update firewalld version to 1.2.1

backport-fix-check-config-use-the-dictionary-variants.patch

@@ -1,50 +0,0 @@
-From c6da3bb7d14820802811f24cb6f8fb5d6bf77afd Mon Sep 17 00:00:00 2001
-From: Eric Garver <eric@garver.life>
-Date: Wed, 19 Jan 2022 15:23:15 -0500
-Subject: [PATCH] fix(check-config): use the dictionary variants
-
-It was possible for newer config fields of an io_object to not be
-checked. That is, the fields covered by check_config(), i.e. the fields
-covered by the tuple based dbus APIs.
-
-Conflict: NA
-Reference: https://github.com/firewalld/firewalld/commit/c6da3bb7d14820802811f24cb6f8fb5d6bf77afd
-
-(cherry picked from commit 3b466b8bf092256dcbd1b541df4924d154ca7386)
----
- src/firewall/core/io/functions.py | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/firewall/core/io/functions.py b/src/firewall/core/io/functions.py
-index 35a7eaf8..c357223a 100644
---- a/src/firewall/core/io/functions.py
-+++ b/src/firewall/core/io/functions.py
-@@ -73,7 +73,7 @@ def check_config(fw):
-                         obj = readers[reader]["reader"](file, _dir)
-                         if reader in ["zone", "policy"]:
-                             obj.fw_config = fw_config
--                        obj.check_config(obj.export_config())
-+                        obj.check_config_dict(obj.export_config_dict())
-                         readers[reader]["add"](obj)
-                     except FirewallError as error:
-                         raise FirewallError(error.code, "'%s': %s" % (file, error.msg))
-@@ -83,7 +83,7 @@ def check_config(fw):
-         try:
-             obj = Direct(config.FIREWALLD_DIRECT)
-             obj.read()
--            obj.check_config(obj.export_config())
-+            obj.check_config_dict(obj.export_config_dict())
-         except FirewallError as error:
-             raise FirewallError(error.code, "'%s': %s" % (config.FIREWALLD_DIRECT, error.msg))
-         except Exception as msg:
-@@ -92,7 +92,7 @@ def check_config(fw):
-         try:
-             obj = LockdownWhitelist(config.LOCKDOWN_WHITELIST)
-             obj.read()
--            obj.check_config(obj.export_config())
-+            obj.check_config_dict(obj.export_config_dict())
-         except FirewallError as error:
-             raise FirewallError(error.code, "'%s': %s" % (config.LOCKDOWN_WHITELIST, error.msg))
-         except Exception as msg:
--- 
-2.23.0

backport-fix-functions-check-config-fails-if-direct.xml-exists.patch

@@ -1,38 +0,0 @@
-From 1439a47f55ae7d226639237948fb1fab49aa81b4 Mon Sep 17 00:00:00 2001
-From: Eric Garver <eric@garver.life>
-Date: Wed, 23 Mar 2022 14:55:00 -0400
-Subject: [PATCH] fix(functions): --check-config fails if direct.xml exists
-
-Conflict: NA
-Reference: https://github.com/firewalld/firewalld/commit/1439a47f55ae7d226639237948fb1fab49aa81b4
-
-Fixes: 3b466b8bf092 ("fix(check-config): use the dictionary variants")
-(cherry picked from commit cf9ffb678134dc498c4b08444e17792e340d04a9)
----
- src/firewall/core/io/functions.py | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/firewall/core/io/functions.py b/src/firewall/core/io/functions.py
-index c357223a..63e3407d 100644
---- a/src/firewall/core/io/functions.py
-+++ b/src/firewall/core/io/functions.py
-@@ -83,7 +83,7 @@ def check_config(fw):
-         try:
-             obj = Direct(config.FIREWALLD_DIRECT)
-             obj.read()
--            obj.check_config_dict(obj.export_config_dict())
-+            obj.check_config(obj.export_config())
-         except FirewallError as error:
-             raise FirewallError(error.code, "'%s': %s" % (config.FIREWALLD_DIRECT, error.msg))
-         except Exception as msg:
-@@ -92,7 +92,7 @@ def check_config(fw):
-         try:
-             obj = LockdownWhitelist(config.LOCKDOWN_WHITELIST)
-             obj.read()
--            obj.check_config_dict(obj.export_config_dict())
-+            obj.check_config(obj.export_config())
-         except FirewallError as error:
-             raise FirewallError(error.code, "'%s': %s" % (config.LOCKDOWN_WHITELIST, error.msg))
-         except Exception as msg:
--- 
-2.23.0

