net-analyzer/greenbone-security-assistant: version bump to 7.0.3.

Bump to 7.0.3.

This also brings new improvements and introduces the new USE flag 'extras'.

Introduces two new patches that fixes various issues:
- auth patch fixes saving of auth config.
- memleak patch fixes memleak issue.

Introduces one new file that has proper nginx reverse proxy config
for WebUI: gsad.nginx.reverse.proxy.example file

systemd unit file & init script updated.

Because of new dependencies ~arm ~ppc keywords have been dropped.

This package is part of net-analyzer/openvas.

Reported-by: NP-Hardass <np-hardass@gentoo.org>
Acked-by: Hasan ÇALIŞIR <hasan.calisir@psauxit.com>
Tested-by: Hasan ÇALIŞIR <hasan.calisir@psauxit.com>
Signed-off-by: Hasan ÇALIŞIR <hasan.calisir@psauxit.com>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
Signed-off-by: Patrice Clement <monsieurp@gentoo.org>

11 files changed, 394 insertions, 1 deletions

diff --git a/net-analyzer/greenbone-security-assistant/Manifest b/net-analyzer/greenbone-security-assistant/Manifest
index a8228051d495..15ef6d5326c0 100644
--- a/net-analyzer/greenbone-security-assistant/Manifest
+++ b/net-analyzer/greenbone-security-assistant/Manifest
@@ -1 +1,2 @@
 DIST greenbone-security-assistant-6.0.9.tar.gz 1476238 BLAKE2B 3311056256885102518e3b0e3106c23965e5a69ad4cfe13a2b34c68079a916466915b3296c80984656ff8a9f9b0aa35f5256c225250ae549d9727ad61f3a6b2b SHA512 4afb50f044b6853181c3c3e6466e7329915356bbcccecf98b89d9dc39a193392f45850f9073ac055ec826753af78e8a6368e7f9ac52734a3b5e254d124180d68
+DIST greenbone-security-assistant-7.0.3.tar.gz 2918954 BLAKE2B 4a6cd5d8378bcbb0a9df6cb5b8f6560060f15d0b0cb53d2c61692cb2bc2cd86af6e9cdeb5040c4d7020c3b016779a76ec517d54614388c62aaedd596f55fa3c4 SHA512 7e1c1ef939ba08dab3b78baf1aa9c110be2febfbed5d67eefe8110c60f5089a1af44bc26693657226f417c6bd516a4a656eb159dae2a78f878e1a1b6c222b117
diff --git a/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-auth.patch b/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-auth.patch
new file mode 100644
index 000000000000..cce885e10e01
--- /dev/null
+++ b/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-auth.patch
@@ -0,0 +1,107 @@
+--- gsa-7.0.3/src/gsad_omp.c	2019-02-02 03:22:19.297954361 +0300
++++ gsa-7.0.3/src/gsad_omp.c	2019-02-02 03:27:57.690214371 +0300
+@@ -1366,7 +1366,8 @@
+           || (strstr (param_name, "_id")
+                 == param_name + strlen (param_name) - strlen ("_id"))
+           || (strcmp (param_name, "name") == 0
+-              && strcasecmp (prev_action, "Run Wizard") == 0)
++              && (strcasecmp (prev_action, "Run Wizard") == 0
++                  || strcasecmp (next_cmd, "auth_settings") == 0))
+           || (strcmp (param_name, "get_name") == 0
+               && strcasecmp (next_cmd, "wizard_get") == 0))
+         {
+@@ -25984,7 +25976,7 @@
+ 
+   html = response_from_entity (connection, credentials, params, entity,
+                                (no_redirect && strcmp (no_redirect, "0")),
+-                               NULL, NULL,
++                               NULL, "auth_settings",
+                                NULL, "modify_auth",
+                                "Save Authentication Configuration",
+                                response_data);
+--- gsa-7.0.3/src/html/classic/js/greenbone.js  2018-03-28 16:23:57.000000000 +0300
++++ gsa-7.0.3/src/html/classic/js/greenbone.js  2019-02-02 03:40:37.162714538 +0300
+@@ -1559,6 +1559,9 @@
+           if (reload === 'next') {
+             reload_next(response);
+           }
++          else if (reload === 'window') {
++            location.reload();
++          }
+         },
+         function(jqXHR) {
+           if (jqXHR.status == 0 && jqXHR.readyState == 0) {
+--- gsa-7.0.3/src/html/classic/omp.xsl	2018-03-28 16:23:57.000000000 +0300
++++ gsa-7.0.3/src/html/classic/omp.xsl	2019-02-02 03:44:28.470599715 +0300
+@@ -36775,7 +36822,8 @@
+ <!-- AUTHENTICATION DESCRIPTION -->
+ 
+ <xsl:template match="group" mode="ldapauth">
+-  <div class="section-box" id="ldap-box">
++  <div class="section-box ajax-post" id="ldap-box"
++      data-button="form #save_button" data-reload="window">
+     <form action="/omp" method="post" enctype="multipart/form-data">
+       <input type="hidden" name="token" value="{/envelope/token}"/>
+       <input type="hidden" name="cmd" value="save_auth"/>
+@@ -36784,6 +36832,15 @@
+       <input type="hidden" name="filter" value="{gsa:envelope-filter ()}"/>
+       <!-- group name is e.g. of method:ldap -->
+       <input type="hidden" name="group" value="{@name}"/>
++      <!-- Auth type name for next page -->
++      <input type="hidden" name="name" value="ldap"/>
++
++      <div class="error-dialog">
++        <div class="text-center">
++          <xsl:value-of select="gsa:i18n ('LDAP authentication config could not be modified.')"/>
++        </div>
++      </div>
++
+       <table class="gbntable">
+         <tr class="gbntablehead2">
+           <td><xsl:value-of select="gsa:i18n ('Setting')"/></td>
+@@ -36838,7 +36895,8 @@
+         </tr>
+         <tr>
+           <td colspan="2" style="text-align:right;">
+-            <input type="submit" name="submit" value="{gsa:i18n ('Save')}"/>
++            <input type="submit" name="submit" id="save_button"
++                   value="{gsa:i18n ('Save')}"/>
+           </td>
+         </tr>
+       </table>
+@@ -36847,7 +36905,8 @@
+ </xsl:template>
+ 
+ <xsl:template match="group" mode="radiusauth">
+-  <div class="section-box" id="radius-box">
++  <div class="section-box ajax-post" id="radius-box"
++      data-button="form #save_button" data-reload="window">
+     <form action="/omp" method="post" enctype="multipart/form-data">
+       <input type="hidden" name="token" value="{/envelope/token}"/>
+       <input type="hidden" name="cmd" value="save_auth"/>
+@@ -36856,6 +36915,15 @@
+       <input type="hidden" name="filter" value="{gsa:envelope-filter ()}"/>
+       <!-- group name is e.g. of method:radius_connect -->
+       <input type="hidden" name="group" value="{@name}"/>
++      <!-- Auth type name for next page -->
++      <input type="hidden" name="name" value="radius"/>
++
++      <div class="error-dialog">
++        <div class="text-center">
++          <xsl:value-of select="gsa:i18n ('Radius authentication config could not be modified.')"/>
++        </div>
++      </div>
++
+       <table class="gbntable">
+         <tr class="gbntablehead2">
+           <td><xsl:value-of select="gsa:i18n ('Setting')"/></td>
+@@ -36890,7 +36958,8 @@
+           </tr>
+         <tr>
+           <td colspan="2" style="text-align:right;">
+-            <input type="submit" name="submit" value="{gsa:i18n ('Save')}"/>
++            <input type="submit" name="submit" id="save_button"
++                   value="{gsa:i18n ('Save')}"/>
+           </td>
+         </tr>
+       </table>
diff --git a/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-memleak.patch b/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-memleak.patch
new file mode 100644
index 000000000000..5132e344a798
--- /dev/null
+++ b/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-memleak.patch
@@ -0,0 +1,42 @@
+--- gsa-7.0.3/src/gsad_omp.c	2018-03-28 16:23:57.000000000 +0300
++++ gsa-7.0.3/src/gsad_omp.c	2019-02-02 03:12:16.617046562 +0300
+@@ -7737,16 +7738,21 @@
+   g_string_append (xml, command_escaped);
+   g_free (command_escaped);
+ 
++  response = NULL;
+   ret = omp (connection, credentials, &response, &entity, response_data,
+              command->str);
+   g_string_free (command, TRUE);
++
++  if (ret)
++    {
++      free_entity (entity);
++      g_string_free (xml, TRUE);
++    }
++
+   switch (ret)
+     {
+       case 0:
+         break;
+-      case -1:
+-        /* 'omp' set response. */
+-        return response;
+       case 1:
+         response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+         return gsad_message (credentials,
+@@ -7770,10 +7776,14 @@
+                              "/omp?cmd=get_tasks", response_data);
+     }
+ 
++  if (omp_success (entity) == 0)
++    set_http_status_from_entity (entity, response_data);
+   g_string_append (xml, response);
+ 
+   g_string_append (xml, "</get_aggregate>");
+ 
++  free_entity (entity);
++  g_free (response);
+   return xsl_transform_omp (connection, credentials, params,
+                             g_string_free (xml, FALSE), response_data);
+ }
diff --git a/net-analyzer/greenbone-security-assistant/files/gsa-daemon.conf b/net-analyzer/greenbone-security-assistant/files/gsa-daemon.conf
new file mode 100644
index 000000000000..9d34da62659c
--- /dev/null
+++ b/net-analyzer/greenbone-security-assistant/files/gsa-daemon.conf
@@ -0,0 +1,20 @@
+# OpenVAS Security Assistant command args
+# man page --> https://www.mankier.com/8/gsad
+
+# e.g. --foreground | e.g. --no-redirect -- > Don't listen port 80 anymore
+OPENVAS_SECURITY_ASSISTANT_OPTIONS="--no-redirect"
+
+# WebUI adress
+OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS="--listen=127.0.0.1"
+
+# WebUI Port
+OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT="--port=9392"
+
+# WebUI Manager Address
+OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS="--mlisten=127.0.0.1"
+
+# WebUI Manager Port
+OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT="--mport=9390"
+
+# TLS Settings
+OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL"
diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.init b/net-analyzer/greenbone-security-assistant/files/gsa.init
new file mode 100644
index 000000000000..6e625a96a25c
--- /dev/null
+++ b/net-analyzer/greenbone-security-assistant/files/gsa.init
@@ -0,0 +1,14 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="Greenbone Security Assistant Daemon"
+command="/usr/sbin/gsad"
+command_args="${OPENVAS_SECURITY_ASSISTANT_OPTIONS} ${OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS} ${OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT} ${OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS} ${OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT} ${OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES}"
+pidfile="/var/run/gsad.pid"
+command_background="true"
+
+depend() {
+	after bootmisc
+	need localmount net openvas-scanner gvmd
+}
diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.logrotate b/net-analyzer/greenbone-security-assistant/files/gsa.logrotate
new file mode 100644
index 000000000000..79e54e854319
--- /dev/null
+++ b/net-analyzer/greenbone-security-assistant/files/gsa.logrotate
@@ -0,0 +1,9 @@
+# logrotate for openvas security agent
+/var/log/openvas/gsad.log {
+	daily
+	rotate 7
+	compress
+	missingok
+	notifempty
+	sharedscripts
+}
diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example b/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example
new file mode 100644
index 000000000000..b233911a2f1d
--- /dev/null
+++ b/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example
@@ -0,0 +1,78 @@
+upstream backend {
+    server 127.0.0.1:9392;
+    keepalive 64;
+}
+
+server {
+        listen IP:80;
+        server_name openvas.domain.tdl;
+        return 301 https://openvas.domain.tdl$request_uri;
+}
+
+server {
+        listen IP:443 ssl http2;
+        server_name openvas.domain.tdl;
+        access_log /var/log/nginx/openvas.domain.tdl.access.log;
+        error_log  /var/log/nginx/openvas.domain.tdl.error.log;
+        # Not sourcing directly from file
+        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+	fastcgi_param  QUERY_STRING       $query_string;
+	fastcgi_param  REQUEST_METHOD     $request_method;
+	fastcgi_param  CONTENT_TYPE       $content_type;
+	fastcgi_param  CONTENT_LENGTH     $content_length;
+	fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+	fastcgi_param  REQUEST_URI        $request_uri;
+	fastcgi_param  DOCUMENT_URI       $document_uri;
+	fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+	fastcgi_param  REQUEST_SCHEME     $scheme;
+	fastcgi_param  HTTPS              $https;
+	fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+	fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+	fastcgi_param  REMOTE_ADDR        $remote_addr;
+	fastcgi_param  REMOTE_PORT        $remote_port;
+	fastcgi_param  SERVER_ADDR        $server_addr;
+	fastcgi_param  SERVER_PORT        $server_port;
+	fastcgi_param  SERVER_NAME        $server_name;
+	fastcgi_param  REDIRECT_STATUS    200;
+        fastcgi_param  HTTP_PROXY "";
+        fastcgi_param  PATH_INFO          $fastcgi_path_info;
+	fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
+        fastcgi_param  DOCUMENT_ROOT	  $document_root;
+
+        location / {        
+                proxy_set_header   Host             $http_host;
+                proxy_set_header   X-Real-IP        $remote_addr;
+                proxy_set_header   REMOTE_HOST      $remote_addr;
+                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
+                proxy_set_header   X-FORWARDED-PROTOCOL $scheme;
+                proxy_pass https://backend;
+                proxy_http_version 1.1;
+                proxy_pass_request_headers on;
+                proxy_set_header Connection "keep-alive";
+                proxy_store off;
+                gzip on;
+                gzip_proxied any;
+                gzip_types *;
+        }
+
+	resolver 127.0.0.1;
+        resolver_timeout 6s;
+	ssl_certificate /openvas.domain.tdl/fullchain.pem;
+	ssl_certificate_key /openvas.domain.tdl/privkey.pem;
+        ssl_trusted_certificate /openvas.domain.tdl/chain.pem;        
+        ssl_dhparam /openvas.domain.tdl/dhparam.pem;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_prefer_server_ciphers on;
+        ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
+        ssl_ecdh_curve  secp384r1;
+        ssl_stapling on;
+        ssl_stapling_verify on;
+        ssl_session_cache shared:SSL:40m;
+        ssl_session_timeout 21h;
+        ssl_session_tickets off;
+        ssl_buffer_size 4k;
+        add_header Referrer-Policy no-referrer-when-downgrade;
+        add_header X-Frame-Options "SAMEORIGIN";
+        add_header X-Content-Type-Options "nosniff";
+        add_header X-XSS-Protection "1; mode=block";
+}
diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.service b/net-analyzer/greenbone-security-assistant/files/gsa.service
new file mode 100644
index 000000000000..3d0f2d37a45e
--- /dev/null
+++ b/net-analyzer/greenbone-security-assistant/files/gsa.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=OpenVAS Manager
+After=network.target
+After=openvas-scanner.service
+After=gvmd.service
+Wants=gvmd.service
+
+[Service]
+Type=forking
+EnvironmentFile=-/etc/openvas/sysconfig/gsa-daemon.conf
+ExecStart=/usr/sbin/gsad $OPENVAS_SECURITY_ASSISTANT_OPTIONS $OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS $OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT $OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS $OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT $OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=mixed
+User=root
+Group=root
+TimeoutSec=1200
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.tmpfiles.d b/net-analyzer/greenbone-security-assistant/files/gsa.tmpfiles.d
new file mode 100644
index 000000000000..18e820caec1b
--- /dev/null
+++ b/net-analyzer/greenbone-security-assistant/files/gsa.tmpfiles.d
@@ -0,0 +1 @@
+d	/var/cache/openvassd 0775
diff --git a/net-analyzer/greenbone-security-assistant/greenbone-security-assistant-7.0.3.ebuild b/net-analyzer/greenbone-security-assistant/greenbone-security-assistant-7.0.3.ebuild
new file mode 100644
index 000000000000..c58b1ab920e2
--- /dev/null
+++ b/net-analyzer/greenbone-security-assistant/greenbone-security-assistant-7.0.3.ebuild
@@ -0,0 +1,92 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+CMAKE_MAKEFILE_GENERATOR="emake"
+inherit cmake-utils systemd
+MY_PN="gsa"
+
+DESCRIPTION="Greenbone Security Assistant for OpenVAS"
+HOMEPAGE="http://www.openvas.org/"
+SRC_URI="https://github.com/greenbone/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2+ BSD MIT"
+KEYWORDS="~amd64 ~x86"
+IUSE="extras"
+
+DEPEND="
+	dev-libs/libgcrypt:0=
+	dev-libs/libxml2:2
+	dev-libs/libxslt
+	>=net-analyzer/openvas-libraries-9.0.3
+	net-libs/gnutls:=[tools]
+	net-libs/libmicrohttpd[messages]
+	extras? ( dev-python/polib )"
+
+RDEPEND="
+	${DEPEND}
+	>=net-analyzer/openvas-scanner-5.1.3
+	>=net-analyzer/openvas-manager-7.0.3
+	extras? ( dev-texlive/texlive-latexextra )"
+
+BDEPEND="
+	virtual/pkgconfig
+	extras? ( app-doc/doxygen[dot]
+		  app-doc/xmltoman
+		  app-text/htmldoc
+		  sys-devel/gettext
+	)"
+
+BUILD_DIR="${WORKDIR}/${MY_PN}-${PV}_build"
+S="${WORKDIR}/${MY_PN}-${PV}"
+
+PATCHES=(
+	"${FILESDIR}/${P}-memleak.patch"
+	"${FILESDIR}/${P}-auth.patch"
+)
+
+src_prepare() {
+	cmake-utils_src_prepare
+	if use extras; then
+		doxygen -u "$S"/doc/Doxyfile_full.in || die
+	fi
+}
+
+src_configure() {
+	local mycmakeargs=(
+		"-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
+		"-DLOCALSTATEDIR=${EPREFIX}/var"
+		"-DSYSCONFDIR=${EPREFIX}/etc"
+	)
+	cmake-utils_src_configure
+}
+
+src_compile() {
+	cmake-utils_src_compile
+	if use extras; then
+		cmake-utils_src_make -C "${BUILD_DIR}" doc
+		cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc
+		HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
+	fi
+}
+
+src_install() {
+	cmake-utils_src_install
+
+	insinto /etc/openvas/sysconfig
+	doins "${FILESDIR}"/${MY_PN}-daemon.conf
+
+	insinto /etc/openvas/reverse-proxy
+	doins "${FILESDIR}"/gsa.nginx.reverse.proxy.example
+
+	newinitd "${FILESDIR}/${MY_PN}.init" ${MY_PN}
+	newconfd "${FILESDIR}/${MY_PN}-daemon.conf" ${MY_PN}
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/${MY_PN}.logrotate" ${MY_PN}
+
+	systemd_newtmpfilesd "${FILESDIR}/${MY_PN}.tmpfiles.d" ${MY_PN}.conf
+	systemd_dounit "${FILESDIR}"/${MY_PN}.service
+}
diff --git a/net-analyzer/greenbone-security-assistant/metadata.xml b/net-analyzer/greenbone-security-assistant/metadata.xml
index 6f49eba8f496..6a3196eff3b2 100644
--- a/net-analyzer/greenbone-security-assistant/metadata.xml
+++ b/net-analyzer/greenbone-security-assistant/metadata.xml
@@ -1,5 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-<!-- maintainer-needed -->
+	<maintainer type="person">
+		<email>hasan.calisir@psauxit.com</email>
+		<name>Hasan ÇALIŞIR</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="extras">Pdf results, extra fonts, html docs support</flag>
+	</use>
 </pkgmetadata>