From 07380791d1f4739ba21be6bcc986b575c6fb8b27 Mon Sep 17 00:00:00 2001
From: "Robin H. Johnson" <robbat2@gentoo.org>
Date: Thu, 30 Nov 2017 12:33:14 -0800
Subject: net-firewall/ipset: block modules & CONFIG_PAX_CONSTIFY_PLUGIN

Closes: https://bugs.gentoo.org/614896
Package-Manager: Portage-2.3.16, Repoman-2.3.6
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
---
 net-firewall/ipset/ipset-6.34.ebuild | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'net-firewall')

diff --git a/net-firewall/ipset/ipset-6.34.ebuild b/net-firewall/ipset/ipset-6.34.ebuild
index 292b40eb05d7..98a8e3e335b6 100644
--- a/net-firewall/ipset/ipset-6.34.ebuild
+++ b/net-firewall/ipset/ipset-6.34.ebuild
@@ -36,6 +36,8 @@ pkg_setup() {
 	# It does still build without NET_NS, but it may be needed in future.
 	#CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
 	#ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+	CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN"
+	ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)"
 
 	build_modules=0
 	if use modules; then
-- 
cgit v1.2.3-65-gdbad