From 044aba4fbff12a484920093b38b71b93ce8e7df0 Mon Sep 17 00:00:00 2001 From: mm Date: Fri, 13 Jan 2012 20:18:39 +0000 Subject: Allow build on patched FreeBSD 7.x (FreeBSD-SA-11:07.chroot) WITH_SHAPER requires WITH_CTRLS [1] PR: ports/163941 [1] Reported by: Matthew Pounsett [1] --- ftp/proftpd/Makefile | 21 ++++++++++++-- ftp/proftpd/files/extra-patch-7-src-fsio.c | 19 +++++++++++++ ftp/proftpd/files/extra-patch-8-src-fsio.c | 44 ++++++++++++++++++++++++++++++ ftp/proftpd/files/patch-src-fsio.c | 44 ------------------------------ 4 files changed, 81 insertions(+), 47 deletions(-) create mode 100644 ftp/proftpd/files/extra-patch-7-src-fsio.c create mode 100644 ftp/proftpd/files/extra-patch-8-src-fsio.c delete mode 100644 ftp/proftpd/files/patch-src-fsio.c (limited to 'ftp/proftpd') diff --git a/ftp/proftpd/Makefile b/ftp/proftpd/Makefile index 78d533cc9782..390bfeedb254 100644 --- a/ftp/proftpd/Makefile +++ b/ftp/proftpd/Makefile @@ -52,7 +52,7 @@ CONFIGURE_ARGS= --localstatedir=${LOCALSTATEDIR} \ --enable-dso \ --disable-sendfile -OPTIONS= BAN "Include mod_ban (Requires CTRLS)" off \ +OPTIONS= BAN "Include mod_ban (requires CTRLS)" off \ CLAMAV "Include mod_clamav" off \ CTRLS "Include controls" off \ DYNMASQ "Include mod_dynmasq" off \ @@ -61,7 +61,7 @@ OPTIONS= BAN "Include mod_ban (Requires CTRLS)" off \ IFSESSION "Include mod_ifsession" on \ IPV6 "Use IPv6" on \ LDAP "Use LDAP" off \ - LDAP_TLS "Use LDAP TLS (Requires LDAP, OPENSSL)" off + LDAP_TLS "Use LDAP TLS (requires LDAP, OPENSSL)" off # Set the MYSQL option based upon the setting from the # slave port (ftp/proftpd-mysql). @@ -77,7 +77,7 @@ OPTIONS+= NLS "Use nls (builds mod_lang)" on \ PGSQL "Postgres auth" off \ QUOTA "Include mod_quota" off \ QUOTATAB_RADIUS "include mod_quotatab_radius" off \ - SHAPER "Shaper module" off \ + SHAPER "Shaper module (requires CTRLS)" off \ SQLITE "SQLite auth" off \ RADIUS "Include mod_radius" on \ RATIO "Include mod_ratio" on \ @@ -103,6 +103,18 @@ PLIST_SUB+= LOCALSTATEDIR="${LOCALSTATEDIR}" .include +# FreeBSD-SA-11:07.chroot +.if ${OSVERSION} < 800000 +CHROOT_TEST != ${GREP} __FreeBSD_libc_enter_restricted_mode \ + /usr/include/unistd.h > /dev/null || ${ECHO_CMD} error +. if ${CHROOT_TEST} == "error" +BROKEN=__FreeBSD_libc_enter_restricted_mode is not supported +. endif +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-7-src-fsio.c +.else +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-8-src-fsio.c +.endif + .if ${ARCH} == "sparc64" && ${OSVERSION} > 900000 BROKEN= Does not compile on sparc64-9: storage size of 'utx' isn't known .endif @@ -157,6 +169,9 @@ MODULES:=${MODULES}:mod_radius .endif .if defined(WITH_SHAPER) +.if !defined(WITH_CTRLS) +IGNORE= option BAN requires CTRLS +.endif MODULES:=${MODULES}:mod_shaper .endif diff --git a/ftp/proftpd/files/extra-patch-7-src-fsio.c b/ftp/proftpd/files/extra-patch-7-src-fsio.c new file mode 100644 index 000000000000..22e66f6f7ab2 --- /dev/null +++ b/ftp/proftpd/files/extra-patch-7-src-fsio.c @@ -0,0 +1,19 @@ +--- src/fsio.c.orig 2010-04-12 12:00:00.000000000 -0700 ++++ src/fsio.c 2011-12-16 15:12:07.799166185 -0800 +@@ -50,6 +50,8 @@ + # include + #endif + ++#include ++ + typedef struct fsopendir fsopendir_t; + + struct fsopendir { +@@ -287,6 +289,7 @@ + static int sys_chroot(pr_fs_t *fs, const char *path) { + if (chroot(path) < 0) + return -1; ++ __FreeBSD_libc_enter_restricted_mode(); + + session.chroot_path = (char *) path; + return 0; diff --git a/ftp/proftpd/files/extra-patch-8-src-fsio.c b/ftp/proftpd/files/extra-patch-8-src-fsio.c new file mode 100644 index 000000000000..3b085be7283c --- /dev/null +++ b/ftp/proftpd/files/extra-patch-8-src-fsio.c @@ -0,0 +1,44 @@ +--- src/fsio.c.orig 2010-04-12 21:00:00.000000000 +0200 ++++ src/fsio.c 2011-12-29 21:51:33.844925577 +0100 +@@ -50,6 +50,10 @@ + # include + #endif + ++#if defined(__FreeBSD__) ++#include ++#endif ++ + typedef struct fsopendir fsopendir_t; + + struct fsopendir { +@@ -284,7 +288,30 @@ + #endif + } + ++#if defined(__FreeBSD__) ++static int ++enter_freebsd_restricted_mode() ++{ ++ typedef void frmode_t(); ++ frmode_t *frmode; ++ ++ frmode = (frmode_t *)dlfunc( ++ RTLD_NEXT, "__FreeBSD_libc_enter_restricted_mode"); ++ if (frmode == NULL) { ++ pr_log_pri(PR_LOG_ERR, ++ "error: FreeBSD with vulnerable chroot (FreeBSD-SA-11:07.chroot)"); ++ return 1; ++ } ++ frmode(); ++ return 0; ++} ++#endif ++ + static int sys_chroot(pr_fs_t *fs, const char *path) { ++#if defined(__FreeBSD__) ++ if (enter_freebsd_restricted_mode() != 0) ++ return -1; ++#endif + if (chroot(path) < 0) + return -1; + diff --git a/ftp/proftpd/files/patch-src-fsio.c b/ftp/proftpd/files/patch-src-fsio.c deleted file mode 100644 index 3b085be7283c..000000000000 --- a/ftp/proftpd/files/patch-src-fsio.c +++ /dev/null @@ -1,44 +0,0 @@ ---- src/fsio.c.orig 2010-04-12 21:00:00.000000000 +0200 -+++ src/fsio.c 2011-12-29 21:51:33.844925577 +0100 -@@ -50,6 +50,10 @@ - # include - #endif - -+#if defined(__FreeBSD__) -+#include -+#endif -+ - typedef struct fsopendir fsopendir_t; - - struct fsopendir { -@@ -284,7 +288,30 @@ - #endif - } - -+#if defined(__FreeBSD__) -+static int -+enter_freebsd_restricted_mode() -+{ -+ typedef void frmode_t(); -+ frmode_t *frmode; -+ -+ frmode = (frmode_t *)dlfunc( -+ RTLD_NEXT, "__FreeBSD_libc_enter_restricted_mode"); -+ if (frmode == NULL) { -+ pr_log_pri(PR_LOG_ERR, -+ "error: FreeBSD with vulnerable chroot (FreeBSD-SA-11:07.chroot)"); -+ return 1; -+ } -+ frmode(); -+ return 0; -+} -+#endif -+ - static int sys_chroot(pr_fs_t *fs, const char *path) { -+#if defined(__FreeBSD__) -+ if (enter_freebsd_restricted_mode() != 0) -+ return -1; -+#endif - if (chroot(path) < 0) - return -1; - -- cgit ue='grep'>log msg
path: root/lang/gcc5/files
Commit message (Expand)AuthorAgeFilesLines
* Define WCHAR_T for aarch64 on all active gcc (gcc/gcc5 and gcc6) releases.andreast2017-04-091-1/+6
* Fix armv6 bootstrap. This piece of config is already in the upstream tree andandreast2017-04-091-0/+18
* Sync files/java-patch-hier with the lang/gcc port (the only differencegerald2017-04-091-0/+1
* Pet portlint wrt. patch file format.gerald2017-04-091-1/+1
* Add files/patch-x86-64-fix-m16 which already has been accepted ingerald2017-04-091-0/+25
* Backport the bits needed for aarch64-*-freebsd* support from the gcc5-develandreast2017-02-171-0/+186
* Remove traces of armv6hf which no longer exists as an arch. [1]gerald2017-02-092-39/+0
* Similar to bug 212465, lang/gcc5 doesn't compile with recent versions ofdim2017-02-011-0/+43
* Update to the GCC 5.4 release.gerald2016-06-062-104/+0
* Skip armv6hf support and move it into armv6.andreast2016-06-041-0/+18
* Bring the fixes mentioned below from upstream to our gcc-5.3 release port.andreast2016-01-091-2/+52
* Add two fixes which have missed the gcc-5.3 release date:andreast2015-12-072-0/+54
* Update to the GCC 5.3 release.gerald2015-12-062-0/+2
* Update from GCC 5.1 (the first release of GCC 5) to GCC 5.2.gerald2015-07-251-73/+0
* Backport PIE support for FreeBSD from GCC trunk.andreast2015-06-101-0/+73
* Allow to build gcc for armv6(hf).andreast2015-01-28