Hello community, here is the log from the commit of package nfs-utils for openSUSE:Factory checked in at Thu Aug 18 11:55:52 CEST 2011.
-------- --- nfs-utils/nfs-utils.changes 2011-06-23 07:52:04.000000000 +0200 +++ /mounts/work_src_done/STABLE/nfs-utils/nfs-utils.changes 2011-08-18 10:20:42.000000000 +0200 @@ -1,0 +2,9 @@ +Thu Aug 18 07:48:27 UTC 2011 - nfbr...@novell.com + +- New upstream version 1.2.4 - plus a few important + patches from git. This adds a new binary nfsidmap, + with man page. Also: build with libmount enabled + to correctly handle /etc/mtab being linked to + /proc/self/mounts. (bnc#681106) + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- addmntent.fix do-not-error-when-address-family-not-supported mount-catch-signals mountd-auth-fix nfs-utils-1.2.3.tar.bz2 nfs-utils-allow-port-number-sharing nfs-utils-clear-mountd-reg nfs-utils-fix-remount nfs-utils-improve-v4-umount rpc.mountd-segfault-fix New: ---- Statd-should-always-chdir-to-its-state-directory.patch exportfs-closing-fd-associated-with-proc-fs-nfsd-exp.patch mount-fix-for-libmount-from-util-linux-2.20.patch mountd-Fixed-strcmp-usage-in-in-insert-groups.patch nfs-utils-1.2.4.tar.bz2 rpc.statd-Bind-downcall-socket-to-loopback-address.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nfs-utils.spec ++++++ --- /var/tmp/diff_new_pack.DDEZzz/_old 2011-08-18 11:49:38.000000000 +0200 +++ /var/tmp/diff_new_pack.DDEZzz/_new 2011-08-18 11:49:38.000000000 +0200 @@ -19,6 +19,7 @@ Name: nfs-utils BuildRequires: e2fsprogs-devel gcc-c++ krb5-devel libgssglue-devel librpcsecgss libtirpc-devel nfsidmap-devel pkgconfig tcpd-devel +BuildRequires: libmount-devel %if 0%{?suse_version} > 1100 BuildRequires: libevent-devel %else @@ -26,8 +27,8 @@ %endif Url: http://nfs.sourceforge.net Summary: Support Utilities for Kernel nfsd -Version: 1.2.3 -Release: 25 +Version: 1.2.4 +Release: 1 Group: Productivity/Networking/NFS License: GPLv2+ BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -52,15 +53,11 @@ Source13: nfs-utils.rpmlintrc Patch0: nfs-utils-1.0.7-bind-syntax.patch Patch1: warn-nfs-udp.patch -Patch2: nfs-utils-clear-mountd-reg -Patch3: nfs-utils-allow-port-number-sharing -Patch4: nfs-utils-improve-v4-umount -Patch5: nfs-utils-fix-remount -Patch6: rpc.mountd-segfault-fix -Patch7: do-not-error-when-address-family-not-supported -Patch8: addmntent.fix -Patch9: mount-catch-signals -Patch10: mountd-auth-fix +Patch2: exportfs-closing-fd-associated-with-proc-fs-nfsd-exp.patch +Patch3: mountd-Fixed-strcmp-usage-in-in-insert-groups.patch +Patch4: mount-fix-for-libmount-from-util-linux-2.20.patch +Patch5: rpc.statd-Bind-downcall-socket-to-loopback-address.patch +Patch6: Statd-should-always-chdir-to-its-state-directory.patch Suggests: python-base %description @@ -145,10 +142,6 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 cp %{S:6} . %build @@ -161,6 +154,7 @@ --enable-gss \ --enable-ipv6 \ --enable-mount \ + --enable-libmount-mount \ --enable-mountconfig \ --with-krb5=/usr/lib/mit make @@ -278,6 +272,7 @@ /usr/sbin/gss_destroy_creds %attr(0755,root,root) /usr/sbin/mountstats %attr(0755,root,root) /usr/sbin/nfsiostat +/usr/sbin/nfsidmap /usr/sbin/nfsstat /usr/sbin/rcnfs /usr/sbin/rpc.gssd @@ -290,6 +285,7 @@ %{_mandir}/man5/nfsmount.conf.5.gz %{_mandir}/man5/nfs.5.gz %{_mandir}/man8/mount.nfs.8.gz +%{_mandir}/man8/nfsidmap.8.gz %{_mandir}/man8/nfsstat.8.gz %{_mandir}/man8/rpc.sm-notify.8.gz %{_mandir}/man8/showmount.8.gz ++++++ Statd-should-always-chdir-to-its-state-directory.patch ++++++ >From 1ce0374d445d8a3dbdfb3e9da4c76be9df44666b Mon Sep 17 00:00:00 2001 From: NeilBrown <ne...