gentoo resync : 20.03.2022

10 files changed, 311 insertions, 24 deletions

diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index c96b8bb76853..f7a6d599d897 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -2,6 +2,9 @@ AUX libexec/nftables-mk.sh 1070 BLAKE2B 30d8109d74e7d8c4f51c753f676f91a1902ad42f
 AUX libexec/nftables.sh 3665 BLAKE2B 74362a4425e974e74e7b895980002f0ded2ecbb4731bbf956edb56ffb9f1ad394802c4eeab3af3735eba4d8e71572a5663e564ce4e7fad76c9715043b90c1b43 SHA512 6cb1ac0928ae2da5c69764d45c52a661a6d72698bb9edd6a603580d2f9bd82b59f2a2661e7569ade3a3b729459d115004f251ad6a5eac8cdf1d38c65bfa9349e
 AUX man-pages/gen-manpages.bash 1797 BLAKE2B c93cc311570abd674a12eb88711cf01664f437b8dc0fb4de36194f36671d92c35e04fcff6c56adcb0e642f089169f63ef063736398584e5e7ce799bf55acf2ff SHA512 ea3291412ce13d9dd463403fcc11c665c9de63edaabdecaf55e051b52b0ff845c9c7d63a6c4c08e4d2d94428815fe11daf9b7390081b4e9de4774e188b9ea677
 AUX nftables-0.9.8-slibtool.patch 427 BLAKE2B 00ab37efe35a68818af21d91781eb6610574a164743c9aea4458aea2efd6ce50aa788ac4a667d37ed3a686e6802e9feb8a4145f2debc9fb379d3621ed002d6df SHA512 8969d2db4aa2ddb5e352c864af5f85aa95849c0ffbc0b5d0fb4f9b848a3a35ab1aa2e747a9c6f4911fc1cdf0f4eb2032d863bfc10e4dcc120604735e7e04f911
+AUX nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch 1062 BLAKE2B 65306c5f920c6179ebd064737a1713d0af7f94ca3b813aa19a1abe5162f88d5507d290fdbdcb05729a83bf1c7d36bc0a61252b224b44896722a89e71982ec8bf SHA512 1d2fed0ca10ee5f7beab94808a73a0002ec6ba63deaa44ab87fdd97d869f0da776ce6c09834d9c6bc7393ae80aca7a326ab1e8df0b122ad016cba5627fd4fffa
+AUX nftables-1.0.2-compilation.patch 1188 BLAKE2B 524298dbe639ee9c613d9314cd6ad10abe058534bc6fd1773aeab14fc76103247817ff472e4c7b03e5d2adda5ce84172bb98aac548d432e64f61222d85c6f43c SHA512 d438ec732840eeddfb123e184d00e7b54590e85004a7e89bbacfac48602e36b5082f29a3848ed54769f5155b162beeda7eee58f788fc917dfb598e1ad986694d
+AUX nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch 960 BLAKE2B d37f4f2dd72268303170d5d1af1a52e922724fc578afbaf85d05eb5f7beaef3cb67cff37f324cb2adb5b41a7e9b656c51142e6c122a8ea8ecae3ede84e46f7ff SHA512 e1a4da28d62bb09b1e4acdbb3acef211b640715ed0aae93c5206debc3dd2367385aa0c06a9f9a94297c21fb25d659d3e3d51463261d9e4eef269c2c450f0f4e1
 AUX nftables-mk.confd 899 BLAKE2B f4c3d82fbae87fb0d755af786a98db591b6a667cf33660ba9275ada2e6417fad1899a7f29762f23c112fc5c9e178bc7590c3b2ba26617853c3577917bd7d3edf SHA512 505ed05674a04367f1a3d5cf6447596ad1c3b2e9c920697f12f58a20d94c2a39b0041bb4911678511c4548566a69d964661d4afc3e7e27997943b875f204c602
 AUX nftables-mk.init-r1 1970 BLAKE2B 9ece7da364eac76ef2ac401f4cc3ed558e926e8f07ab43f084de819098e9543bda0a9a8d40375e4e01dd6e53b92d744acf8f3caaeab1c3678ca84b1f48d59685 SHA512 9f1e491ba5fd8a1173eb055bfa5a0de3c040c158e7d54848fcd373a5f4c4041df6fb9ddc5b0e8fdfd78243665c627b8767816bcf94dd142b441b21227206fef3
 AUX nftables.confd 655 BLAKE2B 5512be1edd43e270941de3d9b66fda69e4afd7c7e6e970b232a044c2fd64f8e50b9b55a4fe670174c3eabf3d176ee0158c1043baec4b76b0802e7e97bc862fcf SHA512 8370abcdc89fcd9da5dc7d1620be6afb4633b8bcd0a8a120b464cc1a7e1fab6f34956c293da3f6d3cbe1f7a2e03038fd0c94a614137ae5657d29ffdb5f3fa144
@@ -11,9 +14,11 @@ DIST nftables-0.9.8.tar.bz2 879516 BLAKE2B 5063090d648668f4d5ae6d4be48ebecc65dfd
 DIST nftables-0.9.9.tar.bz2 922624 BLAKE2B 8de2709576a26ca84a8d694f7cb06cad2bb2fb4671ba21ffc32c0d5997e8124ae7cd794dafddf4db48d8a49c280b48b07d2a31b6c18f6647fdb67cfe7f065b61 SHA512 dfdd3ffc0ffc1742ca0494a3f8fac1c7b2fe942849e60d33fc3cb8a51e27bd39e1ccfeda2195191377a32bb5363ea244f4c3e71b4a6d930f33bf87e17a534fab
 DIST nftables-1.0.0.tar.bz2 921053 BLAKE2B ee86a323170433c3ba62f80118947864aac0fe0aaeb48afeb5a116a48782185c83313ef1b5735c7749eb5eccb88f252b444d1ee908be25bdaa4d9c0b833c1dc2 SHA512 33460bef4ee76b7caa44fa5515357127ae84be468448cc838dd31919b6e045ba6195b761118d4c8a4219a9f008c4416542ce784f4daad94f3b44c0626bcdd014
 DIST nftables-1.0.1.tar.bz2 954586 BLAKE2B e406699c96b98495f1b6deeab0233873ce20b43c13c162eafea1e6b371961123a69f3d5e7bd2f1bedfdbe58fed56ba3e2dae962b88657af6f4ab5b3743fb6373 SHA512 a0db4d82725509d2a9c638ba7ba55547ad7b5138a5fe686b0e90260d6a65e060dd72a470969c1d69e945303bd2bfc33b2021d9f4141b88befefddc61b7afe10d
-EBUILD nftables-0.9.8-r1.ebuild 4285 BLAKE2B 4c03efb0f42ce1619c8aee1a27fa837dab27ab37c1b4db78428fe5391a0f7b7cd1b1f84c9affc52ee656d85e22055a4eacb4b09a69139239a8e480d8c3339c92 SHA512 d66b7e3072b28495cf87dcb3f55488bde050a3cce741a394b2ab9347f5ceaffca53cd258f530098c1ad87c0447d11c6fa6f77b462a00ff9b6d42caf3e0f7122a
-EBUILD nftables-0.9.9.ebuild 4553 BLAKE2B 54b3de2a5413532de597c7b496dcc83405136e442f1d9dca2e3c3cabe23f0ed8d2e84311d9091b62ec14e284cf768652f924cfd51df537a576d391026d82df2d SHA512 6d17349a2749437becd3d8a75c192e58d6019b49c3e99594d7f0f6989cb84b5a24820b843aed08cf6a43cdf359f63c250b7a00fdf2cb994c93faa31f3ad458b3
-EBUILD nftables-1.0.0.ebuild 4558 BLAKE2B 8365c83cd919817f8c0b7868a3a66b1018e9718b338d7902e7a1a836d19980eb56301359630d0c18f104ac89dce85b36291d190defbbe278521eb473b620b466 SHA512 7220d616f94de73f024290bb9c24fd65a17a68855c1754d9b4b74a60bb2a7005b643d2d356f58809ed638358ce5872e387c62b4e37fb8ce108a3529d6db59809
