rpms / firewalld

Clone
Source Code
GIT

Files

  1.   dddd59c719594647f2143616ebc5147bc31dae24
  2.   SOURCES
  3.   firewalld-0.4.3.2-ipset-entries-from-file_rhbz#1365198.patch
Blob Blame History Raw 
commit 04f5c99e5a8d82f490deeccf643a7a84941d2f7c
Author: Thomas Woerner <twoerner@redhat.com>
Date:   Wed Aug 3 13:52:58 2016 +0200

    firewall-cmd: Add missing action to fix --{add,remove}-entries-from-file
    
    The mising action="append" setting is needed to make --{add,remove}-entries-from-file functional as a sequence option.

diff --git a/src/firewall-cmd b/src/firewall-cmd
index 405d08c..3cf3059 100755
--- a/src/firewall-cmd
+++ b/src/firewall-cmd
@@ -580,8 +580,8 @@ parser_ipset.add_argument("--add-entry", metavar="<entry>", action='append')
 parser_ipset.add_argument("--remove-entry", metavar="<entry>", action='append')
 parser_ipset.add_argument("--query-entry", metavar="<entry>", action='append')
 parser_ipset.add_argument("--get-entries", action="store_true")
-parser_ipset.add_argument("--add-entries-from-file", metavar="<filename>")
-parser_ipset.add_argument("--remove-entries-from-file", metavar="<filename>")
+parser_ipset.add_argument("--add-entries-from-file", metavar="<filename>", action='append')
+parser_ipset.add_argument("--remove-entries-from-file", metavar="<filename>", action='append')
 
 parser.add_argument("--icmptype", metavar="<icmptype>")
 

commit 495a1a527f03e12195ec6334a21eb7ba3924a6e8
Author: Thomas Woerner <twoerner@redhat.com>
Date:   Wed Aug 3 13:57:53 2016 +0200

    firewall-offline-cmd: Fix --{add,remove}-entries-from-file
    
    The mising action="append" setting is needed to make --{add,remove}-entries-from-file functional as a sequence option.
    
    Also changed was used undefined for --remove-entries-from-file.

diff --git a/src/firewall-offline-cmd b/src/firewall-offline-cmd
index 978ad8a..a7cb36d 100755
--- a/src/firewall-offline-cmd
+++ b/src/firewall-offline-cmd
@@ -619,8 +619,8 @@ parser_ipset.add_argument("--add-entry", metavar="<entry>", action='append')
 parser_ipset.add_argument("--remove-entry", metavar="<entry>", action='append')
 parser_ipset.add_argument("--query-entry", metavar="<entry>", action='append')
 parser_ipset.add_argument("--get-entries", action="store_true")
-parser_ipset.add_argument("--add-entries-from-file", metavar="<filename>")
-parser_ipset.add_argument("--remove-entries-from-file", metavar="<filename>")
+parser_ipset.add_argument("--add-entries-from-file", metavar="<filename>", action='append')
+parser_ipset.add_argument("--remove-entries-from-file", metavar="<filename>", action='append')
 
 parser.add_argument("--icmptype", metavar="<icmptype>")
 
@@ -1467,6 +1467,7 @@ try:
             ipset = fw.config.get_ipset(a.ipset)
             settings = FirewallClientIPSetSettings(
                 list(fw.config.get_ipset_config(ipset)))
+            changed = False
 
             for filename in a.remove_entries_from_file:
                 try:

commit 9afdbaeb1d0ec11cff7d362618657d63df5b6dff
Author: Thomas Woerner <twoerner@redhat.com>
Date:   Mon Aug 8 18:22:40 2016 +0200

    firewall/core/io/*.py: Do not traceback on a general sax parsing issue
    
    There is a traceback printed in case of general parsing issue (no XML). With
    this patch there is a proper error reported.

