add ncpfs with ln hack

This commit is contained in:
Mario Fetka 2012-11-26 19:10:13 +01:00
parent c2ae6625fb
commit bce14e8935
12 changed files with 1213 additions and 1 deletions

View File

@ -9,10 +9,11 @@ BASEDIR=$(dirname $0)
source $BASEDIR/kernel
EMERGE=""
EMERGE="virtual/linux-sources"
for package in ${PACKAGES}; do
EMERGE="$EMERGE =${package}-${VER}"
done
emerge $EMERGE
eit add $EMERGE

127
net-fs/ncpfs/ChangeLog Normal file
View File

@ -0,0 +1,127 @@
# ChangeLog for net-fs/ncpfs
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/ChangeLog,v 1.31 2012/06/11 09:20:53 ago Exp $
11 Jun 2012; Agostino Sarubbo <ago@gentoo.org> ncpfs-2.2.6-r2.ebuild:
Stable for amd64, wrt bug #418227
11 Jun 2012; Agostino Sarubbo <ago@gentoo.org> -ncpfs-2.2.6-r1.ebuild:
Remove old
07 Jun 2012; Brent Baude <ranger@gentoo.org> ncpfs-2.2.6-r2.ebuild:
Marking ncpfs-2.2.6-r2 ppc for bug 418227
05 Jun 2012; Brent Baude <ranger@gentoo.org> ncpfs-2.2.6-r2.ebuild:
Marking ncpfs-2.2.6-r2 ppc64 for bug 418227
*ncpfs-2.2.6-r2 (10 Feb 2011)
10 Feb 2011; Joshua Kinard <kumba@gentoo.org> -ncpfs-2.2.6.ebuild,
+ncpfs-2.2.6-r2.ebuild, +files/ncpfs-2.2.6-multiple-vulns.patch,
+files/ncpfs-2.2.6-remove-packed-attrib.patch, +files/ipx.confd,
+files/ipx.init:
Add two patches to ncpfs, one to correct several vulnerabilities (#308071)
and another to remove unneeded __attribute((packed)) directives to make the
build look a lot cleaner. Also imported an init.d script and companion conf.d
file for starting up/shutting down IPX through the init system. The init
script should address #238688 in this package. Also fixed #126323 by
installing headers for ncpfs into /usr/include. And removed the -r0 ebuild.
08 Oct 2010; Matti Bickel <mabi@gentoo.org> ncpfs-2.2.6-r1.ebuild:
change virtual/php to dev-lang/php (bug #319623)
*ncpfs-2.2.6-r1 (20 Apr 2010)
20 Apr 2010; Mike Frysinger <vapier@gentoo.org> +ncpfs-2.2.6-r1.ebuild:
Clean up ebuild, respect env LDFLAGS, fix multilib pam issues #273486 by
Rion, and fix sandbox violations w/ldconfig #273484 by Rion.
14 May 2008; Diego Pettenò <flameeyes@gentoo.org> ncpfs-2.2.6.ebuild:
Depend on virtual/pam as the code builds fine with OpenPAM.
11 May 2007; Maurice van der Pot <griffon26@gentoo.org>
+files/ncpfs-2.2.6-missing-includes.patch, ncpfs-2.2.6.ebuild:
Added some includes for missing header files, fixing errors during
compilation reported as bug #157462 and bug #178090 by Willard Dawson
<willard.dawson@sungard.com> and Marat Radchenko <valder@yandex.ru>
respectively.
28 Nov 2006; Luca Longinotti <chtekk@gentoo.org> -ncpfs-2.2.0.19.ebuild,
-ncpfs-2.2.0.19-r1.ebuild, -ncpfs-2.2.0.19-r2.ebuild, -ncpfs-2.2.3.ebuild,
-ncpfs-2.2.5.ebuild:
Delete vulnerable versions on behalf of DerCorny, fixes bug #140535.
28 Jan 2006; Mark Loeser <halcy0n@gentoo.org>
+files/ncpfs-2.2.6-gcc4.patch, ncpfs-2.2.6.ebuild:
Add patch to fix compilation with gcc-4.0; bug #118914
29 Jan 2005; Markus Rothe <corsair@gentoo.org> ncpfs-2.2.6.ebuild:
Stable on ppc64; bug #77414
*ncpfs-2.2.6 (29 Jan 2005)
29 Jan 2005; Maurice van der Pot <griffon26@gentoo.org>
+ncpfs-2.2.6.ebuild:
Added new version that fixes security bug #77414.
Immediately marked stable on x86.
15 Dec 2004; Peter Johanson <latexer@gentoo.org> ncpfs-2.2.5.ebuild:
Fix syntax for php depends. See bug #74005
14 Dec 2004; Peter Johanson <latexer@gentoo.org> ncpfs-2.2.5.ebuild:
Marking x86 stable. See bug #72820
11 Dec 2004; Markus Rothe <corsair@gentoo.org> ncpfs-2.2.5.ebuild:
Stable on ppc64; bug #72820
10 Dec 2004; Stuart Herbert <stuart@gentoo.org> ncpfs-2.2.5.ebuild:
Fix for typo in virtual DEPEND list; thanks to latexer for spotting it; bug
#74005
09 Dec 2004; Stuart Herbert <stuart@gentoo.org> ncpfs-2.2.5.ebuild:
Fix for sandbox violation when the PHP extension is built
*ncpfs-2.2.5 (01 Dec 2004)
01 Dec 2004; Maurice van der Pot <griffon26@gentoo.org>
+ncpfs-2.2.5.ebuild:
Added new version that includes fix for security bug #72820.
05 Sep 2004; Sven Wegener <swegener@gentoo.org> :
Fixed ChangeLog header.
22 Jul 2004; Tom Gall <tgall@gentoo.org> ncpfs-2.2.3.ebuild:
stable on ppc64, bug #57586
09 May 2004; <SeJo@gentoo.org> ncpfs-2.2.3.ebuild:
added ~ppc keyword
26 Apr 2004; Aron Griffis <agriffis@gentoo.org> ncpfs-2.2.0.19-r1.ebuild,
ncpfs-2.2.0.19-r2.ebuild, ncpfs-2.2.3.ebuild:
Add die following econf for bug 48950
05 Jan 2004; zhen <zhen@gentoo.org> metadata.xml:
adding to net-fs herd
*ncpfs-2.2.3 (17 Jul 2003)
17 Jul 2003; Peter Johanson <latexer@gentoo.org> ncpfs-2.2.3.ebuild:
Bump in ~x86.
*ncpfs-2.2.0.19-r2 (23 Mar 2003)
23 Mar 2003; Martin Holzer <mholzer@gentoo.org> ncpfs-2.2.0.19-r2.ebuild:
Fixed ebuild that mount.* would be installed. Closes #17823.
*ncpfs-2.2.0.19-r1 (20 Oct 2002)
20 Oct 2002; Seemant Kulleen <seemant@gentoo.org> ncpfs-2.2.0.19-r1.ebuild
files/digest-ncpfs-2.2.0.19-r1 :
Some fixes for NLS and PAM use flags.
*ncpfs-2.2.0.19 (20 Jun 2002)
20 Jun 2002; J.Alberto S.L. <bass@gentoo.org> ncpfs-2.2.0.19.ebuild:
First relase.

