Merge branch 'f20' into f21

.gitignore

@@ -29,3 +29,4 @@
 /firewalld-0.3.9.2.tar.bz2
 /firewalld-0.3.9.3.tar.bz2
 /firewalld-0.3.10.tar.bz2
+/firewalld-0.3.11.tar.bz2

firewalld-0.2.6-MDNS-default.patch

@@ -28,12 +28,11 @@ diff --git a/config/zones/work.xml b/config/zones/work.xml
 index 7e750fc..77f13c8 100644
 --- a/config/zones/work.xml
 +++ b/config/zones/work.xml
-@@ -3,6 +3,7 @@
+@@ -3,5 +3,6 @@
    <short>Work</short>
    <description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
    <service name="ssh"/>
 +  <service name="mdns"/>
-   <service name="ipp-client"/>
    <service name="dhcpv6-client"/>
  </zone>
 -- 

firewalld.spec

@@ -1,7 +1,7 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
-Version: 0.3.10
-Release: 5%{?dist}
+Version: 0.3.11
+Release: 1%{?dist}
 URL: http://fedorahosted.org/firewalld
 License: GPLv2+
 Source0: https://fedorahosted.org/released/firewalld/%{name}-%{version}.tar.bz2
@@ -98,7 +98,7 @@ Workstation product specific firewalld configuration settings.
 %endif
 
 %build
-%configure --enable-sysconfig
+%configure --enable-sysconfig --enable-rpmmacros
 
 %install
 make install DESTDIR=%{buildroot}
@@ -139,6 +139,19 @@ rm -f %{buildroot}%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.poli
 %post
 %systemd_post firewalld.service
 
+# on upgrade allow ipp-client service in active home/internal/work
+# if cups-browsed service is enabled to not break someones printing (RHBZ#1105639)
+systemctl -q is-enabled cups-browsed
+if [[ "$?" -eq 0 && "$1" -eq 2 ]]; then
+  ZONES=( 'home' 'internal' 'work' )
+  N_ZONES=${#ZONES[@]}
+  for (( i=0;i<$N_ZONES;i++)); do
+    zone=${ZONES[${i}]}
+    [[ $(firewall-cmd --get-active-zones) = *${zone}* ]] && firewall-cmd -q --permanent --zone ${zone} --add-service "ipp-client"
+  done
+fi
+exit 0
+
 %preun
 %systemd_preun firewalld.service
 
@@ -262,6 +275,7 @@ fi
 %{_mandir}/man1/firewall*cmd*.1*
 %{_mandir}/man1/firewalld*.1*
 %{_mandir}/man5/firewall*.5*
+%{_rpmconfigdir}/macros.d/macros.firewalld
 
 %files -n firewall-applet
 %{_bindir}/firewall-applet
@@ -300,6 +314,30 @@ fi
 %endif
 
 %changelog
+* Wed Aug 20 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.11-1
+- firewalld:
+  - improve error messages
+  - check built-in chains in direct chain handling functions (RHBZ#1120619)
+  - dbus_to_python() check whether input is of expected type (RHBZ#1122018)
+  - handle negative timeout values (RHBZ#1124476)
+  - warn when Command/Uid/Use/Context already in lockdown whitelist (RHBZ#1126405)
+  - make --lockdown-{on,off} work again (RHBZ#1111573)
+- firewall-cmd:
+  - --timeout now accepts time units (RHBZ#994044)
+- firewall-config:
+  - show active (not default) zones in bold (RHBZ#993655)
+- configuration:
+  - remove ipp-client service from all zones (RHBZ#1105639).
+  - fallbacks for missing values in firewalld.conf
+  - create missing dirs under /etc if needed
+  - add -Es to python command in lockdown-whitelist.xml (RHBZ#1099065)
+- docs:
+  - 'direct' methods concern only chains/rules added via 'direct' (RHBZ#1120619)
+  - --remove-[interface/source] don't need a zone to be specified (RHBZ#1125851)
+  - various fixes in firewalld.zone(5), firewalld.dbus(5), firewalld.direct(5)
+- others:
+  - rpm macros for easier packaging of e.g. services
+
 * Tue Jul 22 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.10-5
 - Fixed wrong default zone names for server and workstation (RHBZ#1120296)
 

sources

@@ -1 +1 @@
-1c26399c15a9655bbc159296f2ba8793  firewalld-0.3.10.tar.bz2
+c3224b26f518652aced8af59793a6cf5  firewalld-0.3.11.tar.bz2