diff --git a/src/firewall/core/io/direct.py b/src/firewall/core/io/direct.py
index 3916db0..ebbd12d 100644
--- a/src/firewall/core/io/direct.py
+++ b/src/firewall/core/io/direct.py
@@ -361,8 +361,12 @@ class Direct(IO_Object):
         parser = sax.make_parser()
         parser.setContentHandler(handler)
         with open(self.filename, "r") as f:
-            parser.parse(f)
-
+            try:
+                parser.parse(f)
+            except sax.SAXParseException as msg:
+                raise FirewallError(errors.INVALID_TYPE,
+                                    "Not a valid file: %s" % \
+                                    msg.getException())
 
     def write(self):
         if os.path.exists(self.filename):
diff --git a/src/firewall/core/io/icmptype.py b/src/firewall/core/io/icmptype.py
index 36c2d70..99df326 100644
--- a/src/firewall/core/io/icmptype.py
+++ b/src/firewall/core/io/icmptype.py
@@ -122,7 +122,12 @@ def icmptype_reader(filename, path):
     parser.setContentHandler(handler)
     name = "%s/%s" % (path, filename)
     with open(name, "r") as f:
-        parser.parse(f)
+        try:
+            parser.parse(f)
+        except sax.SAXParseException as msg:
+            raise FirewallError(errors.INVALID_ICMPTYPE,
+                                "not a valid icmptype file: %s" % \
+                                msg.getException())
     del handler
     del parser
     if PY2:
diff --git a/src/firewall/core/io/ipset.py b/src/firewall/core/io/ipset.py
index a9e7777..e397f84 100644
--- a/src/firewall/core/io/ipset.py
+++ b/src/firewall/core/io/ipset.py
@@ -223,7 +223,12 @@ def ipset_reader(filename, path):
     parser.setContentHandler(handler)
     name = "%s/%s" % (path, filename)
     with open(name, "r") as f:
-        parser.parse(f)
+        try:
+            parser.parse(f)
+        except sax.SAXParseException as msg:
+            raise FirewallError(errors.INVALID_IPSET,
+                                "not a valid ipset file: %s" % \
+                                msg.getException())
     del handler
     del parser
     if "timeout" in ipset.options and len(ipset.entries) > 0:
diff --git a/src/firewall/core/io/lockdown_whitelist.py b/src/firewall/core/io/lockdown_whitelist.py
index 28aa8da..b7e24b2 100644
--- a/src/firewall/core/io/lockdown_whitelist.py
+++ b/src/firewall/core/io/lockdown_whitelist.py
@@ -322,7 +322,12 @@ class LockdownWhitelist(IO_Object):
         handler = lockdown_whitelist_ContentHandler(self)
         parser = sax.make_parser()
         parser.setContentHandler(handler)
-        parser.parse(self.filename)
+        try:
+            parser.parse(self.filename)
+        except sax.SAXParseException as msg:
+            raise FirewallError(errors.INVALID_TYPE,
+                                "Not a valid file: %s" % \
+                                msg.getException())
         del handler
         del parser
         if PY2:
diff --git a/src/firewall/core/io/service.py b/src/firewall/core/io/service.py
index 705affe..a65a4f4 100644
--- a/src/firewall/core/io/service.py
+++ b/src/firewall/core/io/service.py
@@ -217,7 +217,12 @@ def service_reader(filename, path):
     parser.setContentHandler(handler)
     name = "%s/%s" % (path, filename)
     with open(name, "r") as f:
-        parser.parse(f)
+        try:
+            parser.parse(f)
+        except sax.SAXParseException as msg:
+            raise FirewallError(errors.INVALID_SERVICE,
+                                "not a valid service file: %s" % \
+                                msg.getException())
     del handler
     del parser
     if PY2:
diff --git a/src/firewall/core/io/zone.py b/src/firewall/core/io/zone.py
index 274a633..5dfd1f5 100644
--- a/src/firewall/core/io/zone.py
+++ b/src/firewall/core/io/zone.py
@@ -676,7 +676,12 @@ def zone_reader(filename, path):
     parser.setContentHandler(handler)
     name = "%s/%s" % (path, filename)
     with open(name, "r") as f:
-        parser.parse(f)
+        try:
+            parser.parse(f)
+        except sax.SAXParseException as msg:
+            raise FirewallError(errors.INVALID_ZONE,
+                                "not a valid zone file: %s" % \
+                                msg.getException())
     del handler
     del parser
     if PY2:

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation