Proxy commit: update for security bug #354080, and udates to 1.3.4_rc ebuild:

* Update ebuild to EAPI 4.
* Build mod_sftp_sql if USE=sqlite is set.
* Do not keep /var/run/proftpd anymore.
* Some stylistic changes.

Package-Manager: portage-2.2.0_alpha23/cvs/Linux x86_64

5 files changed, 412 insertions, 11 deletions

diff --git a/net-ftp/proftpd/ChangeLog b/net-ftp/proftpd/ChangeLog
index ffc385ae053c..6438b6e1a982 100644
--- a/net-ftp/proftpd/ChangeLog
+++ b/net-ftp/proftpd/ChangeLog
@@ -1,6 +1,18 @@
 # ChangeLog for net-ftp/proftpd
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/ChangeLog,v 1.258 2011/02/12 17:53:06 armin76 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/ChangeLog,v 1.259 2011/02/14 15:00:25 voyageur Exp $
+
+*proftpd-1.3.4_rc1-r1 (14 Feb 2011)
+*proftpd-1.3.3d-r1 (14 Feb 2011)
+
+  14 Feb 2011; Bernard Cafarelli <voyageur@gentoo.org>
+  +files/proftpd-bug3586.patch, +proftpd-1.3.3d-r1.ebuild,
+  -proftpd-1.3.4_rc1.ebuild, +proftpd-1.3.4_rc1-r1.ebuild:
+  Proxy commit: update for security bug #354080, and udates to 1.3.4_rc ebuild:
+  * Update ebuild to EAPI 4.
+  * Build mod_sftp_sql if USE=sqlite is set.
+  * Do not keep /var/run/proftpd anymore.
+  * Some stylistic changes.
 
   12 Feb 2011; Raúl Porcel <armin76@gentoo.org> proftpd-1.3.3d.ebuild:
   sparc stable wrt #348998
diff --git a/net-ftp/proftpd/Manifest b/net-ftp/proftpd/Manifest
index 7196d9cf21de..6cfb9507d23b 100644
--- a/net-ftp/proftpd/Manifest
+++ b/net-ftp/proftpd/Manifest
@@ -1,3 +1,4 @@
+AUX proftpd-bug3586.patch 5507 RMD160 8843d2f0d4378151b34263834f7bfd88271eaece SHA1 70af05ef5c852c590a50551e7d72a16a6cd1b7ba SHA256 4e748700d4262c2340e485844d3dff76715853f3c27db877298c8eda098a4ed8
 AUX proftpd.conf.sample 1275 RMD160 199b8cced06d347ef8a2033b68850fd9dd922ccd SHA1 e58e5e7856bc77e159a628717ad1c73e20c5b883 SHA256 a214b3937f319c70976d29cfcd47c2cd937d1d70b7274c2b241b1e97606e89c0
 AUX proftpd.initd 1563 RMD160 c30ab2c000ca31a348e0c9d92e07d93c5cba8d4e SHA1 7462aaec25c6f44928339458d450f7e386b147d4 SHA256 fe36a50fcf1a2d7b820edde94349cd68204e7b14c8a5d34f710af68ed1ce8315
 AUX proftpd.xinetd 295 RMD160 c5c829319e901f478fe58b920347cc1b8706a366 SHA1 3f1bd8d6cbb1488301b9aa0346e02b571fd0783a SHA256 150a5701f5c2788ecdf2c6ec228ce674963c9dc7bc1c511ad1eba8dfe05e2d5d
@@ -12,7 +13,8 @@ DIST proftpd-mod-diskuse-0.9.tar.gz 18596 RMD160 38629d0a176e11bd10b550a8e49fcc3
 DIST proftpd-mod-vroot-0.8.5.tar.gz 8349 RMD160 0e9c3ea9615ed74556fcaf6145863922ee45bedf SHA1 fea69382f4dda36b620780e69cef5872f41f86fe SHA256 305ad1e3b320dc21172982c54a614a09d43373f7289b63202788de640145bbd4
 DIST proftpd-mod-vroot-0.9.2.tar.gz 22438 RMD160 8d8620a346b422e57cd775fdde0241a3c0ca144d SHA1 13ec52c688bbb91eaae76a8e4814bfd49e0bc597 SHA256 b0ea7af760ab7a54a62ac294656b5a34a5339665c0227ade0d2f206cc54a10bf
