gentoo auto-resync : 20:02:2024 - 11:40:01

6 files changed, 11 insertions, 263 deletions

diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index c932b4c9516d..751f3164be40 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,10 +1,6 @@
 AUX ip6tables-r1.confd 899 BLAKE2B d8c72df359a35798d7a92958ba9a620ab580427a06765850928181d7b4cc25455c586daaad88bd20e61a9c9218dbc0895de38b006526bb04f4f2e998d8062fbe SHA512 553ddf83558edaccf891a366175e47aad950853be0de556581cfa08f614afa1f4139c94b8d8d2884ed69018513edeb966331d4d6a615829ada65fac2066840e5
 AUX iptables-1.8.2-link.patch 785 BLAKE2B 2ef5ac495260eef324f341d5d807e8c59afee8ac4853b46ef8c88765ed786396888d0bcd15822765da5584c25c6cdbbbc6b8b85eb0b8dbdd9b300662b1d59479 SHA512 10f6fdc4e4a37a0becb87f99c49888df366248f02b17037faf83068ef00824ecb61022a40b5551f9c8d2db22262ad738d554296bd6b78765dd5f8baf524b2388
 AUX iptables-1.8.4-no-symlinks.patch 800 BLAKE2B 721d2dcc881f781031d2be48659dcd54568b3e8c25ad19d0505699f0cf8276990b41f2ddf9d5eda5c2a77f66ae9a16ae542c42c6fc2d91b085cc5922121f9b00 SHA512 79601d8a8a352f82f0f3eaf85a7b1f830c9ddc400ae0fadaf08eb1848bb9a2801a886b2b0803bf498e353db1828c0976aa8d30c9ece5fdcf61a203070ed4d7cd
-AUX iptables-1.8.8-format-security.patch 639 BLAKE2B df5c843d0cd6634740b372300263dd19df3289466ad83d3a10ba9f270519d738d90152cdef273d07c94502166082d6fa5a8908b603289e6d4c9bc9d6987b8b16 SHA512 6e1da61b648259dac02662eee995f9b5117bc8b8c028f0e2afc3346d82a94b7e7faf8ae5cfd484b7dd1a6530973191c1f147579f11e57ebda945115b40134094
-AUX iptables-1.8.8-musl-headers.patch 2061 BLAKE2B 6876d083d179a055c60422397e67a24137ae5bb72cba02f732d4dd7313171c10717202a41f1256196d5b64bc29d22e98d8d0eb9861130fa93481b527d0117e96 SHA512 136f3c7dae7c88739ed1c2d2c14e9a8381013c8a376bee80a7f994098810bb61d76dd143dc65430f0ec7b44d542b64242dd947134936468155840a4a26e6ce79
-AUX iptables-1.8.8-out-of-tree-build.patch 1058 BLAKE2B 5a358632780b607533033dc3bf6b6e24ac1af49dbbc26afae05668187c2a4072dba1cdbf51647b6b5f7c5f68e5a3d64fa82b5b0477d3cd4e936d466b731707fb SHA512 453ed9a2b3b2dddb3ccc9a099386c28290416ea356884084fd4d9bd2b026e21732b91f020fbe55de12ba970b815993f2e3a18a52a6774ab7738383e2f144a973
-AUX iptables-1.8.8-uint-musl.patch 4607 BLAKE2B 8ca4ba2fec97e99e1f57d9d1f376dbdab53a698279534879163ad5dade629cda3ac232df54d57ae75e589c2327492953e0c30356bdc4367b9a1474afc259136c SHA512 01d3af7330334b5002ec9d50e4b469651148b911d9ab5d45d5a2cd08e72c3be5e770c047cbc337485e40cb622ee470faa9ed91b53ca59e09a1c197bf5df48a9a
 AUX iptables-1.8.9-fix-checking-existence-of-rule.patch 1239 BLAKE2B 664a47b1c0f2360493dce886c6dcf8cfbf165eb1a490cf7cf8d182073b0256bb140a547f9b8ce79d26424e9bb76047b41582a3a7b7f7f5e1301269a849d4389a SHA512 63e6dfba096c163995760a7a1a8881c90a61e7a247f1c87ef3f162597e2e1161e2c5438e1e467c6e600847e011430520556315d1aae72baac005dede1f69f7cc
 AUX iptables-1.8.9-format-security.patch 870 BLAKE2B fc33c16eae1c77a5714ecb3f7bbb859dfe64b9506ac82a6d8f91f206d24a5ebf66664e141b60e4580e59bd85314d27df5edf6bd11511ffa4dab7deaf833ccb93 SHA512 7551438de030506e4fe462a715f6a16637991f90cfaddc352a95c0341c72ae7d90728bc0a4e56da2cc108ff2c4e3f9e92451fb6dc65633d47973694550fd08b4
 AUX iptables-r1.confd 890 BLAKE2B 0aaca870e3c03f19a71cf1b210377dfda320faf118359e298bef419eaf280fd11c9726d200ae89602e863c9b48de0bb51ac05424b50c064afe948a980e300153 SHA512 10002da01ded6be0e9bca6041798ad0859fa2212fde077a048443e4f3012c95d86e4580ae426e87af5891368062af9af6f9fd35ed617d24cdd3c51702b816b13
@@ -14,10 +10,9 @@ AUX systemd/ip6tables-store.service 243 BLAKE2B 30a0d955998a2a664c6a95b8e559898a
 AUX systemd/iptables-restore.service 400 BLAKE2B cd7f700cf717a2efb6504770308f7dcb90a1968f64cca98ea5e7437cf3cf2a2e8f575e3743ac19eec8738c665f4243f537a101c00d5d1cc94648688d4e240a59 SHA512 8c005e321ad041068f243e4baa6588b24b0ffd69991f2129dfab0a34d0ebaf702ff2be8b7328126c84abdc3bbd300e1c387a690c5f6a002b50b2e9148feeb8ef
 AUX systemd/iptables-store.service 240 BLAKE2B 7ddb4425e63cd41f421767fab25a7b055087fddde5927291b3fce6e0e978f0cb3b734bcacf02f78257eec99274056b69058436a847dcb366f5fb70032e410355 SHA512 a720e92b5571a2c3427101105e95e555f3b72541a53c5daa43e361c99ca28830e9e8dd27dbd7cfed40fbbe289ed180f9be7e0f3b6b0cd19bba022a531815fd5e
