Hello community,
here is the log from the commit of package yast2-firewall for openSUSE:Factory
checked in at 2019-05-05 21:16:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-firewall (Old)
and /work/SRC/openSUSE:Factory/.yast2-firewall.new.5148 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-firewall"
Sun May 5 21:16:37 2019 rev:76 rq:699444 version:4.2.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-firewall/yast2-firewall.changes
2019-04-01 12:34:42.981818860 +0200
+++ /work/SRC/openSUSE:Factory/.yast2-firewall.new.5148/yast2-firewall.changes
2019-05-05 21:16:39.744499652 +0200
@@ -1,0 +2,7 @@
+Fri Apr 26 12:30:53 UTC 2019 - jreidinger <jreidin...@suse.com>
+
+- change proposal naming and add option to set cpu mitigations
+ (bsc#1128707)
+- 4.2.0
+
+-------------------------------------------------------------------
Old:
----
yast2-firewall-4.1.11.tar.bz2
New:
----
yast2-firewall-4.2.0.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-firewall.spec ++++++
--- /var/tmp/diff_new_pack.l1QCVF/_old 2019-05-05 21:16:40.100500622 +0200
+++ /var/tmp/diff_new_pack.l1QCVF/_new 2019-05-05 21:16:40.104500633 +0200
@@ -17,7 +17,7 @@
Name: yast2-firewall
-Version: 4.1.11
+Version: 4.2.0
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -38,6 +38,8 @@
# ButtonBox widget
Conflicts: yast2-ycp-ui-bindings < 2.17.3
+# CpiMitigations
+Conflicts: yast2-bootloader < 4.2.1
Provides: yast2-config-firewall
Obsoletes: yast2-config-firewall
++++++ yast2-firewall-4.1.11.tar.bz2 -> yast2-firewall-4.2.0.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-firewall-4.1.11/Dockerfile
new/yast2-firewall-4.2.0/Dockerfile
--- old/yast2-firewall-4.1.11/Dockerfile 2019-03-29 12:02:42.000000000
+0100
+++ new/yast2-firewall-4.2.0/Dockerfile 2019-04-29 16:06:25.000000000 +0200
@@ -1,3 +1,3 @@
-FROM yastdevel/ruby
+FROM registry.opensuse.org/yast/head/containers/yast-ruby:latest
COPY . /usr/src/app
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-firewall-4.1.11/package/yast2-firewall.changes
new/yast2-firewall-4.2.0/package/yast2-firewall.changes
--- old/yast2-firewall-4.1.11/package/yast2-firewall.changes 2019-03-29
12:02:42.000000000 +0100
+++ new/yast2-firewall-4.2.0/package/yast2-firewall.changes 2019-04-29
16:06:25.000000000 +0200
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Fri Apr 26 12:30:53 UTC 2019 - jreidinger <jreidin...@suse.com>
+
+- change proposal naming and add option to set cpu mitigations
+ (bsc#1128707)
+- 4.2.0
+
+-------------------------------------------------------------------
Tue Mar 26 23:44:33 UTC 2019 - knut.anders...@suse.com
- Autoyast: Export zone name explicitly as it has been removed from
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-firewall-4.1.11/package/yast2-firewall.spec
new/yast2-firewall-4.2.0/package/yast2-firewall.spec
--- old/yast2-firewall-4.1.11/package/yast2-firewall.spec 2019-03-29
12:02:42.000000000 +0100
+++ new/yast2-firewall-4.2.0/package/yast2-firewall.spec 2019-04-29
16:06:25.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-firewall
-Version: 4.1.11
+Version: 4.2.0
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -38,6 +38,8 @@
# ButtonBox widget
Conflicts: yast2-ycp-ui-bindings < 2.17.3
+# CpiMitigations
+Conflicts: yast2-bootloader < 4.2.1
Provides: yast2-config-firewall
Obsoletes: yast2-config-firewall
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-firewall-4.1.11/src/lib/y2firewall/clients/proposal.rb
