From 3ff3f156ab2c425ccb16e07ea4a1556e6e2c3db5 Mon Sep 17 00:00:00 2001 From: SuperSix173 Date: Tue, 10 Sep 2024 17:07:43 +0800 Subject: [PATCH 1/2] backport bugfix patch from community (cherry picked from commit 4a3e8d4a57053d0559873086e0df880a53ca3256) --- 0006-nfsidmap-fix-a-memory-leak.patch | 29 ++++++++++++++ ...ce-has-status-failed-due-to-segfault.patch | 39 +++++++++++++++++++ nfs-utils.spec | 7 +++- 3 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 0006-nfsidmap-fix-a-memory-leak.patch create mode 100644 0007-rpc-gssd-service-has-status-failed-due-to-segfault.patch diff --git a/0006-nfsidmap-fix-a-memory-leak.patch b/0006-nfsidmap-fix-a-memory-leak.patch new file mode 100644 index 0000000..8ead006 --- /dev/null +++ b/0006-nfsidmap-fix-a-memory-leak.patch @@ -0,0 +1,29 @@ +From 131ec613bab84b7894e428375cc360bb82a336a3 Mon Sep 17 00:00:00 2001 +From: Steve Dickson +Date: Tue, 23 Jul 2024 12:06:28 -0400 +Subject: [PATCH] nfsidmap: Fix a memory leak + +Reported-by: Zhang Yaqi +Signed-off-by: Steve Dickson + +Reference:https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=131ec613bab84b7894e428375cc360bb82a336a3 +Conflict:no +--- + support/nfsidmap/umich_ldap.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/support/nfsidmap/umich_ldap.c b/support/nfsidmap/umich_ldap.c +index 1aa2af4..0f88ba4 100644 +--- a/support/nfsidmap/umich_ldap.c ++++ b/support/nfsidmap/umich_ldap.c +@@ -200,6 +200,7 @@ static int set_krb5_ccname(const char *krb5_ccache_name) + IDMAP_LOG(5, ("Failed to set creds cache for kerberos, err(%d)", + retval)); + } ++ free(env); + #endif /* else HAVE_GSS_KRB5_CCACHE_NAME */ + out: + return retval; +-- +1.8.3.1 + \ No newline at end of file diff --git a/0007-rpc-gssd-service-has-status-failed-due-to-segfault.patch b/0007-rpc-gssd-service-has-status-failed-due-to-segfault.patch new file mode 100644 index 0000000..06a2578 --- /dev/null +++ b/0007-rpc-gssd-service-has-status-failed-due-to-segfault.patch @@ -0,0 +1,39 @@ +From 92995e0d38dc00e930c562cf936220f83c09d082 Mon Sep 17 00:00:00 2001 +From: Paulo Andrade +Date: Tue, 23 Jul 2024 12:03:30 -0400 +Subject: [PATCH] rpc-gssd.service has status failed (due to rpc.gssd segfault) + +Ensure strings are not NULL before doing a strdup() in error path. + +Fixes: https://issues.redhat.com/browse/RHEL-43286 +Signed-off-by: Steve Dickson + +Reference:https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=92995e0d38dc00e930c562cf936220f83c09d082 +Conflict:no +--- + utils/gssd/gssd.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c +index d7a2822..01ce7d1 100644 +--- a/utils/gssd/gssd.c ++++ b/utils/gssd/gssd.c +@@ -365,12 +365,12 @@ gssd_read_service_info(int dirfd, struct clnt_info *clp) + + fail: + printerr(0, "ERROR: failed to parse %s/info\n", clp->relpath); +- clp->upcall_address = strdup(address); +- clp->upcall_port = strdup(port); ++ clp->upcall_address = address ? strdup(address) : NULL; ++ clp->upcall_port = port ? strdup(port) : NULL; + clp->upcall_program = program; + clp->upcall_vers = version; +- clp->upcall_protoname = strdup(protoname); +- clp->upcall_service = strdup(service); ++ clp->upcall_protoname = protoname ? strdup(protoname) : NULL; ++ clp->upcall_service = service ? strdup(service) : NULL; + free(servername); + free(protoname); + clp->servicename = NULL; +-- +1.8.3.1 \ No newline at end of file diff --git a/nfs-utils.spec b/nfs-utils.spec index 2705e42..e93f394 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -4,7 +4,7 @@ Name: nfs-utils Version: 2.6.3 -Release: 1 +Release: 2 Epoch: 2 Summary: The Linux NFS userland utility package License: MIT and GPLv2 and GPLv2+ and BSD @@ -18,6 +18,8 @@ Patch2: 0002-nfs-utils-set-use-gss-proxy-1-to-enable-gss-proxy-by.patch Patch3: 0003-export-fix-handling-of-error-from-match_fsid.patch Patch4: 0004-export-move-cache_open-before-workers-are-forked.patch Patch5: 0005-gssd-fix-handling-DNS-lookup-failure.patch +Patch6: 0006-nfsidmap-fix-a-memory-leak.patch +Patch7: 0007-rpc-gssd-service-has-status-failed-due-to-segfault.patch BuildRequires: libevent-devel,libcap-devel, libtirpc-devel libblkid-devel BuildRequires: krb5-libs >= 1.4 autoconf >= 2.57 openldap-devel >= 2.2 @@ -290,6 +292,9 @@ fi %{_mandir}/*/* %changelog +* Tue Sep 10 2024 zhangjian - 2:2.6.3-2 +- backport bugfix patches from community + * Wed Jan 10 2024 wuguanghao - 2:2.6.3-1 - upgrade version to 2.6.3 -- Gitee From b233ecea9dd9e39d40289715224c26f8447b0f81 Mon Sep 17 00:00:00 2001 From: zhangjian Date: Mon, 18 Nov 2024 10:55:23 +0800 Subject: [PATCH 2/2] backport patches from upstream commutinity Signed-off-by: zhangjian --- ...ed-a-regression-in-the-junction-code.patch | 30 +++++++++++ ...to-get-the-domain-directly-from-host.patch | 53 +++++++++++++++++++ nfs-utils.spec | 9 +++- 3 files changed, 90 insertions(+), 2 deletions(-) create mode 100644 0008-fixed-a-regression-in-the-junction-code.patch create mode 100644 0009-libnfsidmap-try-to-get-the-domain-directly-from-host.patch diff --git a/0008-fixed-a-regression-in-the-junction-code.patch b/0008-fixed-a-regression-in-the-junction-code.patch new file mode 100644 index 0000000..cec6548 --- /dev/null +++ b/0008-fixed-a-regression-in-the-junction-code.patch @@ -0,0 +1,30 @@ +From 7916134e5d9b1641effd3b6d964c806a09cfdcee Mon Sep 17 00:00:00 2001 +From: Steve Dickson +Date: Thu, 10 Aug 2023 11:57:39 -0400 +Subject: [PATCH] Fixed a regression in the junction code + +commit cdbef4e9 created a regression in the +in the junction code by adding a O_PATH flag +to the open() in junction_open_path() + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2213669 +Signed-off-by: Steve Dickson +--- + support/junction/junction.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/support/junction/junction.c b/support/junction/junction.c +index 0628bb0f..c1ec8ff8 100644 +--- a/support/junction/junction.c ++++ b/support/junction/junction.c +@@ -63,7 +63,7 @@ junction_open_path(const char *pathname, int *fd) + if (pathname == NULL || fd == NULL) + return FEDFS_ERR_INVAL; + +- tmp = open(pathname, O_PATH|O_DIRECTORY); ++ tmp = open(pathname, O_DIRECTORY); + if (tmp == -1) { + switch (errno) { + case EPERM: +-- +2.39.2 (Apple Git-143) diff --git a/0009-libnfsidmap-try-to-get-the-domain-directly-from-host.patch b/0009-libnfsidmap-try-to-get-the-domain-directly-from-host.patch new file mode 100644 index 0000000..9fd9316 --- /dev/null +++ b/0009-libnfsidmap-try-to-get-the-domain-directly-from-host.patch @@ -0,0 +1,53 @@ +From 90a23f7c6343bcb1b69c93ceccc14cc06e14d958 Mon Sep 17 00:00:00 2001 +From: Aram Akhavan +Date: Sat, 15 Jul 2023 13:21:04 -0400 +Subject: [PATCH] libnfsidmap: try to get the domain directly from hostname if + the DNS lookup fails and always show the log message if the domain can't be + determined + +In nfs4_init_name_mapping(), if no domain is specified in the config file, the hostname will be looked up in DNS, and the domain extracted from that. +If DNS resolution isn't up at this time (i.e. on idmapd startup), the hardcoded domain in IDMAPD_DEFAULT_DOMAIN is used. This will break id mapping +for anyone who doesn't happen to use "localdomain". Previously, the log message indicating this has happened requires -v to be passed, so the +"failure" was silent by default. + +Signed-off-by: Aram Akhavan +Signed-off-by: Steve Dickson +--- + support/nfsidmap/libnfsidmap.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/support/nfsidmap/libnfsidmap.c b/support/nfsidmap/libnfsidmap.c +index 0a912e52..f8c36480 100644 +--- a/support/nfsidmap/libnfsidmap.c ++++ b/support/nfsidmap/libnfsidmap.c +@@ -219,10 +219,15 @@ static int domain_from_dns(char **domain) + + if (gethostname(hname, sizeof(hname)) == -1) + return -1; +- if ((he = gethostbyname(hname)) == NULL) +- return -1; +- if ((c = strchr(he->h_name, '.')) == NULL || *++c == '\0') +- return -1; ++ if ((he = gethostbyname(hname)) == NULL) { ++ IDMAP_LOG(1, ("libnfsidmap: DNS lookup of hostname failed. Attempting to use domain from hostname as is.")); ++ if ((c = strchr(hname, '.')) == NULL || *++c == '\0') ++ return -1; ++ } ++ else { ++ if ((c = strchr(he->h_name, '.')) == NULL || *++c == '\0') ++ return -1; ++ } + /* + * Query DNS to see if the _nfsv4idmapdomain TXT record exists + * If so use it... +@@ -387,7 +392,7 @@ int nfs4_init_name_mapping(char *conffile) + dflt = 1; + ret = domain_from_dns(&default_domain); + if (ret) { +- IDMAP_LOG(1, ("libnfsidmap: Unable to determine " ++ IDMAP_LOG(0, ("libnfsidmap: Unable to determine " + "the NFSv4 domain; Using '%s' as the NFSv4 domain " + "which means UIDs will be mapped to the 'Nobody-User' " + "user defined in %s", +-- +2.39.2 (Apple Git-143) diff --git a/nfs-utils.spec b/nfs-utils.spec index e93f394..9373b86 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -4,7 +4,7 @@ Name: nfs-utils Version: 2.6.3 -Release: 2 +Release: 3 Epoch: 2 Summary: The Linux NFS userland utility package License: MIT and GPLv2 and GPLv2+ and BSD @@ -20,7 +20,9 @@ Patch4: 0004-export-move-cache_open-before-workers-are-forked.patch Patch5: 0005-gssd-fix-handling-DNS-lookup-failure.patch Patch6: 0006-nfsidmap-fix-a-memory-leak.patch Patch7: 0007-rpc-gssd-service-has-status-failed-due-to-segfault.patch - +Patch8: 0008-fixed-a-regression-in-the-junction-code.patch +Patch9: 0009-libnfsidmap-try-to-get-the-domain-directly-from-host.patch + BuildRequires: libevent-devel,libcap-devel, libtirpc-devel libblkid-devel BuildRequires: krb5-libs >= 1.4 autoconf >= 2.57 openldap-devel >= 2.2 BuildRequires: automake, libtool, gcc, device-mapper-devel @@ -292,6 +294,9 @@ fi %{_mandir}/*/* %changelog +* Mon Nov 18 2024 zhangjian - 2:2.6.3-3 +- backport bugfix patches from community + * Tue Sep 10 2024 zhangjian - 2:2.6.3-2 - backport bugfix patches from community -- Gitee