rpms/nfs-utils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import nfs-utils-2.3.3-41.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-03-30 08:49:34 -04:00 committed by Stepan Oksanichenko
parent ef4cfa13ba
commit 729a14eba8
10 changed files with 1311 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
SOURCES/nfs-utils-2.3.1-systemd-gssproxy-restart.patch
View File

@ -1,9 +1,9 @@
diff -up nfs-utils-2.3.1/systemd/nfs-server.service.orig nfs-utils-2.3.1/systemd/nfs-server.service
--- nfs-utils-2.3.1/systemd/nfs-server.service.orig 2018-01-19 10:25:38.153513857 -0500
+++ nfs-utils-2.3.1/systemd/nfs-server.service 2018-01-19 10:30:52.977245126 -0500
@@ -26,6 +26,7 @@ Type=oneshot
diff -up nfs-utils-2.3.3/systemd/nfs-server.service.orig nfs-utils-2.3.3/systemd/nfs-server.service
--- nfs-utils-2.3.3/systemd/nfs-server.service.orig 2020-12-11 09:05:23.499222371 -0500
+++ nfs-utils-2.3.3/systemd/nfs-server.service 2020-12-11 09:06:38.970186395 -0500
@@ -23,6 +23,7 @@ Type=oneshot
RemainAfterExit=yes
ExecStartPre=/usr/sbin/exportfs -r
ExecStartPre=-/usr/sbin/exportfs -r
ExecStart=/usr/sbin/rpc.nfsd
+ExecStart=-/bin/sh -c 'if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi'
ExecStop=/usr/sbin/rpc.nfsd 0

50
SOURCES/nfs-utils-2.3.3-exportfs-man-labels.patch Normal file
View File

@ -0,0 +1,50 @@
commit 7d5dcd2358df55353eed94a0e84b77bb3597634e
Author: J. Bruce Fields <bfields@redhat.com>
Date: Fri Mar 27 13:11:28 2020 -0400
exports man page: warn about subdirectory exports
Subdirectory exports have a number of problems which have been poorly
documented.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
index e3a16f6b..1d171849 100644
--- a/utils/exportfs/exports.man
+++ b/utils/exportfs/exports.man
@@ -494,6 +494,33 @@ export entry for
.B /home/joe
in the example section below, which maps all requests to uid 150 (which
is supposedly that of user joe).
+
+.SS Subdirectory Exports
+
+Normally you should only export only the root of a filesystem. The NFS
+server will also allow you to export a subdirectory of a filesystem,
+however, this has drawbacks:
+
+First, it may be possible for a malicious user to access files on the
+filesystem outside of the exported subdirectory, by guessing filehandles
+for those other files. The only way to prevent this is by using the
+.IR no_subtree_check
+option, which can cause other problems.
+
+Second, export options may not be enforced in the way that you would
+expect. For example, the
+.IR security_label
+option will not work on subdirectory exports, and if nested subdirectory
+exports change the
+.IR security_label
+or
+.IR sec=
+options, NFSv4 clients will normally see only the options on the parent
+export. Also, where security options differ, a malicious client may use
+filehandle-guessing attacks to access the files from one subdirectory
+using the options from another.
+
+
.SS Extra Export Tables
After reading
.I /etc/exports

30
SOURCES/nfs-utils-2.3.3-exports-manpage-outdated.patch Normal file
View File

@ -0,0 +1,30 @@
commit ba90d61be3abca5a699765ce08759ca6b986781d
Author: Steve Dickson <steved@redhat.com>
Date: Thu Dec 10 14:05:23 2020 -0500
exports.man: Remove some outdated verbiage
Years ago, commit 6a7d90cea765 removed the warning
this verbiage was talking about, but was never
removed from the man page.
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
index 1d171849..54b3f877 100644
--- a/utils/exportfs/exports.man
+++ b/utils/exportfs/exports.man
@@ -169,13 +169,6 @@ default. In all releases after 1.0.0,
is the default, and
.I async
must be explicitly requested if needed.
-To help make system administrators aware of this change,
-.B exportfs
-will issue a warning if neither
-.I sync
-nor
-.I async
-is specified.
.TP
.IR no_wdelay
This option has no effect if

