Hello Utkarsh, or anyone else affected, Accepted keyutils into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/keyutils/1.6-6ubuntu1.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to keyutils in Ubuntu. https://bugs.launchpad.net/bugs/1962453 Title: Apply default TTL to records obtained from getaddrinfo() Status in keyutils package in Ubuntu: Fix Released Status in keyutils source package in Bionic: Fix Released Status in keyutils source package in Focal: Fix Committed Status in keyutils source package in Impish: Fix Committed Status in keyutils source package in Jammy: Fix Released Bug description: [Impact] ======== There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS resolution. The keyutils package contains the userspace utility to update the kernel keyring with the DNS mapping to IP address. Prior to 1.6.2, this utility may erroneously set unlimited lifetime for this keyring in the kernel. [Test plan] =========== 1. Create a file share on an SMB server (can be a samba server) with two IP addresses. Make sure that FQDN of the server resolves to one of these addresses. 2. mount the created share on the cifs client using the FQDN for the server. Make sure that the mount point is accessible. 3. Using the ss command on the client, to kill the sockets that connect to the server: sudo ss -K dport :445 4. Now update the DNS entry to make sure that the server FQDN now resolves to the second IP address of the server. Make sure that nslookup on the client now resolves to the new IP address. 5. Repeat step 3 to kill the sockets that connect to server to force re-connection again. Without the fix, after step 5, with the "ss -t" command, you'll see that the client has reconnected to the old IP address, even when DNS lookups return the new IP. With the fix (after a reboot of the client machine to make sure that kernel keys are refreshed), you'll see that the client reconnects to the new IP address. The bug is due to unlimited lifetime set by key.dns_resolver (which is part of keyutils package). As a result, even if IP address for the DNS entries change, the kernel filesystems would continue to use old IP address, due to the cached keys. This issue causes clients to misbehave when Azure Files service endpoints move to a different cluster. [Where problems could occur] ============================ Address records obtained from getaddrinfo() don't come with any TTL information, even if they're obtained from the DNS, so if someone is relying on this particularly, might face some problem/regression but I don't think they would face that as it would still be highly configurable. [Other information] =================== This request is essentially from one of our cloud partners and they're highly affected by this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
