From fcc5224904648a8e6eb528d7603154160a20022f Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Wed, 2 Feb 2022 01:39:05 +0000
Subject: gentoo resync : 02.02.2022

---
 net-firewall/Manifest.gz                           | Bin 4538 -> 4541 bytes
 net-firewall/iptables/Manifest                     |   2 +
 .../files/iptables-1.8.7-cache-double-free.patch   |  61 +++++++
 net-firewall/iptables/iptables-1.8.7-r1.ebuild     | 183 ++++++++++++++++++++
 net-firewall/nftables/Manifest                     |   4 +-
 net-firewall/nftables/nftables-1.0.1-r1.ebuild     | 185 +++++++++++++++++++++
 net-firewall/nftables/nftables-1.0.1.ebuild        | 179 --------------------
 net-firewall/nftables/nftables-9999.ebuild         |  36 ++--
 8 files changed, 454 insertions(+), 196 deletions(-)
 create mode 100644 net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch
 create mode 100644 net-firewall/iptables/iptables-1.8.7-r1.ebuild
 create mode 100644 net-firewall/nftables/nftables-1.0.1-r1.ebuild
 delete mode 100644 net-firewall/nftables/nftables-1.0.1.ebuild

(limited to 'net-firewall')

diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index de391c139de2..db3bddaf9304 100644
Binary files a/net-firewall/Manifest.gz and b/net-firewall/Manifest.gz differ
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 99f439827a98..e5289fccb777 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,6 +1,7 @@
 AUX ip6tables-r1.confd 899 BLAKE2B d8c72df359a35798d7a92958ba9a620ab580427a06765850928181d7b4cc25455c586daaad88bd20e61a9c9218dbc0895de38b006526bb04f4f2e998d8062fbe SHA512 553ddf83558edaccf891a366175e47aad950853be0de556581cfa08f614afa1f4139c94b8d8d2884ed69018513edeb966331d4d6a615829ada65fac2066840e5
 AUX iptables-1.8.2-link.patch 785 BLAKE2B 2ef5ac495260eef324f341d5d807e8c59afee8ac4853b46ef8c88765ed786396888d0bcd15822765da5584c25c6cdbbbc6b8b85eb0b8dbdd9b300662b1d59479 SHA512 10f6fdc4e4a37a0becb87f99c49888df366248f02b17037faf83068ef00824ecb61022a40b5551f9c8d2db22262ad738d554296bd6b78765dd5f8baf524b2388
 AUX iptables-1.8.4-no-symlinks.patch 800 BLAKE2B 721d2dcc881f781031d2be48659dcd54568b3e8c25ad19d0505699f0cf8276990b41f2ddf9d5eda5c2a77f66ae9a16ae542c42c6fc2d91b085cc5922121f9b00 SHA512 79601d8a8a352f82f0f3eaf85a7b1f830c9ddc400ae0fadaf08eb1848bb9a2801a886b2b0803bf498e353db1828c0976aa8d30c9ece5fdcf61a203070ed4d7cd
+AUX iptables-1.8.7-cache-double-free.patch 1574 BLAKE2B 475ed5b4d267b32a03b921cb009fa76931a7fc737ecabb70aed3d13b1f64d94bbb69194892c178fed9784d31c3478b00ab6dbc0d6fc5dd0b86a3ae86d8dcd681 SHA512 79e908845804b36a4a581485f61028570f58645aaaee9682d4a7b9609d4a410c8fb7547d082c5b02deafcf342f675da6e2a7e3436333d0ae6f3ce1a770afdc1a
 AUX iptables-r1.confd 890 BLAKE2B 0aaca870e3c03f19a71cf1b210377dfda320faf118359e298bef419eaf280fd11c9726d200ae89602e863c9b48de0bb51ac05424b50c064afe948a980e300153 SHA512 10002da01ded6be0e9bca6041798ad0859fa2212fde077a048443e4f3012c95d86e4580ae426e87af5891368062af9af6f9fd35ed617d24cdd3c51702b816b13
 AUX iptables-r2.init 4384 BLAKE2B d11be1725e25d234e01af86c82d3745fd630b15b3ae2228845c5555db5c2ffdcd920fd565480f76ab91ef2d5b26f9ae96432efc288a1b9aa2abfb5b9bb01d7bf SHA512 8897ab985424c895e261e0fe521921f0da8e09e38394655b0f91c65c0e8f603731faf70489f7a6610c83d6c2fde75f92f309405d72277643165a847e62238df7
 AUX systemd/ip6tables-restore.service 404 BLAKE2B 35cdf804e787aa5cc382cc638de523735ab47b878168c41d8eef85eb592e5bebd9319e75a10db28f0eba6618efae355c90f03ac0798239edeb80d01108e98a47 SHA512 34730df7464354bce11ca5bdceb5cf305e8ab7e2ded2c2689448379e74ff93252e7a83cfe05c2f3238f59a2ade69cd9c328291c28c43b6612bfb7b29fcb0feee
