Hello community, here is the log from the commit of package susefirewall2-to-firewalld.12933 for openSUSE:Leap:15.2:Update checked in at 2020-06-24 18:42:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/susefirewall2-to-firewalld.12933 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.susefirewall2-to-firewalld.12933.new.2956 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "susefirewall2-to-firewalld.12933" Wed Jun 24 18:42:58 2020 rev:1 rq:816459 version:0.0.4 Changes: -------- New Changes file: --- /dev/null 2020-06-22 15:37:15.682255848 +0200 +++ /work/SRC/openSUSE:Leap:15.2:Update/.susefirewall2-to-firewalld.12933.new.2956/susefirewall2-to-firewalld.changes 2020-06-24 18:42:58.336586617 +0200 @@ -0,0 +1,39 @@ +------------------------------------------------------------------- +Wed Apr 29 08:49:21 UTC 2020 - matthias.gerst...@suse.com + +- add 0001-Fix-ERROR-INVALID_PORT-when-sport-iptables-rules-are.patch: fix + "INVALID_PORT" error message with certain SuSEfirewall2 configurations + (bsc#1170461). + +------------------------------------------------------------------- +Mon Nov 12 08:28:17 UTC 2018 - Markos Chandras <mchand...@suse.de> + +- Version bump to 0.0.4 + * Add input and forward zone to the known ones (bsc#1115001) + * Stop guessing firewall service from port/proto + +------------------------------------------------------------------- +Wed May 30 09:46:51 UTC 2018 - mchand...@suse.de + +- Version bump to 0.0.3 + * Do not try to handle unknown iptables chains + * Handle source whitelisting (gh#openSUSE/susefirewall2-to-firewalld#2, bsc#1105157) + +------------------------------------------------------------------- +Mon Mar 19 12:17:00 UTC 2018 - mchand...@suse.de + +- Version bump to 0.0.2 + * Handle migration when SF2 is absent (bsc#1084177) + * Ensure that firewalld is enabled after migration + * Print firewalld commands in debug mode + +------------------------------------------------------------------- +Mon Apr 4 21:54:57 UTC 2016 - mchand...@suse.de + +- Fix Source URL + +------------------------------------------------------------------- +Tue Mar 29 09:59:07 UTC 2016 - mchand...@suse.de + +- Initial commit for susefirewall2-to-firewalld-0.0.1 + New: ---- 0001-Fix-ERROR-INVALID_PORT-when-sport-iptables-rules-are.patch susefirewall2-to-firewalld-0.0.4.tar.gz susefirewall2-to-firewalld.changes susefirewall2-to-firewalld.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ susefirewall2-to-firewalld.spec ++++++ # # spec file for package susefirewall2-to-firewalld # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: susefirewall2-to-firewalld Version: 0.0.4 Release: 0 Summary: Basic SuSEfirewall2 to FirewallD migration script License: GPL-2.0-or-later Group: Productivity/Networking/Other URL: https://github.com/openSUSE/susefirewall2-to-firewalld Source: https://github.com/openSUSE/%{name}/archive/%{name}-%{version}.tar.gz # bsc#1170461 Patch0: 0001-Fix-ERROR-INVALID_PORT-when-sport-iptables-rules-are.patch Requires: firewalld Requires: iptables Recommends: SuSEfirewall2 BuildArch: noarch %description This is a simple bash script aiming to provide a basic migration path from SuSEfirewall2 to FirewallD. %prep %setup -q -n %{name}-%{name}-%{version} %patch0 -p1 %build %install make DESTDIR=%{buildroot} install %files %defattr(-,root,root) %doc README.md %license COPYING %{_sbindir}/susefirewall2-to-firewalld %changelog ++++++ 0001-Fix-ERROR-INVALID_PORT-when-sport-iptables-rules-are.patch ++++++ >From d8bea107600a354a3d83127b695fe0bd642927c5 Mon Sep 17 00:00:00 2001 From: Matthias Gerstner <matthias.gerst...@suse.de> Date: Wed, 29 Apr 2020 10:44:53 +0200 Subject: [PATCH] Fix `ERROR: INVALID_PORT` when `--sport` iptables rules are present When there are certain iptables rules containing only an `--sport` but no `--dport` then the execution of the script fails. See openSUSE bug [1]. This change only adds robustness by skipping over such occurences. It doesn't actually process the entries in question. This means the result of the migration probably was and still will be incomplete in some constellations. [1]: https://bugzilla.suse.com/show_bug.cgi?id=1170461 --- susefirewall2-to-firewalld | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/susefirewall2-to-firewalld b/susefirewall2-to-firewalld index 71874ee..307a9d6 100755 --- a/susefirewall2-to-firewalld +++ b/susefirewall2-to-firewalld @@ -1574,8 +1574,10 @@ do_service_to_zone_mapping() { all_direct_rules+=("${rule}"$'\n') dinfo ${rule} elif [[ ${zone} == "ext" || ${zone} == "int" || ${zone} == "dmz" ]]; then - add_service_to_zone ${zone} ${proto} ${ports/:/-} - [[ $? == 0 ]] && pinfo ${ports} ${proto} ${zone} + if [[ -n "${ports}" ]]; then + add_service_to_zone ${zone} ${proto} ${ports/:/-} + [[ $? == 0 ]] && pinfo ${ports} ${proto} ${zone} + fi fi ;; icmp|ipv6-icmp) -- 2.24.1