gentoo resync : 15.12.2019

author: V3n3RiX <venerix@redcorelinux.org> 2019-12-15 18:09:03 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2019-12-15 18:09:03 +0000
commit: 7bc9c63c9da678a7e6fceb095d56c634afd22c56 (patch)
tree: 4a67d50a439e9af63947e5f8b6ba3719af98b6c9 /net-firewall
parent: b284a3168fa91a038925d2ecf5e4791011ea5e7d (diff)
26 files changed, 686 insertions, 50 deletions
diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index f768f8681bc5..144e30087ba3 100644
--- a/net-firewall/Manifest.gz
+++ b/net-firewall/Manifest.gz
diff --git a/net-firewall/arptables/Manifest b/net-firewall/arptables/Manifest
index d278b4334697..7455c5b7fce4 100644
--- a/net-firewall/arptables/Manifest
+++ b/net-firewall/arptables/Manifest
@@ -1,3 +1,5 @@
+DIST arptables-0.0.5.tar.gz 52247 BLAKE2B 860aac1af315f188ecb7f17956f9225c2a9ec007882d102be8edc9fecc9400928f4200e95283f0ecc27c4c3ae0b409887445ed79a330cef2e2d00444db83c01f SHA512 fe7f909b45a1bdc435a8307352fe2dc9c292bb7c6cf4a4d13cc2728f447b3da14a07a4dd6dc25b7872895e4e26561681f1fed25ce517102ae762701bcbcbf104
 DIST arptables-v0.0.4.tar.gz 45380 BLAKE2B a256aa280aa65fae8c5b17477fedb3fed4973e8d76746d5832184858b77111eb22bec63211a1ddfb74d25bdc23b0f237caf5ac7effa85433d0f63c51e23a3ef1 SHA512 bd84e93ab5e0a038753aa17dae9e1f48364f2d2b1492dce2edac117e21edd5aa912be7b9e21bf4fb3698031d2f765a75fa067fe10ce20a1c8951ae7efcc5dbbd
 EBUILD arptables-0.0.4.ebuild 767 BLAKE2B 643669923fb19fe90de6eed8acbba68e113cdd8572c025d694c2672fb053f71837980e88bd0991d7bc55376dbc785d72f1c51e8a2603831dfe4484463f8b7d6c SHA512 8e731f2562f779bb89abacb1de3fb7083959ef7b322c81186273f995f07b0cbbc7f30f5cece5118a4510f9a3914d4800f6b167c26e0098203adde3d02dfea557
+EBUILD arptables-0.0.5.ebuild 857 BLAKE2B d21755c0c819e5fe3e2884bfbffd0b9ec3798a23617c44fced54694d1ad554cc8135b3115e4222558f70d678f6dc21138e68d22ccbca11ce44866b9110f919bb SHA512 cc04fcf591915be667f54bf7a79d51c919d8b69cd58d06d819fd963a6195c65093ca7425a8ea08e789778e1750f3cc370cfcaedf8dc6a7dce5afe0e93b542421
 MISC metadata.xml 335 BLAKE2B 322b571e61e782fd11e8ddabf27e3c58827d150770bcc7f8c512564012d1cd927c5c518491f8546a64a38432ff0ffd1f06f0d52b54fdcd5f6cd96ef13b702de2 SHA512 840c9d22c1e29b4ddfd6b230e293766fb4b6d5cefc9a5839765629fa33adbddbaa3157d12be851e458030406af95c8e3356577fd20c0f876b43153e89ae298df
diff --git a/net-firewall/arptables/arptables-0.0.5.ebuild b/net-firewall/arptables/arptables-0.0.5.ebuild
new file mode 100644
index 000000000000..8484f81cf19b
--- /dev/null
+++ b/net-firewall/arptables/arptables-0.0.5.ebuild
@@ -0,0 +1,34 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit toolchain-funcs
+
+DESCRIPTION="set up, maintain, and inspect the tables of ARP rules in the Linux kernel"
+HOMEPAGE="http://ebtables.sourceforge.net/"
+SRC_URI="ftp://ftp.netfilter.org/pub/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE=""
+
+src_compile() {
+	# -O0 does not work and at least -O2 is required, bug #240752
+	emake CC="$(tc-getCC)" COPT_FLAGS="-O2 ${CFLAGS//-O0/-O2}"
+	sed -e 's:__EXEC_PATH__:/sbin:g' \
+		-i arptables-save arptables-restore || die "sed failed"
+}
+
+src_install() {
+	emake \
+		PREFIX="${ED}"/ \
+		LIBDIR="${ED}/$(get_libdir)" \
+		SYSCONFIGDIR="${ED}"/etc \
+		MANDIR="${ED}"/usr/share/man \
+		install
+
+	dosym arptables-legacy /sbin/arptables
+	newman arptables-legacy.8 arptables.8
+}
diff --git a/net-firewall/ebtables/Manifest b/net-firewall/ebtables/Manifest
index c47a3fe3d495..e065ec9e42d9 100644
--- a/net-firewall/ebtables/Manifest
+++ b/net-firewall/ebtables/Manifest
@@ -1,8 +1,13 @@
+AUX ebtables-2.0.11-ebt-save.patch 865 BLAKE2B 39ba29e026ad8f7fa825546cbb106b120a018c7763018ef588968238b09c30040d1d1b11e33fddcfc1e4ff425c4c3928dee0f5a1061e97cc1142c18ce08763e8 SHA512 b059fa5c67e4ec36537e361f0924153fadec482604039f6fd09ab5c1dbd518da0f8e0fd4ccba00d1952cf66136377e357f06a5669746ff42d031f32a211457b5
+AUX ebtables-2.0.11-makefile.patch 495 BLAKE2B 213fe84dcdb82b55e074ba7015b8cf20213fe4ece62a493acf0533c46b70369165d0dd1974a1e14f82e8ce946450e9a3d8968886c93f7c3f9cbcf1386602b52e SHA512 f61d8f07e3276aa6a8d4ae9bb91b4bc227390d25b9822ed3e70e9a07f4da60b7c5262617f291d602c6bb55f5869f090ebe5ee41ba23c19d860260afd1d95d9b2
+AUX ebtables-2.0.11-remove-stray-atsign.patch 1120 BLAKE2B 14bac4aec87d44e5ca166418abf39368f7b7e45922d8371f6dd469a2d1963fef7c9f8d960c78d72153d9b4f307491f8498a0460b4d150468f8848c3dd4b973bf SHA512 8094f6aee009880c79e8476d29dcb90c1682922f27ed7ab0a4ae7175e7efc46f035d228586895f4e6793876f944010abd72ee7102be31962bd832070be7db14e
 AUX ebtables-2.0.8.1-ebt-save.diff 1089 BLAKE2B bf3c12e0849823dd48aa6cd627ffc463588f6b62c841723f12dd5a7903830fc0e214d18ff74ec7162de23dd7b176b6f875cb7f88153b5200cd876b9ff2d47cd8 SHA512 904cb936ca6fc39dc4fa6e287ef70df9e1dacbd9dc464f839f25213f5525d4020f819dd893b784c5f611f1185c05ffbaa49423afcd6db2ef328950408a07e6a7
 AUX ebtables.confd-r1 288 BLAKE2B 72e0ad40f53058f1ede8a4d049badde04e69e307e9c24ffe5cdc7f61d918b0e1b3296f793c4dd46389b2dee69ad4730f563bd3891569612d7f9f8c7b39641a84 SHA512 088308eba077fcec35299c8aaad0492024173504a361c2ba7e29dce106888a78c72818a791f3d3655aed3f6df26a3319c42e2b2c54760cdbad036d46b89b97f3
 AUX ebtables.initd-r1 1990 BLAKE2B 04587ed7130a48609815974cb8fa6eff86013cb50d02b944424ebc3c578bb2257241878e7d86b46eba16bdc8a96b2dec1f21a7d80a6e51bafd82cf264824265a SHA512 ceceaf33d6f6bfa89a5d81932e3ec76a26d09d67150efd3de587520ea47984f618d4fc55e799c58a2e5e236caec5bd81e2fde31a7e5aa328e629cdabbd29339b
+DIST ebtables-2.0.11.tar.gz 428411 BLAKE2B 62af4c38ad21498e43f41ef96c8abb5704e8d8a48f1327c587b664f36fdfa9849a9a37e59958db56d38019465d8bf1775914f7387fde99a441615913702cf504 SHA512 43a04c6174c8028c501591ef260526297e0f018016f226e2a3bcf80766fddf53d4605c347554d6da7c4ab5e2131584a18da20916ffddcbf2d26ac93b00c5777f
 DIST ebtables-v2.0.10-4.tar.gz 103764 BLAKE2B 01995c701c6dbc7495bdf1f0fce61dce51a379dd1a304d2a5174e0190c040ee958833c65be9fd9d6a7601a2f81461ce1f2e9db989081b4fe7dabc5bfcecd57d6 SHA512 a6832453812eaede3fcbb5b4cab5902ea1ea752a80a259eed276a01b61e2afaa6cf07d3d023d86a883f9a02505aecc44a1c6e0d27b3a61f341002e4c051cd60a
 EBUILD ebtables-2.0.10.4-r1.ebuild 1914 BLAKE2B 799fe8c074cb8ad34821007296c192345925f66645bcf52f584aabcbac9099f98214a6cf80b1f31e8d55f58ab894d2ba4bd975ff4f710848afa88ade2817749e SHA512 a57f925dae0e290422cd79944963510de853b19b81eacc219aacfdd00f5a456f6b5f18c4cbf71c8d7129f317f33d71709fb6d5d3c5712f11115acd3c1eff93fa
 EBUILD ebtables-2.0.10.4-r2.ebuild 1888 BLAKE2B 59fb0004f531ea9a19e3fd6fcb6d4b11c9345d04e3c5692a8a6028f343e8a4d02b4b9f4a3a0d5bdda280519218b80dfb97726f91c6eb78387521538784f28dc9 SHA512 f3464a20c8b33fb55931efd5fb86e4edece9f3c8243f6b15c008c0d100953385fb6f915073055e9d481b6ba8e12d6a67c96d378783474178aaff112f0f5b3675
 EBUILD ebtables-2.0.10.4.ebuild 1755 BLAKE2B 4801b2df1f8dfa4db9c9ea4fe5fea274487b999247ec48c0c2da6123883dc50b60c85738f4a1fda5d164e05018eafb9b5cc78123a3761c5adcefb729633dc188 SHA512 b4b9dada0a1179c7e3df58fefb49a34f85fcc05b184c003c261f58e6394b5006633bf5a7e9ae7a94fc0b49df82569999e0f59178296e38f6856fa1e72f5d52fa
+EBUILD ebtables-2.0.11.ebuild 2079 BLAKE2B 7cc66b495b80ce0c8558ce572b2a91eda992a3e824fc83775e0ce560e6a3e28fdc5db5215de13677fba546f80bc1207d3aa9c8fe0270b06a6ea423caec490854 SHA512 984657371347bd80238ba4ec68dc4538baa901a7919206a65e29f084297f0726b1490ee110e75f0e6fdaba80bc3677cc2f212fb8e5f34093292ba2f9bceaae18
 MISC metadata.xml 426 BLAKE2B 24e49caa32476577c848484c9b0749742b3eed3dfb80b67a6c595abcce49081bfa2d50d37a22624754fa06e76cc9bc4af2ac755a0b9c562d696a32e8dbcf4a2f SHA512 77ff48216c32448cf2e2aa580f0b3afd6de7aa9bda2c2379c89f77282c417d385bb8c3d3218cf6d30021e472163bc8f2b450f0e43d944adb336f49fb695ba231
diff --git a/net-firewall/ebtables/ebtables-2.0.11.ebuild b/net-firewall/ebtables/ebtables-2.0.11.ebuild
new file mode 100644
index 000000000000..fc30080735cc
--- /dev/null
+++ b/net-firewall/ebtables/ebtables-2.0.11.ebuild
@@ -0,0 +1,92 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit toolchain-funcs autotools
+
+MY_PV="$(ver_rs 3 '-' )"
+MY_P="${PN}-${MY_PV}"
+
+DESCRIPTION="Controls Ethernet frame filtering on a Linux bridge, MAC NAT and brouting"
+HOMEPAGE="http://ebtables.sourceforge.net/"
+SRC_URI="ftp://ftp.netfilter.org/pub/${PN}/${MY_P}.tar.gz"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86"
+IUSE="+perl static"
+
+# The ebtables-save script is written in perl.
+RDEPEND="perl? ( dev-lang/perl )
+	net-misc/ethertypes"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-2.0.11-makefile.patch"
+
+	# Enhance ebtables-save to take table names as parameters bug #189315
+	"${FILESDIR}/${PN}-2.0.11-ebt-save.patch"
+
+	# from upstream git
+	"${FILESDIR}/ebtables-2.0.11-remove-stray-atsign.patch"
+)
+
+pkg_setup() {
+	if use static; then
+		ewarn "You've chosen static build which is useful for embedded devices."
+		ewarn "It has no init script. Make sure that's really what you want."
+	fi
+}
+
+src_prepare() {
+	default
+
+	# don't install perl scripts if USE=perl is disabled
+	if ! use perl; then
+		sed -e '/sbin_SCRIPTS/ d' -i Makefile.am || die
+	fi
+
+	eautoreconf
+}
+
+src_configure() {
+	econf \
+		--bindir="/bin" \
+		--sbindir="/sbin" \
+		--libdir=/$(get_libdir)/${PN} \
+		--sysconfdir="/usr/share/doc/${PF}" \
+		$(use_enable static)
+}
+
+src_compile() {
+	emake $(usex static 'static ebtables-legacy.8' '')
+}
+
+src_install() {
+	local -a DOCS=( ChangeLog THANKS )
+
+	if ! use static; then
+		emake DESTDIR="${D}" install
+		keepdir /var/lib/ebtables/
+		newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables
+		newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables
+
+		# symlink -legacy binaries to original names
+		local ext
+		for ext in '' -{save,restore}; do
+			local prog="${PN}-legacy${ext}"
+			[[ -f ${ED}/sbin/${prog} ]] && dosym ${prog} /sbin/${PN}${ext}
+		done
+
+		find "${D}" -name '*.la' -type f -delete || die
+	else
+		into /
+		newsbin static ebtables
+		insinto /etc
+		doins ethertypes
+	fi
+
+	newman ebtables-legacy.8 ebtables.8
+	einstalldocs
+}
diff --git a/net-firewall/ebtables/files/ebtables-2.0.11-ebt-save.patch b/net-firewall/ebtables/files/ebtables-2.0.11-ebt-save.patch
new file mode 100644
index 000000000000..7cfe128babf4
--- /dev/null
+++ b/net-firewall/ebtables/files/ebtables-2.0.11-ebt-save.patch
@@ -0,0 +1,26 @@
+diff --git a/ebtables-save.in b/ebtables-save.in
+index 17924a2..c7a64c3 100644
+--- a/ebtables-save.in
++++ b/ebtables-save.in
+@@ -12,6 +12,7 @@ my $ebtables = "@sbindir@/ebtables";
+ my $cnt = "";
+ my $version = "1.0";
+ my $table_name;
++my @table_names;
+ 
+ # ========================================================
+ # Process filter table
+@@ -49,6 +50,13 @@ sub process_table {
+ }
+ # ========================================================
+ 
++if ($#ARGV + 1 == 0) {
++   @table_names =split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`);
++}
++else {
++   @table_names = @ARGV;
++}
++# ========================================================
+ unless (-x $ebtables) { exit -1 };
+ print "# Generated by ebtables-save v$version (legacy) on " . `date`;
+ if (defined($ENV{'EBTABLES_SAVE_COUNTER'}) && $ENV{'EBTABLES_SAVE_COUNTER'} eq "yes") {
diff --git a/net-firewall/ebtables/files/ebtables-2.0.11-makefile.patch b/net-firewall/ebtables/files/ebtables-2.0.11-makefile.patch
new file mode 100644
index 000000000000..dc9be9e7d6c4
--- /dev/null
+++ b/net-firewall/ebtables/files/ebtables-2.0.11-makefile.patch
@@ -0,0 +1,13 @@
+diff --git a/Makefile.am b/Makefile.am
+index 6181003..de01139 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -50,7 +50,7 @@ ebtables_legacy_LDADD = libebtc.la
+ ebtablesd_LDADD = libebtc.la
+ ebtables_legacy_restore_SOURCES = ebtables-restore.c
+ ebtables_legacy_restore_LDADD = libebtc.la
+-static_SOURCES = ebtables.c
++static_SOURCES = ebtables.c ebtables-standalone.c
+ static_LDFLAGS = -static
+ static_LDADD = libebtc.la
+ examples_ulog_test_ulog_SOURCES = examples/ulog/test_ulog.c getethertype.c
diff --git a/net-firewall/ebtables/files/ebtables-2.0.11-remove-stray-atsign.patch b/net-firewall/ebtables/files/ebtables-2.0.11-remove-stray-atsign.patch
new file mode 100644
index 000000000000..88f1d7296529
--- /dev/null
+++ b/net-firewall/ebtables/files/ebtables-2.0.11-remove-stray-atsign.patch
@@ -0,0 +1,32 @@
+From 7d00e58157bc61168a057cde91a6e5b54dca573b Mon Sep 17 00:00:00 2001
+From: Jan Engelhardt <jengelh@inai.de>
+Date: Mon, 2 Dec 2019 20:52:04 +0100
+Subject: build: remove stray @ sign in manpage
+
+Because the sed command was not matching the trailing @, it
+was left in the manpage, leading to
+
+NAME
+       ebtables-legacy (2.0.11@) - Ethernet bridge frame table administration (legacy)
+
+Signed-off-by: Jan Engelhardt <jengelh@inai.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index b879941..6181003 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -64,6 +64,6 @@ ebtables-legacy-save: ebtables-save.in ${top_builddir}/config.status
+ 	${AM_V_GEN}sed -e 's![@]sbindir@!${sbindir}!g' <$< >$@
+ 
+ ebtables-legacy.8: ebtables-legacy.8.in ${top_builddir}/config.status
+-	${AM_V_GEN}sed -e 's![@]PACKAGE_VERSION!${PACKAGE_VERSION}!g' \
++	${AM_V_GEN}sed -e 's![@]PACKAGE_VERSION@!${PACKAGE_VERSION}!g' \
+ 		-e 's![@]PACKAGE_DATE@!${PROGDATE}!g' \
+ 		-e 's![@]LOCKFILE@!${LOCKFILE}!g' <$< >$@
+-- 
+cgit v1.2.1
+
diff --git a/net-firewall/ferm/Manifest b/net-firewall/ferm/Manifest
index c2b6ca40539c..5a56d386d4cc 100644
--- a/net-firewall/ferm/Manifest
+++ b/net-firewall/ferm/Manifest
@@ -1,5 +1,5 @@
 DIST ferm-2.4.1.tar.xz 71324 BLAKE2B 290cd2f6fbb1ca1c1f060f998d84eaed2ba2a6ec8f736375a460a3ae81c6f5e67c174774065a09fbe155347f6dc1b7977321d65ac753f4c28f8a47cda8409dd8 SHA512 beea4b8dd04e00662ef380442f8249c2d2dadf6d35b90e415038df807c8d08295d2575efbf3265f48f5e92afa174135a9c662f74d52545dd3e1c55a1436aa5bb
-DIST ferm-2.4.tar.gz 128776 BLAKE2B 0b7df0c38ed5d311c4cbeba7da02dd9a366161f542f24bcecb88584ea081e2815bcdaeaa9dd2731d12d7e3982cd4f2caad38def41a087451b783e1c7853f66c8 SHA512 0b36b95a5ebb4cd306f9ab84ea12ce16c15d56ecc70c895261c74310f2474946ec1e73d63e7cda5becbfa875091c1362c715226776793c5b6ed179bf543ab27e
+DIST ferm-2.5.tar.xz 74052 BLAKE2B daaf7ca8d132fe03b61fdc36aeb4ebe21076928fddf08b7e5be78df80a5759b1947a1c0ee1eff2e92c739b3af64978883bcbb21c4ad0cca9c8556bf9ea2ed6ca SHA512 f456141c939aaac390b27893d88eb5d532139cbe7bc33dd794f6b09b31ff218990c6ba76f2817c531cefeb948d6ee51e4b7ee092492cd9e5e711f794e4005399
 EBUILD ferm-2.4.1.ebuild 799 BLAKE2B 083bb55bc9a5d36c93ad542075115e0102354569917e647843a156fb416da6c3a5b46e64b855c83ecba42e7229e5979359484ae101ffd817ea46080cb8869b49 SHA512 b92cf64e621a7cfe7e4bb47b8016f30e34da39c62db1bc4087a5d0198a07c9f4c1add681724d9ec671317d3be3dcc9e23f18aa9895825613459f720f22ca4d35
-EBUILD ferm-2.4.ebuild 760 BLAKE2B 82735e1a66814888b5268c33a30e4a49da6fb6276bef089f2643765d8d04e31f86bd0b127a74e47fff53652ee615ee491b2b756847f3af366631da6364e3112e SHA512 b27bc01b9c69a416f26b9a4282e8d8602de4f3a2b2b596f5a675bddb6e85d7ed00a9c92fb0572dcd411fbfdda61db070b83de3b5e4846a70cb0e56ed350a1364
+EBUILD ferm-2.5.ebuild 802 BLAKE2B 62279cd71da030044ff6fbff6778b1805dbdee96513c507588e651142535ec60b9cc53dd81674722b750ee49d45179bd76cb75fe49b43a9a41605c9b9c04a39d SHA512 9f4405324bde7dd217294de973e58e1d7c36e3cfb9bd60af7163c01e8721f56852ec6a6df38f0e24a37b225237f5de238e5a529faafd22a234606afcb381a274
 MISC metadata.xml 450 BLAKE2B a42e7896b2269a0fbb904ced374899d3a3b87d38cb08c0c6f55f570ff476d42ede3b9316b69a86a5d46b64c5d7050348efdb72c2e9b68440c4a991078ae56e42 SHA512 23ffc755aba9f3ce1acb92f3de86ec1f788bd868227b7ace77b3b7accfe891036da7e3e87254fc0bd693d7777e4c932b663e0b1118a8804b0ac2d63624a4ecac
diff --git a/net-firewall/ferm/ferm-2.4.ebuild b/net-firewall/ferm/ferm-2.5.ebuild
index 0bc4883a5218..532055e4fd1b 100644
--- a/net-firewall/ferm/ferm-2.4.ebuild
+++ b/net-firewall/ferm/ferm-2.5.ebuild
@@ -1,28 +1,29 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI=7
 
 inherit systemd
 
 DESCRIPTION="Command line util for managing firewall rules"
 HOMEPAGE="http://ferm.foo-projects.org/"
-SRC_URI="http://ferm.foo-projects.org/download/${PV}/${P}.tar.gz"
+SRC_URI="http://ferm.foo-projects.org/download/${PV}/${P}.tar.xz"
 
 LICENSE="GPL-2+"
 SLOT="0"
-KEYWORDS="amd64 ppc x86"
+KEYWORDS="~amd64 ~ppc ~x86"
+
+# Uses Internet connection while testing.
+RESTRICT="test"
 
 # does not install any perl libs
 RDEPEND="dev-lang/perl:*
 	net-firewall/iptables
 	virtual/perl-File-Spec"
 
-DOCS=( AUTHORS NEWS README TODO doc/ferm.txt examples/ )
+DOCS=( AUTHORS NEWS README.rst TODO doc/ferm.txt examples/ )
 HTML_DOCS=( doc/ferm.html )
 
-src_compile() { :; }
-
 src_install() {
 	dosbin src/{,import-}ferm
 	systemd_dounit ferm.service
@@ -32,5 +33,5 @@ src_install() {
 }
 
 pkg_postinst() {
-	elog "See ${EROOT}usr/share/doc/${PF}/examples for sample configs"
+	elog "See ${EROOT}/usr/share/doc/${PF}/examples for sample configs"
 }
diff --git a/net-firewall/firehol/Manifest b/net-firewall/firehol/Manifest
index 0830e59704f1..a56ce88032b8 100644
--- a/net-firewall/firehol/Manifest
+++ b/net-firewall/firehol/Manifest
@@ -4,4 +4,4 @@ AUX fireqos.confd 65 BLAKE2B 121c8df85e9c110e45633c84f3fd4ba9e006bb70dffbdee1507
 AUX fireqos.initd 829 BLAKE2B f09905f02189f155455886dd1896a183f2f529d0737939a7065bb52b57870f22805e3e6c029510cc5b57b36e596eb829bcc7651c6a80657ff4e399acc542fa90 SHA512 8364537d3e10c68d309fc40f4b2f88a2a593c38fd6f134b1c09cf937be00f7d96eeba05c83824c9460367bf892a8f79547321784c8f8a4708f856df9a88693f4
 DIST firehol-3.1.6.tar.xz 1484424 BLAKE2B aea45aa424b7b43ed0576916f52a785601a21489263c1b5c6abbf3b2b97db80bf2a2420ae8176cd55e335ab93c18a8209a47f467dba80a63cf2c319b3e3e27d8 SHA512 5ffa7e59d3f10a6c7d3f5b5ef9d93f1b2138063374a10cb0c1ac4e75578d6cf7755e154b51febf546563ba003f100af13f89bca3843b66a8d22b8fc2da3fadfe
 EBUILD firehol-3.1.6.ebuild 1431 BLAKE2B 914416fa6cc1a66da86a6e984d73296279bb7457bd39b1714e2a3633d123d734d52eb3367fa5b07f318d2ffa5714879fbec530b1268ee2b233985154651b94ce SHA512 c20b6f70f9c290acc2412cdeaeb6a69012558435bb52e1d6ec3c9aadc3017a6c06c1dd91a9d0bc7c1fed08155b88ba67c726691811a285215d8ddc86097aea6a
-MISC metadata.xml 434 BLAKE2B 43111da215ea3d6d6af807ee1b629a3ff72dfefe15fa429a6ea5b112cbfb881d1bf848b50a266c32b820a7aec3e14e419c64657cc0a205c1e759c77b64a17b52 SHA512 9ab3275ada67cf2da92f07d9a332f098330caa81b0a7f5d17a321a03cf6b441e029efab9a8f3eaaff7d7181eb503721aa954c14e0a7982e4f35e16c8eaa57898
+MISC metadata.xml 464 BLAKE2B 67d0dfdaf7651eef96dcc00f6a89faf40593e79fa0885a85f27e3aefbfb4949648c0be652eaab8f1b38b4100e41a037c018677f81d3040dad0909c453fd49052 SHA512 5def437c908d4d5c76729fc8f50bd9a145a0c79d7154535ac9c39df585da4bf175b1b465690dbf05fb5536df97a9cbb2abaa0384fb45ebac5f53482d26a76607
diff --git a/net-firewall/firehol/metadata.xml b/net-firewall/firehol/metadata.xml
index 1e8e9bca98d8..7a5ef45d7d60 100644
--- a/net-firewall/firehol/metadata.xml
+++ b/net-firewall/firehol/metadata.xml
@@ -1,8 +1,9 @@
-<?xml version='1.0' encoding='UTF-8'?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 	<maintainer type="person">
-		<email>alonbl@gentoo.org</email>
+		<email>chewi@gentoo.org</email>
+		<name>James Le Cuirot</name>
 	</maintainer>
 	<upstream>
 		<remote-id type="sourceforge">firehol</remote-id>
diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest
index 22272008b5bd..f49923886b40 100644
--- a/net-firewall/ipset/Manifest
+++ b/net-firewall/ipset/Manifest
@@ -1,5 +1,7 @@
+AUX ipset-7.4-fix-pkgconfig-dir.patch 287 BLAKE2B b12f88e3743e815f4f9af79674998f21d9c5428d5c6d78fa4a8b3eb21195ad52f4b544590a1bda5ec8a39bcb3c4e6b6a4920db481257c10ff572727954bbb960 SHA512 eb9d13725889f746098b549a1c18c5756edef5f0437a7a94bb746db7d9d98bb29bb4ae764a731aa5895660423a9ebb42d361b14f9c88879f9f48b78b45f684a3
 AUX ipset.confd 588 BLAKE2B fb1b728c12953cb6d5009469eaeeb9e58e01dd76b6849ad554d545bab417e8614d6417be52c2079b961bc66e355cf27c697ac3b2e0fcd823f978c39d14c66264 SHA512 93e01873c3fb8ff5f4f78e04118a666a650e604a1ba2908309faab08aa140e0ca7a2e24fc5114a9e809d3dbe81e801fc9ad59d53e174014cae1f23719a2a8e3e
 AUX ipset.initd-r4 2997 BLAKE2B 9c376e1a5083829a1fc40bfcca192cad19644c8ba585c29018a55837c0788127963071de2a94a251288ee19a7308ba4d7d80f48f3bc1aba497489872f9810479 SHA512 0e674308ae51b5d65e8aba913ffece7e9233ff69b15086d5f35cd8b4e23e6ee08d6c233ed21b647a033039a9e268ee2cb01718ac9ebb548734c5996a8acb3961
+AUX ipset.systemd 476 BLAKE2B 6d536142066ab60fdec24bcb138976709f186c575a7958ad9e8f0762c5b473de6882dcbdb7fbe16c79840096806fb8472308647aaa5b26dec192f91f4a541174 SHA512 c537c8c1bacbf9f3eeedfa123b666ac4f3d71cca9e44e89c9dc0f95328e1ec6be9480927272bd69d06a59f1d22bf4dc117c092d187d950c3f72e31608ab27a08
 DIST ipset-6.29.tar.bz2 542735 BLAKE2B 2229eb802597b38287f49cc2936a8be1afde2f638bd7212f86a52bc07d4121b7ff6b334ced2e1354bfdb652bcac81957b5204ac545a081dddfce07958c858fe4 SHA512 ce62c72c4cea1b52f069602a90fbffe9bcb12bf70f5b42d93cacb48e4b5d1192a13b18be45391c66a65421f41968e73416e16af25ae6ef19ba92bdbb2cd45ff3
 DIST ipset-6.30.tar.bz2 544054 BLAKE2B eb9a6368436f0c4a813a6733b2122be975c752aee4d8ac9a2e7a02ebd2da372351c318cf1b0c06c1b389c523cd9572dfe1bff813e23a4e924391f9c7a946b75b SHA512 6299a6905fbbcc2dd7c2f07862af184fd3b63b586f7bf3af2de5a0cc692f4ec6ef57db64c3435c1acedd6c293570602dca8cfedcb197a00ec18517ced92dc903
 DIST ipset-6.32.tar.bz2 544635 BLAKE2B 684354b0b24b15a657b21d44fa58b2cf7823f78d78ccd2b3f1c2d50b9e1396db6ed1414edb69102e3f82810d844ccd5eb738d1a968921b76b20e5d15c6ae5fb1 SHA512 7b0f5e7ef1a777ab70872aa52f658ff9516cb5de4c67c56d7f596eb88db03467d39b10ffc098441b4bfa4bb21a15f3c5f7f7f825300ce8efbacd767369ad43c7
@@ -7,6 +9,7 @@ DIST ipset-6.34.tar.bz2 547940 BLAKE2B a42ad1b0af07250ecae645424d6a9564f16a388da
 DIST ipset-6.38.tar.bz2 545568 BLAKE2B 14e526ba40f4912cd78d81831d072f9c9c159ac14169ffea8ce7325ee4839b80e28ef76405535e1b2aeaf2d0b7b3dde0f8a1ec42c7489cbc786282700d9d2b0f SHA512 ba8c45fa6b4df1b4af848d8c0c218fb449a50c79c48b1d1550dd3a188f82d320956bc483874730f917249d8650e50c3eedff66c24a68a136246fdbf6e1127d60
 DIST ipset-7.0.tar.bz2 552144 BLAKE2B 722559409e0a617bc2e47a05023ff225a6c422d2847534ff8511611cf1e02451f0fde293eac3a1a6e49547b3e6d5f82dc130b08b7e42f8f9fad9d5908e3c29f4 SHA512 4d63351cd7c98a5662963d3301522c18644e14aeebf93ea15fb5f4e600e7ccc2040a0640fb6d776aa90ef296905d75630ec5f06e46f8521275befecf9705e669
 DIST ipset-7.1.tar.bz2 669520 BLAKE2B 0737c4cd780f072dd6fcf67c58ebc8d5afefb33081240c25a972708185771cfad9f746b8ed5135b1e7fca4ce510ed707a7cfd641afc864210184a9998360e699 SHA512 eae9bd83f6675754af8ca443a82e0a1c9d47f60f6bf2a7a405a695223cc17063d5d4eb79428fe21a1f0a867109dfaf8ad8071b45e92191ec108b2cd2382fa854
+DIST ipset-7.4.tar.bz2 670906 BLAKE2B 46875264a4939294f2698149c5aa5793b5a3579da679db06041b702d2eb06b6060082e1d35bb98f54ffb25e77343ab39373c87d32de416db119b506083fa7391 SHA512 b155ced6be88aabd38c2402604bac37ba898aeae50c2d5a7d888d1b33b536b4551387826a4f76878ebb10e97ffaca08245b5ed8a5e3c431cc224b23cbb86a196
 EBUILD ipset-6.29.ebuild 2961 BLAKE2B 0dc2faad4795f837c731bfb80a2925c0d7a6e4415130291330a042f0e5d7aa3ccfd0b553bd5ef838405d617d875623202b53b86e5da0d55da3f69dab923ee371 SHA512 c11c5a7b9c56b00d1ae60328d31c6415238b680329d2d1b7be591cd0d6c383029fe07e4305e6bb6e2780205bc4525c2f39bb106a6d3a8c542cf4ea8c00839ccd
 EBUILD ipset-6.30.ebuild 2888 BLAKE2B 05654ce7430037c17fd9ea5fd42804397750a9091bfdea063001001370c6264de3006af3853d60eca5a6ffa90cf509f83c8721d141b4f604cc45c25f29f27d52 SHA512 abd9526b8b6576ed497a8679a903b34fe7330343b91c925bebb2be9a2efaea32472384ed3a6b74cb7b59ddcac5bd865594690597492c78853895f2afc5197efd
 EBUILD ipset-6.32.ebuild 2888 BLAKE2B 05654ce7430037c17fd9ea5fd42804397750a9091bfdea063001001370c6264de3006af3853d60eca5a6ffa90cf509f83c8721d141b4f604cc45c25f29f27d52 SHA512 abd9526b8b6576ed497a8679a903b34fe7330343b91c925bebb2be9a2efaea32472384ed3a6b74cb7b59ddcac5bd865594690597492c78853895f2afc5197efd
@@ -14,4 +17,5 @@ EBUILD ipset-6.34.ebuild 3007 BLAKE2B e39e4e2e8d31d333364ed22ba11db1e8dfac476716
 EBUILD ipset-6.38.ebuild 3002 BLAKE2B 49d85c8124e1db1c32849fa056a89092f4f9c78472d8d9056910f40d511d5d8c8f78d4a41425c97ab984d522b2e159d5c40ef955a93e594ba7106bd36b63aa4c SHA512 4c7334ebcf925969cb58ed60365da59a48d32432519d82c812c6dbf613abfd408ec9f1f23b6e19cb2aa88c9e9ea5ca18befdf7bedf5ed8b2ec23ae6994875df6
 EBUILD ipset-7.0.ebuild 3004 BLAKE2B a40d7f6bced82e0e5013ac9efc4c97c699e6190897991202b3f836537bbc84213b417a822a73f9ec405dbaed417874b3a4012c3d08c329b6d1b68e44d3b2cdeb SHA512 666ffa27fe1bcc6ddf674e3c72e922b72d4153c47d5d8a1d238f59e495d05111bfb795f32493256950bf3dff4a6856559039f77fc7d9a6fa6054298da7393f26
 EBUILD ipset-7.1.ebuild 3004 BLAKE2B a40d7f6bced82e0e5013ac9efc4c97c699e6190897991202b3f836537bbc84213b417a822a73f9ec405dbaed417874b3a4012c3d08c329b6d1b68e44d3b2cdeb SHA512 666ffa27fe1bcc6ddf674e3c72e922b72d4153c47d5d8a1d238f59e495d05111bfb795f32493256950bf3dff4a6856559039f77fc7d9a6fa6054298da7393f26
-MISC metadata.xml 216 BLAKE2B 20531789dc11e43feee7ec315a0c1c7249fdf73764e29cb7d6db439826e9ff72f24a5cdb8eb7f1ab99bbb41fb6e4226874a1d1fa4185de52598602bb3b0479a3 SHA512 e881b59fe49746eb25ad66c258b41aba501e4eb563129093a3898ea970a20506e7898f7c355cfcf99605234962bf2c77c1309c258b9a2b84ee4302ccb71c9dbd
+EBUILD ipset-7.4.ebuild 3235 BLAKE2B 3d0cef6220d8328bc84dc428c9adfb671f10537dc826220a9b59046af966dc682c25e041aeac1653dd961a31765a537a7e29dbc5976a2f1b092fe7278a9db5a2 SHA512 6d43f411ed4649d00911e81d4e0118f3a07871b688faae5b86294e8a03fa23cfbcbf4d58b81952c2b7468e66710ab5e8ff4e083bf31d0fcdf1b963cffdbce0fd
+MISC metadata.xml 436 BLAKE2B 08cc2ac4e8d2b06725d52d46064c36cd2305fdfac6c54d5acfb23637462d02d4612cdfd59655555caf31a2cb48506c0cd371de321abef828f52e8da1958f3cb6 SHA512 e44b21f404cce6acae531e2436124b929473bc2bbaadedbe8465a629242faf491f01682c0ac34579a0b85e0d1fabc7e069d2eb60b988eec1ab65a607236acd0e
diff --git a/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch b/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch
new file mode 100644
index 000000000000..b10ddbd4fae0
--- /dev/null
+++ b/net-firewall/ipset/files/ipset-7.4-fix-pkgconfig-dir.patch
@@ -0,0 +1,11 @@
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -46,7 +46,7 @@ EXTRA_libipset_la_SOURCES = \
+ 
+ EXTRA_DIST = $(IPSET_SETTYPE_LIST) libipset.map
+ 
+-pkgconfigdir = $(libdir)/pkgconfig
++pkgconfigdir = $(prefix)/$(libdir)/pkgconfig
+ pkgconfig_DATA = libipset.pc
+ 
+ dist_man_MANS = libipset.3
diff --git a/net-firewall/ipset/files/ipset.systemd b/net-firewall/ipset/files/ipset.systemd
new file mode 100644
index 000000000000..f7a5eb510a0a
--- /dev/null
+++ b/net-firewall/ipset/files/ipset.systemd
@@ -0,0 +1,15 @@
+[Unit]
+Description=ipset service
+Before=network-pre.target iptables.service ip6tables.service firewalld.service
+Wants=network-pre.target
+ConditionFileNotEmpty=/var/lib/ipset/rules-save
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/sbin/ipset -exist -file /var/lib/ipset/rules-save restore
+ExecReload=/usr/sbin/ipset -exist -file /var/lib/ipset/rules-save restore
+ExecStop=/usr/sbin/ipset -file /var/lib/ipset/rules-save save
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-firewall/ipset/ipset-7.4.ebuild b/net-firewall/ipset/ipset-7.4.ebuild
new file mode 100644
index 000000000000..dbc327ccc298
--- /dev/null
+++ b/net-firewall/ipset/ipset-7.4.ebuild
@@ -0,0 +1,111 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+MODULES_OPTIONAL_USE=modules
+inherit autotools linux-info linux-mod systemd
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="http://ipset.netfilter.org/"
+SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86"
+
+BDEPEND="virtual/pkgconfig"
+
+RDEPEND=">=net-firewall/iptables-1.4.7
+	net-libs/libmnl"
+DEPEND="${RDEPEND}"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+PATCHES=( "${FILESDIR}"/${PN}-7.4-fix-pkgconfig-dir.patch )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do
+	MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+pkg_setup() {
+	get_version
+	CONFIG_CHECK="NETFILTER"
+	ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+	# It does still build without NET_NS, but it may be needed in future.
+	#CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
+	#ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+	CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN"
+	ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)"
+
+	build_modules=0
+	if use modules; then
+		if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+			if linux_chkconfig_present "IP_NF_SET" || \
+				linux_chkconfig_present "IP_SET"; then #274577
+				eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+				eerror "Please either build ipset with modules USE flag disabled"
+				eerror "or rebuild kernel without IP_SET support and make sure"
+				eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+				die "USE=modules and in-kernel ipset support detected."
+			else
+				einfo "Modular kernel detected. Gonna build kernel modules..."
+				build_modules=1
+			fi
+		else
+			eerror "Nonmodular kernel detected, but USE=modules. Either build"
+			eerror "modular kernel (without IP_SET) or disable USE=modules"
+			die "Nonmodular kernel detected, will not build kernel modules"
+		fi
+	fi
+	[[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	eautoreconf
+}
+
+src_configure() {
+	econf \
+		$(use_with modules kmod) \
+		--disable-static \
+		--with-maxsets=${IP_NF_SET_MAX} \
+		--libdir="${EPREFIX}/$(get_libdir)" \
+		--with-ksource="${KV_DIR}" \
+		--with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+	einfo "Building userspace"
+	emake
+
+	if [[ ${build_modules} -eq 1 ]]; then
+		einfo "Building kernel modules"
+		set_arch_to_kernel
+		emake modules
+	fi
+}
+
+src_install() {
+	einfo "Installing userspace"
+	default
+
+	find "${ED}" -name '*.la' -delete || die
+
+	newinitd "${FILESDIR}"/ipset.initd-r4 ${PN}
+	newconfd "${FILESDIR}"/ipset.confd ${PN}
+	systemd_newunit "${FILESDIR}"/ipset.systemd ${PN}.service
+	keepdir /var/lib/ipset
+
+	if [[ ${build_modules} -eq 1 ]]; then
+		einfo "Installing kernel modules"
+		linux-mod_src_install
+	fi
+}
diff --git a/net-firewall/ipset/metadata.xml b/net-firewall/ipset/metadata.xml
index 79d462e85571..879b385bee96 100644
--- a/net-firewall/ipset/metadata.xml
+++ b/net-firewall/ipset/metadata.xml
@@ -1,7 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-<maintainer type="person">
-  <email>robbat2@gentoo.org</email>
-</maintainer>
+	<maintainer type="project">
+		<email>base-system@gentoo.org</email>
+		<name>Gentoo Base System</name>
+		<description>Please assign bugs to this mail alias.</description>
+	</maintainer>
+	<maintainer type="person">
+		<email>robbat2@gentoo.org</email>
+		<name>Robin H. Johnson</name>
+	</maintainer>
 </pkgmetadata>
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 917e3dcdcd98..ea13edd1edeb 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -14,8 +14,10 @@ DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5
 DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B 3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017 SHA512 04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0
 DIST iptables-1.8.2.tar.bz2 679858 BLAKE2B 2004d85c89ecbc37ef0d571ac8ece680fd2e11a51b074f6387d6e9c4892da524c785d6bf3f30e26af4e7c2cb1f401d51bf8bcb21a91e380e24945374553139cb SHA512 8cf0f515764e1dc6e03284581d682d1949b33e8f25fea29c27ae856f1089fe8ca7b1814524b85f4378fd1fc7c7c7d002f06557b257ae2bbc945f8555bad0dc76
 DIST iptables-1.8.3.tar.bz2 716257 BLAKE2B 58c606a5753ae2cb8ada9039e4653d2abe03c7c9b6aeef1e458baa3e10e818893f35e8f2aed5221e692415115e618aa673c8fcd33d172f85e9d1b609ed79c7b8 SHA512 84b10080646077cbea78b7f3fcc58c6c6e1898213341c69862e1b48179f37a6820c3d84437c896071f966b61aa6d16b132d91948a85fd8c05740f29be3a0986d
+DIST iptables-1.8.4.tar.bz2 704312 BLAKE2B f677bb9ed2c86e6a39953c0565766991e9647224effdc7db2b563f3f491f6ace2f9073ecc8e865d489101a9f80cf964d9775ab81536412dbd4ca85937432de94 SHA512 a7faaab58608ffaa51e26e8056551c0e91a49187439d30fcf5cce2800274cc3c0515db6cfba0f4c85613fb80779cf96089b8915db0e89161e9980a6384faebdb
 EBUILD iptables-1.6.1-r3.ebuild 3264 BLAKE2B f63b279cc34c5bae77bf29173e20e959d769e9caa7487d7a5d9d2777d70a944a2af4d6a6ee0c4360ad018b625b3b9d2e849b8e6021b97eb1dd505646a6962253 SHA512 4d78e90b73f46fcbfa87bef6d6c5fc1ebed6d19a01b6aadaf55549d897c45e6763470cf1d5e02c381844072a6c7380d4f35ff9b8c33efda0711c7afdfe1c228e
 EBUILD iptables-1.6.2-r2.ebuild 3340 BLAKE2B aad99bac62ba2ec4754e93a211ef82672ad2639011009ade87ead6062221900ec32dcc5bd732fecf3017fd53e22e45d51343e8e6b656768d5d97403ee11daa59 SHA512 744bff7edd5b33d18d8cc28b7f8fba70f692975f2f8f36143524abcd7edec827bf5d7b21b2127ffcb155f542b9520787776968e158af71b1611b1cfad11d463a
 EBUILD iptables-1.8.2-r2.ebuild 3473 BLAKE2B c2132e008bfef0937fe15dc509cc2cc5fcd071229a78ad56b77739ed1350326e19e21057d3f12a2f21076633ae64335b772efd9ac6d29bb38be26caeb93a47b4 SHA512 8e8cc152121f0727cbccfc93abe8738c7ef58a3cb08326322680afe7554d0f4330a32ba03041ddafd08a0a096ea21a94cea2fb76b2efa4a4ebb3bc53e459a43b
 EBUILD iptables-1.8.3-r1.ebuild 3422 BLAKE2B f502fa3cae58d61d1adf102ad65e68c0debb7761070b2bf5a6d51a2dfd34f68736de74e48637e2ee142bd18b7835be4547fef3136bbdcbb949941a645971060f SHA512 95c4b0bafd83fabc8952d80e093a5e90ef65d9ed756f10a88a4b664f43875abc133ec66a95444e92c5cc8e1d9a86a8decefda29227498ef9d7b8b09d1870be39
+EBUILD iptables-1.8.4.ebuild 3322 BLAKE2B 9bd03747b5375f6c234b6ed22833060434fffcd604efc6eac72961a6b280f07d440edbdbb069361dc7de52da789353f874f359ff37503be1dd9a2c6bf5494af1 SHA512 423b929f018d686843851880464e90057a80cdb6b428a7644ef40d5011b776cf1cdaba337c31502ee68aa52438a57646d6cb9533aa65790cd46ae99df651e5f0
 MISC metadata.xml 1465 BLAKE2B c60f98672fb6153499b700a436b26b63c0f271c8f8519a3391e486b761ba673c362a7dc5e23b86e3af887270596a1682ea993e643a08215f670f7e3804f095bd SHA512 26bf7e3008dfd705995b15eccaaaa8c79fd488be191570a874b76571a2f9d4648a7c19eb576399ca7bbe849336d7d193f5b6b58a3ff83f87f3c157c53333e987
diff --git a/net-firewall/iptables/iptables-1.8.4.ebuild b/net-firewall/iptables/iptables-1.8.4.ebuild
new file mode 100644
index 000000000000..890475e4e57d
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.8.4.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit multilib systemd toolchain-funcs autotools flag-o-matic usr-ldscript
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot reflects PV when libxtables and/or libip*tc was changed
+# the last time.
+SLOT="0/1.8.3"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86"
+IUSE="conntrack ipv6 netlink nftables pcap static-libs"
+
+COMMON_DEPEND="
+	conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+	netlink? ( net-libs/libnfnetlink )
+	nftables? (
+		>=net-libs/libmnl-1.0:0=
+		>=net-libs/libnftnl-1.1.5:0=
+	)
+	pcap? ( net-libs/libpcap )
+"
+DEPEND="${COMMON_DEPEND}
+	virtual/os-headers
+	>=sys-kernel/linux-headers-4.4:0
+"
+BDEPEND="
+	virtual/pkgconfig
+	nftables? (
+		sys-devel/flex
+		virtual/yacc
+	)
+"
+RDEPEND="${COMMON_DEPEND}
+	nftables? ( net-misc/ethertypes )
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm include/linux/{kernel,types}.h || die
+
+	# Only run autotools if user patched something
+	eapply_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	# Some libs use $(AR) rather than libtool to build #444282
+	tc-export AR
+
+	# Hack around struct mismatches between userland & kernel for some ABIs. #472388
+	use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		-e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+		configure || die
+
+	local myeconfargs=(
+		--sbindir="${EPREFIX}/sbin"
+		--libexecdir="${EPREFIX}/$(get_libdir)"
+		--enable-devel
+		--enable-shared
+		$(use_enable nftables)
+		$(use_enable pcap bpf-compiler)
+		$(use_enable pcap nfsynproxy)
+		$(use_enable static-libs static)
+		$(use_enable ipv6)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-r2.init iptables
+	newconfd "${FILESDIR}"/${PN}-r1.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		dosym iptables /etc/init.d/ip6tables
+		newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
+	fi
+
+	if use nftables; then
+		# Bug 647458
+		rm "${ED}"/etc/ethertypes || die
+
+		# Bug 660886
+		rm "${ED}"/sbin/{arptables,ebtables} || die
+
+		# Bug 669894
+		rm "${ED}"/sbin/ebtables-{save,restore} || die
+	fi
+
+	systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
+	if use ipv6 ; then
+		systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
+	fi
+
+	# Move important libs to /lib #332175
+	gen_usr_ldscript -a ip{4,6}tc xtables
+
+	find "${ED}" -type f -name "*.la" -delete || die
+}
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 4e29ada8236b..54925b9d4067 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -10,8 +10,10 @@ AUX systemd/nftables-restore.service 394 BLAKE2B 1c1f358eb2eff789e68c051098c971f
 DIST nftables-0.9.0.tar.gz 417981 BLAKE2B 4dfba4d71928f1694ffeb4871353fc373d88e23c5ba716e726e1e6aba0efb2703233528f7a408bfefe47bfe54aa3612cccab9742c2a2208ec8c7a4bcda0e1823 SHA512 78e383bad5440c9414202cf0e4b6749fc5c01071d2fa547208e61cea6e7e179933990e7e538a60696eb0a7cf510d2c4b273a91d50287bb51507d244cd2875aed
 DIST nftables-0.9.1.tar.bz2 764066 BLAKE2B 26b194d6b3b970c05348c32a3ab21e8c25fcdb0d09d3d6b467198ba23a5bb44e7b6450d3efb86c39a488df4a837885c4a1ab96c197d5449f7de49b7b18ff5f90 SHA512 e14b75197ba3fea2a46c090450bf8b45b39fdc20db67bab1d6919c90128dee8ea8bbe9508e070f86b22ec70bcad8ab584fb89630a2240f09683137471c77d242
 DIST nftables-0.9.2.tar.bz2 779850 BLAKE2B 40bf9ed956a126048f27b343afc7aa4f6e34f35dc91127402cb127903f8150d212c80491fef2b54c18a63ca065608521062b3f6a2dd78969bdbf4d7d8a5a751d SHA512 2d83b104af0d70f99a16c2e40afdb9bf89bd984323810e2895976c5e2e346bf09dd88850a391f295e335279adfdd39d34c13610cf8e6b801499dc0df2a5cecf6
-EBUILD nftables-0.9.0-r4.ebuild 2497 BLAKE2B 17916257a8fd7934348d4ceddcbead2c50a24954bff6b50e9f13ec5da2351935c3310be2c6749bfb94141523ca2157e6fe84d89bb7b56914f4f3a0553b7e58b8 SHA512 bf2036978cc0412b677c9117512db14c7344747e19f3fe1b2ef6a7d2b750cf64b33c41bdfaae55f8cfdda19c7f376faadd16a626816672a05b70b11d77231ffc
-EBUILD nftables-0.9.0-r5.ebuild 2871 BLAKE2B 043bd133d04a8d21f5b9444100e07b5b9331b40de3658477842b604d2caf6bed6b69aeb56dc1ff976174c5645801a46d4de95db7c7d050c1f0bb02e940733d05 SHA512 a109e15ddfc0f54684b568c4cd1c663ee1d801104553b8cfb2e6d1fb1071039e2ad95d0653d61d6e3b4a2fa6739cc101918bd1848698928f0589ca66112dc96b
-EBUILD nftables-0.9.1-r1.ebuild 3813 BLAKE2B 3f9a5e868ec743ad2fb702d8fe07b2bb4e0bb5da6a34a4daf2b3ae69ea2bcb799c0093b2ced4884e4904cd032cdd50738db8b8167fefa3e8d5cf27d8942c7d8d SHA512 b3cd2e1acb1cfb01b9ef74ff37230c5b4762453639c06ddeba889d6b832a5adcc7b587143f02e20388afd989811243d504a603c5dcc99d1a068e34a7ef5d9e60
-EBUILD nftables-0.9.2-r1.ebuild 3716 BLAKE2B 89a0ad3d4adfab23299b1908d80aee7469e73f90ab3360524e7636f4f2025afc3bceefdd21d56568f2b4e00b9ff36d5c68c62999495aab5bfc0ba1344fe5e8b3 SHA512 638f9b38806ccd4279ce9038ccbd45925d10adf7311b52d555c4ba70ec29d97eb4f3d76a0afac2f22529940efc21264e68005ecf7cc0fffc2923c8a1a6f2cc69
-MISC metadata.xml 918 BLAKE2B 16404ad621319f8a8e93e39d8586aaadb0f6fc6989ee928605a8e5e00f581c5f84b11b9718958667a2f76722950a893e5d6097ff2f242961998ac7b092901489 SHA512 27413ba6b81e930b13ae55292d1c308b54b173cf120430d5462313cd8052834bd01e272978b3ba1d4b9f1be99215a90446b2e93bd0a502d328182706be40f02d
+DIST nftables-0.9.3.tar.bz2 786759 BLAKE2B 578276d861fdb2b843223aca1276bbc1dda9627d0058259a966e324e30ee64d8c102d1e2cceb82d29143caa9dcd1a4492df168f1c87b136fc7b3a1a7dc8568a8 SHA512 d264f6fc75c95510e29fe7d5b82ae418d502f40437b098ba6117ffb1374d9989d70a7296e2e58c5fb25142145a987bb9c160902637899f892589809f9541db43
+EBUILD nftables-0.9.0-r5.ebuild 2886 BLAKE2B bea596aa70ac2317ad61e3ee2bd27e904c3004124e7a79fa91cd4177e0fc09fc82e9181e97766079c6005de2f0f5c04ccabdddd376865884b05f1660a049360f SHA512 44aa02207ec3db7ca91b9969847b82ed7d417b4ae7cdcd5a0fb54bb99d492be7ed3f56321d6d12757289912030016e0a1a2c6be8b4b93f40983d012c02f0e4f3
+EBUILD nftables-0.9.0-r6.ebuild 2869 BLAKE2B af739ee33b4666216d4bc049b3c5f274a90a3f906ef72a60ce433848cc4cf2801c5ccc9fe19945fd36f3da821ddbcfbccb7af510dbc4df2b0b35c38c39529ba7 SHA512 50bb9e432f6b4de5aaac7010799a915841b870ab49fe6b1636fe1e0ce8dc0bf60a1fb1bc412c24af9b66f886bc41d9a7f77ffa092db2b8d84d83213d79c896fd
+EBUILD nftables-0.9.1-r2.ebuild 3840 BLAKE2B b7b25df46be1b669c74f4d20fb66fb0d703c8961d4802c637b594e1480a2fe6acbeb54fbe6d0da762e969e80952b7b10f366997ea0e8e80947d6035ce82870d5 SHA512 adfaaf35014f398710fdfcb4c0f572a8f5a964d1d044d1b3f88d21de400d5789fde8bc7b7e0a51dd17fb8cd29d2b8852b7a1fd708f4187c1d236d44a874aa7bd
+EBUILD nftables-0.9.2-r2.ebuild 3743 BLAKE2B d8ec11d829b812dbd829b966d2578d207b0a9d21963bfc2764394abba6175157bf0980b51690731cbf0581558cd902aeb0797d5aa0bac60a9cdef6699f99ff6e SHA512 9751e9d562e677c3927ce3cc19d86b978b5dfd5502ee0a31e5d8d10031e994751f97bb53152ac1ccbc1fc030e57851edc14fa33e6bd0a0240fa540217e8b8840
+EBUILD nftables-0.9.3-r1.ebuild 3752 BLAKE2B f963feb1307a691b4735feefd0ea07f2beedb87663197e22c090918dab51c836760264cb5fc1df1244d362bc4c286a5c50b9eefa3e087a06c31b84a018f27ecf SHA512 5846aaa9cabde88d0b7bbacc3383c849eb666537796ba0a1dae1b0e42979c76d8a8050f55c351954d52815bdc93aaad58637213dccceb5d6bbe426f452907744
+MISC metadata.xml 918 BLAKE2B 8c2c39f04e2c5591ea06788788d244bddc1cdc25780810b2a19e131d43d0bdf964d2129c01605fc536451cb9a3354420a1c2f656dad45c56dec4f360a95fe473 SHA512 08de9d11f48dcb132eb5423de56b458dd4c4122329b84b56c252436c882b7670233f2217cc01755649f27e14ff9346cf99e3a742224567e712f5cb3678165dcf
diff --git a/net-firewall/nftables/metadata.xml b/net-firewall/nftables/metadata.xml
index 0984d13e0f03..0380331d5106 100644
--- a/net-firewall/nftables/metadata.xml
+++ b/net-firewall/nftables/metadata.xml
@@ -16,7 +16,7 @@
 	<use>
 		<flag name="doc">Create man pages for the package (requires <pkg>app-text/asciidoc</pkg>)</flag>
 		<flag name="json">Enable JSON support via <pkg>dev-libs/jansson</pkg></flag>
-		<flag name="modern_kernel">Install init scripts for 3.18 or higher kernels with atomic rule updates</flag>
+		<flag name="modern-kernel">Install init scripts for 3.18 or higher kernels with atomic rule updates</flag>
 		<flag name="xtables">Add libxtables support to try to automatically translate rules added by iptables-compat</flag>
 	</use>
 </pkgmetadata>
diff --git a/net-firewall/nftables/nftables-0.9.0-r5.ebuild b/net-firewall/nftables/nftables-0.9.0-r5.ebuild
index 24530d29291c..dc29d33b649e 100644
--- a/net-firewall/nftables/nftables-0.9.0-r5.ebuild
+++ b/net-firewall/nftables/nftables-0.9.0-r5.ebuild
@@ -12,7 +12,7 @@ SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.g
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="amd64 arm ~arm64 ia64 x86"
-IUSE="debug doc +gmp json +modern_kernel +readline"
+IUSE="debug doc +gmp json +modern-kernel +readline"
 
 RDEPEND=">=net-libs/libmnl-1.0.3:0=
 	gmp? ( dev-libs/gmp:0= )
@@ -31,8 +31,8 @@ S="${WORKDIR}/v${PV}"
 
 pkg_setup() {
 	if kernel_is ge 3 13; then
-		if use modern_kernel && kernel_is lt 3 18; then
-			eerror "The modern_kernel USE flag requires kernel version 3.18 or newer to work properly."
+		if use modern-kernel && kernel_is lt 3 18; then
+			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
 		fi
 		CONFIG_CHECK="~NF_TABLES"
 		linux-info_pkg_setup
@@ -62,7 +62,7 @@ src_install() {
 	default
 
 	local mksuffix=""
-	use modern_kernel && mksuffix="-mk"
+	use modern-kernel && mksuffix="-mk"
 
 	exeinto /usr/libexec/${PN}
 	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
@@ -84,7 +84,7 @@ pkg_postinst() {
 	# In order for the nftables-restore systemd service to start
 	# the save_file must exist.
 	if [[ ! -f "${save_file}" ]]; then
-		touch "${save_file}"
+		( umask 177; touch "${save_file}" )
 	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
 		ewarn "Your system has dangerous permissions for ${save_file}"
 		ewarn "It is probably affected by bug #691326."
diff --git a/net-firewall/nftables/nftables-0.9.0-r4.ebuild b/net-firewall/nftables/nftables-0.9.0-r6.ebuild
index e56ff112a6b7..90884e99c1c3 100644
--- a/net-firewall/nftables/nftables-0.9.0-r4.ebuild
+++ b/net-firewall/nftables/nftables-0.9.0-r6.ebuild
@@ -11,8 +11,8 @@ SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.g
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="amd64 arm ~arm64 ia64 x86"
-IUSE="debug doc +gmp json +modern_kernel +readline"
+KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~x86"
+IUSE="debug doc +gmp json +modern-kernel +readline"
 
 RDEPEND=">=net-libs/libmnl-1.0.3:0=
 	gmp? ( dev-libs/gmp:0= )
@@ -31,8 +31,8 @@ S="${WORKDIR}/v${PV}"
 
 pkg_setup() {
 	if kernel_is ge 3 13; then
-		if use modern_kernel && kernel_is lt 3 18; then
-			eerror "The modern_kernel USE flag requires kernel version 3.18 or newer to work properly."
+		if use modern-kernel && kernel_is lt 3 18; then
+			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
 		fi
 		CONFIG_CHECK="~NF_TABLES"
 		linux-info_pkg_setup
@@ -62,7 +62,7 @@ src_install() {
 	default
 
 	local mksuffix=""
-	use modern_kernel && mksuffix="-mk"
+	use modern-kernel && mksuffix="-mk"
 
 	exeinto /usr/libexec/${PN}
 	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
@@ -72,7 +72,7 @@ src_install() {
 
 	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
 
-	docinto /usr/share/doc/${PF}/skels
+	docinto skels
 	dodoc "${D}"/etc/nftables/*
 	rm -R "${D}"/etc/nftables
 }
@@ -83,8 +83,14 @@ pkg_postinst() {
 
 	# In order for the nftables-restore systemd service to start
 	# the save_file must exist.
-	if [[ ! -f ${save_file} ]]; then
-		touch ${save_file}
+	if [[ ! -f "${save_file}" ]]; then
+		( umask 177; touch "${save_file}" )
+	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+		ewarn "Your system has dangerous permissions for ${save_file}"
+		ewarn "It is probably affected by bug #691326."
+		ewarn "You may need to fix the permissions of the file. To do so,"
+		ewarn "you can run the command in the line below as root."
+		ewarn "    'chmod 600 \"${save_file}\"'"
 	fi
 
 	elog "If you wish to enable the firewall rules on boot (on systemd) you"
diff --git a/net-firewall/nftables/nftables-0.9.1-r1.ebuild b/net-firewall/nftables/nftables-0.9.1-r2.ebuild
index 5752d73a1b96..fab18474325d 100644
--- a/net-firewall/nftables/nftables-0.9.1-r1.ebuild
+++ b/net-firewall/nftables/nftables-0.9.1-r2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~x86"
-IUSE="debug +doc +gmp json +modern_kernel python +readline static-libs xtables"
+IUSE="debug +doc +gmp json +modern-kernel python +readline static-libs xtables"
 
 RDEPEND="
 	>=net-libs/libmnl-1.0.3:0=
@@ -57,8 +57,8 @@ python_make() {
 
 pkg_setup() {
 	if kernel_is ge 3 13; then
-		if use modern_kernel && kernel_is lt 3 18; then
-			eerror "The modern_kernel USE flag requires kernel version 3.18 or newer to work properly."
+		if use modern-kernel && kernel_is lt 3 18; then
+			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
 		fi
 		CONFIG_CHECK="~NF_TABLES"
 		linux-info_pkg_setup
@@ -71,9 +71,9 @@ src_prepare() {
 	default
 
 	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}@' \
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
 		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/osf@' \
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
 		-i files/osf/Makefile.am || die
 
 	eautoreconf
@@ -106,7 +106,7 @@ src_compile() {
 src_install() {
 	default
 
-	local mksuffix="$(usex modern_kernel '-mk' '')"
+	local mksuffix="$(usex modern-kernel '-mk' '')"
 
 	exeinto /usr/libexec/${PN}
 	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
@@ -130,7 +130,7 @@ pkg_postinst() {
 	# In order for the nftables-restore systemd service to start
 	# the save_file must exist.
 	if [[ ! -f "${save_file}" ]]; then
-		touch "${save_file}"
+		( umask 177; touch "${save_file}" )
 	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
 		ewarn "Your system has dangerous permissions for ${save_file}"
 		ewarn "It is probably affected by bug #691326."
diff --git a/net-firewall/nftables/nftables-0.9.2-r1.ebuild b/net-firewall/nftables/nftables-0.9.2-r2.ebuild
index d35797947814..a6478ad1215c 100644
--- a/net-firewall/nftables/nftables-0.9.2-r1.ebuild
+++ b/net-firewall/nftables/nftables-0.9.2-r2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~sparc ~x86"
-IUSE="debug +doc +gmp json +modern_kernel python +readline static-libs xtables"
+IUSE="debug +doc +gmp json +modern-kernel python +readline static-libs xtables"
 
 RDEPEND="
 	>=net-libs/libmnl-1.0.3:0=
@@ -52,8 +52,8 @@ python_make() {
 
 pkg_setup() {
 	if kernel_is ge 3 13; then
-		if use modern_kernel && kernel_is lt 3 18; then
-			eerror "The modern_kernel USE flag requires kernel version 3.18 or newer to work properly."
+		if use modern-kernel && kernel_is lt 3 18; then
+			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
 		fi
 		CONFIG_CHECK="~NF_TABLES"
 		linux-info_pkg_setup
@@ -66,9 +66,9 @@ src_prepare() {
 	default
 
 	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}@' \
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
 		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/osf@' \
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
 		-i files/osf/Makefile.am || die
 
 	eautoreconf
@@ -101,7 +101,7 @@ src_compile() {
 src_install() {
 	default
 
-	local mksuffix="$(usex modern_kernel '-mk' '')"
+	local mksuffix="$(usex modern-kernel '-mk' '')"
 
 	exeinto /usr/libexec/${PN}
 	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
@@ -125,7 +125,7 @@ pkg_postinst() {
 	# In order for the nftables-restore systemd service to start
 	# the save_file must exist.
 	if [[ ! -f "${save_file}" ]]; then
-		touch "${save_file}"
+		( umask 177; touch "${save_file}" )
 	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
 		ewarn "Your system has dangerous permissions for ${save_file}"
 		ewarn "It is probably affected by bug #691326."
diff --git a/net-firewall/nftables/nftables-0.9.3-r1.ebuild b/net-firewall/nftables/nftables-0.9.3-r1.ebuild
new file mode 100644
index 000000000000..7f18d19e3468
--- /dev/null
+++ b/net-firewall/nftables/nftables-0.9.3-r1.ebuild
@@ -0,0 +1,144 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{5,6,7} )
+
+inherit autotools linux-info python-r1 systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
+SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~sparc ~x86"
+IUSE="debug +doc +gmp json +modern-kernel python +readline static-libs xtables"
+
+RDEPEND="
+	>=net-libs/libmnl-1.0.3:0=
+	gmp? ( dev-libs/gmp:0= )
+	json? ( dev-libs/jansson )
+	python? ( ${PYTHON_DEPS} )
+	readline? ( sys-libs/readline:0= )
+	>=net-libs/libnftnl-1.1.5:0=
+	xtables? ( >=net-firewall/iptables-1.6.1 )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+	doc? ( app-text/asciidoc )
+	>=app-text/docbook2X-0.8.8-r4
+	sys-devel/bison
+	sys-devel/flex
+	virtual/pkgconfig
+"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+#S="${WORKDIR}/v${PV}"
+
+python_make() {
+	emake \
+		-C py \
+		abs_builddir="${S}" \
+		DESTDIR="${D}" \
+		PYTHON_BIN="${PYTHON}" \
+		${@}
+}
+
+pkg_setup() {
+	if kernel_is ge 3 13; then
+		if use modern-kernel && kernel_is lt 3 18; then
+			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
+		fi
+		CONFIG_CHECK="~NF_TABLES"
+		linux-info_pkg_setup
+	else
+		eerror "This package requires kernel version 3.13 or newer to work properly."
+	fi
+}
+
+src_prepare() {
+	default
+
+	# fix installation path for doc stuff
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
+		-i files/nftables/Makefile.am || die
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
+		-i files/osf/Makefile.am || die
+
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		# We handle python separately
+		--disable-python
+		--sbindir="${EPREFIX}"/sbin
+		$(use_enable debug)
+		$(use_enable doc man-doc)
+		$(use_with !gmp mini_gmp)
+		$(use_with json)
+		$(use_with readline cli readline)
+		$(use_enable static-libs static)
+		$(use_with xtables)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	if use python ; then
+		python_foreach_impl python_make
+	fi
+}
+
+src_install() {
+	default
+
+	local mksuffix="$(usex modern-kernel '-mk' '')"
+
+	exeinto /usr/libexec/${PN}
+	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
+	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
+	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
+	keepdir /var/lib/nftables
+
+	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+	if use python ; then
+		python_foreach_impl python_make install
+	fi
+
+	find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+	local save_file
+	save_file="${EROOT}/var/lib/nftables/rules-save"
+
+	# In order for the nftables-restore systemd service to start
+	# the save_file must exist.
+	if [[ ! -f "${save_file}" ]]; then
+		( umask 177; touch "${save_file}" )
+	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+		ewarn "Your system has dangerous permissions for ${save_file}"
+		ewarn "It is probably affected by bug #691326."
+		ewarn "You may need to fix the permissions of the file. To do so,"
+		ewarn "you can run the command in the line below as root."
+		ewarn "    'chmod 600 \"${save_file}\"'"
+	fi
+
+	elog "If you wish to enable the firewall rules on boot (on systemd) you"
+	elog "will need to enable the nftables-restore service."
+	elog "    'systemd_enable_service basic.target ${PN}-restore.service'"
+	elog
+	elog "If you are creating firewall rules before the next system restart "
+	elog "the nftables-restore service must be manually started in order to "
+	elog "save those rules on shutdown."
+}
author	V3n3RiX <venerix@redcorelinux.org>	2019-12-15 18:09:03 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2019-12-15 18:09:03 +0000
commit	7bc9c63c9da678a7e6fceb095d56c634afd22c56 (patch)
tree	4a67d50a439e9af63947e5f8b6ba3719af98b6c9 /net-firewall
parent	b284a3168fa91a038925d2ecf5e4791011ea5e7d (diff)