[firewalld/f18: 2/2] Merge branch 'master' into f18

Thu Oct 17 16:23:30 UTC 2013

commit 2e63d061d877c7306bb39c253b5d79631ef2ee88
Merge: 36e6ace 71ed813
Author: Jiri Popelka <jpopelka at redhat.com>
Date:   Thu Oct 17 18:19:32 2013 +0200

    Merge branch 'master' into f18

 .gitignore     |    1 +
 firewalld.spec |   12 +++++++++++-
 sources        |    2 +-
 3 files changed, 13 insertions(+), 2 deletions(-)
---
diff --cc firewalld.spec
index 00b38e1,503601b..7196fe4

--- a/firewalld.spec
+++ b/firewalld.spec
@@@ -189,14 -189,294 +189,24 @@@ f
  %{_mandir}/man1/firewall-config*.1*
  
  %changelog
+ * Thu Oct 17 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.7-1
+ - Don't fail on missing ip[6]tables/ebtables table. (RHBZ#967376)
+ - bash-completion: --permanent --direct options
+ - firewall/core/fw.py: fix checking for iptables & ip6tables (RHBZ#1017087)
+ - firewall-cmd: use client's exception_handler instead of catching exceptions ourselves
+ - FirewallClientZoneSettings: fix {add|remove|query}RichRule()
+ - Extend amanda-client service with 10080/tcp (RHBZ#1016867)
+ - Simplify Rich_Rule()_lexer() by using functions.splitArgs()
+ - Fix encoding problems in exception handling (RHBZ#1015941)
+ 
  * Fri Oct 04 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.6.2-1
 -- firewall-offline-cmd: --forward-port 'toaddr' is optional (RHBZ#1014958)
 -- firewall-cmd: fix variable name (RHBZ#1015011)
 +- 0.3.6.2
  
 -* Thu Oct 03 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.6.1-1
 -- remove superfluous po files from archive
 +* Thu Jun 20 2013 Jiri Popelka <jpopelka at redhat.com> - 0.2.12-6
 +- Fix firewall-config error handling (RHBZ#951850)
  
