From 051f3580fc29ce2f17b893605d7575354e630d6d Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 20 2020 12:28:07 +0000 Subject: import man-pages-overrides-7.9.0-1.el7 --- diff --git a/.gitignore b/.gitignore index f219bc7..00abbbd 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/man-pages-overrides-7.8.1.tar.xz +SOURCES/man-pages-overrides-7.9.0.tar.xz diff --git a/.man-pages-overrides.metadata b/.man-pages-overrides.metadata index d27c8af..bab012a 100644 --- a/.man-pages-overrides.metadata +++ b/.man-pages-overrides.metadata @@ -1 +1 @@ -7a88d072955d480846847f1ec30d26255bbf1f56 SOURCES/man-pages-overrides-7.8.1.tar.xz +bc4b42303478776361c90255eea927826b594194 SOURCES/man-pages-overrides-7.9.0.tar.xz diff --git a/SOURCES/1624841-mpo-7.9.0-exports.5.patch b/SOURCES/1624841-mpo-7.9.0-exports.5.patch new file mode 100644 index 0000000..3c3d372 --- /dev/null +++ b/SOURCES/1624841-mpo-7.9.0-exports.5.patch @@ -0,0 +1,50 @@ +From ca1eb318807f5b81279c9ca97a62cccf7a5ea4f2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Mon, 20 Apr 2020 10:49:46 +0200 +Subject: [PATCH] exports.5: warn about subdirectory exports + +--- + nfs-utils/man5/exports.5 | 27 +++++++++++++++++++++++++++ + 1 file changed, 27 insertions(+) + +diff --git a/nfs-utils/man5/exports.5 b/nfs-utils/man5/exports.5 +index 4f95f3a..2ce46d9 100644 +--- a/nfs-utils/man5/exports.5 ++++ b/nfs-utils/man5/exports.5 +@@ -492,6 +492,33 @@ export entry for + .B /home/joe + in the example section below, which maps all requests to uid 150 (which + is supposedly that of user joe). ++ ++.SS Subdirectory Exports ++ ++Normally you should only export only the root of a filesystem. The NFS ++server will also allow you to export a subdirectory of a filesystem, ++however, this has drawbacks: ++ ++First, it may be possible for a malicious user to access files on the ++filesystem outside of the exported subdirectory, by guessing filehandles ++for those other files. The only way to prevent this is by using the ++.IR no_subtree_check ++option, which can cause other problems. ++ ++Second, export options may not be enforced in the way that you would ++expect. For example, the ++.IR security_label ++option will not work on subdirectory exports, and if nested subdirectory ++exports change the ++.IR security_label ++or ++.IR sec= ++options, NFSv4 clients will normally see only the options on the parent ++export. Also, where security options differ, a malicious client may use ++filehandle-guessing attacks to access the files from one subdirectory ++using the options from another. ++ ++ + .SS Extra Export Tables + After reading + .I /etc/exports +-- +2.26.0 + diff --git a/SPECS/man-pages-overrides.spec b/SPECS/man-pages-overrides.spec index 640bd19..155b711 100644 --- a/SPECS/man-pages-overrides.spec +++ b/SPECS/man-pages-overrides.spec @@ -2,7 +2,7 @@ Summary: Complementary and updated manual pages Name: man-pages-overrides -Version: 7.8.1 +Version: 7.9.0 Release: 1%{?dist} # license is the same as for the man-pages package License: GPL+ and GPLv2+ and BSD and MIT and Copyright only and IEEE @@ -64,6 +64,7 @@ Patch49: 1607318-mpo-7.6.2-proc.5.patch Patch50: 1642394-mpo-7.7.0-execve.2.patch Patch51: 1662503-mpo-7.7.0-resolv.conf.5.patch Patch52: 1730803-mpo-7.8.0-resolv.conf.5.patch +Patch53: 1624841-mpo-7.9.0-exports.5.patch %description A collection of manual ("man") pages to complement other packages or update @@ -122,6 +123,11 @@ done %{_mandir}/overrides/ %changelog +* Mon Apr 20 2020 Nikola Forró - 7.9.0-1 +- Upload new tarball +- exports.5: warn about subdirectory exports + resolves: #1624841 + * Tue Aug 27 2019 Nikola Forró - 7.8.1-1 - Upload new tarball related: #1739400