kumba 14/08/13 05:47:27 Added: ncpfs-2.2.6-no-suid-root.patch ncpfs-2.2.6-remove-libncp_atomic-header.patch ncpfs-2.2.6-drop-mtab-support.patch ncpfs-2.2.6-align-fix.patch ncpfs-2.2.6-servername-array-fix.patch ncpfs-2.2.6-makefile-fix-soname-link.patch ncpfs-2.2.6-pam_ncp_auth-fix.patch ncpfs-2.2.6-getuid-fix.patch ncpfs-2.2.6-cve-2011-1679-1680.patch ncpfs-2.2.6-pie-fix.patch ncpfs-2.2.6-drop-kernel-check.patch ncpfs-2.2.6-ldflags-support.patch Log: Added 2.2.6-r3 that contains patches from Mageia and Debian that address several issues, including bugs #371477, #497278, & #446696. (Portage version: 2.2.12/cvs/Linux x86_64, signed Manifest commit with key D25D95E3)
Revision Changes Path 1.1 net-fs/ncpfs/files/ncpfs-2.2.6-no-suid-root.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-no-suid-root.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-no-suid-root.patch?rev=1.1&content-type=text/plain Index: ncpfs-2.2.6-no-suid-root.patch =================================================================== Description: Don't install utils as suid root Author: Bastian Blank <wa...@debian.org> Bug-Debian: http://bugs.debian.org/692929 --- ncpfs-2.2.6.orig/sutil/Makefile.in +++ ncpfs-2.2.6/sutil/Makefile.in @@ -51,7 +51,7 @@ all: $(UTILS) install: all ${INSTALL} -d $(DESTDIR)$(bindir) ${INSTALL} -d $(DESTDIR)/sbin - ${INSTALL} -m 4755 $(UTILS) $(DESTDIR)$(bindir) + ${INSTALL} $(UTILS) $(DESTDIR)$(bindir) ifeq ($(USE_KERNEL),1) ln -sf $(bindir)/ncpmount $(DESTDIR)/sbin/mount.ncp ln -sf $(bindir)/ncpmount $(DESTDIR)/sbin/mount.ncpfs 1.1 net-fs/ncpfs/files/ncpfs-2.2.6-remove-libncp_atomic-header.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-remove-libncp_atomic-header.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-remove-libncp_atomic-header.patch?rev=1.1&content-type=text/plain Index: ncpfs-2.2.6-remove-libncp_atomic-header.patch =================================================================== Description: Remove another generated file Author: Bastian Blank <wa...@debian.org> Bug-Debian: http://bugs.debian.org/692471 --- ncpfs-2.2.6.orig/Makefile.in +++ ncpfs-2.2.6/Makefile.in @@ -71,6 +71,7 @@ distclean: rm -f intl/Makefile po/Makefile po/Makefile.in rm -f lib/Makefile man/Makefile sutil/Makefile util/Makefile rm -f include/config.h + rm -f include/private/libncp-atomic.h rm -f include/ncp/ext/socket.h include/ncp/ext/stdint.h rm -f include/ncp/kernel/fs.h rm -f include/ncp/kernel/if.h include/ncp/kernel/route.h include/ncp/kernel/types.h 1.1 net-fs/ncpfs/files/ncpfs-2.2.6-drop-mtab-support.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-drop-mtab-support.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-drop-mtab-support.patch?rev=1.1&content-type=text/plain Index: ncpfs-2.2.6-drop-mtab-support.patch =================================================================== diff -Naurp ncpfs-2.2.6.orig/sutil/ncplogin.c ncpfs-2.2.6/sutil/ncplogin.c --- ncpfs-2.2.6.orig/sutil/ncplogin.c 2014-08-12 22:03:48.059170406 -0400 +++ ncpfs-2.2.6/sutil/ncplogin.c 2014-08-12 22:08:09.029168854 -0400 @@ -111,7 +111,6 @@ #include <stdlib.h> #include <stdarg.h> #include <sys/mount.h> -#include <mntent.h> #include <ncp/kernel/ipx.h> #include <sys/ioctl.h> #ifdef CONFIG_NATIVE_UNIX @@ -935,12 +934,6 @@ ncpipx:; } NWCCCloseConn(conn); NWDSFreeContext(ctx); - /* ncpmap, ncplogin must write in /etc/mtab */ - { - block_sigs(); - add_mnt_entry(mount_name, mount_point, info.flags); - unblock_sigs(); - } free(mount_name); if (info.echo_mnt_pnt) { printf(_("mounted on:%s\n"),mount_point); diff -Naurp ncpfs-2.2.6.orig/sutil/ncpm_common.c ncpfs-2.2.6/sutil/ncpm_common.c --- ncpfs-2.2.6.orig/sutil/ncpm_common.c 2014-08-12 22:03:48.149170405 -0400 +++ ncpfs-2.2.6/sutil/ncpm_common.c 2014-08-12 22:08:09.029168854 -0400 @@ -104,7 +104,6 @@ #include <stdlib.h> #include <stdarg.h> #include <sys/mount.h> -#include <mntent.h> #include <ncp/kernel/ipx.h> #include <sys/ioctl.h> #if MOUNT3 @@ -1423,80 +1422,6 @@ static const struct smntflags { {MS_NODIRATIME, "nodiratime"}, {0, NULL}}; -void add_mnt_entry(char* mount_name, char* mpnt, unsigned long flags) { - const struct smntflags* sf; - char mnt_opts[80]; - char* p; - struct mntent ment; - int fd; - FILE* mtab; - off_t goodoffset; - - if (check_name(mount_name) == -1 || check_name(mpnt) == -1) - errexit(107, _("Illegal character in mount entry\n")); - - ment.mnt_fsname = mount_name; - ment.mnt_dir = mpnt; - ment.mnt_type = (char*)"ncpfs"; - ment.mnt_opts = mnt_opts; - ment.mnt_freq = 0; - ment.mnt_passno = 0; - - p = mnt_opts; - *p++ = 'r'; - *p++ = (flags & MS_RDONLY)?'o':'w'; - for (sf = mntflags; sf->flag; sf++) { - if (flags & sf->flag) { - *p++ = ','; - strcpy(p, sf->name); - p += strlen(p); - } - } - *p = 0; - - if (ncpm_suser()) { - errexit(91, _("Cannot switch to superuser: %s\n"), strerror(errno)); - } - if ((fd = open(MOUNTED "~", O_RDWR | O_CREAT | O_EXCL, 0600)) == -1) - { - errexit(58, _("Can't get %s~ lock file\n"), MOUNTED); - } - close(fd); - - if ((mtab = setmntent(MOUNTED, "a+")) == NULL) - { - unlink(MOUNTED "~"); - errexit(59, _("Can't open %s\n"), MOUNTED); - } - fseek (mtab, 0, SEEK_END); - goodoffset = ftell(mtab); - if (addmntent(mtab, &ment) == 1) - { - /* restore good state */ - ftruncate(fileno(mtab), goodoffset); - endmntent(mtab); - unlink(MOUNTED "~"); - errexit(60, _("Can't write mount entry\n")); - } - if (fchmod(fileno(mtab), 0644) == -1) - { - /* restore good state */ - ftruncate(fileno(mtab), goodoffset); - endmntent(mtab); - unlink(MOUNTED "~"); - errexit(61, _("Can't set perms on %s\n"), MOUNTED); - } - endmntent(mtab); - - if (unlink(MOUNTED "~") == -1) - { - errexit(62, _("Can't remove %s~\n"), MOUNTED); - } - if (ncpm_normal()) { - errexit(90, _("Cannot relinquish superuser rights: %s\n"), strerror(EPERM)); - } -} - static int __proc_option(const struct optinfo* opts, struct ncp_mount_info* info, const char* opt, const char* param) { const struct optinfo* optr; diff -Naurp ncpfs-2.2.6.orig/sutil/ncpm_common.h ncpfs-2.2.6/sutil/ncpm_common.h --- ncpfs-2.2.6.orig/sutil/ncpm_common.h 2014-08-12 22:03:47.919170406 -0400 +++ ncpfs-2.2.6/sutil/ncpm_common.h 2014-08-12 22:08:09.029168854 -0400 @@ -60,7 +60,6 @@ void verify_argv(int argc, char* argv[]) int ncp_mount_specific(struct ncp_conn* conn, int pathNS, const unsigned char* NWpath, int pathlen); int mount_ok(struct stat *st); void mycom_err(int, const char*, ...); -void add_mnt_entry(char* mount_name, char* mpoint, unsigned long flags); struct ncp_mount_info { struct ncp_mount_data_independent mdata; diff -Naurp ncpfs-2.2.6.orig/sutil/ncpmount.c ncpfs-2.2.6/sutil/ncpmount.c --- ncpfs-2.2.6.orig/sutil/ncpmount.c 2014-08-12 22:03:47.919170406 -0400 +++ ncpfs-2.2.6/sutil/ncpmount.c 2014-08-12 22:08:09.029168854 -0400 @@ -114,7 +114,6 @@ #include <stdlib.h> #include <stdarg.h> #include <sys/mount.h> -#include <mntent.h> #include <ncp/kernel/ipx.h> #include <ncp/nwclient.h> #include <sys/ioctl.h> @@ -719,11 +718,6 @@ ncpipx:; } ncp_close(conn); - if (!opt_n) { - block_sigs(); - add_mnt_entry(mount_name, mount_point, info.flags); - unblock_sigs(); - } return 0; } diff -Naurp ncpfs-2.2.6.orig/sutil/ncpumount.c ncpfs-2.2.6/sutil/ncpumount.c --- ncpfs-2.2.6.orig/sutil/ncpumount.c 2014-08-12 22:03:47.949170406 -0400 +++ ncpfs-2.2.6/sutil/ncpumount.c 2014-08-12 22:09:30.179168372 -0400 @@ -179,113 +179,6 @@ static void enableAlarm(void) { sigprocmask(SIG_UNBLOCK, &sa.sa_mask, NULL); } -static int __clearMtab (const char* mount_points[], unsigned int numEntries) { -// main logic from ncpumount.c - struct mntent *mnt; - FILE *mtab; - FILE *new_mtab; - -#define MOUNTED_TMP MOUNTED".tmp" - - if ((mtab = setmntent(MOUNTED, "r")) == NULL){ - eprintf(_("Can't open %s: %s\n"), MOUNTED, - strerror(errno)); - return 1; - } - - if ((new_mtab = setmntent(MOUNTED_TMP, "w")) == NULL){ - eprintf(_("Can't open %s: %s\n"), MOUNTED_TMP, - strerror(errno)); - endmntent(mtab); - return 1; - } - while ((mnt = getmntent(mtab)) != NULL) { - unsigned int i=0; - int found=0; - - while (i<numEntries && !found) { - found=!strcmp(mnt->mnt_dir, mount_points[i]); - i++; - } - if (!found) { - if (addmntent(new_mtab, mnt)) { - eprintf(_("Can't addmntent to %s: %s\n"), MOUNTED_TMP, - strerror(errno)); - endmntent(mtab); - return 1; - } - } - } - - endmntent(mtab); - - if (fchmod(fileno(new_mtab), S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) < 0){ - eprintf(_("Error changing mode of %s: %s\n"), - MOUNTED_TMP, strerror(errno)); - return 1; - } - endmntent(new_mtab); - - if (rename(MOUNTED_TMP, MOUNTED) < 0){ - eprintf(_("Cannot rename %s to %s: %s\n"), - MOUNTED, MOUNTED_TMP, strerror(errno)); - return 1; - } - return 0; -} - -static int clearMtab (const char* mount_points[], unsigned int numEntries) { - int fd; - int err; - int retries = 10; - - if (!numEntries) - return 0; /* don't waste time ! */ - - block_sigs(); - - while ((fd = open(MOUNTED "~", O_RDWR | O_CREAT | O_EXCL, 0600)) == -1) { - struct timespec tm; - - if (errno != EEXIST || retries == 0) { - unblock_sigs(); - eprintf(_("Can't get %s~ lock file: %s\n"), MOUNTED, strerror(errno)); - return 1; - } - fd = open(MOUNTED "~", O_RDWR); - if (fd != -1) { - alarm(10); - err = lockf(fd, F_LOCK, 0); - alarm(0); - close(fd); - if (err) { - unblock_sigs(); - eprintf(_("Can't lock lock file %s~: %s\n"), MOUNTED, _("Lock timed out")); - return 1; - } - tm.tv_sec = 0; - tm.tv_nsec = 20000000; - nanosleep(&tm, NULL); - } - retries--; - } - alarm(1); - lockf(fd, F_LOCK, 0); - alarm(0); - close(fd); - - err = __clearMtab(mount_points, numEntries); - - if ((unlink(MOUNTED "~") == -1) && (err == 0)){ - unblock_sigs(); - eprintf(_("Can't remove %s~"), MOUNTED); - return 1; - } - unblock_sigs(); - return err; -} - - int ncp_mnt_umount(const char *abs_mnt, const char *rel_mnt) { if (umount(rel_mnt) != 0) { @@ -622,10 +515,6 @@ static int old_ncpumount(int argc, char ret = 1; continue; } - if (clearMtab(&mount_point, 1)) { - ret = 1; - continue; - } } return ret; } @@ -744,7 +633,6 @@ main(int argc, char *argv[]) if (serverName || allConns) { processBindServers(conns,curEntries,serverName,umountTable,&mountEntries); } - clearMtab(umountTable, mountEntries); } else if (treeName) { eprintf(_("No NCP connections to tree %s.\n"),treeName); } else if (serverName) { 1.1 net-fs/ncpfs/files/ncpfs-2.2.6-align-fix.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-align-fix.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-align-fix.patch?rev=1.1&content-type=text/plain Index: ncpfs-2.2.6-align-fix.patch =================================================================== diff -Naurp ncpfs-2.2.6.orig/lib/ndslib.c ncpfs-2.2.6/lib/ndslib.c --- ncpfs-2.2.6.orig/lib/ndslib.c 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/lib/ndslib.c 2014-08-12 21:07:35.559190454 -0400 @@ -957,7 +957,7 @@ static NWDSCCODE nds_beginauth2( NWDSCCODE err; int n1, n3; u_int16_t n3a; - char rpb_b[DEFAULT_MESSAGE_LEN]; + char rpb_b[DEFAULT_MESSAGE_LEN] __attribute__ ((aligned (4))); Buf_T rpb; size_t k1tl; 1.1 net-fs/ncpfs/files/ncpfs-2.2.6-servername-array-fix.