From 9b49ff1d959819a3041f753410938ea25d0009f5 Mon Sep 17 00:00:00 2001 From: Pablo Greco Date: Oct 18 2019 16:56:01 +0000 Subject: Fix bug 16425 --- diff --git a/SOURCES/9999-9cd642933d41a983c4cbdef6aa936151e89a05ef.patch b/SOURCES/9999-9cd642933d41a983c4cbdef6aa936151e89a05ef.patch new file mode 100644 index 0000000..ee779e7 --- /dev/null +++ b/SOURCES/9999-9cd642933d41a983c4cbdef6aa936151e89a05ef.patch @@ -0,0 +1,37 @@ +From 9cd642933d41a983c4cbdef6aa936151e89a05ef Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 6 Jun 2019 12:25:08 -0400 +Subject: [PATCH] fix: rich rule destination with services + +Fixes: rhbz 1715977 +(cherry picked from commit d3bd517c7deb44d42129017b3c471ccdf1c32b57) +--- + src/firewall/core/fw_zone.py | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py +index 90ae1036..1f33b550 100644 +--- a/src/firewall/core/fw_zone.py ++++ b/src/firewall/core/fw_zone.py +@@ -1582,17 +1582,18 @@ def _rule_prepare(self, enable, zone, rule, mark_id, zone_transaction): + if type(rule.element) == Rich_Service: + svc = self._fw.service.get_service(rule.element.name) + +- destinations = [rule.destination] if rule.destination else [None] +- ++ destinations = [] + if len(svc.destination) > 0: + if rule.destination: + # we can not use two destinations at the same time + raise FirewallError(errors.INVALID_RULE, + "Destination conflict with service.") +- destinations = [] + for ipv in ipvs: + if ipv in svc.destination and backend.is_ipv_supported(ipv): + destinations.append(svc.destination[ipv]) ++ else: ++ # dummy for the following for loop ++ destinations.append(None) + + for destination in destinations: + if enable: diff --git a/SPECS/firewalld.spec b/SPECS/firewalld.spec index e50f56e..fc48d9a 100644 --- a/SPECS/firewalld.spec +++ b/SPECS/firewalld.spec @@ -8,7 +8,7 @@ Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Name: firewalld Version: 0.6.3 -Release: 2%{?dist}.2 +Release: 2%{?dist}.2.0.1 URL: http://www.firewalld.org License: GPLv2+ Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -54,6 +54,8 @@ Patch39: 0039-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch Patch40: 0040-fix-Revert-ebtables-drop-support-for-broute-table.patch Patch41: 0041-fix-ebtables-don-t-use-tables-that-aren-t-available.patch +Patch9999: 9999-9cd642933d41a983c4cbdef6aa936151e89a05ef.patch + BuildArch: noarch BuildRequires: desktop-file-utils BuildRequires: gettext @@ -353,6 +355,9 @@ fi %{_mandir}/man1/firewall-config*.1* %changelog +* Fri Oct 18 2019 Pablo Greco - 0.6.3-2.el7_7.2.0.1 +- Fix for https://bugs.centos.org/view.php?id=16425 + * Mon Sep 30 2019 Eric Garver - 0.6.3-2.el7_7.2 - fix: Revert "ebtables: drop support for broute table"