10 files changed, 140 insertions, 389 deletions
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0001-optimize-boot.patch b/meta-networking/recipes-connectivity/ufw/ufw/0001-optimize-boot.patch
index a1e56b7cac..28068bba11 100644
--- a/meta-networking/recipes-connectivity/ufw/ufw/0001-optimize-boot.patch
+++ b/meta-networking/recipes-connectivity/ufw/ufw/0001-optimize-boot.patch
@@ -1,18 +1,31 @@
-Author: Jamie Strandboge <jamie@canonical.com>
+From 92fcdbc1a57086e4decc1597217c0739dc16342a Mon Sep 17 00:00:00 2001
-Description: to improve boot speed when disabled, don't source all of
+From: Silcet <camorga1@gmail.com>
- ufw-init-functions (which also sources in other files).
+Date: Tue, 27 Apr 2021 05:34:59 +0000
+Subject: [PATCH] Author: Jamie Strandboge <jamie@canonical.com>
+Description:
+to improve boot speed when disabled, don't source all of  ufw-init-functions
+(which also sources in other files).
 Upstream-Status: Inappropriate [ not author ]
 Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-Index: ufw-0.31/src/ufw-init
+The patch was imported from the OpenEmbedded git server
-===================================================================
+(git://git.openembedded.org/openembedded) as of commit id
--- ufw-0.31.orig/src/ufw-init  2012-03-09 17:07:11.000000000 -0600
+2cc1bd9dd060f5002c2fde7aacba86fe230c12af.
-+++ ufw-0.31/src/ufw-init       2012-03-17 09:37:51.000000000 -0500
-@@ -18,6 +18,12 @@
+Signed-off-by: Silcet <camorga1@gmail.com>
- #
+---
- set -e
+ src/ufw-init | 6 ++++++
+ 1 file changed, 6 insertions(+)
+diff --git a/src/ufw-init b/src/ufw-init
+index 3505a02..dde37f0 100755
+--- a/src/ufw-init
+++ b/src/ufw-init
+@@ -31,6 +31,12 @@ if [ "$1" = "--datadir" ] && [ -s "$2" ]; then
+ fi
+ export DATA_DIR="$datadir"
 
 +# Debian/Ubuntu: small boot speed improvement
 +. "#CONFIG_PREFIX#/ufw/ufw.conf"
@@ -20,6 +33,6 @@ Index: ufw-0.31/src/ufw-init
 +    exit 0
 +fi
 +
- if [ -s "#STATE_PREFIX#/ufw-init-functions" ]; then
+ if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then
-     . "#STATE_PREFIX#/ufw-init-functions"
+     . "${rootdir}#STATE_PREFIX#/ufw-init-functions"
 else
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/setup-add-an-option-to-specify-iptables-location.patch b/meta-networking/recipes-connectivity/ufw/ufw/0002-add-an-option-to-specify-iptables-location.patch
index 5117423387..884fa1647e 100644
--- a/meta-networking/recipes-connectivity/ufw/ufw/setup-add-an-option-to-specify-iptables-location.patch
+++ b/meta-networking/recipes-connectivity/ufw/ufw/0002-add-an-option-to-specify-iptables-location.patch
@@ -1,6 +1,6 @@
-From c54d36d0582a60fd281cd9287077cea205fd849d Mon Sep 17 00:00:00 2001
+From 808577f8464f542076840d0d93fe168a5f79442c Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe_macdonald@mentor.com>
+From: Silcet <camorga1@gmail.com>
-Date: Thu, 27 Nov 2014 15:20:34 -0500
+Date: Tue, 27 Apr 2021 05:40:03 +0000
 Subject: [PATCH] setup: add an option to specify iptables location
 When cross-compiling it isn't certain that the location of iptables on the
@@ -13,15 +13,21 @@ version of iptables to be used.
 Upstream-Status: Pending
 Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+The patch was imported from the OpenEmbedded git server
+(git://git.openembedded.org/openembedded) as of commit id
+2cc1bd9dd060f5002c2fde7aacba86fe230c12af.
+Signed-off-by: Silcet <camorga1@gmail.com>
 ---
- setup.py | 69 ++++++++++++++++++++++++++++++++++++----------------------------
+ setup.py | 65 ++++++++++++++++++++++++++++++++------------------------
- 1 file changed, 39 insertions(+), 30 deletions(-)
+ 1 file changed, 37 insertions(+), 28 deletions(-)
 diff --git a/setup.py b/setup.py
-index 6fb3751..b13d11c 100644
+index 09204d3..2343bc9 100644
 --- a/setup.py
 +++ b/setup.py
-@@ -225,41 +225,50 @@ shutil.copytree('src', 'staging')
+@@ -246,41 +246,50 @@ shutil.copytree('src', 'staging')
 os.unlink(os.path.join('staging', 'ufw-init'))
 os.unlink(os.path.join('staging', 'ufw-init-functions'))
 
@@ -43,14 +49,6 @@ index 6fb3751..b13d11c 100644
 -        if iptables_exe != "":
 -            break
 -
-
-if iptables_exe == '':
-    print("ERROR: could not find required binary 'iptables'", file=sys.stderr)
-    sys.exit(1)
-
-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
-    if not os.path.exists(os.path.join(iptables_dir, e)):
-        print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr)
 +if "--iptables-dir" in sys.argv:
 +    iptables_dir = sys.argv[sys.argv.index("--iptables-dir") + 1]
 +    iptables_exe = os.path.join(iptables_dir, "iptables")
@@ -70,10 +68,16 @@ index 6fb3751..b13d11c 100644
 +                    print("Found '%s'" % iptables_exe)
 +                else:
 +                    continue
-+
+ 
+-if iptables_exe == '':
+-    print("ERROR: could not find required binary 'iptables'", file=sys.stderr)
+-    sys.exit(1)
 +            if iptables_exe != "":
 +                break
-+
+ 
+-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
+-    if not os.path.exists(os.path.join(iptables_dir, e)):
+-        print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr)
 +    if iptables_exe == '':
 +        print("ERROR: could not find required binary 'iptables'", file=sys.stderr)
         sys.exit(1)
@@ -102,6 +106,3 @@ index 6fb3751..b13d11c 100644
 
 setup (name='ufw',
       version=ufw_version,
-- 
-1.9.1
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0002-lp1044361.patch b/meta-networking/recipes-connectivity/ufw/ufw/0002-lp1044361.patch
deleted file mode 100644
index 804c18bc9e..0000000000
--- a/meta-networking/recipes-connectivity/ufw/ufw/0002-lp1044361.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-Origin: r795, r796
-Description: move netfilter capabilities checking into initcaps(), and call
- initcaps() only when we need it.
-Bug-Ubuntu: https://launchpad.net/bugs/1044361
-Upstream-Status: Inappropriate [ not author ]
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-Index: ufw-0.33/src/backend_iptables.py
-===================================================================
--- ufw-0.33.orig/src/backend_iptables.py       2012-09-23 09:58:34.000000000 -0500
-+++ ufw-0.33/src/backend_iptables.py    2012-09-23 09:58:36.000000000 -0500
-@@ -160,6 +160,9 @@
-             out += "> " + _("Checking raw ip6tables\n")
-             return out
- 
-+        # Initialize the capabilities database
-+        self.initcaps()
-+
-         args = ['-n', '-v', '-x', '-L']
-         items = []
-         items6 = []
-@@ -470,6 +473,9 @@
-         if self.dryrun:
-             return False
- 
-+        # Initialize the capabilities database
-+        self.initcaps()
-+
-         prefix = "ufw"
-         exe = self.iptables
-         if v6:
-@@ -684,6 +690,9 @@
-         except Exception:
-             raise
- 
-+        # Initialize the capabilities database
-+        self.initcaps()
-+
-         chain_prefix = "ufw"
-         rules = self.rules
-         if v6:
-@@ -830,6 +839,10 @@
-         * updating user rules file
-         * reloading the user rules file if rule is modified
-         '''
-+
-+        # Initialize the capabilities database
-+        self.initcaps()
-+
-         rstr = ""
- 
-         if rule.v6:
-@@ -1073,6 +1086,9 @@
-         if self.dryrun:
-             return
- 
-+        # Initialize the capabilities database
-+        self.initcaps()
-+
-         rules_t = []
-         try:
-             rules_t = self._get_logging_rules(level)
-Index: ufw-0.33/src/backend.py
-===================================================================
--- ufw-0.33.orig/src/backend.py        2012-09-23 09:58:34.000000000 -0500
-+++ ufw-0.33/src/backend.py     2012-09-23 09:59:03.000000000 -0500
-@@ -21,7 +21,7 @@
- import stat
- import sys
- import ufw.util
-from ufw.util import warn, debug
-+from ufw.util import error, warn, debug
- from ufw.common import UFWError, config_dir, iptables_dir, UFWRule
- import ufw.applications
- 
-@@ -68,6 +68,17 @@
-             err_msg = _("Couldn't determine iptables version")
-             raise UFWError(err_msg)
- 
-+        # Initialize via initcaps only when we need it (LP: #1044361)
-+        self.caps = None
-+
-+    def initcaps(self):
-+        '''Initialize the capabilities database. This needs to be called
-+           before accessing the database.'''
-+
-+        # Only initialize if not initialized already
-+        if self.caps != None:
-+            return
-+
-         self.caps = {}
-         self.caps['limit'] = {}
- 
-@@ -78,14 +89,20 @@
-         # Try to get capabilities from the running system if root
-         if self.do_checks and os.getuid() == 0 and not self.dryrun:
-             # v4
-            nf_caps = ufw.util.get_netfilter_capabilities(self.iptables)
-+            try:
-+                nf_caps = ufw.util.get_netfilter_capabilities(self.iptables)
-+            except OSError as e:
-+                error("initcaps\n%s" % e)
-             if 'recent-set' in nf_caps and 'recent-update' in nf_caps:
-                 self.caps['limit']['4'] = True
-             else:
-                 self.caps['limit']['4'] = False
- 
-             # v6
-            nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables)
-+            try:
-+                nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables)
-+            except OSError as e:
-+                error("initcaps\n%s" % e)
-             if 'recent-set' in nf_caps and 'recent-update' in nf_caps:
-                 self.caps['limit']['6'] = True
-             else:
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0003-fix-typeerror-on-error.patch b/meta-networking/recipes-connectivity/ufw/ufw/0003-fix-typeerror-on-error.patch
deleted file mode 100644
index b259fdf781..0000000000
--- a/meta-networking/recipes-connectivity/ufw/ufw/0003-fix-typeerror-on-error.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Origin: r797
-Description: src/backend_iptables.py: fix misplaced parenthesis
-Upstream-Status: Inappropriate [ not author ]
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-Index: ufw-0.33/src/backend_iptables.py
-===================================================================
--- ufw-0.33.orig/src/backend_iptables.py       2012-09-24 08:51:13.000000000 -0500
-+++ ufw-0.33/src/backend_iptables.py    2012-09-24 08:52:00.000000000 -0500
-@@ -1075,7 +1075,7 @@
-             exe = self.ip6tables
-         (rc, out) = cmd([exe] + args)
-         if rc != 0:
-            err_msg = _("Could not perform '%s'") % (args)
-+            err_msg = _("Could not perform '%s'" % (args))
-             if fail_ok:
-                 debug("FAILOK: " + err_msg)
-             else:
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0003-only-make-one-reference-to-env.patch b/meta-networking/recipes-connectivity/ufw/ufw/0003-only-make-one-reference-to-env.patch
new file mode 100644
index 0000000000..556d4459d0
--- /dev/null
+++ b/meta-networking/recipes-connectivity/ufw/ufw/0003-only-make-one-reference-to-env.patch
@@ -0,0 +1,73 @@
+From 42170d379eddc12bd2d1fe84dc268882d8eb4d64 Mon Sep 17 00:00:00 2001
+From: Silcet <camorga1@gmail.com>
+Date: Mon, 3 May 2021 08:59:28 +0000
+Subject: [PATCH] setup: only make one reference to env
+If sys.executable happens to be '/usr/bin/env python' or something
+similar, the setup script will result in 'ufw' getting /usr/bin/env
+repeated on the top line.  This causes an error at runtime.  Perform a
+quick sanity check on sys.executable before doing the substitution.
+While we're at it, change the default value of 'exe' to the one we either
+detected or specified on the build line.
+Upstream-Status: Inappropriate [ embedded specific ]
+Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+The patch was imported from the OpenEmbedded git server
+(git://git.openembedded.org/openembedded) as of commit id
+2cc1bd9dd060f5002c2fde7aacba86fe230c12af.
+A previous change had modified the way the python shebang was updated to
+follow the same version as the one used to call setup.py. However, it
+used a regex that was not matching anymore. To fix this, the regex
+condition is removed so the shebang line is substituted with the sys.executable
+value. Later in the installation distutils finds the string with the path
+of sys.executable and replaces it with "#! /usr/bin/env python3".
+Signed-off-by: Silcet <camorga1@gmail.com>
+---
+ setup.py | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+diff --git a/setup.py b/setup.py
+index 2343bc9..f8a638b 100644
+--- a/setup.py
+++ b/setup.py
+@@ -64,7 +64,7 @@ class Install(_install, object):
+         real_sharedir = os.path.join(real_prefix, 'share', 'ufw')
+ 
+         # Update the modules' paths
+-        for fn in [ 'common.py' ]:
+        for fn in [ 'common.py', 'util.py' ]:
+             # 'staging' is used with just 'install' but build_lib is used when
+             # using 'build'. We could probably override 'def build()' but this
+             # at least works
+@@ -97,6 +97,12 @@ class Install(_install, object):
+                                  "-i",
+                                  "s%#SHARE_DIR#%" + real_sharedir + "%g",
+                                  f])
+                                
+                subprocess.call(["sed",
+                                 "-i.jjm",
+                                 "s%/sbin/iptables%" + iptables_exe + "%g",
+                                 f])
+
+ 
+                 if fn == 'common.py' and 'UFW_SKIP_CHECKS' in os.environ and \
+                    os.environ['UFW_SKIP_CHECKS'] != '':
+@@ -123,10 +129,12 @@ class Install(_install, object):
+             self.mkpath(os.path.dirname(f))
+ 
+         # update the interpreter to that of the one the user specified for setup
+        # Distutils searches for the string of sys.executable and replaces it 
+        # with the "#! /usr/bin/env pythonX" shebang on a later step
+         print("Updating staging/ufw to use %s" % (sys.executable))
+         subprocess.call(["sed",
+                          "-i",
+-                         "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g",
+                         "1s%/.*python.*%" + sys.executable + "%g",
+                          'staging/ufw'])
+         self.copy_file('staging/ufw', script)
+         self.copy_file('doc/ufw.8', manpage)
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0004-lp1039729.patch b/meta-networking/recipes-connectivity/ufw/ufw/0004-lp1039729.patch
deleted file mode 100644
index 695b265671..0000000000
--- a/meta-networking/recipes-connectivity/ufw/ufw/0004-lp1039729.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Origin: r803, r804
-Description: Don't call get_netfilter_capabilities() with ipv6 if ipv6 is
- disabled.
-Bug-Ubuntu: https://launchpad.net/ufw/bugs/1039729
-Upstream-Status: Inappropriate [ not author ]
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-Index: ufw-0.33/src/backend.py
-===================================================================
--- ufw-0.33.orig/src/backend.py        2012-12-04 09:21:57.000000000 -0600
-+++ ufw-0.33/src/backend.py     2012-12-04 09:22:40.000000000 -0600
-@@ -98,15 +98,17 @@
-             else:
-                 self.caps['limit']['4'] = False
- 
-            # v6
-            try:
-                nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables)
-            except OSError as e:
-                error("initcaps\n%s" % e)
-            if 'recent-set' in nf_caps and 'recent-update' in nf_caps:
-                self.caps['limit']['6'] = True
-            else:
-                self.caps['limit']['6'] = False
-+            # v6 (skip capabilities check for ipv6 if ipv6 is disabled in ufw
-+            # because the system may not have ipv6 support (LP: #1039729)
-+            if self.use_ipv6():
-+                try:
-+                    nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables)
-+                except OSError as e:
-+                    error("initcaps\n%s" % e)
-+                if 'recent-set' in nf_caps and 'recent-update' in nf_caps:
-+                    self.caps['limit']['6'] = True
-+                else:
-+                    self.caps['limit']['6'] = False
- 
-     def is_enabled(self):
-         '''Is firewall configured as enabled'''
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0005-lp1191197.patch b/meta-networking/recipes-connectivity/ufw/ufw/0005-lp1191197.patch
deleted file mode 100644
index b760d3fd33..0000000000
--- a/meta-networking/recipes-connectivity/ufw/ufw/0005-lp1191197.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Origin: r816
-Description: add check for -m rt --rt-type 0
-Bug-Ubuntu: https://launchpad.net/bugs/1191197
-Forwarded: yes
-Upstream-Status: Inappropriate [ not author ]
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-Index: ufw-0.33/tests/check-requirements
-===================================================================
--- ufw-0.33.orig/tests/check-requirements      2012-08-17 16:12:49.000000000 -0500
-+++ ufw-0.33/tests/check-requirements   2013-06-15 07:47:00.000000000 -0500
-@@ -3,7 +3,7 @@
- # check-requirements: verify all the required iptables functionality is
- # available
- #
-# Copyright 2008-2012 Canonical Ltd.
-+# Copyright 2008-2013 Canonical Ltd.
- #
- #    This program is free software: you can redistribute it and/or modify
- #    it under the terms of the GNU General Public License version 3,
-@@ -218,6 +218,9 @@
-             echo -n "icmpv6 with hl ($j): "
-             runcmd $exe -A $c -p icmpv6 --icmpv6-type $j -m hl --hl-eq 255 -j ACCEPT
-         done
-+
-+        echo -n "ipv6 rt: "
-+        runcmd $exe -A $c -m rt --rt-type 0 -j ACCEPT
-     fi
- 
-     echo ""
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/fix-dynamic-update-of-python-shebang.patch b/meta-networking/recipes-connectivity/ufw/ufw/fix-dynamic-update-of-python-shebang.patch
deleted file mode 100644
index 0bb0315ccd..0000000000
--- a/meta-networking/recipes-connectivity/ufw/ufw/fix-dynamic-update-of-python-shebang.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From b961a7fceb5654c283c3f987bee593d52abaf1f5 Mon Sep 17 00:00:00 2001
-From: Silcet <camorga1@gmail.com>
-Date: Mon, 26 Apr 2021 07:47:02 +0000
-Subject: [PATCH] ufw: Fix dynamic update of python shebang
-[meta-openembedded ticket #327] -- https://github.com/openembedded/meta-openembedded/issues/327
-The python version in the shebang at the begining of the ufw script
-should be the same one as the version the setup.py script was called
-with.
-The fix in patch "setup-only-make-one-reference-to-env.patch"
-depends on sys.executable returning "/usr/bin/env pythonX". However,
-it returns "/usr/bin/pythonX". Using sys.version_info we can get the
-major version of the python used to called the script and append
-that to the shebang line so it works as intended.
-Upstream-status: Pending
-Signed-off-by: Silcet <camorga1@gmail.com>
---
- setup.py | 21 ++++++---------------
- 1 file changed, 6 insertions(+), 15 deletions(-)
-diff --git a/setup.py b/setup.py
-index ca730b7..941bbf6 100644
--- a/setup.py
-+++ b/setup.py
-@@ -112,22 +112,13 @@ class Install(_install, object):
-         for f in [ script, manpage, manpage_f ]:
-             self.mkpath(os.path.dirname(f))
- 
-        # if sys.executable == /usr/bin/env python* the result will be the top
-        # of ufw getting:
-        #
-        #  #! /usr/bin/env /usr/bin/env python
-        #
-        # which is not ideal
-        #
-         # update the interpreter to that of the one the user specified for setup
-        print("Updating staging/ufw to use (%s)" % (sys.executable))
-
-        if re.search("(/usr/bin/env)", sys.executable):
-            print("found 'env' in sys.executable (%s)" % (sys.executable))
-            subprocess.call(["sed",
-                             "-i.jjm",
-                             "1s%^#.*python.*%#! " + sys.executable + "%g",
-                             'staging/ufw'])
-+        python_major = sys.version_info.major
-+        print("Updating staging/ufw to use (python%s)" % (python_major))
-+        subprocess.call(["sed",
-+                         "-i.jjm",
-+                         "1s%^#.*python.*%#! " + sys.executable + "%g",
-+                         'staging/ufw'])
- 
-         self.copy_file('staging/ufw', script)
-         self.copy_file('doc/ufw.8', manpage)
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/setup-only-make-one-reference-to-env.patch b/meta-networking/recipes-connectivity/ufw/ufw/setup-only-make-one-reference-to-env.patch
deleted file mode 100644
index ff704b5a46..0000000000
--- a/meta-networking/recipes-connectivity/ufw/ufw/setup-only-make-one-reference-to-env.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From be53eea06a5655fdc98f47a73be8277b65bb42ed Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe_macdonald@mentor.com>
-Date: Tue, 11 Nov 2014 21:41:14 -0500
-Subject: [PATCH] setup: only make one reference to env
-If sys.executable happens to be '/usr/bin/env python' or something
-similar, the setup script will result in 'ufw' getting /usr/bin/env
-repeated on the top line.  This causes an error at runtime.  Perform a
-quick sanity check on sys.executable before doing the substitution.
-While we're at it, change the default value of 'exe' to the one we either
-detected or specified on the build line.
-Upstream-Status: Inappropriate [ embedded specific ]
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
- setup.py | 34 ++++++++++++++++++++++++++++------
- 1 file changed, 28 insertions(+), 6 deletions(-)
-diff --git a/setup.py b/setup.py
-index b13d11c..73acdef 100644
--- a/setup.py
-+++ b/setup.py
-@@ -64,7 +64,7 @@ class Install(_install, object):
-         real_sharedir = os.path.join(real_prefix, 'share', 'ufw')
- 
-         # Update the modules' paths
-        for file in [ 'common.py' ]:
-+        for file in [ 'common.py', 'util.py' ]:
-             print("Updating " + file)
-             subprocess.call(["sed",
-                              "-i",
-@@ -91,6 +91,11 @@ class Install(_install, object):
-                              "s%#SHARE_DIR#%" + real_sharedir + "%g",
-                              os.path.join('staging', file)])
- 
-+            subprocess.call(["sed",
-+                             "-i.jjm",
-+                             "s%/sbin/iptables%" + iptables_exe + "%g",
-+                             os.path.join('staging', file)])
-+
-         # Now byte-compile everything
-         super(Install, self).run()
- 
-@@ -107,12 +112,23 @@ class Install(_install, object):
-         for f in [ script, manpage, manpage_f ]:
-             self.mkpath(os.path.dirname(f))
- 
-+        # if sys.executable == /usr/bin/env python* the result will be the top
-+        # of ufw getting:
-+        #
-+        #  #! /usr/bin/env /usr/bin/env python
-+        #
-+        # which is not ideal
-+        #
-         # update the interpreter to that of the one the user specified for setup
-        print("Updating staging/ufw to use %s" % (sys.executable))
-        subprocess.call(["sed",
-                         "-i",
-                         "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g",
-                         'staging/ufw'])
-+        print("Updating staging/ufw to use (%s)" % (sys.executable))
-+
-+        if re.search("(/usr/bin/env)", sys.executable):
-+            print("found 'env' in sys.executable (%s)" % (sys.executable))
-+            subprocess.call(["sed",
-+                             "-i.jjm",
-+                             "1s%^#.*python.*%#! " + sys.executable + "%g",
-+                             'staging/ufw'])
-+
-         self.copy_file('staging/ufw', script)
-         self.copy_file('doc/ufw.8', manpage)
-         self.copy_file('doc/ufw-framework.8', manpage_f)
-- 
-1.9.1
diff --git a/meta-networking/recipes-connectivity/ufw/ufw_0.33.bb b/meta-networking/recipes-connectivity/ufw/ufw_0.36.bb
index ee366aa665..8e35dc01ed 100644
--- a/meta-networking/recipes-connectivity/ufw/ufw_0.33.bb
+++ b/meta-networking/recipes-connectivity/ufw/ufw_0.36.bb
@@ -1,3 +1,4 @@
 SUMMARY = "Uncomplicated Firewall"
 DESCRIPTION = "UFW stands for Uncomplicated Firewall, and is program for \
 managing a netfilter firewall. It provides a command line interface and aims \
@@ -7,24 +8,18 @@ SECTION = "net"
 LICENSE = "GPLv3"
 LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949"
-SRC_URI = " \
+SRC_URI = "https://launchpad.net/ufw/0.36/0.36/+download/ufw-0.36.tar.gz \
-           https://launchpad.net/ufw/0.33/0.33/+download/ufw-0.33.tar.gz \
-           file://setup-add-an-option-to-specify-iptables-location.patch \
-           file://setup-only-make-one-reference-to-env.patch \
           file://0001-optimize-boot.patch \
-           file://0002-lp1044361.patch \
+           file://0002-add-an-option-to-specify-iptables-location.patch \
-           file://0003-fix-typeerror-on-error.patch \
+           file://0003-only-make-one-reference-to-env.patch \
-           file://0004-lp1039729.patch \
+           "
-           file://0005-lp1191197.patch \
-           file://fix-dynamic-update-of-python-shebang.patch \
-"
 UPSTREAM_CHECK_URI = "https://launchpad.net/ufw"
-SRC_URI[md5sum] = "3747b453d76709e5a99da209fc0bb5f5"
+SRC_URI[md5sum] = "6d8ab1506da21ae003f4628f93d05781"
-SRC_URI[sha256sum] = "5f85a8084ad3539b547bec097286948233188c971f498890316dec170bdd1da8"
+SRC_URI[sha256sum] = "754b22ae5edff0273460ac9f57509c3938187e0cf4fb9692c6a02833fff33cfc"
-inherit setuptools3 features_check
+inherit setuptools3 features_check systemd update-rc.d
 RDEPENDS_${PN} = " \
                  iptables \
@@ -44,6 +39,19 @@ RRECOMMENDS_${PN} = " \
                     kernel-module-nf-recent \
 "
+do_install_append() {
+    install -d ${D}${systemd_unitdir}/system/
+    install -m 0644 ${S}/doc/systemd.example ${D}${systemd_unitdir}/system/ufw.service
+    install -d ${D}${sysconfdir}/init.d/
+    install -m 0755 ${S}/doc/initscript.example ${D}${sysconfdir}/init.d/ufw
+}
+SYSTEMD_SERVICE_${PN} = "ufw.service"
+INITSCRIPT_NAME = "ufw"
+INITSCRIPT_PARAMS = "defaults"
 # Certain items are explicitly put under /lib, not base_libdir when installed.
 #
 FILES_${PN} += " \