Add an official fix for the chroot mode resolving bug.

Approved by:	portmgr (pav)

3 files changed, 105 insertions, 0 deletions

diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile
index 4ad40c6dcb84..0a6343e1cd55 100644
--- a/security/stunnel/Makefile
+++ b/security/stunnel/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	stunnel
 PORTVERSION=	4.21
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	http://www.stunnel.org/download/stunnel/src/ \
 		ftp://stunnel.mirt.net/stunnel/ \
diff --git a/security/stunnel/files/patch-src::prototypes.h b/security/stunnel/files/patch-src::prototypes.h
new file mode 100644
index 000000000000..8318f2cefe54
--- /dev/null
+++ b/security/stunnel/files/patch-src::prototypes.h
@@ -0,0 +1,12 @@
+An official patch obtained from ftp://stunnel.mirt.net/stunnel/setuid.patch
+
+--- src/prototypes.h.old	2007-11-12 11:30:43.000000000 +0200
++++ src/prototypes.h	2007-11-12 11:30:48.000000000 +0200
+@@ -57,7 +57,6 @@
+ void main_initialize(char *, char *);
+ void main_execute(void);
+ void stunnel_info(int);
+-void drop_privileges(void);
+ 
+ /**************************************** Prototypes for log.c */
+ 
diff --git a/security/stunnel/files/patch-src::stunnel.c b/security/stunnel/files/patch-src::stunnel.c
new file mode 100644
index 000000000000..ba1096bab06b
--- /dev/null
+++ b/security/stunnel/files/patch-src::stunnel.c
@@ -0,0 +1,92 @@
+An official patch obtained from ftp://stunnel.mirt.net/stunnel/setuid.patch
+
+--- src/stunnel.c.old	2007-11-12 11:30:38.000000000 +0200
++++ src/stunnel.c	2007-11-12 11:30:48.000000000 +0200
+@@ -3,8 +3,8 @@
+  *   Copyright (c) 1998-2007 Michal Trojnara <Michal.Trojnara@mirt.net>
+  *                 All Rights Reserved
+  *
+- *   Version:      4.21             (stunnel.c)
+- *   Date:         2007.10.27
++ *   Version:      4.22             (stunnel.c)
++ *   Date:         2007.11.xx
+  *
+  *   Author:       Michal Trojnara  <Michal.Trojnara@mirt.net>
+  *
+@@ -41,7 +41,7 @@
+ static void accept_connection(LOCAL_OPTIONS *);
+ static void get_limits(void); /* setup global max_clients and max_fds */
+ #if !defined (USE_WIN32) && !defined (__vms)
+-static void make_chroot(void);
++static void drop_privileges(void);
+ static void daemonize(void);
+ static void create_pid(void);
+ static void delete_pid(void);
+@@ -111,9 +111,6 @@
+     } else { /* inetd mode */
+ #if !defined (USE_WIN32) && !defined (__vms)&&!defined(USE_OS2)
+         max_fds=FD_SETSIZE; /* just in case */
+-#ifdef HAVE_CHROOT
+-        make_chroot();
+-#endif /* HAVE_CHROOT */
+         drop_privileges();
+ #endif
+         num_clients=1;
+@@ -171,9 +168,6 @@
+ #if !defined (USE_WIN32) && !defined (__vms) && !defined(USE_OS2)
+     if(!(options.option.foreground))
+         daemonize();
+-#ifdef HAVE_CHROOT
+-        make_chroot();
+-#endif /* HAVE_CHROOT */
+     drop_privileges();
+     create_pid();
+ #endif /* !defined USE_WIN32 && !defined (__vms) */
+@@ -299,24 +293,9 @@
+ #endif
+ }
+ 
+-#ifdef HAVE_CHROOT
+-static void make_chroot(void) {
+-    if(options.chroot_dir) {
+-        if(chroot(options.chroot_dir)) {
+-            sockerror("chroot");
+-            exit(1);
+-        }
+-        if(chdir("/")) {
+-            sockerror("chdir");
+-            exit(1);
+-        }
+-    }
+-}
+-#endif /* HAVE_CHROOT */
+-
+ #if !defined (USE_WIN32) && !defined (__vms)
+-    /* set process user and group(s) id */
+-void drop_privileges(void) {
++    /* chroot and set process user and group(s) id */
++static void drop_privileges(void) {
+     int uid=0, gid=0;
+     struct group *gr;
+ #ifdef HAVE_SETGROUPS
+@@ -350,6 +329,20 @@
+         }
+     }
+ 
++#ifdef HAVE_CHROOT
++    /* chroot */
++    if(options.chroot_dir) {
++        if(chroot(options.chroot_dir)) {
++            sockerror("chroot");
++            exit(1);
++        }
++        if(chdir("/")) {
++            sockerror("chdir");
++            exit(1);
++        }
++    }
++#endif /* HAVE_CHROOT */
++
+     /* Set uid and gid */
+     if(gid) {
+         if(setgid(gid)) {