Apply a patch after FreeBSD-SA-11:07.chroot which addresses an arbitrary

code execution vulnerability.

Please note that in order to build this the system needs to be patched
with FreeBSD-SA-11:07.chroot and the resulting binary also needs to the
change because it depends on a new libc API.

Feature safe:	yes
Approved by:	portmgr, maintainer (mm)

2 files changed, 20 insertions, 0 deletions

diff --git a/ftp/proftpd/Makefile b/ftp/proftpd/Makefile
index a284d983aa84..4e2c0d081003 100644
--- a/ftp/proftpd/Makefile
+++ b/ftp/proftpd/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	proftpd
 PORTVERSION=	1.3.3g
+PORTREVISION=	1
 CATEGORIES?=	ftp
 MASTER_SITES=	ftp://ftp.proftpd.org/distrib/source/ \
 		ftp://ftp.fastorama.com/mirrors/ftp.proftpd.org/distrib/source/ \
diff --git a/ftp/proftpd/files/patch-src-fsio.c b/ftp/proftpd/files/patch-src-fsio.c
new file mode 100644
index 000000000000..22e66f6f7ab2
--- /dev/null
+++ b/ftp/proftpd/files/patch-src-fsio.c
@@ -0,0 +1,19 @@
+--- src/fsio.c.orig	2010-04-12 12:00:00.000000000 -0700
++++ src/fsio.c	2011-12-16 15:12:07.799166185 -0800
+@@ -50,6 +50,8 @@
+ # include <acl/libacl.h>
+ #endif
+ 
++#include <unistd.h>
++
+ typedef struct fsopendir fsopendir_t;
+ 
+ struct fsopendir {
+@@ -287,6 +289,7 @@
+ static int sys_chroot(pr_fs_t *fs, const char *path) {
+   if (chroot(path) < 0)
+     return -1;
++  __FreeBSD_libc_enter_restricted_mode();
+ 
+   session.chroot_path = (char *) path;
+   return 0;