1009
SOURCES/nfs-utils-2.3.3-gssd-multithread-updates.patch Normal file
View File

File diff suppressed because it is too large Load Diff

61
SOURCES/nfs-utils-2.3.3-mountd-pseudofs.patch Normal file
View File

@ -0,0 +1,61 @@
diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index d735dbfe..8ec33fb0 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -36,9 +36,9 @@ static nfs_export pseudo_root = {
.m_export = {
.e_hostname = "*",
.e_path = "/",
- .e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
+ .e_flags = NFSEXP_READONLY
| NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
- | NFSEXP_V4ROOT,
+ | NFSEXP_V4ROOT | NFSEXP_INSECURE_PORT,
.e_anonuid = 65534,
.e_anongid = 65534,
.e_squids = NULL,
@@ -57,15 +57,11 @@ static nfs_export pseudo_root = {
};
static void
-set_pseudofs_security(struct exportent *pseudo, int flags)
+set_pseudofs_security(struct exportent *pseudo)
{
struct flav_info *flav;
int i;
- if (flags & NFSEXP_INSECURE_PORT)
- pseudo->e_flags |= NFSEXP_INSECURE_PORT;
- if ((flags & NFSEXP_ROOTSQUASH) == 0)
- pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
struct sec_entry *new;
@@ -75,8 +71,7 @@ set_pseudofs_security(struct exportent *pseudo, int flags)
i = secinfo_addflavor(flav, pseudo);
new = &pseudo->e_secinfo[i];
- if (flags & NFSEXP_INSECURE_PORT)
- new->flags |= NFSEXP_INSECURE_PORT;
+ new->flags |= NFSEXP_INSECURE_PORT;
}
}
@@ -95,7 +90,7 @@ v4root_create(char *path, nfs_export *export)
strncpy(eep.e_path, path, sizeof(eep.e_path)-1);
if (strcmp(path, "/") != 0)
eep.e_flags &= ~NFSEXP_FSID;
- set_pseudofs_security(&eep, curexp->e_flags);
+ set_pseudofs_security(&eep);
exp = export_create(&eep, 0);
if (exp == NULL)
return NULL;
@@ -143,7 +138,7 @@ pseudofs_update(char *hostname, char *path, nfs_export *source)
return 0;
}
/* Update an existing V4ROOT export: */
- set_pseudofs_security(&exp->m_export, source->m_export.e_flags);
+ set_pseudofs_security(&exp->m_export);
return 0;
}

29
SOURCES/nfs-utils-2.3.3-nfsdclddb-manpage-rename.patch Normal file
View File

@ -0,0 +1,29 @@
commit 3e81185037cf97990e4598218f56d92dd70d6269
Author: NeilBrown <neilb@suse.de>
Date: Tue Oct 20 13:19:10 2020 -0400
clddb-tool was recently renamed to nfsdclddb.
Unfortunately the nfsdcld man page wasn't told.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/nfsdcld/nfsdcld.man b/utils/nfsdcld/nfsdcld.man
index 4c2b1e80..861f1c49 100644
--- a/utils/nfsdcld/nfsdcld.man
+++ b/utils/nfsdcld/nfsdcld.man
@@ -209,12 +209,12 @@ not necessary after upgrading \fBnfsdcld\fR, however \fBnfsd\fR will not use a l
version until restart. A restart of \fBnfsd is necessary\fR after downgrading \fBnfsdcld\fR,
to ensure that \fBnfsd\fR does not use an upcall version that \fBnfsdcld\fR does not support.
Additionally, a downgrade of \fBnfsdcld\fR requires the schema of the on-disk database to
-be downgraded as well. That can be accomplished using the \fBclddb-tool\fR(8) utility.
+be downgraded as well. That can be accomplished using the \fBnfsdclddb\fR(8) utility.
.SH FILES
.TP
.B /var/lib/nfs/nfsdcld/main.sqlite
.SH SEE ALSO
-.BR nfsdcltrack "(8), " clddb-tool (8)
+.BR nfsdcltrack "(8), " nfsdclddb (8)
.SH "AUTHORS"
.IX Header "AUTHORS"
The nfsdcld daemon was developed by Jeff Layton <jlayton@redhat.com>