11
net-fs/ncpfs/Manifest Normal file
View File

@ -0,0 +1,11 @@
AUX ipx.confd 706 SHA256 abfefd5c3f9df2232e5d35f743ff8ce2876e887d39bd823789b54e3a8bd69a0e SHA512 7c15f4aca1dbce2450f2e04741bce5f9d73150607c0f74fabe917f41a4041eaed8bf26262652dccf7660f1634932082c02e889a90b05c679485df718fff970eb WHIRLPOOL b85ae8141a1403fc47e94bab8149e8530cb0a4a8d047fe1dc5ddf77d08ff5693190d359226304141a3586d6953020f9ad56565f8d059cbda0b43c511bbbf1e60
AUX ipx.init 972 SHA256 2b01a7a68110658f20c883e5045dd854389b37866e97c5f0e978034dc49dc395 SHA512 ce07fe5aa1d8f8f4b0f46454ce3461076bcb938b4f41187c4c214ee7895189995507cd9209551b1a3e4bbaf7f237228ec528d89b1dd91102fd21fb28253084f0 WHIRLPOOL bf5ac8aed0fd62bf30df495bf6d7073f9623848c35620f348d5afa28e9f7ec626bec4983045ab628626392f3391234f6a2e4a31680001a2bbafe4a14876a1595
AUX ncpfs-2.2.5-php.patch 555 SHA256 ea32f4f6a9ac7c1d43af654982410680ca535a313f2a94efd3ddb295949d864b SHA512 2768cfe218c1fcd9e8458e28af51985a50d60d2538c61cb13f2c8db77fd111abbe8d81b040c82d51bd18fdecfacbc78e488ca7d17f8fd08af62a8b5690b37c19 WHIRLPOOL e19c931b0f440b93c8135f9b995f74852b152642778fd86eff89f081378c8b9ce99773bcedc08cfd54280d9d894d1b2e675f78f78a01bd47f9fcb1e1f9318d4c
AUX ncpfs-2.2.6-gcc4.patch 1291 SHA256 8fbb8621b178aa8fb38da30639cc32afce0254445fe59c0f56c543da62d6921e SHA512 2bdce56008c2f7819c402ff00643d6602bab89922d01fefd3d42a15720cb569e6920c1ca8feaf8e927b0391ca44466df1fc91de21bcc76f53cbe7cc102e88992 WHIRLPOOL f68ece683be5e085e987891289e7605243bb37d81b357102463a3289a2a57e799ffb022fbf4470d8390540524002a478866b2809abb40aac900e00cc9cd20b9a
AUX ncpfs-2.2.6-missing-includes.patch 779 SHA256 b724c68cd8e1b8e5ed91dc3f7c24948e76107bda6314c954918adfc058a24911 SHA512 3f51978a009b8c9e20c14500bafb4bf3ecf3b288b43f42aeb11e81ff621014c0c5774bd8d53be06706b2a78d94dae62ee663a3f710fc908d433ba2755788abcb WHIRLPOOL 875e62439a004b98b1bd227c4ad6e305e0e126f8bbc7ab687264813ddfe62102f1a5c41fc608634e3a78e96202bd5bf74ecb2973caf5c7ad6bc67a1b08487fa4
AUX ncpfs-2.2.6-multiple-vulns.patch 14158 SHA256 50d42cda962cbc5c3e7ad6048ed2ebb465645e640a32552ffa44c7229d8d2a77 SHA512 486bae42500d0712b7023768f0cf60d0b550a11cb554b2733f09ee92a49df031dec2f938b2a355c123e50b71340cbd94dfb38b7a1b455e680ece7efe6aa13925 WHIRLPOOL 1aed769a1dd3d9e3aa6cbc0f9a34eba42c7f99947870ca8b7c655568c93404a3b4fdac4e1e50ea920032118dcc63b64090f8c12e7713c6b56ac8686d01205db0
AUX ncpfs-2.2.6-remove-packed-attrib.patch 10312 SHA256 f1c587b329224f34f351e08b32333e854539223d337e6bb2fdadf28c2130673b SHA512 efd11c2cf08f3b7b1458b836ee863f31e3ae470986a02a3d2db0ec6fbb7a984e2d33643765d7223b797732d80187412a907a9ca971233eb0f95ed4744ef6f44a WHIRLPOOL 187d2c71547de0de2007f872a53a7c4545a2ace4d258fc93802283278202eb0db7fbef70c7a6f7210e8f037e65399c76fa57def0fe73591d8d24967432be9a4c
DIST ncpfs-2.2.6.tar.gz 2100545 SHA256 2837046046bcdb46d77a80c1d17dbfd15e878700e879edab4cda9f080e0337f9
EBUILD ncpfs-2.2.6-r2.ebuild 2007 SHA256 b22ad4f594bd9ee1e3d35d4798fcac14d651e9bc473e8aa7f1eaedd6e3e9392d SHA512 82127c3de392557496cada88581607a4280debba280bf62971146f91be459eb9bd62a9f21ab9e367f375cb13f0338413553a51e3e2d891c149f64f55ea3bc69d WHIRLPOOL 3c8d5cfbfefd3a7c4703b359befff0f97f1b6da338100d6abbb114b37dd0bca9e30d24e0c1d39c74f398ef3fb66c35a47ef49e8b75096c0251b62c9d9cd69be7
MISC ChangeLog 4769 SHA256 3a113a2b1c50be4a0dbf022b28ad4e717e8de071787a66a910d11b22a54d6cd4 SHA512 232e4913c5c43c9969aa8672ff1bfa665eb00b3874adc95d64e2e1b5b48d64dcc152055aeec40ccb43c225601ddea9e55095749c245a12b52de28d3ae616c3e4 WHIRLPOOL 8f181970775af0e62f6c63b9f623616df550e9c06f6b7e1d836a040c46c30a85010656404fb2340e2b3e9ad2909bb1e20ea540e0224f774e5764260538ec5318
MISC metadata.xml 290 SHA256 bc04d955fed7a177f63051b016c7f24451c30200e8608b70f8e63e25176a0348 SHA512 52de55e9486be04762f7ddc2dfe231e3c409ec63d3ec39dcf252540add9165a14c968fa90e281575982229791bf4a070f2285d857ca589c63e499e66e1c58d64 WHIRLPOOL a67855c335e629d78f0d54430450565c4dc3ac97184b42bcf0cbe15dfb23bdaca234feeee15773216a5243c18dd141ad9dfcc6dc0b2b95b48944ae549674545d

View File

@ -0,0 +1,28 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/files/ipx.confd,v 1.1 2011/02/10 09:26:38 kumba Exp $
# Config file for /etc/init.d/ipx
# Automatically selecting a primary interface.
IPX_AUTO_PRIMARY=on
# Automatically creating interfaces.
IPX_AUTO_INTERFACE=on
# Interface to which IPX sockets are bound.
IPX_DEVICE=eth0
# The IPX frame type to use.
# Valid values are: 802.2, 802.3, SNAP, & EtherII.
IPX_FRAME=802.2
# Create a special kind of IPX interface that does not
# have a physical device or frame type.
IPX_INTERNAL_NET=no
# Network number
IPX_NETNUM=1
# Node number
IPX_NODENUM=1

View File

@ -0,0 +1,42 @@
#!/sbin/runscript
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/files/ipx.init,v 1.1 2011/02/10 09:26:38 kumba Exp $
#NB: Config is in /etc/conf.d/ipx
depend() {
need net netmount
}
start() {
local retval=0
ebegin "Bringing IPX up"
if [ ${IPX_INTERNAL_NET} = "yes" ]
then
/usr/bin/ipx_internal_net add ${IPX_NETNUM} ${IPX_NODENUM}
retval=$?
else
/usr/bin/ipx_interface add -p ${IPX_DEVICE} \
${IPX_FRAME} ${IPX_NETNUM}
retval=$?
fi
/usr/bin/ipx_configure \
--auto_primary=${IPX_AUTO_PRIMARY} \
--auto_interface=${IPX_AUTO_INTERFACE}
retval=$(( $retval + $? ))
eend ${retval} "Failed to bring IPX up"
}
stop() {
local retval=0
ebegin "Bringing IPX down"
/usr/bin/ipx_configure --auto_primary=off --auto_interface=off
retval=$?
/usr/bin/ipx_interface delall
retval=$(( $retval + $? ))
eend ${retval} "Failed to down IPX"
}

View File

@ -0,0 +1,16 @@
--- contrib/php/build/rules.mk.orig 2004-12-09 13:01:04.417854240 +0000
+++ contrib/php/build/rules.mk 2004-12-09 13:01:42.460070944 +0000
@@ -63,10 +63,10 @@
install-modules:
@test -d modules && \
- $(mkinstalldirs) $(moduledir) && \
- echo "installing shared modules into $(moduledir)" && \
+ $(mkinstalldirs) $(DESTDIR)/$(moduledir) && \
+ echo "installing shared modules into $(DESTDIR)/$(moduledir)" && \
rm -f modules/*.la && \
- cp modules/* $(moduledir) || true
+ cp modules/* $(DESTDIR)/$(moduledir) || true
include $(builddir)/.deps

View File

@ -0,0 +1,36 @@
diff -ur ncpfs-2.2.6-orig/lib/ncplib.c ncpfs-2.2.6/lib/ncplib.c
--- ncpfs-2.2.6-orig/lib/ncplib.c 2006-01-13 16:55:05.000000000 -0500
+++ ncpfs-2.2.6/lib/ncplib.c 2006-01-13 16:56:08.000000000 -0500
@@ -2421,7 +2421,7 @@
int i = 1;
NWCCODE nwerr;
- static int get_argument(int arg_no, const char **target) {
+ int get_argument(int arg_no, const char **target) {
int count = 1;
if (target != NULL) {
diff -ur ncpfs-2.2.6-orig/util/nwpjmv.c ncpfs-2.2.6/util/nwpjmv.c
--- ncpfs-2.2.6-orig/util/nwpjmv.c 2006-01-13 16:55:05.000000000 -0500
+++ ncpfs-2.2.6/util/nwpjmv.c 2006-01-13 16:55:50.000000000 -0500
@@ -131,7 +131,7 @@
char *s = q->command;
char *target_end = target + target_size;
- static void add_string(const char *str)
+ void add_string(const char *str)
{
int len = strlen(str);
if (target + len + 1 > target_end)
diff -ur ncpfs-2.2.6-orig/util/pserver.c ncpfs-2.2.6/util/pserver.c
--- ncpfs-2.2.6-orig/util/pserver.c 2006-01-13 16:55:05.000000000 -0500
+++ ncpfs-2.2.6/util/pserver.c 2006-01-13 16:55:36.000000000 -0500
@@ -153,7 +153,7 @@
char *s = q->command;
char *target_end = target + target_size;
- static void add_string(const char *str)
+ void add_string(const char *str)
{
int len = strlen(str);
if (target + len + 1 > target_end)

View File

@ -0,0 +1,22 @@
diff -ruN ncpfs-2.2.6/contrib/pam/pam_ncp_auth.c ncpfs-2.2.6-fixed/contrib/pam/pam_ncp_auth.c
--- ncpfs-2.2.6/contrib/pam/pam_ncp_auth.c 2005-01-27 18:35:59.000000000 +0100
+++ ncpfs-2.2.6-fixed/contrib/pam/pam_ncp_auth.c 2007-05-11 21:38:05.143474750 +0200
@@ -257,6 +257,7 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <syslog.h>
#include <unistd.h>
#include <pwd.h>
#include <grp.h>
diff -ruN ncpfs-2.2.6/sutil/ncpm_common.c ncpfs-2.2.6-fixed/sutil/ncpm_common.c
--- ncpfs-2.2.6/sutil/ncpm_common.c 2005-01-27 18:35:59.000000000 +0100
+++ ncpfs-2.2.6-fixed/sutil/ncpm_common.c 2007-05-11 21:38:29.609003750 +0200
@@ -82,6 +82,7 @@
#include "ncpm_common.h"
+#include <stddef.h>
#include <stdio.h>
#include <string.h>
#include <signal.h>

View File

@ -0,0 +1,557 @@
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Fri, 5 Mar 2010 12:06:01 -0500
============================================
ncpfs, Multiple Vulnerabilities
March 5, 2010
CVE-2010-0788, CVE-2010-0790, CVE-2010-0791
============================================
==Description==
The ncpmount, ncpumount, and ncplogin utilities, installed as part of the ncpfs
package, contain several vulnerabilities.
1. ncpmount, ncpumount, and ncplogin are vulnerable to race conditions that
allow a local attacker to unmount arbitrary mountpoints, causing
denial-of-service, or mount Netware shares to arbitrary directories,
potentially leading to root compromise. This issue was formerly assigned
CVE-2009-3297, but has since been re-assigned CVE-2010-0788 to avoid overlap
with related bugs in other packages.
2. ncpumount is vulnerable to an information disclosure vulnerability that
allows a local attacker to verify the existence of arbitrary files, violating
directory permissions. This issue has been assigned CVE-2010-0790.
3. ncpmount, ncpumount, and ncplogin create lockfiles insecurely, allowing a
local attacker to leave a stale lockfile at /etc/mtab~, causing other mount
utilities to fail and creating denial-of-service conditions. This issue has
been assigned CVE-2010-0791.
==Workaround==
If unprivileged users do not need the ability to mount and unmount Netware
shares, then the suid bit should be removed from these utilities.
==Solution==
A patch has been released that resolves these issues (attached to this
advisory). ncpfs-2.2.6.partial.patch is intended for ncpfs releases that have
already been patched against the first vulnerability in this report
(CVE-2010-0788, formerly CVE-2009-3297). It has been tested against the latest
ncpfs packages distributed by Fedora, Red Hat, and Mandriva.
ncpfs-2.2.6.full.patch is intended for ncpfs releases that have not been
patched against any of these vulnerabilities. It has been tested against the
latest ncpfs packages distributed by Debian, Ubuntu, and the upstream release
(ftp://platan.vc.cvut.cz/pub/linux/ncpfs/).
Users are advised to recompile from source, or request updated packages from
downstream distributors.
==Credits==
These vulnerabilities were discovered by Dan Rosenberg
(dan.j.rosenberg () gmail com).
Thanks to Vitezslav Crhonek for the patch against the first issue.
==References==
CVE identifiers CVE-2010-0788, CVE-2010-0790, and CVE-2010-0791 have been
assigned to these issues.
http://seclists.org/fulldisclosure/2010/Mar/122
diff -ur ncpfs-2.2.6.orig/sutil/ncplogin.c ncpfs-2.2.6/sutil/ncplogin.c
--- ncpfs-2.2.6.orig/sutil/ncplogin.c 2010-03-03 16:18:59.000000000 -0500
+++ ncpfs-2.2.6/sutil/ncplogin.c 2010-03-03 16:17:41.000000000 -0500
@@ -934,7 +934,9 @@
NWDSFreeContext(ctx);
/* ncpmap, ncplogin must write in /etc/mtab */
{
+ block_sigs();
add_mnt_entry(mount_name, mount_point, info.flags);
+ unblock_sigs();
}
free(mount_name);
if (info.echo_mnt_pnt) {
diff -ur ncpfs-2.2.6.orig/sutil/ncpm_common.c ncpfs-2.2.6/sutil/ncpm_common.c
--- ncpfs-2.2.6.orig/sutil/ncpm_common.c 2010-03-03 16:18:59.000000000 -0500
+++ ncpfs-2.2.6/sutil/ncpm_common.c 2010-03-03 16:17:41.000000000 -0500
@@ -360,7 +360,7 @@
#endif
static inline int ncpm_suser(void) {
- return setreuid(-1, 0);
+ return setresuid(0, 0, myuid);
}
static int ncpm_normal(void) {
@@ -368,11 +368,31 @@
int v;
e = errno;
- v = setreuid(-1, myuid);
+ v = setresuid(myuid, myuid, 0);
errno = e;
return v;
}
+void block_sigs(void) {
+
+ sigset_t mask, orig_mask;
+ sigfillset(&mask);
+
+ if(sigprocmask(SIG_SETMASK, &mask, &orig_mask) < 0) {
+ errexit(-1, _("Blocking signals failed.\n"));
+ }
+}
+
+void unblock_sigs(void) {
+
+ sigset_t mask, orig_mask;
+ sigemptyset(&mask);
+
+ if (sigprocmask(SIG_SETMASK, &mask, &orig_mask) < 0) {
+ errexit(-1, _("Un-blocking signals failed.\n"));
+ }
+}
+
static int proc_ncpm_mount(const char* source, const char* target, const char* filesystem, unsigned long mountflags, const void* data) {
int v;
int e;
@@ -444,7 +464,7 @@
}
datav2.file_mode = data->file_mode;
datav2.dir_mode = data->dir_mode;
- err = proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav2);
+ err = proc_ncpm_mount(mount_name, ".", "ncpfs", flags, (void*) &datav2);
if (err)
return errno;
return 0;
@@ -508,7 +528,7 @@
exit(0); /* Should not return from process_connection */
}
close(pp[0]);
- err=proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav3);
+ err=proc_ncpm_mount(mount_name, ".", "ncpfs", flags, (void*) &datav3);
if (err) {
err = errno;
/* Mount unsuccesful so we have to kill daemon */
@@ -559,7 +579,7 @@
sprintf(mountopts, "version=%u,flags=%u,owner=%u,uid=%u,gid=%u,mode=%u,dirmode=%u,timeout=%u,retry=%u,wdogpid=%u,ncpfd=%u,infofd=%u",
NCP_MOUNT_VERSION_V5, ncpflags, data->mounted_uid, data->uid, data->gid, data->file_mode,
data->dir_mode, data->time_out, data->retry_count, wdog_pid, data->ncp_fd, pp[1]);
- err=proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, mountopts);
+ err=proc_ncpm_mount(mount_name, ".", "ncpfs", flags, mountopts);
} else {
err=-1;
}
@@ -577,7 +597,7 @@
datav4.file_mode = data->file_mode;
datav4.dir_mode = data->dir_mode;
datav4.wdog_pid = wdog_pid;
- err = proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*)&datav4);
+ err = proc_ncpm_mount(mount_name, ".", "ncpfs", flags, (void*)&datav4);
if (err) {
err = errno;
/* Mount unsuccesful so we have to kill daemon */
@@ -1395,6 +1415,17 @@
}
#endif /* MOUNT3 */
+static int check_name(const char *name)
+{
+ char *s;
+ for (s = "\n\t\\"; *s; s++) {
+ if (strchr(name, *s)) {
+ return -1;
+ }
+ }
+ return 0;
+}
+
static const struct smntflags {
unsigned int flag;
const char* name;
@@ -1416,6 +1447,9 @@
int fd;
FILE* mtab;
+ if (check_name(mount_name) == -1 || check_name(mpnt) == -1)
+ errexit(107, _("Illegal character in mount entry\n"));
+
ment.mnt_fsname = mount_name;
ment.mnt_dir = mpnt;
ment.mnt_type = (char*)"ncpfs";
diff -ur ncpfs-2.2.6.orig/sutil/ncpm_common.h ncpfs-2.2.6/sutil/ncpm_common.h
--- ncpfs-2.2.6.orig/sutil/ncpm_common.h 2010-03-03 16:18:59.000000000 -0500
+++ ncpfs-2.2.6/sutil/ncpm_common.h 2010-03-03 16:17:41.000000000 -0500
@@ -121,6 +121,9 @@
int proc_aftermount(const struct ncp_mount_info* info, NWCONN_HANDLE* conn);
int proc_ncpm_umount(const char* dir);
+void block_sigs(void);
+void unblock_sigs(void);
+
#define UNUSED(x) x __attribute__((unused))
#endif /* __NCPM_COMMON_H__ */
diff -ur ncpfs-2.2.6.orig/sutil/ncpmount.c ncpfs-2.2.6/sutil/ncpmount.c
--- ncpfs-2.2.6.orig/sutil/ncpmount.c 2010-03-03 16:18:59.000000000 -0500
+++ ncpfs-2.2.6/sutil/ncpmount.c 2010-03-03 16:17:41.000000000 -0500
@@ -359,11 +359,17 @@
usage();
return -1;
}
+
realpath(argv[optind], mount_point);
- if (stat(mount_point, &st) == -1)
+ if (chdir(mount_point))
+ {
+ errexit(31, _("Could not change directory into mount target %s: %s\n"),
+ mount_point, strerror(errno));
+ }
+ if (stat(".", &st) == -1)
{
- errexit(31, _("Could not find mount point %s: %s\n"),
+ errexit(31, _("Mount point %s does not exist: %s\n"),
mount_point, strerror(errno));
}
if (mount_ok(&st) != 0)
@@ -714,7 +720,9 @@
ncp_close(conn);
if (!opt_n) {
+ block_sigs();
add_mnt_entry(mount_name, mount_point, info.flags);
+ unblock_sigs();
}
return 0;
}
diff -ur ncpfs-2.2.6.orig/sutil/ncpumount.c ncpfs-2.2.6/sutil/ncpumount.c
--- ncpfs-2.2.6.orig/sutil/ncpumount.c 2010-03-03 16:18:59.000000000 -0500
+++ ncpfs-2.2.6/sutil/ncpumount.c 2010-03-03 16:17:41.000000000 -0500
@@ -70,13 +70,24 @@
#include <mntent.h>
#include <pwd.h>
+#include <sched.h>
+
#include "private/libintl.h"
#define _(X) X
+#ifndef MS_REC
+#define MS_REC 16384
+#endif
+#ifndef MS_SLAVE
+#define MS_SLAVE (1<<19)
+#endif
+
static char *progname;
static int is_ncplogout = 0;
+uid_t uid;
+
static void
usage(void)
{
@@ -117,6 +128,40 @@
va_end(ap);
}
+/* Mostly copied from ncpm_common.c */
+void block_sigs(void) {
+
+ sigset_t mask, orig_mask;
+ sigfillset(&mask);
+ sigdelset(&mask, SIGALRM); /* Need SIGALRM for ncpumount */
+
+ if(setresuid(0, 0, uid) < 0) {
+ eprintf("Failed to raise privileges.\n");
+ exit(-1);
+ }
+
+ if(sigprocmask(SIG_SETMASK, &mask, &orig_mask) < 0) {
+ eprintf("Blocking signals failed.\n");
+ exit(-1);
+ }
+}
+
+void unblock_sigs(void) {
+
+ sigset_t mask, orig_mask;
+ sigemptyset(&mask);
+
+ if(setresuid(uid, uid, 0) < 0) {
+ eprintf("Failed to drop privileges.\n");
+ exit(-1);
+ }
+
+ if(sigprocmask(SIG_SETMASK, &mask, &orig_mask) < 0) {
+ eprintf("Un-blocking signals failed.\n");
+ exit(-1);
+ }
+}
+
static void alarmSignal(int sig) {
(void)sig;
}
@@ -192,10 +237,13 @@
if (!numEntries)
return 0; /* don't waste time ! */
+ block_sigs();
+
while ((fd = open(MOUNTED "~", O_RDWR | O_CREAT | O_EXCL, 0600)) == -1) {
struct timespec tm;
if (errno != EEXIST || retries == 0) {
+ unblock_sigs();
eprintf(_("Can't get %s~ lock file: %s\n"), MOUNTED, strerror(errno));
return 1;
}
@@ -206,6 +254,7 @@
alarm(0);
close(fd);
if (err) {
+ unblock_sigs();
eprintf(_("Can't lock lock file %s~: %s\n"), MOUNTED, _("Lock timed out"));
return 1;
}
@@ -223,26 +272,205 @@
err = __clearMtab(mount_points, numEntries);
if ((unlink(MOUNTED "~") == -1) && (err == 0)){
+ unblock_sigs();
eprintf(_("Can't remove %s~"), MOUNTED);
return 1;
}
+ unblock_sigs();
return err;
}
+
+int ncp_mnt_umount(const char *abs_mnt, const char *rel_mnt)
+{
+ if (umount(rel_mnt) != 0) {
+ eprintf(_("Could not umount %s: %s\n"),
+ abs_mnt, strerror(errno));
+ return -1;
+ }
+ return 0;
+}
+
+
+static int check_is_mount_child(void *p)
+{
+ const char **a = p;
+ const char *last = a[0];
+ const char *mnt = a[1];
+ int res;
+ const char *procmounts = "/proc/mounts";
+ int found;
+ FILE *fp;
+ struct mntent *entp;
+
+ res = mount("", "/", "", MS_SLAVE | MS_REC, NULL);
+ if (res == -1) {
+ eprintf(_("Failed to mark mounts slave: %s\n"),
+ strerror(errno));
+ return 1;
+ }
+
+ res = mount(".", "/tmp", "", MS_BIND | MS_REC, NULL);
+ if (res == -1) {
+ eprintf(_("Failed to bind parent to /tmp: %s\n"),
+ strerror(errno));
+ return 1;
+ }
+
+ fp = setmntent(procmounts, "r");
+ if (fp == NULL) {
+ eprintf(_("Failed to open %s: %s\n"),
+ procmounts, strerror(errno));
+ return 1;
+ }
+
+ found = 0;
+ while ((entp = getmntent(fp)) != NULL) {
+ if (strncmp(entp->mnt_dir, "/tmp/", 5) == 0 &&
+ strcmp(entp->mnt_dir + 5, last) == 0) {
+ found = 1;
+ break;
+ }
+ }
+ endmntent(fp);
+
+ if (!found) {
+ eprintf(_("%s not mounted\n"), mnt);
+ return 1;
+ }
+
+ return 0;
+}
+
+
+static int check_is_mount(const char *last, const char *mnt)
+{
+ char buf[131072];
+ pid_t pid, p;
+ int status;
+ const char *a[2] = { last, mnt };
+
+ pid = clone(check_is_mount_child, buf + 65536, CLONE_NEWNS, (void *) a);
+ if (pid == (pid_t) -1) {
+ eprintf(_("Failed to clone namespace: %s\n"),
+ strerror(errno));
+ return -1;
+ }
+ p = waitpid(pid, &status, __WCLONE);
+ if (p == (pid_t) -1) {
+ eprintf(_("Waitpid failed: %s\n"),
+ strerror(errno));
+ return -1;
+ }
+ if (!WIFEXITED(status)) {
+ eprintf(_("Child terminated abnormally (status %i)\n"),
+ status);
+ return -1;
+ }
+ if (WEXITSTATUS(status) != 0)
+ return -1;
+
+ return 0;
+}
+
+
+static int chdir_to_parent(char *copy, const char **lastp, int *currdir_fd)
+{
+ char *tmp;
+ const char *parent;
+ char buf[PATH_MAX];
+ int res;
+
+ tmp = strrchr(copy, '/');
+ if (tmp == NULL || tmp[1] == '\0') {
+ eprintf(_("Internal error: invalid abs path: <%s>\n"),
+ copy);
+ return -1;
+ }
+ if (tmp != copy) {
+ *tmp = '\0';
+ parent = copy;
+ *lastp = tmp + 1;
+ } else if (tmp[1] != '\0') {
+ *lastp = tmp + 1;
+ parent = "/";
+ } else {
+ *lastp = ".";
+ parent = "/";
+ }
+ *currdir_fd = open(".", O_RDONLY);
+ if (*currdir_fd == -1) {
+ eprintf(_("Failed to open current directory: %s\n"),
+ strerror(errno));
+ return -1;
+ }
+ res = chdir(parent);
+ if (res == -1) {
+ eprintf(_("Failed to chdir to %s: %s\n"),
+ parent, strerror(errno));
+ return -1;
+ }
+ if (getcwd(buf, sizeof(buf)) == NULL) {
+ eprintf(_("Failed to obtain current directory: %s\n"),
+ strerror(errno));
+ return -1;
+ }
+ if (strcmp(buf, parent) != 0) {
+ eprintf(_("Mountpoint moved (%s -> %s)\n"),
+ parent, buf);
+ return -1;
+
+ }
+
+ return 0;
+}
+
+
+static int unmount_ncp(const char *mount_point)
+{
+ int currdir_fd = -1;
+ char *copy;
+ const char *last;
+ int res;
+
+ copy = strdup(mount_point);
+ if (copy == NULL) {
+ eprintf(_("Failed to allocate memory\n"));
+ return -1;
+ }
+ res = chdir_to_parent(copy, &last, &currdir_fd);
+ if (res == -1)
+ goto out;
+ res = check_is_mount(last, mount_point);
+ if (res == -1)
+ goto out;
+ res = ncp_mnt_umount(mount_point, last);
+
+out:
+ free(copy);
+ if (currdir_fd != -1) {
+ fchdir(currdir_fd);
+ close(currdir_fd);
+ }
+
+ return res;
+}
+
static int
do_umount(const char *mount_point)
{
int fid = open(mount_point, O_RDONLY, 0);
uid_t mount_uid;
+ int res;
if (fid == -1) {
- eprintf(_("Could not open %s: %s\n"),
- mount_point, strerror(errno));
+ eprintf(_("Invalid or unauthorized mountpoint %s\n"),
+ mount_point);
return -1;
}
if (ncp_get_mount_uid(fid, &mount_uid) != 0) {
close(fid);
- eprintf(_("%s probably not ncp-filesystem\n"),
+ eprintf(_("Invalid or unauthorized mountpoint %s\n"),
mount_point);
return -1;
}
@@ -253,12 +481,8 @@
return -1;
}
close(fid);
- if (umount(mount_point) != 0) {
- eprintf(_("Could not umount %s: %s\n"),
- mount_point, strerror(errno));
- return -1;
- }
- return 0;
+ res = unmount_ncp(mount_point);
+ return res;
}
@@ -409,7 +633,8 @@
int allConns = 0;
const char *serverName = NULL;
const char *treeName = NULL;
- uid_t uid = getuid();
+
+ uid = getuid();
progname = strrchr(argv[0], '/');
if (progname) {

View File

@ -0,0 +1,297 @@
diff -Naurp ncpfs-2.2.6.orig//include/ncp/ipxlib.h ncpfs-2.2.6//include/ncp/ipxlib.h
--- ncpfs-2.2.6.orig//include/ncp/ipxlib.h 2005-01-27 12:35:59.000000000 -0500
+++ ncpfs-2.2.6//include/ncp/ipxlib.h 2011-02-10 02:38:18.822076000 -0500
@@ -64,12 +64,12 @@ struct sap_query
struct sap_server_ident
{
u_int16_t server_type __attribute__((packed));
- char server_name[48] __attribute__((packed));
+ char server_name[48];
IPXNet server_network __attribute__((packed));
#ifdef SWIG
u_int8_t server_node[6] __attribute__((packed));
#else
- IPXNode server_node __attribute__((packed));
+ IPXNode server_node;
#endif
IPXPort server_port __attribute__((packed));
u_int16_t intermediate_network __attribute__((packed));
@@ -87,7 +87,7 @@ struct ipx_rt_def {
struct ipx_rip_packet
{
u_int16_t operation __attribute__((packed));
- struct ipx_rt_def rt[1] __attribute__((packed));
+ struct ipx_rt_def rt[1];
};
#ifdef SWIG
diff -Naurp ncpfs-2.2.6.orig//include/ncp/kernel/ncp.h ncpfs-2.2.6//include/ncp/kernel/ncp.h
--- ncpfs-2.2.6.orig//include/ncp/kernel/ncp.h 2005-01-27 12:35:59.000000000 -0500
+++ ncpfs-2.2.6//include/ncp/kernel/ncp.h 2011-02-10 02:38:18.822076000 -0500
@@ -53,12 +53,12 @@
struct ncp_request_header {
u_int16_t type __attribute__((packed));
- u_int8_t sequence __attribute__((packed));
- u_int8_t conn_low __attribute__((packed));
- u_int8_t task __attribute__((packed));
- u_int8_t conn_high __attribute__((packed));
- u_int8_t function __attribute__((packed));
- u_int8_t data[0] __attribute__((packed));
+ u_int8_t sequence;
+ u_int8_t conn_low;
+ u_int8_t task;
+ u_int8_t conn_high;
+ u_int8_t function;
+ u_int8_t data[0];
};
#define NCP_REPLY (0x3333)
@@ -66,13 +66,13 @@ struct ncp_request_header {
struct ncp_reply_header {
u_int16_t type __attribute__((packed));
- u_int8_t sequence __attribute__((packed));
- u_int8_t conn_low __attribute__((packed));
- u_int8_t task __attribute__((packed));
- u_int8_t conn_high __attribute__((packed));
- u_int8_t completion_code __attribute__((packed));
- u_int8_t connection_state __attribute__((packed));
- u_int8_t data[0] __attribute__((packed));
+ u_int8_t sequence;
+ u_int8_t conn_low;
+ u_int8_t task;
+ u_int8_t conn_high;
+ u_int8_t completion_code;
+ u_int8_t connection_state;
+ u_int8_t data[0];
};
#define NCP_VOLNAME_LEN (16)
@@ -230,8 +230,8 @@ struct nw_info_struct {
u_int32_t EAKeyCount __attribute__((packed));
u_int32_t EAKeySize __attribute__((packed));
u_int32_t NSCreator __attribute__((packed));
- u_int8_t nameLen __attribute__((packed));
- u_int8_t entryName[256] __attribute__((packed));
+ u_int8_t nameLen;
+ u_int8_t entryName[256];
};
#endif
@@ -282,13 +282,13 @@ struct nw_file_info {
int opened;
int access;
u_int32_t server_file_handle __attribute__((packed));
- u_int8_t open_create_action __attribute__((packed));
- u_int8_t file_handle[6] __attribute__((packed));
+ u_int8_t open_create_action;
+ u_int8_t file_handle[6];
};
#endif
struct nw_search_sequence {
- u_int8_t volNumber __attribute__((packed));
+ u_int8_t volNumber;
u_int32_t dirBase __attribute__((packed));
u_int32_t sequence __attribute__((packed));
};
diff -Naurp ncpfs-2.2.6.orig//include/ncp/ncp.h ncpfs-2.2.6//include/ncp/ncp.h
--- ncpfs-2.2.6.orig//include/ncp/ncp.h 2005-01-27 12:35:59.000000000 -0500
+++ ncpfs-2.2.6//include/ncp/ncp.h 2011-02-10 02:38:18.822076000 -0500
@@ -95,7 +95,7 @@ struct prop_net_address {
#ifdef SWIG
fixedArray node[IPX_NODE_LEN];
#else
- u_int8_t node[IPX_NODE_LEN] __attribute__((packed));
+ u_int8_t node[IPX_NODE_LEN];
#endif
u_int16_t port __attribute__((packed));
};
@@ -163,20 +163,20 @@ struct nw_queue_job_entry {
u_int32_t ClientTask __attribute__((packed));
u_int32_t ClientObjectID __attribute__((packed));
u_int32_t TargetServerID __attribute__((packed));
- u_int8_t TargetExecTime[6] __attribute__((packed));
- u_int8_t JobEntryTime[6] __attribute__((packed));
+ u_int8_t TargetExecTime[6];
+ u_int8_t JobEntryTime[6];
u_int32_t JobNumber __attribute__((packed));
u_int16_t JobType __attribute__((packed));
u_int16_t JobPosition __attribute__((packed));
u_int16_t JobControlFlags __attribute__((packed));
- u_int8_t FileNameLen __attribute__((packed));
- char JobFileName[13] __attribute__((packed));
+ u_int8_t FileNameLen;
+ char JobFileName[13];
u_int32_t JobFileHandle __attribute__((packed));
u_int32_t ServerStation __attribute__((packed));
u_int32_t ServerTaskNumber __attribute__((packed));
u_int32_t ServerObjectID __attribute__((packed));
- char JobTextDescription[50] __attribute__((packed));
- char ClientRecordArea[152] __attribute__((packed));
+ char JobTextDescription[50];
+ char ClientRecordArea[152];
};
struct queue_job {
@@ -217,18 +217,18 @@ struct print_job_record {
};
#else
struct print_job_record {
- u_int8_t Version __attribute__((packed));
- u_int8_t TabSize __attribute__((packed));
+ u_int8_t Version;
+ u_int8_t TabSize;
u_int16_t Copies __attribute__((packed));
u_int16_t CtrlFlags __attribute__((packed));
u_int16_t Lines __attribute__((packed));
u_int16_t Rows __attribute__((packed));
