Your message dated Fri, 19 May 2023 17:24:20 +0000
with message-id <[email protected]>
and subject line unblock autofs
has caused the Debian Bug report #1036345,
regarding unblock: autofs/5.1.8-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1036345: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036345
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package autofs
It was discovered by upstream that a previous patch introduced a
regression that leads to autofs connecting to rpcbind for NFSv4-only NFS
mounts. Upstream's fix for that has now been cherry-picked into autofs
5.1.8-2.
[ Reason ]
+ [ Mike Gabriel ]
+ * debian/patches:
+ + Add fix-nfs4-only-mounts-should-not-use-rpcbind.patch. Don't let NFSv4-
+ only mounts use rpcbind portmapper service. (Closes: #1034261).
-> This is the cherry-pick patch. Encouraged by Salvatore from the
security team (though not with security team's hat on).
+ * debian/control:
+ + Bump Standards-Version: to 4.6.2. No changes needed.
-> This change was already in Git (with 4.6.1, but well...). So, I kept/updated
it.
+ * lintian:
+ + Adjust syntax of various overrides.
-> Make lintian happy again, add square brackets around path names.
[ Impact ]
Impact on NFSv4-mounts in autofs.
[ Tests ]
Code review. Upstream-sanctioned patch.
[ Risks ]
Breaking of autofs with NFS.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
None
unblock autofs/5.1.8-2
diff -Nru autofs-5.1.8/debian/autofs.lintian-overrides
autofs-5.1.8/debian/autofs.lintian-overrides
--- autofs-5.1.8/debian/autofs.lintian-overrides 2021-02-04
13:31:22.000000000 +0100
+++ autofs-5.1.8/debian/autofs.lintian-overrides 2023-05-19
10:25:31.000000000 +0200
@@ -1,5 +1,5 @@
# autofs 5.1.7 introduces autofs.a as a shared library, but we will ignore
this for now
-sharedobject-in-library-directory-missing-soname
usr/lib/x86_64-linux-gnu/libautofs.so
+sharedobject-in-library-directory-missing-soname
[usr/lib/x86_64-linux-gnu/libautofs.so]
# autofs.8 man page explains the overall concept of autofs
-spare-manual-page usr/share/man/man8/autofs.8.gz
+spare-manual-page [usr/share/man/man8/autofs.8.gz]
diff -Nru autofs-5.1.8/debian/changelog autofs-5.1.8/debian/changelog
--- autofs-5.1.8/debian/changelog 2021-12-01 23:52:49.000000000 +0100
+++ autofs-5.1.8/debian/changelog 2023-05-19 10:25:31.000000000 +0200
@@ -1,3 +1,16 @@
+autofs (5.1.8-2) unstable; urgency=medium
+
+ [ Mike Gabriel ]
+ * debian/patches:
+ + Add fix-nfs4-only-mounts-should-not-use-rpcbind.patch. Don't let NFSv4-
+ only mounts use rpcbind portmapper service. (Closes: #1034261).
+ * debian/control:
+ + Bump Standards-Version: to 4.6.2. No changes needed.
+ * lintian:
+ + Adjust syntax of various overrides.
+
+ -- Mike Gabriel <[email protected]> Fri, 19 May 2023 10:25:31 +0200
+
autofs (5.1.8-1) unstable; urgency=medium
* New upstream release.
diff -Nru autofs-5.1.8/debian/control autofs-5.1.8/debian/control
--- autofs-5.1.8/debian/control 2021-12-01 23:52:23.000000000 +0100
+++ autofs-5.1.8/debian/control 2023-05-19 10:24:47.000000000 +0200
@@ -20,7 +20,7 @@
sssd-common,
libtirpc-dev,
Rules-Requires-Root: no
-Standards-Version: 4.6.0
+Standards-Version: 4.6.2
Homepage: https://www.kernel.org/pub/linux/daemons/autofs/v5/
Vcs-Browser: https://salsa.debian.org/debian/autofs/
Vcs-Git: https://salsa.debian.org/debian/autofs.git
diff -Nru
autofs-5.1.8/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch
autofs-5.1.8/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch
---
autofs-5.1.8/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch
1970-01-01 01:00:00.000000000 +0100
+++
autofs-5.1.8/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch
2023-05-19 10:21:20.000000000 +0200
@@ -0,0 +1,106 @@
+From 80845bbcbc264f19c6c6a81d680e1f2b1ea6d3cc Mon Sep 17 00:00:00 2001
+From: Ian Kent <[email protected]>
+Date: Sun, 31 Oct 2021 07:36:16 +0800
+Subject: autofs-5.1.8 - fix nfsv4 only mounts should not use rpcbind
+
+Commit 606795ecfaa1 ("autofs-5.1.7 - also require TCP_REQUESTED when
+setting NFS port" together with commit 26fb6b5408be) caused NFSv4 only
+mounts to also use rpcbind to probe availability which breaks the
+requirememt that this type of mount not use rpcbind at all.
+
+Fix this by treating fstype=nfs4 mounts as a special case which doesn't
+use rpcbind.
+
+Signed-off-by: Ian Kent <[email protected]>
+---
+# CHANGELOG | 1 +
+ include/replicated.h | 2 ++
+ modules/mount_nfs.c | 13 +++++++------
+ modules/replicated.c | 4 ++--
+ 4 files changed, 12 insertions(+), 8 deletions(-)
+
+#diff --git a/CHANGELOG b/CHANGELOG
+#index 575f186..4e5e82d 100644
+#--- a/CHANGELOG
+#+++ b/CHANGELOG
+#@@ -8,6 +8,7 @@
+# - dont fail on duplicate offset entry tree add.
+# - fix loop under run in cache_get_offset_parent().
+# - bailout on rpc systemerror.
+#+- fix nfsv4 only mounts should not use rpcbind.
+#
+# 19/10/2021 autofs-5.1.8
+# - add xdr_exports().
+diff --git a/include/replicated.h b/include/replicated.h
+index 95ff1f0..f889a56 100644
+--- a/include/replicated.h
++++ b/include/replicated.h
+@@ -35,6 +35,8 @@
+ #define NFS3_REQUESTED NFS3_SUPPORTED
+ #define NFS4_REQUESTED NFS4_SUPPORTED
+
++#define NFS4_ONLY_REQUESTED 0x0800
++
+ #define TCP_SUPPORTED 0x0001
+ #define UDP_SUPPORTED 0x0002
+ #define TCP_REQUESTED TCP_SUPPORTED
+diff --git a/modules/mount_nfs.c b/modules/mount_nfs.c
+index 0ab87dc..feb5afc 100644
+--- a/modules/mount_nfs.c
++++ b/modules/mount_nfs.c
+@@ -92,7 +92,7 @@ int mount_mount(struct autofs_point *ap, const char *root,
const char *name, int
+ mount_default_proto = defaults_get_mount_nfs_default_proto();
+ vers = NFS_VERS_DEFAULT | NFS_PROTO_DEFAULT;
+ if (strcmp(fstype, "nfs4") == 0)
+- vers = NFS4_VERS_DEFAULT | TCP_SUPPORTED;
++ vers = NFS4_VERS_DEFAULT | TCP_SUPPORTED | NFS4_ONLY_REQUESTED;
+ else if (mount_default_proto == 4)
+ vers = vers | NFS4_VERS_DEFAULT;
+
+@@ -157,15 +157,16 @@ int mount_mount(struct autofs_point *ap, const char
*root, const char *name, int
+ } else {
+ /* Is any version of NFSv4 in the options */
+ if (_strncmp("vers=4", cp, 6) == 0 ||
+- _strncmp("nfsvers=4", cp, 9) == 0)
+- vers = NFS4_VERS_MASK | TCP_SUPPORTED;
+- else if (_strncmp("vers=3", cp, o_len) == 0 ||
++ _strncmp("nfsvers=4", cp, 9) == 0) {
++ vers &= ~(NFS_VERS_MASK);
++ vers |= NFS4_VERS_MASK | TCP_SUPPORTED
| NFS4_ONLY_REQUESTED;
++ } else if (_strncmp("vers=3", cp, o_len) == 0 ||
+ _strncmp("nfsvers=3", cp, o_len) == 0)
{
+- vers &= ~(NFS4_VERS_MASK |
NFS_VERS_MASK);
++ vers &= ~(NFS4_VERS_MASK |
NFS_VERS_MASK | NFS4_ONLY_REQUESTED);
+ vers |= NFS3_REQUESTED;
+ } else if (_strncmp("vers=2", cp, o_len) == 0 ||
+ _strncmp("nfsvers=2", cp, o_len) == 0)
{
+- vers &= ~(NFS4_VERS_MASK |
NFS_VERS_MASK);
++ vers &= ~(NFS4_VERS_MASK |
NFS_VERS_MASK | NFS4_ONLY_REQUESTED);
+ vers |= NFS2_REQUESTED;
+ } else if (strstr(cp, "port=") == cp &&
+ o_len - 5 < 25) {
+diff --git a/modules/replicated.c b/modules/replicated.c
+index 09075dd..cdb7c61 100644
+--- a/modules/replicated.c
++++ b/modules/replicated.c
+@@ -291,7 +291,7 @@ static unsigned int get_nfs_info(unsigned logopt, struct
host *host,
+
+ rpc_info->proto = proto;
+ if (port < 0) {
+- if ((version & NFS4_REQUESTED) && (version & TCP_REQUESTED))
++ if (version & NFS4_REQUESTED && (version & NFS4_ONLY_REQUESTED))
+ rpc_info->port = NFS_PORT;
+ else
+ port = 0;
+@@ -525,7 +525,7 @@ static int get_vers_and_cost(unsigned logopt, struct host
*host,
+ {
+ struct conn_info pm_info, rpc_info;
+ time_t timeout = RPC_TIMEOUT;
+- unsigned int supported, vers = (NFS_VERS_MASK | NFS4_VERS_MASK);
++ unsigned int supported, vers = (NFS_VERS_MASK | NFS4_VERS_MASK |
NFS4_ONLY_REQUESTED);
+ int ret = 0;
+
+ if (!check_address_proto(logopt, host, version))
+--
+cgit
+
diff -Nru autofs-5.1.8/debian/patches/series autofs-5.1.8/debian/patches/series
--- autofs-5.1.8/debian/patches/series 2021-02-04 13:13:20.000000000 +0100
+++ autofs-5.1.8/debian/patches/series 2023-05-19 10:20:51.000000000 +0200
@@ -9,3 +9,4 @@
spelling-error-fixes.patch
fix-lookup-ldap-crash.patch
fix-nfs4-mounts-in-auto-net.patch
+fix-nfs4-only-mounts-should-not-use-rpcbind.patch
--- End Message ---
--- Begin Message ---
Unblocked.
--- End Message ---
