summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Hanselmann <hansmi@gentoo.org>2005-08-28 12:40:56 +0000
committerMichael Hanselmann <hansmi@gentoo.org>2005-08-28 12:40:56 +0000
commit6e1e9a898f386df17c05a103e199ffbc3d7d3731 (patch)
treeab8c0e40c454ac23ffd85c33ac676fcc5ab1eab6
parentStable on hppa. (diff)
downloadhistorical-6e1e9a898f386df17c05a103e199ffbc3d7d3731.tar.gz
historical-6e1e9a898f386df17c05a103e199ffbc3d7d3731.tar.bz2
historical-6e1e9a898f386df17c05a103e199ffbc3d7d3731.zip
Added patch from bug 98726. Changed herd to qmail, added description to metadata
Package-Manager: portage-2.0.51.22-r2
-rw-r--r--sys-apps/ucspi-tcp/ChangeLog9
-rw-r--r--sys-apps/ucspi-tcp/Manifest28
-rw-r--r--sys-apps/ucspi-tcp/files/0.88-limits.patch365
-rw-r--r--sys-apps/ucspi-tcp/files/digest-ucspi-tcp-0.88-r115
-rw-r--r--sys-apps/ucspi-tcp/metadata.xml10
-rw-r--r--sys-apps/ucspi-tcp/ucspi-tcp-0.88-r11.ebuild79
6 files changed, 476 insertions, 20 deletions
diff --git a/sys-apps/ucspi-tcp/ChangeLog b/sys-apps/ucspi-tcp/ChangeLog
index 7e69011d5a96..3043fa718560 100644
--- a/sys-apps/ucspi-tcp/ChangeLog
+++ b/sys-apps/ucspi-tcp/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for sys-apps/ucspi-tcp
# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/ucspi-tcp/ChangeLog,v 1.33 2005/02/14 12:49:19 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/ucspi-tcp/ChangeLog,v 1.34 2005/08/28 12:40:56 hansmi Exp $
+
+*ucspi-tcp-0.88-r11 (28 Aug 2005)
+
+ 28 Aug 2005; Michael Hanselmann <hansmi@gentoo.org>
+ +files/0.88-limits.patch, metadata.xml, +ucspi-tcp-0.88-r11.ebuild:
+ Added patch from bug 98726. Changed herd to qmail, added description to
+ metadata.
14 Feb 2005; Robin H. Johnson <robbat2@gentoo.org>
+files/0.88-rblsmtpd-ignore-on-RELAYCLIENT.patch:
diff --git a/sys-apps/ucspi-tcp/Manifest b/sys-apps/ucspi-tcp/Manifest
index 2497238fed3a..02dbd601f267 100644
--- a/sys-apps/ucspi-tcp/Manifest
+++ b/sys-apps/ucspi-tcp/Manifest
@@ -1,24 +1,16 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
+MD5 66ed278686866a3187b68d81fe47fa24 metadata.xml 592
+MD5 9d637c1a379235830aec1c3c7e1a40b7 ChangeLog 5278
+MD5 23303b1e53f4d80fd4a5a2ad649ce593 ucspi-tcp-0.88-r11.ebuild 2427
MD5 76034b124658a585b29a772acbf2b798 ucspi-tcp-0.88-r9.ebuild 2246
-MD5 fe1236e5d8b3b8a53a55cf7db78cd384 ChangeLog 5033
-MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164
MD5 38badb1189a3476d5066e21ab764aef1 ucspi-tcp-0.88-r10.ebuild 2341
MD5 f28315c57485584788c9824481bc7603 ucspi-tcp-0.88-r8.ebuild 2148
-MD5 eeca4c38b2ce87ccb59e44f241b3c736 files/digest-ucspi-tcp-0.88-r10 350
-MD5 b36e99b422384451ac68b3a9b31b7ed6 files/0.88-head-1.patch 1403
-MD5 9eab9910e2978160e33f6c4e9b227efa files/digest-ucspi-tcp-0.88-r8 350
MD5 9eab9910e2978160e33f6c4e9b227efa files/digest-ucspi-tcp-0.88-r9 350
-MD5 72b6cd8b1b829a6a6939255fdc0b76a3 files/0.88-rblsmtpd-ignore-on-RELAYCLIENT.patch 462
-MD5 fb41d7c55db5124d7488a923e4223576 files/0.88-bigendian.patch 478
MD5 64eb2b26c9c0e5d6b4042fd36b74dbb8 files/tcprules-Makefile 168
+MD5 b36e99b422384451ac68b3a9b31b7ed6 files/0.88-head-1.patch 1403
+MD5 fb41d7c55db5124d7488a923e4223576 files/0.88-bigendian.patch 478
MD5 0479a09fdd4ce855d35e36563cab4743 files/0.88-errno.patch 239
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.2.6 (GNU/Linux)
-Comment: Robbat2 @ Orbis-Terrarum Networks
-
-iD8DBQFCEJ5bPpIsIjIzwiwRAlO4AKDoBIX1wNWHrroW/6n7/s5qcfRhPgCgw4XA
-k+0kQBsbZ5mJZI4zQaouciM=
-=a2x+
------END PGP SIGNATURE-----
+MD5 eeca4c38b2ce87ccb59e44f241b3c736 files/digest-ucspi-tcp-0.88-r11 350
+MD5 9eab9910e2978160e33f6c4e9b227efa files/digest-ucspi-tcp-0.88-r8 350
+MD5 a52d1d668b5486fde8f138eaab047e70 files/0.88-limits.patch 12356
+MD5 eeca4c38b2ce87ccb59e44f241b3c736 files/digest-ucspi-tcp-0.88-r10 350
+MD5 72b6cd8b1b829a6a6939255fdc0b76a3 files/0.88-rblsmtpd-ignore-on-RELAYCLIENT.patch 462
diff --git a/sys-apps/ucspi-tcp/files/0.88-limits.patch b/sys-apps/ucspi-tcp/files/0.88-limits.patch
new file mode 100644
index 000000000000..6ec88694bf0c
--- /dev/null
+++ b/sys-apps/ucspi-tcp/files/0.88-limits.patch
@@ -0,0 +1,365 @@
+diff -purN ucspi-tcp-0.88.org/README.tcpserver-limits-patch ucspi-tcp-0.88.my/README.tcpserver-limits-patch
+--- ucspi-tcp-0.88.org/README.tcpserver-limits-patch 1970-01-01 01:00:00.000000000 +0100
++++ ucspi-tcp-0.88.my/README.tcpserver-limits-patch 2005-01-30 18:26:14.000000000 +0100
+@@ -0,0 +1,135 @@
++20050130 reinstated /proc/loadavg support for those compiling on Linux
++with dietlibc (see #define NO_GETLOADAVG at top of tcpserver.c).
++Also, we now compile on 64bit platforms (we avoid including unistd.h if
++using getloadavg(3), so we don't conflict with readwrite.h header file)
++Needed if your compile was breaking with:
++readwrite.h:4: error: syntax error before "read"
++readwrite.h:4: warning: data definition has no type or storage class
++SUMMARY: If 20040725 worked for you, there is no reason to upgrade
++(no new features of bugfixes)
++
++20040725 adds a sleep(1) before terminating (to prevent too high load from
++many rapid fork()/exit() calls. It also changes the method for checking
++system load to getloadavg(3) instead of parsing /proc/loadavg, therefore
++making it working on *BSD and other non-Linux systems in addition to Linux.
++It also adds DIEMSG="xxx" support.
++
++20040327 fixes a bug in 20040124 related to MAXLOAD (it would not work
++correctly when load was higher than 10.00)
++
++
++This patch (20040725) makes tcpserver from DJB's ucspi-tcp-0.88 package (see
++http://cr.yp.to/ucspi-tcp.html) to modify its behavior if some environment
++variables are present.
++
++The variables can be preset before starting tcpserver (thus acting as
++default for all connections), or, if you use 'tcpserver -x xxx.cdb', they
++can be set (or overridden) from xxx.cdb. If none of the variables are set,
++tcpserver behaves same as non patched version (except for negligible
++performance loss). Any or all variables can be set, as soon as first limit
++is reached the connection is dropped. I'd recommend using .cdb files
++exclusively though, as you can then modify configuration without killing
++tcpserver.
++
++The variables are:
++
++(1) MAXLOAD
++ maximum 1-minute load average * 100. For example, if you have line
++ :allow,MAXLOAD="350"
++ in your rules file from which you created .cdb, the connection will be
++ accepted only if load average is below 3.50
++ For this variable to have effect, you have to have working getloadavg(3)
++ (most modern UN*Xoids have, including Linux and FreeBSD)
++ Otherwise, you have to uncomment #define NO_GETLOADAVG in tcpserver.c
++ and have readable '/proc/loadavg' with linux-2.4.x/2.6.x syntax (see
++ the source -- this is needed if you're compiling with dietlibc
++ or such)
++
++(2) MAXCONNIP
++ maximum connections from one IP address. tcpserver's -c flag defines
++ maximum number of allowed connections, but it can be abused if
++ just one host goes wild and eats all the connections - no other host
++ would be able to connect then. If you created your .cdb with:
++ :allow,MAXCONNIP="5"
++ and run tcpserver -c 50, then each IP address would be able to have at
++ most 5 concurrent connections, while there still could connect 50
++ clients total
++
++(3) MAXCONNC
++
++ maximum connections from whole C-class (256 addresses). Extension of
++ MAXCONNIP, as sometimes the problematic client has a whole farm of
++ client machines with different IP addresses instead of just one IP
++ address, and they all try to connect. It might have been more useful to
++ be able to specify CIDR block than C-class, but I've decided to KISS.
++
++ for example tcpserver -c 200, and .cdb with:
++ :allow,MAXCONNC="15"
++ will allow at most 15 host from any x.y.z.0/24 address block, while
++ still allowing up to 200 total connections.
++
++(4) DIEMSG
++
++ if set and one of the above limits is exceeded, this is the message
++ to be sent to client (CRLF is always added to the text) before terminating
++ connection. If unset, the connection simply terminates (after 1 sec delay)
++ if limit is exceeded.
++
++ For example:
++ DIEMSG="421 example.com Service temporarily not available, closing
++ transmission channel"
++
++Notes:
++
++- if a connection is dropped due to some of those variables set, it will be
++ flagged (if you run tcpserver -v) with "LOAD:", "MAXCONNIP:" or
++ "MAXCONNC:" at the end of the "tcpserver: deny" line. If that bothers you
++ (eg. you have a strict log parsers), don't apply that chunk of the patch.
++
++- the idea for this patch came from my previous experience with xinetd, and
++ need to limit incoming bursts of virus/spam SMTP connections, since I was
++ running qmail-scanner to scan incoming and outgoing messages for viruses
++ and spam.
++
++When you make changes, please check that they work as expected.
++
++Examples (for tcprules created .cdb)
++(a) 192.168.:allow,MAXLOAD="1000"
++ :allow,MAXCONNIP="3"
++
++ this would allow any connection from your local LAN (192.168.*.*
++ addresses) if system load is less than 10.00. non-LAN connections would
++ be accepted only if clients from that IP address have not already opened
++ more than 2 connections (as your connection would be last allowed -- 3rd)
++
++(b) 192.168.:allow
++ 5.6.7.8:allow,MAXCONNIP="3"
++ 1.2.:allow,MAXLOAD="500",MAXCONNIP="1",MAXCONNC="5"
++ :allow,MAXLOAD="1000",MAXCONNIP="3",DIEMSG="421 example.com unavailable"
++
++ if client connects from 192.168.*.* (ex: your LAN), it is allowed.
++ if it connects from 5.6.7.8 (ex: little abusive customer of yours),
++ it is allowed unless there are already 3active connections from 5.6.7.8
++ to this service
++ if it connects from 1.2.*.* (ex: some problematic networks which caused
++ you grief in the past) it will connect only if load is less than 5.0,
++ there is less than 5 active connections from whole C class
++ (1.2.*.0/24), and if that specific IP address does not already have
++ connection open.
++ in all other cases, the client will be permitted to connect if load is
++ less than 10.00 and client has 2 or less connections open. If load is
++ higher than 10.00 or there are 3 or more connections open from this
++ client, the message "421 example.com unavailable" will be returned to
++ the client and connection terminated.
++
++
++Any bugs introduced are my own, do not bother DJB with them.
++If you find any, or have neat ideas, or better documentation, or whatever,
++contact me.
++
++the latest version of the patch can be found at:
++http://linux.voyager.hr/ucspi-tcp/
++
++Enjoy,
++Matija Nalis,
++mnalis-tcpserver _at_ voyager.hr
+diff -N -ru ucspi-tcp-0.88.orig/tcpserver.c ucspi-tcp-0.88/tcpserver.c
+--- ucspi-tcp-0.88.orig/tcpserver.c 2005-08-28 14:34:30.000000000 +0200
++++ ucspi-tcp-0.88/tcpserver.c 2005-08-28 14:35:00.000000000 +0200
+@@ -1,3 +1,12 @@
++#ifdef __dietlibc__
++#define NO_GETLOADAVG
++#endif
++
++#include <stdlib.h>
++#ifdef NO_GETLOADAVG
++#include <unistd.h>
++#endif
++
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <netdb.h>
+@@ -64,6 +73,13 @@
+ buffer b;
+
+
++typedef struct
++{
++ char ip[4];
++ pid_t pid;
++} baby;
++
++baby *child;
+
+ /* ---------------------------- child */
+
+@@ -72,6 +88,10 @@
+ int flagdeny = 0;
+ int flagallownorules = 0;
+ char *fnrules = 0;
++unsigned long maxload = 0;
++unsigned long maxconnip = 0;
++unsigned long maxconnc = 0;
++char *diemsg = "";
+
+ void drop_nomem(void)
+ {
+@@ -110,6 +130,8 @@
+ strerr_die4sys(111,DROP,"unable to read ",fnrules,": ");
+ }
+
++unsigned long limit = 40;
++
+ void found(char *data,unsigned int datalen)
+ {
+ unsigned int next0;
+@@ -125,6 +147,10 @@
+ if (data[1 + split] == '=') {
+ data[1 + split] = 0;
+ env(data + 1,data + 1 + split + 1);
++ if (str_diff(data+1, "MAXLOAD") == 0) scan_ulong(data+1+split+1,&maxload);
++ if (str_diff(data+1, "MAXCONNIP") == 0) scan_ulong(data+1+split+1,&maxconnip);
++ if (str_diff(data+1, "MAXCONNC") == 0) scan_ulong(data+1+split+1,&maxconnc);
++ if (str_diff(data+1, "DIEMSG") == 0) diemsg = data+1+split+1;
+ }
+ break;
+ }
+@@ -210,6 +236,53 @@
+ close(fdrules);
+ }
+ }
++
++ unsigned long curload;
++
++ if (maxload) {
++#ifdef NO_GETLOADAVG
++ int lret;
++ int i;
++ unsigned long u1, u2;
++ char *s;
++ static stralloc loadavg_data = {0};
++
++ lret = openreadclose("/proc/loadavg", &loadavg_data, 10);
++ if (lret != -1) {
++ /* /proc/loadavg format is:
++ 13.08 3.04 1.00 34/170 14190 */
++ s = loadavg_data.s;
++ i = scan_ulong (s, &u1); s+=i;
++ if ((i>0) && (i<5) && (*s == '.')) { /* load should be < 10000 */
++ i = scan_ulong (s+1,&u2);
++ if (i==2) { /* we require two decimal places */
++ curload = u1 * 100 + u2;
++ if (curload > maxload) flagdeny = 2;
++ }
++ }
++ }
++#else
++ double result;
++ if (getloadavg(&result, 1) == 1) {
++ curload = result * 100;
++ if (curload > maxload) flagdeny = 2;
++ }
++#endif
++ }
++
++ if (!flagdeny && (maxconnip || maxconnc)) {
++ unsigned long u, c1=0, cc=0;
++ for (u=0; u < limit; u++) if (child[u].pid != 0) {
++ if ((child[u].ip[0] == remoteip[0]) &&
++ (child[u].ip[1] == remoteip[1]) &&
++ (child[u].ip[2] == remoteip[2]) ) {
++ cc++;
++ if (child[u].ip[3] == remoteip[3]) c1++;
++ }
++ }
++ if (maxconnc && (cc >= maxconnc)) flagdeny = 4;
++ if (maxconnip && (c1 >= maxconnip)) flagdeny = 3;
++ }
+
+ if (verbosity >= 2) {
+ strnum[fmt_ulong(strnum,getpid())] = 0;
+@@ -223,11 +296,35 @@
+ cats(":"); safecats(remoteipstr);
+ cats(":"); if (flagremoteinfo) safecats(tcpremoteinfo.s);
+ cats(":"); safecats(remoteportstr);
++ if (flagdeny == 2) {
++ char curloadstr[FMT_ULONG];
++ curloadstr[fmt_ulong(curloadstr,curload)] = 0;
++ cats(" "); safecats ("LOAD"); cats(":"); safecats(curloadstr);
++ }
++ if (flagdeny == 3) {
++ char maxconstr[FMT_ULONG];
++ maxconstr[fmt_ulong(maxconstr,maxconnip)] = 0;
++ cats(" "); safecats ("MAXCONNIP"); cats(":"); safecats(maxconstr);
++ }
++ if (flagdeny == 4) {
++ char maxconstr[FMT_ULONG];
++ maxconstr[fmt_ulong(maxconstr,maxconnc)] = 0;
++ cats(" "); safecats ("MAXCONNC"); cats(":"); safecats(maxconstr);
++ }
+ cats("\n");
+ buffer_putflush(buffer_2,tmp.s,tmp.len);
+ }
+
+- if (flagdeny) _exit(100);
++ if (flagdeny) {
++ if (*diemsg) {
++ buffer_init(&b,write,t,bspace,sizeof bspace);
++ buffer_puts(&b,diemsg);
++ if (buffer_putsflush(&b,"\r\n") == -1)
++ strerr_die2sys(111,DROP,"unable to print diemsg: ");
++ }
++ sleep(1);
++ _exit(100);
++ }
+ }
+
+
+@@ -253,7 +350,6 @@
+ _exit(100);
+ }
+
+-unsigned long limit = 40;
+ unsigned long numchildren = 0;
+
+ int flag1 = 0;
+@@ -278,6 +374,7 @@
+ {
+ int wstat;
+ int pid;
++ unsigned long u;
+
+ while ((pid = wait_nohang(&wstat)) > 0) {
+ if (verbosity >= 2) {
+@@ -286,11 +383,14 @@
+ strerr_warn4("tcpserver: end ",strnum," status ",strnum2,0);
+ }
+ if (numchildren) --numchildren; printstatus();
++ for (u=0; u < limit; u++) if (child[u].pid == pid) { child[u].pid = 0; break; }
++ if (u == limit) strerr_die1x(111,"tcpserver: ERROR: dead child not found?!"); /* never happens */
+ }
+ }
+
+ main(int argc,char **argv)
+ {
++ pid_t pid;
+ char *hostname;
+ char *portname;
+ int opt;
+@@ -332,6 +432,11 @@
+ argc -= optind;
+ argv += optind;
+
++ x = env_get("MAXLOAD"); if (x) scan_ulong(x,&maxload);
++ x = env_get("MAXCONNIP"); if (x) scan_ulong(x,&maxconnip);
++ x = env_get("MAXCONNC"); if (x) scan_ulong(x,&maxconnc);
++ x = env_get("DIEMSG"); if (x) diemsg = x;
++
+ if (!verbosity)
+ buffer_2->fd = -1;
+
+@@ -352,6 +457,10 @@
+ }
+
+ if (!*argv) usage();
++
++ child = calloc(sizeof(baby),limit);
++ if (!child)
++ strerr_die2x(111,FATAL,"out of memory for MAXCONNIP tracking");
+
+ sig_block(sig_child);
+ sig_catch(sig_child,sigchld);
+@@ -405,7 +514,7 @@
+ if (t == -1) continue;
+ ++numchildren; printstatus();
+
+- switch(fork()) {
++ switch(pid=fork()) {
+ case 0:
+ close(s);
+ doit(t);
+@@ -420,6 +529,10 @@
+ case -1:
+ strerr_warn2(DROP,"unable to fork: ",&strerr_sys);
+ --numchildren; printstatus();
++ break;
++ default:
++ for (u=0; u < limit; u++) if (child[u].pid == 0) { byte_copy(child[u].ip,4,remoteip); child[u].pid = pid; break; }
++ if (u == limit) strerr_die1x(111,"tcpserver: ERROR: no empty space for new child?!"); /* never happens */
+ }
+ close(t);
+ }
diff --git a/sys-apps/ucspi-tcp/files/digest-ucspi-tcp-0.88-r11 b/sys-apps/ucspi-tcp/files/digest-ucspi-tcp-0.88-r11
new file mode 100644
index 000000000000..807f2623b597
--- /dev/null
+++ b/sys-apps/ucspi-tcp/files/digest-ucspi-tcp-0.88-r11
@@ -0,0 +1,5 @@
+MD5 39b619147db54687c4a583a7a94c9163 ucspi-tcp-0.88.tar.gz 53019
+MD5 67de66745001ddb48563a1d4e92262c2 ucspi-tcp-0.88-ipv6.diff14.bz2 21917
+MD5 554ec0eb60f619667efde3fb5325310d ucspi-rss.diff 1828
+MD5 10d5074c18d00e5c62c76ce69d7c975b ucspi-tcp-ssl-20020705.patch.gz 3084
+MD5 2dfc47b1a142e1021a49c678dfbb7a03 ucspi-tcp-0.88-ipv6-ssl-nm1.patch.bz2 3212
diff --git a/sys-apps/ucspi-tcp/metadata.xml b/sys-apps/ucspi-tcp/metadata.xml
index 96a2d586367d..692f0c880548 100644
--- a/sys-apps/ucspi-tcp/metadata.xml
+++ b/sys-apps/ucspi-tcp/metadata.xml
@@ -1,5 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
-<herd>base-system</herd>
+ <herd>qmail</herd>
+ <longdescription>
+ ucspi-tcp is a replacement for inetd. It consists of tcpserver and
+ tcpclient. tcpserver can listen on sockets and start programs in an
+ inetd like fashion except that information like the IP address and
+ remote port are communicated via environment variables. tcpclient makes
+ a TCP connection and runs a program of your choice. It sets up the same
+ environment variables as tcpserver.
+ </longdescription>
</pkgmetadata>
diff --git a/sys-apps/ucspi-tcp/ucspi-tcp-0.88-r11.ebuild b/sys-apps/ucspi-tcp/ucspi-tcp-0.88-r11.ebuild
new file mode 100644
index 000000000000..9306e0f17825
--- /dev/null
+++ b/sys-apps/ucspi-tcp/ucspi-tcp-0.88-r11.ebuild
@@ -0,0 +1,79 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/ucspi-tcp/ucspi-tcp-0.88-r11.ebuild,v 1.1 2005/08/28 12:40:56 hansmi Exp $
+
+inherit eutils toolchain-funcs
+
+DESCRIPTION="Collection of tools for managing UNIX services"
+HOMEPAGE="http://cr.yp.to/ucspi-tcp.html"
+SRC_URI="http://cr.yp.to/${PN}/${P}.tar.gz
+ ipv6? ( http://www.fefe.de/ucspi/ucspi-tcp-0.88-ipv6.diff14.bz2 )
+ mirror://qmail/ucspi-rss.diff
+ ssl? (
+ !ipv6? ( http://www.nrg4u.com/qmail/ucspi-tcp-ssl-20020705.patch.gz )
+ ipv6? ( http://www.netmonks.ca/gentoo/patches/ucspi-tcp-0.88-ipv6-ssl-nm1.patch.bz2 )
+ )"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc-macos ~ppc64 ~s390 ~sparc ~x86"
+IUSE="ssl ipv6 selinux doc"
+
+DEPEND="virtual/libc
+ ssl? ( >=dev-libs/openssl-0.9.6g )"
+RDEPEND="${DEPEND}
+ doc? ( app-doc/ucspi-tcp-man )
+ selinux? ( sec-policy/selinux-ucspi-tcp )"
+PROVIDE="virtual/inetd"
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+
+ if use ipv6; then
+ epatch ${WORKDIR}/ucspi-tcp-0.88-ipv6.diff14
+ # Fixes bug 18892
+ epatch ${FILESDIR}/${PV}-bigendian.patch
+ fi
+ if use ssl; then
+ # this is a merged thingy. Thanks to Stephen Olesen <slepp.netmonks.ca>
+ # (bug #32007)
+ if use ipv6 ; then
+ epatch ${WORKDIR}/ucspi-tcp-0.88-ipv6-ssl-nm1.patch
+ else
+ epatch ${WORKDIR}/ucspi-tcp-ssl-20020705.patch
+ fi
+ fi
+ epatch ${FILESDIR}/${PV}-errno.patch
+ epatch ${DISTDIR}/ucspi-rss.diff
+ epatch ${FILESDIR}/${PV}-head-1.patch
+ epatch ${FILESDIR}/${PV}-rblsmtpd-ignore-on-RELAYCLIENT.patch
+ epatch ${FILESDIR}/${PV}-limits.patch
+
+ tc-export CC
+ echo "${CC} ${CFLAGS}" > conf-cc
+ echo "${CC} ${LDFLAGS}" > conf-ld
+ echo "/usr/" > conf-home
+
+ # allow larger responses
+ sed -i 's|if (text.len > 200) text.len = 200;|if (text.len > 500) text.len = 500;|g' ${S}/rblsmtpd.c
+}
+
+src_compile() {
+ emake || die
+}
+
+src_install() {
+ dobin tcpserver tcprules tcprulescheck argv0 recordio tcpclient *\@ tcpcat mconnect mconnect-io addcr delcr fixcrio rblsmtpd || die
+ doman *.[15]
+ dodoc CHANGES FILES README SYSDEPS TARGETS TODO VERSION
+ dodoc README.tcpserver-limits-patch
+ insinto /etc/tcprules.d/
+ newins ${FILESDIR}/tcprules-Makefile Makefile
+}
+
+pkg_postinst() {
+ einfo "We have started a move to get all tcprules files into"
+ einfo "/etc/tcprules.d/, where we have provided a Makefile to"
+ einfo "easily update the CDB file."
+}