[firewalld/f18: 2/2] Merge branch 'master' into f18
Jiří Popelka
jpopelka at fedoraproject.org
Thu Oct 17 16:23:30 UTC 2013
commit 2e63d061d877c7306bb39c253b5d79631ef2ee88
Merge: 36e6ace 71ed813
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Thu Oct 17 18:19:32 2013 +0200
Merge branch 'master' into f18
.gitignore | 1 +
firewalld.spec | 12 +++++++++++-
sources | 2 +-
3 files changed, 13 insertions(+), 2 deletions(-)
---
diff --cc firewalld.spec
index 00b38e1,503601b..7196fe4
--- a/firewalld.spec
+++ b/firewalld.spec
@@@ -189,14 -189,294 +189,24 @@@ f
%{_mandir}/man1/firewall-config*.1*
%changelog
+ * Thu Oct 17 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.7-1
+ - Don't fail on missing ip[6]tables/ebtables table. (RHBZ#967376)
+ - bash-completion: --permanent --direct options
+ - firewall/core/fw.py: fix checking for iptables & ip6tables (RHBZ#1017087)
+ - firewall-cmd: use client's exception_handler instead of catching exceptions ourselves
+ - FirewallClientZoneSettings: fix {add|remove|query}RichRule()
+ - Extend amanda-client service with 10080/tcp (RHBZ#1016867)
+ - Simplify Rich_Rule()_lexer() by using functions.splitArgs()
+ - Fix encoding problems in exception handling (RHBZ#1015941)
+
* Fri Oct 04 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.6.2-1
-- firewall-offline-cmd: --forward-port 'toaddr' is optional (RHBZ#1014958)
-- firewall-cmd: fix variable name (RHBZ#1015011)
+- 0.3.6.2
-* Thu Oct 03 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.6.1-1
-- remove superfluous po files from archive
+* Thu Jun 20 2013 Jiri Popelka <jpopelka at redhat.com> - 0.2.12-6
+- Fix firewall-config error handling (RHBZ#951850)
-* Wed Oct 02 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.6-1
-- firewalld.richlanguage.xml: correct log levels (RHBZ#993740)
-- firewall-config: Make sure that all zone settings are updated properly on firewalld restart
-- Rich_Limit: Allow long representation for duration (RHBZ#994103
-- firewall-config: Show "Changes applied." after changes (RHBZ#993643)
-- Use own connection dialog to change zones for NM connections
-- Rename service cluster-suite to high-availability (RHBZ#885257)
-- Permanent direct support for firewall-config and firewall-cmd
-- Try to avoid file descriptor leaking (RHBZ#951900)
-- New functions to split and join args properly (honoring quotes)
-- firewall-cmd(1): 2 simple examples
-- Better IPv6 NAT checking.
-- Ship firewalld.direct(5).
-
-* Mon Sep 30 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.5-1
-- Only use one PK action for configuration (RHBZ#994729)
-- firewall-cmd: indicate non-zero exit code with red color
-- rich-rule: enable to have log without prefix & log_level & limit
-- log-level warn/err -> warning/error (RHBZ#1009436)
-- Use policy DROP while reloading, do not reset policy in restart twice
-- Add _direct chains to all table and chain combinations
-- documentation improvements
-- New firewalld.direct(5) man page docbook source
-- tests/firewall-cmd_test.sh: make rich language tests work
-- Rich_Rule._import_from_string(): improve error messages (RHBZ#994150)
-- direct.passthrough wasn't always matching out_signature (RHBZ#967800)
-- firewall-config: twist ICMP Type IP address family logic.
-- firewall-config: port-forwarding/masquerading dialog (RHBZ#993658)
-- firewall-offline-cmd: New --remove-service=<service> option (BZ#969106)
-- firewall-config: Options->Lockdown was not changing permanent.
-- firewall-config: edit line on doubleclick (RHBZ#993572)
-- firewall-config: System Default Zone -> Default Zone (RHBZ#993811)
-- New direct D-Bus interface, persistent direct rule handling, enabled passthough
-- src/firewall-cmd: Fixed help output to use more visual parameters
-- src/firewall-cmd: New usage output, no redirection to man page anymore
-- src/firewall/core/rich.py: Fixed forwad port destinations
-- src/firewall-offline-cmd: Early enable/disable handling now with mask/unmask
-- doc/xml/firewalld.zone.xml: Added more information about masquerade use
-- Prefix to log message is optional (RHBZ#998079)
-- firewall-cmd: fix --permanent --change-interface (RHBZ#997974)
-- Sort zones/interfaces/service/icmptypes on output.
-- wbem-https service (RHBZ#996668)
-- applet&config: add support for KDE NetworkManager connection editor
-- firewall/core/fw_config.py: New method update_lockdown_whitelist
-- Added missing file watcher for lockdown whitelist in config D-Bus interface
-- firewall/core/watcher: New add_watch_file for lockdown-whitelist and direct
-- Make use of IPv6 NAT conditional, based on kernel number (RHBZ#967376)
-
-* Tue Jul 30 2013 Thomas Woerner <twoerner at redhat.com> 0.3.4-1
-- several rich rule check enhancements and fixes
-- firewall-cmd: direct options - check ipv4|ipv6|eb (RHBZ#970505)
-- firewall-cmd(1): improve description of direct options (RHBZ#970509)
-- several firewall-applet enhancements and fixes
-- New README
-- several doc and man page fixes
-- Service definitions for PCP daemons (RHBZ#972262)
-- bash-completion: add lockdown and rich language options
-- firewall-cmd: add --permanent --list-all[-zones]
-- firewall-cmd: new -q/--quiet option
-- firewall-cmd: warn when default zone not active (RHBZ#971843)
-- firewall-cmd: check priority in --add-rule (RHBZ#914955)
-- add dhcpv6 (for server) service (RHBZ#917866)
-- firewall-cmd: add --permanent --get-zone-of-interface/source --change-interface/source
-- firewall-cmd: print result (yes/no) of all --query-* commands
-- move permanent-getZoneOf{Interface|Source} from firewall-cmd to server
-- Check Interfaces/sources when updating permanent zone settings.
-- FirewallDConfig: getZoneOfInterface/Source can actually return more zones
-- Fixed toaddr check in forward port to only allow single address, no range
-- firewall-cmd: various output improvements
-- fw_zone: use check_single_address from firewall.functions
-- getZoneOfInterface/Source does not need to throw exception
-- firewall.functions: Use socket.inet_pton in checkIP, fixed checkIP*nMask
-- firewall.core.io.service: Properly check port/proto and destination address
-- Install applet desktop file into /etc/xdg/autostart
-- Fixed option problem with rich rule destinations (RHBZ#979804)
-- Better exception creation in dbus_handle_exceptions() decorator (RHBZ#979790)
-- Updated firewall-offline-cmd
-- Use priority in add, remove, query and list of direct rules (RHBZ#979509)
-- New documentation (man pages are created from docbook sources)
-- firewall/core/io/direct.py: use prirority for rule methods, new get_all_ methods
-- direct: pass priority also to client.py and firewall-cmd
-- applet: New blink and blink-count settings
-- firewall.functions: New function ppid_of_pid
-- applet: Check for gnome3 and fix it, use new settings, new size-changed cb
-- firewall-offline-cmd: Fix use of systemctl in chroot
-- firewall-config: use string.ascii_letters instead of string.letters
-- dbus_to_python(): handle non-ascii chars in dbus.String.
-- Modernize old syntax constructions.
-- dict.keys() in Python 3 returns a "view" instead of list
-- Use gettext.install() to install _() in builtins namespace.
-- Allow non-ascii chars in 'short' and 'description'
-- README: More information for "Working With The Source Repository"
-- Build environment fixes
-- firewalld.spec: Added missing checks for rhel > 6 for pygobject3-base
-- firewall-applet: New setting show-inactive
-- Don't stop on reload when lockdown already enabled (RHBZ#987403)
-- firewall-cmd: --lockdown-on/off did not touch firewalld.conf
-- FirewallApplet.gschema.xml: Dropped unused sender-info setting
-- doc/firewall-applet.xml: Added information about gsettings
-- several debug and log message fixes
-- Add chain for sources so they can be checked before interfaces (RHBZ#903222)
-- Add dhcp and proxy-dhcp services (RHBZ#986947)
-- io/Zone(): don't error on deprecated family attr of source elem
-- Limit length of zone file name (to 12 chars) due to Netfilter internals.
-- It was not possible to overload a zone with defined source(s).
-- DEFAULT_ZONE_TARGET: {chain}_ZONE_{zone} -> {chain}_{zone}
-- New runtime get<X>Settings for services and icmptypes, fixed policies callbacks
-- functions: New functions checkUser, checkUid and checkCommand
-- src/firewall/client: Fixed lockdown-whitelist-updated signal handling
-- firewall-cmd(1): move firewalld.richlanguage(5) reference in --*-rich-rule
-- Rich rule service: Only add modules for accept action
-- firewall/core/rich: Several fixes and enhanced checks
-- Fixed reload of direct rules
-- firewall/client: New functions to set and get the exception handler
-- firewall-config: New and enhanced UI to handle lockdown and rich rules
-- zone's immutable attribute is redundant
-- Do not allow to set settings in config for immutable zones.
-- Ignore deprecated 'immutable' attribute in zone files.
-- Eviscerate 'immutable' completely.
-- FirewallDirect.query_rule(): fix it
-- permanent direct: activate firewall.core.io.direct:Direct reader
-- core/io/*: simplify getting of character data
-- FirewallDirect.set_config(): allow reloading
-
-* Thu Jun 20 2013 Jiri Popelka <jpopelka at redhat.com>
-- Remove migrating to a systemd unit file from a SysV initscript
-- Remove pointless "ExclusiveOS" tag
-
-* Fri Jun 7 2013 Thomas Woerner <twoerner at redhat.com> 0.3.3-2
-- Fixed rich rule check for use in D-Bus
-
-* Thu Jun 6 2013 Thomas Woerner <twoerner at redhat.com> 0.3.3-1
-- new service files
-- relicensed logger.py under GPLv2+
-- firewall-config: sometimes we don't want to use client's exception handler
-- When removing Service/IcmpType remove it from zones too (RHBZ#958401)
-- firewall-config: work-around masquerade_check_cb() being called more times
-- Zone(IO): add interfaces/sources to D-Bus signature
-- Added missing UNKNOWN_SOURCE error code
-- fw_zone.check_source: Raise INVALID_FAMILY if family is invalid
-- New changeZoneOfInterface method, marked changeZone as deprecated
-- Fixed firewall-cmd man page entry for --panic-on
-- firewall-applet: Fixed possible problems of unescaped strings used for markup
-- New support to bind zones to source addresses and ranges (D-BUS, cmd, applet
-- Cleanup of unused variables in FirewallD.start
-- New firewall/fw_types.py with LastUpdatedOrderedDict
-- direct.chains, direct.rules: Using LastUpdatedOrderedDict
-- Support splitted zone files
-- New reader and writer for stored direct chains and rules
-- LockdownWhitelist: fix write(), add get_commands/uids/users/contexts()
-- fix service_writer() and icmptype_writer() to put newline at end of file
-- firewall-cmd: fix --list-sources
-- No need to specify whether source address family is IPv4 or IPv6
-- add getZoneOfSource() to D-Bus interface
-- Add tests and bash-completion for the new "source" operations
-- Convert all input args in D-Bus methods
-- setDefaultZone() was calling accessCheck() *after* the action
-- New uniqify() function to remove duplicates from list whilst preserving order
-- Zone.combine() merge also services and ports
-- config/applet: silence DBusException during start when FirewallD is not running (RHBZ#966518)
-- firewall-applet: more fixes to make the address sources family agnostic
-- Better defaults for lockdown white list
-- Use auth_admin_keep for allow_any and allow_inactive also
-- New D-Bus API for lockdown policies
-- Use IPv4, IPv6 and BRIDGE for FirewallD properties
-- Use rich rule action as audit type
-- Prototype of string-only D-Bus interface for rich language
-- Fixed wrongly merged source family check in firewall/core/io/zone.py
-- handle_cmr: report errors, cleanup modules in error case only, mark handling
-- Use audit type from rule action, fixed rule output
-- Fixed lockdown whitelist D-Bus handling method names
-- New rich rule handling in runtime D-Bus interface
-- Added interface, source and rich rule handling (runtime and permanent)
-- Fixed dbus_obj in FirewallClientConfigPolicies, added queryLockdown
-- Write changes in setLockdownWhitelist
-- Fixed typo in policies log message in method calls
-- firewall-cmd: Added rich rule, lockdown and lockdown whitelist handling
-- Don't check access in query/getLockdownWhitelist*()
-- firewall-cmd: Also output masquerade flag in --list-all
-- firewall-cmd: argparse is able to convert argument to desired type itself
-- firewall-cmd_test.sh: tests for permanent interfaces/sources and lockdown whitelist
-- Makefile.am: add missing files
-- firewall-cmd_test.sh: tests for rich rules
-- Added lockdown, source, interface and rich rule docs to firewall-cmd
-- Do not masquerade lo if masquerade is enabled in the default zone (RHBZ#904098)
-- Use <rule> in metavar for firewall-cmd parser
-
-* Fri May 10 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.2-2
-- removed unintentional en_US.po from tarball
-
-* Tue Apr 30 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.2-1
-- Fix signal handling for SIGTERM
-- Additional service files (RHBZ#914859)
-- Updated po files
-- s/persistent/permanent/ (Trac Ticket #7)
-- Better behaviour when running without valid DISPLAY (RHBZ#955414)
-- client.handle_exceptions(): do not loop forever
-- Set Zone.defaults in zone_reader (RHBZ#951747)
-- client: do not pass the dbus exception name to handler
-- IO_Object_XMLGenerator: make it work with Python 2.7.4 (RHBZ#951741)
-- firewall-cmd: do not use deprecated BaseException.message
-- client.py: fix handle_exceptions() (RHBZ#951314)
-- firewall-config: check zone/service/icmptype name (RHBZ#947820)
-- Allow 3121/tcp (pacemaker_remote) in cluster-suite service. (RHBZ#885257)
-- firewall-applet: fix default zone hangling in 'shields-up' (RHBZ#947230)
-- FirewallError.get_code(): check for unknown error
-
-* Wed Apr 17 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.1-2
-- Make permanenent changes work with Python 2.7.4 (RHBZ#951741)
-
-* Thu Mar 28 2013 Thomas Woerner <twoerner at redhat.com> 0.3.1-1
-- Use explicit file lists for make dist
-- New rich rule validation check code
-- New global check_port and check_address functions
-- Allow source white and black listing with the rich rule
-- Fix error handling in case of unsupported family in rich rule
-- Enable ip_forwarding in masquerade and forward-port
-- New functions to read and write simple files using filename and content
-- Add --enable-sysconfig to install Fedora-specific sysconfig config file.
