From 6080bdbb9ff78bc61d2418bbe50054deeb78c53d Mon Sep 17 00:00:00 2001
From: wuguanghao <wuguanghao3@huawei.com>
Date: Wed, 22 Mar 2023 11:12:31 +0800
Subject: [PATCH] backport patches from community

---
 ...-use-after-free-bug-config-variables.patch | 41 +++++++++
 ...ator-allocate-enough-space-for-pipef.patch | 33 ++++++++
 ...allow-junction-tests-to-trigger-auto.patch | 83 +++++++++++++++++++
 ...can-Scan-Wrong-Check-of-Return-Value.patch | 28 +++++++
 nfs-utils.spec                                | 10 ++-
 5 files changed, 194 insertions(+), 1 deletion(-)
 create mode 100644 0008-svcgssd-Fix-use-after-free-bug-config-variables.patch
 create mode 100644 0009-rpc-pipefs-generator-allocate-enough-space-for-pipef.patch
 create mode 100644 0010-nfs-utils-Don-t-allow-junction-tests-to-trigger-auto.patch
 create mode 100644 0011-Covscan-Scan-Wrong-Check-of-Return-Value.patch

diff --git a/0008-svcgssd-Fix-use-after-free-bug-config-variables.patch b/0008-svcgssd-Fix-use-after-free-bug-config-variables.patch
new file mode 100644
index 0000000..3c03763
--- /dev/null
+++ b/0008-svcgssd-Fix-use-after-free-bug-config-variables.patch
@@ -0,0 +1,41 @@
+From 2eabb25d5a43e48e769a0db29956e9f5dc5b5913 Mon Sep 17 00:00:00 2001
+From: Marcel Ritter <marcel@linux-ng.de>
+Date: Tue, 21 Jun 2022 09:19:17 -0400
+Subject: [PATCH] svcgssd: Fix use-after-free bug (config variables)
+
+This patch fixes a bug when trying to set "principal" in /etc/nfs.conf.
+Memory gets freed by conf_cleanup() before being used - moving cleanup
+code resolves that.
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ utils/gssd/svcgssd.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/utils/gssd/svcgssd.c b/utils/gssd/svcgssd.c
+index 881207b3..a242b789 100644
+--- a/utils/gssd/svcgssd.c
++++ b/utils/gssd/svcgssd.c
+@@ -211,9 +211,6 @@ main(int argc, char *argv[])
+ 	rpc_verbosity = conf_get_num("svcgssd", "RPC-Verbosity", rpc_verbosity);
+ 	idmap_verbosity = conf_get_num("svcgssd", "IDMAP-Verbosity", idmap_verbosity);
+ 
+-	/* We don't need the config anymore */
+-	conf_cleanup();
+-
+ 	while ((opt = getopt(argc, argv, "fivrnp:")) != -1) {
+ 		switch (opt) {
+ 			case 'f':
+@@ -328,6 +325,9 @@ main(int argc, char *argv[])
+ 
+ 	daemon_ready();
+ 
++	/* We don't need the config anymore */
++	conf_cleanup();
++
+ 	nfs4_init_name_mapping(NULL); /* XXX: should only do this once */
+ 
+ 	rc = event_base_dispatch(evbase);
+-- 
+2.33.0
+
diff --git a/0009-rpc-pipefs-generator-allocate-enough-space-for-pipef.patch b/0009-rpc-pipefs-generator-allocate-enough-space-for-pipef.patch
new file mode 100644
index 0000000..a3a8363
--- /dev/null
+++ b/0009-rpc-pipefs-generator-allocate-enough-space-for-pipef.patch
@@ -0,0 +1,33 @@
+From 40c5af17e76322bb1d030eee5dc7837946c90c08 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Thu, 21 Jul 2022 15:11:17 -0400
+Subject: [PATCH] rpc-pipefs-generator: allocate enough space for
+ pipefs-directory buffer
+
+Commit 7f8463fe fixed a warning but introduce
+a regression by not allocating enough space
+for the pipefs-directory buffer when it is
+not the default.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2106896
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ systemd/rpc-pipefs-generator.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/systemd/rpc-pipefs-generator.c b/systemd/rpc-pipefs-generator.c
+index 801975c..060f59c 100644
+--- a/systemd/rpc-pipefs-generator.c
++++ b/systemd/rpc-pipefs-generator.c
+@@ -28,7 +28,7 @@ static int generate_mount_unit(const char *pipefs_path, const char *pipefs_unit,
+ {
+ 	char	*path;
+ 	FILE	*f;
+-	size_t size = (strlen(dirname) + 1 + strlen(pipefs_unit));
++	size_t size = (strlen(dirname) + 1 + strlen(pipefs_unit) + 1);
+ 	path = malloc(size);
+ 	if (!path)
+ 		return 1;
+-- 
+2.33.0
+
diff --git a/0010-nfs-utils-Don-t-allow-junction-tests-to-trigger-auto.patch b/0010-nfs-utils-Don-t-allow-junction-tests-to-trigger-auto.patch
new file mode 100644
index 0000000..623b46e
--- /dev/null
+++ b/0010-nfs-utils-Don-t-allow-junction-tests-to-trigger-auto.patch
@@ -0,0 +1,83 @@
+From cdbef4e97a1cbc68cbaf16ba57d71858d2c69973 Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlayton@kernel.org>
+Date: Tue, 10 Jan 2023 09:37:25 -0500
+Subject: [PATCH] nfs-utils: Don't allow junction tests to trigger automounts
+
+JianHong reported some strange behavior with automounts on an nfs server
+without an explicit pseudoroot. When clients issued a readdir in the
+pseudoroot, automounted directories that were not yet mounted would show
+up even if they weren't exported, though the clients wouldn't be able to
+do anything with them.
+
+The issue was that triggering the automount on a directory would cause
+the mountd upcall to time out, which would cause nfsd to include the
+automounted dentry in the readdir response. Eventually, the automount
+would work and report that it wasn't exported and subsequent attempts to
+access the dentry would (properly) fail.
+
+We never want mountd to trigger an automount. The kernel should do that
+if it wants to use it. Change the junction checks to do an O_PATH open
+and use fstatat with AT_NO_AUTOMOUNT.
+
+Cc: Chuck Lever <chuck.lever@oracle.com>
+Link: https://bugzilla.redhat.com/show_bug.cgi?id=2148353
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=216777
+Reported-by: JianHong Yin <jiyin@redhat.com>
+Signed-off-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/junction/junction.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/support/junction/junction.c b/support/junction/junction.c
+index 41cce261..0628bb0f 100644
+--- a/support/junction/junction.c
++++ b/support/junction/junction.c
+@@ -63,7 +63,7 @@ junction_open_path(const char *pathname, int *fd)
+ 	if (pathname == NULL || fd == NULL)
+ 		return FEDFS_ERR_INVAL;
+ 
+-	tmp = open(pathname, O_DIRECTORY);
++	tmp = open(pathname, O_PATH|O_DIRECTORY);
+ 	if (tmp == -1) {
+ 		switch (errno) {
+ 		case EPERM:
+@@ -93,7 +93,7 @@ junction_is_directory(int fd, const char *path)
+ {
+ 	struct stat stb;
+ 
+-	if (fstat(fd, &stb) == -1) {
++	if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
+ 		xlog(D_GENERAL, "%s: failed to stat %s: %m",
+ 				__func__, path);
+ 		return FEDFS_ERR_ACCESS;
+@@ -121,7 +121,7 @@ junction_is_sticky_bit_set(int fd, const char *path)
+ {
+ 	struct stat stb;
+ 
+-	if (fstat(fd, &stb) == -1) {
++	if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
+ 		xlog(D_GENERAL, "%s: failed to stat %s: %m",
+ 				__func__, path);
+ 		return FEDFS_ERR_ACCESS;
+@@ -155,7 +155,7 @@ junction_set_sticky_bit(int fd, const char *path)
+ {
+ 	struct stat stb;
+ 
+-	if (fstat(fd, &stb) == -1) {
++	if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
+ 		xlog(D_GENERAL, "%s: failed to stat %s: %m",
+ 			__func__, path);
+ 		return FEDFS_ERR_ACCESS;
+@@ -393,7 +393,7 @@ junction_get_mode(const char *pathname, mode_t *mode)
+ 	if (retval != FEDFS_OK)
+ 		return retval;
+ 
+-	if (fstat(fd, &stb) == -1) {
++	if (fstatat(fd, "", &stb, AT_NO_AUTOMOUNT|AT_EMPTY_PATH) == -1) {
+ 		xlog(D_GENERAL, "%s: failed to stat %s: %m",
+ 			__func__, pathname);
+ 		(void)close(fd);
+-- 
+2.33.0
+
diff --git a/0011-Covscan-Scan-Wrong-Check-of-Return-Value.patch b/0011-Covscan-Scan-Wrong-Check-of-Return-Value.patch
new file mode 100644
index 0000000..b4de882
--- /dev/null
+++ b/0011-Covscan-Scan-Wrong-Check-of-Return-Value.patch
@@ -0,0 +1,28 @@
+From 631c6aa34aae7328dc297210fd2de2d5364c697f Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Wed, 4 Jan 2023 12:04:09 -0500
+Subject: [PATCH] Covscan Scan: Wrong Check of Return Value
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2151966
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/export/client.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/support/export/client.c b/support/export/client.c
+index ea4f89d3..79164fef 100644
+--- a/support/export/client.c
++++ b/support/export/client.c
+@@ -699,6 +699,9 @@ check_netgroup(const nfs_client *clp, const struct addrinfo *ai)
+ 
+ 	/* check whether the IP itself is in the netgroup */
+ 	ip = calloc(INET6_ADDRSTRLEN, 1);
++	if (ip == NULL)
++		goto out;
++
+ 	if (inet_ntop(ai->ai_family, &(((struct sockaddr_in *)ai->ai_addr)->sin_addr), ip, INET6_ADDRSTRLEN) == ip) {
+ 		if (innetgr(netgroup, ip, NULL, NULL)) {
+ 			free(hname);
+-- 
+2.33.0
+
diff --git a/nfs-utils.spec b/nfs-utils.spec
index 4d6c545..bf351b2 100644
--- a/nfs-utils.spec
+++ b/nfs-utils.spec
@@ -4,7 +4,7 @@
 
