diff --git a/SOURCES/nfs-utils-1.2.1-exp-subtree-warn-off.patch b/SOURCES/nfs-utils-1.2.1-exp-subtree-warn-off.patch index 0ee49bd..4312e18 100644 --- a/SOURCES/nfs-utils-1.2.1-exp-subtree-warn-off.patch +++ b/SOURCES/nfs-utils-1.2.1-exp-subtree-warn-off.patch @@ -1,7 +1,7 @@ diff -up nfs-utils-1.3.0/support/nfs/exports.c.orig nfs-utils-1.3.0/support/nfs/exports.c ---- nfs-utils-1.3.0/support/nfs/exports.c.orig 2017-04-27 14:09:49.090353525 -0400 -+++ nfs-utils-1.3.0/support/nfs/exports.c 2017-04-27 14:10:09.083034672 -0400 -@@ -507,7 +507,7 @@ void fix_pseudoflavor_flags(struct expor +--- nfs-utils-1.3.0/support/nfs/exports.c.orig 2019-03-15 10:40:34.482376658 -0400 ++++ nfs-utils-1.3.0/support/nfs/exports.c 2019-03-15 10:41:18.875012753 -0400 +@@ -508,7 +508,7 @@ void fix_pseudoflavor_flags(struct expor static int parseopts(char *cp, struct exportent *ep, int warn, int *had_subtree_opt_ptr) { diff --git a/SOURCES/nfs-utils-1.3.0-mountd-memleak.patch b/SOURCES/nfs-utils-1.3.0-mountd-memleak.patch new file mode 100644 index 0000000..bcc8b84 --- /dev/null +++ b/SOURCES/nfs-utils-1.3.0-mountd-memleak.patch @@ -0,0 +1,62 @@ +diff -up nfs-utils-1.3.0/support/export/xtab.c.orig nfs-utils-1.3.0/support/export/xtab.c +--- nfs-utils-1.3.0/support/export/xtab.c.orig 2014-03-25 11:12:07.000000000 -0400 ++++ nfs-utils-1.3.0/support/export/xtab.c 2019-05-23 10:38:39.361594392 -0400 +@@ -43,6 +43,14 @@ xtab_read(char *xtab, char *lockfn, int + while ((xp = getexportent(is_export==0, 0)) != NULL) { + if (!(exp = export_lookup(xp->e_hostname, xp->e_path, is_export != 1)) && + !(exp = export_create(xp, is_export!=1))) { ++ if(xp->e_hostname) { ++ free(xp->e_hostname); ++ xp->e_hostname=NULL; ++ } ++ if(xp->e_uuid) { ++ free(xp->e_uuid); ++ xp->e_uuid=NULL; ++ } + continue; + } + switch (is_export) { +@@ -58,7 +66,16 @@ xtab_read(char *xtab, char *lockfn, int + case 2: + exp->m_exported = -1;/* may be exported */ + break; +- } ++ } ++ if(xp->e_hostname) { ++ free(xp->e_hostname); ++ xp->e_hostname=NULL; ++ } ++ if(xp->e_uuid) { ++ free(xp->e_uuid); ++ xp->e_uuid=NULL; ++ } ++ + } + endexportent(); + xfunlock(lockid); +diff -up nfs-utils-1.3.0/support/nfs/exports.c.orig nfs-utils-1.3.0/support/nfs/exports.c +--- nfs-utils-1.3.0/support/nfs/exports.c.orig 2019-05-23 10:38:07.558133270 -0400 ++++ nfs-utils-1.3.0/support/nfs/exports.c 2019-05-23 10:38:39.362594376 -0400 +@@ -179,9 +179,20 @@ getexportent(int fromkernel, int fromexp + xfree(ee.e_hostname); + ee.e_hostname = xstrdup(hostname); + +- if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0) +- return NULL; ++ if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0) { ++ if(ee.e_hostname) ++ { ++ xfree(ee.e_hostname); ++ ee.e_hostname=NULL; ++ } ++ if(ee.e_uuid) ++ { ++ xfree(ee.e_uuid); ++ ee.e_uuid=NULL; ++ } + ++ return NULL; ++ } + /* resolve symlinks */ + if (realpath(ee.e_path, rpath) != NULL) { + rpath[sizeof (rpath) - 1] = '\0'; diff --git a/SOURCES/nfs-utils-1.3.0-nfsconf-manage-gids.patch b/SOURCES/nfs-utils-1.3.0-nfsconf-manage-gids.patch new file mode 100644 index 0000000..ec6bac0 --- /dev/null +++ b/SOURCES/nfs-utils-1.3.0-nfsconf-manage-gids.patch @@ -0,0 +1,12 @@ +diff -up nfs-utils-1.3.0/nfs.conf.orig nfs-utils-1.3.0/nfs.conf +--- nfs-utils-1.3.0/nfs.conf.orig 2019-03-14 11:50:11.700386471 -0400 ++++ nfs-utils-1.3.0/nfs.conf 2019-03-14 14:05:50.077730263 -0400 +@@ -25,7 +25,7 @@ + # + #[mountd] + # debug=0 +-# manage_gids=n ++# manage-gids=n + # descriptors=0 + # port=0 + # threads=1 diff --git a/SOURCES/nfs-utils-1.3.0-smnotify-f-flag.patch b/SOURCES/nfs-utils-1.3.0-smnotify-f-flag.patch new file mode 100644 index 0000000..a68afdb --- /dev/null +++ b/SOURCES/nfs-utils-1.3.0-smnotify-f-flag.patch @@ -0,0 +1,151 @@ +diff --git a/nfs.conf b/nfs.conf +index 118f638..ea8204b 100644 +--- a/nfs.conf ++++ b/nfs.conf +@@ -9,6 +9,8 @@ + # debug=0 + # + #[gssd] ++# verbosity=0 ++# rpc-verbosity=0 + # use-memcache=0 + # use-machine-creds=1 + # avoid-dns=1 +@@ -64,6 +66,7 @@ + # + #[sm-notify] + # debug=0 ++# force=0 + # retry-time=900 + # outgoing-port= + # outgoing-addr= +diff --git a/systemd/nfs.conf.man b/systemd/nfs.conf.man +index 9700586..0953b80 100644 +--- a/systemd/nfs.conf.man ++++ b/systemd/nfs.conf.man +@@ -204,6 +204,8 @@ for details. + .TP + .B gssd + Recognized values: ++.BR verbosity , ++.BR rpc-verbosity , + .BR use-memcache , + .BR use-machine-creds , + .BR avoid-dns , +diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c +index 10d50d3..05defb4 100644 +--- a/utils/gssd/gssd.c ++++ b/utils/gssd/gssd.c +@@ -889,6 +889,9 @@ main(int argc, char *argv[]) + + read_gss_conf(); + ++ verbosity = conf_get_num("gssd", "verbosity", verbosity); ++ rpc_verbosity = conf_get_num("gssd", "rpc-verbosity", rpc_verbosity); ++ + while ((opt = getopt(argc, argv, "DfvrlmnMp:k:d:t:T:R:")) != -1) { + switch (opt) { + case 'f': +diff --git a/utils/gssd/svcgssd.c b/utils/gssd/svcgssd.c +index 1fb579a..9d3ca40 100644 +--- a/utils/gssd/svcgssd.c ++++ b/utils/gssd/svcgssd.c +@@ -113,6 +113,10 @@ main(int argc, char *argv[]) + else + principal = s; + ++ verbosity = conf_get_num("svcgssd", "Verbosity", verbosity); ++ rpc_verbosity = conf_get_num("svcgssd", "RPC-Verbosity", rpc_verbosity); ++ idmap_verbosity = conf_get_num("svcgssd", "IDMAP-Verbosity", idmap_verbosity); ++ + while ((opt = getopt(argc, argv, "fivrnp:")) != -1) { + switch (opt) { + case 'f': +diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c +index 03efbea..9317fd7 100644 +--- a/utils/idmapd/idmapd.c ++++ b/utils/idmapd/idmapd.c +@@ -263,6 +263,10 @@ main(int argc, char **argv) + strlcpy(pipefsdir, xpipefsdir, sizeof(pipefsdir)); + CONF_SAVE(nobodyuser, conf_get_str("Mapping", "Nobody-User")); + CONF_SAVE(nobodygroup, conf_get_str("Mapping", "Nobody-Group")); ++ if (conf_get_bool("General", "server-only", false)) ++ clientstart = 0; ++ if (conf_get_bool("General", "client-only", false)) ++ serverstart = 0; + } + } else { + conf_path = NFS_CONFFILE; +@@ -278,6 +282,10 @@ main(int argc, char **argv) + "cache-expiration", DEFAULT_IDMAP_CACHE_EXPIRY); + CONF_SAVE(nobodyuser, conf_get_str("Mapping", "Nobody-User")); + CONF_SAVE(nobodygroup, conf_get_str("Mapping", "Nobody-Group")); ++ if (conf_get_bool("General", "server-only", false)) ++ clientstart = 0; ++ if (conf_get_bool("General", "client-only", false)) ++ serverstart = 0; + } + + while ((opt = getopt(argc, argv, GETOPTSTR)) != -1) +diff --git a/utils/statd/sm-notify.c b/utils/statd/sm-notify.c +index cc4d425..248b950 100644 +--- a/utils/statd/sm-notify.c ++++ b/utils/statd/sm-notify.c +@@ -46,6 +46,7 @@ + #define NLM_END_GRACE_FILE "/proc/fs/lockd/nlm_end_grace" + + int lift_grace = 1; ++int force = 0; + + struct nsm_host { + struct nsm_host * next; +@@ -477,13 +478,30 @@ nsm_lift_grace_period(void) + close(fd); + return; + } ++inline static void ++read_nfsconf(char **argv) ++{ ++ char *s; ++ ++ conf_init(); ++ xlog_from_conffile("sm-notify"); ++ opt_max_retry = conf_get_num("sm-notify", "retry-time", opt_max_retry / 60) * 60; ++ opt_srcport = conf_get_str("sm-notify", "outgoing-port"); ++ opt_srcaddr = conf_get_str("sm-notify", "outgoing-addr"); ++ lift_grace = conf_get_bool("sm-notify", "lift-grace", lift_grace); ++ ++ s = conf_get_str("statd", "state-directory-path"); ++ if (s && !nsm_setup_pathnames(argv[0], s)) ++ exit(1); ++ opt_update_state = conf_get_bool("sm-notify", "update-state", opt_update_state); ++ force = conf_get_bool("sm-notify", "force", force); ++} + + int + main(int argc, char **argv) + { +- int c, sock, force = 0; ++ int c, sock; + char * progname; +- char * s; + + progname = strrchr(argv[0], '/'); + if (progname != NULL) +@@ -491,15 +509,7 @@ main(int argc, char **argv) + else + progname = argv[0]; + +- conf_init(); +- xlog_from_conffile("sm-notify"); +- opt_max_retry = conf_get_num("sm-notify", "retry-time", opt_max_retry / 60) * 60; +- opt_srcport = conf_get_str("sm-notify", "outgoing-port"); +- opt_srcaddr = conf_get_str("sm-notify", "outgoing-addr"); +- lift_grace = conf_get_bool("sm-notify", "lift-grace", lift_grace); +- s = conf_get_str("statd", "state-directory-path"); +- if (s && !nsm_setup_pathnames(argv[0], s)) +- exit(1); ++ read_nfsconf(argv); + + while ((c = getopt(argc, argv, "dm:np:v:P:f")) != -1) { + switch (c) { diff --git a/SOURCES/nfs-utils-1.3.0-statd-no-notify.patch b/SOURCES/nfs-utils-1.3.0-statd-no-notify.patch new file mode 100644 index 0000000..fb7863b --- /dev/null +++ b/SOURCES/nfs-utils-1.3.0-statd-no-notify.patch @@ -0,0 +1,102 @@ +diff -up nfs-utils-1.3.0/nfs.conf.orig nfs-utils-1.3.0/nfs.conf +--- nfs-utils-1.3.0/nfs.conf.orig 2019-03-15 11:06:31.295217191 -0400 ++++ nfs-utils-1.3.0/nfs.conf 2019-03-15 11:07:37.178172631 -0400 +@@ -63,6 +63,7 @@ + # name= + # state-directory-path=/var/lib/nfs/statd + # ha-callout= ++# no-notify=0 + # + #[sm-notify] + # debug=0 +diff -up nfs-utils-1.3.0/utils/statd/statd.c.orig nfs-utils-1.3.0/utils/statd/statd.c +--- nfs-utils-1.3.0/utils/statd/statd.c.orig 2019-03-15 11:06:31.244216452 -0400 ++++ nfs-utils-1.3.0/utils/statd/statd.c 2019-03-15 11:15:33.950086819 -0400 +@@ -226,7 +226,8 @@ static void set_nlm_port(char *type, int + fd = open(pathbuf, O_WRONLY); + if (fd < 0 && errno == ENOENT) { + /* probably module not loaded */ +- system("modprobe lockd"); ++ if (system("modprobe lockd")) ++ {/* ignore return value */} + fd = open(pathbuf, O_WRONLY); + } + if (fd >= 0) { +@@ -237,6 +238,39 @@ static void set_nlm_port(char *type, int + } else + fprintf(stderr, "%s: failed to open %s: %m\n", name_p, pathbuf); + } ++int port = 0, out_port = 0; ++int nlm_udp = 0, nlm_tcp = 0; ++ ++inline static void ++read_nfsconf(char **argv) ++{ ++ char *s; ++ ++ conf_init(); ++ xlog_from_conffile("statd"); ++ ++ out_port = conf_get_num("statd", "outgoing-port", out_port); ++ port = conf_get_num("statd", "port", port); ++ ++ MY_NAME = conf_get_str("statd", "name"); ++ if (MY_NAME) ++ run_mode |= STATIC_HOSTNAME; ++ ++ s = conf_get_str("statd", "state-directory-path"); ++ if (s && !nsm_setup_pathnames(argv[0], s)) ++ exit(1); ++ ++ s = conf_get_str("statd", "ha-callout"); ++ if (s) ++ ha_callout_prog = s; ++ ++ nlm_tcp = conf_get_num("lockd", "port", nlm_tcp); ++ /* udp defaults to the same as tcp ! */ ++ nlm_udp = conf_get_num("lockd", "udp-port", nlm_tcp); ++ ++ if (conf_get_bool("statd", "no-notify", false)) ++ run_mode |= MODE_NO_NOTIFY; ++} + + /* + * Entry routine/main loop. +@@ -244,11 +278,8 @@ static void set_nlm_port(char *type, int + int main (int argc, char **argv) + { + extern char *optarg; +- char *s; + int pid; + int arg; +- int port = 0, out_port = 0; +- int nlm_udp = 0, nlm_tcp = 0; + struct rlimit rlim; + char *env; + +@@ -273,23 +304,8 @@ int main (int argc, char **argv) + /* Set hostname */ + MY_NAME = NULL; + +- conf_init(); +- xlog_from_conffile("statd"); +- out_port = conf_get_num("statd", "outgoing-port", out_port); +- port = conf_get_num("statd", "port", port); +- MY_NAME = conf_get_str("statd", "name"); +- if (MY_NAME) +- run_mode |= STATIC_HOSTNAME; +- s = conf_get_str("statd", "state-directory-path"); +- if (s && !nsm_setup_pathnames(argv[0], s)) +- exit(1); +- s = conf_get_str("statd", "ha-callout"); +- if (s) +- ha_callout_prog = s; +- +- nlm_tcp = conf_get_num("lockd", "port", nlm_tcp); +- /* udp defaults to the same as tcp ! */ +- nlm_udp = conf_get_num("lockd", "udp-port", nlm_tcp); ++ /* Read nfs.conf */ ++ read_nfsconf(argv); + + /* Process command line switches */ + while ((arg = getopt_long(argc, argv, "h?vVFNH:dn:p:o:P:LT:U:", longopts, NULL)) != EOF) { diff --git a/SOURCES/nfs-utils-1.3.0-statd-useaafter.patch b/SOURCES/nfs-utils-1.3.0-statd-useaafter.patch new file mode 100644 index 0000000..dac4c44 --- /dev/null +++ b/SOURCES/nfs-utils-1.3.0-statd-useaafter.patch @@ -0,0 +1,27 @@ +commit 86604e2bd536ea48832dd0bf3d95b15de4de2733 +Author: Steve Dickson +Date: Thu Sep 6 10:22:11 2018 -0400 + + statd: fix use-after-free in monitor list if insertion fails + + If nsm_insert_monitored_host() fails while saving the record to + stable storage, we can't just assume the entry was new. Existing + records must be removed from the list before being freed. + + Reviewed-by: Chuck Lever + Signed-off-by: Frank Sorenson + Signed-off-by: Steve Dickson + +diff --git a/utils/statd/monitor.c b/utils/statd/monitor.c +index 45c4346..9400048 100644 +--- a/utils/statd/monitor.c ++++ b/utils/statd/monitor.c +@@ -197,7 +197,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) + + if (!nsm_insert_monitored_host(dnsname, + (struct sockaddr *)(char *)&my_addr, argp)) { +- nlist_free(NULL, clnt); ++ nlist_free(existing ? &rtnl : NULL, clnt); + goto failure; + } + diff --git