 -* Wed Oct 02 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.6-1
 -- firewalld.richlanguage.xml: correct log levels (RHBZ#993740)
 -- firewall-config: Make sure that all zone settings are updated properly on firewalld restart
 -- Rich_Limit: Allow long representation for duration (RHBZ#994103
 -- firewall-config: Show "Changes applied." after changes (RHBZ#993643)
 -- Use own connection dialog to change zones for NM connections
 -- Rename service cluster-suite to high-availability (RHBZ#885257)
 -- Permanent direct support for firewall-config and firewall-cmd
 -- Try to avoid file descriptor leaking (RHBZ#951900)
 -- New functions to split and join args properly (honoring quotes)
 -- firewall-cmd(1): 2 simple examples
 -- Better IPv6 NAT checking.
 -- Ship firewalld.direct(5).
 -
 -* Mon Sep 30 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.5-1
 -- Only use one PK action for configuration (RHBZ#994729)
 -- firewall-cmd: indicate non-zero exit code with red color
 -- rich-rule: enable to have log without prefix & log_level & limit
 -- log-level warn/err -> warning/error (RHBZ#1009436)
 -- Use policy DROP while reloading, do not reset policy in restart twice
 -- Add _direct chains to all table and chain combinations
 -- documentation improvements
 -- New firewalld.direct(5) man page docbook source
 -- tests/firewall-cmd_test.sh: make rich language tests work
 -- Rich_Rule._import_from_string(): improve error messages (RHBZ#994150)
 -- direct.passthrough wasn't always matching out_signature (RHBZ#967800)
 -- firewall-config: twist ICMP Type IP address family logic.
 -- firewall-config: port-forwarding/masquerading dialog (RHBZ#993658)
 -- firewall-offline-cmd: New --remove-service=<service> option (BZ#969106)
 -- firewall-config: Options->Lockdown was not changing permanent.
 -- firewall-config: edit line on doubleclick (RHBZ#993572)
 -- firewall-config: System Default Zone -> Default Zone (RHBZ#993811)
 -- New direct D-Bus interface, persistent direct rule handling, enabled passthough
 -- src/firewall-cmd: Fixed help output to use more visual parameters
 -- src/firewall-cmd: New usage output, no redirection to man page anymore
 -- src/firewall/core/rich.py: Fixed forwad port destinations
 -- src/firewall-offline-cmd: Early enable/disable handling now with mask/unmask
 -- doc/xml/firewalld.zone.xml: Added more information about masquerade use
 -- Prefix to log message is optional (RHBZ#998079)
 -- firewall-cmd: fix --permanent --change-interface (RHBZ#997974)
 -- Sort zones/interfaces/service/icmptypes on output.
 -- wbem-https service (RHBZ#996668)
 -- applet&config: add support for KDE NetworkManager connection editor
 -- firewall/core/fw_config.py: New method update_lockdown_whitelist
 -- Added missing file watcher for lockdown whitelist in config D-Bus interface
 -- firewall/core/watcher: New add_watch_file for lockdown-whitelist and direct
 -- Make use of IPv6 NAT conditional, based on kernel number (RHBZ#967376)
 -
 -* Tue Jul 30 2013 Thomas Woerner <twoerner at redhat.com> 0.3.4-1
 -- several rich rule check enhancements and fixes
 -- firewall-cmd: direct options - check ipv4|ipv6|eb (RHBZ#970505)
 -- firewall-cmd(1): improve description of direct options (RHBZ#970509)
 -- several firewall-applet enhancements and fixes
 -- New README
 -- several doc and man page fixes
 -- Service definitions for PCP daemons (RHBZ#972262)
 -- bash-completion: add lockdown and rich language options
 -- firewall-cmd: add --permanent --list-all[-zones]
 -- firewall-cmd: new -q/--quiet option
 -- firewall-cmd: warn when default zone not active (RHBZ#971843)
 -- firewall-cmd: check priority in --add-rule (RHBZ#914955)
 -- add dhcpv6 (for server) service (RHBZ#917866)
 -- firewall-cmd: add --permanent --get-zone-of-interface/source --change-interface/source
 -- firewall-cmd: print result (yes/no) of all --query-* commands
 -- move permanent-getZoneOf{Interface|Source} from firewall-cmd to server
 -- Check Interfaces/sources when updating permanent zone settings.
 -- FirewallDConfig: getZoneOfInterface/Source can actually return more zones
 -- Fixed toaddr check in forward port to only allow single address, no range
 -- firewall-cmd: various output improvements
 -- fw_zone: use check_single_address from firewall.functions
 -- getZoneOfInterface/Source does not need to throw exception
 -- firewall.functions: Use socket.inet_pton in checkIP, fixed checkIP*nMask
 -- firewall.core.io.service: Properly check port/proto and destination address
 -- Install applet desktop file into /etc/xdg/autostart
 -- Fixed option problem with rich rule destinations (RHBZ#979804)
 -- Better exception creation in dbus_handle_exceptions() decorator (RHBZ#979790)
 -- Updated firewall-offline-cmd
 -- Use priority in add, remove, query and list of direct rules (RHBZ#979509)
 -- New documentation (man pages are created from docbook sources)
 -- firewall/core/io/direct.py: use prirority for rule methods, new get_all_ methods
 -- direct: pass priority also to client.py and firewall-cmd
 -- applet: New blink and blink-count settings
 -- firewall.functions: New function ppid_of_pid
 -- applet: Check for gnome3 and fix it, use new settings, new size-changed cb
 -- firewall-offline-cmd: Fix use of systemctl in chroot
