iptables-1.8.7-9

- Remove bashisms from arptables-nft-helper
- tests: Use iproute instead of bridge-utils

arptables-nft-helper

@@ -5,12 +5,12 @@ ARPTABLES_CONFIG=/etc/sysconfig/arptables
 # compat for removed initscripts dependency
 
 success() {
-	echo -n "[  OK  ]"
+	echo "[  OK  ]"
 	return 0
 }
 
 failure() {
-	echo -n "[FAILED]"
+	echo "[FAILED]"
 	return 1
 }
 
@@ -21,31 +21,28 @@ start() {
 
 	# don't do squat if we don't have the config file
 	if [ -f $ARPTABLES_CONFIG ]; then
-		echo -n $"Applying arptables firewall rules: "
+		printf "Applying arptables firewall rules: "
 		/usr/sbin/arptables-restore < $ARPTABLES_CONFIG && \
 			success || \
 			failure
-		echo
 		touch /var/lock/subsys/arptables
 	else
 		failure
-		echo
+		echo "Configuration file /etc/sysconfig/arptables missing"
-		echo $"Configuration file /etc/sysconfig/arptables missing"
 		exit 6
 	fi
 }
 
 stop() {
-	echo -n $"Removing user defined chains:"
+	printf "Removing user defined chains: "
 	arptables -X && success || failure
-	echo -n $"Flushing all chains:"
+	printf "Flushing all chains: "
 	arptables -F && success || failure
-	echo -n $"Resetting built-in chains to the default ACCEPT policy:"
+	printf "Resetting built-in chains to the default ACCEPT policy: "
 	arptables -P INPUT ACCEPT && \
 		arptables -P OUTPUT ACCEPT && \
 		success || \
 		failure
-	echo
 	rm -f /var/lock/subsys/arptables
 }
 

iptables.spec

@@ -11,7 +11,7 @@ Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 URL: https://www.netfilter.org/projects/iptables
 Version: 1.8.7
-Release: 8%{?dist}
+Release: 9%{?dist}
 Source: %{url}/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -418,6 +418,9 @@ fi
 
 
 %changelog
+* Wed Jun 16 2021 Phil Sutter <psutter@redhat.com> - 1.8.7-9
+- Remove bashisms from arptables-nft-helper
+
 * Fri May 07 2021 Phil Sutter <psutter@redhat.com> - 1.8.7-8
 - iptables.init: Fix functionality for iptables-nft
 - iptables.init: Ignore sysctl files not suffixed '.conf'

tests/ip6tables-do-not-accept-dst-or-src-direction-on-ip6sets/Makefile

@@ -53,7 +53,7 @@ $(METADATA): Makefile
 	@echo "Type:            Regression" >> $(METADATA)
 	@echo "TestTime:        5m" >> $(METADATA)
 	@echo "RunFor:          iptables" >> $(METADATA)
-	@echo "Requires:        iptables bridge-utils ipset" >> $(METADATA)
+	@echo "Requires:        iptables iproute ipset" >> $(METADATA)
 	@echo "Priority:        Normal" >> $(METADATA)
 	@echo "License:         GPLv2+" >> $(METADATA)
 	@echo "Confidential:    no" >> $(METADATA)

tests/ip6tables-do-not-accept-dst-or-src-direction-on-ip6sets/runtest.sh

@@ -38,7 +38,7 @@ rlJournalStart
         rlRun "pushd $TmpDir"
         rlRun "ip6tables-save > ip6tables.backup"
         rlRun "iptables-save > iptables.backup"
-        rlRun "brctl addbr testbr" 0 "create bridge iface"
+        rlRun "ip link add dev testbr type bridge" 0 "create bridge iface"
     rlPhaseEnd
 
     rlPhaseStartTest
@@ -75,7 +75,7 @@ rlJournalStart
         rlRun "ip6tables-restore < ip6tables.backup"
         rlRun "iptables-restore < iptables.backup"
         rlRun "ip link set down dev testbr"
-        rlRun "brctl delbr testbr" 0 "remove bridge iface"
+        rlRun "ip link del testbr" 0 "remove bridge iface"
         rlRun "ipset destroy ipsetv6" 0 "remove ipv6 ipset"
         rlRun "ipset destroy ipsetv4" 0 "remove ipv4 ipset"
         rlRun "popd"

tests/tests.yml

@@ -10,7 +10,6 @@
         - iptables-services # multiple tests need iptables/ip6tables config files
         - initscripts       # multiple tests need system command
         - libcgroup-tools   # backport-iptables-add-libxt-cgroup-frontend needs cg* commands
-        - bridge-utils      # ip6tables-do-not-accept-dst-or-src-direction-on-ip6sets needs brctl command
         - ipset             # multiple tests need ipset command
         - strace            # xtables-tools-locking-vulnerable-to-local-DoS needs strace command
         - policycoreutils   # initscript-sanity needs restorecon command