gentoo resync 31.01.2019

7 files changed, 591 insertions, 3 deletions

diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index 6bbb398b8522..1bad5acb22ef 100644
--- a/net-firewall/Manifest.gz
+++ b/net-firewall/Manifest.gz
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index fd5d5e42b914..6133c590408e 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -12,5 +12,6 @@ EBUILD nftables-0.8-r3.ebuild 1959 BLAKE2B a029fd4444f5aeddedfbdcb3659f879c4a8f6
 EBUILD nftables-0.8.5.ebuild 1937 BLAKE2B b24ea2b8978dc0294c2d27a90aa205916ddeb04c2b66f0adc7e870705a6ffac8ac0e3bf5a95e3c79c27965f780c0ca94ba21bcb5abad49ce49b50ff00c2046fd SHA512 f5f461225c68ed17450380d467f79d87302f0d1c1d69ddb15f90b6a938ea79906e165e6564db8135f07eafc35fb89acfab7659a97d62c7c71ac0376953ff6954
 EBUILD nftables-0.9.0-r1.ebuild 2079 BLAKE2B 303d82b14d13f49c7ed5222d69025eaf0d73e3ec617655b33224b8a1f14e4a16a9d9e71a60270cb3e015bb009efb43ccb419a722a4780cdba50cc2ea341a3eda SHA512 68386a156baa050c83f6233516f8e37f871a2be203d71c751eeefbfbbfe52f114201c2a6eced8bfa194ca8e87c9ad62d6370096c0ceab6e60927cf236c12dfe6
 EBUILD nftables-0.9.0-r3.ebuild 2343 BLAKE2B d726f8bef9ddd5860fff0d91cf29185a32432fc24ad31b173330dd4f881809f66e62e805dcbb9d1e4bbc9f0c3c8185ceadaa4db7882266a1747f9d5f522e1e9e SHA512 953a2e64cf4ddc2591335b245ca8a0b18056cb55c46f7796fd1e4de2f774ab3bb2b3bb6be70b49c7c7d1b4d4780f1e5e3335b84d1d97e9a4a99443aecadc91e1
+EBUILD nftables-0.9.0-r4.ebuild 2494 BLAKE2B 7afd80b8e98ca1c45f3024fad2d0cc05a9f198f10a779e410ce9b7d8a4df7f5b13e67dd3c24a985207ec24bd2aac4e59cc5eb7265f9d29b165a8258aec79e335 SHA512 3a27cb493a3d1e386c845891fdcc66b112e724c08258bfea8d7cd7dd8977704bd08efd6ce504b3132d7421a79117c4fee4864fa547f8f4d968676b664cd754cd
 EBUILD nftables-0.9.0.ebuild 1989 BLAKE2B 3c1e318030d8287b0db2b2ebda3e528703ac73bdf146c147c5c7f8929e9339f9c4c6df08fc829a0ad55f4634b0910e8acfeeb9a31577ba6e61663839c6978a5f SHA512 627c70f4bb60fdbea3f57e676acfb84ed0a4779b6b98b352be766463ca2c564ebcd1a540719e2085b59b8b87fd8dfe7bb1cc6b6d91ec5fe4aac79f53c3c1c496
 MISC metadata.xml 701 BLAKE2B 14244e9f37e87bc6e4a9cc917b7f2e55bcb61135af3a9ff258334ef9d40ade40312760f30ddab907d75f4c4492cc8d8d2217d022f5e04672988c25d65ec1d85a SHA512 070e4dcaf6f323f93fac80352d2c2ae1512611ffc3261e7b3c85acee9f490f90e238b39aad2a7d4959c75fe7c96545b8c12318b09d4c56d8116df80364bf09a6
diff --git a/net-firewall/nftables/nftables-0.9.0-r4.ebuild b/net-firewall/nftables/nftables-0.9.0-r4.ebuild
new file mode 100644
index 000000000000..6578419d4fef
--- /dev/null
+++ b/net-firewall/nftables/nftables-0.9.0-r4.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools linux-info systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ia64 ~x86"
+IUSE="debug doc +gmp json +modern_kernel +readline"
+
+RDEPEND=">=net-libs/libmnl-1.0.3:0=
+	gmp? ( dev-libs/gmp:0= )
+	json? ( dev-libs/jansson )
+	readline? ( sys-libs/readline:0= )
+	>=net-libs/libnftnl-1.1.1:0="
+
+DEPEND="${RDEPEND}
+	>=app-text/docbook2X-0.8.8-r4
+	doc? ( >=app-text/dblatex-0.3.7 )
+	sys-devel/bison
+	sys-devel/flex
+	virtual/pkgconfig"
+
+S="${WORKDIR}/v${PV}"
+
+pkg_setup() {
+	if kernel_is ge 3 13; then
+		if use modern_kernel && kernel_is lt 3 18; then
+			eerror "The modern_kernel USE flag requires kernel version 3.18 or newer to work properly."
+		fi
+		CONFIG_CHECK="~NF_TABLES"
+		linux-info_pkg_setup
+	else
+		eerror "This package requires kernel version 3.13 or newer to work properly."
+	fi
+}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		--sbindir="${EPREFIX}"/sbin
+		$(use_enable debug)
+		$(use_enable doc pdf-doc)
+		$(use_with !gmp mini_gmp)
+		$(use_with json)
+		$(use_with readline cli)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	local mksuffix=""
+	use modern_kernel && mksuffix="-mk"
+
+	exeinto /usr/libexec/${PN}
+	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
+	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
+	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
+	keepdir /var/lib/nftables
+
+	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+	docinto /usr/share/doc/${PF}/skels
+	dodoc "${D}"/etc/nftables/*
+	rm -R "${D}"/etc/nftables
+}
+
+pkg_postinst() {
+	local save_file
+	save_file="${EROOT%/}/var/lib/nftables/rules-save"
+
+	# In order for the nftables-restore systemd service to start
+	# the save_file must exist.
+	if [[ ! -f ${save_file} ]]; then
+		touch ${save_file}
+	fi
+
+	elog "If you wish to enable the firewall rules on boot (on systemd) you"
+	elog "will need to enable the nftables-restore service."
+	elog "    'systemd_enable_service basic.target ${PN}-restore.service'"
+	elog
+	elog "If you are creating firewall rules before the next system restart "
+	elog "the nftables-restore service must be manually started in order to "
+	elog "save those rules on shutdown."
+}
diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest
index 9caf45b90479..218d0c181e88 100644
--- a/net-firewall/shorewall/Manifest
+++ b/net-firewall/shorewall/Manifest
@@ -16,11 +16,19 @@ AUX shorewall6-lite.systemd 612 BLAKE2B e658af2b6d399fe527a58201b80997651954df67
 AUX shorewall6.systemd 577 BLAKE2B 5c755c0105954a34e39e077af0e012d9d6e647715a4b12fbae4fc47f4ae19afd6a63266b3684ddead689b2d4f7450b7a12906258fc86ef33fc36a4dac3771274 SHA512 96b69df246a18e8b7dbfdbe78959da1baa8f2a97eb290853d4040a895f2ae91b97addd2ab4e4e19345960ffe8f1b099442f40ce319b27f0d4d8d7d4780d2e78d
 AUX shorewallrc-r3 2035 BLAKE2B 6f4e4c93cee1f25405cc3ac76958064f1241a325c8b530c30f6dbd94423577d592e88613f463c4b41c1af1db22c7e53512fd8509931bb6527a8da669f2dbe773 SHA512 eaa32bf6baca0d3555db918d6221c7678f5ba67e78bf9dcdc1bf96deded8f64838d3a332226fa6605f0c1ae82e51e0f2c1540fa6188fd9bced22460a631f48a8
 DIST shorewall-5.2.1.4.tar.bz2 554756 BLAKE2B cfbc917fb12049a0e8817c478fcccb93b02634ad9aebcd31a839f934e52890f6c20dc2a7d10742d4e10ac0adb1500d9e6445b43390db5bc28874e610b9c07939 SHA512 3682399ddc743c03965e0c0c26b5714e611d186bddf9169524268488cc4f2d6e9e9fb3b2a4c24408cc247ce7d32f793fb35090f85b73a645bb0dd0e99c671564
+DIST shorewall-5.2.2.tar.bz2 557248 BLAKE2B d4fface30ef1bbeefda716b00373e686db73bd29bd2597d3f9950c5f4b3208205be8f321e84749fb92313633f7a6a2a37a493e4a826790d82e6bc6a8dd18bbd3 SHA512 0c4c3e51c2517a56fda2335f433033c8db66fcb843484b928979627b213be4e24408deb1e49df56f9a96e6b9c2a95d74789f07a365d4c4e6f17db96915520598
 DIST shorewall-core-5.2.1.4.tar.bz2 78957 BLAKE2B 7310813f4c4ac57378ed9565b1aa32fc3db3bcf9e1dc6e6307a7c399465a051110262dcb78c6d465a6227beeadc1f5c4a82d204c1926f66bcecf5469dc44b5e3 SHA512 9418cb6ef14def2a1a2c7879c6364881d80245ff5a59996bb71d093c14e67c6ce1d462d0217f0ae8574e9a916d3796f945dbececbe6b9851f892022f29a389c9
+DIST shorewall-core-5.2.2.tar.bz2 68223 BLAKE2B 33bc2b8a2ec2f76a909ddd73199462a470ed631029cebae37ca4a43d64a217e6e20fe0aa4c3002a2a5d0d3894a23634f45b4d5ecd916b96db44d3abcbd2fee58 SHA512 607fee1d17bb777e95346867d4dfeac5063f353d6bac6bc6ea625841746bb66a9959cd436a7340c18258188771bddf916e004ba81f256f01699cfda9c909cf7d
 DIST shorewall-docs-html-5.2.1.4.tar.bz2 4303361 BLAKE2B 22f7a94d9cb0de5ee9903e8d05498a6a6de6ea643f2d08b709bf9f8dd516ba507f80ed11207973884905421443eedf56e3693b9e42f5f372515b957e2be8132c SHA512 44bb66feecac927de6fe1cdfba9247e9f01c982c3b105f7cd68348fee0803b9b7bd76e7551528e0b2d6ff8e65e6ebf8a05c26831871a98565374692d6405f34a
+DIST shorewall-docs-html-5.2.2.tar.bz2 4302493 BLAKE2B 49c8f44aaeb3d06330ea293fafb7535096355bd4a151d8b4dfbc476d1e92c785360474d1b86754247ccff1f7198fd7f6f8e17da608f41a76642e73cafbdea65b SHA512 ea7fa5f6df6413e33c5fa9f043973c70351c9c99fe8e6095ccbe3e5b6e4667c4f89907fc995ab252c6a1aee5652b496e96d4e38b898ddd41b9e220f4edefa93e
 DIST shorewall-init-5.2.1.4.tar.bz2 34088 BLAKE2B f285b04e448584fe1f9a5528b6ddb6e16cbedcfda51f9c9925228835b2b065c658e9314ecad23364dc4ee21579fa113fe5a1c5581ea3e7c310d12744de64798d SHA512 58044bbcd2f30aaecb3c02374ca21a51b6f5fee49e9cf9565444649d64e3babd3070a72eddaccb52224201064e8642f9bcd9979bde41c13bfe10438720911d24
+DIST shorewall-init-5.2.2.tar.bz2 33578 BLAKE2B d8eb427e482f01fc59412b08cd58dc2317157570b266e5950ee34d17d504d9dfd886ecbfc861bc83b445b44b2cf85831ec2462acd54c9be519263e340af0d827 SHA512 4aaee33f2f6944498c88938796e987f05e16f2a4a761b1ec14a293ffd293d688bf39f913c426168a7162f3b0dba6679dc0392d9248bd43f678dd42e9532afbbe
 DIST shorewall-lite-5.2.1.4.tar.bz2 39858 BLAKE2B dcaf1adfc20640c22cdca20e2b786ec4ad2736567c0c5eec6cd22a95f0b0c461b24826afa933eac7a1ecffd836da55b8053a1370623d73dd6434b91d59d63e36 SHA512 25712a264ee615b4b0ae038836636ea07f4fedca721759b3860912838ef1aee4535831ed4dd8abd670e082e9f59bd52ac00fb0fd1c5907786bb239e270d5fdf1
+DIST shorewall-lite-5.2.2.tar.bz2 39421 BLAKE2B 6d24b62c54eed028785b6eb581be4659c1110c5e7d85caf3382b814edce0046064798a1ffb5100f04bc48bbac877969913f03e19883c33563bc7dfdb0bc48a3d SHA512 e49ee3eee13a4fe801c5d86aa85747a9543882a49b40454dad62154f772dc47adea84e967a4ef30b8c4c3e9964a04c76a794a318affe8eaac6cc107b255cca4a
 DIST shorewall6-5.2.1.4.tar.bz2 191855 BLAKE2B 3967e715ca88c85fd05f0cce1d4836c2b7f17b7a7360698c269b109f54dfbac2c4d67958c3c8c2d8cb74b5117d7f8ac30dc9ab3c09d97243cffe21ef3005c7b7 SHA512 8b49f187b7141c3eedb02c64a17fe8fa3f01e4b40b33184c4b4c5914e65557595828f87f3e1534abb973320b7a1103b10296b6dfc316ea78f698aeb61a0d63a1
+DIST shorewall6-5.2.2.tar.bz2 191037 BLAKE2B d774ab42658e2636fc15bc9dc04510c3a3745c9ebe204a27707237c168b476ee4fc247fb55c17b99069348947db1760d23c9f61d70a78231d8928e86eb312560 SHA512 5cf83e8c3fd940a6573de04afd29e37e3aa5d6908fffa276ff338b6818d0200b3d1e556420fcdf6989fe27dbef6e26f5a513ea566d70acb9a7db4bf1c3e6faf4
 DIST shorewall6-lite-5.2.1.4.tar.bz2 39599 BLAKE2B cb0e2b45fecc4c126504f5caafcd291e919542cd08fb53d69f89c11d4bca784744e2c6eedc0e86a234bcfe7dd9baee46498de1600bdba4475be6a705c92faa54 SHA512 a994cc1a37174ac085d784c5638eb9c5713e6f191260857c7b288a5ba5c54e3d99e88fb31a5b887d3d637edbd2ba8c7711575ca323d616f49b7a0595431b6e13
+DIST shorewall6-lite-5.2.2.tar.bz2 39148 BLAKE2B bcb0cb1b23cb4a486faafcfee588e11a6a50f6d151039ef15f396838b828ed803589d205717ad868140cc7d468f9309ac23dd34d307bbd8640a7791728102c55 SHA512 10f96bc42f47adebc581579b28ab2edb79876dccbf0a8c27d46234ac8fb9af8cb03730851188576bdb24278e9b19cb3cdef91bb4873cab0ef82064d54eeb176f
 EBUILD shorewall-5.2.1.4.ebuild 17106 BLAKE2B b8b7c9102d95232a92437c39851ed621d32d53e69cd44f7a6030670dda3db5e66e1a9639e2a434411b4e735189c43cf2ee40b141413cbcd8eb6b9ef5a5b2648e SHA512 40ecf6a362deff9174783baaeb87f418e17af3bd85814b8a20ff898ea531ffb13bfde13e1abe4b276ce7db93972e430ecdc73c8f622331ce05938f301a5a7adf
+EBUILD shorewall-5.2.2.ebuild 17113 BLAKE2B 499f2ed1f9a15e00412508717f6ddc96a45d6e1d36966cf63928aaf4acdfe86b4163a7c25d32ddc7fd0e3ce35ca8fda1596eb18173ba5ee5eff1161af3afb9a3 SHA512 bc791ae04d55763bd44e5200130fffc3b193105ff5993c9e936bb6004c518a0ec7884eb5a5d8589a282980690dfac3164f17d6f3b8df15ad2eba9f1dd42a796d
 MISC metadata.xml 2254 BLAKE2B e9d48407a0f055415070f5b0266ed9f534768f6d17d52b7070de30a037b89dbd08daac40b0ec313b8dfc65ba40ff38dae96c9758b78ec66d100ac8fa6b870d5f SHA512 0a201cf40dd1282b52897f751903baf28a2eb284b94316a45d8af6879f995dde1cdd4a7d474293835a0bde801ce41497bde558a51035a5e3650f0ec098688f33
diff --git a/net-firewall/shorewall/shorewall-5.2.2.ebuild b/net-firewall/shorewall/shorewall-5.2.2.ebuild
new file mode 100644
index 000000000000..b12b3712acbb
--- /dev/null
+++ b/net-firewall/shorewall/shorewall-5.2.2.ebuild
@@ -0,0 +1,482 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info prefix systemd versionator
+
+DESCRIPTION='A high-level tool for configuring Netfilter'
+HOMEPAGE="http://www.shorewall.net/"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux"
+
+MY_PV=${PV/_rc/-RC}
+MY_PV=${MY_PV/_beta/-Beta}
+MY_P=${PN}-${MY_PV}
+
+MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
+MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)
+
+# shorewall
+MY_PN_IPV4=Shorewall
+MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV}
+
+# shorewall6
+MY_PN_IPV6=Shorewall6
+MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV}
+
+# shorewall-lite
+MY_PN_LITE4=Shorewall-lite
+MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV}
+
+# shorewall6-lite
+MY_PN_LITE6=Shorewall6-lite
+MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV}
+
+# shorewall-init
+MY_PN_INIT=Shorewall-init
+MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV}
+
+# shorewall-core
+MY_PN_CORE=Shorewall-core
+MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV}
+
+# shorewall-docs-html
+MY_PN_DOCS=Shorewall-docs-html
+MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV}
+
+# Upstream URL schema:
+# Beta:    $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2
+# RC:      $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2
+# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2
+
+MY_URL_PREFIX=
+MY_URL_SUFFIX=
+if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then
+	MY_URL_PREFIX='development/'
+
+	_tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1))
+	_tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV})
+	if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then
+		MY_URL_SUFFIX="-${_tmp_suffix}"
+	fi
+
+	# Cleaning up temporary variables
+	unset _tmp_last_index
+	unset _tmp_suffix
+else
+	KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+SRC_URI="
+	http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2
+	ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 )
+	ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 )
+	lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 )
+	lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 )
+	init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 )
+	doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 )
+"
+
+# - Shorewall6 requires Shorewall
+# - Installing Shorewall-init or just the documentation doesn't make any sense,
+#   that's why we force the user to select at least one "real" Shorewall product
+#
+# See http://shorewall.net/download.htm#Which
+REQUIRED_USE="
+	ipv6? ( ipv4 )
+	|| ( ipv4 lite4 lite6 )
+"
+
+# No build dependencies! Just plain shell scripts...
+DEPEND=""
+
+RDEPEND="
+	>=net-firewall/iptables-1.4.20
+	>=sys-apps/iproute2-3.8.0[-minimal]
+	>=sys-devel/bc-1.06.95
+	ipv4? (
+		>=dev-lang/perl-5.16
+		virtual/perl-Digest-SHA
+	)
+	ipv6? (
+		>=dev-perl/Socket6-0.230.0
+		>=net-firewall/iptables-1.4.20[ipv6]
+		>=sys-apps/iproute2-3.8.0[ipv6]
+	)
+	lite6? (
+		>=net-firewall/iptables-1.4.20[ipv6]
+		>=sys-apps/iproute2-3.8.0[ipv6]
+	)
+	init? ( >=sys-apps/coreutils-8.20 )
+	selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 )
+	!net-firewall/shorewall-core
+	!net-firewall/shorewall6
+	!net-firewall/shorewall-lite
+	!net-firewall/shorewall6-lite
+	!net-firewall/shorewall-init
+	!<sys-apps/systemd-214
+"
+
+S=${WORKDIR}
+
+pkg_pretend() {
+	local CONFIG_CHECK="~NF_CONNTRACK"
+
+	local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable"
+	local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system."
+
+	# kernel >=4.19 has unified NF_CONNTRACK module, bug 671176
+	if kernel_is -lt 4 19; then
+		if use ipv4 || use lite4; then
+			CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4"
+
+			local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will"
+			local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system."
+		fi
+
+		if use ipv6 || use lite6; then
+			CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6"
+
+			local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will"
+			local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system."
+		fi
+	fi
+
+	check_extra_config
+}
+
+pkg_setup() {
+	if [[ -n "${DIGEST}" ]]; then
+		einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..."
+		unset DIGEST
+	fi
+}
+
+src_prepare() {
+	# We are moving each unpacked source from MY_P_* to MY_PN_*.
+	# This allows us to use patches from upstream and keeps epatch_user working
+
+	einfo "Preparing shorewallrc ..."
+	cp "${FILESDIR}"/shorewallrc-r3 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
+	eprefixify "${S}"/shorewallrc.gentoo
+	sed -i \
+		-e "s|SERVICEDIR=tbs|SERVICEDIR=$(systemd_get_systemunitdir)|" \
+		"${S}"/shorewallrc.gentoo || die "Failed to update shorewallrc"
+
+	# shorewall-core
+	mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'"
+	ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..."
+	ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+	eend 0
+
+	pushd "${S}"/${MY_PN_CORE} &>/dev/null || die
+	eapply "${FILESDIR}"/shorewall-core-5.2.1-no-gzipped-manpages.patch
+	popd &>/dev/null || die
+
+	# shorewall
+	if use ipv4; then
+		mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+		cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+		cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed"
+		eend 0
+
+		pushd "${S}"/${MY_PN_IPV4} &>/dev/null || die
+		eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall6
+	if use ipv6; then
+		mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+		cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+		cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed"
+		eend 0
+
+		pushd "${S}"/${MY_PN_IPV6} &>/dev/null || die
+		eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall-lite
+	if use lite4; then
+		mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+		cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+		cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed"
+		eend 0
+
+		pushd "${S}"/${MY_PN_LITE4} &>/dev/null || die
+		eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall6-lite
+	if use lite6; then
+		mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+		cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+		cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed"
+		eend 0
+
+		pushd "${S}"/${MY_PN_LITE6} &>/dev/null || die
+		eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall-init
+	if use init; then
+		mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed"
+		cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed"
+		cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed"
+		cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed"
+		eend 0
+
+		eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh
+
+		pushd "${S}"/${MY_PN_INIT} &>/dev/null || die
+		eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r1.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall-docs-html
+	if use doc; then
+		mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'"
+	fi
+
+	eapply_user
+}
+
+src_configure() {
+	:;
+}
+
+src_compile() {
+	:;
+}
+
+src_install() {
+	# shorewall-core
+	einfo "Installing ${MY_P_CORE} ..."
+	DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed"
+	dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt
+
+	# shorewall
+	if use ipv4; then
+		einfo "Installing ${MY_P_IPV4} ..."
+		DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed"
+		keepdir /var/lib/shorewall
+
+		if use doc; then
+			dodoc -r "${S}"/${MY_PN_IPV4}/Samples
+		fi
+	fi
+
+	# shorewall6
+	if use ipv6; then
+		einfo "Installing ${MY_P_IPV6} ..."
+		DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed"
+		keepdir /var/lib/shorewall6
+
+		if use doc; then
+			dodoc -r "${S}"/${MY_PN_IPV6}/Samples6
+		fi
+	fi
+
+	# shorewall-lite
+	if use lite4; then
+		einfo "Installing ${MY_P_LITE4} ..."
+		DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed"
+		keepdir /var/lib/shorewall-lite
+	fi
+
+	# shorewall6-lite
+	if use lite6; then
+		einfo "Installing ${MY_P_LITE6} ..."
+		DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed"
+		keepdir /var/lib/shorewall6-lite
+	fi
+
+	# shorewall-init
+	if use init; then
+		einfo "Installing ${MY_P_INIT} ..."
+		DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed"
+		dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt
+
+		if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then
+			# On Gentoo, shorewall-init will not create shorewall-ifupdown.log,
+			# so we don't need a logrotate configuration file for shorewall-init
+			einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..."
+			rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed"
+		fi
+
+		if [[ -d "${D}etc/NetworkManager" ]]; then
+			# On Gentoo, we don't support NetworkManager
+			# so we don't need this folder at all
+			einfo "Removing unused \"${D}etc/NetworkManager\" ..."
+			rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed"
+		fi
+
+		if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then
+			# This script isn't supported on Gentoo
+			rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed"
+		fi
+	fi
+
+	if use doc; then
+		einfo "Installing ${MY_P_DOCS} ..."
+		docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/*
+	fi
+}
+
+pkg_postinst() {
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+
+		# Show first steps for shorewall/shorewall6
+		local _PRODUCTS=""
+		if use ipv4; then
+			_PRODUCTS="shorewall"
+
+			if use ipv6; then
+				_PRODUCTS="${_PRODUCTS}/shorewall6"
+			fi
+		fi
+
+		if [[ -n "${_PRODUCTS}" ]]; then
+			elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:"
+			elog ""
+			elog "  /etc/shorewall/shorewall.conf"
+
+			if use ipv6; then
+				elog "  /etc/shorewall6/shorewall6.conf"
+			fi
+
+			elog ""
+			elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:"
+			elog ""
+			elog "  # rc-update add shorewall default"
+
+			if use ipv6; then
+				elog "  # rc-update add shorewall6 default"
+			fi
+		fi
+
+		# Show first steps for shorewall-lite/shorewall6-lite
+		_PRODUCTS=""
+		if use lite4; then
+			_PRODUCTS="shorewall-lite"
+		fi
+
+		if use lite6; then
+			if [[ -z "${_PRODUCTS}" ]]; then
+				_PRODUCTS="shorewall6-lite"
+			else
+				_PRODUCTS="${_PRODUCTS}/shorewall6-lite"
+			fi
+		fi
+
+		if [[ -n "${_PRODUCTS}" ]]; then
+			if use ipv4; then
+				elog ""
+			fi
+
+			elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can"
+			elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)."
+			elog ""
+			elog "To read more about ${_PRODUCTS}, please visit"
+			elog "  http://shorewall.net/CompiledPrograms.html"
+			elog ""
+			elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:"
+			elog ""
+
+			if use lite4; then
+				elog "  # rc-update add shorewall-lite default"
+			fi
+
+			if use lite6; then
+				elog "  # rc-update add shorewall6-lite default"
+			fi
+		fi
+
+		if use init; then
+			elog ""
+			elog "To secure your system on boot, please add shorewall-init to your boot runlevel:"
+			elog ""
+			elog "  # rc-update add shorewall-init boot"
+			elog ""
+			elog "and review \$PRODUCTS in"
+			elog ""
+			elog "  /etc/conf.d/shorewall-init"
+		fi
+
+	fi
+
+	local v
+	for v in ${REPLACING_VERSIONS}; do
+		if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then
+			# This is an upgrade
+
+			elog "You are upgrading from a previous major version. It is highly recommended that you read"
+			elog ""
+			elog "  - /usr/share/doc/shorewall*/releasenotes.tx*"
+			elog "  - http://shorewall.net/Shorewall-5.html#idm214"
+
+			if use ipv4; then
+				elog ""
+				elog "You can auto-migrate your configuration using"
+				elog ""
+				elog "  # shorewall update -A"
+
+				if use ipv6; then
+					elog "  # shorewall6 update -A"
+				fi
+
+				elog ""
+				elog "*after* you have merged the changed files using one of the configuration"
+				elog "files update tools of your choice (dispatch-conf, etc-update...)."
+
+				elog ""
+				elog "But if you are not familiar with the \"shorewall[6] update\" command,"
+				elog "please read the shorewall[6] man page first."
+			fi
+
+			# Show this elog only once
+			break
+		fi
+	done
+
+	if ! use init; then
+		elog ""
+		elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot"
+		elog "before your shorewall-based firewall is ready to start."
+		elog ""
+		elog "To read more about shorewall-init, please visit"
+		elog "  http://www.shorewall.net/Shorewall-init.html"
+	fi
+
+	if ! has_version "net-firewall/conntrack-tools"; then
+		elog ""
+		elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\""
+		elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!"
+	fi
+
+	if ! has_version "dev-perl/Devel-NYTProf"; then
+		elog ""
+		elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!"
+	fi
+}
diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest
index 8281c1c0cd96..165613d07bd2 100644
--- a/net-firewall/ufw/Manifest
+++ b/net-firewall/ufw/Manifest
@@ -13,5 +13,5 @@ AUX ufw.service 329 BLAKE2B e817fc85b3bdb21b47a3089c6f2204292a019eaeae510832530f
 DIST ufw-0.34_pre805.tar.gz 335875 BLAKE2B a2b654fe35a299ffd9978ef14a8d5667f799b654b6285bc81756c8081d9f4417b2fa9c05a234351d42709c2c57ff624b4fe7bca8ffe4d13cd12436feead6e4da SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263
 DIST ufw-0.35.tar.gz 375310 BLAKE2B 3babf22e860ead6970c1386b0ab9fc3de364ba3f5c8bc0237be4a9446358fe058d216e7928d16eed8a148fbee5b82fc1d9e3b358f357c2fac236ae6f6b942a01 SHA512 b36c82559910634505648f717d19eb5a0cb1ce739a804359087e74c966869d0375c4ed5811954b32d2b5b51866f6ae1bec62a4a464f226b2eecc56b096f303fc
 EBUILD ufw-0.34_pre805-r2.ebuild 5375 BLAKE2B 8f58b7a30d61112af687860824cca03eb9a692aadd14ed94c166da6f3f00482bb9d978c58d7dec3c606fa6cf0c85a93743f2038a9a63f9ca91adb763440e56cd SHA512 63d693768d88d6503cd50ce18bbdd048ed94f44d943e5d36e4523c0ee4918db37ba14616ecbd57df018d6144396285e1c34495813f456035c3a1bb42a6472951
-EBUILD ufw-0.35-r1.ebuild 5641 BLAKE2B 0472612b2f8b16b3e6321aea7f3101506bb4a1b0d2784b1785947869d3e0af6633ae51c196855620bba0147bbfe1f8f953db03340deff3aa628ef62bdb91f235 SHA512 094d8bb245be93148de7d5139fc161f0688dc1d57b4dd57476db4076b3b45b744105cf3b39de4243fe5eb0b77965535fa4f7d5a0cd86a301a368c962d789a393
+EBUILD ufw-0.35-r1.ebuild 5637 BLAKE2B 510db5eac08e6ebf38ed2226e9be799cd474929d91ffd39b99ec91a88be9c5bfded0699b7970c51a8558aa76362e1016500812bfb06b7b50c1e0bad7d42bf2cf SHA512 63b5f8bb520c1a509aefb282fab119aa6325d18c46d4b9ad681c91cdc2dddf340f05f93d48212766acb96fd86161ffa2e932d1fb2ba07cc36b35b400b4bc5c4a
 MISC metadata.xml 537 BLAKE2B df149a361c11a14c166588434c1ed7dcc264f51374d2088cdf24feb67c08f10f0f002e28482befa34bdd6f0202300194ac91913d7f49bb3f0d8d16e7777ac13b SHA512 0fa137bf55e1506664168d3e56387c989ce0c7d5a8a0f8c36ce596e5f95a449e3bc35114188b786ebe5fc60d750c4240fafb4ca761f2e29000c23f9c01b5addc
diff --git a/net-firewall/ufw/ufw-0.35-r1.ebuild b/net-firewall/ufw/ufw-0.35-r1.ebuild
index d5b5aa280a4d..f0c9b79e35ff 100644
--- a/net-firewall/ufw/ufw-0.35-r1.ebuild
+++ b/net-firewall/ufw/ufw-0.35-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -13,7 +13,7 @@ SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz"
 
 LICENSE="GPL-3"
 SLOT="0"
-KEYWORDS="amd64 ia64 ppc ppc64 ~sparc x86"
+KEYWORDS="amd64 ia64 ppc ppc64 sparc x86"
 IUSE="examples ipv6"
 
 DEPEND="sys-devel/gettext"