Apply a patch after FreeBSD-SA-11:07.chroot which addresses an arbitrary

code execution vulnerability.

Please note that in order to build this the system needs to be patched
with FreeBSD-SA-11:07.chroot and the resulting binary also needs to the
change because it depends on a new libc API.

Feature safe:	yes
With hat:	ports-security
Approved by:	portmgr (linimon)

2 files changed, 20 insertions, 1 deletions

diff --git a/ftp/proftpd-devel/Makefile b/ftp/proftpd-devel/Makefile
index e6c268c895fe..423116c74a7b 100644
--- a/ftp/proftpd-devel/Makefile
+++ b/ftp/proftpd-devel/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	proftpd
 DISTVERSION=	1.3.3rc4
-PORTREVISION=	2
+PORTREVISION=	3
 PORTEPOCH=	1
 CATEGORIES=	ftp
 MASTER_SITES=	ftp://ftp.proftpd.org/distrib/source/ \
diff --git a/ftp/proftpd-devel/files/patch-src-fsio.c b/ftp/proftpd-devel/files/patch-src-fsio.c
new file mode 100644
index 000000000000..22e66f6f7ab2
--- /dev/null
+++ b/ftp/proftpd-devel/files/patch-src-fsio.c
@@ -0,0 +1,19 @@
+--- src/fsio.c.orig	2010-04-12 12:00:00.000000000 -0700
++++ src/fsio.c	2011-12-16 15:12:07.799166185 -0800
+@@ -50,6 +50,8 @@
+ # include <acl/libacl.h>
+ #endif
+ 
++#include <unistd.h>
++
+ typedef struct fsopendir fsopendir_t;
+ 
+ struct fsopendir {
+@@ -287,6 +289,7 @@
+ static int sys_chroot(pr_fs_t *fs, const char *path) {
+   if (chroot(path) < 0)
+     return -1;
++  __FreeBSD_libc_enter_restricted_mode();
+ 
+   session.chroot_path = (char *) path;
+   return 0;