-- Add chains for security table (RHBZ#927015)
-- firewalld.spec: no need to specify --with-systemd-unitdir
-- firewalld.service: remove syslog.target and dbus.target
-- firewalld.service: replace hard-coded paths
-- Move bash-completion to new location.
-- Revert "Added configure for new build env"
-- Revert "Added Makefile.in files"
-- Revert "Added po/Makefile.in.in"
-- Revert "Added po/LINGUAS"
-- Revert "Added aclocal.m4"
-- Amend zone XML Schema
-
-* Wed Mar 20 2013 Thomas Woerner <twoerner at redhat.com> 0.3.0-1
-- Added rich language support
-- Added lockdown feature
-- Allow to bind interfaces and sources to zones permanently
-- Enabled IPv6 NAT support
- masquerading and port/packet forwarding for IPv6 only with rich language
-- Handle polkit errors in client class and firewall-config
-- Added priority description for --direct --add-rule in firewall-cmd man page
-- Add XML Schemas for zones/services/icmptypes XMLs
-- Don't keep file descriptors open when forking
-- Introduce --nopid option for firewalld
-- New FORWARD_IN_ZONES and FORWARD_OUT_ZONES chains (RHBZ#912782)
-- Update cluster-suite service (RHBZ#885257)
-- firewall-cmd: rename --enable/disable-panic to --panic-on/off (RHBZ#874912)
-- Fix interaction problem of changed event of gtk combobox with polkit-kde
- by processing all remaining events (RHBZ#915892)
-- Stop default zone rules being applied to all zones (RHBZ#912782)
-- Firewall.start(): don't call set_default_zone()
-- Add wiki's URL to firewalld(1) and firewall-cmd(1) man pages
-- firewalld-cmd: make --state verbose (RHBZ#886484)
-- improve firewalld --help (RHBZ#910492)
-- firewall-cmd: --add/remove-* can be used multiple times (RHBZ#879834)
-- Continue loading zone in case of wrong service/port etc. (RHBZ#909466)
-- Check also services and icmptypes in Zone() (RHBZ#909466)
-- Increase the maximum length of the port forwarding fields from 5 to 11 in
- firewall-config
-- firewall-cmd: add usage to fail message
-- firewall-cmd: redefine usage to point to man page
-- firewall-cmd: fix visible problems with arg. parsing
-- Use argparse module for parsing command line options and arguments
-- firewall-cmd.1: better clarify where to find ACTIONs
-- firewall-cmd Bash completion
-- firewall-cmd.1: comment --zone=<zone> usage and move some options
-- Use zone's target only in %s_ZONES chains
-- default zone in firewalld.conf was set to public with every restart (#902845)
-- man page cleanup
-- code cleanup
-
-* Thu Mar 07 2013 Jiri Popelka <jpopelka at redhat.com> - 0.2.12-5
-- Another fix for RHBZ#912782
+* Wed Apr 03 2013 Jiri Popelka <jpopelka at redhat.com> - 0.2.12-5
+- Fixes for RHBZ#903475, RHBZ#909466, RHBZ#915985, RHBZ#947230
* Wed Feb 20 2013 Jiri Popelka <jpopelka at redhat.com> - 0.2.12-4
- Stop default zone rules being applied to all zones (RHBZ#912782)
More information about the scm-commits
mailing list