[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1036345: marked as done (unblock: autofs/5.1.8-2)

Your message dated Fri, 19 May 2023 17:24:20 +0000
with message-id <E1q03q0-007UHM-PH@respighi.debian.org>
and subject line unblock autofs
has caused the Debian Bug report #1036345,
regarding unblock: autofs/5.1.8-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1036345: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036345
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package autofs

It was discovered by upstream that a previous patch introduced a
regression that leads to autofs connecting to rpcbind for NFSv4-only NFS
mounts. Upstream's fix for that has now been cherry-picked into autofs
5.1.8-2.

[ Reason ]

+  [ Mike Gabriel ]
+  * debian/patches:
+    + Add fix-nfs4-only-mounts-should-not-use-rpcbind.patch. Don't let NFSv4-
+      only mounts use rpcbind portmapper service. (Closes: #1034261).

-> This is the cherry-pick patch. Encouraged by Salvatore from the
security team (though not with security team's hat on).

+  * debian/control:
+    + Bump Standards-Version: to 4.6.2. No changes needed.

-> This change was already in Git (with 4.6.1, but well...). So, I kept/updated it.

+  * lintian:
+    + Adjust syntax of various overrides.

-> Make lintian happy again, add square brackets around path names.

[ Impact ]
Impact on NFSv4-mounts in autofs.

[ Tests ]
Code review. Upstream-sanctioned patch.

[ Risks ]
Breaking of autofs with NFS.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
None

unblock autofs/5.1.8-2

diff -Nru autofs-5.1.8/debian/autofs.lintian-overrides autofs-5.1.8/debian/autofs.lintian-overrides
--- autofs-5.1.8/debian/autofs.lintian-overrides	2021-02-04 13:31:22.000000000 +0100
+++ autofs-5.1.8/debian/autofs.lintian-overrides	2023-05-19 10:25:31.000000000 +0200
@@ -1,5 +1,5 @@
 # autofs 5.1.7 introduces autofs.a as a shared library, but we will ignore this for now
-sharedobject-in-library-directory-missing-soname usr/lib/x86_64-linux-gnu/libautofs.so
+sharedobject-in-library-directory-missing-soname [usr/lib/x86_64-linux-gnu/libautofs.so]
 
 # autofs.8 man page explains the overall concept of autofs
-spare-manual-page usr/share/man/man8/autofs.8.gz
+spare-manual-page [usr/share/man/man8/autofs.8.gz]
diff -Nru autofs-5.1.8/debian/changelog autofs-5.1.8/debian/changelog
--- autofs-5.1.8/debian/changelog	2021-12-01 23:52:49.000000000 +0100
+++ autofs-5.1.8/debian/changelog	2023-05-19 10:25:31.000000000 +0200
@@ -1,3 +1,16 @@
+autofs (5.1.8-2) unstable; urgency=medium
+
+  [ Mike Gabriel ]
+  * debian/patches:
+    + Add fix-nfs4-only-mounts-should-not-use-rpcbind.patch. Don't let NFSv4-
+      only mounts use rpcbind portmapper service. (Closes: #1034261).
+  * debian/control:
+    + Bump Standards-Version: to 4.6.2. No changes needed.
+  * lintian:
+    + Adjust syntax of various overrides.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Fri, 19 May 2023 10:25:31 +0200
+
 autofs (5.1.8-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru autofs-5.1.8/debian/control autofs-5.1.8/debian/control
--- autofs-5.1.8/debian/control	2021-12-01 23:52:23.000000000 +0100
+++ autofs-5.1.8/debian/control	2023-05-19 10:24:47.000000000 +0200
@@ -20,7 +20,7 @@
  sssd-common,
  libtirpc-dev,
 Rules-Requires-Root: no
-Standards-Version: 4.6.0
+Standards-Version: 4.6.2
 Homepage: https://www.kernel.org/pub/linux/daemons/autofs/v5/
 Vcs-Browser: https://salsa.debian.org/debian/autofs/
 Vcs-Git: https://salsa.debian.org/debian/autofs.git
diff -Nru autofs-5.1.8/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch autofs-5.1.8/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch
--- autofs-5.1.8/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch	1970-01-01 01:00:00.000000000 +0100
+++ autofs-5.1.8/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch	2023-05-19 10:21:20.000000000 +0200
@@ -0,0 +1,106 @@
+From 80845bbcbc264f19c6c6a81d680e1f2b1ea6d3cc Mon Sep 17 00:00:00 2001
+From: Ian Kent <raven@themaw.net>
+Date: Sun, 31 Oct 2021 07:36:16 +0800
+Subject: autofs-5.1.8 - fix nfsv4 only mounts should not use rpcbind
+
+Commit 606795ecfaa1 ("autofs-5.1.7 - also require TCP_REQUESTED when
+setting NFS port" together with commit 26fb6b5408be) caused NFSv4 only
+mounts to also use rpcbind to probe availability which breaks the
+requirememt that this type of mount not use rpcbind at all.
+
+Fix this by treating fstype=nfs4 mounts as a special case which doesn't
+use rpcbind.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+# CHANGELOG            |  1 +
+ include/replicated.h |  2 ++
+ modules/mount_nfs.c  | 13 +++++++------
+ modules/replicated.c |  4 ++--
+ 4 files changed, 12 insertions(+), 8 deletions(-)
+
+#diff --git a/CHANGELOG b/CHANGELOG
+#index 575f186..4e5e82d 100644
+#--- a/CHANGELOG
+#+++ b/CHANGELOG
+#@@ -8,6 +8,7 @@
+# - dont fail on duplicate offset entry tree add.
+# - fix loop under run in cache_get_offset_parent().
+# - bailout on rpc systemerror.
+#+- fix nfsv4 only mounts should not use rpcbind.
+# 
+# 19/10/2021 autofs-5.1.8
+# - add xdr_exports().
+diff --git a/include/replicated.h b/include/replicated.h
+index 95ff1f0..f889a56 100644
+--- a/include/replicated.h
++++ b/include/replicated.h
+@@ -35,6 +35,8 @@
+ #define NFS3_REQUESTED		NFS3_SUPPORTED
+ #define NFS4_REQUESTED		NFS4_SUPPORTED
+ 
++#define NFS4_ONLY_REQUESTED	0x0800
++
+ #define TCP_SUPPORTED		0x0001
+ #define UDP_SUPPORTED		0x0002
+ #define TCP_REQUESTED		TCP_SUPPORTED
+diff --git a/modules/mount_nfs.c b/modules/mount_nfs.c
+index 0ab87dc..feb5afc 100644
+--- a/modules/mount_nfs.c
++++ b/modules/mount_nfs.c
+@@ -92,7 +92,7 @@ int mount_mount(struct autofs_point *ap, const char *root, const char *name, int
+ 	mount_default_proto = defaults_get_mount_nfs_default_proto();
+ 	vers = NFS_VERS_DEFAULT | NFS_PROTO_DEFAULT;
+ 	if (strcmp(fstype, "nfs4") == 0)
+-		vers = NFS4_VERS_DEFAULT | TCP_SUPPORTED;
++		vers = NFS4_VERS_DEFAULT | TCP_SUPPORTED | NFS4_ONLY_REQUESTED;
+ 	else if (mount_default_proto == 4)
+ 		vers = vers | NFS4_VERS_DEFAULT;
+ 
+@@ -157,15 +157,16 @@ int mount_mount(struct autofs_point *ap, const char *root, const char *name, int
+ 			} else {
+ 				/* Is any version of NFSv4 in the options */
+ 				if (_strncmp("vers=4", cp, 6) == 0 ||
+-				    _strncmp("nfsvers=4", cp, 9) == 0)
+-					vers = NFS4_VERS_MASK | TCP_SUPPORTED;
+-				else if (_strncmp("vers=3", cp, o_len) == 0 ||
++				    _strncmp("nfsvers=4", cp, 9) == 0) {
++					vers &= ~(NFS_VERS_MASK);
++					vers |= NFS4_VERS_MASK | TCP_SUPPORTED | NFS4_ONLY_REQUESTED;
++				} else if (_strncmp("vers=3", cp, o_len) == 0 ||
+ 					 _strncmp("nfsvers=3", cp, o_len) == 0) {
+-					vers &= ~(NFS4_VERS_MASK | NFS_VERS_MASK);
++					vers &= ~(NFS4_VERS_MASK | NFS_VERS_MASK | NFS4_ONLY_REQUESTED);
+ 					vers |= NFS3_REQUESTED;
+ 				} else if (_strncmp("vers=2", cp, o_len) == 0 ||
+ 					 _strncmp("nfsvers=2", cp, o_len) == 0) {
+-					vers &= ~(NFS4_VERS_MASK | NFS_VERS_MASK);
++					vers &= ~(NFS4_VERS_MASK | NFS_VERS_MASK | NFS4_ONLY_REQUESTED);
+ 					vers |= NFS2_REQUESTED;
+ 				} else if (strstr(cp, "port=") == cp &&
+ 					 o_len - 5 < 25) {
+diff --git a/modules/replicated.c b/modules/replicated.c
+index 09075dd..cdb7c61 100644
+--- a/modules/replicated.c
++++ b/modules/replicated.c
+@@ -291,7 +291,7 @@ static unsigned int get_nfs_info(unsigned logopt, struct host *host,
+ 
+ 	rpc_info->proto = proto;
+ 	if (port < 0) {
+-		if ((version & NFS4_REQUESTED) && (version & TCP_REQUESTED))
++		if (version & NFS4_REQUESTED && (version & NFS4_ONLY_REQUESTED))
+ 			rpc_info->port = NFS_PORT;
+ 		else
+ 			port = 0;
+@@ -525,7 +525,7 @@ static int get_vers_and_cost(unsigned logopt, struct host *host,
+ {
+ 	struct conn_info pm_info, rpc_info;
+ 	time_t timeout = RPC_TIMEOUT;
+-	unsigned int supported, vers = (NFS_VERS_MASK | NFS4_VERS_MASK);
++	unsigned int supported, vers = (NFS_VERS_MASK | NFS4_VERS_MASK | NFS4_ONLY_REQUESTED);
+ 	int ret = 0;
+ 
+ 	if (!check_address_proto(logopt, host, version))
+-- 
+cgit 
+
diff -Nru autofs-5.1.8/debian/patches/series autofs-5.1.8/debian/patches/series
--- autofs-5.1.8/debian/patches/series	2021-02-04 13:13:20.000000000 +0100
+++ autofs-5.1.8/debian/patches/series	2023-05-19 10:20:51.000000000 +0200
@@ -9,3 +9,4 @@
 spelling-error-fixes.patch
 fix-lookup-ldap-crash.patch
 fix-nfs4-mounts-in-auto-net.patch
+fix-nfs4-only-mounts-should-not-use-rpcbind.patch

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---
Reply to: