From 0b65a30f38d9dd1accec6f400d2fa3db3d711e36 Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Wed, 20 Aug 2014 18:53:02 +0200 Subject: [PATCH] 0.3.11 --- .gitignore | 1 + firewalld-0.2.6-MDNS-default.patch | 3 +-- firewalld.spec | 42 ++++++++++++++++++++++++++++-- sources | 2 +- 4 files changed, 43 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 1106dcf..b051ab2 100644 --- a/.gitignore +++ b/.gitignore @@ -29,3 +29,4 @@ /firewalld-0.3.9.2.tar.bz2 /firewalld-0.3.9.3.tar.bz2 /firewalld-0.3.10.tar.bz2 +/firewalld-0.3.11.tar.bz2 diff --git a/firewalld-0.2.6-MDNS-default.patch b/firewalld-0.2.6-MDNS-default.patch index b59803f..0316962 100644 --- a/firewalld-0.2.6-MDNS-default.patch +++ b/firewalld-0.2.6-MDNS-default.patch @@ -28,12 +28,11 @@ diff --git a/config/zones/work.xml b/config/zones/work.xml index 7e750fc..77f13c8 100644 --- a/config/zones/work.xml +++ b/config/zones/work.xml -@@ -3,6 +3,7 @@ +@@ -3,5 +3,6 @@ Work For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. + - -- diff --git a/firewalld.spec b/firewalld.spec index 0f56cf0..beb1dd5 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -1,6 +1,6 @@ Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Name: firewalld -Version: 0.3.10 +Version: 0.3.11 Release: 1%{?dist} URL: http://fedorahosted.org/firewalld License: GPLv2+ @@ -59,7 +59,7 @@ firewalld. %endif %build -%configure --enable-sysconfig +%configure --enable-sysconfig --enable-rpmmacros %install make install DESTDIR=%{buildroot} @@ -76,6 +76,19 @@ desktop-file-install --delete-original \ %post %systemd_post firewalld.service +# on upgrade allow ipp-client service in active home/internal/work +# if cups-browsed service is enabled to not break someones printing (RHBZ#1105639) +systemctl -q is-enabled cups-browsed +if [[ "$?" -eq 0 && "$1" -eq 2 ]]; then + ZONES=( 'home' 'internal' 'work' ) + N_ZONES=${#ZONES[@]} + for (( i=0;i<$N_ZONES;i++)); do + zone=${ZONES[${i}]} + [[ $(firewall-cmd --get-active-zones) = *${zone}* ]] && firewall-cmd -q --permanent --zone ${zone} --add-service "ipp-client" + done +fi +exit 0 + %preun %systemd_preun firewalld.service @@ -154,6 +167,7 @@ fi %{_mandir}/man1/firewall*cmd*.1* %{_mandir}/man1/firewalld*.1* %{_mandir}/man5/firewall*.5* +%{_rpmconfigdir}/macros.d/macros.firewalld %files -n firewall-applet %{_bindir}/firewall-applet @@ -175,6 +189,30 @@ fi %{_mandir}/man1/firewall-config*.1* %changelog +* Wed Aug 20 2014 Jiri Popelka - 0.3.11-1 +- firewalld: + - improve error messages + - check built-in chains in direct chain handling functions (RHBZ#1120619) + - dbus_to_python() check whether input is of expected type (RHBZ#1122018) + - handle negative timeout values (RHBZ#1124476) + - warn when Command/Uid/Use/Context already in lockdown whitelist (RHBZ#1126405) + - make --lockdown-{on,off} work again (RHBZ#1111573) +- firewall-cmd: + - --timeout now accepts time units (RHBZ#994044) +- firewall-config: + - show active (not default) zones in bold (RHBZ#993655) +- configuration: + - remove ipp-client service from all zones (RHBZ#1105639). + - fallbacks for missing values in firewalld.conf + - create missing dirs under /etc if needed + - add -Es to python command in lockdown-whitelist.xml (RHBZ#1099065) +- docs: + - 'direct' methods concern only chains/rules added via 'direct' (RHBZ#1120619) + - --remove-[interface/source] don't need a zone to be specified (RHBZ#1125851) + - various fixes in firewalld.zone(5), firewalld.dbus(5), firewalld.direct(5) +- others: + - rpm macros for easier packaging of e.g. services + * Wed May 28 2014 Jiri Popelka - 0.3.10-1 - new services: freeipa-*, puppermaster, amanda-k5, synergy, xmpp-*, tor, privoxy, sane diff --git a/sources b/sources index 4beb579..c52ffdd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -1c26399c15a9655bbc159296f2ba8793 firewalld-0.3.10.tar.bz2 +c3224b26f518652aced8af59793a6cf5 firewalld-0.3.11.tar.bz2