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-servername-array-fix.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-servername-array-fix.patch?rev=1.1&content-type=text/plain Index: ncpfs-2.2.6-servername-array-fix.patch =================================================================== diff -Naurp ncpfs-2.2.6.orig/include/ncp/ncplib.h ncpfs-2.2.6/include/ncp/ncplib.h --- ncpfs-2.2.6.orig/include/ncp/ncplib.h 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/include/ncp/ncplib.h 2014-08-12 21:01:01.159192798 -0400 @@ -485,9 +485,9 @@ struct ncp_file_server_info struct ncp_file_server_info_2 { #ifdef SWIG - fixedArray ServerName[49]; + fixedArray ServerName[50]; #else - u_int8_t ServerName[49]; + u_int8_t ServerName[50]; #endif u_int8_t FileServiceVersion; u_int8_t FileServiceSubVersion; 1.1 net-fs/ncpfs/files/ncpfs-2.2.6-makefile-fix-soname-link.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-makefile-fix-soname-link.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-makefile-fix-soname-link.patch?rev=1.1&content-type=text/plain Index: ncpfs-2.2.6-makefile-fix-soname-link.patch =================================================================== diff -Naurp ncpfs-2.2.6.orig/lib/Makefile.in ncpfs-2.2.6/lib/Makefile.in --- ncpfs-2.2.6.orig/lib/Makefile.in 2014-08-12 23:23:27.149141996 -0400 +++ ncpfs-2.2.6/lib/Makefile.in 2014-08-12 23:23:55.969141824 -0400 @@ -99,9 +99,10 @@ distclean: mrproper install_shared: $(SHARED_NCPLIB_BIN) $(INSTALL) -d $(DESTDIR)$(libsodir) $(INSTALL) $(SHARED_NCPLIB_BIN) $(DESTDIR)$(libsodir) + ln -sf $(SHARED_NCPLIB_BIN) $(DESTDIR)$(libsodir)/$(SHARED_NCPLIB) + ln -sf $(SHARED_NCPLIB_BIN) $(DESTDIR)$(libsodir)/$(SHARED_NCPLIB_SONAME) install-dev: install_shared install_static - ln -sf $(SHARED_NCPLIB_SONAME) $(DESTDIR)$(libsodir)/$(SHARED_NCPLIB) $(INSTALL) -d $(DESTDIR)$(includedir)/ncp $(INSTALL) -d $(DESTDIR)$(includedir)/ncp/ext $(INSTALL) -d $(DESTDIR)$(includedir)/ncp/kernel 1.1 net-fs/ncpfs/files/ncpfs-2.2.6-pam_ncp_auth-fix.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-pam_ncp_auth-fix.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-pam_ncp_auth-fix.patch?rev=1.1&content-type=text/plain Index: ncpfs-2.2.6-pam_ncp_auth-fix.patch =================================================================== diff -Naurp ncpfs-2.2.6.orig/contrib/pam/pam_ncp_auth.c ncpfs-2.2.6/contrib/pam/pam_ncp_auth.c --- ncpfs-2.2.6.orig/contrib/pam/pam_ncp_auth.c 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/contrib/pam/pam_ncp_auth.c 2014-08-12 21:02:33.229192251 -0400 @@ -2534,7 +2534,7 @@ nw_retrieve_nds_user_info(struct nw_user bailoutctx:; NWDSFreeContext(ctx); bailout:; - if (!err & (ui->qflag & QF_DEBUG)) + if ((!err) && (ui->qflag & QF_DEBUG)) syslog(LOG_NOTICE, "%u %u %s %s %s\n", ui->uid, ui->gid, ui->dir, ui->gecos, ui->shell); return err; } 1.1 net-fs/ncpfs/files/ncpfs-2.2.6-getuid-fix.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-getuid-fix.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-getuid-fix.patch?rev=1.1&content-type=text/plain Index: ncpfs-2.2.6-getuid-fix.patch =================================================================== diff -Naurp ncpfs-2.2.6.orig/contrib/tcl-utils/chgpwd.c ncpfs-2.2.6/contrib/tcl-utils/chgpwd.c --- ncpfs-2.2.6.orig/contrib/tcl-utils/chgpwd.c 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/contrib/tcl-utils/chgpwd.c 2014-08-12 21:08:25.779190155 -0400 @@ -292,12 +292,12 @@ int main(int argc, char *argv[]) { } } else { if (!treeName[0]) { - NWCXGetPreferredDSTree(treeName,sizeof(treeName)); + dserr=NWCXGetPreferredDSTree(treeName,sizeof(treeName)); } if (!treeName[0]) { fprintf(stderr,"failed: You must specify a server or a tree\n"); - dserr=114; + /*dserr=114;*/ goto finished; } diff -Naurp ncpfs-2.2.6.orig/contrib/tcl-utils/ncplist.c ncpfs-2.2.6/contrib/tcl-utils/ncplist.c --- ncpfs-2.2.6.orig/contrib/tcl-utils/ncplist.c 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/contrib/tcl-utils/ncplist.c 2014-08-12 21:08:25.779190155 -0400 @@ -299,7 +299,12 @@ int main(int argc, char *argv[]) { }else { if (!treeName[0]) { - NWCXGetPreferredDSTree(treeName,sizeof(treeName)); + dserr=NWCXGetPreferredDSTree(treeName,sizeof(treeName)); + if (dserr){ + fprintf(stderr, "failed: Cannot get preffered DS tree: %s\n", + strnwerror(dserr); + exit(106); + } } if (!treeName[0]) { diff -Naurp ncpfs-2.2.6.orig/contrib/tcl-utils/ncpreadprop.c ncpfs-2.2.6/contrib/tcl-utils/ncpreadprop.c --- ncpfs-2.2.6.orig/contrib/tcl-utils/ncpreadprop.c 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/contrib/tcl-utils/ncpreadprop.c 2014-08-12 21:08:25.779190155 -0400 @@ -470,7 +470,7 @@ main(int argc, char *argv[]) } } else { if (!treeName[0]) { - NWCXGetPreferredDSTree(treeName,sizeof(treeName)); + dserr=NWCXGetPreferredDSTree(treeName,sizeof(treeName)); } if (!treeName[0]) { diff -Naurp ncpfs-2.2.6.orig/contrib/tcl-utils/ncpreadprops.c ncpfs-2.2.6/contrib/tcl-utils/ncpreadprops.c --- ncpfs-2.2.6.orig/contrib/tcl-utils/ncpreadprops.c 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/contrib/tcl-utils/ncpreadprops.c 2014-08-12 21:08:25.779190155 -0400 @@ -507,7 +507,7 @@ main(int argc, char *argv[]) } } else { if (!treeName[0]) { - NWCXGetPreferredDSTree(treeName,sizeof(treeName)); + dserr=NWCXGetPreferredDSTree(treeName,sizeof(treeName)); } if (!treeName[0]) { diff -Naurp ncpfs-2.2.6.orig/lib/nwclient.c ncpfs-2.2.6/lib/nwclient.c --- ncpfs-2.2.6.orig/lib/nwclient.c 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/lib/nwclient.c 2014-08-12 21:08:25.779190155 -0400 @@ -481,6 +481,10 @@ static char* readnwinfosfile (char * use *err = EACCES; return NULL; } + if (st.st_uid != getuid()) { + *err = EACCES; + return NULL; + } if ((st.st_mode & (S_IRWXO | S_IRWXG)) != 0) { *err = NCPLIB_INVALID_MODE; return NULL; @@ -560,7 +564,7 @@ NWDSCCODE NWCXGetPreferredDSTree (NWD if (!res) res=readnwinfosfile (NULL,NDS_PREFERRED_TREE,NULL, &err); if (!res) - return -1; + return err; if (strlen (res)+1 >maxLen) return NWE_BUFFER_OVERFLOW; strcpy(preferTree,res); @@ -581,7 +585,7 @@ NWDSCCODE NWCXGetDefaultNameContext (con if (!res) res=readnwinfosfile (NULL,NDS_PREFERRED_NAME_CTX,forTree,&err); if (!res) - return -1; + return err; if (strlen (res)+1 >maxLen) return NWE_BUFFER_OVERFLOW; strcpy(nameContext,res); @@ -603,7 +607,7 @@ NWDSCCODE NWCXGetPreferredServer (con res=readnwinfosfile (NULL, NDS_PREFERRED_SERVER, forTree, &err); if (!res) { - return -1; + return err; } } /* test that this server DO belongs to tree forTree*/ @@ -644,7 +648,7 @@ NWDSCCODE NWCXGetDefaultUserName (const if (!res) res=readnwinfosfile (NULL,NDS_USER,forTree, &err); if (!res) - return -1; + return err; if (strlen (res)+1 >maxLen) return NWE_BUFFER_OVERFLOW; strcpy(defaultName,res); diff -Naurp ncpfs-2.2.6.orig/sutil/ncplogin.c ncpfs-2.2.6/sutil/ncplogin.c --- ncpfs-2.2.6.orig/sutil/ncplogin.c 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/sutil/ncplogin.c 2014-08-12 21:08:25.779190155 -0400 @@ -588,7 +588,10 @@ main(int argc, char *argv[]) int flags = 0; if (!info.tree) { - NWCXGetPreferredDSTree(ntree, sizeof(ntree)); + err=NWCXGetPreferredDSTree(ntree, sizeof(ntree)); + if (err){ + errexit(104, _("Cannot get preffered DS tree: %s\n"),strnwerror(err)); + } info.tree = ntree; } 1.1 net-fs/ncpfs/files/ncpfs-2.2.6-cve-2011-1679-1680.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-cve-2011-1679-1680.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-cve-2011-1679-1680.patch?rev=1.1&content-type=text/plain Index: ncpfs-2.2.6-cve-2011-1679-1680.patch =================================================================== diff -Naurp ncpfs-2.2.6.orig/sutil/ncpm_common.c ncpfs-2.2.6/sutil/ncpm_common.c --- ncpfs-2.2.6.orig/sutil/ncpm_common.c 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/sutil/ncpm_common.c 2014-08-12 20:55:00.349194943 -0400 @@ -1415,6 +1415,7 @@ void add_mnt_entry(char* mount_name, cha struct mntent ment; int fd; FILE* mtab; + off_t goodoffset; ment.mnt_fsname = mount_name; ment.mnt_dir = mpnt; @@ -1446,14 +1447,25 @@ void add_mnt_entry(char* mount_name, cha if ((mtab = setmntent(MOUNTED, "a+")) == NULL) { + unlink(MOUNTED "~"); errexit(59, _("Can't open %s\n"), MOUNTED); } + fseek (mtab, 0, SEEK_END); + goodoffset = ftell(mtab); if (addmntent(mtab, &ment) == 1) { + /* restore good state */ + ftruncate(fileno(mtab), goodoffset); + endmntent(mtab); + unlink(MOUNTED "~"); errexit(60, _("Can't write mount entry\n")); } if (fchmod(fileno(mtab), 0644) == -1) { + /* restore good state */ + ftruncate(fileno(mtab), goodoffset); + endmntent(mtab); + unlink(MOUNTED "~"); errexit(61, _("Can't set perms on %s\n"), MOUNTED); } endmntent(mtab); diff -Naurp ncpfs-2.2.6.orig/sutil/ncpumount.c ncpfs-2.2.6/sutil/ncpumount.c --- ncpfs-2.2.6.orig/sutil/ncpumount.c 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/sutil/ncpumount.c 2014-08-12 20:55:00.349194943 -0400 @@ -163,7 +163,12 @@ static int __clearMtab (const char* moun i++; } if (!found) { - addmntent(new_mtab, mnt); + if (addmntent(new_mtab, mnt)) { + eprintf(_("Can't addmntent to %s: %s\n"), MOUNTED_TMP, + strerror(errno)); + endmntent(mtab); + return 1; + } } } 1.1 net-fs/ncpfs/files/ncpfs-2.2.6-pie-fix.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-pie-fix.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-pie-fix.patch?rev=1.1&content-type=text/plain Index: ncpfs-2.2.6-pie-fix.patch =================================================================== diff -Naurp ncpfs-2.2.6.orig/lib/Makefile.in ncpfs-2.2.6/lib/Makefile.in --- ncpfs-2.2.6.orig/lib/Makefile.in 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/lib/Makefile.in 2014-08-12 21:05:24.349191234 -0400 @@ -57,7 +57,7 @@ NDS_CFLAGS := $(BASE_CFLAGS) -DPORTABLE CFLAGS_ncplib.o := -DNWSFIND=\"$(bindir)/nwsfind\" CFLAGS_cfgfile.o := -DGLOBALCFGFILE=\"$(sysconfdir)/ncpfs.conf\" -STATIC_CFLAGS := $(CFLAGS) $(CCFLAGS) $(REENTRANT_CFLAGS) @FFUNCTION_SECTIONS@ +STATIC_CFLAGS := $(CFLAGS) $(CCFLAGS) $(REENTRANT_CFLAGS) $(PIC_FLAGS) @FFUNCTION_SECTIONS@ SHARED_CFLAGS := $(CFLAGS) $(CCFLAGS) $(REENTRANT_CFLAGS) $(PIC_FLAGS) $(SHARED_VLINK_CFLAGS) .PHONY : all dep install install-dev clean mrproper distclean diff -Naurp ncpfs-2.2.6.orig/sutil/Makefile.in ncpfs-2.2.6/sutil/Makefile.in --- ncpfs-2.2.6.orig/sutil/Makefile.in 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/sutil/Makefile.in 2014-08-12 21:05:24.349191234 -0400 @@ -34,11 +34,12 @@ endif CFLAGS_ncpmount.o = -DNCPMOUNT=1 -DMAKE_NCPLIB CFLAGS_ncpmap.o = -DNCPMAP=1 -DMAKE_NCPLIB -CFLAGS_ncplogin.o = -DMAKE_NCPLIB +CFLAGS_ncplogin.o = -DMAKE_NCPLIB CFLAGS_ncpm_common.o = -DNWMSG=\"$(sbindir)/nwmsg\" LDFLAGS_ncpmount = ncpm_common.o mount_login.o -LDFLAGS_ncplogin = ncpm_common.o mount_login.o -LDFLAGS_ncpmap = ncpm_common.o +LDFLAGS_ncplogin = -pie ncpm_common.o mount_login.o +LDFLAGS_ncpmap = -pie ncpm_common.o +LDFLAGS_nwsfind = -pie .PHONY : all install install-dev dep clean mrproper distclean .PHONY : default 1.1 net-fs/ncpfs/files/ncpfs-2.2.6-drop-kernel-check.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-drop-kernel-check.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-drop-kernel-check.patch?rev=1.1&content-type=text/plain Index: ncpfs-2.2.6-drop-kernel-check.patch =================================================================== Description: Drop kernel version check Author: Bastian Blank <wa...@debian.org> Bug-Debian: http://bugs.debian.org/692472 --- ncpfs-2.2.6.orig/sutil/ncpm_common.c +++ ncpfs-2.2.6/sutil/ncpm_common.c @@ -243,23 +243,6 @@ static int load_ncpfs(void) #endif /* MOUNT2 */ static int getmountver(void) { - struct utsname name; - int maj, mid, rev; - int ver; - - if (uname(&name)) { - errexit(1, _("Cannot get kernel release\n")); - } - if (sscanf(name.release, "%d.%d.%d", &maj, &mid, &rev) != 3) { - errexit(2, _("Cannot convert kernel release \"%s\" to number\n"), name.release); - } - ver = maj*0x10000 + mid*0x100 + rev; - if (ver < 0x20100) - return 2; - if (ver < 0x20328) - return 3; - if (ver < 0x2051F) - return 4; return 5; } 1.1 net-fs/ncpfs/files/ncpfs-2.2.6-ldflags-support.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-ldflags-support.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-fs/ncpfs/files/ncpfs-2.2.6-ldflags-support.patch?rev=1.1&content-type=text/plain Index: ncpfs-2.2.6-ldflags-support.patch =================================================================== diff -Naurp ncpfs-2.2.6.orig/contrib/pam/Makefile.in ncpfs-2.2.6/contrib/pam/Makefile.in --- ncpfs-2.2.6.orig/contrib/pam/Makefile.in 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/contrib/pam/Makefile.in 2014-08-12 21:06:42.369190770 -0400 @@ -17,6 +17,7 @@ PAM_LIBRARY = pam_ncp_auth.so PAM_OBJECTS = pam_ncp_auth.do support.do CFLAGS_pam_ncp_auth.do := -DNCPMOUNT_PATH=\"$(bindir)/ncpmount\" -DNCPUMOUNT_PATH=\"$(bindir)/ncpumount\" +LDFLAGS = @LDFLAGS@ .PHONY : all install install-dev dep clean mrproper distclean .PHONY : default @@ -45,7 +46,7 @@ $(PAM_OBJECTS): %.do: %.c $(PAM_LIBRARY): $(PAM_OBJECTS) - $(CC) $(CFLAGS) -shared -o $@ $(PAM_OBJECTS) -L$(NCPLIB_DIR) -lncp -lpam ${LIBS} + $(CC) $(CFLAGS) -shared $(LDFLAGS) -o $@ $(PAM_OBJECTS) -L$(NCPLIB_DIR) -lncp -lpam ${LIBS} dep: diff -Naurp ncpfs-2.2.6.orig/ipx-1.0/Makefile.in ncpfs-2.2.6/ipx-1.0/Makefile.in --- ncpfs-2.2.6.orig/ipx-1.0/Makefile.in 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/ipx-1.0/Makefile.in 2014-08-12 21:06:42.369190770 -0400 @@ -9,6 +9,7 @@ vpath %.c ${this_srcdir} vpath %.8 ${this_srcdir} LIBS = @INTLLIBS@ @LIBS@ +LDFLAGS = @LDFLAGS@ O_UTILS = ipx_configure.o ipx_cmd.o O_UTIIPX = ipx_interface.o ipx_internal_net.o ipx_route.o @@ -33,7 +34,7 @@ $(ALL_OBJECTS): %.o: %.c [ -s $@ ] || rm -f $@ $(UTIIPX): %: %.o ipxutil.o - $(CC) $(CFLAGS) -o $@ $(addsuffix .o,$@) ipxutil.o ${LIBS} + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(addsuffix .o,$@) ipxutil.o ${LIBS} $(UTILS): %: %.o $(CC) $(CFLAGS) -o $@ $(addsuffix .o,$@) ${LIBS} diff -Naurp ncpfs-2.2.6.orig/ipxdump/Makefile.in ncpfs-2.2.6/ipxdump/Makefile.in --- ncpfs-2.2.6.orig/ipxdump/Makefile.in 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/ipxdump/Makefile.in 2014-08-12 21:06:42.369190770 -0400 @@ -11,6 +11,7 @@ ncp_if_ether_support = @ncp_if_ether_sup OBJECTS= ipxutil.o ALL_OBJECTS := $(EXEC:%=%.o) $(OBJECTS) +LDFLAGS = @LDFLAGS@ .PHONY : all install dep clean mrproper distclean .PHONY : dist tgz @@ -24,7 +25,7 @@ install: $(EXEC) ifeq ($(ncp_if_ether_support),yes) $(EXEC): %: %.o $(OBJECTS) - $(CC) $(CFLAGS) -o $@ $(addsuffix .o,$@) $(OBJECTS) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(addsuffix .o,$@) $(OBJECTS) else .PHONY ipxdump