From 89b2b973f06a8be98a052a6e9ba17c5e1642874e Mon Sep 17 00:00:00 2001
From: Thomas Deutschmann <whissi@gentoo.org>
Date: Thu, 31 Jan 2019 18:52:42 +0100
Subject: net-ftp/pure-ftpd: add TLS 1.3 support

Package-Manager: Portage-2.3.58, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
---
 .../pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch |  46 +++++++
 net-ftp/pure-ftpd/pure-ftpd-1.0.47-r2.ebuild       | 141 --------------------
 net-ftp/pure-ftpd/pure-ftpd-1.0.47-r3.ebuild       | 142 +++++++++++++++++++++
 3 files changed, 188 insertions(+), 141 deletions(-)
 create mode 100644 net-ftp/pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch
 delete mode 100644 net-ftp/pure-ftpd/pure-ftpd-1.0.47-r2.ebuild
 create mode 100644 net-ftp/pure-ftpd/pure-ftpd-1.0.47-r3.ebuild

diff --git a/net-ftp/pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch b/net-ftp/pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch
new file mode 100644
index 000000000000..65f19bf49da7
--- /dev/null
+++ b/net-ftp/pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch
@@ -0,0 +1,46 @@
+From 4a495c61ce22c893aed5ee57f6ce0b43c3be59ad Mon Sep 17 00:00:00 2001
+From: Frank Denis <github@pureftpd.org>
+Date: Wed, 19 Sep 2018 23:53:45 +0200
+Subject: [PATCH] TLS1.3 compatibility
+
+Fixes #94
+---
+ src/tls.c | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/src/tls.c b/src/tls.c
+index c693d3b..f383ed9 100644
+--- a/src/tls.c
++++ b/src/tls.c
+@@ -228,7 +228,16 @@ static void ssl_info_cb(const SSL *cnx, int where, int ret)
+     if ((where & SSL_CB_HANDSHAKE_START) != 0) {
+         if ((cnx == tls_cnx && tls_cnx_handshook != 0) ||
+             (cnx == tls_data_cnx && tls_data_cnx_handshook != 0)) {
+-            die(400, LOG_ERR, "TLS renegociation");
++            const SSL_CIPHER *cipher;
++            const char *cipher_version;
++            if ((cipher = SSL_get_current_cipher(cnx)) == NULL ||
++                (cipher_version = SSL_CIPHER_get_version(cipher)) == NULL) {
++                die(400, LOG_ERR, "No cipher");
++            }
++            if (strcmp(cipher_version, "TLSv1.3") != 0) {
++                die(400, LOG_ERR, "TLS renegociation");
++                return;
++            }
+         }
+         return;
+     }
+@@ -264,10 +273,10 @@ int tls_init_library(void)
+     OpenSSL_add_all_algorithms();
+ # else
+     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
+-		     OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
++                     OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+     OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
+-			OPENSSL_INIT_ADD_ALL_DIGESTS |
+-			OPENSSL_INIT_LOAD_CONFIG, NULL);
++                        OPENSSL_INIT_ADD_ALL_DIGESTS |
++                        OPENSSL_INIT_LOAD_CONFIG, NULL);
+ # endif
+     while (RAND_status() == 0) {
+         rnd = zrand();
diff --git a/net-ftp/pure-ftpd/pure-ftpd-1.0.47-r2.ebuild b/net-ftp/pure-ftpd/pure-ftpd-1.0.47-r2.ebuild
deleted file mode 100644
index 864c1ad82373..000000000000
--- a/net-ftp/pure-ftpd/pure-ftpd-1.0.47-r2.ebuild
+++ /dev/null
@@ -1,141 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic
-
-KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ppc ppc64 sparc x86"
-
-DESCRIPTION="Fast, production-quality, standard-conformant FTP server"
-HOMEPAGE="http://www.pureftpd.org/"
-SRC_URI="ftp://ftp.pureftpd.org/pub/${PN}/releases/${P}.tar.bz2
-	http://download.pureftpd.org/pub/${PN}/releases/${P}.tar.bz2"
-
-LICENSE="BSD"
-SLOT="0"
-
-IUSE="anondel anonperm anonren anonres caps charconv implicittls ldap libressl mysql noiplog pam paranoidmsg postgres resolveids selinux ssl sysquota vchroot xinetd"
-
-REQUIRED_USE="implicittls? ( ssl )"
-
-DEPEND="caps? ( sys-libs/libcap )
-	charconv? ( virtual/libiconv )
-	ldap? ( >=net-nds/openldap-2.0.25 )
-	mysql? ( || (
-		dev-db/mariadb-connector-c
-		dev-db/mysql-connector-c
-	) )
-	pam? ( virtual/pam )
-	postgres? ( dev-db/postgresql:= )
-	ssl? (
-		!libressl? ( >=dev-libs/openssl-0.9.6g:0=[-bindist] )
-		libressl? ( dev-libs/libressl:= )
-	)
-	sysquota? ( sys-fs/quota[-rpc] )
-	xinetd? ( virtual/inetd )"
-
-RDEPEND="${DEPEND}
-	dev-libs/libsodium:=
-	net-ftp/ftpbase
-	selinux? ( sec-policy/selinux-ftp )"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-1.0.28-pam.patch"
-	"${FILESDIR}/${PN}-1.0.47-MAX_DATA_SIZE.patch"
-)
-
-src_configure() {
-	# adjust max user length to something more appropriate
-	# for virtual hosts. See bug #62472 for details.
-	sed -e "s:# define MAX_USER_LENGTH 32U:# define MAX_USER_LENGTH 127U:" \
-		-i "${S}/src/ftpd.h" || die "sed failed"
-
-	# Those features are only configurable like this, see bug #179375.
-	use anondel && append-cppflags -DANON_CAN_DELETE
-	use anonperm && append-cppflags -DANON_CAN_CHANGE_PERMS
-	use anonren && append-cppflags -DANON_CAN_RENAME
-	use anonres && append-cppflags -DANON_CAN_RESUME
-	use resolveids && append-cppflags -DALWAYS_RESOLVE_IDS
-
-	# Do not auto-use SSP -- let the user select this.
-	export ax_cv_check_cflags___fstack_protector_all=no
-
-	local myeconfargs=(
-		--enable-largefile
-		--with-altlog
-		--with-cookie
-		--with-diraliases
-		--with-extauth
-		--with-ftpwho
-		--with-language=${PUREFTPD_LANG:=english}
-		--with-peruserlimits
-		--with-privsep
-		--with-puredb
-		--with-quotas
-		--with-ratios
-		--with-throttling
-		--with-uploadscript
-		--with-virtualhosts
-		$(use_with charconv rfc2640)
-		$(use_with ldap)
-		$(use_with mysql)
-		$(use_with pam)
-		$(use_with paranoidmsg)
-		$(use_with postgres pgsql)
-		$(use_with ssl tls)
-		$(use_with implicittls)
-		$(use_with vchroot virtualchroot)
-		$(use_with sysquota sysquotas)
-		$(usex caps '' '--without-capabilities')
-		$(usex noiplog '--without-iplogging' '')
-		$(usex xinetd '' '--without-inetd')
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_install() {
-	local DOCS=( AUTHORS CONTACT ChangeLog FAQ HISTORY INSTALL README* NEWS )
-
-	default
-
-	newinitd "${FILESDIR}/pure-ftpd.rc11" ${PN}
-	newconfd "${FILESDIR}/pure-ftpd.conf_d-3" ${PN}
-
-	if use implicittls ; then
-		sed -i '/^SERVER/s@21@990@' "${ED}"/etc/conf.d/${PN} \
-			|| die "Adjusting default server port for implicittls usage failed!"
-	fi
-
-	keepdir /var/lib/run/${PN}
-
-	if use xinetd ; then
-		insinto /etc/xinetd.d
-		newins "${FILESDIR}/pure-ftpd.xinetd" ${PN}
-	fi
-
-	if use ldap ; then
-		insinto /etc/openldap/schema
-		doins pureftpd.schema
-		insinto /etc/openldap
-		insopts -m 0600
-		doins pureftpd-ldap.conf
-	fi
-}
-
-pkg_postinst() {
-	if [[ -z "${REPLACING_VERSIONS}" ]]; then
-		# This is a new installation
-		elog
-		elog "Before starting Pure-FTPd, you have to edit the /etc/conf.d/pure-ftpd file!"
-		elog
-		ewarn "It's *really* important to read the README provided with Pure-FTPd!"
-		ewarn "Check out http://download.pureftpd.org/pub/pure-ftpd/doc/README for general info"
-		ewarn "and http://download.pureftpd.org/pub/pure-ftpd/doc/README.TLS for SSL/TLS info."
-		ewarn
-		if use charconv ; then
-			ewarn "Charset conversion is an *experimental* feature!"
-			ewarn "Remember to set a valid charset for your filesystem in the configuration!"
-		fi
-	fi
-}
diff --git a/net-ftp/pure-ftpd/pure-ftpd-1.0.47-r3.ebuild b/net-ftp/pure-ftpd/pure-ftpd-1.0.47-r3.ebuild
new file mode 100644
index 000000000000..58e90f89ddc0
--- /dev/null
+++ b/net-ftp/pure-ftpd/pure-ftpd-1.0.47-r3.ebuild
@@ -0,0 +1,142 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic
+
+KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ppc ppc64 sparc x86"
+
+DESCRIPTION="Fast, production-quality, standard-conformant FTP server"
+HOMEPAGE="http://www.pureftpd.org/"
+SRC_URI="ftp://ftp.pureftpd.org/pub/${PN}/releases/${P}.tar.bz2
+	http://download.pureftpd.org/pub/${PN}/releases/${P}.tar.bz2"
+
+LICENSE="BSD"
+SLOT="0"
+
+IUSE="anondel anonperm anonren anonres caps charconv implicittls ldap libressl mysql noiplog pam paranoidmsg postgres resolveids selinux ssl sysquota vchroot xinetd"
+
+REQUIRED_USE="implicittls? ( ssl )"
+
+DEPEND="caps? ( sys-libs/libcap )
+	charconv? ( virtual/libiconv )
+	ldap? ( >=net-nds/openldap-2.0.25 )
+	mysql? ( || (
+		dev-db/mariadb-connector-c
+		dev-db/mysql-connector-c
+	) )
+	pam? ( virtual/pam )
+	postgres? ( dev-db/postgresql:= )
+	ssl? (
+		!libressl? ( >=dev-libs/openssl-0.9.6g:0=[-bindist] )
+		libressl? ( dev-libs/libressl:= )
+	)
+	sysquota? ( sys-fs/quota[-rpc] )
+	xinetd? ( virtual/inetd )"
+
+RDEPEND="${DEPEND}
+	dev-libs/libsodium:=
+	net-ftp/ftpbase
+	selinux? ( sec-policy/selinux-ftp )"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-1.0.28-pam.patch"
+	"${FILESDIR}/${PN}-1.0.47-MAX_DATA_SIZE.patch"
+	"${FILESDIR}/${PN}-1.0.47-TLSv1.3.patch"
+)
+
+src_configure() {
+	# adjust max user length to something more appropriate
+	# for virtual hosts. See bug #62472 for details.
+	sed -e "s:# define MAX_USER_LENGTH 32U:# define MAX_USER_LENGTH 127U:" \
+		-i "${S}/src/ftpd.h" || die "sed failed"
+
+	# Those features are only configurable like this, see bug #179375.
+	use anondel && append-cppflags -DANON_CAN_DELETE
+	use anonperm && append-cppflags -DANON_CAN_CHANGE_PERMS
+	use anonren && append-cppflags -DANON_CAN_RENAME
+	use anonres && append-cppflags -DANON_CAN_RESUME
+	use resolveids && append-cppflags -DALWAYS_RESOLVE_IDS
+
+	# Do not auto-use SSP -- let the user select this.
+	export ax_cv_check_cflags___fstack_protector_all=no
+
+	local myeconfargs=(
+		--enable-largefile
+		--with-altlog
+		--with-cookie
+		--with-diraliases
+		--with-extauth
+		--with-ftpwho
+		--with-language=${PUREFTPD_LANG:=english}
+		--with-peruserlimits
+		--with-privsep
+		--with-puredb
+		--with-quotas
+		--with-ratios
+		--with-throttling
+		--with-uploadscript
+		--with-virtualhosts
+		$(use_with charconv rfc2640)
+		$(use_with ldap)
+		$(use_with mysql)
+		$(use_with pam)
+		$(use_with paranoidmsg)
+		$(use_with postgres pgsql)
+		$(use_with ssl tls)
+		$(use_with implicittls)
+		$(use_with vchroot virtualchroot)
+		$(use_with sysquota sysquotas)
+		$(usex caps '' '--without-capabilities')
+		$(usex noiplog '--without-iplogging' '')
+		$(usex xinetd '' '--without-inetd')
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	local DOCS=( AUTHORS CONTACT ChangeLog FAQ HISTORY INSTALL README* NEWS )
+
+	default
+
+	newinitd "${FILESDIR}/pure-ftpd.rc11" ${PN}
+	newconfd "${FILESDIR}/pure-ftpd.conf_d-3" ${PN}
+
+	if use implicittls ; then
+		sed -i '/^SERVER/s@21@990@' "${ED}"/etc/conf.d/${PN} \
+			|| die "Adjusting default server port for implicittls usage failed!"
+	fi
+
+	keepdir /var/lib/run/${PN}
+
+	if use xinetd ; then
+		insinto /etc/xinetd.d
+		newins "${FILESDIR}/pure-ftpd.xinetd" ${PN}
+	fi
+
+	if use ldap ; then
+		insinto /etc/openldap/schema
+		doins pureftpd.schema
+		insinto /etc/openldap
+		insopts -m 0600
+		doins pureftpd-ldap.conf
+	fi
+}
+
+pkg_postinst() {
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+		elog
+		elog "Before starting Pure-FTPd, you have to edit the /etc/conf.d/pure-ftpd file!"
+		elog
+		ewarn "It's *really* important to read the README provided with Pure-FTPd!"
+		ewarn "Check out http://download.pureftpd.org/pub/pure-ftpd/doc/README for general info"
+		ewarn "and http://download.pureftpd.org/pub/pure-ftpd/doc/README.TLS for SSL/TLS info."
+		ewarn
+		if use charconv ; then
+			ewarn "Charset conversion is an *experimental* feature!"
+			ewarn "Remember to set a valid charset for your filesystem in the configuration!"
+		fi
+	fi
+}
-- 
cgit v1.2.3-65-gdbad