stable
FEDORA-2014-15315 created by steved 7 years ago for Fedora 21

commit e725def62c73b4aa269fefc4c0d96abb41927fcb Author: Steve Dickson steved@redhat.com Date: Mon Nov 17 13:17:20 2014 -0500

exportfs: Do not fail on empty exports file.

Commit 076dd80 introduced a regression that causes
exportfs to fail when there is an empty /etc/exports
file. A empty /etc/exports file is valid and should
not cause exportfs to fail.

Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>

commit e4569a0961ff9f059b9ae71327d291cf95399597 Author: Bodo Stroesser bstroesser@ts.fujitsu.com Date: Wed Nov 12 09:43:29 2014 -0500

rpc.mountd: set libtirpc nonblocking mode to avoid DOS

This patch is experimental. In works fine in that it 
removes the vulnerability against a DOS attack. rpc.mountd 
can be blocked by a bad client, that sends many RPC requests 
but never reads the responses. This might happen 
intentionally or caused by a wrong network config (MTU). The 
patch switches on the nonblocking mode of libtirpc. In that 
mode writes can block for a max of 2 seconds. Attackers are 
forced to send requests slower, as libtirpc will close
a connection if it finds two requests to read at the same 
time.

Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
Signed-off-by: Steve Dickson <steved@redhat.com>

1170354 - Typos in nfs-utils sysconfig files and associated script

1165322 - nfs-utils pre scriptlet fails to add rpcuser properly

1115225 - clean up and clarify lockd port configuration

1173564 - Cannot properly enable the nfs-secure service

1175773 - nfs-utils_env.sh: line 21: [: : integer expression expected

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2014-15315

This update has been submitted for testing by steved.

7 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/13729/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/13729/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

7 years ago

This update is currently being pushed to the Fedora 21 testing updates repository.

7 years ago

This update has been pushed to testing

7 years ago
User Icon pbrobinson commented & provided feedback 7 years ago
karma

Seems OK

User Icon bojan commented & provided feedback 7 years ago
karma

Just an FYI. Upgraded an F-20 box (that does not even run NFS) to F-21 and now nfs-idmapd.service refuses to start (not that I need it, but still). Apparently: rpc.idmapd[10913]: main: open(/var/lib/nfs/rpc_pipefs//nfs): No such file or directory. I can see there is a whole bunch of stuff in rpc_pipefs on my F-20 machine (now owned by any RPM), but F-21 has nothing in there. The -2.0 version of this package also does the same thing.

User Icon bojan commented & provided feedback 7 years ago
karma

I meant to say "not owned by any RPM".

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

7 years ago

This is main: open(/var/lib/nfs/rpc_pipefs//nfs): No such file or directory is happening because the sunrpc kernel module is not loaded which means /var/lib/nfs/rpc_pipefs is not mounted. So the question is why is rpc.idmapd even being started if you not running the NFS server. I'm guess this is a problem with the upgrade not so much a bug in the code.

OK, thanks. I guess I'll just disable it. On another note, you may want to look at things like RPCMOUNTDOPTS in /etc/sysconfig/nfs, which is part of this package. The actual service takes RPCMOUNTDARGS. I think I saw one or two more like that, because the ports I defined on the machine that does run NFS would not be taken into account.

User Icon bojan commented & provided feedback 7 years ago
karma

See bug #1170354.

This build has fixed for me "Bug 1164477 - nfs server does not start with empty /etc/exports (and exports in /etc/exports.d)". But unaware of the other Bug/regression so not +1ing it.

steved has edited this update. New build(s): nfs-utils-1.3.1-4.0.fc21. Removed build(s): nfs-utils-1.3.1-2.2.fc21.

7 years ago

This update has been submitted for testing by steved.

7 years ago

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/21169/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/21169/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

7 years ago

This update has been pushed to testing

7 years ago
User Icon bojan commented & provided feedback 7 years ago
karma

Upon restart of nfs-config.service, followed by restart of other impacted NFS services, fixes #1170354.

System fails to boot after this update. Needed to remove nfs-client.target by hand to be able to get to the gdm login prompt. Have empty /etc/exportfs and no NFS entries in /etc/fstab

karma: -1

"System fails to boot" what exactly does this mean? Did the system hang, if so where? Did the system panic, if so where. Are you sure nfs-utils was causing the problem?

steved has edited this update. New build(s): nfs-utils-1.3.1-4.1.fc21. Removed build(s): nfs-utils-1.3.1-4.0.fc21.

7 years ago

This update has been submitted for testing by steved.

7 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/24903/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/24903/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

7 years ago

This update has been pushed to testing

7 years ago

This update has been submitted for stable by steved.

7 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/27602/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/27603/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/27603/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

7 years ago

This update has been pushed to stable

7 years ago
User Icon freddyw commented & provided feedback 7 years ago
karma

had 2 systems that refused to start after the upgrade. It hangs on "a start job is running for notify nfs peers of a restart". This would be the rpc-statd-notify.service. Booting with a live CD and manually symlinking /etc/systemd/system/rpc-statd-notify.service to /dev/null works. On both systems the yum update initially hung as well (on restart nfs-client-target).

User Icon macemoneta commented & provided feedback 7 years ago
karma

Same problem as freddyw, system boot hangs with "starting notify nfs users of a restart"

nfs-utils-1.3.1-5.0.fc21 bugfix update is now available that fixes the boot hang. https://admin.fedoraproject.org/updates/nfs-utils?_csrf_token=e31ce8ffefe1390f57bca7dd4055bc5fccabca0c


Please login to add feedback.

Metadata
Type
bugfix
Karma
-2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago
modified
7 years ago
BZ#1115225 clean up and clarify lockd port configuration
0
0
BZ#1163886 rpc.mountd can be blocked by a bad client
0
0
BZ#1164477 nfs server does not start with empty /etc/exports (and exports in /etc/exports.d)
0
0
BZ#1165322 nfs-utils pre scriptlet fails to add rpcuser properly
0
0
BZ#1170354 Typos in nfs-utils sysconfig files and associated script
0
0
BZ#1173564 Cannot properly enable the nfs-secure service
0
0
BZ#1175773 nfs-utils_env.sh: line 21: [: : integer expression expected
0
0

Automated Test Results