a/SOURCES/nfs-utils-1.3.0-systemd-gssproxy-restart.patch b/SOURCES/nfs-utils-1.3.0-systemd-gssproxy-restart.patch index 498e50a..d8e4285 100644 --- a/SOURCES/nfs-utils-1.3.0-systemd-gssproxy-restart.patch +++ b/SOURCES/nfs-utils-1.3.0-systemd-gssproxy-restart.patch @@ -7,7 +7,7 @@ diff -up nfs-utils-1.3.0/systemd/nfs-server.service.orig nfs-utils-1.3.0/systemd ExecStartPre=-/usr/sbin/exportfs -r -ExecStartPre=-/bin/sh -c '/bin/kill -HUP `cat /run/gssproxy.pid`' ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS -+ExecStartPost=-/bin/sh -c 'if systemctl -q is-active gssproxy; then systemctl restart gssproxy ; fi' ++ExecStartPost=-/bin/sh -c 'if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi' ExecStop=/usr/sbin/rpc.nfsd 0 ExecStopPost=/usr/sbin/exportfs -au ExecStopPost=/usr/sbin/exportfs -f diff --git a/SPECS/nfs-utils.spec b/SPECS/nfs-utils.spec index c58e8ec..41d1782 100644 --- a/SPECS/nfs-utils.spec +++ b/SPECS/nfs-utils.spec @@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser Name: nfs-utils URL: http://sourceforge.net/projects/nfs Version: 1.3.0 -Release: 0.61%{?dist} +Release: 0.65%{?dist} Epoch: 1 # group all 32bit related archs @@ -153,6 +153,14 @@ Patch116: nfs-utils-1.3.0-systemd-nfs-man.patch Patch117: nfs-utils-1.3.0-mount-clientaddr.patch Patch118: nfs-utils-1.3.0-mount-turnoffv4.patch Patch119: nfs-utils-1.3.0-nfsconf-disable-v4.patch +# +# RHEL7.7 +# +Patch120: nfs-utils-1.3.0-statd-useaafter.patch +Patch121: nfs-utils-1.3.0-nfsconf-manage-gids.patch +Patch122: nfs-utils-1.3.0-smnotify-f-flag.patch +Patch123: nfs-utils-1.3.0-statd-no-notify.patch +Patch124: nfs-utils-1.3.0-mountd-memleak.patch Patch1000: nfs-utils-1.2.1-statdpath-man.patch Patch1001: nfs-utils-1.2.1-exp-subtree-warn-off.patch @@ -448,6 +456,16 @@ This package also contains the mount.nfs and umount.nfs program. %patch118 -p1 # 1625032 - [nfsd] fail to disable major NFS version 4 using "vers4=n"... %patch119 -p1 +# 1624542 - Fix use-after-free in rpc.statd monitor list when insertion... +%patch120 -p1 +# 1677403 - nfs.conf: manage-gids option typo +%patch121 -p1 +# 1688932 - sm-notify: add flag "-f" to nfs.conf parsing (RHEL7) +%patch122 -p1 +# 1688918 - nfsserver: fix option --no-notify not recognized +%patch123 -p1 +# 1711210 - rpc.mountd leaks memory +%patch124 -p1 %patch1000 -p1 %patch1001 -p1 @@ -700,6 +718,21 @@ fi /sbin/umount.nfs4 %changelog +* Thu May 23 2019 Steve Dickson 1.3.0-0.65 +- Fixed typo of mountd-memleak.patch not being applied (bz 1711210) + +* Thu May 23 2019 Steve Dickson 1.3.0-0.64 +- rpc.mountd: Fix e_hostname and e_uuid leaks (bz 1711210) + +* Fri Mar 15 2019 Steve Dickson 1.3.0-0.63 +- nfs.conf: Fixed manage-gids option typo (bz 1677403) +- sm-notify: Added -f flag to nfs.conf parsing (bz 1688932) +- Add nfs.conf equivalent for the statd --no-notify cmdline option (bz 1688918) +- nfs-server: Use reload not restart to start gssproxy (bz 1644169) + +* Mon Feb 11 2019 Steve Dickson 1.3.0-0.62 +- statd: fix use-after-free in monitor list if insertion fails (bz 1624542) + * Wed Sep 26 2018 Steve Dickson 1.3.0-0.61 - nfs.conf: fail to disable major NFS version 4 using "vers4=n" (bz 1625032)