From bce14e8935426ac8603808ced42e1421e54822de Mon Sep 17 00:00:00 2001 From: Mario Fetka Date: Mon, 26 Nov 2012 19:10:13 +0100 Subject: [PATCH] add ncpfs with ln hack --- do-kernel-build.sh | 3 +- net-fs/ncpfs/ChangeLog | 127 ++++ net-fs/ncpfs/Manifest | 11 + net-fs/ncpfs/files/ipx.confd | 28 + net-fs/ncpfs/files/ipx.init | 42 ++ net-fs/ncpfs/files/ncpfs-2.2.5-php.patch | 16 + net-fs/ncpfs/files/ncpfs-2.2.6-gcc4.patch | 36 ++ .../files/ncpfs-2.2.6-missing-includes.patch | 22 + .../files/ncpfs-2.2.6-multiple-vulns.patch | 557 ++++++++++++++++++ .../ncpfs-2.2.6-remove-packed-attrib.patch | 297 ++++++++++ net-fs/ncpfs/metadata.xml | 6 + net-fs/ncpfs/ncpfs-2.2.6-r2.ebuild | 69 +++ 12 files changed, 1213 insertions(+), 1 deletion(-) create mode 100644 net-fs/ncpfs/ChangeLog create mode 100644 net-fs/ncpfs/Manifest create mode 100644 net-fs/ncpfs/files/ipx.confd create mode 100644 net-fs/ncpfs/files/ipx.init create mode 100644 net-fs/ncpfs/files/ncpfs-2.2.5-php.patch create mode 100644 net-fs/ncpfs/files/ncpfs-2.2.6-gcc4.patch create mode 100644 net-fs/ncpfs/files/ncpfs-2.2.6-missing-includes.patch create mode 100644 net-fs/ncpfs/files/ncpfs-2.2.6-multiple-vulns.patch create mode 100644 net-fs/ncpfs/files/ncpfs-2.2.6-remove-packed-attrib.patch create mode 100644 net-fs/ncpfs/metadata.xml create mode 100644 net-fs/ncpfs/ncpfs-2.2.6-r2.ebuild diff --git a/do-kernel-build.sh b/do-kernel-build.sh index ceac32c..e29adfe 100755 --- a/do-kernel-build.sh +++ b/do-kernel-build.sh @@ -9,10 +9,11 @@ BASEDIR=$(dirname $0) source $BASEDIR/kernel -EMERGE="" +EMERGE="virtual/linux-sources" for package in ${PACKAGES}; do EMERGE="$EMERGE =${package}-${VER}" done emerge $EMERGE +eit add $EMERGE \ No newline at end of file diff --git a/net-fs/ncpfs/ChangeLog b/net-fs/ncpfs/ChangeLog new file mode 100644 index 0000000..d598a97 --- /dev/null +++ b/net-fs/ncpfs/ChangeLog @@ -0,0 +1,127 @@ +# ChangeLog for net-fs/ncpfs +# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/ChangeLog,v 1.31 2012/06/11 09:20:53 ago Exp $ + + 11 Jun 2012; Agostino Sarubbo ncpfs-2.2.6-r2.ebuild: + Stable for amd64, wrt bug #418227 + + 11 Jun 2012; Agostino Sarubbo -ncpfs-2.2.6-r1.ebuild: + Remove old + + 07 Jun 2012; Brent Baude ncpfs-2.2.6-r2.ebuild: + Marking ncpfs-2.2.6-r2 ppc for bug 418227 + + 05 Jun 2012; Brent Baude ncpfs-2.2.6-r2.ebuild: + Marking ncpfs-2.2.6-r2 ppc64 for bug 418227 + +*ncpfs-2.2.6-r2 (10 Feb 2011) + + 10 Feb 2011; Joshua Kinard -ncpfs-2.2.6.ebuild, + +ncpfs-2.2.6-r2.ebuild, +files/ncpfs-2.2.6-multiple-vulns.patch, + +files/ncpfs-2.2.6-remove-packed-attrib.patch, +files/ipx.confd, + +files/ipx.init: + Add two patches to ncpfs, one to correct several vulnerabilities (#308071) + and another to remove unneeded __attribute((packed)) directives to make the + build look a lot cleaner. Also imported an init.d script and companion conf.d + file for starting up/shutting down IPX through the init system. The init + script should address #238688 in this package. Also fixed #126323 by + installing headers for ncpfs into /usr/include. And removed the -r0 ebuild. + + 08 Oct 2010; Matti Bickel ncpfs-2.2.6-r1.ebuild: + change virtual/php to dev-lang/php (bug #319623) + +*ncpfs-2.2.6-r1 (20 Apr 2010) + + 20 Apr 2010; Mike Frysinger +ncpfs-2.2.6-r1.ebuild: + Clean up ebuild, respect env LDFLAGS, fix multilib pam issues #273486 by + Rion, and fix sandbox violations w/ldconfig #273484 by Rion. + + 14 May 2008; Diego Pettenò ncpfs-2.2.6.ebuild: + Depend on virtual/pam as the code builds fine with OpenPAM. + + 11 May 2007; Maurice van der Pot + +files/ncpfs-2.2.6-missing-includes.patch, ncpfs-2.2.6.ebuild: + Added some includes for missing header files, fixing errors during + compilation reported as bug #157462 and bug #178090 by Willard Dawson + and Marat Radchenko + respectively. + + 28 Nov 2006; Luca Longinotti -ncpfs-2.2.0.19.ebuild, + -ncpfs-2.2.0.19-r1.ebuild, -ncpfs-2.2.0.19-r2.ebuild, -ncpfs-2.2.3.ebuild, + -ncpfs-2.2.5.ebuild: + Delete vulnerable versions on behalf of DerCorny, fixes bug #140535. + + 28 Jan 2006; Mark Loeser + +files/ncpfs-2.2.6-gcc4.patch, ncpfs-2.2.6.ebuild: + Add patch to fix compilation with gcc-4.0; bug #118914 + + 29 Jan 2005; Markus Rothe ncpfs-2.2.6.ebuild: + Stable on ppc64; bug #77414 + +*ncpfs-2.2.6 (29 Jan 2005) + + 29 Jan 2005; Maurice van der Pot + +ncpfs-2.2.6.ebuild: + Added new version that fixes security bug #77414. + Immediately marked stable on x86. + + 15 Dec 2004; Peter Johanson ncpfs-2.2.5.ebuild: + Fix syntax for php depends. See bug #74005 + + 14 Dec 2004; Peter Johanson ncpfs-2.2.5.ebuild: + Marking x86 stable. See bug #72820 + + 11 Dec 2004; Markus Rothe ncpfs-2.2.5.ebuild: + Stable on ppc64; bug #72820 + + 10 Dec 2004; Stuart Herbert ncpfs-2.2.5.ebuild: + Fix for typo in virtual DEPEND list; thanks to latexer for spotting it; bug + #74005 + + 09 Dec 2004; Stuart Herbert ncpfs-2.2.5.ebuild: + Fix for sandbox violation when the PHP extension is built + +*ncpfs-2.2.5 (01 Dec 2004) + + 01 Dec 2004; Maurice van der Pot + +ncpfs-2.2.5.ebuild: + Added new version that includes fix for security bug #72820. + + 05 Sep 2004; Sven Wegener : + Fixed ChangeLog header. + + 22 Jul 2004; Tom Gall ncpfs-2.2.3.ebuild: + stable on ppc64, bug #57586 + + 09 May 2004; ncpfs-2.2.3.ebuild: + added ~ppc keyword + + 26 Apr 2004; Aron Griffis ncpfs-2.2.0.19-r1.ebuild, + ncpfs-2.2.0.19-r2.ebuild, ncpfs-2.2.3.ebuild: + Add die following econf for bug 48950 + + 05 Jan 2004; zhen metadata.xml: + adding to net-fs herd + +*ncpfs-2.2.3 (17 Jul 2003) + + 17 Jul 2003; Peter Johanson ncpfs-2.2.3.ebuild: + Bump in ~x86. + +*ncpfs-2.2.0.19-r2 (23 Mar 2003) + + 23 Mar 2003; Martin Holzer ncpfs-2.2.0.19-r2.ebuild: + Fixed ebuild that mount.* would be installed. Closes #17823. + +*ncpfs-2.2.0.19-r1 (20 Oct 2002) + + 20 Oct 2002; Seemant Kulleen ncpfs-2.2.0.19-r1.ebuild + files/digest-ncpfs-2.2.0.19-r1 : + + Some fixes for NLS and PAM use flags. + +*ncpfs-2.2.0.19 (20 Jun 2002) + + 20 Jun 2002; J.Alberto S.L. ncpfs-2.2.0.19.ebuild: + + First relase. diff --git a/net-fs/ncpfs/Manifest b/net-fs/ncpfs/Manifest new file mode 100644 index 0000000..bc10e27 --- /dev/null +++ b/net-fs/ncpfs/Manifest @@ -0,0 +1,11 @@ +AUX ipx.confd 706 SHA256 abfefd5c3f9df2232e5d35f743ff8ce2876e887d39bd823789b54e3a8bd69a0e SHA512 7c15f4aca1dbce2450f2e04741bce5f9d73150607c0f74fabe917f41a4041eaed8bf26262652dccf7660f1634932082c02e889a90b05c679485df718fff970eb WHIRLPOOL b85ae8141a1403fc47e94bab8149e8530cb0a4a8d047fe1dc5ddf77d08ff5693190d359226304141a3586d6953020f9ad56565f8d059cbda0b43c511bbbf1e60 +AUX ipx.init 972 SHA256 2b01a7a68110658f20c883e5045dd854389b37866e97c5f0e978034dc49dc395 SHA512 ce07fe5aa1d8f8f4b0f46454ce3461076bcb938b4f41187c4c214ee7895189995507cd9209551b1a3e4bbaf7f237228ec528d89b1dd91102fd21fb28253084f0 WHIRLPOOL bf5ac8aed0fd62bf30df495bf6d7073f9623848c35620f348d5afa28e9f7ec626bec4983045ab628626392f3391234f6a2e4a31680001a2bbafe4a14876a1595 +AUX ncpfs-2.2.5-php.patch 555 SHA256 ea32f4f6a9ac7c1d43af654982410680ca535a313f2a94efd3ddb295949d864b SHA512 2768cfe218c1fcd9e8458e28af51985a50d60d2538c61cb13f2c8db77fd111abbe8d81b040c82d51bd18fdecfacbc78e488ca7d17f8fd08af62a8b5690b37c19 WHIRLPOOL e19c931b0f440b93c8135f9b995f74852b152642778fd86eff89f081378c8b9ce99773bcedc08cfd54280d9d894d1b2e675f78f78a01bd47f9fcb1e1f9318d4c +AUX ncpfs-2.2.6-gcc4.patch 1291 SHA256 8fbb8621b178aa8fb38da30639cc32afce0254445fe59c0f56c543da62d6921e SHA512 2bdce56008c2f7819c402ff00643d6602bab89922d01fefd3d42a15720cb569e6920c1ca8feaf8e927b0391ca44466df1fc91de21bcc76f53cbe7cc102e88992 WHIRLPOOL f68ece683be5e085e987891289e7605243bb37d81b357102463a3289a2a57e799ffb022fbf4470d8390540524002a478866b2809abb40aac900e00cc9cd20b9a +AUX ncpfs-2.2.6-missing-includes.patch 779 SHA256 b724c68cd8e1b8e5ed91dc3f7c24948e76107bda6314c954918adfc058a24911 SHA512 3f51978a009b8c9e20c14500bafb4bf3ecf3b288b43f42aeb11e81ff621014c0c5774bd8d53be06706b2a78d94dae62ee663a3f710fc908d433ba2755788abcb WHIRLPOOL 875e62439a004b98b1bd227c4ad6e305e0e126f8bbc7ab687264813ddfe62102f1a5c41fc608634e3a78e96202bd5bf74ecb2973caf5c7ad6bc67a1b08487fa4 +AUX ncpfs-2.2.6-multiple-vulns.patch 14158 SHA256 50d42cda962cbc5c3e7ad6048ed2ebb465645e640a32552ffa44c7229d8d2a77 SHA512 486bae42500d0712b7023768f0cf60d0b550a11cb554b2733f09ee92a49df031dec2f938b2a355c123e50b71340cbd94dfb38b7a1b455e680ece7efe6aa13925 WHIRLPOOL 1aed769a1dd3d9e3aa6cbc0f9a34eba42c7f99947870ca8b7c655568c93404a3b4fdac4e1e50ea920032118dcc63b64090f8c12e7713c6b56ac8686d01205db0 +AUX ncpfs-2.2.6-remove-packed-attrib.patch 10312 SHA256 f1c587b329224f34f351e08b32333e854539223d337e6bb2fdadf28c2130673b SHA512 efd11c2cf08f3b7b1458b836ee863f31e3ae470986a02a3d2db0ec6fbb7a984e2d33643765d7223b797732d80187412a907a9ca971233eb0f95ed4744ef6f44a WHIRLPOOL 187d2c71547de0de2007f872a53a7c4545a2ace4d258fc93802283278202eb0db7fbef70c7a6f7210e8f037e65399c76fa57def0fe73591d8d24967432be9a4c +DIST ncpfs-2.2.6.tar.gz 2100545 SHA256 2837046046bcdb46d77a80c1d17dbfd15e878700e879edab4cda9f080e0337f9 +EBUILD ncpfs-2.2.6-r2.ebuild 2007 SHA256 b22ad4f594bd9ee1e3d35d4798fcac14d651e9bc473e8aa7f1eaedd6e3e9392d SHA512 82127c3de392557496cada88581607a4280debba280bf62971146f91be459eb9bd62a9f21ab9e367f375cb13f0338413553a51e3e2d891c149f64f55ea3bc69d WHIRLPOOL 3c8d5cfbfefd3a7c4703b359befff0f97f1b6da338100d6abbb114b37dd0bca9e30d24e0c1d39c74f398ef3fb66c35a47ef49e8b75096c0251b62c9d9cd69be7 +MISC ChangeLog 4769 SHA256 3a113a2b1c50be4a0dbf022b28ad4e717e8de071787a66a910d11b22a54d6cd4 SHA512 232e4913c5c43c9969aa8672ff1bfa665eb00b3874adc95d64e2e1b5b48d64dcc152055aeec40ccb43c225601ddea9e55095749c245a12b52de28d3ae616c3e4 WHIRLPOOL 8f181970775af0e62f6c63b9f623616df550e9c06f6b7e1d836a040c46c30a85010656404fb2340e2b3e9ad2909bb1e20ea540e0224f774e5764260538ec5318 +MISC metadata.xml 290 SHA256 bc04d955fed7a177f63051b016c7f24451c30200e8608b70f8e63e25176a0348 SHA512 52de55e9486be04762f7ddc2dfe231e3c409ec63d3ec39dcf252540add9165a14c968fa90e281575982229791bf4a070f2285d857ca589c63e499e66e1c58d64 WHIRLPOOL a67855c335e629d78f0d54430450565c4dc3ac97184b42bcf0cbe15dfb23bdaca234feeee15773216a5243c18dd141ad9dfcc6dc0b2b95b48944ae549674545d diff --git a/net-fs/ncpfs/files/ipx.confd b/net-fs/ncpfs/files/ipx.confd new file mode 100644 index 0000000..026a299 --- /dev/null +++ b/net-fs/ncpfs/files/ipx.confd @@ -0,0 +1,28 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/files/ipx.confd,v 1.1 2011/02/10 09:26:38 kumba Exp $ + +# Config file for /etc/init.d/ipx + +# Automatically selecting a primary interface. +IPX_AUTO_PRIMARY=on + +# Automatically creating interfaces. +IPX_AUTO_INTERFACE=on + +# Interface to which IPX sockets are bound. +IPX_DEVICE=eth0 + +# The IPX frame type to use. +# Valid values are: 802.2, 802.3, SNAP, & EtherII. +IPX_FRAME=802.2 + +# Create a special kind of IPX interface that does not +# have a physical device or frame type. +IPX_INTERNAL_NET=no + +# Network number +IPX_NETNUM=1 + +# Node number +IPX_NODENUM=1 diff --git a/net-fs/ncpfs/files/ipx.init b/net-fs/ncpfs/files/ipx.init new file mode 100644 index 0000000..4ad8cf0 --- /dev/null +++ b/net-fs/ncpfs/files/ipx.init @@ -0,0 +1,42 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/files/ipx.init,v 1.1 2011/02/10 09:26:38 kumba Exp $ + +#NB: Config is in /etc/conf.d/ipx + +depend() { + need net netmount +} + +start() { + local retval=0 + + ebegin "Bringing IPX up" + if [ ${IPX_INTERNAL_NET} = "yes" ] + then + /usr/bin/ipx_internal_net add ${IPX_NETNUM} ${IPX_NODENUM} + retval=$? + else + /usr/bin/ipx_interface add -p ${IPX_DEVICE} \ + ${IPX_FRAME} ${IPX_NETNUM} + retval=$? + fi + + /usr/bin/ipx_configure \ + --auto_primary=${IPX_AUTO_PRIMARY} \ + --auto_interface=${IPX_AUTO_INTERFACE} + retval=$(( $retval + $? )) + eend ${retval} "Failed to bring IPX up" +} + +stop() { + local retval=0 + + ebegin "Bringing IPX down" + /usr/bin/ipx_configure --auto_primary=off --auto_interface=off + retval=$? + /usr/bin/ipx_interface delall + retval=$(( $retval + $? )) + eend ${retval} "Failed to down IPX" +} diff --git a/net-fs/ncpfs/files/ncpfs-2.2.5-php.patch b/net-fs/ncpfs/files/ncpfs-2.2.5-php.patch new file mode 100644 index 0000000..f0143b2 --- /dev/null +++ b/net-fs/ncpfs/files/ncpfs-2.2.5-php.patch @@ -0,0 +1,16 @@ +--- contrib/php/build/rules.mk.orig 2004-12-09 13:01:04.417854240 +0000 ++++ contrib/php/build/rules.mk 2004-12-09 13:01:42.460070944 +0000 +@@ -63,10 +63,10 @@ + + install-modules: + @test -d modules && \ +- $(mkinstalldirs) $(moduledir) && \ +- echo "installing shared modules into $(moduledir)" && \ ++ $(mkinstalldirs) $(DESTDIR)/$(moduledir) && \ ++ echo "installing shared modules into $(DESTDIR)/$(moduledir)" && \ + rm -f modules/*.la && \ +- cp modules/* $(moduledir) || true ++ cp modules/* $(DESTDIR)/$(moduledir) || true + + include $(builddir)/.deps + diff --git a/net-fs/ncpfs/files/ncpfs-2.2.6-gcc4.patch b/net-fs/ncpfs/files/ncpfs-2.2.6-gcc4.patch new file mode 100644 index 0000000..7223b23 --- /dev/null +++ b/net-fs/ncpfs/files/ncpfs-2.2.6-gcc4.patch @@ -0,0 +1,36 @@ +diff -ur ncpfs-2.2.6-orig/lib/ncplib.c ncpfs-2.2.6/lib/ncplib.c +--- ncpfs-2.2.6-orig/lib/ncplib.c 2006-01-13 16:55:05.000000000 -0500 ++++ ncpfs-2.2.6/lib/ncplib.c 2006-01-13 16:56:08.000000000 -0500 +@@ -2421,7 +2421,7 @@ + int i = 1; + NWCCODE nwerr; + +- static int get_argument(int arg_no, const char **target) { ++ int get_argument(int arg_no, const char **target) { + int count = 1; + + if (target != NULL) { +diff -ur ncpfs-2.2.6-orig/util/nwpjmv.c ncpfs-2.2.6/util/nwpjmv.c +--- ncpfs-2.2.6-orig/util/nwpjmv.c 2006-01-13 16:55:05.000000000 -0500 ++++ ncpfs-2.2.6/util/nwpjmv.c 2006-01-13 16:55:50.000000000 -0500 +@@ -131,7 +131,7 @@ + char *s = q->command; + char *target_end = target + target_size; + +- static void add_string(const char *str) ++ void add_string(const char *str) + { + int len = strlen(str); + if (target + len + 1 > target_end) +diff -ur ncpfs-2.2.6-orig/util/pserver.c ncpfs-2.2.6/util/pserver.c +--- ncpfs-2.2.6-orig/util/pserver.c 2006-01-13 16:55:05.000000000 -0500 ++++ ncpfs-2.2.6/util/pserver.c 2006-01-13 16:55:36.000000000 -0500 +@@ -153,7 +153,7 @@ + char *s = q->command; + char *target_end = target + target_size; + +- static void add_string(const char *str) ++ void add_string(const char *str) + { + int len = strlen(str); + if (target + len + 1 > target_end) diff --git a/net-fs/ncpfs/files/ncpfs-2.2.6-missing-includes.patch b/net-fs/ncpfs/files/ncpfs-2.2.6-missing-includes.patch new file mode 100644 index 0000000..11a4f87 --- /dev/null +++ b/net-fs/ncpfs/files/ncpfs-2.2.6-missing-includes.patch @@ -0,0 +1,22 @@ +diff -ruN ncpfs-2.2.6/contrib/pam/pam_ncp_auth.c ncpfs-2.2.6-fixed/contrib/pam/pam_ncp_auth.c +--- ncpfs-2.2.6/contrib/pam/pam_ncp_auth.c 2005-01-27 18:35:59.000000000 +0100 ++++ ncpfs-2.2.6-fixed/contrib/pam/pam_ncp_auth.c 2007-05-11 21:38:05.143474750 +0200 +@@ -257,6 +257,7 @@ + #include + #include + #include ++#include + #include + #include + #include +diff -ruN ncpfs-2.2.6/sutil/ncpm_common.c ncpfs-2.2.6-fixed/sutil/ncpm_common.c +--- ncpfs-2.2.6/sutil/ncpm_common.c 2005-01-27 18:35:59.000000000 +0100 ++++ ncpfs-2.2.6-fixed/sutil/ncpm_common.c 2007-05-11 21:38:29.609003750 +0200 +@@ -82,6 +82,7 @@ + + #include "ncpm_common.h" + ++#include + #include + #include + #include diff --git a/net-fs/ncpfs/files/ncpfs-2.2.6-multiple-vulns.patch b/net-fs/ncpfs/files/ncpfs-2.2.6-multiple-vulns.patch new file mode 100644 index 0000000..a43c6ea --- /dev/null +++ b/net-fs/ncpfs/files/ncpfs-2.2.6-multiple-vulns.patch @@ -0,0 +1,557 @@ +From: Dan Rosenberg +Date: Fri, 5 Mar 2010 12:06:01 -0500 + +============================================ + ncpfs, Multiple Vulnerabilities + March 5, 2010 + CVE-2010-0788, CVE-2010-0790, CVE-2010-0791 +============================================ + +==Description== + +The ncpmount, ncpumount, and ncplogin utilities, installed as part of the ncpfs +package, contain several vulnerabilities. + +1. ncpmount, ncpumount, and ncplogin are vulnerable to race conditions that +allow a local attacker to unmount arbitrary mountpoints, causing +denial-of-service, or mount Netware shares to arbitrary directories, +potentially leading to root