 -- firewall-config: use string.ascii_letters instead of string.letters
 -- dbus_to_python(): handle non-ascii chars in dbus.String.
 -- Modernize old syntax constructions.
 -- dict.keys() in Python 3 returns a "view" instead of list
 -- Use gettext.install() to install _() in builtins namespace.
 -- Allow non-ascii chars in 'short' and 'description'
 -- README: More information for "Working With The Source Repository"
 -- Build environment fixes
 -- firewalld.spec: Added missing checks for rhel > 6 for pygobject3-base
 -- firewall-applet: New setting show-inactive
 -- Don't stop on reload when lockdown already enabled (RHBZ#987403)
 -- firewall-cmd: --lockdown-on/off did not touch firewalld.conf
 -- FirewallApplet.gschema.xml: Dropped unused sender-info setting
 -- doc/firewall-applet.xml: Added information about gsettings
 -- several debug and log message fixes
 -- Add chain for sources so they can be checked before interfaces (RHBZ#903222)
 -- Add dhcp and proxy-dhcp services (RHBZ#986947)
 -- io/Zone(): don't error on deprecated family attr of source elem
 -- Limit length of zone file name (to 12 chars) due to Netfilter internals.
 -- It was not possible to overload a zone with defined source(s).
 -- DEFAULT_ZONE_TARGET: {chain}_ZONE_{zone} -> {chain}_{zone}
 -- New runtime get<X>Settings for services and icmptypes, fixed policies callbacks
 -- functions: New functions checkUser, checkUid and checkCommand
 -- src/firewall/client: Fixed lockdown-whitelist-updated signal handling
 -- firewall-cmd(1): move firewalld.richlanguage(5) reference in --*-rich-rule
 -- Rich rule service: Only add modules for accept action
 -- firewall/core/rich: Several fixes and enhanced checks
 -- Fixed reload of direct rules
 -- firewall/client: New functions to set and get the exception handler
 -- firewall-config: New and enhanced UI to handle lockdown and rich rules
 -- zone's immutable attribute is redundant
 -- Do not allow to set settings in config for immutable zones.
 -- Ignore deprecated 'immutable' attribute in zone files.
 -- Eviscerate 'immutable' completely.
 -- FirewallDirect.query_rule(): fix it
 -- permanent direct: activate firewall.core.io.direct:Direct reader
 -- core/io/*: simplify getting of character data
 -- FirewallDirect.set_config(): allow reloading
 -
 -* Thu Jun 20 2013  Jiri Popelka <jpopelka at redhat.com>
 -- Remove migrating to a systemd unit file from a SysV initscript
 -- Remove pointless "ExclusiveOS" tag
 -
 -* Fri Jun  7 2013 Thomas Woerner <twoerner at redhat.com> 0.3.3-2
 -- Fixed rich rule check for use in D-Bus
 -
 -* Thu Jun  6 2013 Thomas Woerner <twoerner at redhat.com> 0.3.3-1
 -- new service files
 -- relicensed logger.py under GPLv2+
 -- firewall-config: sometimes we don't want to use client's exception handler
 -- When removing Service/IcmpType remove it from zones too (RHBZ#958401)
 -- firewall-config: work-around masquerade_check_cb() being called more times
 -- Zone(IO): add interfaces/sources to D-Bus signature
 -- Added missing UNKNOWN_SOURCE error code
 -- fw_zone.check_source: Raise INVALID_FAMILY if family is invalid
 -- New changeZoneOfInterface method, marked changeZone as deprecated
 -- Fixed firewall-cmd man page entry for --panic-on
 -- firewall-applet: Fixed possible problems of unescaped strings used for markup
 -- New support to bind zones to source addresses and ranges (D-BUS, cmd, applet
 -- Cleanup of unused variables in FirewallD.start
 -- New firewall/fw_types.py with LastUpdatedOrderedDict
 -- direct.chains, direct.rules: Using LastUpdatedOrderedDict
 -- Support splitted zone files
 -- New reader and writer for stored direct chains and rules
 -- LockdownWhitelist: fix write(), add get_commands/uids/users/contexts()
 -- fix service_writer() and icmptype_writer() to put newline at end of file
 -- firewall-cmd: fix --list-sources
 -- No need to specify whether source address family is IPv4 or IPv6
 -- add getZoneOfSource() to D-Bus interface
 -- Add tests and bash-completion for the new "source" operations
 -- Convert all input args in D-Bus methods
 -- setDefaultZone() was calling accessCheck() *after* the action
 -- New uniqify() function to remove duplicates from list whilst preserving order
 -- Zone.combine() merge also services and ports
 -- config/applet: silence DBusException during start when FirewallD is not running (RHBZ#966518)
 -- firewall-applet: more fixes to make the address sources family agnostic
 -- Better defaults for lockdown white list
 -- Use auth_admin_keep for allow_any and allow_inactive also
 -- New D-Bus API for lockdown policies
 -- Use IPv4, IPv6 and BRIDGE for FirewallD properties
 -- Use rich rule action as audit type
 -- Prototype of string-only D-Bus interface for rich language
 -- Fixed wrongly merged source family check in firewall/core/io/zone.py
 -- handle_cmr: report errors, cleanup modules in error case only, mark handling
 -- Use audit type from rule action, fixed rule output
 -- Fixed lockdown whitelist D-Bus handling method names
 -- New rich rule handling in runtime D-Bus interface
 -- Added interface, source and rich rule handling (runtime and permanent)
 -- Fixed dbus_obj in FirewallClientConfigPolicies, added queryLockdown
 -- Write changes in setLockdownWhitelist
 -- Fixed typo in policies log message in method calls
