stable

nfs-utils-1.3.1-4.1.fc21

FEDORA-2014-15315 created by steved 10 years ago for Fedora 21

commit e725def62c73b4aa269fefc4c0d96abb41927fcb Author: Steve Dickson steved@redhat.com Date: Mon Nov 17 13:17:20 2014 -0500

exportfs: Do not fail on empty exports file.

Commit 076dd80 introduced a regression that causes
exportfs to fail when there is an empty /etc/exports
file. A empty /etc/exports file is valid and should
not cause exportfs to fail.

Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>

commit e4569a0961ff9f059b9ae71327d291cf95399597 Author: Bodo Stroesser bstroesser@ts.fujitsu.com Date: Wed Nov 12 09:43:29 2014 -0500

rpc.mountd: set libtirpc nonblocking mode to avoid DOS

This patch is experimental. In works fine in that it 
removes the vulnerability against a DOS attack. rpc.mountd 
can be blocked by a bad client, that sends many RPC requests 
but never reads the responses. This might happen 
intentionally or caused by a wrong network config (MTU). The 
patch switches on the nonblocking mode of libtirpc. In that 
mode writes can block for a max of 2 seconds. Attackers are 
forced to send requests slower, as libtirpc will close
a connection if it finds two requests to read at the same 
time.

Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>

1170354 - Typos in nfs-utils sysconfig files and associated script

1165322 - nfs-utils pre scriptlet fails to add rpcuser properly

1115225 - clean up and clarify lockd port configuration

1173564 - Cannot properly enable the nfs-secure service

1175773 - nfs-utils_env.sh: line 21: [: : integer expression expected

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2014-15315

This update has been submitted for testing by steved.

10 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/13729/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/13729/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

10 years ago

This update is currently being pushed to the Fedora 21 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago
User Icon pbrobinson commented & provided feedback 10 years ago
karma

Seems OK

User Icon bojan commented & provided feedback 10 years ago
karma

Just an FYI. Upgraded an F-20 box (that does not even run NFS) to F-21 and now nfs-idmapd.service refuses to start (not that I need it, but still). Apparently: rpc.idmapd[10913]: main: open(/var/lib/nfs/rpc_pipefs//nfs): No such file or directory. I can see there is a whole bunch of stuff in rpc_pipefs on my F-20 machine (now owned by any RPM), but F-21 has nothing in there. The -2.0 version of this package also does the same thing.

User Icon bojan commented & provided feedback 10 years ago
karma

I meant to say "not owned by any RPM".

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

10 years ago

This is main: open(/var/lib/nfs/rpc_pipefs//nfs): No such file or directory is happening because the sunrpc kernel module is not loaded which means /var/lib/nfs/rpc_pipefs is not mounted. So the question is why is rpc.idmapd even being started if you not running the NFS server. I'm guess this is a problem with the upgrade not so much a bug in the code.

OK, thanks. I guess I'll just disable it. On another note, you may want to look at things like RPCMOUNTDOPTS in /etc/sysconfig/nfs, which is part of this package. The actual service takes RPCMOUNTDARGS. I think I saw one or two more like that, because the ports I defined on the machine that does run NFS would not be taken into account.

User Icon bojan commented & provided feedback 10 years ago
karma

See bug #1170354.

This build has fixed for me "Bug 1164477 - nfs server does not start with empty /etc/exports (and exports in /etc/exports.d)". But unaware of the other Bug/regression so not +1ing it.

steved has edited this update. New build(s): nfs-utils-1.3.1-4.0.fc21. Removed build(s): nfs-utils-1.3.1-2.2.fc21.

10 years ago

This update has been submitted for testing by steved.

10 years ago

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/21169/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/21169/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago
User Icon bojan commented & provided feedback 10 years ago
karma

Upon restart of nfs-config.service, followed by restart of other impacted NFS services, fixes #1170354.

System fails to boot after this update. Needed to remove nfs-client.target by hand to be able to get to the gdm login prompt. Have empty /etc/exportfs and no NFS entries in /etc/fstab

karma: -1

"System fails to boot" what exactly does this mean? Did the system hang, if so where? Did the system panic, if so where. Are you sure nfs-utils was causing the problem?

steved has edited this update. New build(s): nfs-utils-1.3.1-4.1.fc21. Removed build(s): nfs-utils-1.3.1-4.0.fc21.

10 years ago

This update has been submitted for testing by steved.

10 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/24903/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/24903/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago

This update has been submitted for stable by steved.

10 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/27602/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/27603/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/27603/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

10 years ago

This update has been pushed to stable

10 years ago
User Icon freddyw commented & provided feedback 10 years ago
karma

had 2 systems that refused to start after the upgrade. It hangs on "a start job is running for notify nfs peers of a restart". This would be the rpc-statd-notify.service. Booting with a live CD and manually symlinking /etc/systemd/system/rpc-statd-notify.service to /dev/null works. On both systems the yum update initially hung as well (on restart nfs-client-target).

User Icon macemoneta commented & provided feedback 10 years ago
karma

Same problem as freddyw, system boot hangs with "starting notify nfs users of a restart"

nfs-utils-1.3.1-5.0.fc21 bugfix update is now available that fixes the boot hang. https://admin.fedoraproject.org/updates/nfs-utils?_csrf_token=e31ce8ffefe1390f57bca7dd4055bc5fccabca0c


Please login to add feedback.

Metadata
Type
bugfix
Karma
-2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
10 years ago
in testing
10 years ago
in stable
10 years ago
modified
10 years ago
BZ#1115225 clean up and clarify lockd port configuration
0
0
BZ#1163886 rpc.mountd can be blocked by a bad client
0
0
BZ#1164477 nfs server does not start with empty /etc/exports (and exports in /etc/exports.d)
0
0
BZ#1165322 nfs-utils pre scriptlet fails to add rpcuser properly
0
0
BZ#1170354 Typos in nfs-utils sysconfig files and associated script
0
0
BZ#1173564 Cannot properly enable the nfs-secure service
0
0
BZ#1175773 nfs-utils_env.sh: line 21: [: : integer expression expected
0
0

Automated Test Results