12
SOURCES/nfs-utils-2.3.3-nfsiostat-div-zero.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py
--- nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig 2020-12-10 10:38:26.462195326 -0500
+++ nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py 2020-12-10 10:45:47.210671473 -0500
@@ -380,6 +380,8 @@ class DeviceData:
sends = float(self.__rpc_data['rpcsends'])
if sample_time == 0:
sample_time = float(self.__nfs_data['age'])
+ if sample_time == 0:
+ sample_time = 1;
return (sends / sample_time)
def display_iostats(self, sample_time, which):

37
SOURCES/nfs-utils-2.3.3-nfsiostat-key-error.patch Normal file
View File

@ -0,0 +1,37 @@
diff -up nfs-utils-2.3.3/tools/mountstats/mountstats.py.orig nfs-utils-2.3.3/tools/mountstats/mountstats.py
--- nfs-utils-2.3.3/tools/mountstats/mountstats.py.orig 2020-12-10 10:48:17.319579958 -0500
+++ nfs-utils-2.3.3/tools/mountstats/mountstats.py 2020-12-10 10:52:42.481484160 -0500
@@ -943,10 +943,11 @@ def print_iostat_summary(old, new, devic
if not old or device not in old:
stats.display_iostats(time)
else:
- old_stats = DeviceData()
- old_stats.parse_stats(old[device])
- diff_stats = stats.compare_iostats(old_stats)
- diff_stats.display_iostats(time)
+ if ("fstype autofs" not in str(old[device])) and ("fstype autofs" not in str(new[device])):
+ old_stats = DeviceData()
+ old_stats.parse_stats(old[device])
+ diff_stats = stats.compare_iostats(old_stats)
+ diff_stats.display_iostats(time)
def iostat_command(args):
"""iostat-like command for NFS mount points
diff -up nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py
--- nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py.orig 2020-12-10 10:48:17.316579880 -0500
+++ nfs-utils-2.3.3/tools/nfs-iostat/nfs-iostat.py 2020-12-10 10:52:42.481484160 -0500
@@ -467,10 +467,13 @@ def parse_stats_file(filename):
def print_iostat_summary(old, new, devices, time, options):
stats = {}
diff_stats = {}
+ devicelist = []
if old:
# Trim device list to only include intersection of old and new data,
# this addresses umounts due to autofs mountpoints
- devicelist = [x for x in old if x in devices]
+ for device in devices:
+ if "fstype autofs" not in str(old[device]):
+ devicelist.append(device)
else:
devicelist = devices

37
SOURCES/nfs-utils-2.3.3-systemd-exportfs-nofail.patch Normal file
View File

@ -0,0 +1,37 @@
commit 003000d451833309c963054e58a48fa1df7e767b
Author: Steve Dickson <steved@redhat.com>
Date: Thu Dec 10 13:13:03 2020 -0500
exportfs: Ingnore export failures in nfs-server.serivce unit
With some recent commits, exportfs will continue on trying to
export filesystems even when an entry is invalid or does
not exist, but will still have a non-zero exit to report
the error.
This situation should not stop the nfs-server service
from comingup so nfs-server.service file should
ignore these types of failures
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service
index 06c1adb7..b432f910 100644
--- a/systemd/nfs-server.service
+++ b/systemd/nfs-server.service
@@ -21,13 +21,13 @@ After=rpc-gssd.service gssproxy.service rpc-svcgssd.service
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStartPre=/usr/sbin/exportfs -r
+ExecStartPre=-/usr/sbin/exportfs -r
ExecStart=/usr/sbin/rpc.nfsd
ExecStop=/usr/sbin/rpc.nfsd 0
ExecStopPost=/usr/sbin/exportfs -au
ExecStopPost=/usr/sbin/exportfs -f
-ExecReload=/usr/sbin/exportfs -r
+ExecReload=-/usr/sbin/exportfs -r
[Install]
WantedBy=multi-user.target

