Browse code

proftpd 1.3.5-rc mit tls-patch

Hanno Böck authored on 03/03/2014 11:35:36
Showing 8 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,14 @@
1
+AUX proftpd-tmpfiles.d.conf 34 SHA256 75288bb0c76392ae10e7ef3ff27e7b665742cdac8ce4c70dff9f29d645d0f0f3 SHA512 aa6ffbf15e4275941837306259fb426608e82e45a2da4b99c5d7778d11b8c9341e3a12ae9b751d0e173635239b6f1b20f0431be17296c005a83525a48327fa52 WHIRLPOOL d3ef47f4e2abc178c2d153599e7b13148345a470c76410b499e41912f9e90a48c1217e7fdee3d6777b1598dd09840f8bffbd208fa9addbeaaaf9c64058d8df93
2
+AUX proftpd.conf.sample 1275 SHA256 a214b3937f319c70976d29cfcd47c2cd937d1d70b7274c2b241b1e97606e89c0 SHA512 1c26f3e98ed07d89192c640f7823af168c045abee6ab076791aee9d50be5446be870a189979df4b828e7ae907dd40a346f1b92998fa39195195bfada4061c5df WHIRLPOOL a9f71cf50926ccdf5fe1116250c29a4048e7eb7fc7eb73732023b7c6e78c56b02356c001c203d9dc8c46f817471116977f76e961a6b2a60c03ae1d4722d9e3e1
3
+AUX proftpd.initd 1544 SHA256 aed3dd4cbbf1db8a1bd0cbadee66a808b430bbbcc436610407a9911df208f668 SHA512 f11ce49440341633ea4287e8887f8127d954207c5c25b0ae08b6ca1b8f42e90e693f657e45abc465c2c86c1b43a04776c9fb68b04c97a5a43fa17a05ff5ef5c6 WHIRLPOOL 0a8fe89a575491954fa177d6db85792eb5b6639abc9fd2c88358c0a7b64dc300602f5b75e4d90ba984e5d21831d2a5c2d39e98230f138cba463f3680eba49948
4
+AUX proftpd.service 196 SHA256 165235565ca2029c6c33d9e4b73f6da2b0ee08a662fd368dc9260761997b7277 SHA512 12ee7893d37a9d06140b5b6492be74308fe1165a741d4c1b6b690ab4b973f074cad8517fd36af54f2aa452494759d1534c11e70f7212cd55a37cfa439b953062 WHIRLPOOL 3d8f01d1c22a99d2410d492364833a718a008143c76856145372fa15a0cfc5727b1e744ed45e2fcc8303d90b7e10641662342c1b7d0a50c3bdbc3bd5958d8969
5
+AUX proftpd.xinetd 295 SHA256 150a5701f5c2788ecdf2c6ec228ce674963c9dc7bc1c511ad1eba8dfe05e2d5d SHA512 a13d29ca2289f8bd58b4eb317683d57dfb7d608c53f163844349bbf0b896790f5e9f47a27eafda3b8fc78e60f4a0d6859da7c7ced7df852166cf0b8bcad876d4 WHIRLPOOL 8fa187fe6aff903952257013d06f8953159787f03e6a1b1cd105f55bc6ed8fb70f03e02d4600c593152f9fc418b96fd7ac92555cdd6b9a8c59392e7852b8c186
6
+AUX tls-protocol-versions-bug4024.patch 5088 SHA256 b05f8f2e8bacae13b830c0af4aadfbb607c17ec0e4f118718c7fb2663847e807 SHA512 b7cfb3a2796c1ad191796b37c9a0511d6af0a0dd03b02099615a948716cdbfca94f36d01784546bc3136ac2191361c602f86efb2ad19364453f27eb65ec31803 WHIRLPOOL 4a790090a4da7d6c1ade4164cf4d0644b25e1474f8a098175cc0757c69b8da548be218b37f6b2075f1bbd7df693ed79d1c49fd0e51a77676a53fa5e4bc159ae1
7
+DIST mod_clamav-0.11rc.tar.gz 5115 SHA256 87630eb1866066d6320ee711897d8998b8f4915c0498b2e78cc0464abd34855a SHA512 6d33ee7b1c9c8e3fb0a0014dde90cfb1d37daa0f4914f147bb800a8318bcf0e03c7c6748d84cda36c5e5c7cd11ee8114bad9978362f581f367db54d3563f4636 WHIRLPOOL b15024d1011a83a10ce52fb676f1f2162d67750dc137600b624cd04ebd498bb3c9242e4889fd7b73c18224eb483286cb543fc627b27e6a8ff4c9bf35468218b9
8
+DIST mod_gss-1.3.3.tar.gz 115098 SHA256 24702cf0333720730cc269eb30529061365b1384fdce274bc3d46ccfc300934e SHA512 61473f3102e2204a27d691907482a3e86108bb423be54ba47a79ef0d2a0313bcdc022529f8e620bd868453bee1b1169fce74cc454d835fdfd4be964e342bdedb WHIRLPOOL 90a15ca919326fa2b2e21fb2928e5ac39b912681bce015f3bff0b0b0c47241f41cc3c78789797ba2d8a61dafc24a9f1d18bf085808350301c228b6ed62721e80
9
+DIST mod_vroot-0.9.3.tar.gz 28352 SHA256 f16c61ed7fe2d7231e1421f8f1a484f29972e0efe0e8e065ab373c388b0c073c SHA512 08a3e5df26bb4d5875b57af9e97e7e7cf27b2ad6983bfae0fac8a21f4a5be0a487cf0d9d03e9e1c08701eb3f22f2cb51a14c05fe1cba5f4085eb8a31d5142776 WHIRLPOOL be30931f117fc4f0b7de87579b483e41d86ad3ecd2999267a726664b32090cd32e6a7e748d66ddec525ee784ee2974212fd2455af313c13b67ab61625efa29d0
10
+DIST proftpd-1.3.5rc4.tar.gz 7580690 SHA256 bf87251d81acf872bd26c56efb519183eadbb0a4a9446ab689188416edd6e1e4 SHA512 2bee9acca165b4f41c5f151ef9265f7618581149d11c54467caf17be1b9a2745c8cfe60acf0a91dc0547501cf06c1f2f28a7a7a6bc38a107f368b572e2f84e83 WHIRLPOOL ec3ceec673fbf88cc8e044c515616b621d80bdc20831bd023c1abd05e19b848c0975e461840fdbc0450e2d8591d9372667d1d6bff9519720fd4bf04f64bdec5f
11
+DIST proftpd-mod-case-0.7.tar.gz 13184 SHA256 c3f65588250fea7771439933fa754927794f664e99b8d20f99b1e400fea62111 SHA512 c08d13ef82fec36ae75aa3213dd02e0ce4045904849f422e152f039a9da66a45e4423751074b8bcf8ce347a40ce0e7bde798a85cbadc962fd872aeaa898261fc WHIRLPOOL 27f49e9f34099c081add803aa679fd9abe7afa652dffe5d8e42889fef49aeaefd499e1009fc564d6c8f882b3c6dc31d4c6dd08cc06a42b770e7ef76a2ebfcf8a
12
+DIST proftpd-mod-diskuse-0.9.tar.gz 18596 SHA256 424f3fd49237245ec176d27ade0965fe21a0db1d645979d5ae3e55497e3da036 SHA512 d41976bf2810e4b783e775e8c767ca2030c3b5df116219fd31cbbac7feaf9922c315bf4ea092881b0d6cf43f2f4c5dbcae61be3c3a833058d12f962a3024b975 WHIRLPOOL aabd1dc23d6c38d308e859ff778beffd0dabfe70d3530c093cf2f95e80b5e9c94b97b6b5ae5109d031f76ff94dffc3822a7aa60fa30df04523d37ebed99730d6
13
+DIST proftpd-mod-msg-0.4.1.tar.gz 8082 SHA256 255b79d31dc509ffad5d0fbcd469f833a8481e880aa962910c2bc8aa608ca6da SHA512 38ea63b1d355e1e10a6a4477596bf3fa28529a871c9fb8dbf093b5317f0743ef9cb59b986d0b8c1c7ed932dad5d5d571883d596fad2d3b793431824db4487012 WHIRLPOOL ff907e26a354f53231fed94515eb60050dec77118be6f49147e0eb8b79e50c9d73354618bca19d98d32a3fb79d7ba87507cc6c8b269f259c5fcf23d44ad3a906
14
+EBUILD proftpd-1.3.5_rc4.ebuild 7804 SHA256 49e6bf151346bad9dfcb9668f90d5f7f8091295d47589fb29608aecfedf4a070 SHA512 108c819f49ac3d3a7a179fb26654911dc37775a3668cb6531cf2bd8a94e935e1335ac02c6c16a3bce9cd458dc6c8b3e9a5ceb42b97f4cb15cc1d7357aeb10885 WHIRLPOOL 92ef10853e70e82bbe2da248a2f4c29ea4ccbcecd2da1ae50b798d047030a61bb32cde32501246947b34dba91b8cefe3c916d4ad4b411b5fb9e57baddd9bc82a
0 15
new file mode 100644
... ...
