Loading pkgs/tools/filesystems/davfs2/0002-Make-sure-that-the-setuid-wrapped-umount-is-invoked.patch +15 −31 Original line number Diff line number Diff line From 56873cf29974ff0dfc1ba1afb7022ce49e300835 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch <maximilian@mbosch.me> Date: Wed, 11 Nov 2020 11:58:25 +0100 Subject: [PATCH 2/2] Make sure that the setuid-wrapped `umount` is invoked --- src/dav_fuse.c | 2 +- src/umount_davfs.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/dav_fuse.c b/src/dav_fuse.c index 734bc1f..4501433 100644 index 6311428..1b1698d 100644 --- a/src/dav_fuse.c +++ b/src/dav_fuse.c @@ -187,7 +187,7 @@ dav_fuse_loop(int device, char *mpoint, size_t bufsize, time_t idle_time, unmounting = 1; @@ -189,7 +189,7 @@ dav_fuse_loop(int device, char *mpoint, size_t bufsize, time_t idle_time, pid_t pid = fork(); if (pid == 0) { #if defined(__linux__) - execl("/bin/umount", "umount", "-il", mountpoint, NULL); + execl("@wrapperDir@/umount", "umount", "-il", mountpoint, NULL); _exit(EXIT_FAILURE); } } #elif defined(__FreeBSD__) execl("/sbin/umount", "umount", "-v", mountpoint, NULL); #endif diff --git a/src/umount_davfs.c b/src/umount_davfs.c index b7019c3..75e3b4b 100644 index 6a82fd2..93958be 100644 --- a/src/umount_davfs.c +++ b/src/umount_davfs.c @@ -122,9 +122,9 @@ main(int argc, char *argv[]) char *umount_command = NULL; if (mpoint) { - umount_command = ne_concat("umount -i '", mpoint, "'", NULL); + umount_command = ne_concat("@wrapperDir@/umount -i '", mpoint, "'", NULL); } else { - umount_command = ne_concat("umount -i '", argv[optind], "'", NULL); + umount_command = ne_concat("@wrapperDir@/umount -i '", argv[optind], "'", NULL); error(0, 0, _("\n" " can't evaluate PID file name;\n" -- 2.28.0 @@ -50,7 +50,7 @@ #endif #if defined(__linux__) -#define UMOUNT_CMD "umount -i" +#define UMOUNT_CMD "@wrapperDir@/umount -i" #elif defined(__FreeBSD__) #define UMOUNT_CMD "umount" #endif pkgs/tools/filesystems/davfs2/default.nix +8 −7 Original line number Diff line number Diff line { lib, stdenv , fetchurl , fetchpatch , autoreconfHook , neon , procps , substituteAll Loading @@ -10,17 +11,22 @@ stdenv.mkDerivation rec { pname = "davfs2"; version = "1.6.1"; version = "1.7.0"; src = fetchurl { url = "mirror://savannah/davfs2/davfs2-${version}.tar.gz"; sha256 = "sha256-zj65SOzlgqUck0zLDMcOZZg5FycXyv8XP2ml4q+QxcA="; sha256 = "sha256-JR23Wic4DMoTMLG5cXAMXl3MDJDlpHYiKF8BQO3+Oi8="; }; nativeBuildInputs = [ autoreconfHook ]; buildInputs = [ neon zlib ]; patches = [ ./fix-sysconfdir.patch ./disable-suid.patch (substituteAll { src = ./0001-umount_davfs-substitute-ps-command.patch; ps = "${procps}/bin/ps"; Loading @@ -33,11 +39,6 @@ stdenv.mkDerivation rec { configureFlags = [ "--sysconfdir=/etc" ]; makeFlags = [ "sbindir=$(out)/sbin" "ssbindir=$(out)/sbin" ]; meta = { homepage = "https://savannah.nongnu.org/projects/davfs2"; description = "Mount WebDAV shares like a typical filesystem"; Loading pkgs/tools/filesystems/davfs2/disable-suid.patch 0 → 100644 +9 −0 Original line number Diff line number Diff line diff --git a/src/Makefile.am b/src/Makefile.am index bbde353..bcbed04 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -54,4 +54,3 @@ LIBS += @LIBICONV@ endif install-exec-hook: - chmod