51
SPECS/nfs-utils.spec
View File

@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser
Name: nfs-utils
URL: http://linux-nfs.org/
Version: 2.3.3
Release: 35%{?dist}
Release: 41%{?dist}
Epoch: 1
# group all 32bit related archs
@ -61,6 +61,18 @@ Patch027: nfs-utils-2.3.3-nconnect-manpage.patch
Patch028: nfs-utils-2.3.3-nfsdclddb-rename.patch
Patch029: nfs-utils-2.3.3-nfsclnts-cmd.patch
#
# RHEL 8.4
#
Patch030: nfs-utils-2.3.3-exportfs-man-labels.patch
Patch031: nfs-utils-2.3.3-nfsiostat-div-zero.patch
Patch032: nfs-utils-2.3.3-nfsiostat-key-error.patch
Patch033: nfs-utils-2.3.3-nfsdclddb-manpage-rename.patch
Patch034: nfs-utils-2.3.3-systemd-exportfs-nofail.patch
Patch035: nfs-utils-2.3.3-exports-manpage-outdated.patch
Patch036: nfs-utils-2.3.3-gssd-multithread-updates.patch
Patch037: nfs-utils-2.3.3-mountd-pseudofs.patch
Patch100: nfs-utils-1.2.1-statdpath-man.patch
Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch
Patch102: nfs-utils-2.3.3-idmap-errmsg.patch
@ -223,8 +235,6 @@ done
cat /etc/group | cut -d':' -f 1 | grep --quiet rpcuser 2>/dev/null
if [ "$?" -eq 1 ]; then
/usr/sbin/groupadd -g %{rpcuser_uid} rpcuser >/dev/null 2>&1 || :
else
/usr/sbin/groupmod -g %{rpcuser_uid} rpcuser >/dev/null 2>&1 || :
fi
# Create rpcuser uid as long as it does not already exist.
@ -253,11 +263,6 @@ if [ $? -eq 1 ]; then
fi
%post
# Enable nfs-convert so if an old configuration
# exists a conversion will occur
/bin/systemctl enable nfs-convert >/dev/null 2>&1 || :
if [ $1 -eq 1 ] ; then
# Initial installation
/bin/systemctl enable nfs-client.target >/dev/null 2>&1 || :
@ -270,8 +275,6 @@ if [ $1 -eq 0 ]; then
%systemd_preun nfs-client.target
%systemd_preun nfs-server.server
rm -rf /var/lib/nfs/statd
rm -rf /var/lib/nfs/v4recovery
fi
%postun
@ -280,6 +283,11 @@ fi
/bin/systemctl --system daemon-reload >/dev/null 2>&1 || :
if [ $1 -eq 0 ] ; then
rm -rf /var/lib/nfs/statd
rm -rf /var/lib/nfs/v4recovery
fi
%triggerin -- nfs-utils > 1:2.1.1-3
/bin/systemctl try-restart gssproxy || :
@ -347,6 +355,29 @@ fi
%{_libdir}/libnfsidmap.so
%changelog
* Wed Jan 20 2021 Steve Dickson <steved@redhat.com> 2.3.3-41
- mountd: never root squash on the pseudofs (bz 1804912)
* Mon Dec 14 2020 Steve Dickson <steved@redhat.com> 2.3.3-40
- gssd: upstream multithreaded updates (bz 1906792)
* Fri Dec 11 2020 Steve Dickson <steved@redhat.com> 2.3.3-39
- systemd: Ingnore export failures in nfs-server.serivce unit (bz 1894873)
- exports.man: Remove some outdated verbiage (bz 1769688)
* Thu Dec 10 2020 Steve Dickson <steved@redhat.com> 2.3.3-38
- exports man page: warn about subdirectory exports (bz 1652437)
- Don't modify /etc/group on upgrades (bz 1856881)
- nfs-iostat: divide by zero with fresh mount (bz 1861823)
- nfsiostat: Drop autofs entries before calling compare_iostats() (bz 1859130)
- nfsdclddb: clddb-tool was recently renamed to nfsdclddb (bz 1893599)
* Thu Dec 10 2020 Alice Mitchell <ajmitchell@redhat.com> 2.3.3-37
- Remove manual enabling of nfs-convert (bz 1683895)
* Fri Oct 9 2020 Alice Mitchell <ajmitchell@redhat.com> 2.3.3-36
- Fix uninstall warnings (bz 1733170)
* Wed Jun 10 2020 Steve Dickson <steved@redhat.com> 2.3.3-35
- Fix dependency problems with nfsdclnts (bz 1841502)