Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package autofs It was discovered by upstream that a previous patch introduced a regression that leads to autofs connecting to rpcbind for NFSv4-only NFS mounts. Upstream's fix for that has now been cherry-picked into autofs 5.1.8-2. [ Reason ] + [ Mike Gabriel ] + * debian/patches: + + Add fix-nfs4-only-mounts-should-not-use-rpcbind.patch. Don't let NFSv4- + only mounts use rpcbind portmapper service. (Closes: #1034261). -> This is the cherry-pick patch. Encouraged by Salvatore from the security team (though not with security team's hat on). + * debian/control: + + Bump Standards-Version: to 4.6.2. No changes needed. -> This change was already in Git (with 4.6.1, but well...). So, I kept/updated it. + * lintian: + + Adjust syntax of various overrides. -> Make lintian happy again, add square brackets around path names. [ Impact ] Impact on NFSv4-mounts in autofs. [ Tests ] Code review. Upstream-sanctioned patch. [ Risks ] Breaking of autofs with NFS. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] None unblock autofs/5.1.8-2
diff -Nru autofs-5.1.8/debian/autofs.lintian-overrides autofs-5.1.8/debian/autofs.lintian-overrides --- autofs-5.1.8/debian/autofs.lintian-overrides 2021-02-04 13:31:22.000000000 +0100 +++ autofs-5.1.8/debian/autofs.lintian-overrides 2023-05-19 10:25:31.000000000 +0200 @@ -1,5 +1,5 @@ # autofs 5.1.7 introduces autofs.a as a shared library, but we will ignore this for now -sharedobject-in-library-directory-missing-soname usr/lib/x86_64-linux-gnu/libautofs.so +sharedobject-in-library-directory-missing-soname [usr/lib/x86_64-linux-gnu/libautofs.so] # autofs.8 man page explains the overall concept of autofs -spare-manual-page usr/share/man/man8/autofs.8.gz +spare-manual-page [usr/share/man/man8/autofs.8.gz] diff -Nru autofs-5.1.8/debian/changelog autofs-5.1.8/debian/changelog --- autofs-5.1.8/debian/changelog 2021-12-01 23:52:49.000000000 +0100 +++ autofs-5.1.8/debian/changelog 2023-05-19 10:25:31.000000000 +0200 @@ -1,3 +1,16 @@ +autofs (5.1.8-2) unstable; urgency=medium + + [ Mike Gabriel ] + * debian/patches: + + Add fix-nfs4-only-mounts-should-not-use-rpcbind.patch. Don't let NFSv4- + only mounts use rpcbind portmapper service. (Closes: #1034261). + * debian/control: + + Bump Standards-Version: to 4.6.2. No changes needed. + * lintian: + + Adjust syntax of various overrides. + + -- Mike Gabriel <sunwea...@debian.org> Fri, 19 May 2023 10:25:31 +0200 + autofs (5.1.8-1) unstable; urgency=medium * New upstream release. diff -Nru autofs-5.1.8/debian/control autofs-5.1.8/debian/control --- autofs-5.1.8/debian/control 2021-12-01 23:52:23.000000000 +0100 +++ autofs-5.1.8/debian/control 2023-05-19 10:24:47.000000000 +0200 @@ -20,7 +20,7 @@ sssd-common, libtirpc-dev, Rules-Requires-Root: no -Standards-Version: 4.6.0 +Standards-Version: 4.6.2 Homepage: https://www.kernel.org/pub/linux/daemons/autofs/v5/ Vcs-Browser: https://salsa.debian.org/debian/autofs/ Vcs-Git: https://salsa.debian.org/debian/autofs.git diff -Nru autofs-5.1.8/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch autofs-5.1.8/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch --- autofs-5.1.8/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch 1970-01-01 01:00:00.000000000 +0100 +++ autofs-5.1.8/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch 2023-05-19 10:21:20.000000000 +0200 @@ -0,0 +1,106 @@ +From 80845bbcbc264f19c6c6a81d680e1f2b1ea6d3cc Mon Sep 17 00:00:00 2001 +From: Ian Kent <ra...@themaw.net> +Date: Sun, 31 Oct 2021 07:36:16 +0800 +Subject: autofs-5.1.8 - fix nfsv4 only mounts should not use rpcbind + +Commit 606795ecfaa1 ("autofs-5.1.7 - also require TCP_REQUESTED when +setting NFS port" together with commit 26fb6b5408be) caused NFSv4 only +mounts to also use rpcbind to probe availability which breaks the +requirememt that this type of mount not use rpcbind at all. + +Fix this by treating fstype=nfs4 mounts as a special case which doesn't +use rpcbind. + +Signed-off-by: Ian Kent <ra...