- char FormName[16] __attribute__((packed));
- u_int8_t Reserved[6] __attribute__((packed));
- char BannerName[13] __attribute__((packed));
- char FnameBanner[13] __attribute__((packed));
- char FnameHeader[14] __attribute__((packed));
- char Path[80] __attribute__((packed));
+ char FormName[16];
+ u_int8_t Reserved[6];
+ char BannerName[13];
+ char FnameBanner[13];
+ char FnameHeader[14];
+ char Path[80];
};
#endif
diff -Naurp ncpfs-2.2.6.orig//include/ncp/ncplib.h ncpfs-2.2.6//include/ncp/ncplib.h
--- ncpfs-2.2.6.orig//include/ncp/ncplib.h 2005-01-27 12:35:59.000000000 -0500
+++ ncpfs-2.2.6//include/ncp/ncplib.h 2011-02-10 02:38:18.822076000 -0500
@@ -462,24 +462,24 @@ struct ncp_file_server_info
#else
struct ncp_file_server_info
{
- u_int8_t ServerName[48] __attribute__((packed));
- u_int8_t FileServiceVersion __attribute__((packed));
- u_int8_t FileServiceSubVersion __attribute__((packed));
+ u_int8_t ServerName[48];
+ u_int8_t FileServiceVersion;
+ u_int8_t FileServiceSubVersion;
u_int16_t MaximumServiceConnections __attribute__((packed));
u_int16_t ConnectionsInUse __attribute__((packed));
u_int16_t NumberMountedVolumes __attribute__((packed));
- u_int8_t Revision __attribute__((packed));
- u_int8_t SFTLevel __attribute__((packed));
- u_int8_t TTSLevel __attribute__((packed));
+ u_int8_t Revision;
+ u_int8_t SFTLevel;
+ u_int8_t TTSLevel;
u_int16_t MaxConnectionsEverUsed __attribute__((packed));
- u_int8_t AccountVersion __attribute__((packed));
- u_int8_t VAPVersion __attribute__((packed));
- u_int8_t QueueVersion __attribute__((packed));
- u_int8_t PrintVersion __attribute__((packed));
- u_int8_t VirtualConsoleVersion __attribute__((packed));
- u_int8_t RestrictionLevel __attribute__((packed));
- u_int8_t InternetBridge __attribute__((packed));
- u_int8_t Reserved[60] __attribute__((packed));
+ u_int8_t AccountVersion;
+ u_int8_t VAPVersion;
+ u_int8_t QueueVersion;
+ u_int8_t PrintVersion;
+ u_int8_t VirtualConsoleVersion;
+ u_int8_t RestrictionLevel;
+ u_int8_t InternetBridge;
+ u_int8_t Reserved[60];
};
#endif
@@ -592,7 +592,7 @@ struct ncp_station_addr
#ifdef SWIG
fixedArray Node[6];
#else
- u_int8_t Node[6] __attribute__((packed));
+ u_int8_t Node[6];
#endif
u_int16_t Socket __attribute__((packed));
};
@@ -602,32 +602,32 @@ struct ncp_prop_login_control
#ifdef SWIG
fixedArray AccountExpireDate[3];
#else
- u_int8_t AccountExpireDate[3] __attribute__((packed));
+ u_int8_t AccountExpireDate[3];
#endif
- u_int8_t Disabled __attribute__((packed));
+ u_int8_t Disabled;
#ifdef SWIG
fixedArray PasswordExpireDate[3];
#else
- u_int8_t PasswordExpireDate[3] __attribute__((packed));
+ u_int8_t PasswordExpireDate[3];
#endif
- u_int8_t GraceLogins __attribute__((packed));
+ u_int8_t GraceLogins;
u_int16_t PasswordExpireInterval __attribute__((packed));
- u_int8_t MaxGraceLogins __attribute__((packed));
- u_int8_t MinPasswordLength __attribute__((packed));
+ u_int8_t MaxGraceLogins;
+ u_int8_t MinPasswordLength;
u_int16_t MaxConnections __attribute__((packed));
#ifdef SWIG
fixedArray ConnectionTimeMask[42] __attribute__((packed));
fixedArray LastLogin[6] __attribute__((packed));
#else
- u_int8_t ConnectionTimeMask[42] __attribute__((packed));
- u_int8_t LastLogin[6] __attribute__((packed));
+ u_int8_t ConnectionTimeMask[42];
+ u_int8_t LastLogin[6];
#endif
- u_int8_t RestrictionMask __attribute__((packed));
- u_int8_t reserved __attribute__((packed));
+ u_int8_t RestrictionMask;
+ u_int8_t reserved;
u_int32_t MaxDiskUsage __attribute__((packed));
u_int16_t BadLoginCount __attribute__((packed));
u_int32_t BadLoginCountDown __attribute__((packed));
- struct ncp_station_addr LastIntruder __attribute__((packed));
+ struct ncp_station_addr LastIntruder;
};
NWCCODE NWReadPropertyValue(NWCONN_HANDLE conn, const char *objName,
diff -Naurp ncpfs-2.2.6.orig//ipx-1.0/ipx_cmd.c ncpfs-2.2.6//ipx-1.0/ipx_cmd.c
--- ncpfs-2.2.6.orig//ipx-1.0/ipx_cmd.c 2005-01-27 12:35:59.000000000 -0500
+++ ncpfs-2.2.6//ipx-1.0/ipx_cmd.c 2011-02-10 02:40:19.222076002 -0500
@@ -63,8 +63,8 @@
/* we are doing EthernetII... Any objections? */
struct {
u_int16_t unknown __attribute__((packed));
- u_int8_t dst[6] __attribute__((packed));
- u_int8_t src[6] __attribute__((packed));
+ u_int8_t dst[6];
+ u_int8_t src[6];
u_int16_t type __attribute__((packed));
u_int8_t ipx[16384];
} buffer;
diff -Naurp ncpfs-2.2.6.orig//lib/ncplib.c ncpfs-2.2.6//lib/ncplib.c
--- ncpfs-2.2.6.orig//lib/ncplib.c 2011-02-10 02:38:05.000000000 -0500
+++ ncpfs-2.2.6//lib/ncplib.c 2011-02-10 02:38:18.822076000 -0500
@@ -2584,13 +2584,13 @@ ncp_request(struct ncp_conn *conn, int f
struct nw_time_buffer
{
- u_int8_t year __attribute__((packed));
- u_int8_t month __attribute__((packed));
- u_int8_t day __attribute__((packed));
- u_int8_t hour __attribute__((packed));
- u_int8_t minute __attribute__((packed));
- u_int8_t second __attribute__((packed));
- u_int8_t wday __attribute__((packed));
+ u_int8_t year;
+ u_int8_t month;
+ u_int8_t day;
+ u_int8_t hour;
+ u_int8_t minute;
+ u_int8_t second;
+ u_int8_t wday;
};
static time_t