@@ -0,0 +1 @@
1
+d /var/run/proftpd 0755 root root
0 2
new file mode 100644
... ...
@@ -0,0 +1,53 @@
1
+# This is a sample ProFTPD configuration file for Gentoo Linux (rename
2
+# it to 'proftpd.conf' for actual use). It establishes a single server
3
+# and a single anonymous login.
4
+
5
+ServerName "ProFTPD Default Server"
6
+ServerType standalone
7
+DefaultServer on
8
+RequireValidShell off
9
+AuthPAM off
10
+AuthPAMConfig ftp
11
+
12
+# Listen on the standard FTP port 21.
13
+Port 21
14
+
15
+# New directories and files should not be group or world writable.
16
+Umask 022
17
+
18
+# To prevent DoS attacks set the maximum number of child processes
19
+# to 30. If you need to allow more than 30 concurrent connections
20
+# at once simply increase this value.
21
+MaxInstances 30
22
+
23
+# The server will run under ftp/ftp.
24
+User ftp
25
+Group ftp
26
+
27
+# Every FTP sessions is "jailed" into the user's home directory.
28
+DefaultRoot ~
29
+
30
+# Generally files are overwritable.
31
+AllowOverwrite on
32
+
33
+# Disallow the use of the SITE CHMOD command.
34
+<Limit SITE_CHMOD>
35
+  DenyAll
36
+</Limit>
37
+
38
+# A basic anonymous FTP account without an upload directory.
39
+<Anonymous ~ftp>
40
+  User ftp
41
+  Group ftp
42
+
43
+  # Clients can login with the username "anonymous" and "ftp".
44
+  UserAlias anonymous ftp
45
+
46
+  # Limit the maximum number of parallel anonymous logins to 10.
47
+  MaxClients 10
48
+
49
+  # Prohibit the WRITE command for the anonymous users.
50
+  <Limit WRITE>
51
+    DenyAll
52
+  </Limit>
53
+</Anonymous>
0 54
new file mode 100644
... ...
@@ -0,0 +1,52 @@
1
+#!/sbin/runscript
2
+# Copyright 1999-2013 Gentoo Foundation
3
+# Distributed under the terms of the GNU General Public License v2
4
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/files/proftpd.initd,v 1.5 2013/01/14 02:58:52 floppym Exp $
5
+
6
+extra_started_commands="reload"
7
+
8
+depend() {
9
+	need net
10
+	use logger dns mysql postgresql antivirus
11
+}
12
+
13
+check_configuration() {
14
+	if [ ! -e /etc/proftpd/proftpd.conf ] ; then
15
+		eerror "To execute the ProFTPD server you need a /etc/proftpd/proftpd.conf configuration"
16
+		eerror "file. In /etc/proftpd you can find a sample configuration."
17
+		return 1
18
+	fi
19
+	/usr/sbin/proftpd -t &>/dev/null
20
+	if [ $? -ne 0 ] ; then
21
+		eerror "The ProFTPD configuration file /etc/proftpd/proftpd.conf is invalid! You have to"
22
+		eerror "fix your configuration in order to run the ProFTPD server. For more information"
23
+		eerror "you may execute the ProFTPD configuration check '/usr/sbin/proftpd -t'."
24
+		return 2
25
+	fi
26
+}
27
+
28
+start() {
29
+	checkpath -d /var/run/proftpd
30
+	[ "${RC_CMD}" = "restart" ] || check_configuration || return 1
31
+	ebegin "Starting ProFTPD"
32
+	start-stop-daemon --start --quiet \
33
+		--exec /usr/sbin/proftpd \
34
+		--pidfile /var/run/proftpd/proftpd.pid
35
+	eend $?
36
+}
37
+
38
+stop() {
39
+	[ "${RC_CMD}" != "restart" ] || check_configuration || return 1
40
+	ebegin "Stopping ProFTPD"
41
+	start-stop-daemon --stop --quiet --retry 20 \
42
+		--pidfile /var/run/proftpd/proftpd.pid
43
+	eend $?
44
+}
45
+
46
+reload() {
47
+	check_configuration || return 1
48
+	ebegin "Reloading ProFTPD"
49
+	start-stop-daemon --quiet --signal HUP \
50
+		--pidfile /var/run/proftpd/proftpd.pid
51
+	eend $?
52
+}
0 53
new file mode 100644
... ...
@@ -0,0 +1,12 @@
1
+[Unit]
2
+Description=ProFTPd FTP daemon
3
+
4
+[Service]
5
+Type=simple
6
+ExecStart=/usr/sbin/proftpd --nodaemon
7
+StandardOutput=syslog
8
+StandardError=syslog
9
+Restart=always
10
+
11
+[Install]
12
+WantedBy=multi-user.target
0 13
new file mode 100644
... ...
@@ -0,0 +1,15 @@
1
+#
2
+# ProFTPd FTP daemon - http://www.proftpd.org
3
+#
4
+service ftp
5
+{
6
+       flags		= REUSE
7
+       socket_type	= stream
8
+       instances	= 30
9
+       wait		= no
10
+       user		= root
11
+       server		= /usr/sbin/proftpd
12
+       log_on_success	= HOST PID
13
+       log_on_failure	= HOST
14
+       disable		= yes
15
+}
0 16
new file mode 100644
... ...
@@ -0,0 +1,148 @@
1
+Index: contrib/mod_tls.c
2
+===================================================================
3
+RCS file: /cvsroot/proftp/proftpd/contrib/mod_tls.c,v
4
+retrieving revision 1.333
5
+diff -u -r1.333 mod_tls.c
6
+--- contrib/mod_tls.c	28 Feb 2014 15:18:50 -0000	1.333
7
+@@ -390,7 +390,7 @@
8
+ #define TLS_PROTO_TLS_V1		0x0002
9
+ #define TLS_PROTO_TLS_V1_1		0x0004
10
+ #define TLS_PROTO_TLS_V1_2		0x0008
11
+-#define TLS_PROTO_DEFAULT		TLS_PROTO_SSL_V3|TLS_PROTO_TLS_V1
12
++#define TLS_PROTO_DEFAULT		(TLS_PROTO_SSL_V3|TLS_PROTO_TLS_V1)
13
+ 
14
+ #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
15
+ static int tls_ssl_opts = (SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE)^SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
16
+@@ -2751,6 +2751,32 @@
17
+   return 0;
18
+ }
19
+ 
20
++static const char *tls_get_proto_str(pool *p, unsigned int protos) {
21
++  char *proto_str = "";
22
++
23
++  if (protos & TLS_PROTO_SSL_V3) {
24
++    proto_str = pstrcat(p, proto_str, *proto_str ? ", " : "",
25
++      "SSLv3", NULL);
26
++  }
27
++
28
++  if (protos & TLS_PROTO_TLS_V1) {
29
++    proto_str = pstrcat(p, proto_str, *proto_str ? ", " : "",
30
++      "TLSv1", NULL);
31
++  }
32
++
33
++  if (protos & TLS_PROTO_TLS_V1_1) {
34
++    proto_str = pstrcat(p, proto_str, *proto_str ? ", " : "",
35
++      "TLSv1.1", NULL);
36
++  }
37
++
38
++  if (protos & TLS_PROTO_TLS_V1_2) {
39
++    proto_str = pstrcat(p, proto_str, *proto_str ? ", " : "",
40
++      "TLSv1.2", NULL);
41
++  }
42
++
43
++  return proto_str;
44
++}
45
++
46
+ static int tls_init_server(void) {
47
+   config_rec *c = NULL;
48
+   char *tls_ca_cert = NULL, *tls_ca_path = NULL, *tls_ca_chain = NULL;
49
+@@ -2763,8 +2789,7 @@
50
+     tls_protocol = *((unsigned int *) c->argv[0]);
51
+   }
52
+ 
53
+-  if ((tls_protocol & TLS_PROTO_SSL_V3) &&
54
+-      (tls_protocol & TLS_PROTO_TLS_V1)) {
55
++  if (tls_protocol == TLS_PROTO_DEFAULT) {
56
+     /* This is the default, so there is no need to do anything. */
57
+ #if OPENSSL_VERSION_NUMBER >= 0x10001000L
58
+     pr_log_debug(DEBUG8, MOD_TLS_VERSION ": supporting SSLv3, TLSv1, TLSv1.1, TLSv1.2 protocols");
59
+@@ -2772,26 +2797,75 @@
60
+     pr_log_debug(DEBUG8, MOD_TLS_VERSION ": supporting SSLv3, TLSv1 protocols");
61
+ #endif /* OpenSSL-1.0.1 or later */
62
+ 
63
+-  } else if (tls_protocol & TLS_PROTO_SSL_V3) {
64
++  } else if (tls_protocol == TLS_PROTO_SSL_V3) {