compromise. This issue was formerly assigned +CVE-2009-3297, but has since been re-assigned CVE-2010-0788 to avoid overlap +with related bugs in other packages. + +2. ncpumount is vulnerable to an information disclosure vulnerability that +allows a local attacker to verify the existence of arbitrary files, violating +directory permissions. This issue has been assigned CVE-2010-0790. + +3. ncpmount, ncpumount, and ncplogin create lockfiles insecurely, allowing a +local attacker to leave a stale lockfile at /etc/mtab~, causing other mount +utilities to fail and creating denial-of-service conditions. This issue has +been assigned CVE-2010-0791. + +==Workaround== + +If unprivileged users do not need the ability to mount and unmount Netware +shares, then the suid bit should be removed from these utilities. + +==Solution== + +A patch has been released that resolves these issues (attached to this +advisory). ncpfs-2.2.6.partial.patch is intended for ncpfs releases that have +already been patched against the first vulnerability in this report +(CVE-2010-0788, formerly CVE-2009-3297). It has been tested against the latest +ncpfs packages distributed by Fedora, Red Hat, and Mandriva. +ncpfs-2.2.6.full.patch is intended for ncpfs releases that have not been +patched against any of these vulnerabilities. It has been tested against the +latest ncpfs packages distributed by Debian, Ubuntu, and the upstream release +(ftp://platan.vc.cvut.cz/pub/linux/ncpfs/). + +Users are advised to recompile from source, or request updated packages from +downstream distributors. + +==Credits== + +These vulnerabilities were discovered by Dan Rosenberg +(dan.j.rosenberg () gmail com). +Thanks to Vitezslav Crhonek for the patch against the first issue. + +==References== + +CVE identifiers CVE-2010-0788, CVE-2010-0790, and CVE-2010-0791 have been +assigned to these issues. + +http://seclists.org/fulldisclosure/2010/Mar/122 + + +diff -ur ncpfs-2.2.6.orig/sutil/ncplogin.c ncpfs-2.2.6/sutil/ncplogin.c +--- ncpfs-2.2.6.orig/sutil/ncplogin.c 2010-03-03 16:18:59.000000000 -0500 ++++ ncpfs-2.2.6/sutil/ncplogin.c 2010-03-03 16:17:41.000000000 -0500 +@@ -934,7 +934,9 @@ + NWDSFreeContext(ctx); + /* ncpmap, ncplogin must write in /etc/mtab */ + { ++ block_sigs(); + add_mnt_entry(mount_name, mount_point, info.flags); ++ unblock_sigs(); + } + free(mount_name); + if (info.echo_mnt_pnt) { +diff -ur ncpfs-2.2.6.orig/sutil/ncpm_common.c ncpfs-2.2.6/sutil/ncpm_common.c +--- ncpfs-2.2.6.orig/sutil/ncpm_common.c 2010-03-03 16:18:59.000000000 -0500 ++++ ncpfs-2.2.6/sutil/ncpm_common.c 2010-03-03 16:17:41.000000000 -0500 +@@ -360,7 +360,7 @@ + #endif + + static inline int ncpm_suser(void) { +- return setreuid(-1, 0); ++ return setresuid(0, 0, myuid); + } + + static int ncpm_normal(void) { +@@ -368,11 +368,31 @@ + int v; + + e = errno; +- v = setreuid(-1, myuid); ++ v = setresuid(myuid, myuid, 0); + errno = e; + return v; + } + ++void block_sigs(void) { ++ ++ sigset_t mask, orig_mask; ++ sigfillset(&mask); ++ ++ if(sigprocmask(SIG_SETMASK, &mask, &orig_mask) < 0) { ++ errexit(-1, _("Blocking signals failed.\n")); ++ } ++} ++ ++void unblock_sigs(void) { ++ ++ sigset_t mask, orig_mask; ++ sigemptyset(&mask); ++ ++ if (sigprocmask(SIG_SETMASK, &mask, &orig_mask) < 0) { ++ errexit(-1, _("Un-blocking signals failed.\n")); ++ } ++} ++ + static int proc_ncpm_mount(const char* source, const char* target, const char* filesystem, unsigned long mountflags, const void* data) { + int v; + int e; +@@ -444,7 +464,7 @@ + } + datav2.file_mode = data->file_mode; + datav2.dir_mode = data->dir_mode; +- err = proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav2); ++ err = proc_ncpm_mount(mount_name, ".", "ncpfs", flags, (void*) &datav2); + if (err) + return errno; + return 0; +@@ -508,7 +528,7 @@ + exit(0); /* Should not return from process_connection */ + } + close(pp[0]); +- err=proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav3); ++ err=proc_ncpm_mount(mount_name, ".", "ncpfs", flags, (void*) &datav3); + if (err) { + err = errno; + /* Mount unsuccesful so we have to kill daemon */ +@@ -559,7 +579,7 @@ + sprintf(mountopts, "version=%u,flags=%u,owner=%u,uid=%u,gid=%u,mode=%u,dirmode=%u,timeout=%u,retry=%u,wdogpid=%u,ncpfd=%u,infofd=%u", + NCP_MOUNT_VERSION_V5, ncpflags, data->mounted_uid, data->uid, data->gid, data->file_mode, + data->dir_mode, data->time_out, data->retry_count, wdog_pid, data->ncp_fd, pp[1]); +- err=proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, mountopts); ++ err=proc_ncpm_mount(mount_name, ".", "ncpfs", flags, mountopts); + } else { + err=-1; + } +@@ -577,7 +597,7 @@ + datav4.file_mode = data->file_mode; + datav4.dir_mode = data->dir_mode; + datav4.wdog_pid = wdog_pid; +- err = proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*)&datav4); ++ err = proc_ncpm_mount(mount_name, ".", "ncpfs", flags, (void*)&datav4); + if (err) { + err = errno; + /* Mount unsuccesful so we have to kill daemon */ +@@ -1395,6 +1415,17 @@ + } + #endif /* MOUNT3 */ + ++static int check_name(const char *name) ++{ ++ char *s; ++ for (s = "\n\t\\"; *s; s++) { ++ if (strchr(name, *s)) { ++ return -1; ++ } ++ } ++ return 0; ++} ++ + static const struct smntflags { + unsigned int flag; + const char* name; +@@ -1416,6 +1447,9 @@ + int fd; + FILE* mtab; + ++ if (check_name(mount_name) == -1 || check_name(mpnt) == -1) ++ errexit(107, _("Illegal character in mount entry\n")); ++ + ment.mnt_fsname = mount_name; + ment.mnt_dir = mpnt; + ment.mnt_type = (char*)"ncpfs"; +diff -ur ncpfs-2.2.6.orig/sutil/ncpm_common.h ncpfs-2.2.6/sutil/ncpm_common.h +--- ncpfs-2.2.6.orig/sutil/ncpm_common.h 2010-03-03 16:18:59.000000000 -0500 ++++ ncpfs-2.2.6/sutil/ncpm_common.h 2010-03-03 16:17:41.000000000 -0500 +@@ -121,6 +121,9 @@ + int proc_aftermount(const struct ncp_mount_info* info, NWCONN_HANDLE* conn); + int proc_ncpm_umount(const char* dir); + ++void block_sigs(void); ++void unblock_sigs(void); ++ + #define UNUSED(x) x __attribute__((unused)) + + #endif /* __NCPM_COMMON_H__ */ +diff -ur ncpfs-2.2.6.orig/sutil/ncpmount.c ncpfs-2.2.6/sutil/ncpmount.c +--- ncpfs-2.2.6.orig/sutil/ncpmount.c 2010-03-03 16:18:59.000000000 -0500 ++++ ncpfs-2.2.6/sutil/ncpmount.c 2010-03-03 16:17:41.000000000 -0500 +@@ -359,11 +359,17 @@ + usage(); + return -1; + } ++ + realpath(argv[optind], mount_point); + +- if (stat(mount_point, &st) == -1) ++ if (chdir(mount_point)) ++ { ++ errexit(31, _("Could not change directory into mount target %s: %s\n"), ++ mount_point, strerror(errno)); ++ } ++ if (stat(".", &st) == -1) + { +- errexit(31, _("Could not find mount point %s: %s\n"), ++ errexit(31, _("Mount point %s does not exist: %s\n"), + mount_point, strerror(errno)); + } + if (mount_ok(&st) != 0) +@@ -714,7 +720,9 @@ + ncp_close(conn); + + if (!opt_n) { ++ block_sigs(); + add_mnt_entry(mount_name, mount_point, info.flags); ++ unblock_sigs(); + } + return 0; + } +diff -ur ncpfs-2.2.6.orig/sutil/ncpumount.c ncpfs-2.2.6/sutil/ncpumount.c +--- ncpfs-2.2.6.orig/sutil/ncpumount.c 2010-03-03 16:18:59.000000000 -0500 ++++ ncpfs-2.2.6/sutil/ncpumount.c 2010-03-03 16:17:41.000000000 -0500 +@@ -70,13 +70,24 @@ + #include + #include + ++#include ++ + #include "private/libintl.h" + + #define _(X) X + ++#ifndef MS_REC ++#define MS_REC 16384 ++#endif ++#ifndef MS_SLAVE ++#define MS_SLAVE (1<<19) ++#endif ++ + static char *progname; + static int is_ncplogout = 0; + ++uid_t uid; ++ + static void + usage(void) + { +@@ -117,6 +128,40 @@ + va_end(ap); + } + ++/* Mostly copied from ncpm_common.c */ ++void block_sigs(void) { ++ ++ sigset_t mask, orig_mask; ++ sigfillset(&mask); ++ sigdelset(&mask, SIGALRM); /* Need SIGALRM for ncpumount */ ++ ++ if(setresuid(0, 0, uid) < 0) { ++ eprintf("Failed to raise privileges.\n"); ++ exit(-1); ++ } ++ ++ if(sigprocmask(SIG_SETMASK, &mask, &orig_mask) < 0) { ++ eprintf("Blocking signals failed.\n"); ++ exit(-1); ++ } ++} ++ ++void unblock_sigs(void) { ++ ++ sigset_t mask, orig_mask; ++ sigemptyset(&mask); ++ ++ if(setresuid(uid, uid, 0) < 0) { ++ eprintf("Failed to drop privileges.\n"); ++ exit(-1); ++ } ++ ++ if(sigprocmask(SIG_SETMASK, &mask, &orig_mask) < 0) { ++ eprintf("Un-blocking signals failed.\n"); ++ exit(-1); ++ } ++} ++ + static void alarmSignal(int sig) { + (void)sig; + } +@@ -192,10 +237,13 @@ + if (!numEntries) + return 0; /* don't waste time ! */ + ++ block_sigs(); ++ + while ((fd = open(MOUNTED "~", O_RDWR | O_CREAT | O_EXCL, 0600)) == -1) { + struct timespec tm; + + if (errno != EEXIST || retries == 0) { ++ unblock_sigs(); + eprintf(_("Can't get %s~ lock file: %s\n"), MOUNTED, strerror(errno)); + return 1; + } +@@ -206,6 +254,7 @@ + alarm(0); + close(fd); + if (err) { ++ unblock_sigs(); + eprintf(_("Can't lock lock file %s~: %s\n"), MOUNTED, _("Lock timed out")); + return 1; + } +@@ -223,26 +272,205 @@ + err = __clearMtab(mount_points, numEntries); + + if ((unlink(MOUNTED "~") == -1) && (err == 0)){ ++ unblock_sigs(); + eprintf(_("Can't remove %s~"), MOUNTED); + return 1; + } ++ unblock_sigs(); + return err; + } + ++ ++int ncp_mnt_umount(const char *abs_mnt, const char *rel_mnt) ++{ ++ if (umount(rel_mnt) != 0) { ++ eprintf(_("Could not umount %s: %s\n"), ++ abs_mnt, strerror(errno)); ++ return -1; ++ } ++ return 0; ++} ++ ++ ++static int check_is_mount_child(void *p) ++{ ++ const char **a = p; ++ const char *last = a[0]; ++ const char *mnt = a[1]; ++ int res; ++ const char *procmounts = "/proc/mounts"; ++ int found; ++ FILE *fp; ++ struct mntent *entp; ++ ++ res = mount("", "/", "", MS_SLAVE | MS_REC, NULL); ++ if (res == -1) { ++ eprintf(_("Failed to mark mounts slave: %s\n"), ++ strerror(errno)); ++ return 1; ++ } ++ ++ res = mount(".", "/tmp", "", MS_BIND | MS_REC, NULL); ++ if (res == -1) { ++ eprintf(_("Failed to bind parent to /tmp: %s\n"), ++ strerror(errno)); ++ return 1; ++ } ++ ++ fp = setmntent(procmounts, "r"); ++ if (fp == NULL) { ++ eprintf(_("Failed to open %s: %s\n"), ++ procmounts, strerror(errno)); ++ return 1; ++ } ++ ++ found = 0; ++ while ((entp = getmntent(fp)) != NULL) { ++ if (strncmp(entp->mnt_dir, "/tmp/", 5) == 0 && ++ strcmp(entp->mnt_dir + 5, last) == 0) { ++ found = 1; ++ break; ++ } ++ } ++ endmntent(fp); ++ ++ if (!found) { ++ eprintf(_("%s not mounted\n"), mnt); ++ return 1; ++ } ++ ++ return 0; ++} ++ ++ ++static int check_is_mount(const char *last, const char *mnt) ++{ ++ char buf[131072]; ++ pid_t pid, p; ++ int status; ++ const char *a[2] = { last, mnt }; ++ ++ pid = clone(check_is_mount_child, buf + 65536, CLONE_NEWNS, (void *) a); ++ if (pid == (pid_t) -1) { ++ eprintf(_("Failed to clone namespace: %s\n"), ++ strerror(errno)); ++ return -1; ++ } ++ p = waitpid(pid, &status, __WCLONE); ++ if (p == (pid_t) -1) { ++ eprintf(_("Waitpid failed: %s\n"), ++ strerror(errno)); ++ return -1; ++ } ++ if (!WIFEXITED(status)) { ++ eprintf(_("Child terminated abnormally (status %i)\n"), ++ status); ++ return -1; ++ } ++ if (WEXITSTATUS(status) != 0) ++ return -1; ++ ++ return 0; ++} ++ ++ ++static int chdir_to_parent(char *copy, const char **lastp, int *currdir_fd) ++{ ++ char *tmp; ++ const char *parent; ++ char buf[PATH_MAX]; ++ int res; ++ ++ tmp = strrchr(copy, '/'); ++ if (tmp == NULL || tmp[1] == '\0') { ++ eprintf(_("Internal error: invalid abs path: <%s>\n"), ++ copy); ++ return -1; ++ } ++ if (tmp != copy) { ++ *tmp = '\0'; ++ parent = copy; ++ *lastp = tmp + 1; ++ } else if (tmp[1] != '\0') { ++ *lastp = tmp + 1; ++ parent = "/"; ++ } else { ++ *lastp = "."; ++ parent = "/"; ++ } ++ *currdir_fd = open(".", O_RDONLY); ++ if (*currdir_fd == -1) { ++ eprintf(_("Failed to open current directory: %s\n"), ++ strerror(errno)); ++ return -1; ++ } ++ res = chdir(parent); ++ if (res == -1) { ++ eprintf(_("Failed to chdir to %s: %s\n"), ++ parent, strerror(errno)); ++ return -1; ++ } ++ if (getcwd(buf, sizeof(buf)) == NULL) { ++ eprintf(_("Failed to obtain current directory: %s\n"), ++ strerror(errno)); ++ return -1; ++ } ++ if (strcmp(buf, parent) != 0) { ++ eprintf(_("Mountpoint moved (%s -> %s)\n"), ++ parent, buf); ++ return -1; ++ ++ } ++ ++ return 0; ++} ++ ++ ++static int unmount_ncp(const char *mount_point) ++{ ++ int currdir_fd = -1; ++ char *copy; ++ const char *last; ++ int res; ++ ++ copy = strdup(mount_point); ++ if (copy == NULL) { ++ eprintf(_("Failed to allocate memory\n")); ++ return -1; ++ } ++ res = chdir_to_parent(copy, &last, &currdir_fd); ++ if (res == -1) ++ goto out; ++ res = check_is_mount(last, mount_point); ++ if (res == -1) ++ goto out; ++ res = ncp_mnt_umount(mount_point, last); ++ ++out: ++ free(copy); ++ if (currdir_fd != -1) { ++ fchdir(currdir_fd); ++ close(currdir_fd); ++ } ++ ++ return res; ++} ++ + static int + do_umount(const char *mount_point) + { + int fid = open(mount_point, O_RDONLY, 0); + uid_t mount_uid; ++ int res; + + if (fid == -1) { +- eprintf(_("Could not open %s: %s\n"), +- mount_point, strerror(errno)); ++ eprintf(_("Invalid or unauthorized mountpoint %s\n"), ++ mount_point); + return -1; + } + if (ncp_get_mount_uid(fid, &mount_uid) != 0) { + close(fid); +- eprintf(_("%s probably not ncp-filesystem\n"), ++ eprintf(_("Invalid or unauthorized mountpoint %s\n"), + mount_point); + return -1; + } +@@ -253,12 +481,8 @@ + return -1; + } + close(fid); +- if (umount(mount_point) != 0) { +- eprintf(_("Could not umount %s: %s\n"), +- mount_point, strerror(errno)); +- return -1; +- } +- return 0; ++ res = unmount_ncp(mount_point); ++ return res; + } + + +@@ -409,7 +633,8 @@ + int allConns = 0; + const char *serverName = NULL; + const char *treeName = NULL; +- uid_t uid = getuid(); ++ ++ uid = getuid(); + + progname = strrchr(argv[0], '/'); + if (progname) { diff --git a/net-fs/ncpfs/files/ncpfs-2.2.6-remove-packed-attrib.patch b/net-fs/ncpfs/files/ncpfs-2.2.6-remove-packed-attrib.patch new file mode 100644 index 0000000..40267c7 --- /dev/null +++ b/net-fs/ncpfs/files/ncpfs-2.2.6-remove-packed-attrib.patch @@ -0,0 +1,297 @@ +diff -Naurp ncpfs-2.2.6.orig//include/ncp/ipxlib.h ncpfs-2.2.6//include/ncp/ipxlib.h +--- ncpfs-2.2.6.orig//include/ncp/ipxlib.h 2005-01-27 12:35:59.000000000 -0500 ++++ ncpfs-2.2.6//include/ncp/ipxlib.h 2011-02-10 02:38:18.822076000 -0500 +@@ -64,12 +64,12 @@ struct sap_query + struct sap_server_ident + { + u_int16_t server_type __attribute__((packed)); +- char server_name[48] __attribute__((packed)); ++ char server_name[48]; + IPXNet server_network __attribute__((packed)); + #ifdef SWIG + u_int8_t server_node[6] __attribute__((packed)); + #else +- IPXNode server_node __attribute__((packed)); ++ IPXNode server_node; + #endif + IPXPort server_port __attribute__((packed)); + u_int16_t intermediate_network __attribute__((packed)); +@@ -87,7 +87,7 @@ struct ipx_rt_def { + struct ipx_rip_packet + { + u_int16_t operation __attribute__((packed)); +- struct ipx_rt_def rt[1] __attribute__((packed)); ++ struct ipx_rt_def rt[1]; + }; + + #ifdef SWIG +diff -Naurp ncpfs-2.2.6.orig//include/ncp/kernel/ncp.h ncpfs-2.2.6//include/ncp/kernel/ncp.h +--- ncpfs-2.2.6.orig//include/ncp/kernel/ncp.h 2005-01-27 12:35:59.000000000 -0500 ++++ ncpfs-2.2.6//include/ncp/kernel/ncp.h 2011-02-10 02:38:18.822076000 -0500 +@@ -53,12 +53,12 @@ + + struct ncp_request_header { + u_int16_t type __attribute__((packed)); +- u_int8_t sequence __attribute__((packed)); +- u_int8_t conn_low __attribute__((packed)); +- u_int8_t task __attribute__((packed)); +- u_int8_t conn_high __attribute__((packed)); +- u_int8_t function __attribute__((packed)); +- u_int8_t data[0] __attribute__((packed)); ++ u_int8_t sequence; ++ u_int8_t conn_low; ++ u_int8_t task; ++ u_int8_t conn_high; ++ u_int8_t function; ++ u_int8_t data[0]; + }; + + #define NCP_REPLY (0x3333) +@@ -66,13 +66,13 @@ struct ncp_request_header { + + struct ncp_reply_header { + u_int16_t type __attribute__((packed)); +- u_int8_t sequence __attribute__((packed)); +- u_int8_t conn_low __attribute__((packed)); +- u_int8_t task __attribute__((packed)); +- u_int8_t conn_high __attribute__((packed)); +- u_int8_t completion_code __attribute__((packed)); +- u_int8_t connection_state __attribute__((packed)); +- u_int8_t data[0] __attribute__((packed)); ++ u_int8_t sequence; ++ u_int8_t conn_low; ++ u_int8_t task; ++ u_int8_t conn_high; ++ u_int8_t completion_code; ++ u_int8_t connection_state; ++ u_int8_t data[0]; + }; + + #define NCP_VOLNAME_LEN (16) +@@ -230,8 +230,8 @@ struct nw_info_struct { + u_int32_t EAKeyCount __attribute__((packed)); + u_int32_t EAKeySize __attribute__((packed)); + u_int32_t NSCreator __attribute__((packed)); +- u_int8_t nameLen __attribute__((packed)); +- u_int8_t entryName[256] __attribute__((packed)); ++ u_int8_t nameLen; ++ u_int8_t entryName[256]; + }; + #endif + +@@ -282,13 +282,13 @@ struct nw_file_info { + int opened; + int access; + u_int32_t server_file_handle __attribute__((packed)); +- u_int8_t open_create_action __attribute__((packed)); +- u_int8_t file_handle[6] __attribute__((packed)); ++ u_int8_t open_create_action; ++ u_int8_t file_handle[6]; + }; + #endif + + struct nw_search_sequence { +- u_int8_t volNumber __attribute__((packed)); ++ u_int8_t volNumber; + u_int32_t dirBase __attribute__((packed)); + u_int32_t sequence __attribute__((packed)); + }; +diff -Naurp ncpfs-2.2.6.orig//include/ncp/ncp.h ncpfs-2.2.6//include/ncp/ncp.h +--- ncpfs-2.2.6.orig//include/ncp/ncp.h 2005-01-27 12:35:59.000000000 -0500 ++++ ncpfs-2.2.6//include/ncp/ncp.h 2011-02-10 02:38:18.822076000 -0500 +@@ -95,7 +95,7 @@ struct prop_net_address { + #ifdef SWIG + fixedArray node[IPX_NODE_LEN]; + #else +- u_int8_t node[IPX_NODE_LEN] __attribute__((packed)); ++ u_int8_t node[IPX_NODE_LEN]; + #endif + u_int16_t port __attribute__((packed)); + }; +@@ -163,20 +163,20 @@ struct nw_queue_job_entry { + u_int32_t ClientTask __attribute__((packed)); + u_int32_t ClientObjectID __attribute__((packed)); + u_int32_t TargetServerID __attribute__((packed)); +- u_int8_t TargetExecTime[6] __attribute__((packed)); +- u_int8_t JobEntryTime[6] __attribute__((packed)); ++ u_int8_t TargetExecTime[6]; ++ u_int8_t JobEntryTime[6]; + u_int32_t JobNumber __attribute__((packed)); + u_int16_t JobType __attribute__((packed)); + u_int16_t JobPosition __attribute__((packed)); + u_int16_t JobControlFlags __attribute__((packed)); +- u_int8_t FileNameLen __attribute__((packed)); +- char JobFileName[13] __attribute__((packed)); ++ u_int8_t FileNameLen; ++ char JobFileName[13]; + u_int32_t JobFileHandle __attribute__((packed)); + u_int32_t ServerStation __attribute__((packed)); + u_int32_t ServerTaskNumber __attribute__((packed)); + u_int32_t ServerObjectID __attribute__((packed)); +- char JobTextDescription[50] __attribute__((packed)); +- char ClientRecordArea[152] __attribute__((packed)); ++ char JobTextDescription[50]; ++ char ClientRecordArea[152]; + }; + + struct queue_job { +@@ -217,18 +217,18 @@ struct print_job_record { + }; + #else + struct print_job_record { +- u_int8_t Version __attribute__((packed)); +- u_int8_t TabSize __attribute__((packed)); ++ u_int8_t Version; ++ u_int8_t TabSize; + u_int16_t Copies __attribute__((packed)); + u_int16_t CtrlFlags __attribute__((packed)); + u_int16_t Lines __attribute__((packed)); + u_int16_t Rows __attribute__((packed)); +- char FormName[16] __attribute__((packed)); +- u_int8_t Reserved[6] __attribute__((packed)); +- char BannerName[13] __attribute__((packed)); +- char FnameBanner[13] __attribute__((packed)); +- char FnameHeader[14] __attribute__((packed)); +- char Path[80] __attribute__((packed)); ++ char FormName[16]; ++ u_int8_t Reserved[6]; ++ char BannerName[13]; ++ char FnameBanner[13]; ++ char FnameHeader[14]; ++ char Path[80]; + }; + #endif + +diff -Naurp ncpfs-2.2.6.orig//include/ncp/ncplib.h ncpfs-2.2.6//include/ncp/ncplib.h +--- ncpfs-2.2.6.orig//include/ncp/ncplib.h 2005-01-27 12:35:59.000000000 -0500 ++++ ncpfs-2.2.6//include/ncp/ncplib.h 2011-02-10 02:38:18.822076000 -0500 +@@ -462,24 +462,24 @@ struct ncp_file_server_info + #else + struct ncp_file_server_info + { +- u_int8_t ServerName[48] __attribute__((packed)); +- u_int8_t FileServiceVersion __attribute__((packed)); +- u_int8_t FileServiceSubVersion __attribute__((packed)); ++ u_int8_t ServerName[48]; ++ u_int8_t FileServiceVersion; ++ u_int8_t FileServiceSubVersion; + u_int16_t MaximumServiceConnections __attribute__((packed)); + u_int16_t ConnectionsInUse __attribute__((packed)); + u_int16_t NumberMountedVolumes __attribute__((packed)); +- u_int8_t Revision __attribute__((packed)); +- u_int8_t SFTLevel __attribute__((packed)); +- u_int8_t TTSLevel __attribute__((packed)); ++ u_int8_t Revision; ++ u_int8_t SFTLevel; ++ u_int8_t TTSLevel; + u_int16_t MaxConnectionsEverUsed __attribute__((packed)); +- u_int8_t AccountVersion __attribute__((packed)); +- u_int8_t VAPVersion __attribute__((packed)); +- u_int8_t QueueVersion __attribute__((packed)); +- u_int8_t PrintVersion __attribute__((packed)); +- u_int8_t VirtualConsoleVersion __attribute__((packed)); +- u_int8_t RestrictionLevel __attribute__((packed)); +- u_int8_t InternetBridge __attribute__((packed)); +- u_int8_t Reserved[60] __attribute__((packed)); ++ u_int8_t AccountVersion; ++ u_int8_t VAPVersion; ++ u_int8_t QueueVersion; ++ u_int8_t PrintVersion; ++ u_int8_t VirtualConsoleVersion; ++ u_int8_t RestrictionLevel; ++ u_int8_t InternetBridge; ++ u_int8_t Reserved[60]; + }; + #endif + +@@ -592,7 +592,7 @@ struct ncp_station_addr + #ifdef SWIG + fixedArray Node[6]; + #else +- u_int8_t Node[6] __attribute__((packed)); ++ u_int8_t Node[6]; + #endif + u_int16_t Socket __attribute__((packed)); + }; +@@ -602,32 +602,32 @@ struct ncp_prop_login_control + #ifdef SWIG + fixedArray AccountExpireDate[3]; + #else +- u_int8_t AccountExpireDate[3] __attribute__((packed)); ++ u_int8_t AccountExpireDate[3]; + #endif +- u_int8_t Disabled __attribute__((packed)); ++ u_int8_t Disabled; + #ifdef SWIG + fixedArray PasswordExpireDate[3]; + #else +- u_int8_t PasswordExpireDate[3] __attribute__((packed)); ++ u_int8_t PasswordExpireDate[3]; + #endif +- u_int8_t GraceLogins __attribute__((packed)); ++ u_int8_t GraceLogins; + u_int16_t PasswordExpireInterval __attribute__((packed)); +- u_int8_t MaxGraceLogins __attribute__((packed)); +- u_int8_t MinPasswordLength __attribute__((packed)); ++ u_int8_t MaxGraceLogins; ++ u_int8_t MinPasswordLength; + u_int16_t MaxConnections __attribute__((packed)); + #ifdef SWIG + fixedArray ConnectionTimeMask[42] __attribute__((packed)); + fixedArray LastLogin[6] __attribute__((packed)); + #else +- u_int8_t ConnectionTimeMask[42] __attribute__((packed)); +- u_int8_t LastLogin[6] __attribute__((packed)); ++ u_int8_t ConnectionTimeMask[42]; ++ u_int8_t LastLogin[6]; + #endif +- u_int8_t RestrictionMask __attribute__((packed)); +- u_int8_t reserved __attribute__((packed)); ++ u_int8_t RestrictionMask; ++ u_int8_t reserved; + u_int32_t MaxDiskUsage __attribute__((packed)); + u_int16_t BadLoginCount __attribute__((packed)); + u_int32_t BadLoginCountDown __attribute__((packed)); +- struct ncp_station_addr LastIntruder __attribute__((packed)); ++ struct ncp_station_addr LastIntruder; + }; + + NWCCODE NWReadPropertyValue(NWCONN_HANDLE conn, const char *objName, +diff -Naurp ncpfs-2.2.6.orig//ipx-1.0/ipx_cmd.c ncpfs-2.2.6//ipx-1.0/ipx_cmd.c +--- ncpfs-2.2.6.orig//ipx-1.0/ipx_cmd.c 2005-01-27 12:35:59.000000000 -0500 ++++ ncpfs-2.2.6//ipx-1.0/ipx_cmd.c 2011-02-10 02:40:19.222076002 -0500 +@@ -63,8 +63,8 @@ + /* we are doing EthernetII... Any objections? */ + struct { + u_int16_t unknown __attribute__((packed)); +- u_int8_t dst[6] __attribute__((packed)); +- u_int8_t src[6] __attribute__((packed)); ++ u_int8_t dst[6]; ++ u_int8_t src[6]; + u_int16_t type __attribute__((packed)); + u_int8_t ipx[16384]; + } buffer; +diff -Naurp ncpfs-2.2.6.orig//lib/ncplib.c ncpfs-2.2.6//lib/ncplib.c +--- ncpfs-2.2.6.orig//lib/ncplib.c 2011-02-10 02:38:05.000000000 -0500 ++++ ncpfs-2.2.6//lib/ncplib.c 2011-02-10 02:38:18.822076000 -0500 +@@ -2584,13 +2584,13 @@ ncp_request(struct ncp_conn *conn, int f + + struct nw_time_buffer + { +- u_int8_t year __attribute__((packed)); +- u_int8_t month __attribute__((packed)); +- u_int8_t day __attribute__((packed)); +- u_int8_t hour __attribute__((packed)); +- u_int8_t minute __attribute__((packed)); +- u_int8_t second __attribute__((packed)); +- u_int8_t wday __attribute__((packed)); ++ u_int8_t year; ++ u_int8_t month; ++ u_int8_t day; ++ u_int8_t hour; ++ u_int8_t minute; ++ u_int8_t second; ++ u_int8_t wday; + }; + + static time_t diff --git a/net-fs/ncpfs/metadata.xml b/net-fs/ncpfs/metadata.xml new file mode 100644 index 0000000..55227da --- /dev/null +++ b/net-fs/ncpfs/metadata.xml @@ -0,0 +1,6 @@ + + + +net-fs + Provides Access to Netware services using the NCP protocol (Kernel support must be activated!) + diff --git a/net-fs/ncpfs/ncpfs-2.2.6-r2.ebuild b/net-fs/ncpfs/ncpfs-2.2.6-r2.ebuild new file mode 100644 index 0000000..48f527f --- /dev/null +++ b/net-fs/ncpfs/ncpfs-2.2.6-r2.ebuild @@ -0,0 +1,69 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/ncpfs-2.2.6-r2.ebuild,v 1.4 2012/06/11 09:20:53 ago Exp $ + +EAPI="2" + +inherit eutils pam + +DESCRIPTION="Provides Access to Netware services using the NCP protocol" +HOMEPAGE="ftp://platan.vc.cvut.cz/pub/linux/ncpfs/" +SRC_URI="ftp://platan.vc.cvut.cz/pub/linux/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ppc ppc64 ~x86" +IUSE="nls pam php" + +DEPEND="nls? ( sys-devel/gettext ) + pam? ( virtual/pam ) + php? ( || ( dev-lang/php virtual/httpd-php ) )" + +RDEPEND="${DEPEND}" + +src_prepare() { + # Add patch for PHP extension sandbox violation + epatch "${FILESDIR}"/${PN}-2.2.5-php.patch + epatch "${FILESDIR}"/${P}-gcc4.patch + epatch "${FILESDIR}"/${P}-missing-includes.patch + + # Add a patch to fix multiple vulnerabilities. + # CVE-2010-0788, CVE-2010-0790, & CVE-2010-0791. + # http://seclists.org/fulldisclosure/2010/Mar/122 + epatch "${FILESDIR}"/${P}-multiple-vulns.patch + + # Add a patch that removes the __attribute__((packed)); directive + # from several struct members in include/ncp/ncplib.h. This will + # cut down on a large number of compile warnings generated by modern + # gcc releases. + epatch "${FILESDIR}"/${P}-remove-packed-attrib.patch + + # Bug #273484 + sed -i '/ldconfig/d' lib/Makefile.in + + # Hack to inject LDFLAGS into the build + sed -i '/^LIBS/s:=:= @LDFLAGS@:' `find -name Makefile.in` || die +} + +src_configure() { + econf \ + $(use_enable nls) \ + $(use_enable pam pam "$(getpam_mod_dir)") \ + $(use_enable php) +} + +src_install() { + dodir $(getpam_mod_dir) /usr/sbin /sbin + + # Install the main programs, then the headers. + emake DESTDIR="${D}" install || die + emake DESTDIR="${D}" install-dev || die + ln -sf libncp.so.2.3.0 "${D}"/usr/lib/libncp.so.2.3 + + # Install a startup script in /etc/init.d and a conf file in /etc/conf.d + newconfd "${FILESDIR}"/ipx.confd ipx + newinitd "${FILESDIR}"/ipx.init ipx + + # Docs + dodoc FAQ README +}