Bug#1034261: autofs attempts communication with portmapper (port 111) even for NFS4 mounts
Hi Mike, On Tue, May 16, 2023 at 09:33:11PM +, Mike Gabriel wrote: > Control: severity -1 serious > > On Di 16 Mai 2023 19:20:23 CEST, Michael Kiermaier wrote: > > > I consider this bug quite severe as it may break working setups after an > > update. > > > > The corresponding bug report for Ubuntu might be this one: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034261 > > > > It is the same bug reported on the autofs mailing list here: > > https://www.spinics.net/lists/autofs/msg02389.html > > Apparently, it has been introduced in the transition of autofs from > > 5.1.7 to 5.1.8. > > > > A fix has been posted here: > > https://www.spinics.net/lists/autofs/msg02391.html > > and again > > https://www.spinics.net/lists/autofs/msg02434.html > > I share your view on this, thus bumping severity. > > The security team asked me to get the proposed patch into bookworm > before the release. Just to be clear about it, while I'm member of the security team, the heads-up can be considered not with that hat on. But as both Debian contributor and autofs user, I noticed the bug and pinged you offlist because agreeing that this should be fixed for bookworm. Note that the situation is bit unfortunate, there is not muc htime left to get it in. Applying the isolated (verified) patch and asking the release team for an unblock before 25th of May has still some room. > This patch will need to be applied to Debian's version of autofs: > > https://mirrors.edge.kernel.org/pub/linux/daemons/autofs/v5/patches-5.1.9/autofs-5.1.8-fix-nfsv4-only-mounts-should-not-use-rpcbind.patch > https://git.kernel.org/pub/scm/linux/storage/autofs/autofs.git/commit/?id=80845bbcbc264f19c6c6a81d680e1f2b1ea6d3cc > > I will work on this tomorrow. Thank you for maintaining src:autofs! Regards, Salvatore
Bug#1034261: autofs attempts communication with portmapper (port 111) even for NFS4 mounts
Many thanks for the fast response. I just realized that I gave an incorrect link to the corresponding bug report at Ubuntu. It should have been this one: https://bugs.launchpad.net/ubuntu/+source/autofs/+bug/1970264 Best, ~Michael
Bug#1034261: autofs attempts communication with portmapper (port 111) even for NFS4 mounts
Control: severity -1 serious On Di 16 Mai 2023 19:20:23 CEST, Michael Kiermaier wrote: I consider this bug quite severe as it may break working setups after an update. The corresponding bug report for Ubuntu might be this one: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034261 It is the same bug reported on the autofs mailing list here: https://www.spinics.net/lists/autofs/msg02389.html Apparently, it has been introduced in the transition of autofs from 5.1.7 to 5.1.8. A fix has been posted here: https://www.spinics.net/lists/autofs/msg02391.html and again https://www.spinics.net/lists/autofs/msg02434.html I share your view on this, thus bumping severity. The security team asked me to get the proposed patch into bookworm before the release. This patch will need to be applied to Debian's version of autofs: https://mirrors.edge.kernel.org/pub/linux/daemons/autofs/v5/patches-5.1.9/autofs-5.1.8-fix-nfsv4-only-mounts-should-not-use-rpcbind.patch https://git.kernel.org/pub/scm/linux/storage/autofs/autofs.git/commit/?id=80845bbcbc264f19c6c6a81d680e1f2b1ea6d3cc I will work on this tomorrow. Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgphirbvPsqDb.pgp Description: Digitale PGP-Signatur
Bug#1034261: autofs attempts communication with portmapper (port 111) even for NFS4 mounts
For reference, upstream commit is at https://git.kernel.org/pub/scm/linux/storage/autofs/autofs.git/commit/?id=80845bbcbc264f19c6c6a81d680e1f2b1ea6d3cc . Regards, Salvatore
Bug#1034261: autofs attempts communication with portmapper (port 111) even for NFS4 mounts
I consider this bug quite severe as it may break working setups after an update. The corresponding bug report for Ubuntu might be this one: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034261 It is the same bug reported on the autofs mailing list here: https://www.spinics.net/lists/autofs/msg02389.html Apparently, it has been introduced in the transition of autofs from 5.1.7 to 5.1.8. A fix has been posted here: https://www.spinics.net/lists/autofs/msg02391.html and again https://www.spinics.net/lists/autofs/msg02434.html
Bug#1034261: autofs attempts communication with portmapper (port 111) even for NFS4 mounts
Package: autofs Version: 5.1.8-1+b2 Severity: normal Tags: upstream Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? upgrdae from bullseye to testing * What exactly did you do (or not do) that was effective (or ineffective)? I use autoount to mount a nfs4 share. Normal mount with mount command does work automount did work in bullseye but not in testing * What was the outcome of this action? relevant error meessage from automount: get_portmap_client: error 0x3 getting portmap client A workaround is to add the option "port=2049" to the automount map as suggested here: https://www.suse.com/support/kb/doc/?id=20650 With this option automount is working again, but it shouldn't be required for NFS v4 mounts when no portmapper is required and running * What outcome did you expect instead? successful mount when moving into mount directory without the extra port option If you don't want to fix the automount program itself maybe the otion can be added to the script /etc/auto.net for nfs4 mounts *** End of the template - remove these template lines *** -- System Information: Debian Release: 12.0 APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-7-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages autofs depends on: ii init-system-helpers 1.65.2 ii libc62.36-8 ii libnsl2 1.3.0-2 ii libtirpc31.3.3+ds-1 ii libxml2 2.9.14+dfsg-1.1+b3 ii ucf 3.0043+nmu1 Versions of packages autofs recommends: ii e2fsprogs 1.47.0-2 ii kmod30+20221128-1 ii nfs-common 1:2.6.2-4 autofs suggests no packages. -- no debconf information
