction.py b/src/firewall/core/fw_transaction.py
+index f169e4a923dd..ad204c1991cf 100644
+--- a/src/firewall/core/fw_transaction.py
++++ b/src/firewall/core/fw_transaction.py
+@@ -231,9 +231,19 @@ class FirewallZoneTransaction(SimpleFirewallTransaction):
+         self.modules = [ ] # [ module,.. ]
+ 
+     def clear(self):
+-        super(FirewallZoneTransaction, self).clear()
+-        del self.chains[:]
+-        del self.modules[:]
++        # calling clear on a zone_transaction that was spawned from a
++        # FirewallTransaction needs to clear the fw_transaction and all the
++        # other zones otherwise we end up with a partially cleared transaction.
++        if self.fw_transaction:
++            super(FirewallTransaction, self.fw_transaction).clear()
++            for zone in self.fw_transaction.zone_transactions.keys():
++                super(FirewallZoneTransaction, self.fw_transaction.zone_transactions[zone]).clear()
++                del self.fw_transaction.zone_transactions[zone].chains[:]
++                del self.fw_transaction.zone_transactions[zone].modules[:]
++        else:
++            super(FirewallZoneTransaction, self).clear()
++            del self.chains[:]
++            del self.modules[:]
+ 
+     def prepare(self, enable, rules=None, modules=None):
+         log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "..."))
+-- 
+2.18.0
+
diff --git a/firewalld.spec b/firewalld.spec
index e4f72fb..250afb9 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -1,7 +1,7 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
-Version: 0.6.1
-Release: 2%{?dist}
+Version: 0.6.2
+Release: 1%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -9,6 +9,8 @@ Source1: FedoraServer.xml
 Source2: FedoraWorkstation.xml
 Patch0: firewalld-0.2.6-MDNS-default.patch
 Patch1: 0001-fedora-patch-to-default-to-iptables-backend.patch
+Patch2: 0001-fw_transaction-On-clear-zone-transaction-must-clear-.patch
+Patch3: 0001-Fix-translating-labels-392.patch
 BuildArch: noarch
 BuildRequires: autoconf
 BuildRequires: automake
@@ -271,6 +273,10 @@ fi
 %{_mandir}/man1/firewall-config*.1*
 
 %changelog
+* Fri Sep 21 2018 Eric Garver <egarver@redhat.com> - 0.6.2-1
+- rebase package to v0.6.2
+- includes patch to fix zone transaction clear
+
 * Fri Aug 10 2018 Eric Garver <egarver@redhat.com> - 0.6.1-2
 - default to iptables backend
 
diff --git a/sources b/sources
index 365d1f9..57213a5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (firewalld-0.6.1.tar.gz) = 49896d59bb90bf3b8750826d52d04502629f691c137080af732ba05beae2d2140ad61c36da099c518de026e72fdc2028b79f6a1a04c0900edbd2c923f57c18f1
+SHA512 (firewalld-0.6.2.tar.gz) = 3bb4c95e24751aab0d71e4fb51db78b4a9c6b5869053e17528784369efaf14ea028f65ee616fd2fbf4d1c8dca18586c6032f078cb2c036728fb06d7969a5136a