Backport fix for RHBZ#1466093

2018-04-21 12:35:35 -07:00 · 2018-04-21 12:35:35 -07:00 · 3bfa289cc6
commit 3bfa289cc6
parent 1577a1a931
2 changed files with 41 additions and 1 deletions
--- a/0001-firewall-core-fw_transaction.py-Remove-deduplication.patch
+++ b/0001-firewall-core-fw_transaction.py-Remove-deduplication.patch
@ -0,0 +1,34 @@
+From d96999931f66819db3f146f750a4c14997a50c27 Mon Sep 17 00:00:00 2001
+From: Thomas Woerner <twoerner@redhat.com>
+Date: Thu, 1 Feb 2018 16:44:21 +0100
+Subject: [PATCH] firewall/core/fw_transaction.py: Remove deduplication in
+ add_rule
+
+Loading services from permanent configuration containing the same port numbers
+results in deduplication of the rules. This then results in an error if the
+second service gets removed from the zone.
+
+Fixes: RHBZ#1534571
+Closes: #288
+(cherry picked from commit 54835164f610593eedd71f0a7ae62ac5258d2187)
+---
+ src/firewall/core/fw_transaction.py | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/firewall/core/fw_transaction.py b/src/firewall/core/fw_transaction.py
+index 4e284687..9f167c37 100644
+--- a/src/firewall/core/fw_transaction.py
+++ b/src/firewall/core/fw_transaction.py
+@@ -128,8 +128,7 @@ class SimpleFirewallTransaction(object):
+         self.generous_mode = False
+ 
+     def add_rule(self, ipv, rule):
+-        if ipv not in self.rules or rule not in self.rules[ipv]:
+-            self.rules.setdefault(ipv, [ ]).append(rule)
+        self.rules.setdefault(ipv, [ ]).append(rule)
+ 
+     def query_rule(self, ipv, rule):
+         return ipv in self.rules and rule in self.rules[ipv]
+-- 
+2.14.3
+
--- a/firewalld.spec
+++ b/firewalld.spec
@ -8,7 +8,7 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 0.4.4.5
-Release: 3%{?dist}
+Release: 4%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/t-woerner/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
@ -21,6 +21,8 @@ Patch0: firewalld-0.2.6-MDNS-default.patch
 %endif
 Patch1: firewalld-0.4.4.5-rich_source_validation-d69b7cb.patch
 Patch2: firewalld-0.4.4.5-ipv6_icmptype_only_rich_rule_fix-cf50bd0.patch
+# Backported fix for RHBZ#1466093 / RHBZ#1534571
+Patch3: 0001-firewall-core-fw_transaction.py-Remove-deduplication.patch
 BuildArch: noarch
 BuildRequires: desktop-file-utils
 BuildRequires: gettext
@ -162,6 +164,7 @@ firewalld.
 %endif
 %patch1 -p1 -b .rich_source_validation-d69b7cb
 %patch2 -p1 -b .ipv6_icmptype_only_rich_rule_fix-cf50bd0
+%patch3 -p1 -b .deduplication-6339c1d7
 ./autogen.sh

 %if 0%{?with_python3}
@ -436,6 +439,9 @@ fi
 %{_mandir}/man1/firewall-config*.1*

 %changelog
+* Sat Apr 21 2018 Adam Williamson <awilliam@redhat.com> - 0.4.4.5-4
+- Backport fix for RHBZ#1466093
+
 * Mon Jul 31 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.4.5-3
 - Fix spec file for next RHEL versions