@@ -8,5 +9,6 @@ AUX systemd/ip6tables-store.service 243 BLAKE2B 30a0d955998a2a664c6a95b8e559898a
 AUX systemd/iptables-restore.service 400 BLAKE2B cd7f700cf717a2efb6504770308f7dcb90a1968f64cca98ea5e7437cf3cf2a2e8f575e3743ac19eec8738c665f4243f537a101c00d5d1cc94648688d4e240a59 SHA512 8c005e321ad041068f243e4baa6588b24b0ffd69991f2129dfab0a34d0ebaf702ff2be8b7328126c84abdc3bbd300e1c387a690c5f6a002b50b2e9148feeb8ef
 AUX systemd/iptables-store.service 240 BLAKE2B 7ddb4425e63cd41f421767fab25a7b055087fddde5927291b3fce6e0e978f0cb3b734bcacf02f78257eec99274056b69058436a847dcb366f5fb70032e410355 SHA512 a720e92b5571a2c3427101105e95e555f3b72541a53c5daa43e361c99ca28830e9e8dd27dbd7cfed40fbbe289ed180f9be7e0f3b6b0cd19bba022a531815fd5e
 DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 SHA512 c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75
+EBUILD iptables-1.8.7-r1.ebuild 4777 BLAKE2B 8966c8181c23b7e48554ea34b22a84ce96de655eb3f1f6d40e33793f067415da67eb276cdc28dce0cb48d034c6fc5f72d59001d989eb82d4859e0ca378493b66 SHA512 429aa79710c3f9f73ad0e6d18d768664419ef144432f8acb0c020551a928eaeee75a750395c18b4890d15227f5f0c1abee7f560bcecebfcce624bbfba0d72ad0
 EBUILD iptables-1.8.7.ebuild 4682 BLAKE2B 6d5e8c0d3b9aa4ec0de723547b23dfde616732d4e525299a7a21738cf0f8bb688b8dc4303592790f2ba835f198bde5da71e9b83f0a8f037c8c6adb2aa9ddd78c SHA512 fca30ef62c65af232436f6cd34c12693e4de65886019f12c5cc2bf2165e52d0dae36370e160887616a4d1b4a05aeb6d9476df4a6083ccd553eb37e54cc8fe573
 MISC metadata.xml 1466 BLAKE2B 7378fedb44c6e6d19e508a764ec997911f966beccd40b1f93096ad3343b7cd72f9ca129e67a666c54ca4382348a448597bd607197ffe6b94669d84306c81d127 SHA512 f89038980e81bfceaf872ff1938c47e8ad12060bbe9ff48e0e9ca9dd5acc0196b2261d2b22a156cbfd7be89d1d67448969d39ff9b28efb0896702760afa14842
diff --git a/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch b/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch
new file mode 100644
index 000000000000..fc88636d2944
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch
@@ -0,0 +1,61 @@
+commit 4318961230bce82958df82b57f1796143bf2f421
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Tue Sep 21 11:39:45 2021 +0200
+
+    nft: cache: Avoid double free of unrecognized base-chains
+    
+    On error, nft_cache_add_chain() frees the allocated nft_chain object
+    along with the nftnl_chain it points at. Fix nftnl_chain_list_cb() to
+    not free the nftnl_chain again in that case.
+    
+    Fixes: 176c92c26bfc9 ("nft: Introduce a dedicated base chain array")
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+
+diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
+index 2c88301c..9a03bbfb 100644
+--- a/iptables/nft-cache.c
++++ b/iptables/nft-cache.c
+@@ -314,9 +314,7 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
+ 		goto out;
+ 	}
+ 
+-	if (nft_cache_add_chain(h, t, c))
+-		goto out;
+-
++	nft_cache_add_chain(h, t, c);
+ 	return MNL_CB_OK;
+ out:
+ 	nftnl_chain_free(c);
+diff --git a/iptables/tests/shell/testcases/chain/0004extra-base_0 b/iptables/tests/shell/testcases/chain/0004extra-base_0
+new file mode 100755
+index 00000000..1b85b060
+--- /dev/null
++++ b/iptables/tests/shell/testcases/chain/0004extra-base_0
+@@ -0,0 +1,27 @@
++#!/bin/bash
++
++case $XT_MULTI in
++*xtables-nft-multi)
++	;;
++*)
++	echo skip $XT_MULTI
++	exit 0
++	;;
++esac
++
++set -e
++
++nft -f - <<EOF
++table ip filter {
++        chain INPUT {
++                type filter hook input priority filter
++                counter packets 218 bytes 91375 accept
++        }
++
++        chain x {
++                type filter hook input priority filter
++        }
++}
++EOF
++
++$XT_MULTI iptables -L
diff --git a/net-firewall/iptables/iptables-1.8.7-r1.ebuild b/net-firewall/iptables/iptables-1.8.7-r1.ebuild
new file mode 100644
index 000000000000..f748bdb9f289
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.8.7-r1.ebuild
@@ -0,0 +1,183 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot reflects PV when libxtables and/or libip*tc was changed
+# the last time.
+SLOT="0/1.8.3"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="conntrack ipv6 netlink nftables pcap static-libs"
+
+BUILD_DEPEND="
+	>=app-eselect/eselect-iptables-20200508
+"
+COMMON_DEPEND="
+	conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+	netlink? ( net-libs/libnfnetlink )
+	nftables? (
+		>=net-libs/libmnl-1.0:0=
+		>=net-libs/libnftnl-1.1.6:0=
+	)
+	pcap? ( net-libs/libpcap )
+"
+DEPEND="${COMMON_DEPEND}
+	virtual/os-headers
+	>=sys-kernel/linux-headers-4.4:0
+"
+BDEPEND="${BUILD_DEPEND}
+	app-eselect/eselect-iptables
+	virtual/pkgconfig
+	nftables? (
+		sys-devel/flex
+		virtual/yacc
+	)
+"
+RDEPEND="${COMMON_DEPEND}
+	${BUILD_DEPEND}
+	nftables? ( net-misc/ethertypes )
+	!<net-firewall/ebtables-2.0.11-r1
+	!<net-firewall/arptables-0.0.5-r1
+"
+
+PATCHES=(
+	"${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
+	"${FILESDIR}/iptables-1.8.2-link.patch"
+	# https://bugs.gentoo.org/831626
+	"${FILESDIR}/iptables-1.8.7-cache-double-free.patch"
+)
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm include/linux/{kernel,types}.h || die
+
+	default
+	eautoreconf
+}
+
+src_configure() {
+	# Some libs use $(AR) rather than libtool to build #444282
+	tc-export AR
+
+	# Hack around struct mismatches between userland & kernel for some ABIs. #472388
+	use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		-e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+		configure || die
+
+	local myeconfargs=(
+		--sbindir="${EPREFIX}/sbin"
+		--libexecdir="${EPREFIX}/$(get_libdir)"
+		--enable-devel
+		--enable-shared
+		$(use_enable nftables)
+		$(use_enable pcap bpf-compiler)
+		$(use_enable pcap nfsynproxy)
+		$(use_enable static-libs static)
+		$(use_enable ipv6)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-r2.init iptables
+	newconfd "${FILESDIR}"/${PN}-r1.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		dosym iptables /etc/init.d/ip6tables
+		newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
+	fi
+
+	if use nftables; then
+		# Bug 647458
+		rm "${ED}"/etc/ethertypes || die
+
+		# Bugs 660886 and 669894
+		rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
+	fi
+
+	systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
+	if use ipv6 ; then
+		systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
+	fi
+
+	# Move important libs to /lib #332175
+	gen_usr_ldscript -a ip{4,6}tc xtables
+
+	find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+	local default_iptables="xtables-legacy-multi"
+	if ! eselect iptables show &>/dev/null; then
+		elog "Current iptables implementation is unset, setting to ${default_iptables}"
+		eselect iptables set "${default_iptables}"
+	fi
+
+	if use nftables; then
+		local tables
+		for tables in {arp,eb}tables; do
+			if ! eselect ${tables} show &>/dev/null; then
+				elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
+				eselect ${tables} set xtables-nft-multi