 -- firewall-cmd: Added rich rule, lockdown and lockdown whitelist handling
 -- Don't check access in query/getLockdownWhitelist*()
 -- firewall-cmd: Also output masquerade flag in --list-all
 -- firewall-cmd: argparse is able to convert argument to desired type itself
 -- firewall-cmd_test.sh: tests for permanent interfaces/sources and lockdown whitelist
 -- Makefile.am: add missing files
 -- firewall-cmd_test.sh: tests for rich rules
 -- Added lockdown, source, interface and rich rule docs to firewall-cmd
 -- Do not masquerade lo if masquerade is enabled in the default zone (RHBZ#904098)
 -- Use <rule> in metavar for firewall-cmd parser
 -
 -* Fri May 10 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.2-2
 -- removed unintentional en_US.po from tarball
 -
 -* Tue Apr 30 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.2-1
 -- Fix signal handling for SIGTERM
 -- Additional service files (RHBZ#914859)
 -- Updated po files
 -- s/persistent/permanent/ (Trac Ticket #7)
 -- Better behaviour when running without valid DISPLAY (RHBZ#955414)
 -- client.handle_exceptions(): do not loop forever
 -- Set Zone.defaults in zone_reader (RHBZ#951747)
 -- client: do not pass the dbus exception name to handler
 -- IO_Object_XMLGenerator: make it work with Python 2.7.4 (RHBZ#951741)
 -- firewall-cmd: do not use deprecated BaseException.message
 -- client.py: fix handle_exceptions() (RHBZ#951314)
 -- firewall-config: check zone/service/icmptype name (RHBZ#947820)
 -- Allow 3121/tcp (pacemaker_remote) in cluster-suite service. (RHBZ#885257)
 -- firewall-applet: fix default zone hangling in 'shields-up' (RHBZ#947230)
 -- FirewallError.get_code(): check for unknown error
 -
 -* Wed Apr 17 2013 Jiri Popelka <jpopelka at redhat.com> - 0.3.1-2
 -- Make permanenent changes work with Python 2.7.4 (RHBZ#951741)
 -
 -* Thu Mar 28 2013 Thomas Woerner <twoerner at redhat.com> 0.3.1-1
 -- Use explicit file lists for make dist
 -- New rich rule validation check code
 -- New global check_port and check_address functions
 -- Allow source white and black listing with the rich rule
 -- Fix error handling in case of unsupported family in rich rule
 -- Enable ip_forwarding in masquerade and forward-port
 -- New functions to read and write simple files using filename and content
 -- Add --enable-sysconfig to install Fedora-specific sysconfig config file.
 -- Add chains for security table (RHBZ#927015)
 -- firewalld.spec: no need to specify --with-systemd-unitdir
 -- firewalld.service: remove syslog.target and dbus.target
 -- firewalld.service: replace hard-coded paths
 -- Move bash-completion to new location.
 -- Revert "Added configure for new build env"
 -- Revert "Added Makefile.in files"
 -- Revert "Added po/Makefile.in.in"
 -- Revert "Added po/LINGUAS"
 -- Revert "Added aclocal.m4"
 -- Amend zone XML Schema
 -
 -* Wed Mar 20 2013 Thomas Woerner <twoerner at redhat.com> 0.3.0-1
 -- Added rich language support
 -- Added lockdown feature
 -- Allow to bind interfaces and sources to zones permanently
 -- Enabled IPv6 NAT support
 -  masquerading and port/packet forwarding for IPv6 only with rich language
 -- Handle polkit errors in client class and firewall-config
 -- Added priority description for --direct --add-rule in firewall-cmd man page
 -- Add XML Schemas for zones/services/icmptypes XMLs
 -- Don't keep file descriptors open when forking
 -- Introduce --nopid option for firewalld
 -- New FORWARD_IN_ZONES and FORWARD_OUT_ZONES chains (RHBZ#912782)
 -- Update cluster-suite service (RHBZ#885257)
 -- firewall-cmd: rename --enable/disable-panic to --panic-on/off (RHBZ#874912)
 -- Fix interaction problem of changed event of gtk combobox with polkit-kde
 -  by processing all remaining events (RHBZ#915892)
 -- Stop default zone rules being applied to all zones (RHBZ#912782)
 -- Firewall.start(): don't call set_default_zone()
 -- Add wiki's URL to firewalld(1) and firewall-cmd(1) man pages
 -- firewalld-cmd: make --state verbose (RHBZ#886484)
 -- improve firewalld --help (RHBZ#910492)
 -- firewall-cmd: --add/remove-* can be used multiple times (RHBZ#879834)
 -- Continue loading zone in case of wrong service/port etc. (RHBZ#909466)
 -- Check also services and icmptypes in Zone() (RHBZ#909466)
 -- Increase the maximum length of the port forwarding fields from 5 to 11 in
 -  firewall-config
 -- firewall-cmd: add usage to fail message
 -- firewall-cmd: redefine usage to point to man page
 -- firewall-cmd: fix visible problems with arg. parsing
 -- Use argparse module for parsing command line options and arguments
 -- firewall-cmd.1: better clarify where to find ACTIONs
 -- firewall-cmd Bash completion
 -- firewall-cmd.1: comment --zone=<zone> usage and move some options
 -- Use zone's target only in %s_ZONES chains
 -- default zone in firewalld.conf was set to public with every restart (#902845)
 -- man page cleanup
 -- code cleanup
 -
 -* Thu Mar 07 2013 Jiri Popelka <jpopelka at redhat.com> - 0.2.12-5
 -- Another fix for RHBZ#912782
 +* Wed Apr 03 2013 Jiri Popelka <jpopelka at redhat.com> - 0.2.12-5
 +- Fixes for RHBZ#903475, RHBZ#909466, RHBZ#915985, RHBZ#947230
  
  * Wed Feb 20 2013 Jiri Popelka <jpopelka at redhat.com> - 0.2.12-4
  - Stop default zone rules being applied to all zones (RHBZ#912782)
