diff --git a/SOURCES/nfs-utils-2.3.3-exportfs-man-labels.patch b/SOURCES/nfs-utils-2.3.3-exportfs-man-labels.patch new file mode 100644 index 0000000..738fb85 --- /dev/null +++ b/SOURCES/nfs-utils-2.3.3-exportfs-man-labels.patch @@ -0,0 +1,50 @@ +commit 7d5dcd2358df55353eed94a0e84b77bb3597634e +Author: J. Bruce Fields +Date: Fri Mar 27 13:11:28 2020 -0400 + + exports man page: warn about subdirectory exports + + Subdirectory exports have a number of problems which have been poorly + documented. + + Signed-off-by: J. Bruce Fields + Signed-off-by: Steve Dickson + +diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man +index e3a16f6b..1d171849 100644 +--- a/utils/exportfs/exports.man ++++ b/utils/exportfs/exports.man +@@ -494,6 +494,33 @@ export entry for + .B /home/joe + in the example section below, which maps all requests to uid 150 (which + is supposedly that of user joe). ++ ++.SS Subdirectory Exports ++ ++Normally you should only export only the root of a filesystem. The NFS ++server will also allow you to export a subdirectory of a filesystem, ++however, this has drawbacks: ++ ++First, it may be possible for a malicious user to access files on the ++filesystem outside of the exported subdirectory, by guessing filehandles ++for those other files. The only way to prevent this is by using the ++.IR no_subtree_check ++option, which can cause other problems. ++ ++Second, export options may not be enforced in the way that you would ++expect. For example, the ++.IR security_label ++option will not work on subdirectory exports, and if nested subdirectory ++exports change the ++.IR security_label ++or ++.IR sec= ++options, NFSv4 clients will normally see only the options on the parent ++export. Also, where security options differ, a malicious client may use ++filehandle-guessing attacks to access the files from one subdirectory ++using the options from another. ++ ++ + .SS Extra Export Tables + After reading + .I /etc/exports diff --git a/SOURCES/nfs-utils-2.3.3-nfsdclddb-manpage-rename.patch b/SOURCES/nfs-utils-2.3.3-nfsdclddb-manpage-rename.patch new file mode 100644 index 0000000..8d7991a --- /dev/null +++ b/SOURCES/nfs-utils-2.3.3-nfsdclddb-manpage-rename.patch @@ -0,0 +1,29 @@ +commit 3e81185037cf97990e4598218f56d92dd70d6269 +Author: NeilBrown +Date: Tue Oct 20 13:19:10 2020 -0400 + + clddb-tool was recently renamed to nfsdclddb. + Unfortunately the nfsdcld man page wasn't told. + + Signed-off-by: NeilBrown + Signed-off-by: Steve Dickson + +diff --git a/utils/nfsdcld/nfsdcld.man b/utils/nfsdcld/nfsdcld.man +index 4c2b1e80..861f1c49 100644 +--- a/utils/nfsdcld/nfsdcld.man ++++ b/utils/nfsdcld/nfsdcld.man +@@ -209,12 +209,12 @@ not necessary after upgrading \fBnfsdcld\fR, however \fBnfsd\fR will not use a l + version until restart. A restart of \fBnfsd is necessary\fR after downgrading \fBnfsdcld\fR, + to ensure that \fBnfsd\fR does not use an upcall version that \fBnfsdcld\fR does not support. + Additionally, a downgrade of \fBnfsdcld\fR requires the schema of the on-disk database to +-be downgraded as well. That can be accomplished using the \fBclddb-tool\fR(8) utility. ++be downgraded as well. That can be accomplished using the \fBnfsdclddb\fR(8) utility. + .SH FILES + .TP + .B /var/lib/nfs/nfsdcld/main.sqlite + .SH SEE ALSO +-.BR nfsdcltrack "(8), " clddb-tool (8) ++.BR nfsdcltrack "(8), " nfsdclddb (8) + .SH "AUTHORS" + .IX Header "AUTHORS" + The nfsdcld daemon was developed by Jeff Layton diff --git a/SOURCES/nfs-utils-2.3.3-nfsiostat-div-zero.patch b/SOURCES/nfs-utils-2.3.3-nfsiostat-div-zero.patch new file mode 100644 index 0000000..22ffbff --- /dev/null +++ b/SOURCES/nfs-utils-2.3.3-nfsiostat-div-zero.patch @@ -0,0 +1,23 @@ +diff -up nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py +--- nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig 2020-12-10 10:38:26.462195326 -0500 ++++ nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py 2020-12-10 10:45:47.210671473 -0500 +@@ -380,6 +380,8 @@ class DeviceData: + sends = float(self.__rpc_data['rpcsends']) + if sample_time == 0: + sample_time = float(self.__nfs_data['age']) ++ if sample_time == 0: ++ sample_time = 1; + return (sends / sample_time) + + def display_iostats(self, sample_time, which): +diff -up nfs-utils-2.3.3/utils/gssd/gssd_proc.c.orig nfs-utils-2.3.3/utils/gssd/gssd_proc.c +--- nfs-utils-2.3.3/utils/gssd/gssd_proc.c.orig 2018-09-06 14:09:08.000000000 -0400 ++++ nfs-utils-2.3.3/utils/gssd/gssd_proc.c 2020-12-10 10:45:47.211671499 -0500 +@@ -682,6 +682,7 @@ process_krb5_upcall(struct clnt_info *cl + } else { + get_hostbased_client_buffer(gacceptor, mech, &acceptor); + gss_release_name(&min_stat, &gacceptor); ++ gss_release_oid(&min_stat, &mech); + } + + /* diff --git a/SOURCES/nfs-utils-2.3.3-nfsiostat-key-error.patch b/SOURCES/nfs-utils-2.3.3-nfsiostat-key-error.patch new file mode 100644 index 0000000..e628c09 --- /dev/null +++ b/SOURCES/nfs-utils-2.3.3-nfsiostat-key-error.patch @@ -0,0 +1,37 @@ +diff -up nfs-utils-2.3.3/tools/mountstats/mountstats.py.orig nfs-utils-2.3.3/tools/mountstats/mountstats.py +--- nfs-utils-2.3.3/tools/mountstats/mountstats.py.orig 2020-12-10 10:48:17.319579958 -0500 ++++ nfs-utils-2.3.3/tools/mountstats/mountstats.py 2020-12-10 10:52:42.481484160 -0500 +@@ -943,10 +943,11 @@ def print_iostat_summary(old, new, devic + if not old or device not in old: + stats.display_iostats(time) + else: +- old_stats = DeviceData() +- old_stats.parse_stats(old[device]) +- diff_stats = stats.compare_iostats(old_stats) +- diff_stats.display_iostats(time) ++ if ("fstype autofs" not in str(old[device])) and ("fstype autofs" not in str(new[device])): ++ old_stats = DeviceData() ++ old_stats.parse_stats(old[device]) ++ diff_stats = stats.compare_iostats(old_stats) ++ diff_stats.display_iostats(time) + + def iostat_command(args): + """iostat-like command for NFS mount points +diff -up nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py +--- nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig 2020-12-10 10:48:17.316579880 -0500 ++++ nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py 2020-12-10 10:52:42.481484160 -0500 +@@ -467,10 +467,13 @@ def parse_stats_file(filename): + def print_iostat_summary(old, new, devices, time, options): + stats = {} + diff_stats = {} ++ devicelist = [] + if old: + # Trim device list to only include intersection of old and new data, + # this addresses umounts due to autofs mountpoints +- devicelist = [x for x in old if x in devices] ++ for device in devices: ++ if "fstype autofs" not in str(old[device]): ++ devicelist.append(device) + else: + devicelist = devices + diff --git a/SPECS/nfs-utils.spec b/SPECS/nfs-utils.spec index 51a888b..8597622 100644 --- a/SPECS/nfs-utils.spec +++ b/SPECS/nfs-utils.spec @@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser Name: nfs-utils URL: http://linux-nfs.org/ Version: 2.3.3 -Release: 36%{?dist} +Release: 38%{?dist} Epoch: 1 # group all 32bit related archs @@ -61,6 +61,14 @@ Patch027: nfs-utils-2.3.3-nconnect-manpage.patch Patch028: nfs-utils-2.3.3-nfsdclddb-rename.patch Patch029: nfs-utils-2.3.3-nfsclnts-cmd.patch +# +# RHEL 8.3 +# +Patch030: nfs-utils-2.3.3-exportfs-man-labels.patch +Patch031: nfs-utils-2.3.3-nfsiostat-div-zero.patch +Patch032: nfs-utils-2.3.3-nfsiostat-key-error.patch +Patch033: nfs-utils-2.3.3-nfsdclddb-manpage-rename.patch + Patch100: nfs-utils-1.2.1-statdpath-man.patch Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch Patch102: nfs-utils-2.3.3-idmap-errmsg.patch @@ -223,8 +231,6 @@ done cat /etc/group | cut -d':' -f 1 | grep --quiet rpcuser 2>/dev/null if [ "$?" -eq 1 ]; then /usr/sbin/groupadd -g %{rpcuser_uid} rpcuser >/dev/null 2>&1 || : -else - /usr/sbin/groupmod -g %{rpcuser_uid} rpcuser >/dev/null 2>&1 || : fi # Create rpcuser uid as long as it does not already exist. @@ -253,11 +259,6 @@ if [ $? -eq 1 ]; then fi %post - -# Enable nfs-convert so if an old configuration -# exists a conversion will occur -/bin/systemctl enable nfs-convert >/dev/null 2>&1 || : - if [ $1 -eq 1 ] ; then # Initial installation /bin/systemctl enable nfs-client.target >/dev/null 2>&1 || : @@ -350,6 +351,16 @@ fi %{_libdir}/libnfsidmap.so %changelog +* Thu Dec 10 2020 Steve Dickson 2.3.3-38 +- exports man page: warn about subdirectory exports (bz 1652437) +- Don't modify /etc/group on upgrades (bz 1856881) +- nfs-iostat: divide by zero with fresh mount (bz 1861823) +- nfsiostat: Drop autofs entries before calling compare_iostats() (bz 1859130) +- nfsdclddb: clddb-tool was recently renamed to nfsdclddb (bz 1893599) + +* Thu Dec 10 2020 Alice Mitchell 2.3.3-37 +- Remove manual enabling of nfs-convert (bz 1683895) + * Fri Oct 9 2020 Alice Mitchell 2.3.3-36 - Fix uninstall warnings (bz 1733170)