65
+     SSL_CTX_set_ssl_version(ssl_ctx, SSLv3_server_method());
66
+     pr_log_debug(DEBUG8, MOD_TLS_VERSION ": supporting SSLv3 protocol only");
67
+ 
68
+-  } else if (tls_protocol & TLS_PROTO_TLS_V1) {
69
++  } else if (tls_protocol == TLS_PROTO_TLS_V1) {
70
+     SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_server_method());
71
+     pr_log_debug(DEBUG8, MOD_TLS_VERSION ": supporting TLSv1 protocol only");
72
+ 
73
+ #if OPENSSL_VERSION_NUMBER >= 0x10001000L
74
+-  } else if (tls_protocol & TLS_PROTO_TLS_V1_1) {
75
++  } else if (tls_protocol == TLS_PROTO_TLS_V1_1) {
76
+     SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_1_server_method());
77
+     pr_log_debug(DEBUG8, MOD_TLS_VERSION ": supporting TLSv1.1 protocol only");
78
+ 
79
+-  } else if (tls_protocol & TLS_PROTO_TLS_V1_2) {
80
++  } else if (tls_protocol == TLS_PROTO_TLS_V1_2) {
81
+     SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_2_server_method());
82
+     pr_log_debug(DEBUG8, MOD_TLS_VERSION ": supporting TLSv1.2 protocol only");
83
+ 
84
+ #endif /* OpenSSL-1.0.1 or later */
85
++
86
++  } else {
87
++    int disable_proto = (SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1);
88
++
89
++#ifdef SSL_OP_NO_TLSv1_1
90
++    disable_proto |= SSL_OP_NO_TLSv1_1;
91
++#endif
92
++#ifdef SSL_OP_NO_TLSv1_2
93
++    disable_proto |= SSL_OP_NO_TLSv1_2;
94
++#endif
95
++
96
++    /* For any other value of tls_protocol, it will be a combination of
97
++     * protocol versions.  Thus we MUST use SSLv23_server_method(), and then
98
++     * try to use SSL_CTX_set_options() to restrict/disable the protocol
99
++     * versions which are NOT requested.
100
++     */
101
++
102
++    if (tls_protocol & TLS_PROTO_SSL_V3) {
103
++      /* Clear the "no SSLv3" option. */
104
++      disable_proto &= ~SSL_OP_NO_SSLv3;
105
++    }
106
++
107
++    if (tls_protocol & TLS_PROTO_TLS_V1) {
108
++      /* Clear the "no TLSv1" option. */
109
++      disable_proto &= ~SSL_OP_NO_TLSv1;
110
++    }
111
++
112
++    if (tls_protocol & TLS_PROTO_TLS_V1_1) {
113
++#ifdef SSL_OP_NO_TLSv1_1
114
++      /* Clear the "no TLSv1.1" option. */
115
++      disable_proto &= ~SSL_OP_NO_TLSv1_1;
116
++#endif
117
++    }
118
++
119
++    if (tls_protocol & TLS_PROTO_TLS_V1_2) {
120
++#ifdef SSL_OP_NO_TLSv1_2
121
++      /* Clear the "no TLSv1.2" option. */
122
++      disable_proto &= ~SSL_OP_NO_TLSv1_2;
123
++#endif
124
++    }
125
++
126
++    /* Per the comments in <ssl/ssl.h>, SSL_CTX_set_options() uses |= on
127
++     * the previous value.  This means we can easily OR in our new option
128
++     * values with any previously set values.
129
++     */
130
++    pr_log_debug(DEBUG8, MOD_TLS_VERSION ": supporting %s protocols only",
131
++      tls_get_proto_str(main_server->pool, tls_protocol));
132
++    SSL_CTX_set_options(ssl_ctx, disable_proto);
133
+   }
134
+ 
135
++
136
+   tls_ca_cert = get_param_ptr(main_server->conf, "TLSCACertificateFile", FALSE);
137
+   tls_ca_path = get_param_ptr(main_server->conf, "TLSCACertificatePath", FALSE);
138
+ 
139
+@@ -2817,7 +2891,7 @@
140
+ 
141
+     if (SSL_CTX_set_default_verify_paths(ssl_ctx) != 1) {
142
+       tls_log("error setting default verification locations: %s",
143
+-          tls_get_errors());
144
++        tls_get_errors());
145
+     }
146
+   }
147
+ 
0 148
new file mode 100644
... ...
