Bug#794003: jessie-pu: package glusterfs/3.5.2-2
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hello,
this patch fixes a serious problem in glusterfs if you use it as nfs volume:
if you create a unix domain socket on it, it was created as fifo, which also breaks
some applications.
Could I go ahead?
Full diff:
diff -Naur '--exclude=.svn' tags/3.5.2-2/debian/changelog branches/jessie/debian/changelog
--- tags/3.5.2-2/debian/changelog 2015-04-13 18:13:29.875908738 +0200
+++ branches/jessie/debian/changelog 2015-07-29 19:24:05.806056263 +0200
@@ -1,3 +1,10 @@
+glusterfs (3.5.2-2+deb8u1) jessie-proposed-updates; urgency=medium
+
+ * Add upstream patch 02-nfs-unix-domain-socket-created-as-fifo to fix a bug
+ on using glusterfs as nfs volume: unix domain sockets were created as FIFO.
+
+ -- Patrick Matthäi <pmatthaei@debian.org> Wed, 29 Jul 2015 19:22:33 +0200
+
glusterfs (3.5.2-2) unstable; urgency=high
* Add patch 01-CVE-2014-3619 to fix a fragment header infinite loop DoS in
diff -Naur '--exclude=.svn' tags/3.5.2-2/debian/patches/02-nfs-unix-domain-socket-created-as-fifo.diff branches/jessie/debian/patches/02-nfs-unix-domain-socket-created-as-fifo.diff
--- tags/3.5.2-2/debian/patches/02-nfs-unix-domain-socket-created-as-fifo.diff 1970-01-01 01:00:00.000000000 +0100
+++ branches/jessie/debian/patches/02-nfs-unix-domain-socket-created-as-fifo.diff 2015-07-29 19:19:02.776245063 +0200
@@ -0,0 +1,124 @@
+# nfs: a unix-domain-socket should not be created as fifo
+# BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1244118
+# GERRIT: http://review.gluster.org/#/c/11710/
+
+diff -Naur glusterfs-3.5.2.orig/tests/bugs/nfs/socket-as-fifo.py glusterfs-3.5.2/tests/bugs/nfs/socket-as-fifo.py
+--- glusterfs-3.5.2.orig/tests/bugs/nfs/socket-as-fifo.py 1970-01-01 01:00:00.000000000 +0100
++++ glusterfs-3.5.2/tests/bugs/nfs/socket-as-fifo.py 2015-07-29 19:15:26.424372604 +0200
+@@ -0,0 +1,33 @@
++#!/usr/bin/env python
++#
++# Create a unix domain socket and test if it is a socket (and not a fifo/pipe).
++#
++# Author: Niels de Vos <ndevos@redhat.com>
++#
++
++import os
++import stat
++import sys
++import socket
++
++ret = 1
++
++if len(sys.argv) != 2:
++ print 'Usage: %s <socket>' % (sys.argv[0])
++ sys.exit(ret)
++
++path = sys.argv[1]
++
++sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
++sock.bind(path)
++
++stbuf = os.stat(path)
++mode = stbuf.st_mode
++
++if stat.S_ISSOCK(mode):
++ ret = 0
++
++sock.close()
++os.unlink(path)
++
++sys.exit(ret)
+diff -Naur glusterfs-3.5.2.orig/tests/bugs/nfs/socket-as-fifo.t glusterfs-3.5.2/tests/bugs/nfs/socket-as-fifo.t
+--- glusterfs-3.5.2.orig/tests/bugs/nfs/socket-as-fifo.t 1970-01-01 01:00:00.000000000 +0100
++++ glusterfs-3.5.2/tests/bugs/nfs/socket-as-fifo.t 2015-07-29 19:15:26.424372604 +0200
+@@ -0,0 +1,22 @@
++#!/bin/bash
++
++. $(dirname $0)/../../include.rc
++. $(dirname $0)/../../volume.rc
++. $(dirname $0)/../../nfs.rc
++
++cleanup;
++
++TEST glusterd
++TEST pidof glusterd
++
++TEST $CLI volume create $V0 $H0:$B0/$V0
++TEST $CLI volume start $V0
++EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available;
++TEST mount_nfs $H0:/$V0 $N0 nolock
++
++# this is the actual test
++TEST $(dirname $0)/socket-as-fifo.py $N0/not-a-fifo.socket
++
++TEST umount_nfs $N0
++
++cleanup
+diff -Naur glusterfs-3.5.2.orig/xlators/nfs/server/src/nfs3.c glusterfs-3.5.2/xlators/nfs/server/src/nfs3.c
+--- glusterfs-3.5.2.orig/xlators/nfs/server/src/nfs3.c 2014-07-31 13:05:35.000000000 +0200
++++ glusterfs-3.5.2/xlators/nfs/server/src/nfs3.c 2015-07-29 19:15:26.428372528 +0200
+@@ -3030,7 +3030,7 @@
+ }
+
+
+-int
++static int
+ nfs3_mknod_reply (rpcsvc_request_t *req, nfsstat3 stat, struct nfs3_fh *fh,
+ struct iatt *buf, struct iatt *preparent,
+ struct iatt *postparent)
+@@ -3126,7 +3126,7 @@
+ }
+
+
+-int
++static int
+ nfs3_mknod_device (nfs3_call_state_t *cs)
+ {
+ int ret = -EFAULT;
+@@ -3157,12 +3157,11 @@
+ }
+
+
+-int
+-nfs3_mknod_fifo (nfs3_call_state_t *cs)
++static int
++nfs3_mknod_fifo (nfs3_call_state_t *cs, mode_t mode)
+ {
+ int ret = -EFAULT;
+ nfs_user_t nfu = {0, };
+- mode_t mode = S_IFIFO;
+
+ if (!cs)
+ return ret;
+@@ -3181,7 +3180,7 @@
+ }
+
+
+-int
++static int
+ nfs3_mknod_resume (void *carg)
+ {
+ nfsstat3 stat = NFS3ERR_SERVERFAULT;
+@@ -3200,8 +3199,10 @@
+ ret = nfs3_mknod_device (cs);
+ break;
+ case NF3SOCK:
++ ret = nfs3_mknod_fifo (cs, S_IFSOCK);
++ break;
+ case NF3FIFO:
+- ret = nfs3_mknod_fifo (cs);
++ ret = nfs3_mknod_fifo (cs, S_IFIFO);
+ break;
+ default:
+ ret = -EBADF;
diff -Naur '--exclude=.svn' tags/3.5.2-2/debian/patches/series branches/jessie/debian/patches/series
--- tags/3.5.2-2/debian/patches/series 2015-04-13 18:13:29.871908878 +0200
+++ branches/jessie/debian/patches/series 2015-07-29 19:17:35.433912272 +0200
@@ -1 +1,2 @@
01-CVE-2014-3619.diff
+02-nfs-unix-domain-socket-created-as-fifo.diff
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: