diff --git a/sysutils/fusefs-curlftpfs/Makefile b/sysutils/fusefs-curlftpfs/Makefile
index 50c771dca219..038e07337dfa 100644
--- a/sysutils/fusefs-curlftpfs/Makefile
+++ b/sysutils/fusefs-curlftpfs/Makefile
@@ -1,26 +1,35 @@
 PORTNAME=	curlftpfs
 PORTVERSION=	0.9.2
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	sysutils
 MASTER_SITES=	SF
 PKGNAMEPREFIX=	fusefs-
+DIST_SUBDIR=	${PORTNAME}
+
+PATCH_SITES=	https://sources.debian.org/data/main/c/curlftpfs/0.9.2-9/debian/patches/
+PATCHFILES=	fix-CURLOPT_INFILESIZE.patch \
+		free_ftpfs_file-memleak-fix.patch \
+		nocache-memleak-fix.patch \
+		curlftpfs__no_verify_hostname.patch \
+		consistent-feature-flag.patch
+PATCH_DIST_STRIP=	-p1
 
 MAINTAINER=	rodrigo@FreeBSD.org
 COMMENT=	Mount remote FTP directories
 WWW=		https://curlftpfs.sourceforge.net/
 
 LICENSE=	GPLv2
 LICENSE_FILE=	${WRKSRC}/COPYING
 
 LIB_DEPENDS=	libcurl.so:ftp/curl
 
 USES=		fuse gnome pkgconfig
 USE_GNOME=	glib20
 
 GNU_CONFIGURE=			yes
 GNU_CONFIGURE_MANPREFIX=	${PREFIX}/share
 
 PLIST_FILES=	bin/curlftpfs \
 		share/man/man1/${PORTNAME}.1.gz
 
 .include <bsd.port.mk>
diff --git a/sysutils/fusefs-curlftpfs/distinfo b/sysutils/fusefs-curlftpfs/distinfo
index 4e2622d3d992..822419798166 100644
--- a/sysutils/fusefs-curlftpfs/distinfo
+++ b/sysutils/fusefs-curlftpfs/distinfo
@@ -1,2 +1,13 @@
-SHA256 (curlftpfs-0.9.2.tar.gz) = 4eb44739c7078ba0edde177bdd266c4cfb7c621075f47f64c85a06b12b3c6958
-SIZE (curlftpfs-0.9.2.tar.gz) = 365503
+TIMESTAMP = 1730467218
+SHA256 (curlftpfs/curlftpfs-0.9.2.tar.gz) = 4eb44739c7078ba0edde177bdd266c4cfb7c621075f47f64c85a06b12b3c6958
+SIZE (curlftpfs/curlftpfs-0.9.2.tar.gz) = 365503
+SHA256 (curlftpfs/fix-CURLOPT_INFILESIZE.patch) = 19734139dfcd5252f5b8005343afba89e809bed6b476901c24dc6c3535e36501
+SIZE (curlftpfs/fix-CURLOPT_INFILESIZE.patch) = 644
+SHA256 (curlftpfs/free_ftpfs_file-memleak-fix.patch) = accd3b5a322bacbf4ccdc8433ce3fc97b6d6284a56ab29daa1579424e7e41f39
+SIZE (curlftpfs/free_ftpfs_file-memleak-fix.patch) = 425
+SHA256 (curlftpfs/nocache-memleak-fix.patch) = 75db4498ca4879078e25e87da4ef57d648f22aee692e3b5ae23030762f6b4ac2
+SIZE (curlftpfs/nocache-memleak-fix.patch) = 1864
+SHA256 (curlftpfs/curlftpfs__no_verify_hostname.patch) = f69d4537447acbb559a14efbd8f880cde2b20f06ca2b0edd2229f8bb319675db
+SIZE (curlftpfs/curlftpfs__no_verify_hostname.patch) = 872
+SHA256 (curlftpfs/consistent-feature-flag.patch) = afd83c6640c281517e9aea548f760f911e4f5bf00485645e4368ffb0b90c9784
+SIZE (curlftpfs/consistent-feature-flag.patch) = 1724
diff --git a/sysutils/fusefs-curlftpfs/files/patch-path__utils.c b/sysutils/fusefs-curlftpfs/files/patch-path__utils.c
index 9ce6c500dbab..7855c90e7043 100644
--- a/sysutils/fusefs-curlftpfs/files/patch-path__utils.c
+++ b/sysutils/fusefs-curlftpfs/files/patch-path__utils.c
@@ -1,75 +1,75 @@
 --- path_utils.c.orig	2007-11-20 19:27:58 UTC
 +++ path_utils.c
 @@ -92,3 +92,72 @@ char* get_dir_path(const char* path) {
  
    return ret;
  }
 +
 +/*
 + * the chars not needed to be escaped:
 + *    unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"
 + */
 +static inline int is_unreserved_rfc3986(char c)
 +{
 +    int is_locase_alpha = (c >= 'a' && c <= 'z');
-+    int is_upcase_alpha = (c >= 'a' && c <= 'z');
++    int is_upcase_alpha = (c >= 'A' && c <= 'Z');
 +    int is_digit        = (c >= '0' && c <= '9');
 +    int is_special      = c == '-'
 +                       || c == '.'
 +                       || c == '_'
 +                       || c == '~';
 +    int is_unreserved = is_locase_alpha
 +                      || is_upcase_alpha
 +                      || is_digit
 +                      || is_special;
 +
 +    return is_unreserved;
 +}
 +
 +static inline int is_unreserved(char c)
 +{
 +    return is_unreserved_rfc3986(c) || c == '/';
 +}
 +
 +char* path_to_uri(const char* path)
 +{
 +    static const char hex[] = "0123456789ABCDEF";
 +    size_t path_len = strlen(path);
 +    size_t host_len = strlen(ftpfs.host);
 +    /* at worst: c -> %XX */
 +    char * encoded_path = malloc (3 * path_len + 1);
 +    const char * s = path;
 +    char * d       = encoded_path;
 +
 +    /*
 +     * 'path' is always prefixed with 'ftpfs.host'
 +     */
 +    memcpy (d, ftpfs.host, host_len);
 +    s += host_len;
 +    d += host_len;
 +
 +    for (; *s; ++s)
 +    {
 +        char c = *s;
 +        if (is_unreserved (c))
 +        {
 +            *d++ = c;
 +        }
 +        else
 +        {
 +            unsigned int hi = ((unsigned)c >> 4) & 0xF;
 +            unsigned int lo = ((unsigned)c >> 0) & 0xF;
 +            *d++ = '%';
 +            *d++ = hex[hi];
 +            *d++ = hex[lo];
 +        }
 +    }
 +    *d = '\0';
 +
 +    return encoded_path;
 +}
 +
 +void free_uri(char* path)
 +{
 +    free(path);
 +}