1 From Ubuntu's changelog:
2 * utils/statd/statd.c (patch from SGI):
3 - drop_privs(): fix uninitialized st.st_gid value when running as root
4 (not exploitable, but using random group ids might be confusing)
5 * utils/rquotad/rquota_server.c (Arjan van de Ven):
6 - getquotainfo(): do not use memcpy() to copy
7 values from struct dqblk to struct rquota; on 64 bit architectures time_t
8 is 64 bits wide, but the target fields are only 32 bit, thus causing a
12 --- nfs-utils-1.0.6.orig/utils/statd/statd.c
13 +++ nfs-utils-1.0.6/utils/statd/statd.c
17 if (stat(SM_DIR, &st) == -1 &&
18 - stat(DIR_BASE, &st) == -1)
19 + stat(DIR_BASE, &st) == -1) {
25 note(N_WARNING, "statd running as root. chown %s to choose different user\n",
26 --- nfs-utils-1.0.6.orig/utils/rquotad/rquota_server.c
27 +++ nfs-utils-1.0.6/utils/rquotad/rquota_server.c
29 char *pathname, *qfpathname;
30 int fd, err, id, type;
32 + struct rquota *rquota;
35 * First check authentication.
37 * Make a copy of the info into the last part of the remote quota
38 * struct which is exactly the same.
40 - memcpy((caddr_t *)&result.getquota_rslt_u.gqr_rquota.rq_bhardlimit,
41 - (caddr_t *)&dq_dqb, sizeof(struct dqblk));
43 + rquota = &result.getquota_rslt_u.gqr_rquota;
44 + rquota->rq_bhardlimit = dq_dqb.dqb_bhardlimit;
45 + rquota->rq_bsoftlimit = dq_dqb.dqb_bsoftlimit;;
46 + rquota->rq_curblocks = dq_dqb.dqb_curblocks;
47 + rquota->rq_fhardlimit = dq_dqb.dqb_ihardlimit;
48 + rquota->rq_fsoftlimit = dq_dqb.dqb_isoftlimit;
49 + rquota->rq_curfiles = dq_dqb.dqb_curinodes;
50 + rquota->rq_btimeleft = dq_dqb.dqb_btime;
51 + rquota->rq_ftimeleft = dq_dqb.dqb_itime;