backport-fix-fw_icmptype-don-t-alter-ipvs-in-io_object.patch

@@ -1,61 +0,0 @@
-From d276135878615f36c9b0128bd0bb91570b1064f3 Mon Sep 17 00:00:00 2001
-From: Eric Garver <eric@garver.life>
-Date: Mon, 11 Apr 2022 14:56:08 -0400
-Subject: [PATCH] fix(fw_icmptype): don't alter ipvs in io_object
-
-We should never modify the runtime icmptype object. This caused sanity
-failures on --runtime-to-permanent because the runtime icmptype
-pretended to be ipv4 only, but our configuration (policy
-allow-host-ipv6) used it inside an IPv6 only rich rule.
-
-For users that disable IPv6 then this probably triggered an accidental
-copy of the stock icmptype to a user icmptype, but with the ipv6 family
-dropped.
-
-Conflict: NA
-Reference: https://github.com/firewalld/firewalld/commit/d276135878615f36c9b0128bd0bb91570b1064f3
-(cherry picked from commit 9a9c9041a365fc8e12a3edf342de784cc5419a72)
----
- src/firewall/core/fw_icmptype.py | 13 +------------
- 1 file changed, 1 insertion(+), 12 deletions(-)
-
-diff --git a/src/firewall/core/fw_icmptype.py b/src/firewall/core/fw_icmptype.py
-index a565bb6d..5b75d314 100644
---- a/src/firewall/core/fw_icmptype.py
-+++ b/src/firewall/core/fw_icmptype.py
-@@ -21,7 +21,6 @@
- 
- __all__ = [ "FirewallIcmpType" ]
- 
--import copy
- from firewall.core.logger import log
- from firewall import errors
- from firewall.errors import FirewallError
-@@ -54,7 +53,6 @@ class FirewallIcmpType(object):
-         orig_ipvs = obj.destination
-         if len(orig_ipvs) == 0:
-             orig_ipvs = [ "ipv4", "ipv6" ]
--        ipvs = orig_ipvs[:]
-         for ipv in orig_ipvs:
-             if ipv == "ipv4":
-                 if not self._fw.ip4tables_enabled and not self._fw.nftables_enabled:
-@@ -68,16 +66,7 @@ class FirewallIcmpType(object):
-                 supported_icmps = [ ]
-             if obj.name.lower() not in supported_icmps:
-                 log.info1("ICMP type '%s' is not supported by the kernel for %s." % (obj.name, ipv))
--                ipvs.remove(ipv)
--        if len(ipvs) != len(orig_ipvs):
--            if len(ipvs) < 1:
--                raise FirewallError(errors.INVALID_ICMPTYPE,
--                                    "No supported ICMP type.")
--            new_obj = copy.deepcopy(obj)
--            new_obj.destination = ipvs
--            self._icmptypes[obj.name] = new_obj
--        else:
--            self._icmptypes[obj.name] = obj
-+        self._icmptypes[obj.name] = obj
- 
-     def remove_icmptype(self, icmptype):
-         self.check_icmptype(icmptype)
--- 
-2.23.0

backport-fix-service-adding-includes-to-a-built-in-service.patch

@@ -1,47 +0,0 @@
-From 598ecacee6438d7a9004162f1f1c7734b985cda3 Mon Sep 17 00:00:00 2001
-From: Eric Garver <eric@garver.life>
-Date: Tue, 1 Feb 2022 15:16:58 -0500
-Subject: [PATCH] fix(service): adding includes to a built in service
-
-Conflict: NA
-Reference: https://github.com/firewalld/firewalld/commit/598ecacee6438d7a9004162f1f1c7734b985cda3
-
-Fixes: bcdc1e2bf1e7 ("fix: dbus: add missing APIs for service includes")
-(cherry picked from commit 72ef57a1d700055a0fc2de29c63a22dbb69328e3)
----
- src/firewall/server/config_service.py | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/firewall/server/config_service.py b/src/firewall/server/config_service.py
-index dae3a4c6..3dcf63fe 100644
---- a/src/firewall/server/config_service.py
-+++ b/src/firewall/server/config_service.py
-@@ -685,7 +685,7 @@ class FirewallDConfigService(DbusServiceObject):
-         log.debug1("%s.setIncludes('%s')", self._log_prefix, includes)
-         self.parent.accessCheck(sender)
-         settings = {"includes": includes[:]}
--        self.config.set_service_config_dict(self.obj, settings)
-+        self.obj = self.config.set_service_config_dict(self.obj, settings)
-         self.Updated(self.obj.name)
- 
-     @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE,
-@@ -697,7 +697,7 @@ class FirewallDConfigService(DbusServiceObject):
-         self.parent.accessCheck(sender)
-         settings = self.config.get_service_config_dict(self.obj)
-         settings.setdefault("includes", []).append(include)
--        self.config.set_service_config_dict(self.obj, settings)
-+        self.obj = self.config.set_service_config_dict(self.obj, settings)
-         self.Updated(self.obj.name)
- 
-     @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE,
-@@ -709,7 +709,7 @@ class FirewallDConfigService(DbusServiceObject):
-         self.parent.accessCheck(sender)
-         settings = self.config.get_service_config_dict(self.obj)
-         settings["includes"].remove(include)
--        self.config.set_service_config_dict(self.obj, settings)
-+        self.obj = self.config.set_service_config_dict(self.obj, settings)
-         self.Updated(self.obj.name)
- 
-     @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE,
--- 
-2.23.0

backport-fix-zone-combined-forward-must-not-default-to-True.patch

@@ -1,29 +0,0 @@
-From cbe2802ebc62d8a04ceca2329014e835f1536423 Mon Sep 17 00:00:00 2001
-From: Eric Garver <eric@garver.life>
-Date: Thu, 14 Apr 2022 10:14:30 -0400
-Subject: [PATCH] fix(zone): combined: forward must not default to True
-
-Since we're reading on-disk config, assume forward = False as is done in
-zone_reader().
-
-Conflict: NA
-Reference: https://github.com/firewalld/firewalld/commit/cbe2802ebc62d8a04ceca2329014e835f1536423
-(cherry picked from commit 386a7327736160cb6a2d642325a26043b622a475)
----
- src/firewall/core/fw.py | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
-index 4d0ada35..547167c6 100644
---- a/src/firewall/core/fw.py
-+++ b/src/firewall/core/fw.py
-@@ -519,6 +519,7 @@ class Firewall(object):
-                 combined_zone.check_name(combined_zone.name)
-                 combined_zone.path = path
-                 combined_zone.default = False
-+                combined_zone.forward = False # see note in zone_reader()
-             else:
-                 combine = False
- 
--- 
-2.23.0

firewalld.spec

@@ -1,21 +1,15 @@
 Name:      firewalld
-Version:   1.0.2
-Release:   4
+Version:   1.2.1
+Release:   1
 Summary:   A firewall daemon with D-Bus interface providing a dynamic firewall
 License:   GPLv2+
 URL:       http://www.firewalld.org
 Source0:   https://github.com/firewalld/firewalld/releases/download/v%{version}/%{name}-%{version}.tar.gz
-#backport from gnome
+
 Patch0:    firewalld-0.2.6-MDNS-default.patch
 Patch1:    repair-test-cases.patch
 Patch2:    add-Restart-on-failure-on-firewalld.service.patch
 
-Patch3:    backport-fix-zone-combined-forward-must-not-default-to-True.patch
-Patch4:    backport-fix-fw_icmptype-don-t-alter-ipvs-in-io_object.patch
-Patch5:    backport-fix-check-config-use-the-dictionary-variants.patch
-Patch6:    backport-fix-functions-check-config-fails-if-direct.xml-exists.patch
-Patch7:    backport-fix-service-adding-includes-to-a-built-in-service.patch
-
 BuildArch:     noarch
 BuildRequires: autoconf automake desktop-file-utils gettext intltool glib2 glib2-devel systemd-units docbook-style-xsl
 BuildRequires: libxslt iptables ebtables ipset python3-devel
@@ -153,7 +147,7 @@ fi
 
 
 %files -f %{name}.lang
-%doc COPYING README
+%doc COPYING README.md
 %{_sbindir}/firewalld
 %if %{?openEuler:1}0
 %{_bindir}/firewall-config
@@ -225,7 +219,7 @@ fi
 
 %files -n firewalld-test
 %dir %{_datadir}/firewalld/testsuite
-%{_datadir}/firewalld/testsuite/README
+%{_datadir}/firewalld/testsuite/README.md
 %{_datadir}/firewalld/testsuite/testsuite
 %dir %{_datadir}/firewalld/testsuite/integration
 %{_datadir}/firewalld/testsuite/integration/testsuite
@@ -236,6 +230,12 @@ fi
 %{_datadir}/firewalld/testsuite/python/firewalld_test.py
 
 %changelog
+* Mon Nov 14 2022 yanglu <yanglu72@h-partners.com> - 1.2.1-1
+- Type:requirement
+- ID:NA
+- SUG:NA
+- DESC:update firewalld version to 1.2.1
+
 * Thu Sep 01 2022 xinghe <xinghe2@h-partnres.com> - 1.0.2-4
 - Type:bugfix
 - ID:NA