iptables-1.8.5-6.el8

- Fix shell testcase for rebased libnftnl package

Related: rhbz#2211063

0137-tests-shell-update-format-of-registers-in-bitwise-pa.patch

@@ -0,0 +1,67 @@
+From 71f3a4741df9db345679f32f5829ce3c4b83031d Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Mon, 16 Nov 2020 10:37:41 +0100
+Subject: [PATCH] tests: shell: update format of registers in bitwise payloads.
+
+libnftnl has been changed to bring the format of registers in bitwise
+dumps in line with those in other types of expression.  Update the
+expected output of Python test-cases.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+(cherry picked from commit 83ee6e179829461572be6583ce6e83f68e636eb6)
+---
+ .../shell/testcases/nft-only/0009-needless-bitwise_0   | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 b/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0
+index c5c6e706a1029..41d765e537312 100755
+--- a/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0
++++ b/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0
+@@ -64,7 +64,7 @@ ip filter OUTPUT 5 4
+ 
+ ip filter OUTPUT 6 5
+   [ payload load 4b @ network header + 16 => reg 1 ]
+-  [ bitwise reg 1 = (reg=1 & 0xfcffffff ) ^ 0x00000000 ]
++  [ bitwise reg 1 = ( reg 1 & 0xfcffffff ) ^ 0x00000000 ]
+   [ cmp eq reg 1 0x0002010a ]
+   [ counter pkts 0 bytes 0 ]
+ 
+@@ -98,7 +98,7 @@ ip6 filter OUTPUT 5 4
+ 
+ ip6 filter OUTPUT 6 5
+   [ payload load 16b @ network header + 24 => reg 1 ]
+-  [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0xffffffff 0xf0ffffff ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ]
++  [ bitwise reg 1 = ( reg 1 & 0xffffffff 0xffffffff 0xffffffff 0xf0ffffff ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ]
+   [ cmp eq reg 1 0xffc0edfe 0x020100ee 0x06050403 0x00090807 ]
+   [ counter pkts 0 bytes 0 ]
+ 
+@@ -175,7 +175,7 @@ arp filter OUTPUT 5 4
+   [ payload load 1b @ network header + 5 => reg 1 ]
+   [ cmp eq reg 1 0x00000004 ]
+   [ payload load 4b @ network header + 24 => reg 1 ]
+-  [ bitwise reg 1 = (reg=1 & 0xfcffffff ) ^ 0x00000000 ]
++  [ bitwise reg 1 = ( reg 1 & 0xfcffffff ) ^ 0x00000000 ]
+   [ cmp eq reg 1 0x0002010a ]
+   [ counter pkts 0 bytes 0 ]
+ 
+@@ -240,7 +240,7 @@ arp filter OUTPUT 11 10
+   [ payload load 1b @ network header + 5 => reg 1 ]
+   [ cmp eq reg 1 0x00000004 ]
+   [ payload load 6b @ network header + 18 => reg 1 ]
+-  [ bitwise reg 1 = (reg=1 & 0xffffffff 0x0000f0ff ) ^ 0x00000000 0x00000000 ]
++  [ bitwise reg 1 = ( reg 1 & 0xffffffff 0x0000f0ff ) ^ 0x00000000 0x00000000 ]
+   [ cmp eq reg 1 0xc000edfe 0x0000e0ff ]
+   [ counter pkts 0 bytes 0 ]
+ 
+@@ -306,7 +306,7 @@ bridge filter OUTPUT 4
+ 
+ bridge filter OUTPUT 5 4
+   [ payload load 6b @ link header + 0 => reg 1 ]
+-  [ bitwise reg 1 = (reg=1 & 0xffffffff 0x0000f0ff ) ^ 0x00000000 0x00000000 ]
++  [ bitwise reg 1 = ( reg 1 & 0xffffffff 0x0000f0ff ) ^ 0x00000000 0x00000000 ]
+   [ cmp eq reg 1 0xc000edfe 0x0000e0ff ]
+   [ counter pkts 0 bytes 0 ]
+ 
+-- 
+2.40.0
+

0138-tests-shell-Fix-nft-only-0009-needless-bitwise_0.patch

@@ -0,0 +1,36 @@
+From f31607eafcbf8b4aca4f51bbd6dac33817a1498d Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Fri, 15 Jan 2021 21:58:48 +0100
+Subject: [PATCH] tests/shell: Fix nft-only/0009-needless-bitwise_0
+
+For whatever reason, stored expected output contains false handles. To
+overcome this, filter the rule data lines from both expected and stored
+output before comparing.
+
+Fixes: 81a2e12851283 ("tests/shell: Add test for bitwise avoidance fixes")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 0f7ea0390b33654c9a91015966f518b98356e786)
+---
+ .../shell/testcases/nft-only/0009-needless-bitwise_0     | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 b/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0
+index 41d765e537312..41588a10863ec 100755
+--- a/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0
++++ b/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0
+@@ -336,4 +336,11 @@ bridge filter OUTPUT 10 9
+   [ counter pkts 0 bytes 0 ]
+ "
+ 
+-diff -u -Z <(echo "$EXPECT") <(nft --debug=netlink list ruleset | awk '/^table/{exit} {print}')
++# print nothing but:
++# - lines with bytecode (starting with '  [')
++# - empty lines (so printed diff is not a complete mess)
++filter() {
++	awk '/^(  \[|$)/{print}'
++}
++
++diff -u -Z <(filter <<< "$EXPECT") <(nft --debug=netlink list ruleset | filter)
+-- 
+2.40.0
+

iptables.spec

@@ -10,7 +10,7 @@ Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 URL: http://www.netfilter.org/projects/iptables
 Version: 1.8.5
-Release: 5%{?dist}
+Release: 6%{?dist}
 Source: %{url}/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -160,6 +160,8 @@ Patch133: 0133-tests-iptables-test-Exit-non-zero-on-error.patch
 Patch134: 0134-tests-shell-Return-non-zero-on-error.patch
 Patch135: 0135-iptables-test.py-print-with-color-escapes-only-when-.patch
 Patch136: 0136-tests-iptables-test-Fix-conditional-colors-on-stderr.patch
+Patch137: 0137-tests-shell-update-format-of-registers-in-bitwise-pa.patch
+Patch138: 0138-tests-shell-Fix-nft-only-0009-needless-bitwise_0.patch
 
 # pf.os: ISC license
 # iptables-apply: Artistic Licence 2.0
@@ -532,6 +534,9 @@ done
 %doc %{_mandir}/man8/ebtables*.8*
 
 %changelog
+* Tue Jul 18 2023 Phil Sutter <psutter@redhat.com> - 1.8.5-6
+- Fix shell testcase for rebased libnftnl package
+
 * Tue Jul 18 2023 Phil Sutter <psutter@redhat.com> - 1.8.5-5
 - Missed to copy expected results file to destination.