 Name:    nfs-utils
 Version: 2.5.4
-Release: 10
+Release: 11
 Epoch:   2
 Summary: The Linux NFS userland utility package
 License: MIT and GPLv2 and GPLv2+ and BSD
@@ -20,6 +20,11 @@ Patch4:	 0004-fix-coredump-in-bl_add_disk.patch
 Patch5:  0005-Fix-format-overflow-warning.patch 
 Patch6:  0006-nfs-blkmaped-Fix-the-error-status-when-nfs_blkmapd-s.patch
 Patch7:  0007-nfs-blkmapd-PID-file-read-by-systemd-failed.patch
+Patch8:  0008-svcgssd-Fix-use-after-free-bug-config-variables.patch
+Patch9:  0009-rpc-pipefs-generator-allocate-enough-space-for-pipef.patch
+Patch10: 0010-nfs-utils-Don-t-allow-junction-tests-to-trigger-auto.patch
+Patch11: 0011-Covscan-Scan-Wrong-Check-of-Return-Value.patch
+
 BuildRequires: libevent-devel,libcap-devel, libtirpc-devel libblkid-devel
 BuildRequires: krb5-libs >= 1.4 autoconf >= 2.57 openldap-devel >= 2.2
 BuildRequires: automake, libtool, gcc, device-mapper-devel
@@ -287,6 +292,9 @@ fi
 %{_mandir}/*/*
 
 %changelog
+* Thu Mar 23 2023 wuguanghao <wuguanghao3@huawei.com> - 2:2.5.4-11
+- backport patches from community
+
 * Fri Nov 25 2022 fushanqing <fushanqing@kylinos.cn> - 2:2.5.4-10
 - add subpackage libnfsidmap and nfs-utils-min
 
-- 
Gitee