u+s $(DESTDIR)$(sbindir)/mount.davfs; pkgs/tools/filesystems/davfs2/fix-sysconfdir.patch +9 −39 Original line number Diff line number Diff line diff -ubr davfs2-1.4.7-orig/etc/Makefile.am davfs2-1.4.7/etc/Makefile.am --- davfs2-1.4.7-orig/etc/Makefile.am 2013-02-21 11:45:00.185763558 +0100 +++ davfs2-1.4.7/etc/Makefile.am 2013-02-21 11:53:05.423197775 +0100 @@ -24,17 +24,17 @@ diff --git a/etc/Makefile.am b/etc/Makefile.am index 5a01282..6a40921 100644 --- a/etc/Makefile.am +++ b/etc/Makefile.am @@ -24,17 +24,17 @@ pkgsysconfdir = $(sysconfdir)/@PACKAGE@ install-data-local: $(dist_pkgdata_DATA) @$(NORMAL_INSTALL) - $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir) - $(INSTALL_DATA) -b davfs2.conf $(DESTDIR)$(pkgsysconfdir)/davfs2.conf - $(INSTALL_DATA) -b -m 600 secrets $(DESTDIR)$(pkgsysconfdir)/secrets - $(INSTALL_DATA) -b $(srcdir)/davfs2.conf $(DESTDIR)$(pkgsysconfdir)/davfs2.conf - $(INSTALL_DATA) -b -m 600 $(srcdir)/secrets $(DESTDIR)$(pkgsysconfdir)/secrets - $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir)/certs - $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir)/certs/private - chmod 700 $(DESTDIR)$(pkgsysconfdir)/certs/private + $(mkinstalldirs) $(out)$(pkgsysconfdir) + $(INSTALL_DATA) -b davfs2.conf $(out)$(pkgsysconfdir)/davfs2.conf + $(INSTALL_DATA) -b -m 600 secrets $(out)$(pkgsysconfdir)/secrets + $(INSTALL_DATA) -b $(srcdir)/davfs2.conf $(out)$(pkgsysconfdir)/davfs2.conf + $(INSTALL_DATA) -b -m 600 $(srcdir)/secrets $(out)$(pkgsysconfdir)/secrets + $(mkinstalldirs) $(out)$(pkgsysconfdir)/certs + $(mkinstalldirs) $(out)$(pkgsysconfdir)/certs/private + chmod 700 $(out)$(pkgsysconfdir)/certs/private Loading @@ -27,34 +28,3 @@ diff -ubr davfs2-1.4.7-orig/etc/Makefile.am davfs2-1.4.7/etc/Makefile.am + echo " rm -f $(out)$(pkgsysconfdir)/$$f"; \ + rm -f $(out)$(pkgsysconfdir)/$$f; \ done diff -ubr davfs2-1.4.7-orig/etc/Makefile.in davfs2-1.4.7/etc/Makefile.in --- davfs2-1.4.7-orig/etc/Makefile.in 2013-02-21 11:45:00.185763558 +0100 +++ davfs2-1.4.7/etc/Makefile.in 2013-02-21 11:53:27.241207128 +0100 @@ -408,19 +408,19 @@ install-data-local: $(dist_pkgdata_DATA) @$(NORMAL_INSTALL) - $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir) - $(INSTALL_DATA) -b davfs2.conf $(DESTDIR)$(pkgsysconfdir)/davfs2.conf - $(INSTALL_DATA) -b -m 600 secrets $(DESTDIR)$(pkgsysconfdir)/secrets - $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir)/certs - $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir)/certs/private - chmod 700 $(DESTDIR)$(pkgsysconfdir)/certs/private + $(mkinstalldirs) $(out)$(pkgsysconfdir) + $(INSTALL_DATA) -b davfs2.conf $(out)$(pkgsysconfdir)/davfs2.conf + $(INSTALL_DATA) -b -m 600 secrets $(out)$(pkgsysconfdir)/secrets + $(mkinstalldirs) $(out)$(pkgsysconfdir)/certs + $(mkinstalldirs) $(out)$(pkgsysconfdir)/certs/private + chmod 700 $(out)$(pkgsysconfdir)/certs/private uninstall-local: @$(NORMAL_UNINSTALL) @list='$(dist_pkgdata_DATA)'; for p in $$list; do \ f="`echo $$p | sed -e 's|^.*/||'`"; \ - echo " rm -f $(DESTDIR)$(pkgsysconfdir)/$$f"; \ - rm -f $(DESTDIR)$(pkgsysconfdir)/$$f; \ + echo " rm -f $(out)$(pkgsysconfdir)/$$f"; \ + rm -f $(out)$(pkgsysconfdir)/$$f; \ done # Tell versions [3.59,3.63) of GNU make to not export all variables. Loading
pkgs/tools/filesystems/davfs2/0002-Make-sure-that-the-setuid-wrapped-umount-is-invoked.patch +15 −31 Original line number Diff line number Diff line From 56873cf29974ff0dfc1ba1afb7022ce49e300835 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch <maximilian@mbosch.me> Date: Wed, 11 Nov 2020 11:58:25 +0100 Subject: [PATCH 2/2] Make sure that the setuid-wrapped `umount` is invoked --- src/dav_fuse.c | 2 +- src/umount_davfs.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/dav_fuse.c b/src/dav_fuse.c index 734bc1f..4501433 100644 index 6311428..1b1698d 100644 --- a/src/dav_fuse.c +++ b/src/dav_fuse.c @@ -187,7 +187,7 @@ dav_fuse_loop(int device, char *mpoint, size_t bufsize, time_t idle_time, unmounting = 1; @@ -189,7 +189,7 @@ dav_fuse_loop(int device, char *mpoint, size_t bufsize, time_t idle_time, pid_t pid = fork(); if (pid == 0) { #if defined(__linux__) - execl("/bin/umount", "umount", "-il", mountpoint, NULL); + execl("@wrapperDir@/umount", "umount", "-il", mountpoint, NULL); _exit(EXIT_FAILURE); } } #elif defined(__FreeBSD__) execl("/sbin/umount", "umount", "-v", mountpoint, NULL); #endif diff --git a/src/umount_davfs.c b/src/umount_davfs.c index b7019c3..75e3b4b 100644 index 6a82fd2..93958be 100644 --- a/src/umount_davfs.c +++ b/src/umount_davfs.c @@ -122,9 +122,9 @@ main(int argc, char *argv[]) char *umount_command = NULL; if (mpoint) { - umount_command = ne_concat("umount -i '", mpoint, "'", NULL); + umount_command = ne_concat("@wrapperDir@/umount -i '", mpoint, "'", NULL); } else { - umount_command = ne_concat("umount -i '", argv[optind], "'", NULL); + umount_command = ne_concat("@wrapperDir@/umount -i '", argv[optind], "'", NULL); error(0, 0, _("\n" " can't evaluate PID file name;\n" -- 2.28.0 @@ -50,7 +50,7 @@ #endif #if defined(__linux__) -#define UMOUNT_CMD "umount -i" +#define UMOUNT_CMD "@wrapperDir@/umount -i" #elif defined(__FreeBSD__) #define UMOUNT_CMD "umount" #endif
pkgs/tools/filesystems/davfs2/default.nix +8 −7 Original line number Diff line number Diff line { lib, stdenv , fetchurl , fetchpatch , autoreconfHook , neon , procps , substituteAll Loading @@ -10,17 +11,22 @@ stdenv.mkDerivation rec { pname = "davfs2"; version = "1.6.1"; version = "1.7.0"; src = fetchurl { url = "mirror://savannah/davfs2/davfs2-${version}.tar.gz"; sha256 = "sha256-zj65SOzlgqUck0zLDMcOZZg5FycXyv8XP2ml4q+QxcA="; sha256 = "sha256-JR23Wic4DMoTMLG5cXAMXl3MDJDlpHYiKF8BQO3+Oi8="; }; nativeBuildInputs = [ autoreconfHook ]; buildInputs = [ neon zlib ]; patches = [ ./fix-sysconfdir.patch ./disable-suid.patch (substituteAll { src = ./0001-umount_davfs-substitute-ps-command.patch; ps = "${procps}/bin/ps"; Loading @@ -33,11 +39,6 @@ stdenv.mkDerivation rec { configureFlags = [ "--sysconfdir=/etc" ]; makeFlags = [ "sbindir=$(out)/sbin" "ssbindir=$(out)/sbin" ]; meta = { homepage = "https://savannah.nongnu.org/projects/davfs2"; description = "Mount WebDAV shares like a typical filesystem"; Loading
pkgs/tools/filesystems/davfs2/disable-suid.patch 0 → 100644 +9 −0 Original line number Diff line number Diff line diff --git a/src/Makefile.am b/src/Makefile.am index bbde353..bcbed04 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -54,4 +54,3 @@ LIBS += @LIBICONV@ endif install-exec-hook: - chmod u+s $(DESTDIR)$(sbindir)/mount.davfs;
pkgs/tools/filesystems/davfs2/fix-sysconfdir.patch +9 −39 Original line number Diff line number Diff line diff -ubr davfs2-1.4.7-orig/etc/Makefile.am davfs2-1.4.7/etc/Makefile.am --- davfs2-1.4.7-orig/etc/Makefile.am 2013-02-21 11:45:00.185763558 +0100 +++ davfs2-1.4.7/etc/Makefile.am 2013-02-21 11:53:05.423197775 +0100 @@ -24,17 +24,17 @@ diff --git a/etc/Makefile.am b/etc/Makefile.am index 5a01282..6a40921 100644 --- a/etc/Makefile.am +++ b/etc/Makefile.am @@ -24,17 +24,17 @@ pkgsysconfdir = $(sysconfdir)/@PACKAGE@ install-data-local: $(dist_pkgdata_DATA) @$(NORMAL_INSTALL) - $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir) - $(INSTALL_DATA) -b davfs2.conf $(DESTDIR)$(pkgsysconfdir)/davfs2.conf - $(INSTALL_DATA) -b -m 600 secrets $(DESTDIR)$(pkgsysconfdir)/secrets - $(INSTALL_DATA) -b $(srcdir)/davfs2.conf $(DESTDIR)$(pkgsysconfdir)/davfs2.conf - $(INSTALL_DATA) -b -m 600 $(srcdir)/secrets $(DESTDIR)$(pkgsysconfdir)/secrets - $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir)/certs - $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir)/certs/private - chmod 700 $(DESTDIR)$(pkgsysconfdir)/certs/private + $(mkinstalldirs) $(out)$(pkgsysconfdir) + $(INSTALL_DATA) -b davfs2.conf $(out)$(pkgsysconfdir)/davfs2.conf + $(INSTALL_DATA) -b -m 600 secrets $(out)$(pkgsysconfdir)/secrets + $(INSTALL_DATA) -b $(srcdir)/davfs2.conf $(out)$(pkgsysconfdir)/davfs2.conf + $(INSTALL_DATA) -b -m 600 $(srcdir)/secrets $(out)$(pkgsysconfdir)/secrets + $(mkinstalldirs) $(out)$(pkgsysconfdir)/certs + $(mkinstalldirs) $(out)$(pkgsysconfdir)/certs/private + chmod 700 $(out)$(pkgsysconfdir)/certs/private Loading @@ -27,34 +28,3 @@ diff -ubr davfs2-1.4.7-orig/etc/Makefile.am davfs2-1.4.7/etc/Makefile.am + echo " rm -f $(out)$(pkgsysconfdir)/$$f"; \ + rm -f $(out)$(pkgsysconfdir)/$$f; \ done diff -ubr davfs2-1.4.7-orig/etc/Makefile.in davfs2-1.4.7/etc/Makefile.in --- davfs2-1.4.7-orig/etc/Makefile.in 2013-02-21 11:45:00.185763558 +0100 +++ davfs2-1.4.7/etc/Makefile.in 2013-02-21 11:53:27.241207128 +0100 @@ -408,19 +408,19 @@ install-data-local: $(dist_pkgdata_DATA) @$(NORMAL_INSTALL) - $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir) - $(INSTALL_DATA) -b davfs2.conf $(DESTDIR)$(pkgsysconfdir)/davfs2.conf - $(INSTALL_DATA) -b -m 600 secrets $(DESTDIR)$(pkgsysconfdir)/secrets - $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir)/certs - $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir)/certs/private - chmod 700 $(DESTDIR)$(pkgsysconfdir)/certs/private + $(mkinstalldirs) $(out)$(pkgsysconfdir) + $(INSTALL_DATA) -b davfs2.conf $(out)$(pkgsysconfdir)/davfs2.conf + $(INSTALL_DATA) -b -m 600 secrets $(out)$(pkgsysconfdir)/secrets + $(mkinstalldirs) $(out)$(pkgsysconfdir)/certs + $(mkinstalldirs) $(out)$(pkgsysconfdir)/certs/private + chmod 700 $(out)$(pkgsysconfdir)/certs/private uninstall-local: @$(NORMAL_UNINSTALL) @list='$(dist_pkgdata_DATA)'; for p in $$list; do \ f="`echo $$p | sed -e 's|^.*/||'`"; \ - echo " rm -f $(DESTDIR)$(pkgsysconfdir)/$$f"; \ - rm -f $(DESTDIR)$(pkgsysconfdir)/$$f; \ + echo " rm -f $(out)$(pkgsysconfdir)/$$f"; \ + rm -f $(out)$(pkgsysconfdir)/$$f; \ done # Tell versions [3.59,3.63) of GNU make to not export all variables.