View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>net-fs</herd>
<longdescription>Provides Access to Netware services using the NCP protocol (Kernel support must be activated!)</longdescription>
</pkgmetadata>

View File

@ -0,0 +1,69 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/ncpfs-2.2.6-r2.ebuild,v 1.4 2012/06/11 09:20:53 ago Exp $
EAPI="2"
inherit eutils pam
DESCRIPTION="Provides Access to Netware services using the NCP protocol"
HOMEPAGE="ftp://platan.vc.cvut.cz/pub/linux/ncpfs/"
SRC_URI="ftp://platan.vc.cvut.cz/pub/linux/${PN}/${P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="amd64 ppc ppc64 ~x86"
IUSE="nls pam php"
DEPEND="nls? ( sys-devel/gettext )
pam? ( virtual/pam )
php? ( || ( dev-lang/php virtual/httpd-php ) )"
RDEPEND="${DEPEND}"
src_prepare() {
# Add patch for PHP extension sandbox violation
epatch "${FILESDIR}"/${PN}-2.2.5-php.patch
epatch "${FILESDIR}"/${P}-gcc4.patch
epatch "${FILESDIR}"/${P}-missing-includes.patch
# Add a patch to fix multiple vulnerabilities.
# CVE-2010-0788, CVE-2010-0790, & CVE-2010-0791.
# http://seclists.org/fulldisclosure/2010/Mar/122
epatch "${FILESDIR}"/${P}-multiple-vulns.patch
# Add a patch that removes the __attribute__((packed)); directive
# from several struct members in include/ncp/ncplib.h. This will
# cut down on a large number of compile warnings generated by modern
# gcc releases.
epatch "${FILESDIR}"/${P}-remove-packed-attrib.patch
# Bug #273484
sed -i '/ldconfig/d' lib/Makefile.in
# Hack to inject LDFLAGS into the build
sed -i '/^LIBS/s:=:= @LDFLAGS@:' `find -name Makefile.in` || die
}
src_configure() {
econf \
$(use_enable nls) \
$(use_enable pam pam "$(getpam_mod_dir)") \
$(use_enable php)
}
src_install() {
dodir $(getpam_mod_dir) /usr/sbin /sbin
# Install the main programs, then the headers.
emake DESTDIR="${D}" install || die
emake DESTDIR="${D}" install-dev || die
ln -sf libncp.so.2.3.0 "${D}"/usr/lib/libncp.so.2.3
# Install a startup script in /etc/init.d and a conf file in /etc/conf.d
newconfd "${FILESDIR}"/ipx.confd ipx
newinitd "${FILESDIR}"/ipx.init ipx
# Docs
dodoc FAQ README
}