-EBUILD nftables-1.0.1-r1.ebuild 4741 BLAKE2B 732080a02f8585a46e3a52d64e888d1210b1e6ae5773ebf6dfa10f7372d7c272aaa727a5815ec997657367e94c9f42e48f112d9539338137614a0987aa9390fb SHA512 626742cd980ea46eedd24aef6c3ffb566d12fcf3ffe9b9c5004031addd2908f91e2aba76b4fd5b3ef03676db2380f59a9565149cbdb07102f891f9b8c3122cd4
-EBUILD nftables-9999.ebuild 4735 BLAKE2B 364499724015c29d6ede31ce9229fc5603a35953c7169e9734279b63d0bb78c94b6852fec33c6c0b420d0abf9db3f281b9ce36eed522e72d55af28e9a07551ad SHA512 1d2045639f63325f2d8a7ace74cd686e9ce5ad74ed68d5016e2e9be6f4b25ecbb437c1c33bdd350349e3d8e819c537ca7fb198d3432dc25cccd5f77fa2cbc3b3
+DIST nftables-1.0.2.tar.bz2 970781 BLAKE2B 650ae6badb574ff3628d21c8aa99f81e73932dd172b3569618696100bf3853b9a108bf0296dcf9d615ae7c0fbec84b48266299b62cf755d181d19c626f8a3cd4 SHA512 560d23c6e369eafd7b354d29fe73d46154e4a74dec000178c1aea47751fe535d20c4e6bbecd3955eb2b327c7a60b1269e5c6dc5781498546b639fa2d1367a9ca
+EBUILD nftables-0.9.8-r2.ebuild 4285 BLAKE2B ebc540b040a7d33d614709a469045672598c1e778fdacdcf233e980d3683aed9a59c0e04f929c0bd944bb79e2d89d5d0d41598b1ff446aca1d3b20d59c2b013b SHA512 5a80918c983d31609881fd96671e697abaf86b20f1024d9bbce7e0d4c7996f0f33ed72c4458d9bf73412eea1ecb2570f4983288de7ecc460569ae94e380030de
+EBUILD nftables-0.9.9-r1.ebuild 4553 BLAKE2B 540457437c02723382787e9fdf062845c38286f5cab3419010239c61ed3e6b965cde6365e97c047c07c1ffe75e064a9d26d2cab445cef97e6d1660e67f8e494d SHA512 13d287e808d24645659873d8708c547d91ae52f3a3ea66606b0fc87a9bf7aac4432555fab0dc82896302dabaa90f5df823ed13bc370e28ad5e2491567f88932c
+EBUILD nftables-1.0.0-r1.ebuild 4558 BLAKE2B c341d163bf665694a618c9f8eae1b26be0e67c24ed4db6339651530c2a840f23c9e9aa240e296dd697ae93505e7af11a04ad32b9bde9d53ef93e266e25b70d10 SHA512 e8b30662a5e5c640157a81b0064d598c584b7181d0211eb1ab24049159a0f6ae1672fbd9d4779a75bc3c1a9732d33b0c3f534b2b37cc308af6f574217b5fba69
+EBUILD nftables-1.0.1-r2.ebuild 4733 BLAKE2B 5635e341e1171637261d280d02e0579b1c6480adb81f84704caec7c7e37f389004e95fb28672459eddb02d70a536dcf1e3789b119347f4d4a0de1dfc2e9dbd20 SHA512 f0a29c90fd40c9057ebb047e3d8f6612d429e3778ffa6c54fe7f9b575aaaa66a0b61903ab0e9ac076486fd5a800960182c1a55037713aecd219770f900027565
+EBUILD nftables-1.0.2-r1.ebuild 4938 BLAKE2B d4d4257ffeeea8bd0bf6b23d01a539ab0ad7d70c8092b231272a8d7a2607aec47347af938e4a39065f504c889bffed2e7fd21c538c22cc72496ea4e454188edc SHA512 eec6bcc51f611f8e3794fe2e8f6d20bccd066db76622f0806558c42af99ad6de110c72fde0f372b025a5c262949ce64a9d53d64db63a147a80bb3aa0fb4d3e21
+EBUILD nftables-9999.ebuild 4735 BLAKE2B a40d65c44b5de6ed205056bc22a36d48f3e8e997ac273319764458dbb1de3fc5f579bea757ef20c1eeca806c11187f60e6e53133028620814db919c96d261ea2 SHA512 ad40ab2f97a0bfe4b3ba8f8fec3a9875cad4b5dad4398a831d48167cc27ee9d159db997d78a988ec998206f5a00758d3063b6513c1fb92d8056c7047344c9d5f
 MISC metadata.xml 933 BLAKE2B 8e76ce489c41dcc01e222d77af40f2ba5cb7ddffc2bc818c6fc8c16e24dc308c125ce4d78db1647e77af96f32c85dd3391f7079e2cee26c129c56557e0c48c8a SHA512 058d38df1dbb2c1d0e611bd992f37498d3977561c3b34846fdf0d569573f2ef93a29a216ab491e583cfc2399c55c839d256dfcf8b1d7aaba63ed6ea90f22df25
diff --git a/net-firewall/nftables/files/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch b/net-firewall/nftables/files/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch
new file mode 100644
index 000000000000..41c3de5bc83b
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch
@@ -0,0 +1,27 @@
+https://git.netfilter.org/nftables/commit/src?id=1d507ce7f1d3c12481ee24bd1dcac2fc1984ee9f
+
+From: Sam James <sam@gentoo.org>
+Date: Thu, 24 Feb 2022 19:45:43 +0000
+Subject: build: explicitly pass --version-script to linker
+
+--version-script is a linker option, so let's use -Wl, so that
+libtool handles it properly. It seems like the previous method gets silently
+ignored with GNU libtool in some cases(?) and downstream in Gentoo,
+we had to apply this change to make the build work with slibtool anyway.
+
+But it's indeed correct in any case, so let's swap.
+
+Signed-off-by: Sam James <sam@gentoo.org>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -91,7 +91,7 @@ libparser_la_CFLAGS = ${AM_CFLAGS} \
+ 
+ libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBNFTNL_LIBS} libparser.la
+ libnftables_la_LDFLAGS = -version-info ${libnftables_LIBVERSION} \
+-			 --version-script=$(srcdir)/libnftables.map
++			 -Wl,--version-script=$(srcdir)/libnftables.map
+ 
+ if BUILD_MINIGMP
+ noinst_LTLIBRARIES += libminigmp.la
+cgit v1.2.3
diff --git a/net-firewall/nftables/files/nftables-1.0.2-compilation.patch b/net-firewall/nftables/files/nftables-1.0.2-compilation.patch
new file mode 100644
index 000000000000..96670c1d9531
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-1.0.2-compilation.patch
@@ -0,0 +1,36 @@
+https://git.netfilter.org/nftables/commit/?id=18a08fb7f0443f8bde83393bd6f69e23a04246b3
+
+From 18a08fb7f0443f8bde83393bd6f69e23a04246b3 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Tue, 22 Feb 2022 00:56:36 +0100
+Subject: examples: compile with `make check' and add AM_CPPFLAGS
+
+Compile examples via `make check' like libnftnl does. Use AM_CPPFLAGS to
+specify local headers via -I.
+
+Unfortunately, `make distcheck' did not catch this compile time error in
+my system, since it was using the nftables/libnftables.h file of the
+previous nftables release.
+
+Fixes: 5b364657a35f ("build: missing SUBIRS update")
+Fixes: caf2a6ad2d22 ("examples: add libnftables example program")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ examples/Makefile.am | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/examples/Makefile.am b/examples/Makefile.am
+index c972170d..3b8b0b67 100644
+--- a/examples/Makefile.am
++++ b/examples/Makefile.am
+@@ -1,4 +1,6 @@
+-noinst_PROGRAMS	= nft-buffer		\
++check_PROGRAMS	= nft-buffer		\
+ 		  nft-json-file
+ 
++AM_CPPFLAGS = -I$(top_srcdir)/include
++
+ LDADD = $(top_builddir)/src/libnftables.la
+-- 
+cgit v1.2.3
+
diff --git a/net-firewall/nftables/files/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch b/net-firewall/nftables/files/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch
new file mode 100644
index 000000000000..09841d482222
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch
@@ -0,0 +1,31 @@
+https://git.netfilter.org/nftables/commit/src?id=e98a9b83cd52c7c75bedb3dad46539b197ed17ba
+
+From: Sam James <sam@gentoo.org>
+Date: Thu, 24 Feb 2022 19:45:42 +0000
+Subject: libnftables.map: export new nft_ctx_{get,set}_optimize API
+
+[ Remove incorrect symbol names were exported via .map file ]
+
+Without this, we're not explicitly saying this is part of the
+public API.
+
+This new API was added in 1.0.2 and is used by e.g. the main
+nft binary. Noticed when fixing the version-script option
+(separate patch) which picked up this problem when .map
+was missing symbols (related to when symbol visibility
+options get set).
+
+Signed-off-by: Sam James <sam@gentoo.org>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+--- a/src/libnftables.map
++++ b/src/libnftables.map
+@@ -30,6 +30,6 @@ LIBNFTABLES_2 {
+ } LIBNFTABLES_1;
+ 
+ LIBNFTABLES_3 {
+-  nft_set_optimize;
+-  nft_get_optimize;
++  nft_ctx_set_optimize;
++  nft_ctx_get_optimize;
+ } LIBNFTABLES_2;
+cgit v1.2.3
diff --git a/net-firewall/nftables/nftables-0.9.8-r1.ebuild b/net-firewall/nftables/nftables-0.9.8-r2.ebuild
index 17044fb39c47..58bf1cc65087 100644
--- a/net-firewall/nftables/nftables-0.9.8-r1.ebuild
+++ b/net-firewall/nftables/nftables-0.9.8-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -19,11 +19,11 @@ IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables"
 RDEPEND="
 	>=net-libs/libmnl-1.0.4:0=
 	>=net-libs/libnftnl-1.1.9:0=
-	gmp? ( dev-libs/gmp:0= )
+	gmp? ( dev-libs/gmp:= )
 	json? ( dev-libs/jansson:= )
 	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	xtables? ( >=net-firewall/iptables-1.6.1 )
+	readline? ( sys-libs/readline:= )
+	xtables? ( >=net-firewall/iptables-1.6.1:= )
 "
 
 DEPEND="${RDEPEND}"
diff --git a/net-firewall/nftables/nftables-0.9.9.ebuild b/net-firewall/nftables/nftables-0.9.9-r1.ebuild
index 3a44d46ef975..40d4fbc36744 100644
--- a/net-firewall/nftables/nftables-0.9.9.ebuild
+++ b/net-firewall/nftables/nftables-0.9.9-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -30,11 +30,11 @@ IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xt
 RDEPEND="
 	>=net-libs/libmnl-1.0.4:0=
 	>=net-libs/libnftnl-1.2.0:0=
-	gmp? ( dev-libs/gmp:0= )
+	gmp? ( dev-libs/gmp:= )
 	json? ( dev-libs/jansson:= )
 	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	xtables? ( >=net-firewall/iptables-1.6.1 )
+	readline? ( sys-libs/readline:= )
+	xtables? ( >=net-firewall/iptables-1.6.1:= )
 "
 
 DEPEND="${RDEPEND}"
diff --git a/net-firewall/nftables/nftables-1.0.0.ebuild b/net-firewall/nftables/nftables-1.0.0-r1.ebuild
index 6285ac74649d..31bd6d1de988 100644
--- a/net-firewall/nftables/nftables-1.0.0.ebuild
+++ b/net-firewall/nftables/nftables-1.0.0-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -30,11 +30,11 @@ IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xt
 RDEPEND="
 	>=net-libs/libmnl-1.0.4:0=
 	>=net-libs/libnftnl-1.2.0:0=
-	gmp? ( dev-libs/gmp:0= )
+	gmp? ( dev-libs/gmp:= )
 	json? ( dev-libs/jansson:= )
 	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	xtables? ( >=net-firewall/iptables-1.6.1 )
+	readline? ( sys-libs/readline:= )
+	xtables? ( >=net-firewall/iptables-1.6.1:= )
 "
 
 DEPEND="${RDEPEND}"
diff --git a/net-firewall/nftables/nftables-1.0.1-r1.ebuild b/net-firewall/nftables/nftables-1.0.1-r2.ebuild
index 584e495b73d4..3ab5c9291110 100644
--- a/net-firewall/nftables/nftables-1.0.1-r1.ebuild
+++ b/net-firewall/nftables/nftables-1.0.1-r2.ebuild
@@ -20,7 +20,7 @@ if [[ ${PV} =~ ^[9]{4,}$ ]]; then
 	"
 else
 	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
-	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+	KEYWORDS="amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86"
 fi
 
 LICENSE="GPL-2"
@@ -30,11 +30,11 @@ IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xt
 RDEPEND="
 	>=net-libs/libmnl-1.0.4:0=
 	>=net-libs/libnftnl-1.2.1:0=
-	gmp? ( dev-libs/gmp:0= )
+	gmp? ( dev-libs/gmp:= )
 	json? ( dev-libs/jansson:= )
 	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	xtables? ( >=net-firewall/iptables-1.6.1 )
+	readline? ( sys-libs/readline:= )
+	xtables? ( >=net-firewall/iptables-1.6.1:= )
 "
 
 DEPEND="${RDEPEND}"
diff --git a/net-firewall/nftables/nftables-1.0.2-r1.ebuild b/net-firewall/nftables/nftables-1.0.2-r1.ebuild
new file mode 100644
index 000000000000..8b7db17f23e8
--- /dev/null
+++ b/net-firewall/nftables/nftables-1.0.2-r1.ebuild
@@ -0,0 +1,188 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..10} )
+DISTUTILS_OPTIONAL=1
+inherit autotools linux-info distutils-r1 systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+
+if [[ ${PV} =~ ^[9]{4,}$ ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
+
+	BDEPEND="
+		sys-devel/bison
+		sys-devel/flex
+	"
+else
+	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0/1"
+IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables"
+
+RDEPEND="
+	>=net-libs/libmnl-1.0.4:0=
+	>=net-libs/libnftnl-1.2.1:0=
+	gmp? ( dev-libs/gmp:= )
+	json? ( dev-libs/jansson:= )
+	python? ( ${PYTHON_DEPS} )
+	readline? ( sys-libs/readline:= )
+	xtables? ( >=net-firewall/iptables-1.6.1:= )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND+="
+	doc? (
+		app-text/asciidoc
+		>=app-text/docbook2X-0.8.8-r4
+	)
+	virtual/pkgconfig
+"
+
+REQUIRED_USE="
+	python? ( ${PYTHON_REQUIRED_USE} )
+	libedit? ( !readline )
+"
+
+PATCHES=(
+	"${FILESDIR}/nftables-1.0.2-compilation.patch"
+	"${FILESDIR}/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch"
+	"${FILESDIR}/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch"
+)
+
+pkg_setup() {
+	if kernel_is ge 3 13; then
+		if use modern-kernel && kernel_is lt 3 18; then
+			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
+		fi
+		CONFIG_CHECK="~NF_TABLES"
+		linux-info_pkg_setup
+	else
+		eerror "This package requires kernel version 3.13 or newer to work properly."
+	fi
+}
+
+src_prepare() {
+	default
+
+	# fix installation path for doc stuff
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
+		-i files/nftables/Makefile.am || die
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
+		-i files/osf/Makefile.am || die
+
+	eautoreconf
+
+	if use python; then
+		pushd py >/dev/null || die
+		distutils-r1_src_prepare
+		popd >/dev/null || die
+	fi
+}
+
+src_configure() {
+	local myeconfargs=(
+		# We handle python separately
+		--disable-python
+		--disable-static
+		--sbindir="${EPREFIX}"/sbin
+		$(use_enable debug)
+		$(use_enable doc man-doc)
+		$(use_with !gmp mini_gmp)
+		$(use_with json)
+		$(use_with libedit cli editline)
+		$(use_with readline cli readline)
+		$(use_enable static-libs static)
+		$(use_with xtables)
+	)
+	econf "${myeconfargs[@]}"
+
+	if use python; then
+		pushd py >/dev/null || die
+		distutils-r1_src_configure
+		popd >/dev/null || die
+	fi
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		pushd py >/dev/null || die
+		distutils-r1_src_compile
+		popd >/dev/null || die
+	fi
+}
+
+src_install() {
+	default
+
+	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
+		pushd doc >/dev/null || die
+		doman *.?
+		popd >/dev/null || die
+	fi
+
+	local mksuffix="$(usex modern-kernel '-mk' '')"
+
+	exeinto /usr/libexec/${PN}
+	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
+	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
+	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
+	keepdir /var/lib/nftables
+
+	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+	if use python ; then
+		pushd py >/dev/null || die
+		distutils-r1_src_install
+		popd >/dev/null || die
+	fi
+
+	find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+	local save_file
+	save_file="${EROOT}/var/lib/nftables/rules-save"
+
+	# In order for the nftables-restore systemd service to start
+	# the save_file must exist.
+	if [[ ! -f "${save_file}" ]]; then
+		( umask 177; touch "${save_file}" )
+	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+		ewarn "Your system has dangerous permissions for ${save_file}"
+		ewarn "It is probably affected by bug #691326."
+		ewarn "You may need to fix the permissions of the file. To do so,"
+		ewarn "you can run the command in the line below as root."
+		ewarn "    'chmod 600 \"${save_file}\"'"
+	fi
+
+	if has_version 'sys-apps/systemd'; then
+		elog "If you wish to enable the firewall rules on boot (on systemd) you"
+		elog "will need to enable the nftables-restore service."
+		elog "    'systemctl enable ${PN}-restore.service'"
+		elog
+		elog "If you are creating firewall rules before the next system restart"
+		elog "the nftables-restore service must be manually started in order to"
+		elog "save those rules on shutdown."
+	fi
+	if has_version 'sys-apps/openrc'; then
+		elog "If you wish to enable the firewall rules on boot (on openrc) you"
+		elog "will need to enable the nftables service."
+		elog "    'rc-update add ${PN} default'"
+		elog
+		elog "If you are creating or updating the firewall rules and wish to save"
+		elog "them to be loaded on the next restart, use the \"save\" functionality"
+		elog "in the init script."
+		elog "    'rc-service ${PN} save'"
+	fi
+}
diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild
index 82923aace969..d6697d8a7eef 100644
--- a/net-firewall/nftables/nftables-9999.ebuild
+++ b/net-firewall/nftables/nftables-9999.ebuild
@@ -30,11 +30,11 @@ IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xt
 RDEPEND="
 	>=net-libs/libmnl-1.0.4:0=
 	>=net-libs/libnftnl-1.2.1:0=
-	gmp? ( dev-libs/gmp:0= )
+	gmp? ( dev-libs/gmp:= )
 	json? ( dev-libs/jansson:= )
 	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	xtables? ( >=net-firewall/iptables-1.6.1 )
+	readline? ( sys-libs/readline:= )
+	xtables? ( >=net-firewall/iptables-1.6.1:= )
 "
 
 DEPEND="${RDEPEND}"