new/yast2-firewall-4.2.0/src/lib/y2firewall/clients/proposal.rb
--- old/yast2-firewall-4.1.11/src/lib/y2firewall/clients/proposal.rb
2019-03-29 12:02:42.000000000 +0100
+++ new/yast2-firewall-4.2.0/src/lib/y2firewall/clients/proposal.rb
2019-04-29 16:06:25.000000000 +0200
@@ -22,6 +22,7 @@
# find current contact information at www.suse.com.
require "yast"
+require "erb"
require "y2firewall/firewalld/api"
require "y2firewall/proposal_settings"
require "y2firewall/dialogs/proposal"
@@ -45,7 +46,8 @@
LINK_ENABLE_SSHD = "firewall--enable_sshd".freeze,
LINK_DISABLE_SSHD = "firewall--disable_sshd".freeze,
LINK_OPEN_VNC = "firewall--open_vnc".freeze,
- LINK_CLOSE_VNC = "firewall--close_vnc".freeze
+ LINK_CLOSE_VNC = "firewall--close_vnc".freeze,
+ LINK_CPU_MITIGATIONS = "firewall--cpu_mitigations".freeze
].freeze
LINK_FIREWALL_DIALOG = "firewall".freeze
@@ -60,11 +62,12 @@
end
def description
+ # TODO: temporary dgettext only to avoid new translation
{
# Proposal title
- "rich_text_title" => _("Firewall and SSH"),
+ "rich_text_title" => Yast::Builtins.dgettext("security", "Security"),
# Menu entry label
- "menu_title" => _("&Firewall and SSH"),
+ "menu_title" => Yast::Builtins.dgettext("ncurses-pkg",
"&Security"),
"id" => LINK_FIREWALL_DIALOG
}
end
@@ -106,15 +109,56 @@
# Obtain and call the corresponding method for the clicked link.
def call_proposal_action_for(link)
action = link.gsub("firewall--", "")
- @settings.public_send("#{action}!")
+ if action == "cpu_mitigations"
+ bootloader_dialog
+ else
+ @settings.public_send("#{action}!")
+ end
end
# Array with the available proposal descriptions.
#
# @return [Array<String>] services and ports descriptions
def proposals
- # Filter proposals with content and sort them
- [firewall_proposal, sshd_proposal, ssh_port_proposal,
vnc_fw_proposal].compact
+ # Filter proposals with content
+ [cpu_mitigations_proposal, firewall_proposal, sshd_proposal,
+ ssh_port_proposal, vnc_fw_proposal].compact
+ end
+
+ # Returns the cpu mitigation part of the bootloader proposal description
+ # Returns nil if this part should be skipped
+ # @return [String] proposal html text
+ def cpu_mitigations_proposal
+ require "bootloader/bootloader_factory"
+ bl = ::Bootloader::BootloaderFactory.current
+ return nil if bl.name == "none"
+
+ mitigations = bl.cpu_mitigations
+
+ res = _("CPU Mitigations: ") + "<a href=\"#{LINK_CPU_MITIGATIONS}\">" +
+ ERB::Util.html_escape(mitigations.to_human_string) + "</a>"
+ log.info "mitigations output #{res.inspect}"
+ res
+ end
+
+ def bootloader_dialog
+ require "bootloader/config_dialog"
+ Yast.import "Bootloader"
+
+ begin
+ # do it in own dialog window
+ Yast::Wizard.CreateDialog
+ dialog = ::Bootloader::ConfigDialog.new(initial_tab: :kernel)
+ settings = Yast::Bootloader.Export
+ result = dialog.run
+ if result != :next
+ Yast::Bootloader.Import(settings)
+ else
+ Yast::Bootloader.proposed_cfg_changed = true
+ end
+ ensure
+ Yast::Wizard.CloseDialog
+ end
end
# Returns the VNC-port part of the firewall proposal description
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-firewall-4.1.11/test/lib/y2firewall/clients/proposal_test.rb
new/yast2-firewall-4.2.0/test/lib/y2firewall/clients/proposal_test.rb
--- old/yast2-firewall-4.1.11/test/lib/y2firewall/clients/proposal_test.rb
2019-03-29 12:02:42.000000000 +0100
+++ new/yast2-firewall-4.2.0/test/lib/y2firewall/clients/proposal_test.rb
2019-04-29 16:06:25.000000000 +0200
@@ -24,14 +24,19 @@
require "y2firewall/clients/proposal"
describe Y2Firewall::Clients::Proposal do
- let(:client) { described_class.new }
+ subject(:client) { described_class.new }
let(:proposal_settings) { Y2Firewall::ProposalSettings.instance }
+ before do
+ # skip bootloader proposal to avoid build dependency on it
+ allow(subject).to receive(:cpu_mitigations_proposal)
+ end
+
describe "#initialize" do
it "instantiates a new proposal settings" do
expect(Y2Firewall::ProposalSettings).to receive(:instance)
- client
+ described_class.new
end
end