ipxparse diff -Naurp ncpfs-2.2.6.orig/lib/Makefile.in ncpfs-2.2.6/lib/Makefile.in --- ncpfs-2.2.6.orig/lib/Makefile.in 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/lib/Makefile.in 2014-08-12 21:06:42.369190770 -0400 @@ -23,6 +23,7 @@ STATIC_NCPLIB_BIN := $(STATIC_NCPLIB) CCFLAGS += -I. PIC_FLAGS := -fPIC NWCOMPAT := 1 +LDFLAGS := @LDFLAGS@ SHARED_VLINK := SHARED_VLINK_CFLAGS := @@ -122,7 +123,7 @@ $(SHARED_NCPLIB): $(SHARED_NCPLIB_BIN) ln -sf $< $@ $(SHARED_NCPLIB_BIN): $(SHARED_O_OBJ) ${this_srcdir}/libncp.vers - $(CC) -shared -o $@ -Wl,-soname=$(SHARED_NCPLIB_SONAME) $(SHARED_VLINK) $(SHARED_O_OBJ) ${LIBS} -lc + $(CC) -shared -o $@ -Wl,-soname=$(SHARED_NCPLIB_SONAME) $(LDFLAGS) $(SHARED_VLINK) $(SHARED_O_OBJ) ${LIBS} -lc install_static: $(STATIC_NCPLIB_BIN) $(INSTALL) -d $(DESTDIR)$(libadir) diff -Naurp ncpfs-2.2.6.orig/Make.rules.in ncpfs-2.2.6/Make.rules.in --- ncpfs-2.2.6.orig/Make.rules.in 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/Make.rules.in 2014-08-12 21:06:42.369190770 -0400 @@ -42,6 +42,7 @@ CFLAGS_OPTIONS += $(CWARN) CFLAGS_DEFINES := -DN_PLAT_LINUX -DLOCALEDIR=\"${localedir}\" -DNCPFS_VERSION=\"${VERSION}\" -DNCPFS_PACKAGE=\"${PACKAGE}\" CCFLAGS := $(CFLAGS_DEFINES) $(CFLAGS_OPTIONS) $(INCLUDES) +LDFLAGS := @LDFLAGS@ # If your system is ELF, either also do a 'make install', or append the util/ # directory where the dynamic library resides to the environment diff -Naurp ncpfs-2.2.6.orig/sutil/Makefile.in ncpfs-2.2.6/sutil/Makefile.in --- ncpfs-2.2.6.orig/sutil/Makefile.in 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/sutil/Makefile.in 2014-08-12 21:06:42.369190770 -0400 @@ -14,6 +14,7 @@ USE_KERNEL = @USE_KERNEL@ NDS_SUPPORT = @NDS_SUPPORT@ LIBS = @INTLLIBS@ @LIBS@ +LDFLAGS := @LDFLAGS@ # environ in ncpmount CCFLAGS += -D_GNU_SOURCE @@ -69,7 +70,7 @@ $(O_UTILS:.o=.d): %.d: %.c [ -s $@ ] || rm -f $@ ncpmap.o: %.o: ncplogin.c - $(CC) $(CFLAGS) $(CCFLAGS) $(CFLAGS_$@) -o $@ -c $< + $(CC) $(CFLAGS) $(LDFLAGS) $(CCFLAGS) $(CFLAGS_$@) -o $@ -c $< ncpmap.d: %.d: ncplogin.c set -e; $(CC) -M $(CFLAGS) $(CCFLAGS) $(CFLAGS_$(@:.d=.o)) $< \ @@ -85,7 +86,7 @@ ncpm_common.d mount_login.d: %.d: %.c [ -s $@ ] || rm -f $@ $(UTILS): %: %.o ../lib/libncp.a ncpm_common.o mount_login.o - $(CC) @GC_SECTIONS@-o $@ $(addsuffix .o,$@) $(LDFLAGS_$@) ../lib/libncp.a ${LIBS} + $(CC) @GC_SECTIONS@-o $@ $(addsuffix .o,$@) $(LDFLAGS) $(LDFLAGS_$@) ../lib/libncp.a ${LIBS} ../lib/libncp.a: make -C ../lib libncp.a diff -Naurp ncpfs-2.2.6.orig/util/Makefile.in ncpfs-2.2.6/util/Makefile.in --- ncpfs-2.2.6.orig/util/Makefile.in 2005-01-27 12:35:59.000000000 -0500 +++ ncpfs-2.2.6/util/Makefile.in 2014-08-12 21:06:42.369190770 -0400 @@ -15,6 +15,7 @@ NDS_SUPPORT = @NDS_SUPPORT@ MOUNT2 = @MOUNT2@ LIBS = @INTLLIBS@ @LIBS@ +LDFLAGS = @LDFLAGS@ O_OTHER = dsqueue.o O_USERUTILS = slist.o pqlist.o nwfsinfo.o pserver.o nprint.o nsend.o \ @@ -83,7 +84,7 @@ install-dev: make -C ../lib libncp.so $(O_USERUTILS) $(O_SBINUTILS) $(O_OTHER) ncptest.o: %.o: %.c - $(CC) $(CFLAGS) $(CCFLAGS) $(CFLAGS_$@) -o $@ -c $< + $(CC) $(CFLAGS) $(LDFLAGS) $(CCFLAGS) $(CFLAGS_$@) -o $@ -c $< %.d: %.c set -e; $(CC) -M $(CFLAGS) $(CCFLAGS) $(CFLAGS_$(@:.d=.o)) $< \ @@ -94,10 +95,10 @@ $(O_USERUTILS) $(O_SBINUTILS) $(O_OTHER) pqstat nwpqjob nprint: dsqueue.o $(UTILS): %: %.o $(LIBDEP) - $(CC) $(CFLAGS) -o $@ $(addsuffix .o,$@) $(ADDOBJS_$@) -L$(NCPLIB_DIR) -lncp ${LIBS} + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(addsuffix .o,$@) $(ADDOBJS_$@) -L$(NCPLIB_DIR) -lncp ${LIBS} ipx_probe: ipx_probe.c - $(CC) $(CFLAGS) $(CCFLAGS) -o ipx_probe ipx_probe.c ${LIBS} + $(CC) $(CFLAGS) $(LDFLAGS) $(CCFLAGS) -o ipx_probe ipx_probe.c ${LIBS} dep: