[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#794003: jessie-pu: package glusterfs/3.5.2-2

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hello,

this patch fixes a serious problem in glusterfs if you use it as nfs volume:
if you create a unix domain socket on it, it was created as fifo, which also breaks
some applications.
Could I go ahead?

Full diff:

diff -Naur '--exclude=.svn' tags/3.5.2-2/debian/changelog branches/jessie/debian/changelog
--- tags/3.5.2-2/debian/changelog       2015-04-13 18:13:29.875908738 +0200
+++ branches/jessie/debian/changelog    2015-07-29 19:24:05.806056263 +0200
@@ -1,3 +1,10 @@
+glusterfs (3.5.2-2+deb8u1) jessie-proposed-updates; urgency=medium
+
+  * Add upstream patch 02-nfs-unix-domain-socket-created-as-fifo to fix a bug
+    on using glusterfs as nfs volume: unix domain sockets were created as FIFO.
+
+ -- Patrick Matthäi <pmatthaei@debian.org>  Wed, 29 Jul 2015 19:22:33 +0200
+
 glusterfs (3.5.2-2) unstable; urgency=high

   * Add patch 01-CVE-2014-3619 to fix a fragment header infinite loop DoS in
diff -Naur '--exclude=.svn' tags/3.5.2-2/debian/patches/02-nfs-unix-domain-socket-created-as-fifo.diff branches/jessie/debian/patches/02-nfs-unix-domain-socket-created-as-fifo.diff
--- tags/3.5.2-2/debian/patches/02-nfs-unix-domain-socket-created-as-fifo.diff  1970-01-01 01:00:00.000000000 +0100
+++ branches/jessie/debian/patches/02-nfs-unix-domain-socket-created-as-fifo.diff       2015-07-29 19:19:02.776245063 +0200
@@ -0,0 +1,124 @@
+# nfs: a unix-domain-socket should not be created as fifo
+# BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1244118
+# GERRIT: http://review.gluster.org/#/c/11710/
+
+diff -Naur glusterfs-3.5.2.orig/tests/bugs/nfs/socket-as-fifo.py glusterfs-3.5.2/tests/bugs/nfs/socket-as-fifo.py
+--- glusterfs-3.5.2.orig/tests/bugs/nfs/socket-as-fifo.py      1970-01-01 01:00:00.000000000 +0100
++++ glusterfs-3.5.2/tests/bugs/nfs/socket-as-fifo.py   2015-07-29 19:15:26.424372604 +0200
+@@ -0,0 +1,33 @@
++#!/usr/bin/env python
++#
++# Create a unix domain socket and test if it is a socket (and not a fifo/pipe).
++#
++# Author: Niels de Vos <ndevos@redhat.com>
++#
++
++import os
++import stat
++import sys
++import socket
++
++ret = 1
++
++if len(sys.argv) != 2:
++        print 'Usage: %s <socket>' % (sys.argv[0])
++        sys.exit(ret)
++
++path = sys.argv[1]
++
++sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
++sock.bind(path)
++
++stbuf = os.stat(path)
++mode = stbuf.st_mode
++
++if stat.S_ISSOCK(mode):
++        ret = 0
++
++sock.close()
++os.unlink(path)
++
++sys.exit(ret)
+diff -Naur glusterfs-3.5.2.orig/tests/bugs/nfs/socket-as-fifo.t glusterfs-3.5.2/tests/bugs/nfs/socket-as-fifo.t
+--- glusterfs-3.5.2.orig/tests/bugs/nfs/socket-as-fifo.t       1970-01-01 01:00:00.000000000 +0100
++++ glusterfs-3.5.2/tests/bugs/nfs/socket-as-fifo.t    2015-07-29 19:15:26.424372604 +0200
+@@ -0,0 +1,22 @@
++#!/bin/bash
++
++. $(dirname $0)/../../include.rc
++. $(dirname $0)/../../volume.rc
++. $(dirname $0)/../../nfs.rc
++
++cleanup;
++
++TEST glusterd
++TEST pidof glusterd
++
++TEST $CLI volume create $V0 $H0:$B0/$V0
++TEST $CLI volume start $V0
++EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available;
++TEST mount_nfs $H0:/$V0 $N0 nolock
++
++# this is the actual test
++TEST $(dirname $0)/socket-as-fifo.py $N0/not-a-fifo.socket
++
++TEST umount_nfs $N0
++
++cleanup
+diff -Naur glusterfs-3.5.2.orig/xlators/nfs/server/src/nfs3.c glusterfs-3.5.2/xlators/nfs/server/src/nfs3.c
+--- glusterfs-3.5.2.orig/xlators/nfs/server/src/nfs3.c 2014-07-31 13:05:35.000000000 +0200
++++ glusterfs-3.5.2/xlators/nfs/server/src/nfs3.c      2015-07-29 19:15:26.428372528 +0200
+@@ -3030,7 +3030,7 @@
+ }
+
+
+-int
++static int
+ nfs3_mknod_reply (rpcsvc_request_t *req, nfsstat3 stat, struct nfs3_fh *fh,
+                   struct iatt *buf, struct iatt *preparent,
+                   struct iatt *postparent)
+@@ -3126,7 +3126,7 @@
+ }
+
+
+-int
++static int
+ nfs3_mknod_device (nfs3_call_state_t *cs)
+ {
+         int                             ret = -EFAULT;
+@@ -3157,12 +3157,11 @@
+ }
+
+
+-int
+-nfs3_mknod_fifo (nfs3_call_state_t *cs)
++static int
++nfs3_mknod_fifo (nfs3_call_state_t *cs, mode_t mode)
+ {
+         int                             ret = -EFAULT;
+         nfs_user_t                      nfu = {0, };
+-        mode_t                          mode = S_IFIFO;
+
+         if (!cs)
+                 return ret;
+@@ -3181,7 +3180,7 @@
+ }
+
+
+-int
++static int
+ nfs3_mknod_resume (void *carg)
+ {
+         nfsstat3                        stat = NFS3ERR_SERVERFAULT;
+@@ -3200,8 +3199,10 @@
+                 ret = nfs3_mknod_device (cs);
+                 break;
+         case NF3SOCK:
++                ret = nfs3_mknod_fifo (cs, S_IFSOCK);
++                break;
+         case NF3FIFO:
+-                ret = nfs3_mknod_fifo (cs);
++                ret = nfs3_mknod_fifo (cs, S_IFIFO);
+                 break;
+         default:
+                 ret = -EBADF;
diff -Naur '--exclude=.svn' tags/3.5.2-2/debian/patches/series branches/jessie/debian/patches/series
--- tags/3.5.2-2/debian/patches/series  2015-04-13 18:13:29.871908878 +0200
+++ branches/jessie/debian/patches/series       2015-07-29 19:17:35.433912272 +0200
@@ -1 +1,2 @@
 01-CVE-2014-3619.diff
+02-nfs-unix-domain-socket-created-as-fifo.diff


-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: