From c5e2505b7336e20a37fa4555bcc5a77dbd44e454 Mon Sep 17 00:00:00 2001
From: Eric Garver <egarver@redhat.com>
Date: Fri, 15 Jul 2022 15:18:29 -0400
Subject: [PATCH] test(functions): normalize iptables ipv6-icmp/icmpv6

Resolves: rhbz2100881
---
 ...ommonize-iptables-output-normalizati.patch | 46 +++++++++++++++++++
 ...-normalize-iptables-ipv6-icmp-icmpv6.patch | 34 ++++++++++++++
 firewalld.spec                                |  7 ++-
 3 files changed, 86 insertions(+), 1 deletion(-)
 create mode 100644 0002-test-functions-commonize-iptables-output-normalizati.patch
 create mode 100644 0003-test-functions-normalize-iptables-ipv6-icmp-icmpv6.patch

diff --git a/0002-test-functions-commonize-iptables-output-normalizati.patch b/0002-test-functions-commonize-iptables-output-normalizati.patch
new file mode 100644
index 0000000..6b7a5c5
--- /dev/null
+++ b/0002-test-functions-commonize-iptables-output-normalizati.patch
@@ -0,0 +1,46 @@
+From ba20c6cb0a516545404e5e02cddf3b1d01fac79b Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Tue, 5 Jul 2022 15:43:19 -0400
+Subject: [PATCH 2/3] test(functions): commonize iptables output normalization
+
+Share rule normalization between iptables and ip6tables.
+
+(cherry picked from commit 54e761a0fe2d19dfc4c0c898540f718c837778a9)
+---
+ src/tests/functions.at | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/tests/functions.at b/src/tests/functions.at
+index 557acf0257e4..481c94017f15 100644
+--- a/src/tests/functions.at
++++ b/src/tests/functions.at
+@@ -393,11 +393,15 @@ m4_define([EBTABLES_LIST_RULES], [
+     ])
+ ])
+ 
+-m4_define([IPTABLES_LIST_RULES_NORMALIZE], [dnl
++m4_define([IPXTABLES_LIST_RULES_NORMALIZE], [dnl
+     TRIM_WHITESPACE | dnl
+     tail -n +3 dnl
+ ])
+ 
++m4_define([IPTABLES_LIST_RULES_NORMALIZE], [dnl
++    IPXTABLES_LIST_RULES_NORMALIZE() dnl
++])
++
+ m4_define([IPTABLES_LIST_RULES_ALWAYS], [
+     m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [
+         NS_CHECK([PIPESTATUS0([$IPTABLES -w -n -t $1 -L $2], [IPTABLES_LIST_RULES_NORMALIZE])],
+@@ -412,8 +416,7 @@ m4_define([IPTABLES_LIST_RULES], [
+ ])
+ 
+ m4_define([IP6TABLES_LIST_RULES_NORMALIZE], [dnl
+-    TRIM_WHITESPACE | dnl
+-    tail -n +3 dnl
++    IPXTABLES_LIST_RULES_NORMALIZE() dnl
+ ])
+ 
+ m4_define([IP6TABLES_LIST_RULES_ALWAYS], [
+-- 
+2.31.1
+
diff --git a/0003-test-functions-normalize-iptables-ipv6-icmp-icmpv6.patch b/0003-test-functions-normalize-iptables-ipv6-icmp-icmpv6.patch
new file mode 100644
index 0000000..db3b039
--- /dev/null
+++ b/0003-test-functions-normalize-iptables-ipv6-icmp-icmpv6.patch
@@ -0,0 +1,34 @@
+From 68276da6dda3f73dfed5e6758675a5148ac77271 Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Tue, 5 Jul 2022 14:38:34 -0400
+Subject: [PATCH 3/3] test(functions): normalize iptables ipv6-icmp/icmpv6
+
+The output changed in iptables 1.8.8. Specifically commit b6196c7504d4
+("xshared: Prefer xtables_chain_protos lookup over getprotoent").
+
+Fixes: #982
+Fixes: rhbz2100881
+(cherry picked from commit c54ea7b5e492b3aae631dc71579afc24d713401f)
+---
+ src/tests/functions.at | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/tests/functions.at b/src/tests/functions.at
+index 481c94017f15..a38ae9005ea2 100644
+--- a/src/tests/functions.at
++++ b/src/tests/functions.at
+@@ -395,7 +395,10 @@ m4_define([EBTABLES_LIST_RULES], [
+ 
+ m4_define([IPXTABLES_LIST_RULES_NORMALIZE], [dnl
+     TRIM_WHITESPACE | dnl
+-    tail -n +3 dnl
++    tail -n +3 | dnl
++    dnl iptables-1.8.8 changed output of some protocols
++    dnl commit b6196c7504d4 ("xshared: Prefer xtables_chain_protos lookup over getprotoent")
++    sed -e ['s/[ ]ipv6-icmp\([ -]\)/ icmpv6\1/g'] dnl
+ ])
+ 
+ m4_define([IPTABLES_LIST_RULES_NORMALIZE], [dnl
+-- 
+2.31.1
+
diff --git a/firewalld.spec b/firewalld.spec
index 1ba3cc7..cfeb247 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -1,11 +1,13 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 1.1.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
 Patch1: 0001-RHEL-only-Add-cockpit-by-default-to-some-zones.patch
+Patch2: 0002-test-functions-commonize-iptables-output-normalizati.patch
+Patch3: 0003-test-functions-normalize-iptables-ipv6-icmp-icmpv6.patch
 BuildArch: noarch
 BuildRequires: autoconf
 BuildRequires: automake
@@ -227,6 +229,9 @@ rm -rf %{buildroot}%{_datadir}/firewalld/testsuite
 %{_mandir}/man1/firewall-config*.1*
 
 %changelog
+* Fri Jul 15 2022 Eric Garver <egarver@redhat.com> - 1.1.1-2
+- test(functions): normalize iptables ipv6-icmp/icmpv6
+
 * Mon May 16 2022 Eric Garver <egarver@redhat.com> - 1.1.1-1
 - package rebase to v1.1.1