RHEL 9.0.0 Alpha bootstrap

The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/iptables#4ef8aaebbe6d2223197a3ce86a056949368aca86

0001-ebtables-Fix-for-broken-chain-renaming.patch

@@ -0,0 +1,60 @@
+From 55b7c71dce7144f4dc0297c17abf0f04879ee247 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Tue, 17 Nov 2020 11:38:27 +0100
+Subject: [iptables PATCH] ebtables: Fix for broken chain renaming
+
+Loading extensions pollutes 'errno' value, hence before using it to
+indicate failure it should be sanitized. This was done by the called
+function before the parsing/netlink split and not migrated by accident.
+Move it into calling code to clarify the connection.
+
+Fixes: a7f1e208cdf9c ("nft: split parsing from netlink commands")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ iptables/nft.c                                                | 3 ---
+ iptables/tests/shell/testcases/ebtables/0001-ebtables-basic_0 | 4 ++++
+ iptables/xtables-eb.c                                         | 1 +
+ 3 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/iptables/nft.c b/iptables/nft.c
+index 39882a443a974..411e2597205c9 100644
+--- a/iptables/nft.c
++++ b/iptables/nft.c
+@@ -1896,9 +1896,6 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain,
+ 		return 0;
+ 	}
+ 
+-	/* Config load changed errno. Ensure genuine info for our callers. */
+-	errno = 0;
+-
+ 	/* Find the old chain to be renamed */
+ 	c = nft_chain_find(h, table, chain);
+ 	if (c == NULL) {
+diff --git a/iptables/tests/shell/testcases/ebtables/0001-ebtables-basic_0 b/iptables/tests/shell/testcases/ebtables/0001-ebtables-basic_0
+index 0c1eb4ca66f52..6f11bd12593dd 100755
+--- a/iptables/tests/shell/testcases/ebtables/0001-ebtables-basic_0
++++ b/iptables/tests/shell/testcases/ebtables/0001-ebtables-basic_0
+@@ -86,4 +86,8 @@ if [ $? -eq 0 ]; then
+ 	exit 1
+ fi
+ 
++$XT_MULTI ebtables -t filter -E FOO BAZ || exit 1
++$XT_MULTI ebtables -t filter -L | grep -q FOO && exit 1
++$XT_MULTI ebtables -t filter -L | grep -q BAZ || exit 1
++
+ $XT_MULTI ebtables -t $t -F || exit 0
+diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
+index 6641a21a72d32..5e4184b8e80de 100644
+--- a/iptables/xtables-eb.c
++++ b/iptables/xtables-eb.c
+@@ -853,6 +853,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
+ 				else if (strchr(argv[optind], ' ') != NULL)
+ 					xtables_error(PARAMETER_PROBLEM, "Use of ' ' not allowed in chain names");
+ 
++				errno = 0;
+ 				ret = nft_cmd_chain_user_rename(h, chain, *table,
+ 							    argv[optind]);
+ 				if (ret != 0 && errno == ENOENT)
+-- 
+2.28.0
+

iptables.service

@@ -11,8 +11,6 @@ ExecReload=/usr/libexec/iptables/iptables.init reload
 ExecStop=/usr/libexec/iptables/iptables.init stop
 Environment=BOOTUP=serial
 Environment=CONSOLETYPE=serial
-StandardOutput=syslog
-StandardError=syslog
 
 [Install]
 WantedBy=basic.target

iptables.spec

@@ -19,7 +19,7 @@ Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 URL: http://www.netfilter.org/projects/iptables
 Version: 1.8.6
-Release: 2%{?dist}
+Release: 4%{?dist}
 Source: %{url}/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -32,6 +32,8 @@ Source7: %{url}/files/%{name}-%{version_old}.tar.bz2
 Source8: 0002-extensions-format-security-fixes-in-libip-6-t_icmp.patch
 %endif
 
+Patch1: 0001-ebtables-Fix-for-broken-chain-renaming.patch
+
 # pf.os: ISC license
 # iptables-apply: Artistic Licence 2.0
 License: GPLv2 and Artistic Licence 2.0 and ISC
@@ -442,6 +444,13 @@ fi
 
 
 %changelog
+* Tue Nov 17 14:05:30 CET 2020 Phil Sutter <psutter@redhat.com> - 1.8.6-4
+- ebtables: Fix for broken chain renaming
+
+* Mon Nov 16 13:39:22 CET 2020 Phil Sutter <psutter@redhat.com> - 1.8.6-3
+- Drop obsolete StandardOutput setting from unit file
+- Remove StandardError setting from unit file, its value is default
+
 * Thu Nov  5 2020 Florian Weimer <fweimer@redhat.com> - 1.8.6-2
 - Remove build dependency on autogen