Hello community, here is the log from the commit of package autofs for openSUSE:Factory checked in at 2017-10-23 16:41:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/autofs (Old) and /work/SRC/openSUSE:Factory/.autofs.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "autofs" Mon Oct 23 16:41:42 2017 rev:112 rq:535040 version:5.1.3 Changes: -------- --- /work/SRC/openSUSE:Factory/autofs/autofs.changes 2017-09-04 12:33:12.969719184 +0200 +++ /work/SRC/openSUSE:Factory/.autofs.new/autofs.changes 2017-10-23 16:41:42.737200070 +0200 @@ -1,0 +2,13 @@ +Wed Oct 18 21:03:57 UTC 2017 - [email protected] + +- fix ordering of seteuid/setegid in do_spawn (bsc#1062482). +- fix unset tsd group name handling (bsc#1062482). +- fix possible map instance memory leak (bsc#1038198). +- check map instances for staleness on map update (bsc#1038198). +- Added patches: + - autofs-5-1-3-check-map-instances-for-staleness-on-map-update.patch + - autofs-5-1-3-fix-ordering-of-seteuid-setegid-in-do_spawn.patch + - autofs-5-1-3-fix-possible-map-instance-memory-leak.patch + - autofs-5-1-3-fix-unset-tsd-group-name-handling.patch + +------------------------------------------------------------------- New: ---- autofs-5-1-3-check-map-instances-for-staleness-on-map-update.patch autofs-5-1-3-fix-ordering-of-seteuid-setegid-in-do_spawn.patch autofs-5-1-3-fix-possible-map-instance-memory-leak.patch autofs-5-1-3-fix-unset-tsd-group-name-handling.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ autofs.spec ++++++ --- /var/tmp/diff_new_pack.16iKXC/_old 2017-10-23 16:41:43.477165441 +0200 +++ /var/tmp/diff_new_pack.16iKXC/_new 2017-10-23 16:41:43.477165441 +0200 @@ -87,6 +87,14 @@ Patch102: autofs-5.1.1-dbus-udisks-monitor.patch # PATCH-FIX-OPENSUSE autofs-use-libldap_r-instead-of-libldap-for-thread-safety.patch [bsc#955477] Patch104: autofs-use-libldap_r-instead-of-libldap-for-thread-safety.patch +# PATCH-FIX-OPENSUSE autofs-5-1-3-fix-unset-tsd-group-name-handling.patch +Patch105: autofs-5-1-3-fix-unset-tsd-group-name-handling.patch +# PATCH-FIX-OPENSUSE autofs-5-1-3-fix-ordering-of-seteuid-setegid-in-do_spawn.patch +Patch106: autofs-5-1-3-fix-ordering-of-seteuid-setegid-in-do_spawn.patch +# PATCH-FIX-OPENSUSE autofs-5-1-3-fix-possible-map-instance-memory-leak.patch +Patch107: autofs-5-1-3-fix-possible-map-instance-memory-leak.patch +# PATCH-FIX-OPENSUSE autofs-5-1-3-check-map-instances-for-staleness-on-map-update.patch +Patch108: autofs-5-1-3-check-map-instances-for-staleness-on-map-update.patch Requires(pre): %fillup_prereq Requires(pre): aaa_base %if %{with_systemd} @@ -112,6 +120,10 @@ %patch101 -p1 %patch102 -p1 %patch104 -p1 +%patch105 -p1 +%patch106 -p1 +%patch107 -p1 +%patch108 -p1 %build autoreconf -fiv ++++++ autofs-5-1-3-check-map-instances-for-staleness-on-map-update.patch ++++++ From: Ian Kent <[email protected]> Subject: autofs-5.1.3 - check map instances for staleness on map update Patch-mainline: Submitted, https://www.spinics.net/lists/autofs/msg01707.html References: bsc#1038198 When there are multiple map source instances bypassing the cache update when any one of the map sources returns NSS_STATUS_UNAVAIL is too strong. When the map is marked not stale also check the instances before skipping the cache update. Signed-off-by: Ian Kent <[email protected]> Acked-by: Jeff Mahoney <[email protected]> --- daemon/lookup.c | 5 +++-- daemon/state.c | 2 +- include/master.h | 1 + lib/master.c | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/daemon/lookup.c b/daemon/lookup.c index 569fffaf..cb67e7d9 100644 --- a/daemon/lookup.c +++ b/daemon/lookup.c @@ -633,7 +633,8 @@ int lookup_nss_read_map(struct autofs_point *ap, struct map_source *source, time if (result == NSS_STATUS_UNKNOWN) continue; - /* Don't try to update the map cache if it's unavailable */ + /* Try to avoid updating the map cache if an instance + * is unavailable */ if (result == NSS_STATUS_UNAVAIL) map->stale = 0; @@ -1453,7 +1454,7 @@ int lookup_prune_cache(struct autofs_point *ap, time_t age) map = entry->maps; while (map) { /* Is the map stale */ - if (!map->stale) { + if (!map->stale && !check_stale_instances(map)) { map = map->next; continue; } diff --git a/daemon/state.c b/daemon/state.c index cd0dd939..72bba6af 100644 --- a/daemon/state.c +++ b/daemon/state.c @@ -512,7 +512,7 @@ static void *do_readmap(void *arg) map = ap->entry->maps; while (map) { /* Is map source up to date or no longer valid */ - if (!map->stale) { + if (!map->stale && !check_stale_instances(map)) { map = map->next; continue; } diff --git a/include/master.h b/include/master.h index 087ddbe6..e1d272fb 100644 --- a/include/master.h +++ b/include/master.h @@ -97,6 +97,7 @@ struct map_source * master_find_source_instance(struct map_source *, const char *, const char *, int, const char **); struct map_source * master_add_source_instance(struct map_source *, const char *, const char *, time_t, int, const char **); +int check_stale_instances(struct map_source *); void clear_stale_instances(struct map_source *); void send_map_update_request(struct autofs_point *); void master_source_writelock(struct master_mapent *); diff --git a/lib/master.c b/lib/master.c index 142f97ed..22b1522a 100644 --- a/lib/master.c +++ b/lib/master.c @@ -521,7 +521,7 @@ master_add_source_instance(struct map_source *source, const char *type, const ch return new; } -static int check_stale_instances(struct map_source *source) +int check_stale_instances(struct map_source *source) { struct map_source *map; ++++++ autofs-5-1-3-fix-ordering-of-seteuid-setegid-in-do_spawn.patch ++++++ From: Jeff Mahoney <[email protected]> Subject: autofs-5.1.3 - fix ordering of seteuid/setegid in do_spawn Patch-mainline: Submitted, http://www.spinics.net/lists/autofs/msg01749.html References: bsc#1062482 In do_spawn, We call seteuid() prior to calling setegid() which means that, when we're using an unprivileged uid, we won't have permissions to set the effective group anymore. We also don't touch the group memberships so the permissions used to open the directory will will include all of root's supplementary groups and none of the user's. This patch reverses the ordering and uses initgroups() to reset the supplementary groups to the unprivileged user's groups. Signed-off-by: Jeff Mahoney <[email protected]> --- daemon/spawn.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/daemon/spawn.c b/daemon/spawn.c index c640d97..62e9f02 100644 --- a/daemon/spawn.c +++ b/daemon/spawn.c @@ -20,6 +20,7 @@ #include <string.h> #include <sys/types.h> #include <dirent.h> +#include <grp.h> #include <time.h> #include <poll.h> #include <sys/wait.h> @@ -195,8 +196,18 @@ static int do_spawn(unsigned logopt, unsigned int wait, * program group to trigger mount */ if (euid) { - seteuid(euid); - setegid(egid); + if (initgroups(tsv->user, egid) == -1) + fprintf(stderr, + "warning: initgroups: %s\n", + strerror(errno)); + if (setegid(egid) == -1) + fprintf(stderr, + "warning: setegid: %s\n", + strerror(errno)); + if (seteuid(euid) == -1) + fprintf(stderr, + "warning: seteuid: %s\n", + strerror(errno)); } setpgrp(); ++++++ autofs-5-1-3-fix-possible-map-instance-memory-leak.patch ++++++ From: Ian Kent <[email protected]> Subject: autofs-5.1.3 - fix possible map instance memory leak Patch-mainline: Submitted, https://www.spinics.net/lists/autofs/msg01706.html References: bsc#1038198 When using a temporary map unconditionally updating the original map instance pointer will lead to a memory leak when the instance pointer is already set (among other problems). Signed-off-by: Ian Kent <[email protected]> Acked-by: Jeff Mahoney <[email protected]> --- daemon/lookup.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/daemon/lookup.c b/daemon/lookup.c index 583d3d37..569fffaf 100644 --- a/daemon/lookup.c +++ b/daemon/lookup.c @@ -536,7 +536,8 @@ static enum nsswitch_status read_map_source(struct nss_source *this, result = read_file_source_instance(ap, &tmap, age); pthread_cleanup_pop(1); - map->instance = tmap.instance; + if (!map->instance) + map->instance = tmap.instance; return result; } @@ -1089,7 +1090,8 @@ static enum nsswitch_status lookup_map_name(struct nss_source *this, result = lookup_name_file_source_instance(ap, &tmap, name, name_len); - map->instance = tmap.instance; + if (!map->instance) + map->instance = tmap.instance; /* path is freed in free_argv */ free_argv(tmap.argc, tmap.argv); ++++++ autofs-5-1-3-fix-unset-tsd-group-name-handling.patch ++++++ From: Ian Kent <[email protected]> Subject: autofs-5.1.3 - fix unset tsd group name handling Patch-mainline: Submitted, http://www.spinics.net/lists/autofs/msg01725.html References: bsc#1062482 Commit 1a64a6bbc5 changed set_tsd_user_vars() to set thread specific values even if the group name could not be obtained. But the structure holding the values was not initialized on allocation so the group field might not be NULL when no group name is available. Also the macro addition and removal functions didn't properly handle a macro value of NULL. Signed-off-by: Ian Kent <[email protected]> Reported-by: Donald Buczek <[email protected]> Acked-by: Jeff Mahoney <[email protected]> --- lib/macros.c | 8 +++++--- lib/mounts.c | 1 + 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/macros.c b/lib/macros.c index ff9ba89..dfdca85 100644 --- a/lib/macros.c +++ b/lib/macros.c @@ -281,18 +281,20 @@ macro_addvar(struct substvar *table, const char *str, int len, const char *value } if (lv) { - char *this = malloc(strlen(value) + 1); + const char *val = value ? value : ""; + char *this = malloc(strlen(val) + 1); if (!this) { lv = table; goto done; } - strcpy(this, value); + strcpy(this, val); free(lv->val); lv->val = this; if (lv != table) lv = table; } else { struct substvar *new; + const char *this = value ? value : ""; char *def, *val; def = strdup(str); @@ -302,7 +304,7 @@ macro_addvar(struct substvar *table, const char *str, int len, const char *value } def[len] = '\0'; - val = strdup(value); + val = strdup(this); if (!val) { lv = table; free(def); diff --git a/lib/mounts.c b/lib/mounts.c index ce6a60a..0b38bd8 100644 --- a/lib/mounts.c +++ b/lib/mounts.c @@ -1463,6 +1463,7 @@ void set_tsd_user_vars(unsigned int logopt, uid_t uid, gid_t gid) error(logopt, "failed alloc tsv storage"); return; } + memset(tsv, 0, sizeof(struct thread_stdenv_vars)); tsv->uid = uid; tsv->gid = gid;