+			fi
+		done
+	fi
+
+	eselect iptables show
+}
+
+pkg_prerm() {
+	if [[ -z ${REPLACED_BY_VERSION} ]]; then
+		elog "Unsetting iptables symlinks before removal"
+		eselect iptables unset
+	fi
+
+	if ! has_version 'net-firewall/ebtables'; then
+		elog "Unsetting ebtables symlinks before removal"
+		eselect ebtables unset
+	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+		elog "Resetting ebtables symlinks to ebtables-legacy"
+		eselect ebtables set ebtables-legacy
+	fi
+
+	if ! has_version 'net-firewall/arptables'; then
+		elog "Unsetting arptables symlinks before removal"
+		eselect arptables unset
+	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+		elog "Resetting arptables symlinks to arptables-legacy"
+		eselect arptables set arptables-legacy
+	fi
+
+	# the eselect module failing should not be fatal
+	return 0
+}
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 1f3727704f34..c96b8bb76853 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -14,6 +14,6 @@ DIST nftables-1.0.1.tar.bz2 954586 BLAKE2B e406699c96b98495f1b6deeab0233873ce20b
 EBUILD nftables-0.9.8-r1.ebuild 4285 BLAKE2B 4c03efb0f42ce1619c8aee1a27fa837dab27ab37c1b4db78428fe5391a0f7b7cd1b1f84c9affc52ee656d85e22055a4eacb4b09a69139239a8e480d8c3339c92 SHA512 d66b7e3072b28495cf87dcb3f55488bde050a3cce741a394b2ab9347f5ceaffca53cd258f530098c1ad87c0447d11c6fa6f77b462a00ff9b6d42caf3e0f7122a
 EBUILD nftables-0.9.9.ebuild 4553 BLAKE2B 54b3de2a5413532de597c7b496dcc83405136e442f1d9dca2e3c3cabe23f0ed8d2e84311d9091b62ec14e284cf768652f924cfd51df537a576d391026d82df2d SHA512 6d17349a2749437becd3d8a75c192e58d6019b49c3e99594d7f0f6989cb84b5a24820b843aed08cf6a43cdf359f63c250b7a00fdf2cb994c93faa31f3ad458b3
 EBUILD nftables-1.0.0.ebuild 4558 BLAKE2B 8365c83cd919817f8c0b7868a3a66b1018e9718b338d7902e7a1a836d19980eb56301359630d0c18f104ac89dce85b36291d190defbbe278521eb473b620b466 SHA512 7220d616f94de73f024290bb9c24fd65a17a68855c1754d9b4b74a60bb2a7005b643d2d356f58809ed638358ce5872e387c62b4e37fb8ce108a3529d6db59809
-EBUILD nftables-1.0.1.ebuild 4565 BLAKE2B 042f2ed9f88017d6c4fe1e43891dc44841575bef0b6e9bfeab992f9566478d48b1bc9ca71ed84627f55344fd7f341475e2582ad68f7cda8862e7b142ae603d9a SHA512 8ca62bd11feae45b8dfe28467570f6d42da2d89bf2280f613bf90e9d031de6af82726a18eabecc476a8ba282605f63de291056ea4acc30a62f2bb13414b9959c
-EBUILD nftables-9999.ebuild 4565 BLAKE2B 042f2ed9f88017d6c4fe1e43891dc44841575bef0b6e9bfeab992f9566478d48b1bc9ca71ed84627f55344fd7f341475e2582ad68f7cda8862e7b142ae603d9a SHA512 8ca62bd11feae45b8dfe28467570f6d42da2d89bf2280f613bf90e9d031de6af82726a18eabecc476a8ba282605f63de291056ea4acc30a62f2bb13414b9959c
+EBUILD nftables-1.0.1-r1.ebuild 4741 BLAKE2B 732080a02f8585a46e3a52d64e888d1210b1e6ae5773ebf6dfa10f7372d7c272aaa727a5815ec997657367e94c9f42e48f112d9539338137614a0987aa9390fb SHA512 626742cd980ea46eedd24aef6c3ffb566d12fcf3ffe9b9c5004031addd2908f91e2aba76b4fd5b3ef03676db2380f59a9565149cbdb07102f891f9b8c3122cd4
+EBUILD nftables-9999.ebuild 4735 BLAKE2B 364499724015c29d6ede31ce9229fc5603a35953c7169e9734279b63d0bb78c94b6852fec33c6c0b420d0abf9db3f281b9ce36eed522e72d55af28e9a07551ad SHA512 1d2045639f63325f2d8a7ace74cd686e9ce5ad74ed68d5016e2e9be6f4b25ecbb437c1c33bdd350349e3d8e819c537ca7fb198d3432dc25cccd5f77fa2cbc3b3
 MISC metadata.xml 933 BLAKE2B 8e76ce489c41dcc01e222d77af40f2ba5cb7ddffc2bc818c6fc8c16e24dc308c125ce4d78db1647e77af96f32c85dd3391f7079e2cee26c129c56557e0c48c8a SHA512 058d38df1dbb2c1d0e611bd992f37498d3977561c3b34846fdf0d569573f2ef93a29a216ab491e583cfc2399c55c839d256dfcf8b1d7aaba63ed6ea90f22df25
diff --git a/net-firewall/nftables/nftables-1.0.1-r1.ebuild b/net-firewall/nftables/nftables-1.0.1-r1.ebuild
new file mode 100644
index 000000000000..584e495b73d4
--- /dev/null
+++ b/net-firewall/nftables/nftables-1.0.1-r1.ebuild
@@ -0,0 +1,185 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7..10} )
+DISTUTILS_OPTIONAL=1
+inherit autotools linux-info distutils-r1 systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+
+if [[ ${PV} =~ ^[9]{4,}$ ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
+
+	BDEPEND="
+		sys-devel/bison
+		sys-devel/flex
+	"
+else
+	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0/1"
+IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables"
+
+RDEPEND="
+	>=net-libs/libmnl-1.0.4:0=
+	>=net-libs/libnftnl-1.2.1:0=
+	gmp? ( dev-libs/gmp:0= )
+	json? ( dev-libs/jansson:= )
+	python? ( ${PYTHON_DEPS} )
+	readline? ( sys-libs/readline:0= )
+	xtables? ( >=net-firewall/iptables-1.6.1 )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND+="
+	doc? (
+		app-text/asciidoc
+		>=app-text/docbook2X-0.8.8-r4
+	)
+	virtual/pkgconfig
+"
+
+REQUIRED_USE="
+	python? ( ${PYTHON_REQUIRED_USE} )
+	libedit? ( !readline )
+"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-0.9.8-slibtool.patch"
+)
+
+pkg_setup() {
+	if kernel_is ge 3 13; then
+		if use modern-kernel && kernel_is lt 3 18; then
+			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
+		fi
+		CONFIG_CHECK="~NF_TABLES"
+		linux-info_pkg_setup
+	else
+		eerror "This package requires kernel version 3.13 or newer to work properly."
+	fi
+}
+
+src_prepare() {
+	default
+
+	# fix installation path for doc stuff
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
+		-i files/nftables/Makefile.am || die
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
+		-i files/osf/Makefile.am || die
+
+	eautoreconf
+
+	if use python; then
+		pushd py >/dev/null || die
+		distutils-r1_src_prepare
+		popd >/dev/null || die
+	fi
+}
+
+src_configure() {
+	local myeconfargs=(
+		# We handle python separately
+		--disable-python
+		--sbindir="${EPREFIX}"/sbin
+		$(use_enable debug)
+		$(use_enable doc man-doc)
+		$(use_with !gmp mini_gmp)
+		$(use_with json)
+		$(use_with libedit cli editline)
+		$(use_with readline cli readline)
+		$(use_enable static-libs static)
+		$(use_with xtables)
+	)
+	econf "${myeconfargs[@]}"
+
+	if use python; then
+		pushd py >/dev/null || die
+		distutils-r1_src_configure
+		popd >/dev/null || die
+	fi
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		pushd py >/dev/null || die
+		distutils-r1_src_compile
+		popd >/dev/null || die
+	fi
+}
+
+src_install() {
+	default
+
+	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
+		pushd doc >/dev/null || die
+		doman *.?
+		popd >/dev/null || die
+	fi
+
+	local mksuffix="$(usex modern-kernel '-mk' '')"
+
+	exeinto /usr/libexec/${PN}
+	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
+	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
+	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
+	keepdir /var/lib/nftables
+
+	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+	if use python ; then
+		pushd py >/dev/null || die
+		distutils-r1_src_install
+		popd >/dev/null || die
+	fi
+
+	find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+	local save_file
+	save_file="${EROOT}/var/lib/nftables/rules-save"
+
+	# In order for the nftables-restore systemd service to start
+	# the save_file must exist.
+	if [[ ! -f "${save_file}" ]]; then
+		( umask 177; touch "${save_file}" )
+	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+		ewarn "Your system has dangerous permissions for ${save_file}"
+		ewarn "It is probably affected by bug #691326."
+		ewarn "You may need to fix the permissions of the file. To do so,"
+		ewarn "you can run the command in the line below as root."
+		ewarn "    'chmod 600 \"${save_file}\"'"
+	fi
+
+	if has_version 'sys-apps/systemd'; then
+		elog "If you wish to enable the firewall rules on boot (on systemd) you"
+		elog "will need to enable the nftables-restore service."
+		elog "    'systemctl enable ${PN}-restore.service'"
+		elog
+		elog "If you are creating firewall rules before the next system restart"
+		elog "the nftables-restore service must be manually started in order to"
+		elog "save those rules on shutdown."
+	fi
+	if has_version 'sys-apps/openrc'; then
+		elog "If you wish to enable the firewall rules on boot (on openrc) you"
+		elog "will need to enable the nftables service."
+		elog "    'rc-update add ${PN} default'"
+		elog
+		elog "If you are creating or updating the firewall rules and wish to save"
+		elog "them to be loaded on the next restart, use the \"save\" functionality"
+		elog "in the init script."
+		elog "    'rc-service ${PN} save'"
+	fi
+}
diff --git a/net-firewall/nftables/nftables-1.0.1.ebuild b/net-firewall/nftables/nftables-1.0.1.ebuild
deleted file mode 100644
index 944c87fea31f..000000000000
--- a/net-firewall/nftables/nftables-1.0.1.ebuild
+++ /dev/null
@@ -1,179 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7..10} )
-
-inherit autotools linux-info python-r1 systemd
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-
-if [[ ${PV} =~ ^[9]{4,}$ ]]; then
-	inherit git-r3
-	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
-
-	BDEPEND="
-		sys-devel/bison
-		sys-devel/flex
-	"
-else
-	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
-	KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
-fi
-
-LICENSE="GPL-2"
-SLOT="0/1"
-IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:0=
-	>=net-libs/libnftnl-1.2.1:0=
-	gmp? ( dev-libs/gmp:0= )
-	json? ( dev-libs/jansson:= )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	xtables? ( >=net-firewall/iptables-1.6.1 )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND+="
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	virtual/pkgconfig
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-	libedit? ( !readline )
-"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-0.9.8-slibtool.patch"
-)
-
-python_make() {
-	emake \
-		-C py \
-		abs_builddir="${S}" \
-		DESTDIR="${D}" \
-		PYTHON_BIN="${PYTHON}" \
-		"${@}"
-}
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
-		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
-		-i files/osf/Makefile.am || die
-
-	eautoreconf
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with libedit cli editline)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		python_foreach_impl python_make
-	fi
-}
-
-src_install() {
-	default
-
-	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		python_foreach_impl python_make install
-		python_foreach_impl python_optimize
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}
diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild
index 944c87fea31f..82923aace969 100644
--- a/net-firewall/nftables/nftables-9999.ebuild
+++ b/net-firewall/nftables/nftables-9999.ebuild
@@ -1,11 +1,11 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
 
 PYTHON_COMPAT=( python3_{7..10} )
-
-inherit autotools linux-info python-r1 systemd
+DISTUTILS_OPTIONAL=1
+inherit autotools linux-info distutils-r1 systemd
 
 DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
 HOMEPAGE="https://netfilter.org/projects/nftables/"
@@ -56,15 +56,6 @@ PATCHES=(
 	"${FILESDIR}/${PN}-0.9.8-slibtool.patch"
 )
 
-python_make() {
-	emake \
-		-C py \
-		abs_builddir="${S}" \
-		DESTDIR="${D}" \
-		PYTHON_BIN="${PYTHON}" \
-		"${@}"
-}
-
 pkg_setup() {
 	if kernel_is ge 3 13; then
 		if use modern-kernel && kernel_is lt 3 18; then
@@ -87,6 +78,12 @@ src_prepare() {
 		-i files/osf/Makefile.am || die
 
 	eautoreconf
+
+	if use python; then
+		pushd py >/dev/null || die
+		distutils-r1_src_prepare
+		popd >/dev/null || die
+	fi
 }
 
 src_configure() {
@@ -104,13 +101,21 @@ src_configure() {
 		$(use_with xtables)
 	)
 	econf "${myeconfargs[@]}"
+
+	if use python; then
+		pushd py >/dev/null || die
+		distutils-r1_src_configure
+		popd >/dev/null || die
+	fi
 }
 
 src_compile() {
 	default
 
 	if use python; then
-		python_foreach_impl python_make
+		pushd py >/dev/null || die
+		distutils-r1_src_compile
+		popd >/dev/null || die
 	fi
 }
 
@@ -134,8 +139,9 @@ src_install() {
 	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
 
 	if use python ; then
-		python_foreach_impl python_make install
-		python_foreach_impl python_optimize
+		pushd py >/dev/null || die
+		distutils-r1_src_install
+		popd >/dev/null || die
 	fi
 
 	find "${ED}" -type f -name "*.la" -delete || die
-- 
cgit v1.2.3