From 2281ec5d7e86043e78a5e3a84b8958f7b9c7a6eb Mon Sep 17 00:00:00 2001 From: Steve Dickson Date: Thu, 21 Jul 2011 15:27:12 -0400 Subject: [PATCH] Updated to latest upstream release: nfs-utils-1-2-5-rc1 Signed-off-by: Steve Dickson --- nfs-utils.1.2.5-rc1.patch | 216 ++++++++++++++++++++++++++++++++++++++ nfs-utils.spec | 11 +- 2 files changed, 225 insertions(+), 2 deletions(-) create mode 100644 nfs-utils.1.2.5-rc1.patch diff --git a/nfs-utils.1.2.5-rc1.patch b/nfs-utils.1.2.5-rc1.patch new file mode 100644 index 0000000..8d0595a --- /dev/null +++ b/nfs-utils.1.2.5-rc1.patch @@ -0,0 +1,216 @@ +diff -up nfs-utils-1.2.4/aclocal/rpcsec_vers.m4.orig nfs-utils-1.2.4/aclocal/rpcsec_vers.m4 +--- nfs-utils-1.2.4/aclocal/rpcsec_vers.m4.orig 2011-06-30 09:00:42.000000000 -0400 ++++ nfs-utils-1.2.4/aclocal/rpcsec_vers.m4 2011-07-21 14:30:55.574408000 -0400 +@@ -1,7 +1,7 @@ + dnl Checks librpcsec version + AC_DEFUN([AC_RPCSEC_VERSION], [ + +- PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.1]) ++ PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.3]) + + dnl TI-RPC replaces librpcsecgss + if test "$enable_tirpc" = no; then +diff -up nfs-utils-1.2.4/configure.ac.orig nfs-utils-1.2.4/configure.ac +--- nfs-utils-1.2.4/configure.ac.orig 2011-07-21 14:30:42.702030000 -0400 ++++ nfs-utils-1.2.4/configure.ac 2011-07-21 14:30:55.581408000 -0400 +@@ -264,9 +264,6 @@ if test "$enable_nfsv4" = yes; then + dnl check for nfsidmap libraries and headers + AC_LIBNFSIDMAP + +- dnl enable nfsidmap when its support by libnfsidmap +- AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$enable_nfsidmap" = "yes"]) +- + dnl check for the keyutils libraries and headers + AC_KEYUTILS + +@@ -276,6 +273,9 @@ if test "$enable_nfsv4" = yes; then + AC_RPCSEC_VERSION + fi + fi ++dnl enable nfsidmap when its support by libnfsidmap ++AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$enable_nfsidmap" = "yes"]) ++ + + if test "$knfsd_cv_glibc2" = no; then + AC_CHECK_LIB(bsd, daemon, [LIBBSD="-lbsd"]) +diff -up nfs-utils-1.2.4/support/nfs/exports.c.orig nfs-utils-1.2.4/support/nfs/exports.c +--- nfs-utils-1.2.4/support/nfs/exports.c.orig 2011-07-21 14:30:42.731028000 -0400 ++++ nfs-utils-1.2.4/support/nfs/exports.c 2011-07-21 14:30:55.588408000 -0400 +@@ -784,8 +784,9 @@ struct export_features *get_export_featu + fd = open(path, O_RDONLY); + if (fd == -1) + goto good; +- fd = read(fd, buf, 50); +- if (fd == -1) ++ c = read(fd, buf, 50); ++ close(fd); ++ if (c == -1) + goto err; + c = sscanf(buf, "%x %x", &ef.flags, &ef.secinfo_flags); + if (c != 2) +diff -up nfs-utils-1.2.4/support/nsm/file.c.orig nfs-utils-1.2.4/support/nsm/file.c +--- nfs-utils-1.2.4/support/nsm/file.c.orig 2011-07-21 14:30:42.722027000 -0400 ++++ nfs-utils-1.2.4/support/nsm/file.c 2011-07-21 14:30:55.596409000 -0400 +@@ -396,18 +396,18 @@ nsm_drop_privileges(const int pidfd) + return false; + } + +- if (st.st_uid == 0) { +- xlog_warn("Running as root. " +- "chown %s to choose different user", nsm_base_dirname); +- return true; +- } +- + if (chdir(nsm_base_dirname) == -1) { + xlog(L_ERROR, "Failed to change working directory to %s: %m", + nsm_base_dirname); + return false; + } + ++ if (st.st_uid == 0) { ++ xlog_warn("Running as root. " ++ "chown %s to choose different user", nsm_base_dirname); ++ return true; ++ } ++ + /* + * If the pidfile happens to reside on NFS, dropping privileges + * will probably cause us to lose access, even though we are +diff -up nfs-utils-1.2.4/utils/gssd/context_lucid.c.orig nfs-utils-1.2.4/utils/gssd/context_lucid.c +--- nfs-utils-1.2.4/utils/gssd/context_lucid.c.orig 2011-06-30 09:00:42.000000000 -0400 ++++ nfs-utils-1.2.4/utils/gssd/context_lucid.c 2011-07-21 14:30:55.602409000 -0400 +@@ -305,7 +305,7 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss + + maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx); + if (maj_stat != GSS_S_COMPLETE) { +- pgsserr("gss_export_lucid_sec_context", ++ pgsserr("gss_free_lucid_sec_context", + maj_stat, min_stat, &krb5oid); + printerr(0, "WARN: failed to free lucid sec context\n"); + } +diff -up nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c.orig nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c +--- nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c.orig 2011-06-30 09:00:42.000000000 -0400 ++++ nfs-utils-1.2.4/utils/gssd/svcgssd_krb5.c 2011-07-21 14:30:55.609410000 -0400 +@@ -45,6 +45,7 @@ + #include "gss_oids.h" + #include "err_util.h" + #include "svcgssd_krb5.h" ++#include "../mount/version.h" + + #define MYBUFLEN 1024 + +@@ -169,22 +170,44 @@ svcgssd_limit_krb5_enctypes(void) + { + #ifdef HAVE_SET_ALLOWABLE_ENCTYPES + u_int maj_stat, min_stat; +- krb5_enctype default_enctypes[] = { ENCTYPE_DES_CBC_CRC, +- ENCTYPE_DES_CBC_MD5, +- ENCTYPE_DES_CBC_MD4 }; +- int default_num_enctypes = +- sizeof(default_enctypes) / sizeof(default_enctypes[0]); +- krb5_enctype *enctypes; +- int num_enctypes; ++ krb5_enctype old_kernel_enctypes[] = { ++ ENCTYPE_DES_CBC_CRC, ++ ENCTYPE_DES_CBC_MD5, ++ ENCTYPE_DES_CBC_MD4 }; ++ krb5_enctype new_kernel_enctypes[] = { ++ ENCTYPE_AES256_CTS_HMAC_SHA1_96, ++ ENCTYPE_AES128_CTS_HMAC_SHA1_96, ++ ENCTYPE_DES3_CBC_SHA1, ++ ENCTYPE_ARCFOUR_HMAC, ++ ENCTYPE_DES_CBC_CRC, ++ ENCTYPE_DES_CBC_MD5, ++ ENCTYPE_DES_CBC_MD4 }; ++ krb5_enctype *default_enctypes, *enctypes; ++ int default_num_enctypes, num_enctypes; ++ ++ ++ if (linux_version_code() < MAKE_VERSION(2, 6, 35)) { ++ default_enctypes = old_kernel_enctypes; ++ default_num_enctypes = ++ sizeof(old_kernel_enctypes) / sizeof(old_kernel_enctypes[0]); ++ } else { ++ default_enctypes = new_kernel_enctypes; ++ default_num_enctypes = ++ sizeof(new_kernel_enctypes) / sizeof(new_kernel_enctypes[0]); ++ } + + get_kernel_supported_enctypes(); + + if (parsed_enctypes != NULL) { + enctypes = parsed_enctypes; + num_enctypes = parsed_num_enctypes; ++ printerr(2, "%s: Calling gss_set_allowable_enctypes with %d " ++ "enctypes from the kernel\n", __func__, num_enctypes); + } else { + enctypes = default_enctypes; + num_enctypes = default_num_enctypes; ++ printerr(2, "%s: Calling gss_set_allowable_enctypes with %d " ++ "enctypes from defaults\n", __func__, num_enctypes); + } + + maj_stat = gss_set_allowable_enctypes(&min_stat, gssd_creds, +diff -up nfs-utils-1.2.4/utils/mount/version.h.orig nfs-utils-1.2.4/utils/mount/version.h +--- nfs-utils-1.2.4/utils/mount/version.h.orig 2011-06-30 09:00:42.000000000 -0400 ++++ nfs-utils-1.2.4/utils/mount/version.h 2011-07-21 14:30:55.614413000 -0400 +@@ -23,8 +23,8 @@ + #ifndef _NFS_UTILS_MOUNT_VERSION_H + #define _NFS_UTILS_MOUNT_VERSION_H + +-#include +-#include ++#include ++#include + + #include + +@@ -37,14 +37,16 @@ static inline unsigned int MAKE_VERSION( + static inline unsigned int linux_version_code(void) + { + struct utsname my_utsname; +- unsigned int p, q, r; ++ unsigned int p, q = 0, r = 0; + ++ /* UINT_MAX as backward compatibility code should not be run */ + if (uname(&my_utsname)) +- return 0; ++ return UINT_MAX; + +- p = (unsigned int)atoi(strtok(my_utsname.release, ".")); +- q = (unsigned int)atoi(strtok(NULL, ".")); +- r = (unsigned int)atoi(strtok(NULL, ".")); ++ /* UINT_MAX as future versions might not start with an integer */ ++ if (sscanf(my_utsname.release, "%u.%u.%u", &p, &q, &r) < 1) ++ return UINT_MAX; ++ + return MAKE_VERSION(p, q, r); + } + +diff -up nfs-utils-1.2.4/utils/nfsidmap/nfsidmap.man.orig nfs-utils-1.2.4/utils/nfsidmap/nfsidmap.man +--- nfs-utils-1.2.4/utils/nfsidmap/nfsidmap.man.orig 2011-06-30 09:00:42.000000000 -0400 ++++ nfs-utils-1.2.4/utils/nfsidmap/nfsidmap.man 2011-07-21 14:30:55.620410000 -0400 +@@ -25,9 +25,9 @@ will need to be modified so + can properly direct the upcall. The following line should be added before a call + to keyctl negate: + .PP +-create nfs_idmap * * /usr/sbin/nfsidmap %k %d 600 ++create id_resolver * * /usr/sbin/nfsidmap %k %d 600 + .PP +-This will direct all nfs_idmap requests to the program ++This will direct all id_resolver requests to the program + .I /usr/sbin/nfsidmap + The last parameter, 600, defines how many seconds into the future the key will + expire. This is an optional parameter for +@@ -48,9 +48,9 @@ You can choose to handle any of these in + generic upcall program. If you would like to use your own program for a uid + lookup then you would edit your request-key.conf so it looks similar to this: + .PP +-create nfs_idmap uid:* * /some/other/program %k %d 600 ++create id_resolver uid:* * /some/other/program %k %d 600 + .br +-create nfs_idmap * * /usr/sbin/nfsidmap %k %d 600 ++create id_resolver * * /usr/sbin/nfsidmap %k %d 600 + .PP + Notice that the new line was added above the line for the generic program. + request-key will find the first matching line and run the corresponding program. diff --git a/nfs-utils.spec b/nfs-utils.spec index 6cc00f1..bdd8e18 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser Name: nfs-utils URL: http://sourceforge.net/projects/nfs Version: 1.2.4 -Release: 2%{?dist} +Release: 3%{?dist} Epoch: 1 # group all 32bit related archs @@ -17,6 +17,8 @@ Source13: rpcgssd.init Source14: rpcsvcgssd.init Source15: nfs.sysconfig +Patch001: nfs-utils.1.2.5-rc1.patch + Patch100: nfs-utils-1.2.1-statdpath-man.patch Patch101: nfs-utils-1.2.2-statdpath.patch Patch102: nfs-utils-1.2.1-exp-subtree-warn-off.patch @@ -69,6 +71,8 @@ This package also contains the mount.nfs and umount.nfs program. %prep %setup -q +%patch001 -p1 + %patch100 -p1 %patch101 -p1 %patch102 -p1 @@ -251,10 +255,13 @@ fi %attr(4755,root,root) /sbin/umount.nfs4 %changelog +* Thu Jul 21 2011 Steve Dickson 1.2.4-3 +- Updated to latest upstream release: nfs-utils-1-2-5-rc1 + * Thu Jul 7 2011 Ville Skyttä - 1:1.2.4-2 - Don't ship Makefiles or INSTALL in docs (#633934). -* Mon Jul 4 2011 J. Bruce Fields 1.2.4-2 +* Mon Jul 4 2011 J. Bruce Fields 1.2.4-1 - Rely on crypto module autoloading in init scripts - initscripts: just try to mount rpc_pipefs always