From 0eb613d36b1784fb5a0c1444c7e16fa7d6702bc2 Mon Sep 17 00:00:00 2001
From: Pablo Greco <pgreco@centosproject.org>
Date: Sep 22 2019 19:24:06 +0000
Subject: Fix bug 16425


---

diff --git a/SOURCES/9999-9cd642933d41a983c4cbdef6aa936151e89a05ef.patch b/SOURCES/9999-9cd642933d41a983c4cbdef6aa936151e89a05ef.patch
new file mode 100644
index 0000000..ee779e7
--- /dev/null
+++ b/SOURCES/9999-9cd642933d41a983c4cbdef6aa936151e89a05ef.patch
@@ -0,0 +1,37 @@
+From 9cd642933d41a983c4cbdef6aa936151e89a05ef Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Thu, 6 Jun 2019 12:25:08 -0400
+Subject: [PATCH] fix: rich rule destination with services
+
+Fixes: rhbz 1715977
+(cherry picked from commit d3bd517c7deb44d42129017b3c471ccdf1c32b57)
+---
+ src/firewall/core/fw_zone.py | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
+index 90ae1036..1f33b550 100644
+--- a/src/firewall/core/fw_zone.py
++++ b/src/firewall/core/fw_zone.py
+@@ -1582,17 +1582,18 @@ def _rule_prepare(self, enable, zone, rule, mark_id, zone_transaction):
+             if type(rule.element) == Rich_Service:
+                 svc = self._fw.service.get_service(rule.element.name)
+ 
+-                destinations = [rule.destination] if rule.destination else [None]
+-
++                destinations = []
+                 if len(svc.destination) > 0:
+                     if rule.destination:
+                         # we can not use two destinations at the same time
+                         raise FirewallError(errors.INVALID_RULE,
+                                             "Destination conflict with service.")
+-                    destinations = []
+                     for ipv in ipvs:
+                         if ipv in svc.destination and backend.is_ipv_supported(ipv):
+                             destinations.append(svc.destination[ipv])
++                else:
++                    # dummy for the following for loop
++                    destinations.append(None)
+ 
+                 for destination in destinations:
+                     if enable:
diff --git a/SPECS/firewalld.spec b/SPECS/firewalld.spec
index 1655a1e..4a35b37 100644
--- a/SPECS/firewalld.spec
+++ b/SPECS/firewalld.spec
@@ -8,7 +8,7 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 0.6.3
-Release: 2%{?dist}.1
+Release: 2%{?dist}.1.0.1
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -52,6 +52,8 @@ Patch37: 0037-fix-tests-guard-occurrences-of-IPv6.patch
 Patch38: 0038-fix-tests-update-package.m4-if-makefile-changed.patch
 Patch39: 0039-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch
 
+Patch9999: 9999-9cd642933d41a983c4cbdef6aa936151e89a05ef.patch
+
 BuildArch: noarch
 BuildRequires: desktop-file-utils
 BuildRequires: gettext
@@ -351,6 +353,9 @@ fi
 %{_mandir}/man1/firewall-config*.1*
 
 %changelog
+* Sat Sep 21 2019 Pablo Greco <pgreco@centosproject.org> - 0.6.3-2.el7_7.1.0.1
+- Fix for https://bugs.centos.org/view.php?id=16425
+
 * Wed Aug 21 2019 Eric Garver <egarver@redhat.com> - 0.6.3-2.el7_7.1
 - backport fix to allow disabling IPv6