- portblock: fix iptables version detection

- Remove unsupported agents

  Resolves: RHEL-79822, RHEL-80293

RHEL-79822-1-portblock-fix-version-detection.patch

@@ -0,0 +1,46 @@
+From 575dcec0cd97af26623975cbc43564d25b91b346 Mon Sep 17 00:00:00 2001
+From: abrychcy <abrychcy@users.noreply.github.com>
+Date: Wed, 12 Feb 2025 19:49:22 +0100
+Subject: [PATCH 1/2] Update portblock: improve version detection of iptables
+
+The awk script does not remove suffixes after the version string. ocf_version_cmp fails to compare this string. wait option will never be added if (nf_tables) or (legacy) is present after vX.Y.Z
+---
+ heartbeat/portblock | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/heartbeat/portblock b/heartbeat/portblock
+index 450e37208..ea22f76a6 100755
+--- a/heartbeat/portblock
++++ b/heartbeat/portblock
+@@ -618,7 +618,7 @@ if [ -z "$OCF_RESKEY_action" ]; then
+ fi 
+ 
+ # iptables v1.4.20+ is required to use -w (wait)
+-version=$(iptables -V | awk -F ' v' '{print $NF}')
++version=$(iptables -V | grep -oE '[0-9]+(\.[0-9]+)+')
+ ocf_version_cmp "$version" "1.4.19.1"
+ if [ "$?" -eq "2" ]; then
+     wait="-w"
+
+From 938867b0c4a77448403961b94aa04f9a34c72b11 Mon Sep 17 00:00:00 2001
+From: abrychcy <abrychcy@users.noreply.github.com>
+Date: Thu, 13 Feb 2025 19:16:26 +0100
+Subject: [PATCH 2/2] simplify iptables version string regex
+
+---
+ heartbeat/portblock | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/heartbeat/portblock b/heartbeat/portblock
+index ea22f76a6..2fca0f893 100755
+--- a/heartbeat/portblock
++++ b/heartbeat/portblock
+@@ -618,7 +618,7 @@ if [ -z "$OCF_RESKEY_action" ]; then
+ fi 
+ 
+ # iptables v1.4.20+ is required to use -w (wait)
+-version=$(iptables -V | grep -oE '[0-9]+(\.[0-9]+)+')
++version=$(iptables -V | grep -oE '[0-9]+[\.0-9]+')
+ ocf_version_cmp "$version" "1.4.19.1"
+ if [ "$?" -eq "2" ]; then
+     wait="-w"

RHEL-79822-2-portblock-use-ocf_log-for-logging.patch

@@ -0,0 +1,43 @@
+From 8a3328c07d8e8f1cfe34dd37afaa5707dcafce9b Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Thu, 20 Feb 2025 14:24:34 +0100
+Subject: [PATCH] portblock: use ocf_log() for logging
+
+---
+ heartbeat/portblock | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/heartbeat/portblock b/heartbeat/portblock
+index 2fca0f893..9b4f5db39 100755
+--- a/heartbeat/portblock
++++ b/heartbeat/portblock
+@@ -359,17 +359,17 @@ tickle_local()
+ 
+ SayActive()
+ {
+-  echo "$CMD DROP rule [$*]  is running (OK)"
++  ocf_log debug "$CMD DROP rule [$*]  is running (OK)"
+ }
+ 
+ SayConsideredActive()
+ {
+-  echo "$CMD DROP rule [$*] considered to be running (OK)"
++  ocf_log debug "$CMD DROP rule [$*] considered to be running (OK)"
+ }
+ 
+ SayInactive()
+ {
+-  echo "$CMD DROP rule [$*] is inactive"
++  ocf_log debug "$CMD DROP rule [$*] is inactive"
+ }
+ 
+ #IptablesStatus  {udp|tcp} portno,portno ip {in|out|both} {block|unblock}
+@@ -430,7 +430,7 @@ DoIptables()
+   op=$1 proto=$2 ports=$3 ip=$4 chain=$5
+   active=0; chain_isactive "$proto" "$ports" "$ip" "$chain" && active=1
+   want_active=0; [ "$op" = "-I" ] && want_active=1
+-  echo "active: $active want_active: $want_active"
++  ocf_log debug "active: $active want_active: $want_active"
+   if [ $active -eq $want_active ] ; then
+     : Chain already in desired state
+   else

resource-agents.spec

@@ -45,7 +45,7 @@
 Name:		resource-agents
 Summary:	Open Source HA Reusable Cluster Resource Scripts
 Version:	4.16.0
-Release:	8%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
+Release:	9%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
 License:	GPL-2.0-or-later AND LGPL-2.1-or-later
 URL:		https://github.com/ClusterLabs/resource-agents
 Source0:	%{upstream_prefix}-%{upstream_version}.tar.gz
@@ -65,6 +65,8 @@ Patch12: 	RHEL-76037-4-storage-mon-check-if-daemon-is-already-running.patch
 Patch13: 	RHEL-76037-5-storage-mon-log-storage_mon-is-already-running-in-start-action.patch
 Patch14: 	RHEL-73689-1-ocf-shellfuncs-fix-syntax-error-in-crm_mon_no_validation.patch
 Patch15: 	RHEL-73689-2-ocf-shellfuncs-add-missing-variable-in-crm_mon_no_validation.patch
+Patch16:	RHEL-79822-1-portblock-fix-version-detection.patch
+Patch17:	RHEL-79822-2-portblock-use-ocf_log-for-logging.patch
 
 # bundled ha-cloud-support libs
 Patch500:	ha-cloud-support-aliyun.patch
@@ -237,6 +239,8 @@ exit 1
 %patch -p1 -P 13
 %patch -p1 -P 14
 %patch -p1 -P 15
+%patch -p1 -P 16
+%patch -p1 -P 17
 
 # bundled ha-cloud-support libs
 %patch -p1 -P 500
@@ -414,6 +418,7 @@ rm -rf %{buildroot}/usr/share/doc/resource-agents
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/fio
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/ids
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/iface-bridge
+%exclude %{_usr}/lib/ocf/resource.d/heartbeat/iface-macvlan
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/ipsec
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/iscsi
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/jboss
@@ -429,11 +434,14 @@ rm -rf %{buildroot}/usr/share/doc/resource-agents
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/mpathpersist
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/mysql-proxy
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/nvmet-*
+%exclude %{_usr}/lib/ocf/resource.d/heartbeat/ocivip
+%exclude %{_usr}/lib/ocf/resource.d/heartbeat/osceip
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/ovsmonitor
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/pgagent
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/pingd
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/pound
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/proftpd
+%exclude %{_usr}/lib/ocf/resource.d/heartbeat/rabbitmq-server-ha
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/rkt
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/rsyslog
 %exclude %{_usr}/lib/ocf/resource.d/heartbeat/scsi2reservation
@@ -479,6 +487,7 @@ rm -rf %{buildroot}/usr/share/doc/resource-agents
 %exclude %{_mandir}/man7/ocf_heartbeat_fio.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_ids.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_iface-bridge.7.gz
+%exclude %{_mandir}/man7/ocf_heartbeat_iface-macvlan.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_ipsec.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_iscsi.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_jboss.7.gz
@@ -493,11 +502,14 @@ rm -rf %{buildroot}/usr/share/doc/resource-agents
 %exclude %{_mandir}/man7/ocf_heartbeat_mpathpersist.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_mysql-proxy.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_nvmet-*.7.gz
+%exclude %{_mandir}/man7/ocf_heartbeat_ocivip.7.gz
+%exclude %{_mandir}/man7/ocf_heartbeat_osceip.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_ovsmonitor.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_pgagent.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_pingd.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_pound.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_proftpd.7.gz
+%exclude %{_mandir}/man7/ocf_heartbeat_rabbitmq-server-ha.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_rkt.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_rsyslog.7.gz
 %exclude %{_mandir}/man7/ocf_heartbeat_scsi2reservation.7.gz
@@ -555,6 +567,13 @@ rm -rf %{buildroot}/usr/share/doc/resource-agents
 %{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm
 
 %changelog
+* Thu Feb 20 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.16.0-9
+- portblock: fix iptables version detection
+- Remove unsupported agents
+
+  Resolves: RHEL-79822, RHEL-80293
+
+
 * Tue Feb 11 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.16.0-8
 - ocf-shellfuncs: fix syntax error in crm_mon_no_validation()