Remove kernel version requirement

Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>

.gitignore

@@ -51,3 +51,4 @@
 /firewalld-0.5.3.tar.gz
 /firewalld-0.6.0.tar.gz
 /firewalld-0.6.1.tar.gz
+/firewalld-0.6.2.tar.gz

0001-Fix-translating-labels-392.patch

@@ -0,0 +1,35 @@
+From 5494006021e83f27195dc902c3c9fd024e71dc3b Mon Sep 17 00:00:00 2001
+From: MeggyCal <MeggyCal@users.noreply.github.com>
+Date: Thu, 20 Sep 2018 15:37:17 +0200
+Subject: [PATCH] Fix translating labels (#392)
+
+Fix for #344 was incomplete, the "flags" were not translating and the reported bug was still active.
+
+Fixes: #344
+(cherry picked from commit e657200927a9f0f41fbed95640cd47e2a5836c6f)
+---
+ src/firewall-config.glade | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/firewall-config.glade b/src/firewall-config.glade
+index 22bed58aafaf..75c229b408fd 100644
+--- a/src/firewall-config.glade
++++ b/src/firewall-config.glade
+@@ -10135,10 +10135,10 @@
+                             <property name="halign">start</property>
+                             <property name="valign">start</property>
+                             <items>
+-                              <item>accept</item>
+-                              <item>reject</item>
+-                              <item>drop</item>
+-                              <item>mark</item>
++                              <item translatable="yes">accept</item>
++                              <item translatable="yes">reject</item>
++                              <item translatable="yes">drop</item>
++                              <item translatable="yes">mark</item>
+                             </items>
+                             <signal name="changed" handler="on_richRuleDialog_changed" swapped="no"/>
+                           </object>
+-- 
+2.18.0
+

0001-fedora-patch-to-default-to-iptables-backend.patch

@@ -0,0 +1,116 @@
+From a628d6e3a710fb8379cf2fb319cdafc06dd2dad6 Mon Sep 17 00:00:00 2001
+From: Eric Garver <e@erig.me>
+Date: Thu, 30 Aug 2018 16:34:19 -0400
+Subject: [PATCH] fedora patch to default to iptables backend
+
+---
+ config/firewalld.conf                  |  7 -------
+ src/firewall/config/__init__.py.in     |  2 +-
+ src/firewall/core/io/firewalld_conf.py | 17 +++++++++++++++++
+ src/tests/dbus/firewalld.conf.at       |  2 +-
+ src/tests/functions.at                 |  4 ++--
+ 5 files changed, 21 insertions(+), 11 deletions(-)
+
+diff --git a/config/firewalld.conf b/config/firewalld.conf
+index b53c0aa50c53..63df409bf567 100644
+--- a/config/firewalld.conf
++++ b/config/firewalld.conf
+@@ -55,10 +55,3 @@ LogDenied=off
+ # will be used. Possible values are: yes, no and system.
+ # Default: system
+ AutomaticHelpers=system
+-
+-# FirewallBackend
+-# Selects the firewall backend implementation.
+-# Choices are:
+-#	- nftables (default)
+-#	- iptables (iptables, ip6tables, ebtables and ipset)
+-FirewallBackend=nftables
+diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
+index 955be32077e1..cff7c3fe9025 100644
+--- a/src/firewall/config/__init__.py.in
++++ b/src/firewall/config/__init__.py.in
+@@ -129,4 +129,4 @@ FALLBACK_IPV6_RPFILTER = True
+ FALLBACK_INDIVIDUAL_CALLS = False
+ FALLBACK_LOG_DENIED = "off"
+ FALLBACK_AUTOMATIC_HELPERS = "system"
+-FALLBACK_FIREWALL_BACKEND = "nftables"
++FALLBACK_FIREWALL_BACKEND = "iptables"
+diff --git a/src/firewall/core/io/firewalld_conf.py b/src/firewall/core/io/firewalld_conf.py
+index 4d57bad693c1..6264f45a1913 100644
+--- a/src/firewall/core/io/firewalld_conf.py
++++ b/src/firewall/core/io/firewalld_conf.py
+@@ -240,6 +240,12 @@ class firewalld_conf(object):
+                     if key not in done:
+                         if (key in self._config and \
+                                 self._config[key] != value):
++                            # Only write FirewallBackend if it's not the default.
++                            # We will change the default in the future.
++                            if key == "FirewallBackend" and \
++                               self._config[key] == config.FALLBACK_FIREWALL_BACKEND:
++                                done.append(key)
++                                continue
+                             empty = False
+                             temp_file.write(u'%s=%s\n' %
+                                             (key, self._config[key]))
+@@ -247,6 +253,12 @@ class firewalld_conf(object):
+                         elif key in self._deleted:
+                             modified = True
+                         else:
++                            # Only write FirewallBackend if it's not the default.
++                            # We will change the default in the future.
++                            if key == "FirewallBackend" and \
++                               value == config.FALLBACK_FIREWALL_BACKEND:
++                                done.append(key)
++                                continue
+                             empty = False
+                             temp_file.write(line+u"\n")
+                         done.append(key)
+@@ -258,6 +270,11 @@ class firewalld_conf(object):
+             for (key,value) in self._config.items():
+                 if key in done:
+                     continue
++                # Only write FirewallBackend if it's not the default.
++                # We will change the default in the future.
++                if key == "FirewallBackend" and \
++                   value == config.FALLBACK_FIREWALL_BACKEND:
++                    continue
+                 if not empty:
+                     temp_file.write(u"\n")
+                     empty = True
+diff --git a/src/tests/dbus/firewalld.conf.at b/src/tests/dbus/firewalld.conf.at
+index 473210de10af..44e649111ffb 100644
+--- a/src/tests/dbus/firewalld.conf.at
++++ b/src/tests/dbus/firewalld.conf.at
+@@ -5,7 +5,7 @@ DBUS_GETALL([config], [config], 0, [dnl
+ string "AutomaticHelpers" : variant string "system"
+ string "CleanupOnExit" : variant string "no"
+ string "DefaultZone" : variant string "public"
+-string "FirewallBackend" : variant string "nftables"
++string "FirewallBackend" : variant string "iptables"
+ m4_if(no, HOST_SUPPORTS_NFT_FIB, [dnl
+ string "IPv6_rpfilter" : variant string "no"],[dnl
+ string "IPv6_rpfilter" : variant string "yes"])
+diff --git a/src/tests/functions.at b/src/tests/functions.at
+index 3b79a9f31305..dd7b43d9dac6 100644
+--- a/src/tests/functions.at
++++ b/src/tests/functions.at
+@@ -65,13 +65,13 @@ m4_define([FWD_START_TEST], [
+     fi
+ 
+     m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
+-        m4_define_default([FIREWALL_BACKEND], [nftables])
++        m4_define_default([FIREWALL_BACKEND], [iptables])
+ 
+         dnl don't unload modules or bother cleaning up, the namespace will be deleted
+         AT_CHECK([sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf])
+ 
+         dnl set the appropriate backend
+-        AT_CHECK([sed -i 's/^FirewallBackend.*/FirewallBackend=FIREWALL_BACKEND/' ./firewalld.conf])
++        AT_CHECK([echo "FirewallBackend=FIREWALL_BACKEND" >> ./firewalld.conf])
+ 
+         dnl fib matching is pretty new in nftables. Don't use rpfilter on older
+         dnl kernels.
+-- 
+2.18.0
+

0001-fw_transaction-On-clear-zone-transaction-must-clear-.patch

@@ -0,0 +1,48 @@
+From 2e53fab83ac844c1d2fb2781116ad47b8900ab85 Mon Sep 17 00:00:00 2001
+From: Eric Garver <e@erig.me>
+Date: Fri, 21 Sep 2018 11:02:18 -0400
+Subject: [PATCH 1/2] fw_transaction: On clear zone transaction, must clear fw
+ and other zones
+
+Just like FirewallZoneTransaction.execute() that was spawned from a
+FirewallTransaction must call FirewallTransaction.exectue() we should
+also make sure the same is done for clear(). Otherwise we can end up
+with a partially cleared transaction. This gets really hairy if the
+FirewallTransaction contains many instances of FirewallZoneTransaction
+which is common during startup with non-default configuration.
+
+Fixes: #374
+---
+ src/firewall/core/fw_transaction.py | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/src/firewall/core/fw_transaction.py b/src/firewall/core/fw_transaction.py
+index f169e4a923dd..ad204c1991cf 100644
+--- a/src/firewall/core/fw_transaction.py
++++ b/src/firewall/core/fw_transaction.py
+@@ -231,9 +231,19 @@ class FirewallZoneTransaction(SimpleFirewallTransaction):
+         self.modules = [ ] # [ module,.. ]
+ 
+     def clear(self):
+-        super(FirewallZoneTransaction, self).clear()
+-        del self.chains[:]
+-        del self.modules[:]
++        # calling clear on a zone_transaction that was spawned from a
++        # FirewallTransaction needs to clear the fw_transaction and all the
++        # other zones otherwise we end up with a partially cleared transaction.
++        if self.fw_transaction:
++            super(FirewallTransaction, self.fw_transaction).clear()
++            for zone in self.fw_transaction.zone_transactions.keys():
++                super(FirewallZoneTransaction, self.fw_transaction.zone_transactions[zone]).clear()
++                del self.fw_transaction.zone_transactions[zone].chains[:]
++                del self.fw_transaction.zone_transactions[zone].modules[:]
++        else:
++            super(FirewallZoneTransaction, self).clear()
++            del self.chains[:]
++            del self.modules[:]
+ 
+     def prepare(self, enable, rules=None, modules=None):
+         log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "..."))
+-- 
+2.18.0
+

firewalld.spec

@@ -1,13 +1,16 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
-Version: 0.6.1
-Release: 1%{?dist}
+Version: 0.6.2
+Release: 1.0.riscv64%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1: FedoraServer.xml
 Source2: FedoraWorkstation.xml
 Patch0: firewalld-0.2.6-MDNS-default.patch
+Patch1: 0001-fedora-patch-to-default-to-iptables-backend.patch
+Patch2: 0001-fw_transaction-On-clear-zone-transaction-must-clear-.patch
+Patch3: 0001-Fix-translating-labels-392.patch
 BuildArch: noarch
 BuildRequires: autoconf
 BuildRequires: automake
@@ -24,7 +27,7 @@ BuildRequires: nftables
 BuildRequires: python3-devel
 Requires: iptables, ebtables, ipset
 Requires: nftables >= 0.9.0
-Requires: kernel >= 4.18.0
+#Requires: kernel >= 4.18.0
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@@ -270,6 +273,16 @@ fi
 %{_mandir}/man1/firewall-config*.1*
 
 %changelog
+* Thu Oct 04 2018 David Abdurachmanov <david.abdurachmanov@gmail.com> - 0.6.2-1.0.riscv64
+- Remove kernel version requirement (needed for RISC-V)
+
+* Fri Sep 21 2018 Eric Garver <egarver@redhat.com> - 0.6.2-1
+- rebase package to v0.6.2
+- includes patch to fix zone transaction clear
+
+* Fri Aug 10 2018 Eric Garver <egarver@redhat.com> - 0.6.1-2
+- default to iptables backend
+
 * Fri Aug 10 2018 Eric Garver <egarver@redhat.com> - 0.6.1-1
 - rebase package to v0.6.1
 

sources

@@ -1 +1 @@
-SHA512 (firewalld-0.6.1.tar.gz) = 49896d59bb90bf3b8750826d52d04502629f691c137080af732ba05beae2d2140ad61c36da099c518de026e72fdc2028b79f6a1a04c0900edbd2c923f57c18f1
+SHA512 (firewalld-0.6.2.tar.gz) = 3bb4c95e24751aab0d71e4fb51db78b4a9c6b5869053e17528784369efaf14ea028f65ee616fd2fbf4d1c8dca18586c6032f078cb2c036728fb06d7969a5136a