@suse.de> Date: Thu, 21 Jul 2011 14:23:00 -0400 Subject: [PATCH] Statd should always 'chdir' to its state directory. s statd can be started by 'mount' which can sometimes be run by a normal user, the current-working-directory could be anything. In partcular it could be in a mounted filesystem. As 'statd' continues running as a daemon it could keep prevent that filesystem from being unmounted. statd does currently 'chdir' to the state directory, but only if the state directory is not owned by root. This is wrong - it should check for root after the chdir, not before. So swap the two if statements around. Signed-off-by: NeilBrown <ne...@suse.de> Signed-off-by: Steve Dickson <ste...@redhat.com> --- support/nsm/file.c | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/support/nsm/file.c b/support/nsm/file.c index 98b47bf..a12c753 100644 --- a/support/nsm/file.c +++ b/support/nsm/file.c @@ -395,18 +395,18 @@ nsm_drop_privileges(const int pidfd) return false; } - if (st.st_uid == 0) { - xlog_warn("Running as root. " - "chown %s to choose different user", nsm_base_dirname); - return true; - } - if (chdir(nsm_base_dirname) == -1) { xlog(L_ERROR, "Failed to change working directory to %s: %m", nsm_base_dirname); return false; } + if (st.st_uid == 0) { + xlog_warn("Running as root. " + "chown %s to choose different user", nsm_base_dirname); + return true; + } + /* * If the pidfile happens to reside on NFS, dropping privileges * will probably cause us to lose access, even though we are -- 1.7.3.4 ++++++ exportfs-closing-fd-associated-with-proc-fs-nfsd-exp.patch ++++++ >From c4c6126f05713afe46c0e99647d7a07dd1fc2ebb Mon Sep 17 00:00:00 2001 From: Masatake YAMATO <yam...@redhat.com> Date: Tue, 12 Jul 2011 10:00:01 -0400 Subject: [PATCH] exportfs: closing fd associated with /proc/fs/nfsd/export_features The fd associated with /proc/fs/nfsd/export_features opened in get_export_features is not closed. Acked-by: J. Bruce Fields <bfie...@redhat.com> Signed-off-by: Masatake YAMATO <yam...@redhat.com> Signed-off-by: Steve Dickson <ste...@redhat.com> --- support/nfs/exports.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/support/nfs/exports.c b/support/nfs/exports.c index c250383..c96500f 100644 --- a/support/nfs/exports.c +++ b/support/nfs/exports.c @@ -784,8 +784,9 @@ struct export_features *get_export_features(void) fd = open(path, O_RDONLY); if (fd == -1) goto good; - fd = read(fd, buf, 50); - if (fd == -1) + c = read(fd, buf, 50); + close(fd); + if (c == -1) goto err; c = sscanf(buf, "%x %x", &ef.flags, &ef.secinfo_flags); if (c != 2) -- 1.7.3.4 ++++++ mount-fix-for-libmount-from-util-linux-2.20.patch ++++++ >From 151a82d9c80315caff7081f16916d1913a67033a Mon Sep 17 00:00:00 2001 From: Karel Zak <k...@redhat.com> Date: Wed, 3 Aug 2011 15:12:53 -0400 Subject: [PATCH] mount: fix for libmount from util-linux >= 2.20 The function mnt_fs_set_fs_options() has been removed from the final version of the libmount API. Signed-off-by: Karel Zak <k...@redhat.com> Signed-off-by: Steve Dickson <ste...@redhat.com> --- utils/mount/mount_libmount.c | 15 ++++++++++++--- 1 files changed, 12 insertions(+), 3 deletions(-) diff --git a/utils/mount/mount_libmount.c b/utils/mount/mount_libmount.c index 6dd6484..cf6e58c 100644 --- a/utils/mount/mount_libmount.c +++ b/utils/mount/mount_libmount.c @@ -61,10 +61,19 @@ int nomtab; * managed by libmount at all. We have to use "mount attributes" that are * private for mount.<type> helpers. */ -static void store_mount_options(struct libmnt_fs *fs, const char *opts) +static void store_mount_options(struct libmnt_fs *fs, const char *nfs_opts) { - mnt_fs_set_fs_options(fs, opts); /* for mtab */ - mnt_fs_set_attributes(fs, opts); /* for non-mtab systems */ + char *o = NULL; + + mnt_fs_set_attributes(fs, nfs_opts); /* for non-mtab systems */ + + /* for mtab create a new options list */ + mnt_optstr_append_option(&o, mnt_fs_get_vfs_options(fs), NULL); + mnt_optstr_append_option(&o, nfs_opts, NULL); + mnt_optstr_append_option(&o, mnt_fs_get_user_options(fs), NULL); + + mnt_fs_set_options(fs, o); + free(o); } /* -- 1.7.3.4 ++++++ mountd-Fixed-strcmp-usage-in-in-insert-groups.patch ++++++ >From 64a21e6c9dd29416fcd903a3f0eaf18d717907dc Mon Sep 17 00:00:00 2001 From: Matthew Treinish <trein...@linux.vnet.ibm.com> Date: Wed, 3 Aug 2011 13:10:14 -0400 Subject: [PATCH] mountd: Fixed strcmp usage in in insert groups. Fixed the usage of strcmp in the duplicate check in insert groups. Fixes an issue with showmount and other commands that required the group information. Signed-off-by: Matthew Treinish <trein...@linux.vnet.ibm.com> Signed-off-by: Steve Dickson <ste...@redhat.com> --- utils/mountd/mountd.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c index 035624c..bcf5080 100644 --- a/utils/mountd/mountd.c +++ b/utils/mountd/mountd.c @@ -633,7 +633,7 @@ static void insert_group(struct exportnode *e, char *newname) struct groupnode *g; for (g = e->ex_groups; g; g = g->gr_next) - if (strcmp(g->gr_name, newname)) + if (!strcmp(g->gr_name, newname)) return; g = xmalloc(sizeof(*g)); -- 1.7.3.4 ++++++ nfs-utils-1.2.3.tar.bz2 -> nfs-utils-1.2.4.tar.bz2 ++++++ ++++ 32022 lines of diff (skipped) ++++++ rpc.statd-Bind-downcall-socket-to-loopback-address.patch ++++++ >From c7e224a75f480f955532c96937a5d58cc6e10272 Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.le...@oracle.com> Date: Wed, 3 Aug 2011 13:22:52 -0400 Subject: [PATCH] rpc.statd: Bind downcall socket to loopback address In the past, rpc.statd posted SM_NOTIFY requests using the same socket it used for sending downcalls to the kernel. To receive replies from remote hosts, the socket was bound to INADDR_ANY. With commit f113db52 "Remove notify functionality from statd in favour of sm-notify" (Mar 20, 2007), the downcall socket is no longer used for sending requests to remote hosts. However, the downcall socket is still bound to INADDR_ANY. Thus a remote host can inject data on this socket since it is an unconnected UDP socket listening for RPC replies. Thanks to f113db52, the port number of this socket is no longer controlled by a command line option, making it difficult to firewall. We have demonstrated that data injection on this socket can result in a DoS by causing rpc.statd to consume CPU and log bandwidth, but so far we have not found a breach. To prevent unwanted data injection, bind this socket to the loopback address. BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=177 Signed-off-by: Chuck Lever <chuck.le...@oracle.com> Signed-off-by: Steve Dickson <ste...@redhat.com> --- utils/statd/rmtcall.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c index 0e52fe2..4ecb03c 100644 --- a/utils/statd/rmtcall.c +++ b/utils/statd/rmtcall.c @@ -85,7 +85,7 @@ statd_get_socket(void) memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; - sin.sin_addr.s_addr = INADDR_ANY; + sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); if (bindresvport(sockfd, &sin) < 0) { xlog(D_GENERAL, "%s: can't bind to reserved port", -- 1.7.3.4 ++++++ warn-nfs-udp.patch ++++++ --- /var/tmp/diff_new_pack.DDEZzz/_old 2011-08-18 11:49:38.000000000 +0200 +++ /var/tmp/diff_new_pack.DDEZzz/_new 2011-08-18 11:49:38.000000000 +0200 @@ -4,9 +4,9 @@ utils/mount/stropts.c | 13 +++++++ 3 files changed, 99 insertions(+) ---- nfs-utils-1.2.3.orig/utils/mount/nfs.man -+++ nfs-utils-1.2.3/utils/mount/nfs.man -@@ -504,6 +504,8 @@ Specifying a netid that uses TCP forces +--- nfs-utils-1.2.4.orig/utils/mount/nfs.man ++++ nfs-utils-1.2.4/utils/mount/nfs.man +@@ -503,6 +503,8 @@ Specifying a netid that uses TCP forces command and the NFS client to use TCP. Specifying a netid that uses UDP forces all traffic types to use UDP. .IP @@ -15,7 +15,7 @@ If the .B proto mount option is not specified, the -@@ -518,6 +520,8 @@ The +@@ -517,6 +519,8 @@ The option is an alternative to specifying .BR proto=udp. It is included for compatibility with other operating systems. @@ -24,7 +24,7 @@ .TP 1.5i .B tcp The -@@ -932,6 +936,8 @@ in a single frame) is advised. This r +@@ -975,6 +979,8 @@ in a single frame) is advised. This r the loss of a single MTU-sized network frame results in the loss of an entire large read or write request. .P @@ -33,10 +33,10 @@ TCP is the default transport protocol used for all modern NFS implementations. It performs well in almost every conceivable network environment and provides excellent guarantees against data -@@ -1480,6 +1486,83 @@ of Access Control Lists that are semanti - NFS version 4 ACLs are not fully compatible with POSIX ACLs; as such, - some translation between the two is required - in an environment that mixes POSIX ACLs and NFS version 4. +@@ -1566,6 +1572,83 @@ export pathname, but not both, during a + merges the mount option + .B ro + with the mount options already saved on disk for the NFS server mounted at /mnt. +.SH WARNINGS +Using NFS over UDP on high-speed links such as Gigabit +.BR "can cause silent data corruption" . @@ -117,8 +117,8 @@ .SH FILES .TP 1.5i .I /etc/fstab ---- nfs-utils-1.2.3.orig/utils/mount/nfsmount.c -+++ nfs-utils-1.2.3/utils/mount/nfsmount.c +--- nfs-utils-1.2.4.orig/utils/mount/nfsmount.c ++++ nfs-utils-1.2.4/utils/mount/nfsmount.c @@ -264,6 +264,9 @@ parse_options(char *old_opts, struct nfs if (!strcmp(opteq+1, "udp")) { nfs_pmap->pm_prot = IPPROTO_UDP; @@ -129,16 +129,18 @@ #if NFS_MOUNT_VERSION >= 2 data->flags &= ~NFS_MOUNT_TCP; } else if (!strcmp(opteq+1, "tcp") && ---- nfs-utils-1.2.3.orig/utils/mount/stropts.c -+++ nfs-utils-1.2.3/utils/mount/stropts.c -@@ -569,11 +569,24 @@ static int nfs_sys_mount(struct nfsmount +--- nfs-utils-1.2.4.orig/utils/mount/stropts.c ++++ nfs-utils-1.2.4/utils/mount/stropts.c +@@ -567,6 +567,8 @@ static int nfs_sys_mount(struct nfsmount { char *options = NULL; int result; + char *proto; + static int once = 0; - if (po_join(opts, &options) == PO_FAILED) { + if (mi->fake) + return 1; +@@ -575,6 +577,17 @@ static int nfs_sys_mount(struct nfsmount errno = EIO; return 0; } @@ -154,5 +156,5 @@ + } + - if (mi->fake) - return 1; + result = mount(mi->spec, mi->node, mi->type, + mi->flags & ~(MS_USER|MS_USERS), options); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org