Hello community,
here is the log from the commit of package nfs-utils for openSUSE:Factory
checked in at Thu Aug 18 11:55:52 CEST 2011.
--------
--- nfs-utils/nfs-utils.changes 2011-06-23 07:52:04.000000000 +0200
+++ /mounts/work_src_done/STABLE/nfs-utils/nfs-utils.changes 2011-08-18
10:20:42.000000000 +0200
@@ -1,0 +2,9 @@
+Thu Aug 18 07:48:27 UTC 2011 - nfbr...@novell.com
+
+- New upstream version 1.2.4 - plus a few important
+ patches from git. This adds a new binary nfsidmap,
+ with man page. Also: build with libmount enabled
+ to correctly handle /etc/mtab being linked to
+ /proc/self/mounts. (bnc#681106)
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
addmntent.fix
do-not-error-when-address-family-not-supported
mount-catch-signals
mountd-auth-fix
nfs-utils-1.2.3.tar.bz2
nfs-utils-allow-port-number-sharing
nfs-utils-clear-mountd-reg
nfs-utils-fix-remount
nfs-utils-improve-v4-umount
rpc.mountd-segfault-fix
New:
----
Statd-should-always-chdir-to-its-state-directory.patch
exportfs-closing-fd-associated-with-proc-fs-nfsd-exp.patch
mount-fix-for-libmount-from-util-linux-2.20.patch
mountd-Fixed-strcmp-usage-in-in-insert-groups.patch
nfs-utils-1.2.4.tar.bz2
rpc.statd-Bind-downcall-socket-to-loopback-address.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nfs-utils.spec ++++++
--- /var/tmp/diff_new_pack.DDEZzz/_old 2011-08-18 11:49:38.000000000 +0200
+++ /var/tmp/diff_new_pack.DDEZzz/_new 2011-08-18 11:49:38.000000000 +0200
@@ -19,6 +19,7 @@
Name: nfs-utils
BuildRequires: e2fsprogs-devel gcc-c++ krb5-devel libgssglue-devel
librpcsecgss libtirpc-devel nfsidmap-devel pkgconfig tcpd-devel
+BuildRequires: libmount-devel
%if 0%{?suse_version} > 1100
BuildRequires: libevent-devel
%else
@@ -26,8 +27,8 @@
%endif
Url: http://nfs.sourceforge.net
Summary: Support Utilities for Kernel nfsd
-Version: 1.2.3
-Release: 25
+Version: 1.2.4
+Release: 1
Group: Productivity/Networking/NFS
License: GPLv2+
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -52,15 +53,11 @@
Source13: nfs-utils.rpmlintrc
Patch0: nfs-utils-1.0.7-bind-syntax.patch
Patch1: warn-nfs-udp.patch
-Patch2: nfs-utils-clear-mountd-reg
-Patch3: nfs-utils-allow-port-number-sharing
-Patch4: nfs-utils-improve-v4-umount
-Patch5: nfs-utils-fix-remount
-Patch6: rpc.mountd-segfault-fix
-Patch7: do-not-error-when-address-family-not-supported
-Patch8: addmntent.fix
-Patch9: mount-catch-signals
-Patch10: mountd-auth-fix
+Patch2: exportfs-closing-fd-associated-with-proc-fs-nfsd-exp.patch
+Patch3: mountd-Fixed-strcmp-usage-in-in-insert-groups.patch
+Patch4: mount-fix-for-libmount-from-util-linux-2.20.patch
+Patch5: rpc.statd-Bind-downcall-socket-to-loopback-address.patch
+Patch6: Statd-should-always-chdir-to-its-state-directory.patch
Suggests: python-base
%description
@@ -145,10 +142,6 @@
%patch4 -p1
%patch5 -p1
%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
cp %{S:6} .
%build
@@ -161,6 +154,7 @@
--enable-gss \
--enable-ipv6 \
--enable-mount \
+ --enable-libmount-mount \
--enable-mountconfig \
--with-krb5=/usr/lib/mit
make
@@ -278,6 +272,7 @@
/usr/sbin/gss_destroy_creds
%attr(0755,root,root) /usr/sbin/mountstats
%attr(0755,root,root) /usr/sbin/nfsiostat
+/usr/sbin/nfsidmap
/usr/sbin/nfsstat
/usr/sbin/rcnfs
/usr/sbin/rpc.gssd
@@ -290,6 +285,7 @@
%{_mandir}/man5/nfsmount.conf.5.gz
%{_mandir}/man5/nfs.5.gz
%{_mandir}/man8/mount.nfs.8.gz
+%{_mandir}/man8/nfsidmap.8.gz
%{_mandir}/man8/nfsstat.8.gz
%{_mandir}/man8/rpc.sm-notify.8.gz
%{_mandir}/man8/showmount.8.gz
++++++ Statd-should-always-chdir-to-its-state-directory.patch ++++++
>From 1ce0374d445d8a3dbdfb3e9da4c76be9df44666b Mon Sep 17 00:00:00 2001
From: NeilBrown <ne...@suse.de>
Date: Thu, 21 Jul 2011 14:23:00 -0400
Subject: [PATCH] Statd should always 'chdir' to its state directory.
s statd can be started by 'mount' which can sometimes be run by a
normal user, the current-working-directory could be anything. In
partcular it could be in a mounted filesystem. As 'statd' continues
running as a daemon it could keep prevent that filesystem from being
unmounted.
statd does currently 'chdir' to the state directory, but only if the
state directory is not owned by root. This is wrong - it should check
for root after the chdir, not before.
So swap the two if statements around.
Signed-off-by: NeilBrown <ne...@suse.de>
Signed-off-by: Steve Dickson <ste...@redhat.com>
---
support/nsm/file.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/support/nsm/file.c b/support/nsm/file.c
index 98b47bf..a12c753 100644
--- a/support/nsm/file.c
+++ b/support/nsm/file.c
@@ -395,18 +395,18 @@ nsm_drop_privileges(const int pidfd)
return false;
}
- if (st.st_uid == 0) {
- xlog_warn("Running as root. "
- "chown %s to choose different user", nsm_base_dirname);
- return true;
- }
-
if (chdir(nsm_base_dirname) == -1) {
xlog(L_ERROR, "Failed to change working directory to %s: %m",
nsm_base_dirname);
return false;
}
+ if (st.st_uid == 0) {
+ xlog_warn("Running as root. "
+ "chown %s to choose different user", nsm_base_dirname);
+ return true;
+ }
+
/*
* If the pidfile happens to reside on NFS, dropping privileges
* will probably cause us to lose access, even though we are
--
1.7.3.4
++++++ exportfs-closing-fd-associated-with-proc-fs-nfsd-exp.patch ++++++
>From c4c6126f05713afe46c0e99647d7a07dd1fc2ebb Mon Sep 17 00:00:00 2001
From: Masatake YAMATO <yam...@redhat.com>
Date: Tue, 12 Jul 2011 10:00:01 -0400
Subject: [PATCH] exportfs: closing fd associated with
/proc/fs/nfsd/export_features
The fd associated with /proc/fs/nfsd/export_features opened in
get_export_features is not closed.
Acked-by: J. Bruce Fields <bfie...@redhat.com>
Signed-off-by: Masatake YAMATO <yam...@redhat.com>
Signed-off-by: Steve Dickson <ste...@redhat.com>
---
support/nfs/exports.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index c250383..c96500f 100644
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -784,8 +784,9 @@ struct export_features *get_export_features(void)
fd = open(path, O_RDONLY);
if (fd == -1)
goto good;
- fd = read(fd, buf, 50);
- if (fd == -1)
+ c = read(fd, buf, 50);
+ close(fd);
+ if (c == -1)
goto err;
c = sscanf(buf, "%x %x", &ef.flags, &ef.secinfo_flags);
if (c != 2)
--
1.7.3.4
++++++ mount-fix-for-libmount-from-util-linux-2.20.patch ++++++
>From 151a82d9c80315caff7081f16916d1913a67033a Mon Sep 17 00:00:00 2001
From: Karel Zak <k...@redhat.com>
Date: Wed, 3 Aug 2011 15:12:53 -0400
Subject: [PATCH] mount: fix for libmount from util-linux >= 2.20
The function mnt_fs_set_fs_options() has been removed from the final
version of the libmount API.
Signed-off-by: Karel Zak <k...@redhat.com>
Signed-off-by: Steve Dickson <ste...@redhat.com>
---
utils/mount/mount_libmount.c | 15 ++++++++++++---
1 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/utils/mount/mount_libmount.c b/utils/mount/mount_libmount.c
index 6dd6484..cf6e58c 100644
--- a/utils/mount/mount_libmount.c
+++ b/utils/mount/mount_libmount.c
@@ -61,10 +61,19 @@ int nomtab;
* managed by libmount at all. We have to use "mount attributes" that are
* private for mount.<type> helpers.
*/
-static void store_mount_options(struct libmnt_fs *fs, const char *opts)
+static void store_mount_options(struct libmnt_fs *fs, const char *nfs_opts)
{
- mnt_fs_set_fs_options(fs, opts); /* for mtab */
- mnt_fs_set_attributes(fs, opts); /* for non-mtab systems */
+ char *o = NULL;
+
+ mnt_fs_set_attributes(fs, nfs_opts); /* for non-mtab systems */
+
+ /* for mtab create a new options list */
+ mnt_optstr_append_option(&o, mnt_fs_get_vfs_options(fs), NULL);
+ mnt_optstr_append_option(&o, nfs_opts, NULL);
+ mnt_optstr_append_option(&o, mnt_fs_get_user_options(fs), NULL);
+
+ mnt_fs_set_options(fs, o);
+ free(o);
}
/*
--
1.7.3.4
++++++ mountd-Fixed-strcmp-usage-in-in-insert-groups.patch ++++++
>From 64a21e6c9dd29416fcd903a3f0eaf18d717907dc Mon Sep 17 00:00:00 2001
From: Matthew Treinish <trein...@linux.vnet.ibm.com>
Date: Wed, 3 Aug 2011 13:10:14 -0400
Subject: [PATCH] mountd: Fixed strcmp usage in in insert groups.
Fixed the usage of strcmp in the duplicate check in insert groups.
Fixes an issue with showmount and other commands that required
the group information.
Signed-off-by: Matthew Treinish <trein...@linux.vnet.ibm.com>
Signed-off-by: Steve Dickson <ste...@redhat.com>
---
utils/mountd/mountd.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
index 035624c..bcf5080 100644
--- a/utils/mountd/mountd.c
+++ b/utils/mountd/mountd.c
@@ -633,7 +633,7 @@ static void insert_group(struct exportnode *e, char
*newname)
struct groupnode *g;
for (g = e->ex_groups; g; g = g->gr_next)
- if (strcmp(g->gr_name, newname))
+ if (!strcmp(g->gr_name, newname))
return;
g = xmalloc(sizeof(*g));
--
1.7.3.4
++++++ nfs-utils-1.2.3.tar.bz2 -> nfs-utils-1.2.4.tar.bz2 ++++++
++++ 32022 lines of diff (skipped)
++++++ rpc.statd-Bind-downcall-socket-to-loopback-address.patch ++++++
>From c7e224a75f480f955532c96937a5d58cc6e10272 Mon Sep 17 00:00:00 2001
From: Chuck Lever <chuck.le...@oracle.com>
Date: Wed, 3 Aug 2011 13:22:52 -0400
Subject: [PATCH] rpc.statd: Bind downcall socket to loopback address
In the past, rpc.statd posted SM_NOTIFY requests using the same socket
it used for sending downcalls to the kernel. To receive replies from
remote hosts, the socket was bound to INADDR_ANY.
With commit f113db52 "Remove notify functionality from statd in
favour of sm-notify" (Mar 20, 2007), the downcall socket is no longer
used for sending requests to remote hosts. However, the downcall
socket is still bound to INADDR_ANY.
Thus a remote host can inject data on this socket since it is an
unconnected UDP socket listening for RPC replies. Thanks to f113db52,
the port number of this socket is no longer controlled by a command
line option, making it difficult to firewall.
We have demonstrated that data injection on this socket can result in
a DoS by causing rpc.statd to consume CPU and log bandwidth, but so
far we have not found a breach.
To prevent unwanted data injection, bind this socket to the loopback
address.
BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=177
Signed-off-by: Chuck Lever <chuck.le...@oracle.com>
Signed-off-by: Steve Dickson <ste...@redhat.com>
---
utils/statd/rmtcall.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c
index 0e52fe2..4ecb03c 100644
--- a/utils/statd/rmtcall.c
+++ b/utils/statd/rmtcall.c
@@ -85,7 +85,7 @@ statd_get_socket(void)
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
- sin.sin_addr.s_addr = INADDR_ANY;
+ sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
if (bindresvport(sockfd, &sin) < 0) {
xlog(D_GENERAL, "%s: can't bind to reserved port",
--
1.7.3.4
++++++ warn-nfs-udp.patch ++++++
--- /var/tmp/diff_new_pack.DDEZzz/_old 2011-08-18 11:49:38.000000000 +0200
+++ /var/tmp/diff_new_pack.DDEZzz/_new 2011-08-18 11:49:38.000000000 +0200
@@ -4,9 +4,9 @@
utils/mount/stropts.c | 13 +++++++
3 files changed, 99 insertions(+)
---- nfs-utils-1.2.3.orig/utils/mount/nfs.man
-+++ nfs-utils-1.2.3/utils/mount/nfs.man
-@@ -504,6 +504,8 @@ Specifying a netid that uses TCP forces
+--- nfs-utils-1.2.4.orig/utils/mount/nfs.man
++++ nfs-utils-1.2.4/utils/mount/nfs.man
+@@ -503,6 +503,8 @@ Specifying a netid that uses TCP forces
command and the NFS client to use TCP.
Specifying a netid that uses UDP forces all traffic types to use UDP.
.IP
@@ -15,7 +15,7 @@
If the
.B proto
mount option is not specified, the
-@@ -518,6 +520,8 @@ The
+@@ -517,6 +519,8 @@ The
option is an alternative to specifying
.BR proto=udp.
It is included for compatibility with other operating systems.
@@ -24,7 +24,7 @@
.TP 1.5i
.B tcp
The
-@@ -932,6 +936,8 @@ in a single frame) is advised. This r
+@@ -975,6 +979,8 @@ in a single frame) is advised. This r
the loss of a single MTU-sized network frame results in the loss of
an entire large read or write request.
.P
@@ -33,10 +33,10 @@
TCP is the default transport protocol used for all modern NFS
implementations. It performs well in almost every conceivable
network environment and provides excellent guarantees against data
-@@ -1480,6 +1486,83 @@ of Access Control Lists that are semanti
- NFS version 4 ACLs are not fully compatible with POSIX ACLs; as such,
- some translation between the two is required
- in an environment that mixes POSIX ACLs and NFS version 4.
+@@ -1566,6 +1572,83 @@ export pathname, but not both, during a
+ merges the mount option
+ .B ro
+ with the mount options already saved on disk for the NFS server mounted at
/mnt.
+.SH WARNINGS
+Using NFS over UDP on high-speed links such as Gigabit
+.BR "can cause silent data corruption" .
@@ -117,8 +117,8 @@
.SH FILES
.TP 1.5i
.I /etc/fstab
---- nfs-utils-1.2.3.orig/utils/mount/nfsmount.c
-+++ nfs-utils-1.2.3/utils/mount/nfsmount.c
+--- nfs-utils-1.2.4.orig/utils/mount/nfsmount.c
++++ nfs-utils-1.2.4/utils/mount/nfsmount.c
@@ -264,6 +264,9 @@ parse_options(char *old_opts, struct nfs
if (!strcmp(opteq+1, "udp")) {
nfs_pmap->pm_prot = IPPROTO_UDP;
@@ -129,16 +129,18 @@
#if NFS_MOUNT_VERSION >= 2
data->flags &= ~NFS_MOUNT_TCP;
} else if (!strcmp(opteq+1, "tcp") &&
---- nfs-utils-1.2.3.orig/utils/mount/stropts.c
-+++ nfs-utils-1.2.3/utils/mount/stropts.c
-@@ -569,11 +569,24 @@ static int nfs_sys_mount(struct nfsmount
+--- nfs-utils-1.2.4.orig/utils/mount/stropts.c
++++ nfs-utils-1.2.4/utils/mount/stropts.c
+@@ -567,6 +567,8 @@ static int nfs_sys_mount(struct nfsmount
{
char *options = NULL;
int result;
+ char *proto;
+ static int once = 0;
- if (po_join(opts, &options) == PO_FAILED) {
+ if (mi->fake)
+ return 1;
+@@ -575,6 +577,17 @@ static int nfs_sys_mount(struct nfsmount
errno = EIO;
return 0;
}
@@ -154,5 +156,5 @@
+ }
+
- if (mi->fake)
- return 1;
+ result = mount(mi->spec, mi->node, mi->type,
+ mi->flags & ~(MS_USER|MS_USERS), options);
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