@themaw.net> +--- +# CHANGELOG | 1 + + include/replicated.h | 2 ++ + modules/mount_nfs.c | 13 +++++++------ + modules/replicated.c | 4 ++-- + 4 files changed, 12 insertions(+), 8 deletions(-) + +#diff --git a/CHANGELOG b/CHANGELOG +#index 575f186..4e5e82d 100644 +#--- a/CHANGELOG +#+++ b/CHANGELOG +#@@ -8,6 +8,7 @@ +# - dont fail on duplicate offset entry tree add. +# - fix loop under run in cache_get_offset_parent(). +# - bailout on rpc systemerror. +#+- fix nfsv4 only mounts should not use rpcbind. +# +# 19/10/2021 autofs-5.1.8 +# - add xdr_exports(). +diff --git a/include/replicated.h b/include/replicated.h +index 95ff1f0..f889a56 100644 +--- a/include/replicated.h ++++ b/include/replicated.h +@@ -35,6 +35,8 @@ + #define NFS3_REQUESTED NFS3_SUPPORTED + #define NFS4_REQUESTED NFS4_SUPPORTED + ++#define NFS4_ONLY_REQUESTED 0x0800 ++ + #define TCP_SUPPORTED 0x0001 + #define UDP_SUPPORTED 0x0002 + #define TCP_REQUESTED TCP_SUPPORTED +diff --git a/modules/mount_nfs.c b/modules/mount_nfs.c +index 0ab87dc..feb5afc 100644 +--- a/modules/mount_nfs.c ++++ b/modules/mount_nfs.c +@@ -92,7 +92,7 @@ int mount_mount(struct autofs_point *ap, const char *root, const char *name, int + mount_default_proto = defaults_get_mount_nfs_default_proto(); + vers = NFS_VERS_DEFAULT | NFS_PROTO_DEFAULT; + if (strcmp(fstype, "nfs4") == 0) +- vers = NFS4_VERS_DEFAULT | TCP_SUPPORTED; ++ vers = NFS4_VERS_DEFAULT | TCP_SUPPORTED | NFS4_ONLY_REQUESTED; + else if (mount_default_proto == 4) + vers = vers | NFS4_VERS_DEFAULT; + +@@ -157,15 +157,16 @@ int mount_mount(struct autofs_point *ap, const char *root, const char *name, int + } else { + /* Is any version of NFSv4 in the options */ + if (_strncmp("vers=4", cp, 6) == 0 || +- _strncmp("nfsvers=4", cp, 9) == 0) +- vers = NFS4_VERS_MASK | TCP_SUPPORTED; +- else if (_strncmp("vers=3", cp, o_len) == 0 || ++ _strncmp("nfsvers=4", cp, 9) == 0) { ++ vers &= ~(NFS_VERS_MASK); ++ vers |= NFS4_VERS_MASK | TCP_SUPPORTED | NFS4_ONLY_REQUESTED; ++ } else if (_strncmp("vers=3", cp, o_len) == 0 || + _strncmp("nfsvers=3", cp, o_len) == 0) { +- vers &= ~(NFS4_VERS_MASK | NFS_VERS_MASK); ++ vers &= ~(NFS4_VERS_MASK | NFS_VERS_MASK | NFS4_ONLY_REQUESTED); + vers |= NFS3_REQUESTED; + } else if (_strncmp("vers=2", cp, o_len) == 0 || + _strncmp("nfsvers=2", cp, o_len) == 0) { +- vers &= ~(NFS4_VERS_MASK | NFS_VERS_MASK); ++ vers &= ~(NFS4_VERS_MASK | NFS_VERS_MASK | NFS4_ONLY_REQUESTED); + vers |= NFS2_REQUESTED; + } else if (strstr(cp, "port=") == cp && + o_len - 5 < 25) { +diff --git a/modules/replicated.c b/modules/replicated.c +index 09075dd..cdb7c61 100644 +--- a/modules/replicated.c ++++ b/modules/replicated.c +@@ -291,7 +291,7 @@ static unsigned int get_nfs_info(unsigned logopt, struct host *host, + + rpc_info->proto = proto; + if (port < 0) { +- if ((version & NFS4_REQUESTED) && (version & TCP_REQUESTED)) ++ if (version & NFS4_REQUESTED && (version & NFS4_ONLY_REQUESTED)) + rpc_info->port = NFS_PORT; + else + port = 0; +@@ -525,7 +525,7 @@ static int get_vers_and_cost(unsigned logopt, struct host *host, + { + struct conn_info pm_info, rpc_info; + time_t timeout = RPC_TIMEOUT; +- unsigned int supported, vers = (NFS_VERS_MASK | NFS4_VERS_MASK); ++ unsigned int supported, vers = (NFS_VERS_MASK | NFS4_VERS_MASK | NFS4_ONLY_REQUESTED); + int ret = 0; + + if (!check_address_proto(logopt, host, version)) +-- +cgit + diff -Nru autofs-5.1.8/debian/patches/series autofs-5.1.8/debian/patches/series --- autofs-5.1.8/debian/patches/series 2021-02-04 13:13:20.000000000 +0100 +++ autofs-5.1.8/debian/patches/series 2023-05-19 10:20:51.000000000 +0200 @@ -9,3 +9,4 @@ spelling-error-fixes.patch fix-lookup-ldap-crash.patch fix-nfs4-mounts-in-auto-net.patch +fix-nfs4-only-mounts-should-not-use-rpcbind.patch
