net-firewall/ipset: block modules & CONFIG_PAX_CONSTIFY_PLUGIN

Closes: https://bugs.gentoo.org/614896
Package-Manager: Portage-2.3.16, Repoman-2.3.6
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

diff --git a/net-firewall/ipset/ipset-6.34.ebuild b/net-firewall/ipset/ipset-6.34.ebuild
index 292b40eb05d7c82b9e07dd931ee3ed2a86f67c1c..98a8e3e335b6d4fa4460d136b7517de65de91176 100644 (file)
--- a/net-firewall/ipset/ipset-6.34.ebuild
+++ b/net-firewall/ipset/ipset-6.34.ebuild
@@ -36,6 +36,8 @@ pkg_setup() {
        # It does still build without NET_NS, but it may be needed in future.
        #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
        #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+       CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN"
+       ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)"
 
        build_modules=0
        if use modules; then