From ff526cce7ecff7cdf76451cedb1f526bef526ec8 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Wed, 16 Jun 2021 11:24:21 +0200
Subject: [PATCH] iptables-1.8.7-9

- Remove bashisms from arptables-nft-helper
- tests: Use iproute instead of bridge-utils
---
 arptables-nft-helper                            | 17 +++++++----------
 iptables.spec                                   |  5 ++++-
 .../Makefile                                    |  2 +-
 .../runtest.sh                                  |  4 ++--
 tests/tests.yml                                 |  1 -
 5 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/arptables-nft-helper b/arptables-nft-helper
index 7380abf..913298d 100644
--- a/arptables-nft-helper
+++ b/arptables-nft-helper
@@ -5,12 +5,12 @@ ARPTABLES_CONFIG=/etc/sysconfig/arptables
 # compat for removed initscripts dependency
 
 success() {
-	echo -n "[  OK  ]"
+	echo "[  OK  ]"
 	return 0
 }
 
 failure() {
-	echo -n "[FAILED]"
+	echo "[FAILED]"
 	return 1
 }
 
@@ -21,31 +21,28 @@ start() {
 
 	# don't do squat if we don't have the config file
 	if [ -f $ARPTABLES_CONFIG ]; then
-		echo -n $"Applying arptables firewall rules: "
+		printf "Applying arptables firewall rules: "
 		/usr/sbin/arptables-restore < $ARPTABLES_CONFIG && \
 			success || \
 			failure
-		echo
 		touch /var/lock/subsys/arptables
 	else
 		failure
-		echo
-		echo $"Configuration file /etc/sysconfig/arptables missing"
+		echo "Configuration file /etc/sysconfig/arptables missing"
 		exit 6
 	fi
 }
 
 stop() {
-	echo -n $"Removing user defined chains:"
+	printf "Removing user defined chains: "
 	arptables -X && success || failure
-	echo -n $"Flushing all chains:"
+	printf "Flushing all chains: "
 	arptables -F && success || failure
-	echo -n $"Resetting built-in chains to the default ACCEPT policy:"
+	printf "Resetting built-in chains to the default ACCEPT policy: "
 	arptables -P INPUT ACCEPT && \
 		arptables -P OUTPUT ACCEPT && \
 		success || \
 		failure
-	echo
 	rm -f /var/lock/subsys/arptables
 }
 
diff --git a/iptables.spec b/iptables.spec
index 498fc7f..368e429 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -11,7 +11,7 @@ Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 URL: https://www.netfilter.org/projects/iptables
 Version: 1.8.7
-Release: 8%{?dist}
+Release: 9%{?dist}
 Source: %{url}/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -418,6 +418,9 @@ fi
 
 
 %changelog
+* Wed Jun 16 2021 Phil Sutter <psutter@redhat.com> - 1.8.7-9
+- Remove bashisms from arptables-nft-helper
+
 * Fri May 07 2021 Phil Sutter <psutter@redhat.com> - 1.8.7-8
 - iptables.init: Fix functionality for iptables-nft
 - iptables.init: Ignore sysctl files not suffixed '.conf'
diff --git a/tests/ip6tables-do-not-accept-dst-or-src-direction-on-ip6sets/Makefile b/tests/ip6tables-do-not-accept-dst-or-src-direction-on-ip6sets/Makefile
index 5b7f979..3d9ade1 100644
--- a/tests/ip6tables-do-not-accept-dst-or-src-direction-on-ip6sets/Makefile
+++ b/tests/ip6tables-do-not-accept-dst-or-src-direction-on-ip6sets/Makefile
@@ -53,7 +53,7 @@ $(METADATA): Makefile
 	@echo "Type:            Regression" >> $(METADATA)
 	@echo "TestTime:        5m" >> $(METADATA)
 	@echo "RunFor:          iptables" >> $(METADATA)
-	@echo "Requires:        iptables bridge-utils ipset" >> $(METADATA)
+	@echo "Requires:        iptables iproute ipset" >> $(METADATA)
 	@echo "Priority:        Normal" >> $(METADATA)
 	@echo "License:         GPLv2+" >> $(METADATA)
 	@echo "Confidential:    no" >> $(METADATA)
diff --git a/tests/ip6tables-do-not-accept-dst-or-src-direction-on-ip6sets/runtest.sh b/tests/ip6tables-do-not-accept-dst-or-src-direction-on-ip6sets/runtest.sh
index 75f7413..004d568 100755
--- a/tests/ip6tables-do-not-accept-dst-or-src-direction-on-ip6sets/runtest.sh
+++ b/tests/ip6tables-do-not-accept-dst-or-src-direction-on-ip6sets/runtest.sh
@@ -38,7 +38,7 @@ rlJournalStart
         rlRun "pushd $TmpDir"
         rlRun "ip6tables-save > ip6tables.backup"
         rlRun "iptables-save > iptables.backup"
-        rlRun "brctl addbr testbr" 0 "create bridge iface"
+        rlRun "ip link add dev testbr type bridge" 0 "create bridge iface"
     rlPhaseEnd
 
     rlPhaseStartTest
@@ -75,7 +75,7 @@ rlJournalStart
         rlRun "ip6tables-restore < ip6tables.backup"
         rlRun "iptables-restore < iptables.backup"
         rlRun "ip link set down dev testbr"
-        rlRun "brctl delbr testbr" 0 "remove bridge iface"
+        rlRun "ip link del testbr" 0 "remove bridge iface"
         rlRun "ipset destroy ipsetv6" 0 "remove ipv6 ipset"
         rlRun "ipset destroy ipsetv4" 0 "remove ipv4 ipset"
         rlRun "popd"
diff --git a/tests/tests.yml b/tests/tests.yml
index 97069b7..8bac1f4 100644
--- a/tests/tests.yml
+++ b/tests/tests.yml
@@ -10,7 +10,6 @@
         - iptables-services # multiple tests need iptables/ip6tables config files
         - initscripts       # multiple tests need system command
         - libcgroup-tools   # backport-iptables-add-libxt-cgroup-frontend needs cg* commands
-        - bridge-utils      # ip6tables-do-not-accept-dst-or-src-direction-on-ip6sets needs brctl command
         - ipset             # multiple tests need ipset command
         - strace            # xtables-tools-locking-vulnerable-to-local-DoS needs strace command
         - policycoreutils   # initscript-sanity needs restorecon command