Add two patches to ncpfs, one to correct several vulnerabilities (#308071) and another to remove unneeded __attribute((packed)) directives to make the build look a lot cleaner. Also imported an init.d script and companion conf.d file for starting up/shutting down IPX through the init system. The init script should address #238688 in this package. Also fixed #126323 by installing headers for ncpfs into /usr/include. And removed the -r0 ebuild.

Package-Manager: portage-2.1.9.39/cvs/Linux x86_64
author: Joshua Kinard <kumba@gentoo.org> 2011-02-10 09:26:38 +0000
committer: Joshua Kinard <kumba@gentoo.org> 2011-02-10 09:26:38 +0000
commit: 7d1204465d06e4b841a721a9dd1f44d6c955aac1 (patch)
tree: 0524faadc0b4fd8270de704b1ff6f254109aec7d /net-fs/ncpfs
parent: add ~ppc-aix keyword. (diff)
download: historical-7d1204465d06e4b841a721a9dd1f44d6c955aac1.tar.gz
historical-7d1204465d06e4b841a721a9dd1f44d6c955aac1.tar.bz2
historical-7d1204465d06e4b841a721a9dd1f44d6c955aac1.zip
9 files changed, 1018 insertions, 59 deletions
diff --git a/net-fs/ncpfs/ChangeLog b/net-fs/ncpfs/ChangeLog
index 5ca2b14bd894..14989dc1af59 100644
--- a/net-fs/ncpfs/ChangeLog
+++ b/net-fs/ncpfs/ChangeLog
@@ -1,6 +1,19 @@
 # ChangeLog for net-fs/ncpfs
-# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/ChangeLog,v 1.26 2010/10/08 16:22:59 mabi Exp $
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/ChangeLog,v 1.27 2011/02/10 09:26:38 kumba Exp $
+
+*ncpfs-2.2.6-r2 (10 Feb 2011)
+
+  10 Feb 2011; Joshua Kinard <kumba@gentoo.org> -ncpfs-2.2.6.ebuild,
+  +ncpfs-2.2.6-r2.ebuild, +files/ncpfs-2.2.6-multiple-vulns.patch,
+  +files/ncpfs-2.2.6-remove-packed-attrib.patch, +files/ipx.confd,
+  +files/ipx.init:
+  Add two patches to ncpfs, one to correct several vulnerabilities (#308071)
+  and another to remove unneeded __attribute((packed)) directives to make the
+  build look a lot cleaner. Also imported an init.d script and companion conf.d
+  file for starting up/shutting down IPX through the init system. The init
+  script should address #238688 in this package. Also fixed #126323 by
+  installing headers for ncpfs into /usr/include. And removed the -r0 ebuild.
 
   08 Oct 2010; Matti Bickel <mabi@gentoo.org> ncpfs-2.2.6-r1.ebuild:
   change virtual/php to dev-lang/php (bug #319623)
diff --git a/net-fs/ncpfs/Manifest b/net-fs/ncpfs/Manifest
index ea1e994c6f8d..74e55bc7258d 100644
--- a/net-fs/ncpfs/Manifest
+++ b/net-fs/ncpfs/Manifest
@@ -1,8 +1,12 @@
+AUX ipx.confd 706 RMD160 f48dcc1b6253a2308e6eb5e0041d1faf88ae20e1 SHA1 424672b71473dd7a5005c4568be788f16ac9b85f SHA256 abfefd5c3f9df2232e5d35f743ff8ce2876e887d39bd823789b54e3a8bd69a0e
+AUX ipx.init 972 RMD160 d93ff3329aeb4fa5ccf19b02ef5d7dcc222cc85f SHA1 d20d5ef81f25e0870ed6b1af56e1275db098f948 SHA256 2b01a7a68110658f20c883e5045dd854389b37866e97c5f0e978034dc49dc395
 AUX ncpfs-2.2.5-php.patch 555 RMD160 90a7ef6fc3f6a26185f1961667973101f80d1a40 SHA1 2d2afd306c68d4ac03b7255bb060a405a871de94 SHA256 ea32f4f6a9ac7c1d43af654982410680ca535a313f2a94efd3ddb295949d864b
 AUX ncpfs-2.2.6-gcc4.patch 1291 RMD160 58de640d4771af428aeb4232b764acf4a5b4d2c3 SHA1 3788c148cb1c45780b515b10f97fdc1ad5b4b24f SHA256 8fbb8621b178aa8fb38da30639cc32afce0254445fe59c0f56c543da62d6921e
 AUX ncpfs-2.2.6-missing-includes.patch 779 RMD160 87cf6b943dfe02b45cde8579fada47ba784dc675 SHA1 6f878ac6a5cff8ba5f1f646a5461d9bd378827d3 SHA256 b724c68cd8e1b8e5ed91dc3f7c24948e76107bda6314c954918adfc058a24911
+AUX ncpfs-2.2.6-multiple-vulns.patch 14158 RMD160 1632c87e2e616b6e6ebc85703256fb329acd6584 SHA1 c9c098b8ad04d5969483131a89a66da3baea6921 SHA256 50d42cda962cbc5c3e7ad6048ed2ebb465645e640a32552ffa44c7229d8d2a77
+AUX ncpfs-2.2.6-remove-packed-attrib.patch 10312 RMD160 4496fc68b1abd2997911de8b9e6173244d11c480 SHA1 8a14e1cfc31e7f568b5c0d56a74dee66290e6a8a SHA256 f1c587b329224f34f351e08b32333e854539223d337e6bb2fdadf28c2130673b
 DIST ncpfs-2.2.6.tar.gz 2100545 RMD160 a02fcef8fff0f65f7ddbdd83b092a484a0372186 SHA1 00d83771ef14f2aeb039430a44201e33cd80a894 SHA256 2837046046bcdb46d77a80c1d17dbfd15e878700e879edab4cda9f080e0337f9
-EBUILD ncpfs-2.2.6-r1.ebuild 1202 RMD160 6e469685a3211b19ed76242fdfb852d6ccac3a5f SHA1 3746ec363db8bfb43b91074de5de236d202d041a SHA256 966daa3a4877d62be7ccf0f6c20f6ef3cb31b6cd85bdc5dabc97810faa6ddec2
-EBUILD ncpfs-2.2.6.ebuild 1351 RMD160 785d5cd8ba5a1d59bce6619c5e19728c4aa7b164 SHA1 9b94cf07932f4f54af0499331f8cf6bdad3b63ea SHA256 f7f73c1416e57110e5b891e863b9f0a53e00efdabae08955004d042ff1637dda
-MISC ChangeLog 3629 RMD160 c341a7adba0cec2443012b6fcc96a65058a42a7d SHA1 e8e5d45e808b1b5850926fb1e42d96ead07492b2 SHA256 9391e8c990b8972a8c0f24cdaeb34baea9d170ccb975257f3959554dd16454a7
+EBUILD ncpfs-2.2.6-r1.ebuild 1224 RMD160 81e6ca58ca8420c7a5d4d2a29e4a787c62c46453 SHA1 659bf5c4a8fdf9b04bcb3e87f2e685e3af04bef7 SHA256 1c6d286ca9121a1431757410e6cecca9e986bcb55c2c32a06dca2443b999fb58
+EBUILD ncpfs-2.2.6-r2.ebuild 1959 RMD160 d111ffe9918551e3a14e2b5c0ca2aa986aeeda79 SHA1 94707e0937de0c5f9597a286dd67f8c6f71553e5 SHA256 5cda07dda0110fce468dca3458aecaa9cbf38d9a455a72ad823bc52c1e43c421
+MISC ChangeLog 4343 RMD160 713988dc79d6cd99eb06e8317da187d54eaf392f SHA1 03da7a1f0e187fcf2ff582bb7d9685d4e06aff32 SHA256 beb33f541e8d2af1dee42e28af1af93ec5722b810e507706e1d60b9d2fecbe15
 MISC metadata.xml 290 RMD160 e9d92b1233ae82654859e3c8d9f116bfdf9cbef8 SHA1 f67952cc71a9b743e1c428d808488105c8982846 SHA256 bc04d955fed7a177f63051b016c7f24451c30200e8608b70f8e63e25176a0348
diff --git a/net-fs/ncpfs/files/ipx.confd b/net-fs/ncpfs/files/ipx.confd
new file mode 100644
index 000000000000..026a2993beca
--- /dev/null
+++ b/net-fs/ncpfs/files/ipx.confd
@@ -0,0 +1,28 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/files/ipx.confd,v 1.1 2011/02/10 09:26:38 kumba Exp $
+
+# Config file for /etc/init.d/ipx
+
+# Automatically selecting a primary interface.
+IPX_AUTO_PRIMARY=on
+
+# Automatically creating interfaces.
+IPX_AUTO_INTERFACE=on
+
+# Interface to which IPX sockets are bound.
+IPX_DEVICE=eth0
+
+# The IPX frame type to use.
+# Valid values are: 802.2, 802.3, SNAP, & EtherII.
+IPX_FRAME=802.2
+
+# Create a special kind of IPX interface that does not
+# have a physical device or frame type.
+IPX_INTERNAL_NET=no
+
+# Network number
+IPX_NETNUM=1
+
+# Node number
+IPX_NODENUM=1
diff --git a/net-fs/ncpfs/files/ipx.init b/net-fs/ncpfs/files/ipx.init
new file mode 100644
index 000000000000..4ad8cf0880a0
--- /dev/null
+++ b/net-fs/ncpfs/files/ipx.init
@@ -0,0 +1,42 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/files/ipx.init,v 1.1 2011/02/10 09:26:38 kumba Exp $
+
+#NB: Config is in /etc/conf.d/ipx
+
+depend() {
+	need net netmount
+}
+
+start() {
+	local retval=0
+	
+	ebegin "Bringing IPX up"
+	if [ ${IPX_INTERNAL_NET} = "yes" ]
+	then
+		/usr/bin/ipx_internal_net add ${IPX_NETNUM} ${IPX_NODENUM}
+		retval=$?
+	else
+		/usr/bin/ipx_interface add -p ${IPX_DEVICE} \
+			${IPX_FRAME} ${IPX_NETNUM}
+		retval=$?
+	fi
+	
+	/usr/bin/ipx_configure \
+		--auto_primary=${IPX_AUTO_PRIMARY} \
+		--auto_interface=${IPX_AUTO_INTERFACE}
+	retval=$(( $retval + $? ))
+	eend ${retval} "Failed to bring IPX up"
+}
+
+stop() {
+	local retval=0
+	
+	ebegin "Bringing IPX down"
+	/usr/bin/ipx_configure --auto_primary=off --auto_interface=off
+	retval=$?
+	/usr/bin/ipx_interface delall
+	retval=$(( $retval + $? ))
+	eend ${retval} "Failed to down IPX"
+}
diff --git a/net-fs/ncpfs/files/ncpfs-2.2.6-multiple-vulns.patch b/net-fs/ncpfs/files/ncpfs-2.2.6-multiple-vulns.patch
new file mode 100644
index 000000000000..a43c6ea00548
--- /dev/null
+++ b/net-fs/ncpfs/files/ncpfs-2.2.6-multiple-vulns.patch
@@ -0,0 +1,557 @@
+From: Dan Rosenberg <dan.j.rosenberg () gmail com>
+Date: Fri, 5 Mar 2010 12:06:01 -0500
+
+============================================
+ ncpfs, Multiple Vulnerabilities
+ March 5, 2010
+ CVE-2010-0788, CVE-2010-0790, CVE-2010-0791
+============================================
+
+==Description==
+
+The ncpmount, ncpumount, and ncplogin utilities, installed as part of the ncpfs
+package, contain several vulnerabilities.
+
+1. ncpmount, ncpumount, and ncplogin are vulnerable to race conditions that
+allow a local attacker to unmount arbitrary mountpoints, causing
+denial-of-service, or mount Netware shares to arbitrary directories,
+potentially leading to root compromise.  This issue was formerly assigned
+CVE-2009-3297, but has since been re-assigned CVE-2010-0788 to avoid overlap
+with related bugs in other packages.
+
+2. ncpumount is vulnerable to an information disclosure vulnerability that
+allows a local attacker to verify the existence of arbitrary files, violating
+directory permissions.  This issue has been assigned CVE-2010-0790.
+
+3. ncpmount, ncpumount, and ncplogin create lockfiles insecurely, allowing a
+local attacker to leave a stale lockfile at /etc/mtab~, causing other mount
+utilities to fail and creating denial-of-service conditions.  This issue has
+been assigned CVE-2010-0791.
+
+==Workaround==
+
+If unprivileged users do not need the ability to mount and unmount Netware
+shares, then the suid bit should be removed from these utilities.
+
+==Solution==
+
+A patch has been released that resolves these issues (attached to this
+advisory).  ncpfs-2.2.6.partial.patch is intended for ncpfs releases that have
+already been patched against the first vulnerability in this report
+(CVE-2010-0788, formerly CVE-2009-3297).  It has been tested against the latest
+ncpfs packages distributed by Fedora, Red Hat, and Mandriva.
+ncpfs-2.2.6.full.patch is intended for ncpfs releases that have not been
+patched against any of these vulnerabilities.  It has been tested against the
+latest ncpfs packages distributed by Debian, Ubuntu, and the upstream release
+(ftp://platan.vc.cvut.cz/pub/linux/ncpfs/).
+
+Users are advised to recompile from source, or request updated packages from
+downstream distributors.
+
+==Credits==
+
+These vulnerabilities were discovered by Dan Rosenberg
+(dan.j.rosenberg () gmail com).
+Thanks to Vitezslav Crhonek for the patch against the first issue.
+
+==References==
+
+CVE identifiers CVE-2010-0788, CVE-2010-0790, and CVE-2010-0791 have been
+assigned to these issues.
+
+http://seclists.org/fulldisclosure/2010/Mar/122
+
+
+diff -ur ncpfs-2.2.6.orig/sutil/ncplogin.c ncpfs-2.2.6/sutil/ncplogin.c
+--- ncpfs-2.2.6.orig/sutil/ncplogin.c	2010-03-03 16:18:59.000000000 -0500
++++ ncpfs-2.2.6/sutil/ncplogin.c	2010-03-03 16:17:41.000000000 -0500
+@@ -934,7 +934,9 @@
+ 	NWDSFreeContext(ctx);
+ 	/* ncpmap, ncplogin must write in /etc/mtab */
+ 	{
++		block_sigs();
+ 		add_mnt_entry(mount_name, mount_point, info.flags);
++		unblock_sigs();
+ 	}
+ 	free(mount_name);
+ 	if (info.echo_mnt_pnt) {
+diff -ur ncpfs-2.2.6.orig/sutil/ncpm_common.c ncpfs-2.2.6/sutil/ncpm_common.c
+--- ncpfs-2.2.6.orig/sutil/ncpm_common.c	2010-03-03 16:18:59.000000000 -0500
++++ ncpfs-2.2.6/sutil/ncpm_common.c	2010-03-03 16:17:41.000000000 -0500
+@@ -360,7 +360,7 @@
+ #endif 
+ 
+ static inline int ncpm_suser(void) {
+-	return setreuid(-1, 0);
++	return setresuid(0, 0, myuid);
+ }
+ 
+ static int ncpm_normal(void) {
+@@ -368,11 +368,31 @@
+ 	int v;
+ 
+ 	e = errno;
+-	v = setreuid(-1, myuid);
++	v = setresuid(myuid, myuid, 0);
+ 	errno = e;
+ 	return v;
+ }
+ 
++void block_sigs(void) {
++
++	sigset_t mask, orig_mask;
++	sigfillset(&mask);
++
++	if(sigprocmask(SIG_SETMASK, &mask, &orig_mask) < 0) {
++		errexit(-1, _("Blocking signals failed.\n"));
++	}
++}
++
++void unblock_sigs(void) {
++
++	sigset_t mask, orig_mask;
++	sigemptyset(&mask);
++
++	if (sigprocmask(SIG_SETMASK, &mask, &orig_mask) < 0) {
++		errexit(-1, _("Un-blocking signals failed.\n"));
++	}
++}
++
+ static int proc_ncpm_mount(const char* source, const char* target, const char* filesystem, unsigned long mountflags, const void* data) {
+ 	int v;
+ 	int e;
+@@ -444,7 +464,7 @@
+ 	}
+         datav2.file_mode   = data->file_mode;
+         datav2.dir_mode    = data->dir_mode;
+-	err = proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav2);
++	err = proc_ncpm_mount(mount_name, ".", "ncpfs", flags, (void*) &datav2);
+ 	if (err)
+ 		return errno;
+ 	return 0;
+@@ -508,7 +528,7 @@
+ 		exit(0);	/* Should not return from process_connection */
+ 	}
+ 	close(pp[0]);
+-	err=proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav3);
++	err=proc_ncpm_mount(mount_name, ".", "ncpfs", flags, (void*) &datav3);
+ 	if (err) {
+ 		err = errno;
+ 		/* Mount unsuccesful so we have to kill daemon */
+@@ -559,7 +579,7 @@
+ 		sprintf(mountopts, "version=%u,flags=%u,owner=%u,uid=%u,gid=%u,mode=%u,dirmode=%u,timeout=%u,retry=%u,wdogpid=%u,ncpfd=%u,infofd=%u",
+ 			NCP_MOUNT_VERSION_V5, ncpflags, data->mounted_uid, data->uid, data->gid, data->file_mode,
+ 			data->dir_mode, data->time_out, data->retry_count, wdog_pid, data->ncp_fd, pp[1]);
+-		err=proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, mountopts);
++		err=proc_ncpm_mount(mount_name, ".", "ncpfs", flags, mountopts);
+ 	} else {
+ 		err=-1;
+ 	}
+@@ -577,7 +597,7 @@
+ 	        datav4.file_mode   = data->file_mode;
+         	datav4.dir_mode    = data->dir_mode;
+ 		datav4.wdog_pid	   = wdog_pid;
+-		err = proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*)&datav4);
++		err = proc_ncpm_mount(mount_name, ".", "ncpfs", flags, (void*)&datav4);
+ 		if (err) {
+ 			err = errno;
+ 			/* Mount unsuccesful so we have to kill daemon */
+@@ -1395,6 +1415,17 @@
+ }
+ #endif /* MOUNT3 */
+ 
++static int check_name(const char *name)
++{
++	char *s;
++	for (s = "\n\t\\"; *s; s++) {
++		if (strchr(name, *s)) {
++			return -1;
++		}
++	}
++	return 0;
++}
++
+ static const struct smntflags {
+ 	unsigned int	flag;
+ 	const char*	name;
+@@ -1416,6 +1447,9 @@
+ 	int fd;
+ 	FILE* mtab;
+ 
++	if (check_name(mount_name) == -1 || check_name(mpnt) == -1)
++		errexit(107, _("Illegal character in mount entry\n"));
++
+ 	ment.mnt_fsname = mount_name;
+ 	ment.mnt_dir = mpnt;
+ 	ment.mnt_type = (char*)"ncpfs";
+diff -ur ncpfs-2.2.6.orig/sutil/ncpm_common.h ncpfs-2.2.6/sutil/ncpm_common.h
+--- ncpfs-2.2.6.orig/sutil/ncpm_common.h	2010-03-03 16:18:59.000000000 -0500
++++ ncpfs-2.2.6/sutil/ncpm_common.h	2010-03-03 16:17:41.000000000 -0500
+@@ -121,6 +121,9 @@
+ int proc_aftermount(const struct ncp_mount_info* info, NWCONN_HANDLE* conn);
+ int proc_ncpm_umount(const char* dir);
+ 
++void block_sigs(void);
++void unblock_sigs(void);
++
+ #define UNUSED(x)	x __attribute__((unused))
+ 
+ #endif	/* __NCPM_COMMON_H__ */
+diff -ur ncpfs-2.2.6.orig/sutil/ncpmount.c ncpfs-2.2.6/sutil/ncpmount.c
+--- ncpfs-2.2.6.orig/sutil/ncpmount.c	2010-03-03 16:18:59.000000000 -0500
++++ ncpfs-2.2.6/sutil/ncpmount.c	2010-03-03 16:17:41.000000000 -0500
+@@ -359,11 +359,17 @@
+ 		usage();
+ 		return -1;
+ 	}
++
+ 	realpath(argv[optind], mount_point);
+ 
+-	if (stat(mount_point, &st) == -1)
++	if (chdir(mount_point))
++	{
++		errexit(31, _("Could not change directory into mount target %s: %s\n"),
++			mount_point, strerror(errno));
++	}
++	if (stat(".", &st) == -1)
+ 	{
+-		errexit(31, _("Could not find mount point %s: %s\n"),
++		errexit(31, _("Mount point %s does not exist: %s\n"),
+ 			mount_point, strerror(errno));
+ 	}
+ 	if (mount_ok(&st) != 0)
+@@ -714,7 +720,9 @@
+ 	ncp_close(conn);
+ 
+ 	if (!opt_n) {
++		block_sigs();
+ 		add_mnt_entry(mount_name, mount_point, info.flags);
++		unblock_sigs();
+ 	}
+ 	return 0;
+ }
+diff -ur ncpfs-2.2.6.orig/sutil/ncpumount.c ncpfs-2.2.6/sutil/ncpumount.c
+--- ncpfs-2.2.6.orig/sutil/ncpumount.c	2010-03-03 16:18:59.000000000 -0500
++++ ncpfs-2.2.6/sutil/ncpumount.c	2010-03-03 16:17:41.000000000 -0500
+@@ -70,13 +70,24 @@
+ #include <mntent.h>
+ #include <pwd.h>
+ 
++#include <sched.h>
++
+ #include "private/libintl.h"
+ 
+ #define _(X) X
+ 
++#ifndef MS_REC
++#define MS_REC 16384
++#endif
++#ifndef MS_SLAVE
++#define MS_SLAVE (1<<19)
++#endif
++
+ static char *progname;
+ static int is_ncplogout = 0;
+ 
++uid_t uid;
++
+ static void
+ usage(void)
+ {
+@@ -117,6 +128,40 @@
+ 	va_end(ap);
+ }
+ 
++/* Mostly copied from ncpm_common.c */
++void block_sigs(void) {
++
++	sigset_t mask, orig_mask;
++	sigfillset(&mask);
++	sigdelset(&mask, SIGALRM); /* Need SIGALRM for ncpumount */
++
++	if(setresuid(0, 0, uid) < 0) {
++		eprintf("Failed to raise privileges.\n");
++		exit(-1);
++	}
++
++	if(sigprocmask(SIG_SETMASK, &mask, &orig_mask) < 0) {
++		eprintf("Blocking signals failed.\n");
++		exit(-1);
++	}
++}
++
++void unblock_sigs(void) {
++
++	sigset_t mask, orig_mask;
++	sigemptyset(&mask);
++
++	if(setresuid(uid, uid, 0) < 0) {
++		eprintf("Failed to drop privileges.\n");
++		exit(-1);
++	}
++
++	if(sigprocmask(SIG_SETMASK, &mask, &orig_mask) < 0) {
++		eprintf("Un-blocking signals failed.\n");
++		exit(-1);
++	}
++}
++
+ static void alarmSignal(int sig) {
+ 	(void)sig;
+ }
+@@ -192,10 +237,13 @@
+ 	if (!numEntries)
+ 		return 0; /* don't waste time ! */
+ 
++	block_sigs();
++
+ 	while ((fd = open(MOUNTED "~", O_RDWR | O_CREAT | O_EXCL, 0600)) == -1) {
+ 		struct timespec tm;
+ 
+ 		if (errno != EEXIST || retries == 0) {
++			unblock_sigs();
+ 			eprintf(_("Can't get %s~ lock file: %s\n"), MOUNTED, strerror(errno));
+ 			return 1;
+ 		}
+@@ -206,6 +254,7 @@
+ 			alarm(0);
+ 			close(fd);
+ 			if (err) {
++				unblock_sigs();
+ 				eprintf(_("Can't lock lock file %s~: %s\n"), MOUNTED, _("Lock timed out"));
+ 				return 1;
+ 			}
+@@ -223,26 +272,205 @@
+ 	err = __clearMtab(mount_points, numEntries);
+ 
+ 	if ((unlink(MOUNTED "~") == -1) && (err == 0)){
++		unblock_sigs();
+ 		eprintf(_("Can't remove %s~"), MOUNTED);
+ 		return 1;
+ 	}
++	unblock_sigs();
+ 	return err;
+ }
+ 
++
++int ncp_mnt_umount(const char *abs_mnt, const char *rel_mnt)
++{
++	if (umount(rel_mnt) != 0) {
++		eprintf(_("Could not umount %s: %s\n"),
++			abs_mnt, strerror(errno));
++		return -1;
++	}
++	return 0;
++}
++
++
++static int check_is_mount_child(void *p)
++{
++	const char **a = p;
++	const char *last = a[0];
++	const char *mnt = a[1];
++	int res;
++	const char *procmounts = "/proc/mounts";
++	int found;
++	FILE *fp;
++	struct mntent *entp;
++
++	res = mount("", "/", "", MS_SLAVE | MS_REC, NULL);
++	if (res == -1) {
++		eprintf(_("Failed to mark mounts slave: %s\n"),
++			strerror(errno));
++		return 1;
++	}
++
++	res = mount(".", "/tmp", "", MS_BIND | MS_REC, NULL);
++	if (res == -1) {
++		eprintf(_("Failed to bind parent to /tmp: %s\n"),
++			strerror(errno));
++		return 1;
++	}
++
++	fp = setmntent(procmounts, "r");
++	if (fp == NULL) {
++		eprintf(_("Failed to open %s: %s\n"),
++			procmounts, strerror(errno));
++		return 1;
++	}
++
++	found = 0;
++	while ((entp = getmntent(fp)) != NULL) {
++		if (strncmp(entp->mnt_dir, "/tmp/", 5) == 0 &&
++		    strcmp(entp->mnt_dir + 5, last) == 0) {
++			found = 1;
++			break;
++		}
++	}
++	endmntent(fp);
++
++	if (!found) {
++		eprintf(_("%s not mounted\n"), mnt);
++		return 1;
++	}
++
++	return 0;
++}
++
++
++static int check_is_mount(const char *last, const char *mnt)
++{
++	char buf[131072];
++	pid_t pid, p;
++	int status;
++	const char *a[2] = { last, mnt };
++
++	pid = clone(check_is_mount_child, buf + 65536, CLONE_NEWNS, (void *) a);
++	if (pid == (pid_t) -1) {
++		eprintf(_("Failed to clone namespace: %s\n"),
++			strerror(errno));
++		return -1;
++	}
++	p = waitpid(pid, &status, __WCLONE);
++	if (p == (pid_t) -1) {
++		eprintf(_("Waitpid failed: %s\n"),
++			strerror(errno));
++		return -1;
++	}
++	if (!WIFEXITED(status)) {
++		eprintf(_("Child terminated abnormally (status %i)\n"),
++			status);
++		return -1;
++	}
++	if (WEXITSTATUS(status) != 0)
++		return -1;
++
++	return 0;
++}
++
++
++static int chdir_to_parent(char *copy, const char **lastp, int *currdir_fd)
++{
++	char *tmp;
++	const char *parent;
++	char buf[PATH_MAX];
++	int res;
++
++	tmp = strrchr(copy, '/');
++	if (tmp == NULL || tmp[1] == '\0') {
++		eprintf(_("Internal error: invalid abs path: <%s>\n"),
++			copy);
++		return -1;
++	}
++	if (tmp != copy) {
++		*tmp = '\0';
++		parent = copy;
++		*lastp = tmp + 1;
++	} else if (tmp[1] != '\0') {
++		*lastp = tmp + 1;
++		parent = "/";
++	} else {
++		*lastp = ".";
++		parent = "/";
++	}
++	*currdir_fd = open(".", O_RDONLY);
++	if (*currdir_fd == -1) {
++		eprintf(_("Failed to open current directory: %s\n"),
++			strerror(errno));
++		return -1;
++	}
++	res = chdir(parent);
++	if (res == -1) {
++		eprintf(_("Failed to chdir to %s: %s\n"),
++			parent, strerror(errno));
++		return -1;
++	}
++	if (getcwd(buf, sizeof(buf)) == NULL) {
++		eprintf(_("Failed to obtain current directory: %s\n"),
++			strerror(errno));
++		return -1;
++	}
++	if (strcmp(buf, parent) != 0) {
++		eprintf(_("Mountpoint moved (%s -> %s)\n"),
++			parent, buf);
++		return -1;
++
++	}
++
++	return 0;
++}
++
++
++static int unmount_ncp(const char *mount_point)
++{
++	int currdir_fd = -1;
++	char *copy;
++	const char *last;
++	int res;
++
++	copy = strdup(mount_point);
++	if (copy == NULL) {
++		eprintf(_("Failed to allocate memory\n"));
++		return -1;
++	}
++	res = chdir_to_parent(copy, &last, &currdir_fd);
++	if (res == -1)
++		goto out;
++	res = check_is_mount(last, mount_point);
++	if (res == -1)
++		goto out;
++	res = ncp_mnt_umount(mount_point, last);
++
++out:
++	free(copy);
++	if (currdir_fd != -1) {
++		fchdir(currdir_fd);
++		close(currdir_fd);
++	}
++
++	return res;
++}
++
+ static int
+ do_umount(const char *mount_point)
+ {
+ 	int fid = open(mount_point, O_RDONLY, 0);
+ 	uid_t mount_uid;
++	int res;
+ 
+ 	if (fid == -1) {
+-		eprintf(_("Could not open %s: %s\n"),
+-			mount_point, strerror(errno));
++		eprintf(_("Invalid or unauthorized mountpoint %s\n"),
++			mount_point);
+ 		return -1;
+ 	}
+ 	if (ncp_get_mount_uid(fid, &mount_uid) != 0) {
+ 		close(fid);
+-		eprintf(_("%s probably not ncp-filesystem\n"),
++		eprintf(_("Invalid or unauthorized mountpoint %s\n"),
+ 			mount_point);
+ 		return -1;
+ 	}
+@@ -253,12 +481,8 @@
+ 		return -1;
+ 	}
+ 	close(fid);
+-	if (umount(mount_point) != 0) {
+-		eprintf(_("Could not umount %s: %s\n"),
+-			mount_point, strerror(errno));
+-		return -1;
+-	}
+-	return 0;
++	res = unmount_ncp(mount_point);
++	return res;
+ }
+ 
+ 
+@@ -409,7 +633,8 @@
+ 	int allConns = 0;
+ 	const char *serverName = NULL;
+ 	const char *treeName = NULL;
+-	uid_t uid = getuid();
++	
++	uid = getuid();
+ 
+ 	progname = strrchr(argv[0], '/');
+ 	if (progname) {
diff --git a/net-fs/ncpfs/files/ncpfs-2.2.6-remove-packed-attrib.patch b/net-fs/ncpfs/files/ncpfs-2.2.6-remove-packed-attrib.patch
new file mode 100644
index 000000000000..40267c728710
--- /dev/null
+++ b/net-fs/ncpfs/files/ncpfs-2.2.6-remove-packed-attrib.patch
@@ -0,0 +1,297 @@
+diff -Naurp ncpfs-2.2.6.orig//include/ncp/ipxlib.h ncpfs-2.2.6//include/ncp/ipxlib.h
+--- ncpfs-2.2.6.orig//include/ncp/ipxlib.h	2005-01-27 12:35:59.000000000 -0500
++++ ncpfs-2.2.6//include/ncp/ipxlib.h	2011-02-10 02:38:18.822076000 -0500
+@@ -64,12 +64,12 @@ struct sap_query
+ struct sap_server_ident
+ {
+ 	u_int16_t	server_type __attribute__((packed));
+-	char		server_name[48] __attribute__((packed));
++	char		server_name[48];
+ 	IPXNet		server_network __attribute__((packed));
+ #ifdef SWIG
+ 	u_int8_t	server_node[6] __attribute__((packed));
+ #else
+-	IPXNode		server_node __attribute__((packed));
++	IPXNode		server_node;
+ #endif
+ 	IPXPort		server_port __attribute__((packed));
+ 	u_int16_t	intermediate_network __attribute__((packed));
+@@ -87,7 +87,7 @@ struct ipx_rt_def {
+ struct ipx_rip_packet
+ {
+ 	u_int16_t		operation __attribute__((packed));
+-	struct ipx_rt_def	rt[1] __attribute__((packed));
++	struct ipx_rt_def	rt[1];
+ };
+ 
+ #ifdef SWIG
+diff -Naurp ncpfs-2.2.6.orig//include/ncp/kernel/ncp.h ncpfs-2.2.6//include/ncp/kernel/ncp.h
+--- ncpfs-2.2.6.orig//include/ncp/kernel/ncp.h	2005-01-27 12:35:59.000000000 -0500
++++ ncpfs-2.2.6//include/ncp/kernel/ncp.h	2011-02-10 02:38:18.822076000 -0500
+@@ -53,12 +53,12 @@
+ 
+ struct ncp_request_header {
+ 	u_int16_t type __attribute__((packed));
+-	u_int8_t  sequence __attribute__((packed));
+-	u_int8_t  conn_low __attribute__((packed));
+-	u_int8_t  task __attribute__((packed));
+-	u_int8_t  conn_high __attribute__((packed));
+-	u_int8_t  function __attribute__((packed));
+-	u_int8_t  data[0] __attribute__((packed));
++	u_int8_t  sequence;
++	u_int8_t  conn_low;
++	u_int8_t  task;
++	u_int8_t  conn_high;
++	u_int8_t  function;
++	u_int8_t  data[0];
+ };
+ 
+ #define NCP_REPLY                (0x3333)
+@@ -66,13 +66,13 @@ struct ncp_request_header {
+ 
+ struct ncp_reply_header {
+ 	u_int16_t type __attribute__((packed));
+-	u_int8_t sequence __attribute__((packed));
+-	u_int8_t conn_low __attribute__((packed));
+-	u_int8_t task __attribute__((packed));
+-	u_int8_t conn_high __attribute__((packed));
+-	u_int8_t completion_code __attribute__((packed));
+-	u_int8_t connection_state __attribute__((packed));
+-	u_int8_t data[0] __attribute__((packed));
++	u_int8_t sequence;
++	u_int8_t conn_low;
++	u_int8_t task;
++	u_int8_t conn_high;
++	u_int8_t completion_code;
++	u_int8_t connection_state;
++	u_int8_t data[0];
+ };
+ 
+ #define NCP_VOLNAME_LEN (16)
+@@ -230,8 +230,8 @@ struct nw_info_struct {
+ 	u_int32_t EAKeyCount __attribute__((packed));
+ 	u_int32_t EAKeySize __attribute__((packed));
+ 	u_int32_t NSCreator __attribute__((packed));
+-	u_int8_t nameLen __attribute__((packed));
+-	u_int8_t entryName[256] __attribute__((packed));
++	u_int8_t nameLen;
++	u_int8_t entryName[256];
+ };
+ #endif
+ 
+@@ -282,13 +282,13 @@ struct nw_file_info {
+ 	int opened;
+ 	int access;
+ 	u_int32_t server_file_handle __attribute__((packed));
+-	u_int8_t open_create_action __attribute__((packed));
+-	u_int8_t file_handle[6] __attribute__((packed));
++	u_int8_t open_create_action;
++	u_int8_t file_handle[6];
+ };
+ #endif
+ 
+ struct nw_search_sequence {
+-	u_int8_t volNumber __attribute__((packed));
++	u_int8_t volNumber;
+ 	u_int32_t dirBase __attribute__((packed));
+ 	u_int32_t sequence __attribute__((packed));
+ };
+diff -Naurp ncpfs-2.2.6.orig//include/ncp/ncp.h ncpfs-2.2.6//include/ncp/ncp.h
+--- ncpfs-2.2.6.orig//include/ncp/ncp.h	2005-01-27 12:35:59.000000000 -0500
++++ ncpfs-2.2.6//include/ncp/ncp.h	2011-02-10 02:38:18.822076000 -0500
+@@ -95,7 +95,7 @@ struct prop_net_address {
+ #ifdef SWIG
+ 	fixedArray node[IPX_NODE_LEN];
+ #else
+-	u_int8_t node[IPX_NODE_LEN] __attribute__((packed));
++	u_int8_t node[IPX_NODE_LEN];
+ #endif
+ 	u_int16_t port __attribute__((packed));
+ };
+@@ -163,20 +163,20 @@ struct nw_queue_job_entry {
+ 	u_int32_t ClientTask __attribute__((packed));
+ 	u_int32_t ClientObjectID __attribute__((packed));
+ 	u_int32_t TargetServerID __attribute__((packed));
+-	u_int8_t TargetExecTime[6] __attribute__((packed));
+-	u_int8_t JobEntryTime[6] __attribute__((packed));
++	u_int8_t TargetExecTime[6];
++	u_int8_t JobEntryTime[6];
+ 	u_int32_t JobNumber __attribute__((packed));
+ 	u_int16_t JobType __attribute__((packed));
+ 	u_int16_t JobPosition __attribute__((packed));
+ 	u_int16_t JobControlFlags __attribute__((packed));
+-	u_int8_t FileNameLen __attribute__((packed));
+-	char JobFileName[13] __attribute__((packed));
++	u_int8_t FileNameLen;
++	char JobFileName[13];
+ 	u_int32_t JobFileHandle __attribute__((packed));
+ 	u_int32_t ServerStation __attribute__((packed));
+ 	u_int32_t ServerTaskNumber __attribute__((packed));
+ 	u_int32_t ServerObjectID __attribute__((packed));
+-	char JobTextDescription[50] __attribute__((packed));
+-	char ClientRecordArea[152] __attribute__((packed));
++	char JobTextDescription[50];
++	char ClientRecordArea[152];
+ };
+ 
+ struct queue_job {
+@@ -217,18 +217,18 @@ struct print_job_record {
+ };
+ #else
+ struct print_job_record {
+-	u_int8_t Version __attribute__((packed));
+-	u_int8_t TabSize __attribute__((packed));
++	u_int8_t Version;
++	u_int8_t TabSize;
+ 	u_int16_t Copies __attribute__((packed));
+ 	u_int16_t CtrlFlags __attribute__((packed));
+ 	u_int16_t Lines __attribute__((packed));
+ 	u_int16_t Rows __attribute__((packed));
+-	char FormName[16] __attribute__((packed));
+-	u_int8_t Reserved[6] __attribute__((packed));
+-	char BannerName[13] __attribute__((packed));
+-	char FnameBanner[13] __attribute__((packed));
+-	char FnameHeader[14] __attribute__((packed));
+-	char Path[80] __attribute__((packed));
++	char FormName[16];
++	u_int8_t Reserved[6];
++	char BannerName[13];
++	char FnameBanner[13];
++	char FnameHeader[14];
++	char Path[80];
+ };
+ #endif
+ 
+diff -Naurp ncpfs-2.2.6.orig//include/ncp/ncplib.h ncpfs-2.2.6//include/ncp/ncplib.h
+--- ncpfs-2.2.6.orig//include/ncp/ncplib.h	2005-01-27 12:35:59.000000000 -0500
++++ ncpfs-2.2.6//include/ncp/ncplib.h	2011-02-10 02:38:18.822076000 -0500
+@@ -462,24 +462,24 @@ struct ncp_file_server_info
+ #else
+ struct ncp_file_server_info
+ {
+-	u_int8_t ServerName[48] __attribute__((packed));
+-	u_int8_t FileServiceVersion __attribute__((packed));
+-	u_int8_t FileServiceSubVersion __attribute__((packed));
++	u_int8_t ServerName[48];
++	u_int8_t FileServiceVersion;
++	u_int8_t FileServiceSubVersion;
+ 	u_int16_t MaximumServiceConnections __attribute__((packed));
+ 	u_int16_t ConnectionsInUse __attribute__((packed));
+ 	u_int16_t NumberMountedVolumes __attribute__((packed));
+-	u_int8_t Revision __attribute__((packed));
+-	u_int8_t SFTLevel __attribute__((packed));
+-	u_int8_t TTSLevel __attribute__((packed));
++	u_int8_t Revision;
++	u_int8_t SFTLevel;
++	u_int8_t TTSLevel;
+ 	u_int16_t MaxConnectionsEverUsed __attribute__((packed));
+-	u_int8_t AccountVersion __attribute__((packed));
+-	u_int8_t VAPVersion __attribute__((packed));
+-	u_int8_t QueueVersion __attribute__((packed));
+-	u_int8_t PrintVersion __attribute__((packed));
+-	u_int8_t VirtualConsoleVersion __attribute__((packed));
+-	u_int8_t RestrictionLevel __attribute__((packed));
+-	u_int8_t InternetBridge __attribute__((packed));
+-	u_int8_t Reserved[60] __attribute__((packed));
++	u_int8_t AccountVersion;
++	u_int8_t VAPVersion;
++	u_int8_t QueueVersion;
++	u_int8_t PrintVersion;
++	u_int8_t VirtualConsoleVersion;
++	u_int8_t RestrictionLevel;
++	u_int8_t InternetBridge;
++	u_int8_t Reserved[60];
+ };
+ #endif
+ 
+@@ -592,7 +592,7 @@ struct ncp_station_addr
+ #ifdef SWIG
+ 	fixedArray Node[6];
+ #else
+-	u_int8_t Node[6] __attribute__((packed));
++	u_int8_t Node[6];
+ #endif
+ 	u_int16_t Socket __attribute__((packed));
+ };
+@@ -602,32 +602,32 @@ struct ncp_prop_login_control
+ #ifdef SWIG
+ 	fixedArray AccountExpireDate[3];
+ #else
+-	u_int8_t AccountExpireDate[3] __attribute__((packed));
++	u_int8_t AccountExpireDate[3];
+ #endif	
+-	u_int8_t Disabled __attribute__((packed));
++	u_int8_t Disabled;
+ #ifdef SWIG
+ 	fixedArray PasswordExpireDate[3];
+ #else	
+-	u_int8_t PasswordExpireDate[3] __attribute__((packed));
++	u_int8_t PasswordExpireDate[3];
+ #endif	
+-	u_int8_t GraceLogins __attribute__((packed));
++	u_int8_t GraceLogins;
+ 	u_int16_t PasswordExpireInterval __attribute__((packed));
+-	u_int8_t MaxGraceLogins __attribute__((packed));
+-	u_int8_t MinPasswordLength __attribute__((packed));
++	u_int8_t MaxGraceLogins;
++	u_int8_t MinPasswordLength;
+ 	u_int16_t MaxConnections __attribute__((packed));
+ #ifdef SWIG
+ 	fixedArray ConnectionTimeMask[42] __attribute__((packed));
+ 	fixedArray LastLogin[6] __attribute__((packed));
+ #else	
+-	u_int8_t ConnectionTimeMask[42] __attribute__((packed));
+-	u_int8_t LastLogin[6] __attribute__((packed));
++	u_int8_t ConnectionTimeMask[42];
++	u_int8_t LastLogin[6];
+ #endif	
+-	u_int8_t RestrictionMask __attribute__((packed));
+-	u_int8_t reserved __attribute__((packed));
++	u_int8_t RestrictionMask;
++	u_int8_t reserved;
+ 	u_int32_t MaxDiskUsage __attribute__((packed));
+ 	u_int16_t BadLoginCount __attribute__((packed));
+ 	u_int32_t BadLoginCountDown __attribute__((packed));
+-	struct ncp_station_addr LastIntruder __attribute__((packed));
++	struct ncp_station_addr LastIntruder;
+ };
+ 
+ NWCCODE NWReadPropertyValue(NWCONN_HANDLE conn, const char *objName,
+diff -Naurp ncpfs-2.2.6.orig//ipx-1.0/ipx_cmd.c ncpfs-2.2.6//ipx-1.0/ipx_cmd.c
+--- ncpfs-2.2.6.orig//ipx-1.0/ipx_cmd.c	2005-01-27 12:35:59.000000000 -0500
++++ ncpfs-2.2.6//ipx-1.0/ipx_cmd.c	2011-02-10 02:40:19.222076002 -0500
+@@ -63,8 +63,8 @@
+ /* we are doing EthernetII... Any objections? */
+ struct {
+ 	u_int16_t	unknown	__attribute__((packed));
+-	u_int8_t	dst[6]	__attribute__((packed));
+-	u_int8_t	src[6]	__attribute__((packed));
++	u_int8_t	dst[6];
++	u_int8_t	src[6];
+ 	u_int16_t	type	__attribute__((packed));
+ 	u_int8_t	ipx[16384];
+ 	} buffer;
+diff -Naurp ncpfs-2.2.6.orig//lib/ncplib.c ncpfs-2.2.6//lib/ncplib.c
+--- ncpfs-2.2.6.orig//lib/ncplib.c	2011-02-10 02:38:05.000000000 -0500
++++ ncpfs-2.2.6//lib/ncplib.c	2011-02-10 02:38:18.822076000 -0500
+@@ -2584,13 +2584,13 @@ ncp_request(struct ncp_conn *conn, int f
+ 
+ struct nw_time_buffer
+ {
+-	u_int8_t year __attribute__((packed));
+-	u_int8_t month __attribute__((packed));
+-	u_int8_t day __attribute__((packed));
+-	u_int8_t hour __attribute__((packed));
+-	u_int8_t minute __attribute__((packed));
+-	u_int8_t second __attribute__((packed));
+-	u_int8_t wday __attribute__((packed));
++	u_int8_t year;
++	u_int8_t month;
++	u_int8_t day;
++	u_int8_t hour;
++	u_int8_t minute;
++	u_int8_t second;
++	u_int8_t wday;
+ };
+ 
+ static time_t
diff --git a/net-fs/ncpfs/ncpfs-2.2.6-r1.ebuild b/net-fs/ncpfs/ncpfs-2.2.6-r1.ebuild
index 18fa69e28752..7a451a159976 100644
--- a/net-fs/ncpfs/ncpfs-2.2.6-r1.ebuild
+++ b/net-fs/ncpfs/ncpfs-2.2.6-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2010 Gentoo Foundation
+# Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/ncpfs-2.2.6-r1.ebuild,v 1.2 2010/10/08 16:22:59 mabi Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/ncpfs-2.2.6-r1.ebuild,v 1.3 2011/02/10 09:26:38 kumba Exp $
 
 EAPI="2"
 
@@ -19,6 +19,8 @@ DEPEND="nls? ( sys-devel/gettext )
 	pam? ( virtual/pam )
 	php? ( || ( dev-lang/php virtual/httpd-php ) )"
 
+RDEPEND="${DEPEND}"
+
 src_prepare() {
 	# add patch for PHP extension sandbox violation
 	epatch "${FILESDIR}"/${PN}-2.2.5-php.patch
diff --git a/net-fs/ncpfs/ncpfs-2.2.6-r2.ebuild b/net-fs/ncpfs/ncpfs-2.2.6-r2.ebuild
new file mode 100644
index 000000000000..678896ea59b7
--- /dev/null
+++ b/net-fs/ncpfs/ncpfs-2.2.6-r2.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/ncpfs-2.2.6-r2.ebuild,v 1.1 2011/02/10 09:26:38 kumba Exp $
+
+EAPI="2"
+
+inherit eutils pam
+
+DESCRIPTION="Provides Access to Netware services using the NCP protocol"
+HOMEPAGE="ftp://platan.vc.cvut.cz/pub/linux/ncpfs/"
+SRC_URI="ftp://platan.vc.cvut.cz/pub/linux/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+IUSE="nls pam php"
+
+DEPEND="nls? ( sys-devel/gettext )
+	pam? ( virtual/pam )
+	php? ( || ( dev-lang/php virtual/httpd-php ) )"
+
+RDEPEND="${DEPEND}"
+
+src_prepare() {
+	# Add patch for PHP extension sandbox violation
+	epatch "${FILESDIR}"/${PN}-2.2.5-php.patch
+	epatch "${FILESDIR}"/${P}-gcc4.patch
+	epatch "${FILESDIR}"/${P}-missing-includes.patch
+
+	# Add a patch to fix multiple vulnerabilities.
+	# CVE-2010-0788, CVE-2010-0790, & CVE-2010-0791.
+	# http://seclists.org/fulldisclosure/2010/Mar/122
+	epatch "${FILESDIR}"/${P}-multiple-vulns.patch
+
+	# Add a patch that removes the __attribute__((packed)); directive
+	# from several struct members in include/ncp/ncplib.h.  This will
+	# cut down on a large number of compile warnings generated by modern
+	# gcc releases.
+	epatch "${FILESDIR}"/${P}-remove-packed-attrib.patch
+
+	# Bug #273484
+	sed -i '/ldconfig/d' lib/Makefile.in
+
+	# Hack to inject LDFLAGS into the build
+	sed -i '/^LIBS/s:=:= @LDFLAGS@:' `find -name Makefile.in` || die
+}
+
+src_configure() {
+	econf \
+		$(use_enable nls) \
+		$(use_enable pam pam "$(getpam_mod_dir)") \
+		$(use_enable php)
+}
+
+src_install() {
+	dodir $(getpam_mod_dir) /usr/sbin /sbin
+
+	# Install the main programs, then the headers.
+	emake DESTDIR="${D}" install || die
+	emake DESTDIR="${D}" install-dev || die
+
+	# Install a startup script in /etc/init.d and a conf file in /etc/conf.d
+	newconfd "${FILESDIR}"/ipx.confd ipx
+	newinitd "${FILESDIR}"/ipx.init ipx
+
+	# Docs
+	dodoc FAQ README
+}
diff --git a/net-fs/ncpfs/ncpfs-2.2.6.ebuild b/net-fs/ncpfs/ncpfs-2.2.6.ebuild
deleted file mode 100644
index 98d751d56e4a..000000000000
--- a/net-fs/ncpfs/ncpfs-2.2.6.ebuild
+++ /dev/null
@@ -1,52 +0,0 @@
-# Copyright 1999-2008 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-fs/ncpfs/ncpfs-2.2.6.ebuild,v 1.5 2008/05/14 22:16:53 flameeyes Exp $
-
-inherit eutils confutils
-
-IUSE="nls pam php"
-
-DESCRIPTION="Provides Access to Netware services using the NCP protocol (Kernel support must be activated!)"
-SRC_URI="ftp://platan.vc.cvut.cz/pub/linux/${PN}/${P}.tar.gz"
-HOMEPAGE="ftp://platan.vc.cvut.cz/pub/linux/ncpfs/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="x86 ~amd64 ~ppc ppc64"
-
-DEPEND="nls? ( sys-devel/gettext )
-		pam? ( virtual/pam )
-		php? ( || ( virtual/php virtual/httpd-php ) )"
-
-src_unpack() {
-	unpack ${A}
-
-	# add patch for PHP extension sandbox violation
-	cd ${S} || die "Unable to cd to ${S}"
-	epatch "${FILESDIR}"/${PN}-2.2.5-php.patch || die "Unable to apply PHP patch"
-	epatch "${FILESDIR}"/${P}-gcc4.patch
-	epatch "${FILESDIR}"/${P}-missing-includes.patch
-}
-
-src_compile() {
-
-	local myconf
-
-	myconf=
-	enable_extension_enable "nls" "nls" 0
-	enable_extension_enable "pam" "pam" 0
-	enable_extension_enable "php" "php" 0
-
-	econf ${myconf} || die "econf failed"
-	emake || die
-}
-
-src_install () {
-	# directory ${D}/lib/security needs to be created or the install fails
-	dodir /lib/security
-	dodir /usr/sbin
-	dodir /sbin
-	make DESTDIR=${D} install || die
-
-	dodoc FAQ README
-}
author	Joshua Kinard <kumba@gentoo.org>	2011-02-10 09:26:38 +0000
committer	Joshua Kinard <kumba@gentoo.org>	2011-02-10 09:26:38 +0000
commit	7d1204465d06e4b841a721a9dd1f44d6c955aac1 (patch)
tree	0524faadc0b4fd8270de704b1ff6f254109aec7d /net-fs/ncpfs
parent	add ~ppc-aix keyword. (diff)
download	historical-7d1204465d06e4b841a721a9dd1f44d6c955aac1.tar.gz historical-7d1204465d06e4b841a721a9dd1f44d6c955aac1.tar.bz2 historical-7d1204465d06e4b841a721a9dd1f44d6c955aac1.zip