 DIST iptables-1.8.10.tar.xz 641168 BLAKE2B 417b33fcfc7edeba169caef26ed0322798f6b82500840509f6c10b97b4ef3f11932c0393fc8dcc5946264442bf8ee959a594b6fbd5dc92012cfad30edf130520 SHA512 71e6ed2260859157d61981a4fe5039dc9e8d7da885a626a4b5dae8164c509a9d9f874286b9468bb6a462d6e259d4d32d5967777ecefdd8a293011ae80c00f153
-DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59
 DIST iptables-1.8.9.tar.xz 637848 BLAKE2B 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e86976b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1 SHA512 e367bf286135e39b7401e852de25c1ed06d44befdffd92ed1566eb2ae9704b48ac9196cb971f43c6c83c6ad4d910443d32064bcdf618cfcef6bcab113e31ff70
+EBUILD iptables-1.8.10-r1.ebuild 4575 BLAKE2B 7462aae70105c7e17627352b40387981f737ca73bc4d90a79f844c7894392a0d6b2c16e89df4300f5f743077abfae52cfff54c070801cb29bab264012cd41eeb SHA512 4063436980926c496fed66ed98497b2a7ed6174fc2d9b5de1d8991fff08bdbd8e2b4e9cd66d3d84fd07aecb62c715d35234210b8148cf2c8378e4759522b0f06
 EBUILD iptables-1.8.10.ebuild 4672 BLAKE2B 08a99d7350339256feceb818ddff4c4ddb9c3a50595fed8f2f0fe2d6fdcbc05187f3245c8615288bb6768b9465279100371b067a39d64c8ba0a41591db169e73 SHA512 a774e1fc76a501748cb8151b2cae33f6a219d7b673f3d0426355d66a12ff9994650255e6cc43b55a61297a4af6e5d674773b23ece20a15ee3e671b735e7b3c8d
-EBUILD iptables-1.8.8-r5.ebuild 4739 BLAKE2B 4345d633b233c0640035f83799013fb14ca2e1aa993472adbc2d730556f10b435609e1950791a5f914958d0464db227473ef36b3f37f10c734697ba1f6ff5152 SHA512 0a1f812081ce8a6481e64582a5ee1b1a7e4693d7728fed7c3f265b71e43334261e9694a8b0ccb06ff354f67e9cda729f7b2ad25c82cfcea47b72f427dbd165dc
 EBUILD iptables-1.8.9-r2.ebuild 4681 BLAKE2B 7351c269b83c5cd41547e0bee5d5b55e0c1fe51ee316fb96b2db4c1689550db79970f3f8a2b20cba2fb4990157328f0115529a8fa467048cf1f6a03b648ee9fa SHA512 5003888f620e3fb68ba0b4bf482771607f0010274369ea25fed9cfe8ba8265c08421f099edb0b361f5f24fb95a408b9209e231336acda183b929c91f246d0d20
 EBUILD iptables-1.8.9.ebuild 4556 BLAKE2B 76c710543d3aaa744ea299126cb97ac793f7c7c382cadbaab6e378d4249901d65cc7eb0ab9bf95e0571fd6902c74f5b207b3a6b4297f67d22743d52eed5419a3 SHA512 73c363ceec2be0a032088a9ddcbf7b4c6abf0886f32d59fb20369f6a816f3e29025a938e5c9326d36e4032a8a2c2795c61e625556c7e4614021e3fec6378c258
 MISC metadata.xml 1466 BLAKE2B 7378fedb44c6e6d19e508a764ec997911f966beccd40b1f93096ad3343b7cd72f9ca129e67a666c54ca4382348a448597bd607197ffe6b94669d84306c81d127 SHA512 f89038980e81bfceaf872ff1938c47e8ad12060bbe9ff48e0e9ca9dd5acc0196b2261d2b22a156cbfd7be89d1d67448969d39ff9b28efb0896702760afa14842
diff --git a/net-firewall/iptables/files/iptables-1.8.8-format-security.patch b/net-firewall/iptables/files/iptables-1.8.8-format-security.patch
deleted file mode 100644
index fafc435379b5..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-format-security.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=b72eb12ea5a61df0655ad99d5048994e916be83a
-
-From: Phil Sutter <phil@nwl.cc>
-Date: Fri, 13 May 2022 16:51:58 +0200
-Subject: xshared: Fix build for -Werror=format-security
-
-Gcc complains about the omitted format string.
-
-Signed-off-by: Phil Sutter <phil@nwl.cc>
---- a/iptables/xshared.c
-+++ b/iptables/xshared.c
-@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args *args, const char *arg)
- 		return;
- 
- 	if (args->family != NFPROTO_ARP)
--		xtables_error(PARAMETER_PROBLEM, msg);
-+		xtables_error(PARAMETER_PROBLEM, "%s", msg);
- 
- 	fprintf(stderr, "%s", msg);
- }
-cgit v1.2.3
diff --git a/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch b/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch
deleted file mode 100644
index 52e2c7019972..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=0e7cf0ad306cdf95dc3c28d15a254532206a888e
-https://bugs.gentoo.org/846377
-
-From: Phil Sutter <phil@nwl.cc>
-Date: Wed, 18 May 2022 16:04:09 +0200
-Subject: Revert "fix build for missing ETH_ALEN definition"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This reverts commit c5d9a723b5159a28f547b577711787295a14fd84 as it broke
-compiling against musl libc. Might be a bug in the latter, but for the
-time being try to please both by avoiding the include and instead
-defining ETH_ALEN if unset.
-
-While being at it, move netinet/ether.h include up.
-
-Fixes: 1bdb5535f561a ("libxtables: Extend MAC address printing/parsing support")
-Signed-off-by: Phil Sutter <phil@nwl.cc>
-Reviewed-by: Maciej Żenczykowski <maze@google.com>
---- a/libxtables/xtables.c
-+++ b/libxtables/xtables.c
-@@ -28,6 +28,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
-+#include <netinet/ether.h>
- #include <sys/socket.h>
- #include <sys/stat.h>
- #include <sys/statfs.h>
-@@ -45,7 +46,6 @@
- 
- #include <xtables.h>
- #include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */
--#include <linux/if_ether.h> /* ETH_ALEN */
- #include <linux/netfilter_ipv4/ip_tables.h>
- #include <linux/netfilter_ipv6/ip6_tables.h>
- #include <libiptc/libxtc.h>
-@@ -72,6 +72,10 @@
- #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe"
- #endif
- 
-+#ifndef ETH_ALEN
-+#define ETH_ALEN 6
-+#endif
-+
- /* we need this for ip6?tables-restore.  ip6?tables-restore.c sets line to the
-  * current line of the input file, in order  to give a more precise error
-  * message.  ip6?tables itself doesn't need this, so it is initialized to the
-@@ -2245,8 +2249,6 @@ void xtables_print_num(uint64_t number, unsigned int format)
- 	printf(FMT("%4lluT ","%lluT "), (unsigned long long)number);
- }
- 
--#include <netinet/ether.h>
--
- static const unsigned char mac_type_unicast[ETH_ALEN] =   {};
- static const unsigned char msk_type_unicast[ETH_ALEN] =   {1};
- static const unsigned char mac_type_multicast[ETH_ALEN] = {1};
-cgit v1.2.3
diff --git a/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch b/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch
deleted file mode 100644
index ee9e218b5dbd..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=0ebf52fc951b2a4d98a166afb34af4f364bbeece
-
-From: Ben Brown <ben@demerara.io>
-Date: Wed, 25 May 2022 16:26:13 +0100
-Subject: build: Fix error during out of tree build
-
-Fixes the following error:
-
-    ../../libxtables/xtables.c:52:10: fatal error: libiptc/linux_list.h: No such file or directory
-       52 | #include <libiptc/linux_list.h>
-
-Fixes: f58b0d7406451 ("libxtables: Implement notargets hash table")
-Signed-off-by: Ben Brown <ben@demerara.io>
-Signed-off-by: Phil Sutter <phil@nwl.cc>
---- a/libxtables/Makefile.am
-+++ b/libxtables/Makefile.am
-@@ -1,7 +1,7 @@
- # -*- Makefile -*-
- 
- AM_CFLAGS   = ${regular_CFLAGS}
--AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables ${kinclude_CPPFLAGS}
-+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables -I${top_srcdir} ${kinclude_CPPFLAGS}
- 
- lib_LTLIBRARIES       = libxtables.la
- libxtables_la_SOURCES = xtables.c xtoptions.c getethertype.c
-cgit v1.2.3
diff --git a/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch b/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch
deleted file mode 100644
index 40302f624e23..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=f319389525b066b7dc6d389c88f16a0df3b8f189
-
-From: Nick Hainke <vincent@systemli.org>
-Date: Mon, 16 May 2022 18:16:41 +0200
-Subject: treewide: use uint* instead of u_int*
-
-Gcc complains about missing types. Some commits introduced u_int* instead
-of uint*. Use uint treewide.
-
-Fixes errors in the form of:
-In file included from xtables-legacy-multi.c:5:
-xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'?
-    83 | set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
-        |                                                        ^~~~~~~~~
-        |                                                        uint16_t
-make[6]: *** [Makefile:712: xtables_legacy_multi-xtables-legacy-multi.o] Error 1
-
-Avoid libipq API breakage by adjusting libipq.h include accordingly. For
-arpt_mangle.h kernel uAPI header, apply same change as in kernel commit
-e91ded8db5747 ("uapi: netfilter_arp: use __u8 instead of u_int8_t").
-
-Signed-off-by: Nick Hainke <vincent@systemli.org>
-Signed-off-by: Phil Sutter <phil@nwl.cc>
---- a/extensions/libxt_conntrack.c
-+++ b/extensions/libxt_conntrack.c
-@@ -778,7 +778,7 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
- 
- static void
- conntrack_dump_ports(const char *prefix, const char *opt,
--		     u_int16_t port_low, u_int16_t port_high)
-+		     uint16_t port_low, uint16_t port_high)
- {
- 	if (port_high == 0 || port_low == port_high)
- 		printf(" %s%s %u", prefix, opt, port_low);
---- a/include/libipq/libipq.h
-+++ b/include/libipq/libipq.h
-@@ -24,7 +24,7 @@
- #include <errno.h>
- #include <unistd.h>
- #include <fcntl.h>
--#include <sys/types.h>
-+#include <stdint.h>
- #include <sys/socket.h>
- #include <sys/uio.h>
- #include <asm/types.h>
-@@ -48,19 +48,19 @@ typedef unsigned long ipq_id_t;
- struct ipq_handle
- {
- 	int fd;
--	u_int8_t blocking;
-+	uint8_t blocking;
- 	struct sockaddr_nl local;
- 	struct sockaddr_nl peer;
- };
- 
--struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol);
-+struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol);
- 
- int ipq_destroy_handle(struct ipq_handle *h);
- 
- ssize_t ipq_read(const struct ipq_handle *h,
-                 unsigned char *buf, size_t len, int timeout);
- 
--int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len);
-+int ipq_set_mode(const struct ipq_handle *h, uint8_t mode, size_t len);
- 
- ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf);
- 
---- a/include/libiptc/libxtc.h
-+++ b/include/libiptc/libxtc.h
-@@ -10,7 +10,7 @@ extern "C" {
- #endif
- 
- #ifndef XT_MIN_ALIGN
--/* xt_entry has pointers and u_int64_t's in it, so if you align to
-+/* xt_entry has pointers and uint64_t's in it, so if you align to
-    it, you'll also align to any crazy matches and targets someone
-    might write */
- #define XT_MIN_ALIGN (__alignof__(struct xt_entry))
---- a/include/linux/netfilter_arp/arpt_mangle.h
-+++ b/include/linux/netfilter_arp/arpt_mangle.h
-@@ -13,7 +13,7 @@ struct arpt_mangle
- 	union {
- 		struct in_addr tgt_ip;
- 	} u_t;
--	u_int8_t flags;
-+	__u8 flags;
- 	int target;
- };
- 
---- a/iptables/xshared.c
-+++ b/iptables/xshared.c
-@@ -1025,7 +1025,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] =
- };
- 
- void
--set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
-+set_option(unsigned int *options, unsigned int option, uint16_t *invflg,
- 	   bool invert)
- {
- 	if (*options & option)
---- a/iptables/xshared.h
-+++ b/iptables/xshared.h
-@@ -80,7 +80,7 @@ struct xtables_target;
- #define IPT_INV_ARPHRD		0x0800
- 
- void
--set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
-+set_option(unsigned int *options, unsigned int option, uint16_t *invflg,
- 	   bool invert);
- 
- /**
---- a/libipq/ipq_create_handle.3
-+++ b/libipq/ipq_create_handle.3
-@@ -24,7 +24,7 @@ ipq_create_handle, ipq_destroy_handle \(em create and destroy libipq handles.
- .br
- .B #include <libipq.h>
- .sp
--.BI "struct ipq_handle *ipq_create_handle(u_int32_t " flags ", u_int32_t " protocol ");"
-+.BI "struct ipq_handle *ipq_create_handle(uint32_t " flags ", uint32_t " protocol ");"
- .br
- .BI "int ipq_destroy_handle(struct ipq_handle *" h );
- .SH DESCRIPTION
---- a/libipq/ipq_set_mode.3
-+++ b/libipq/ipq_set_mode.3
-@@ -24,7 +24,7 @@ ipq_set_mode \(em set the ip_queue queuing mode
- .br
- .B #include <libipq.h>
- .sp
--.BI "int ipq_set_mode(const struct ipq_handle *" h ", u_int8_t " mode ", size_t " range );
-+.BI "int ipq_set_mode(const struct ipq_handle *" h ", uint8_t " mode ", size_t " range );
- .SH DESCRIPTION
- The
- .B ipq_set_mode
-cgit v1.2.3
diff --git a/net-firewall/iptables/iptables-1.8.8-r5.ebuild b/net-firewall/iptables/iptables-1.8.10-r1.ebuild
index cf0ad131a044..4dc9d9c412ed 100644
--- a/net-firewall/iptables/iptables-1.8.8-r5.ebuild
+++ b/net-firewall/iptables/iptables-1.8.10-r1.ebuild
@@ -3,25 +3,28 @@
 
 EAPI=8
 
-inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
+inherit systemd toolchain-funcs autotools flag-o-matic
 
 DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
 HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.xz"
 
 LICENSE="GPL-2"
 # Subslot reflects PV when libxtables and/or libip*tc was changed
 # the last time.
 SLOT="0/1.8.3"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="conntrack netlink nftables pcap static-libs"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="conntrack netlink nftables pcap static-libs test"
+RESTRICT="!test? ( test )"
+# TODO: skip tests needing nftables if no xtables-nft-multi (bug #890628)
+REQUIRED_USE="test? ( conntrack nftables )"
 
 COMMON_DEPEND="
 	conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
 	netlink? ( net-libs/libnfnetlink )
 	nftables? (
 		>=net-libs/libmnl-1.0:=
-		>=net-libs/libnftnl-1.1.6:=
+		>=net-libs/libnftnl-1.2.6:=
 	)
 	pcap? ( net-libs/libpcap )
 "
@@ -46,13 +49,7 @@ RDEPEND="
 IDEPEND=">=app-eselect/eselect-iptables-20220320"
 
 PATCHES=(
-	"${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
-	"${FILESDIR}/iptables-1.8.2-link.patch"
-
-	"${FILESDIR}/${P}-format-security.patch"
-	"${FILESDIR}/${P}-uint-musl.patch"
-	"${FILESDIR}/${P}-musl-headers.patch"
-	"${FILESDIR}/${P}-out-of-tree-build.patch"
+	"${FILESDIR}"/${PN}-1.8.4-no-symlinks.patch
 )
 
 src_prepare() {
@@ -102,7 +99,7 @@ src_install() {
 	# https://bugs.gentoo.org/881295
 	rm "${ED}/usr/bin/iptables-xml" || die
 
-	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+	dodoc iptables/iptables.xslt
 
 	# All the iptables binaries are in /sbin, so might as well
 	# put these small files in with them
@@ -132,9 +129,6 @@ src_install() {
 
 	systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service
 
-	# Move important libs to /lib, bug #332175
-	gen_usr_ldscript -a ip{4,6}tc xtables
-
 	find "${ED}" -type f -name "*.la" -delete || die
 }