 EBUILD proftpd-1.3.3c.ebuild 7180 RMD160 0224857289f16e1a9a9115b6640754f07a3fb35c SHA1 0b66f216073618128dd4f5cc04701178db963083 SHA256 581675c43c65aeb100a6abe8427bce2af571df256ec2d93a1746bf49a3311bc9
+EBUILD proftpd-1.3.3d-r1.ebuild 7261 RMD160 203a4aefff991ee692ab76b216616e383dc15181 SHA1 c1346384eedfbbb6338c9258cd29c90567d9dec2 SHA256 419a2f6b393f2c3153ba7dc29a813c9c443bf4e11f3084660892b7e0d3432fdd
 EBUILD proftpd-1.3.3d.ebuild 7180 RMD160 0943645e8d96938d5b8b8a271bc2671c5bba58d8 SHA1 7b6f33d8145eeb14d24dde47c95e1530c5513c04 SHA256 95c5a481fa5a892b43d4e817b02df1cce13bf444987fed38949af4e9c500d0b9
-EBUILD proftpd-1.3.4_rc1.ebuild 6590 RMD160 8b2cd7af06ebff433cb9060788a24db564706ce4 SHA1 44957f548c76e9d5782b163ebe813a7ef7deff24 SHA256 d75af84ac37264313dd43f7e8b3d46ffbd78ceabfb50e033bb39b53aaceac644
-MISC ChangeLog 43633 RMD160 a13f1e014d0d596da4f77a03279e784f4823c7c8 SHA1 e0cef731d8bb7b6c3b9d7bba654c69b48563a6b8 SHA256 990203c7ec2c7ed405466be5d4c40633c72ec3fb7070eefd36737bfe4cd8adb0
+EBUILD proftpd-1.3.4_rc1-r1.ebuild 6652 RMD160 45514d8cfbd526114c291dda6fc176598c66bd97 SHA1 e02cc2d06c71b27d0d798fb171b8af8593d6b839 SHA256 3811641fe3dce2520ed62d88aef5e3f860700f1aec25831191d22ca71e99c86f
+MISC ChangeLog 44102 RMD160 47698b39b21c1958df007eec5c667bf95351bb9d SHA1 d15f18062ed5e1a1ba2ebb11eff955335b73887b SHA256 748c8bf2c60feb772c3c24e39b0079e010b6378cb6779006eb616d7b24d204ec
 MISC metadata.xml 2184 RMD160 6a97d72e3dd11c2b2cb4908326597e53d3f633eb SHA1 e143b7933c4bab599da60a8b1f3155e5779a0916 SHA256 50176a9f3ecf06378fe12d1273ad56b186c868331df48fd6b42b22311ca3222c
diff --git a/net-ftp/proftpd/files/proftpd-bug3586.patch b/net-ftp/proftpd/files/proftpd-bug3586.patch
new file mode 100644
index 000000000000..529da12f1aff
--- /dev/null
+++ b/net-ftp/proftpd/files/proftpd-bug3586.patch
@@ -0,0 +1,159 @@
+Index: contrib/mod_sftp/mod_sftp.c
+===================================================================
+RCS file: /cvsroot/proftp/proftpd/contrib/mod_sftp/mod_sftp.c,v
+retrieving revision 1.42
+diff -u -r1.42 mod_sftp.c
+--- contrib/mod_sftp/mod_sftp.c	15 Dec 2010 00:58:59 -0000	1.42
++++ contrib/mod_sftp/mod_sftp.c	25 Jan 2011 01:58:01 -0000
+@@ -85,12 +85,12 @@
+     memset(buf, '\0', sizeof(buf));
+ 
+     for (i = 0; i < sizeof(buf) - 1; i++) {
+-      res = sftp_ssh2_packet_sock_read(conn->rfd, &buf[i], 1);
++      res = sftp_ssh2_packet_sock_read(conn->rfd, &buf[i], 1, 0);
+       while (res <= 0) {
+         if (errno == EINTR) {
+           pr_signals_handle();
+ 
+-          res = sftp_ssh2_packet_sock_read(conn->rfd, &buf[i], 1);
++          res = sftp_ssh2_packet_sock_read(conn->rfd, &buf[i], 1, 0);
+           continue;
+         }
+ 
+Index: contrib/mod_sftp/packet.c
+===================================================================
+RCS file: /cvsroot/proftp/proftpd/contrib/mod_sftp/packet.c,v
+retrieving revision 1.22
+diff -u -r1.22 packet.c
+--- contrib/mod_sftp/packet.c	16 Dec 2010 21:31:16 -0000	1.22
++++ contrib/mod_sftp/packet.c	25 Jan 2011 01:58:01 -0000
+@@ -46,6 +46,12 @@
+ static uint32_t packet_client_seqno = 0;
+ static uint32_t packet_server_seqno = 0;
+ 
++/* Maximum length of the payload data of an SSH2 packet we're willing to
++ * accept.  Any packets reporting a payload length longer than this will be
++ * ignored/dropped.
++ */
++#define SFTP_PACKET_MAX_PAYLOAD_LEN	(256 * 1024)
++
+ /* RFC4344 recommends 2^31 for the client packet sequence number at which
+  * we should request a rekey, and 2^32 for the server packet sequence number.
+  *
+@@ -169,7 +175,8 @@
+  * It is the caller's responsibility to ensure that buf is large enough to
+  * hold reqlen bytes.
+  */
+-int sftp_ssh2_packet_sock_read(int sockfd, void *buf, size_t reqlen) {
++int sftp_ssh2_packet_sock_read(int sockfd, void *buf, size_t reqlen,
++    int flags) {
+   void *ptr;
+   size_t remainlen;
+ 
+@@ -252,6 +259,13 @@
+     if (res == remainlen)
+       break;
+ 
++    if (flags & SFTP_PACKET_READ_FL_PESSIMISTIC) {
++      pr_trace_msg(trace_channel, 20, "read %lu bytes, expected %lu bytes; "
++        "pessimistically returning", (unsigned long) res,
++        (unsigned long) remainlen);
++      break;
++    }
++
+     pr_trace_msg(trace_channel, 20, "read %lu bytes, expected %lu bytes; "
+       "reading more", (unsigned long) res, (unsigned long) remainlen);
+     ptr = ((char *) ptr + res);
+@@ -477,7 +491,12 @@
+     (unsigned long) buflen);
+ 
+   if (buflen > 0) {
+-    sftp_ssh2_packet_sock_read(sockfd, buf, buflen);
++    int flags = SFTP_PACKET_READ_FL_PESSIMISTIC;
++
++    /* We don't necessary want to wait for the entire random amount of data
++     * to be read in.
++     */
++    sftp_ssh2_packet_sock_read(sockfd, buf, buflen, flags);
+   }
+ 
+   return;
+@@ -497,7 +516,7 @@
+    * how many more bytes there are in the packet.
+    */
+ 
+-  res = sftp_ssh2_packet_sock_read(sockfd, buf, blocksz);
++  res = sftp_ssh2_packet_sock_read(sockfd, buf, blocksz, 0);
+   if (res < 0)
+     return res;
+ 
+@@ -555,8 +574,26 @@
+   if (payload_len + padding_len == 0)
+     return 0;
+ 
+-  if (payload_len > 0)
++  if (payload_len > 0) {
++    /* We don't want to reject the packet outright yet; but we can ignore
++     * the payload data we're going to read in.  This packet will fail
++     * eventually anyway.
++     */
++    if (payload_len > SFTP_PACKET_MAX_PAYLOAD_LEN) {
++      pr_trace_msg(trace_channel, 20,
++        "payload len (%lu bytes) exceeds max payload len (%lu), "
++        "ignoring payload", (unsigned long) payload_len,
++        (unsigned long) SFTP_PACKET_MAX_PAYLOAD_LEN);
++
++      pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
++        "client sent buggy/malicious packet payload length, ignoring");
++
++      errno = EPERM;
++      return -1;
++    }
++
+     pkt->payload = pcalloc(pkt->pool, payload_len);
++  }
+ 
+   /* If there's data in the buffer we received, it's probably already part
+    * of the payload, unencrypted.  That will leave the remaining payload
+@@ -617,7 +654,7 @@
+     return -1;
+   }
+ 
+-  res = sftp_ssh2_packet_sock_read(sockfd, buf + *offset, data_len);
++  res = sftp_ssh2_packet_sock_read(sockfd, buf + *offset, data_len, 0);
+   if (res < 0) {
+     return res;
+   }
+@@ -645,7 +682,7 @@
+   if (mac_len == 0)
+     return 0;
+ 
+-  res = sftp_ssh2_packet_sock_read(sockfd, buf, mac_len);
++  res = sftp_ssh2_packet_sock_read(sockfd, buf, mac_len, 0);
+   if (res < 0)
+     return res;
+ 
+Index: contrib/mod_sftp/packet.h
+===================================================================
+RCS file: /cvsroot/proftp/proftpd/contrib/mod_sftp/packet.h,v
+retrieving revision 1.4
+diff -u -r1.4 packet.h
+--- contrib/mod_sftp/packet.h	15 Sep 2010 17:29:51 -0000	1.4
++++ contrib/mod_sftp/packet.h	25 Jan 2011 01:58:01 -0000
+@@ -78,7 +78,15 @@
+ int sftp_ssh2_packet_get_last_sent(time_t *);
+ 
+ int sftp_ssh2_packet_read(int, struct ssh2_packet *);
+-int sftp_ssh2_packet_sock_read(int, void *, size_t);
++int sftp_ssh2_packet_sock_read(int, void *, size_t, int);
++
++/* This sftp_ssh2_packet_sock_read() flag is used to tell the function to
++ * read in as many of the requested length of data as it can, but to NOT
++ * keep polling until that length has been acquired (i.e. to read the
++ * requested length pessimistically, assuming that it will not all appear).
++ */
++#define SFTP_PACKET_READ_FL_PESSIMISTIC		0x001
++
+ int sftp_ssh2_packet_write(int, struct ssh2_packet *);
+ 
+ int sftp_ssh2_packet_handle(void);
diff --git a/net-ftp/proftpd/proftpd-1.3.3d-r1.ebuild b/net-ftp/proftpd/proftpd-1.3.3d-r1.ebuild
new file mode 100644
index 000000000000..13b56ce431ce
--- /dev/null
+++ b/net-ftp/proftpd/proftpd-1.3.3d-r1.ebuild
@@ -0,0 +1,224 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/proftpd-1.3.3d-r1.ebuild,v 1.1 2011/02/14 15:00:25 voyageur Exp $
+
+EAPI="2"
+inherit eutils autotools
+
+CASE_VER="0.4"
+CLAMAV_VER="0.11rc"
+DEFLATE_VER="0.5.4"
+GSS_VER="1.3.3"
+VROOT_VER="0.8.5"
+
+DESCRIPTION="An advanced and very configurable FTP server."
+HOMEPAGE="http://www.proftpd.org/
+	http://www.castaglia.org/proftpd/
+	http://www.thrallingpenguin.com/resources/mod_clamav.htm
+	http://gssmod.sourceforge.net/"
+SRC_URI="ftp://ftp.proftpd.org/distrib/source/${P/_/}.tar.bz2
+	case? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-case-${CASE_VER}.tar.gz )
+	clamav? ( https://secure.thrallingpenguin.com/redmine/attachments/download/1/mod_clamav-${CLAMAV_VER}.tar.gz )
+	deflate? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-deflate-${DEFLATE_VER}.tar.gz )
+	kerberos? ( mirror://sourceforge/gssmod/mod_gss-${GSS_VER}.tar.gz )
+	vroot? ( http://www.castaglia.org/${PN}/modules/${PN}-mod-vroot-${VROOT_VER}.tar.gz )"
+LICENSE="GPL-2"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="acl authfile ban +caps case clamav +ctrls deflate doc exec hardened ifsession ident ipv6 kerberos ldap mysql ncurses nls pam postgres radius ratio readme rewrite selinux sftp shaper sitemisc softquota ssl tcpd trace vroot xinetd"
+
+DEPEND="acl? ( sys-apps/acl sys-apps/attr )
+	caps? ( sys-libs/libcap )
+	clamav? ( app-antivirus/clamav )
+	kerberos? ( virtual/krb5 )
+	ldap? ( net-nds/openldap )
+	mysql? ( virtual/mysql )
+	ncurses? ( sys-libs/ncurses )
+	pam? ( virtual/pam )
+	postgres? ( dev-db/postgresql-base )
+	sftp? ( dev-libs/openssl )
+	ssl? ( dev-libs/openssl )
+	tcpd? ( sys-apps/tcp-wrappers )
+	xinetd? ( virtual/inetd )"
+RDEPEND="${DEPEND}
+	net-ftp/ftpbase
+	selinux? ( sec-policy/selinux-ftpd )"
+
+S="${WORKDIR}/${P/_/}"
+
+__prepare_module() {
+	mv "${WORKDIR}"/$1/$1.c contrib
+	mv "${WORKDIR}"/$1/$1.html doc/contrib
+	rm -rf "${WORKDIR}"/$1
+}
+
+pkg_setup() {
+	if [ -f "${ROOT}"/var/run/proftpd.pid ] ; then
+		eerror "Your ProFTPD server is running. In order to install this update"
+		eerror "you have to stop the running server. If you are using ProFTPD in"
+		eerror "the standalone mode you can stop the server by executing:"
+		eerror "  /etc/init.d/proftpd stop"
+		eerror "If you are sure that ProFTPD is not running anymore you have to"
+		eerror "delete the /var/run/proftpd.pid file."
+		die "This update requires to stop the ProFTPD server!"
+	fi
+}
+
+src_prepare() {
+	use case && __prepare_module mod_case
+	if use clamav ; then
+		mv "${WORKDIR}"/mod_clamav-${CLAMAV_VER}/mod_clamav.{c,h} contrib
+		epatch "${WORKDIR}"/mod_clamav-${CLAMAV_VER}/${PN}.patch
+		rm -rf "${WORKDIR}"/mod_clamav-${CLAMAV_VER}
+	fi
+	use deflate && __prepare_module mod_deflate
+	use vroot && __prepare_module mod_vroot
+
+	# Fix ProFTPD Bug #3586
+	epatch "${FILESDIR}"/proftpd-bug3586.patch
+
+	# Fix MySQL includes
+	sed -i -e "s/<mysql.h>/<mysql\/mysql.h>/g" contrib/mod_sql_mysql.c
+
+	# Manipulate build system
+	sed -i -e "s/utils install-conf install/utils install/g" Makefile.in
+	sed -i -e "s/ @INSTALL_STRIP@//g" Make.rules.in
+
+	# Support new versions of mit-krb5 (Gentoo Bugs #284853, #324903)
+	if use kerberos ; then
+		cd "${WORKDIR}"/mod_gss-${GSS_VER}
+		sed -i -e "s/krb5_principal2principalname/_\0/" mod_auth_gss.c.in
+		sed -i -e "/ac_gss_libs/s/\-ldes425\ //" configure.in
+		eautoreconf
+	fi
+}
+
+src_configure() {
+	local myc myl mym
+
+	use acl && mym="${mym}:mod_facl"
+	use ban && mym="${mym}:mod_ban"
+	use case && mym="${mym}:mod_case"
+	use clamav && mym="${mym}:mod_clamav"
+	if use ctrls || use shaper ; then
+		myc="${myc} --enable-ctrls"
+		mym="${mym}:mod_ctrls_admin"
+	fi
+	use deflate && mym="${mym}:mod_deflate"
+	use exec && mym="${mym}:mod_exec"
+	if use kerberos ; then
+		cd "${WORKDIR}"/mod_gss-${GSS_VER}
+		if has_version app-crypt/mit-krb5 ; then
+			econf --enable-mit
+		else
+			econf --enable-heimdal
+		fi
+		mv mod_{auth_gss,gss}.c "${S}"/contrib
+		mv mod_gss.h "${S}"/include
+		mv README.mod_{auth_gss,gss} "${S}"
+		mv mod_gss.html "${S}"/doc/contrib
+		mv rfc{1509,2228}.txt "${S}"/doc/rfc
+		cd "${S}"
+		rm -rf "${WORKDIR}"/mod_gss-${GSS_VER}
+		mym="${mym}:mod_gss:mod_auth_gss"
+	fi
+	if use ldap ; then
+		myl="${myl} -lresolv"
+		mym="${mym}:mod_ldap"
+	fi
+	if use mysql || use postgres ; then
+		mym="${mym}:mod_sql:mod_sql_passwd"
+		if use mysql ; then
+			myc="${myc} --with-includes=/usr/include/mysql"
+			mym="${mym}:mod_sql_mysql"
+		fi
+		if use postgres ; then
+			myc="${myc} --with-includes=/usr/include/postgresql"
+			mym="${mym}:mod_sql_postgres"
+		fi
+	fi
+	if use sftp || use ssl ; then
+		CFLAGS="${CFLAGS} -DHAVE_OPENSSL"
+		myc="${myc} --enable-openssl --with-includes=/usr/include/openssl"
+		myl="${myl} -lcrypto"
+	fi
+	use radius && mym="${mym}:mod_radius"
+	use ratio && mym="${mym}:mod_ratio"
+	use readme && mym="${mym}:mod_readme"
+	use rewrite && mym="${mym}:mod_rewrite"
+	if use sftp ; then
+		mym="${mym}:mod_sftp"
+		use pam && mym="${mym}:mod_sftp_pam"
+		if use mysql || use postgres ; then
+			mym="${mym}:mod_sftp_sql"
+		fi
+	fi
+	use shaper && mym="${mym}:mod_shaper"
+	use sitemisc && mym="${mym}:mod_site_misc"
+	if use softquota ; then
+		mym="${mym}:mod_quotatab:mod_quotatab_file"
+		use ldap && mym="${mym}:mod_quotatab_ldap"
+		use radius && mym="${mym}:mod_quotatab_radius"
+		if use mysql || use postgres ; then
+			mym="${mym}:mod_quotatab_sql"
+		fi
+	fi
+	use ssl && mym="${mym}:mod_tls:mod_tls_shmcache"
+	use tcpd && mym="${mym}:mod_wrap"
+	use vroot && mym="${mym}:mod_vroot"
+	# mod_ifsession needs to be the last module in the mym list.
+	use ifsession && mym="${mym}:mod_ifsession"
+
+	[ -z ${mym} ] || myc="${myc} --with-modules=${mym:1}"
+	LIBS="${myl:1}" econf --sbindir=/usr/sbin --localstatedir=/var/run/proftpd \
+		--sysconfdir=/etc/proftpd --enable-shadow --enable-autoshadow ${myc:1} \
+		$(use_enable acl facl) \
+		$(use_enable authfile auth-file) \
+		$(use_enable caps cap) \
+		$(use_enable ident) \
+		$(use_enable ipv6) \
+		$(use_enable ncurses) \
+		$(use_enable nls) \
+		$(use_enable trace) \
+		$(use_enable pam auth-pam)
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	insinto /etc/proftpd
+	doins "${FILESDIR}"/proftpd.conf.sample
+	keepdir /var/run/proftpd
+	newinitd "${FILESDIR}"/proftpd.initd proftpd
+	if use xinetd ; then
+		insinto /etc/xinetd.d
+		newins "${FILESDIR}"/proftpd.xinetd proftpd
+	fi
+
+	dodoc ChangeLog CREDITS INSTALL NEWS README* RELEASE_NOTES
+	if use doc ; then
+		dohtml doc/*.html doc/contrib/*.html doc/howto/*.html doc/modules/*.html
+		docinto rfc
+		dodoc doc/rfc/*.txt
+	fi
+}
+
+pkg_postinst() {
+	if use mysql && use postgres ; then
+		elog
+		elog "ProFTPD has been built with the MySQL and PostgreSQL modules."
+		elog "You can use the 'SQLBackend' directive to specify the used SQL"
+		elog "backend. Without this directive the default backend is MySQL."
+		elog
+	fi
+	if use exec ; then
+		ewarn
+		ewarn "ProFTPD has been built with the mod_exec module. This module"
+		ewarn "can be a security risk for your server as it executes external"
+		ewarn "programs. Vulnerables in these external programs may disclose"
+		ewarn "information or even compromise your server."
+		ewarn "You have been warned! Use this module at your own risk!"
+		ewarn
+	fi
+}
diff --git a/net-ftp/proftpd/proftpd-1.3.4_rc1.ebuild b/net-ftp/proftpd/proftpd-1.3.4_rc1-r1.ebuild
index b9a45420b7c3..05b832887e8a 100644
--- a/net-ftp/proftpd/proftpd-1.3.4_rc1.ebuild
+++ b/net-ftp/proftpd/proftpd-1.3.4_rc1-r1.ebuild
@@ -1,8 +1,8 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/proftpd-1.3.4_rc1.ebuild,v 1.1 2011/01/21 20:38:02 voyageur Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/proftpd/proftpd-1.3.4_rc1-r1.ebuild,v 1.1 2011/02/14 15:00:25 voyageur Exp $
 
-EAPI="2"
+EAPI=4
 inherit eutils autotools
 
 MOD_CASE="0.4"
@@ -26,7 +26,9 @@ LICENSE="GPL-2"
 
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
-IUSE="acl authfile ban +caps case clamav copy +ctrls deflate diskuse doc exec hardened ifsession ifversion ident ipv6 kerberos ldap mysql ncurses nls pam postgres qos radius ratio readme rewrite selinux sftp shaper sitemisc softquota sqlite ssl tcpd trace vroot xinetd"
+IUSE="acl authfile ban +caps case clamav copy +ctrls deflate diskuse doc exec hardened ifsession ifversion
+	ident ipv6 kerberos ldap mysql ncurses nls pam postgres qos radius ratio readme rewrite selinux sftp
+	shaper sitemisc softquota sqlite ssl tcpd trace vroot xinetd"
 
 DEPEND="acl? ( sys-apps/acl sys-apps/attr )
 	caps? ( sys-libs/libcap )
@@ -63,6 +65,9 @@ src_prepare() {
 	fi
 	use vroot && __prepare_module mod_vroot
 
+	# Fix ProFTPD Bug #3586
+	epatch "${FILESDIR}"/proftpd-bug3586.patch
+
 	# Manipulate build system
 	sed -i -e "s/utils install-conf install/utils install/g" Makefile.in
 	sed -i -e "s/ @INSTALL_STRIP@//g" Make.rules.in
@@ -139,7 +144,7 @@ src_configure() {
 	if use sftp ; then
 		mym="${mym}:mod_sftp"
 		use pam && mym="${mym}:mod_sftp_pam"
-		if use mysql || use postgres ; then
+		if use mysql || use postgres || use sqlite ; then
 			mym="${mym}:mod_sftp_sql"
 		fi
 	fi
@@ -174,12 +179,11 @@ src_configure() {
 }
 
 src_install() {
-	emake DESTDIR="${D}" install
-
+	emake DESTDIR="${ED}" install
+	newinitd "${FILESDIR}"/proftpd.initd proftpd
 	insinto /etc/proftpd
 	doins "${FILESDIR}"/proftpd.conf.sample
-	keepdir /var/run/proftpd
-	newinitd "${FILESDIR}"/proftpd.initd proftpd
+
 	if use xinetd ; then
 		insinto /etc/xinetd.d
 		newins "${FILESDIR}"/proftpd.xinetd proftpd