$ git diff --patch-with-stat --summary 94f8191686f836d8426aa29fdb6bde9ee76a301a..2f8048a75a1838ad14eb2071a42e4ef1c2c658d8
.abf.yml | 2 +-
...-ipv6_icmptype_only_rich_rule_fix-cf50bd0.patch | 28 ----------
...ld-0.4.4.5-rich_source_validation-d69b7cb.patch | 59 ----------------------
firewalld.spec | 13 +++--
4 files changed, 9 insertions(+), 93 deletions(-)
delete mode 100644 firewalld-0.4.4.5-ipv6_icmptype_only_rich_rule_fix-cf50bd0.patch
delete mode 100644 firewalld-0.4.4.5-rich_source_validation-d69b7cb.patch
diff --git a/.abf.yml b/.abf.yml
index bb89ceb..1188252 100644
--- a/.abf.yml
+++ b/.abf.yml
@@ -1,2 +1,2 @@
sources:
- v0.6.4.tar.gz: 1bd2e191db3bf6fee7263e5f15b0eb6c20c032c7
+ firewalld-0.7.2.tar.gz: 6ab82e082ed941553920307333ef39fa87e4d0b2
diff --git a/firewalld-0.4.4.5-ipv6_icmptype_only_rich_rule_fix-cf50bd0.patch b/firewalld-0.4.4.5-ipv6_icmptype_only_rich_rule_fix-cf50bd0.patch
deleted file mode 100644
index db219c1..0000000
--- a/firewalld-0.4.4.5-ipv6_icmptype_only_rich_rule_fix-cf50bd0.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From cf50bd0004418abe1294f53b58387a181dfd2b51 Mon Sep 17 00:00:00 2001
-From: Thomas Woerner <twoerner@redhat.com>
-Date: Thu, 8 Jun 2017 17:44:32 +0200
-Subject: [PATCH] firewall.core.fw_zone: Rich-rule ICMP type: Error only for
- conflicting family
-
-Only raise error for an ICMP block in a rich-rule if a family has been
-specified and conflicts with the ICMP destination.
-
-Fixes: RHBZ#1459921
----
- src/firewall/core/fw_zone.py | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
-index 4f3f18c0..f47222e4 100644
---- a/src/firewall/core/fw_zone.py
-+++ b/src/firewall/core/fw_zone.py
-@@ -1425,6 +1425,9 @@ def __rule_prepare(self, enable, zone, rule, mark_id, zone_transaction):
- raise FirewallError(errors.INVALID_RULE,
- "IcmpBlock not usable with accept action")
- if ict.destination and ipv not in ict.destination:
-+ if rule.family is None:
-+ # Add for IPv4 or IPv6 depending on ict.destination
-+ continue
- raise FirewallError(
- errors.INVALID_RULE,
- "Icmp%s %s not usable with %s" % \
diff --git a/firewalld-0.4.4.5-rich_source_validation-d69b7cb.patch b/firewalld-0.4.4.5-rich_source_validation-d69b7cb.patch
deleted file mode 100644
index cfd7828..0000000
--- a/firewalld-0.4.4.5-rich_source_validation-d69b7cb.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From d69b7cb2724f041f257b90184a64e28a667ee7e9 Mon Sep 17 00:00:00 2001
-From: Thomas Woerner <twoerner@redhat.com>
-Date: Thu, 8 Jun 2017 15:31:11 +0200
-Subject: [PATCH] firewall.core.rich: Add checks for Rich_Source validation
-
-A rich-rule source needs to either contain a IP address, a MAC address or an
-ipset.
----
- src/firewall/core/rich.py | 24 +++++++++++++++++-------
- 1 file changed, 17 insertions(+), 7 deletions(-)
-
-diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py
-index 3adcb4d9..04791da6 100644
---- a/src/firewall/core/rich.py
-+++ b/src/firewall/core/rich.py
-@@ -46,15 +46,21 @@ def __init__(self, addr, mac, ipset, invert=False):
- if self.ipset == "":
- self.ipset = None
- self.invert = invert
-+ if self.addr is None and self.mac is None and self.ipset is None:
-+ raise FirewallError(errors.INVALID_RULE,
-+ "no address, mac and ipset")
-
- def __str__(self):
-- if self.addr:
-- x = ' address="%s"' % self.addr
-- elif self.mac:
-- x = ' mac="%s"' % self.mac
-- elif self.ipset:
-- x = ' ipset="%s"' % self.ipset
-- return 'source%s%s' % (" NOT" if self.invert else "", x)
-+ ret = 'source%s ' % (" NOT" if self.invert else "")
-+ if self.addr is not None:
-+ return ret + 'address="%s"' % self.addr
-+ elif self.mac is not None:
-+ return ret + 'mac="%s"' % self.mac
-+ elif self.ipset is not None:
-+ return ret + 'ipset="%s"' % self.ipset
-+ else:
-+ raise FirewallError(errors.INVALID_RULE,
-+ "no address, mac and ipset")
-
- class Rich_Destination(object):
- def __init__(self, addr, invert=False):
-@@ -542,10 +548,14 @@ def check(self):
- raise FirewallError(errors.INVALID_FAMILY)
- if self.source.mac is not None:
- raise FirewallError(errors.INVALID_RULE, "address and mac")
-+ if self.source.ipset is not None:
-+ raise FirewallError(errors.INVALID_RULE, "address and ipset")
- if not functions.check_address(self.family, self.source.addr):
- raise FirewallError(errors.INVALID_ADDR, str(self.source.addr))
-
- elif self.source.mac is not None:
-+ if self.source.ipset is not None:
-+ raise FirewallError(errors.INVALID_RULE, "mac and ipset")
- if not functions.check_mac(self.source.mac):
- raise FirewallError(errors.INVALID_MAC, str(self.source.mac))
-
diff --git a/firewalld.spec b/firewalld.spec
index fb542b5..8d9b612 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -2,12 +2,12 @@
Summary: A dynamic firewall daemon
Name: firewalld
-Version: 0.6.4
-Release: 2
+Version: 0.7.2
+Release: 1
URL: https://github.com/t-woerner/firewalld/
License: GPLv2+
Group: System/Base
-Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz
+Source0: https://github.com/firewalld/firewalld/archive/%{name}-%{version}.tar.gz
Source1: %{name}.rpmlintrc
Patch0: firewalld-0.2.6-MDNS-default.patch
# (tpg) try to keep nfs and samba enabled for default zones
@@ -53,6 +53,7 @@ Requires: python-qt5-core
Requires: python-qt5-dbus
Requires: python-qt5-gui
Requires: python-qt5-widgets
+Requires: python-sip
Requires: typelib(Notify)
Requires: typelib(GdkPixbuf)
@@ -65,7 +66,6 @@ Summary: Firewall configuration application
Group: System/Base
Requires: %{name} = %{EVRD}
Requires: hicolor-icon-theme
-Requires: typelib(NetworkManager)
%description -n firewall-config
The firewall configuration application provides an configuration interface for
@@ -102,6 +102,9 @@ desktop-file-install --delete-original \
--dir %{buildroot}%{_datadir}/applications \
%{buildroot}%{_datadir}/applications/firewall-config.desktop
+# (tpg) not needed
+rm -rf %{buildroot}%{_datadir}/zsh
+
%find_lang %{name} --all-name
%triggerin -- %{_prefix}/lib/firewalld/services/*.xml
@@ -138,7 +141,7 @@ desktop-file-install --delete-original \
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%{_sysconfdir}/modprobe.d/*.conf
%{_unitdir}/%{name}.service
-%config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf
+%{_datadir}/dbus-1/system.d/FirewallD.conf
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
%dir %{python_sitelib}/firewall
%dir %{python_sitelib}/firewall/config