@@ -0,0 +1,241 @@
1
+# Copyright 1999-2013 Gentoo Foundation
2
+# Distributed under the terms of the GNU General Public License v2
3
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/proftpd-1.3.4d.ebuild,v 1.10 2013/09/14 10:37:51 ago Exp $
4
+
5
+EAPI=5
6
+inherit eutils multilib systemd
7
+
8
+MOD_CASE="0.7"
9
+MOD_CLAMAV="0.11rc"
10
+MOD_DISKUSE="0.9"
11
+MOD_GSS="1.3.3"
12
+MOD_MSG="0.4.1"
13
+MOD_VROOT="0.9.3"
14
+
15
+DESCRIPTION="An advanced and very configurable FTP server."
16
+HOMEPAGE="http://www.proftpd.org/
17
+	http://www.castaglia.org/proftpd/
18
+	http://www.thrallingpenguin.com/resources/mod_clamav.htm
19
+	http://gssmod.sourceforge.net/"
20
+SRC_URI="ftp://ftp.proftpd.org/distrib/source/${P/_/}.tar.gz
21
+	case? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-case-${MOD_CASE}.tar.gz )
22
+	clamav? ( https://secure.thrallingpenguin.com/redmine/attachments/download/1/mod_clamav-${MOD_CLAMAV}.tar.gz )
23
+	diskuse? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-diskuse-${MOD_DISKUSE}.tar.gz )
24
+	kerberos? ( mirror://sourceforge/gssmod/mod_gss-${MOD_GSS}.tar.gz )
25
+	msg? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-msg-${MOD_MSG}.tar.gz )
26
+	vroot? ( https://github.com/Castaglia/${PN}-mod_vroot/archive/mod_vroot-${MOD_VROOT}.tar.gz )"
27
+LICENSE="GPL-2"
28
+
29
+SLOT="0"
30
+KEYWORDS="alpha amd64 arm hppa ~ia64 ~mips ppc ppc64 sparc x86 ~x86-fbsd"
31
+IUSE="acl authfile ban +caps case clamav copy ctrls deflate diskuse doc dso dynmasq exec ifsession ifversion ident ipv6
32
+	kerberos ldap linguas_bg_BG linguas_en_US linguas_fr_FR linguas_it_IT linguas_ja_JP linguas_ko_KR
33
+	linguas_ru_RU linguas_zh_CN linguas_zh_TW memcache msg mysql ncurses nls openssl pam +pcre postgres qos radius
34
+	ratio readme rewrite selinux sftp shaper sitemisc softquota sqlite ssl tcpd test trace vroot xinetd"
35
+REQUIRED_USE="ban? ( ctrls )
36
+	msg? ( ctrls )
37
+	sftp? ( openssl )
38
+	shaper? ( ctrls )
39
+	ssl? ( openssl )"
40
+
41
+CDEPEND="acl? ( virtual/acl )
42
+	caps? ( sys-libs/libcap )
43
+	clamav? ( app-antivirus/clamav )
44
+	kerberos? ( virtual/krb5 )
45
+	ldap? ( net-nds/openldap )
46
+	memcache? ( >=dev-libs/libmemcached-0.41 )
47
+	mysql? ( virtual/mysql )
48
+	nls? ( virtual/libiconv )
49
+	ncurses? ( sys-libs/ncurses )
50
+	openssl? ( dev-libs/openssl )
51
+	pam? ( virtual/pam )
52
+	pcre? ( dev-libs/libpcre )
53
+	postgres? ( dev-db/postgresql-base )
54
+	sqlite? ( dev-db/sqlite:3 )
55
+	xinetd? ( virtual/inetd )"
56
+DEPEND="${CDEPEND}
57
+	test? ( dev-libs/check )"
58
+RDEPEND="${CDEPEND}
59
+	net-ftp/ftpbase
60
+	selinux? ( sec-policy/selinux-ftp )"
61
+
62
+S="${WORKDIR}/${P/_/}"
63
+
64
+__prepare_module() {
65
+	local mod_name=$1
66
+	local mod_topdir=${WORKDIR}/${2:-${mod_name}}
67
+
68
+	mv "${mod_topdir}/${mod_name}.c" contrib || die
69
+	mv "${mod_topdir}/${mod_name}.html" doc/contrib || die
70
+	rm -r "${mod_topdir}" || die
71
+}
72
+
73
+src_prepare() {
74
+#	epatch "${FILESDIR}"/${P}-sftp-kbdint-max-responses-bug3973.patch
75
+#	epatch "${FILESDIR}"/${P}-memset-fix.patch
76
+	epatch "${FILESDIR}//tls-protocol-versions-bug4024.patch"
77
+
78
+	# Skip 'install-conf' / Support LINGUAS
79
+	sed -i -e "/install-all/s/ install-conf//" Makefile.in
80
+	sed -i -e "s/^LANGS=.*$/LANGS=${LINGUAS}/" locale/Makefile.in
81
+
82
+	# Prepare external modules
83
+	use case && __prepare_module mod_case
84
+	if use clamav ; then
85
+		mv "${WORKDIR}"/mod_clamav-${MOD_CLAMAV}/mod_clamav.{c,h} contrib
86
+		epatch "${WORKDIR}"/mod_clamav-${MOD_CLAMAV}/${PN}.patch
87
+		rm -r "${WORKDIR}"/mod_clamav-${MOD_CLAMAV}
88
+	fi
89
+	use msg && __prepare_module mod_msg
90
+	use vroot && __prepare_module mod_vroot ${PN}-mod_vroot-mod_vroot-${MOD_VROOT}
91
+
92
+	# Prepare external kerberos module
93
+	if use kerberos ; then
94
+		cd "${WORKDIR}"/mod_gss-${MOD_GSS}
95
+
96
+		# Support app-crypt/heimdal / Gentoo Bug #284853
97
+		sed -i -e "s/krb5_principal2principalname/_\0/" mod_auth_gss.c.in
98
+
99
+		# Remove obsolete DES / Gentoo Bug #324903
100
+		# Replace 'rpm' lookups / Gentoo Bug #391021
101
+		sed -i -e "/ac_gss_libs/s/ -ldes425//" \
102
+			-e "s/ac_libdir=\`rpm -q -l.*$/ac_libdir=\/usr\/$(get_libdir)\//" \
103
+			-e "s/ac_includedir=\`rpm -q -l.*$/ac_includedir=\/usr\/include\//" configure{,.in}
104
+	fi
105
+}
106
+
107
+src_configure() {
108
+	local c m
109
+
110
+	use acl && m="${m}:mod_facl"
111
+	use ban && m="${m}:mod_ban"
112
+	use case && m="${m}:mod_case"
113
+	use clamav && m="${m}:mod_clamav"
114
+	use copy && m="${m}:mod_copy"
115
+	use ctrls && m="${m}:mod_ctrls_admin"
116
+	use deflate && m="${m}:mod_deflate"
117
+	if use diskuse ; then
118
+		cd "${WORKDIR}"/mod_diskuse
119
+		econf
120
+		mv mod_diskuse.{c,h} "${S}"/contrib
121
+		mv mod_diskuse.html "${S}"/doc/contrib
122
+		cd "${S}"
123
+		rm -r "${WORKDIR}"/mod_diskuse
124
+		m="${m}:mod_diskuse"
125
+	fi
126
+	use dynmasq && mym="${mym}:mod_dynmasq"
127
+	use exec && m="${m}:mod_exec"
128
+	use ifsession && m="${m}:mod_ifsession"
129
+	use ifversion && m="${m}:mod_ifversion"
130
+	if use kerberos ; then
131
+		cd "${WORKDIR}"/mod_gss-${MOD_GSS}
132
+		if has_version app-crypt/mit-krb5 ; then
133
+			econf --enable-mit
134
+		else
135
+			econf --enable-heimdal
136
+		fi
137
+		mv mod_{auth_gss,gss}.c "${S}"/contrib
138
+		mv mod_gss.h "${S}"/include
139
+		mv README.mod_{auth_gss,gss} "${S}"
140
+		mv mod_gss.html "${S}"/doc/contrib
141
+		mv rfc{1509,2228}.txt "${S}"/doc/rfc
142
+		cd "${S}"
143
+		rm -r "${WORKDIR}"/mod_gss-${MOD_GSS}
144
+		m="${m}:mod_gss:mod_auth_gss"
145
+	fi
146
+	use ldap && m="${m}:mod_ldap"
147
+	use msg && mym="${mym}:mod_msg"
148
+	if use mysql || use postgres || use sqlite ; then
149
+		m="${m}:mod_sql:mod_sql_passwd"
150
+		use mysql && m="${m}:mod_sql_mysql"
151
+		use postgres && m="${m}:mod_sql_postgres"
152
+		use sqlite && m="${m}:mod_sql_sqlite"
153
+	fi
154
+	use qos && m="${m}:mod_qos"
155
+	use radius && m="${m}:mod_radius"
156
+	use ratio && m="${m}:mod_ratio"
157
+	use readme && m="${m}:mod_readme"
158
+	use rewrite && m="${m}:mod_rewrite"
159
+	if use sftp ; then
160
+		m="${m}:mod_sftp"
161
+		use pam && m="${m}:mod_sftp_pam"
162
+		use mysql || use postgres || use sqlite && m="${m}:mod_sftp_sql"
163
+	fi
164
+	use shaper && m="${m}:mod_shaper"
165
+	use sitemisc && m="${m}:mod_site_misc"
166
+	if use softquota ; then
167
+		m="${m}:mod_quotatab:mod_quotatab_file"
168
+		use ldap && m="${m}:mod_quotatab_ldap"
169
+		use radius && m="${m}:mod_quotatab_radius"
170
+		use mysql || use postgres || use sqlite && m="${m}:mod_quotatab_sql"
171
+	fi
172
+	if use ssl ; then
173
+		m="${m}:mod_tls:mod_tls_shmcache"
174
+		use memcache && m="${m}:mod_tls_memcache"
175
+	fi
176
+	if use tcpd ; then
177
+		m="${m}:mod_wrap2:mod_wrap2_file"
178
+		use mysql || use postgres || use sqlite && m="${m}:mod_wrap2_sql"
179
+	fi
180
+	use vroot && m="${m}:mod_vroot"
181
+
182
+	[ -z ${m} ] || c="${c} --with-modules=${m:1}"
183
+	econf --localstatedir=/var/run/proftpd --sysconfdir=/etc/proftpd --disable-strip \
184
+		$(use_enable acl facl) \
185
+		$(use_enable authfile auth-file) \
186
+		$(use_enable caps cap) \
187
+		$(use_enable ctrls) \
188
+		$(use_enable dso) \
189
+		$(use_enable ident) \
190
+		$(use_enable ipv6) \
191
+		$(use_enable memcache) \
192
+		$(use_enable ncurses) \
193
+		$(use_enable nls) \
194
+		$(use_enable openssl) \
195
+		$(use_enable pam auth-pam) \
196
+		$(use_enable pcre) \
197
+		$(use_enable test tests) \
198
+		$(use_enable trace) \
199
+		$(use_enable userland_GNU shadow) \
200
+		$(use_enable userland_GNU autoshadow) \
201
+		${c:1}
202
+}
203
+
204
+src_test() {
205
+	emake api-tests -C tests
206
+}
207
+
208
+src_install() {
209
+	default
210
+	[ -z ${LINGUAS} ] && rm -r "${ED}"/usr/share/locale
211
+	newinitd "${FILESDIR}"/proftpd.initd proftpd
212
+	insinto /etc/proftpd
213
+	doins "${FILESDIR}"/proftpd.conf.sample
214
+
215
+	if use xinetd ; then
216
+		insinto /etc/xinetd.d
217
+		newins "${FILESDIR}"/proftpd.xinetd proftpd
218
+	fi
219
+
220
+	dodoc ChangeLog CREDITS INSTALL NEWS README* RELEASE_NOTES
221
+	if use doc ; then
222
+		dohtml doc/*.html doc/contrib/*.html doc/howto/*.html doc/modules/*.html
223
+		docinto rfc
224
+		dodoc doc/rfc/*.txt
225
+	fi
226
+
227
+	systemd_dounit       "${FILESDIR}"/${PN}.service
228
+	systemd_newtmpfilesd "${FILESDIR}"/${PN}-tmpfiles.d.conf ${PN}.conf
229
+}
230
+
231
+pkg_postinst() {
232
+	if use tcpd ; then
233
+		ewarn
234
+		ewarn "Important: Since ProFTPD 1.3.4rc2 the module mod_wrap for TCP Wrapper"
235
+		ewarn "support has been replaced by mod_wrap2 which is more configurable and"
236
+		ewarn "portable.  But you have to adjust your configuration before restaring"
237
+		ewarn "ProFTPD. On the following website you can find more information:"
238
+		ewarn "  http://proftpd.org/docs/contrib/mod_wrap2.html"
239
+		ewarn
240
+	fi
241
+}