diff options
Diffstat (limited to 'debian/patches')
| -rw-r--r-- | debian/patches/always-run-generator.patch | 23 | ||||
| -rw-r--r-- | debian/patches/fsidd-call-anonymous-sockets-by-their-name-only-don-.patch | 116 | ||||
| -rw-r--r-- | debian/patches/multiarch-kerberos-paths.patch | 22 | ||||
| -rw-r--r-- | debian/patches/series | 3 |
4 files changed, 164 insertions, 0 deletions
diff --git a/debian/patches/always-run-generator.patch b/debian/patches/always-run-generator.patch new file mode 100644 index 0000000..f169e69 --- /dev/null +++ b/debian/patches/always-run-generator.patch @@ -0,0 +1,23 @@ +Description: Always run the generator + Run the generator even if the pipefs-directory setting is the default one. +Author: Andreas Hasenack <andreas@canonical.com> +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1971935 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014429 +Forwarded: https://lore.kernel.org/linux-nfs/EE39279C-4E40-48C8-ABC9-707EB1AD6D79@redhat.com/ +Last-Update: 2022-07-12 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +diff --git a/systemd/rpc-pipefs-generator.c b/systemd/rpc-pipefs-generator.c +index c24db567..7c42431f 100644 +--- a/systemd/rpc-pipefs-generator.c ++++ b/systemd/rpc-pipefs-generator.c +@@ -139,9 +139,6 @@ int main(int argc, char *argv[]) + s = conf_get_str("general", "pipefs-directory"); + if (!s) + exit(0); +- if (strlen(s) == strlen(RPC_PIPEFS_DEFAULT) && +- strcmp(s, RPC_PIPEFS_DEFAULT) == 0) +- exit(0); + + if (is_non_pipefs_mountpoint(s)) + exit(1); diff --git a/debian/patches/fsidd-call-anonymous-sockets-by-their-name-only-don-.patch b/debian/patches/fsidd-call-anonymous-sockets-by-their-name-only-don-.patch new file mode 100644 index 0000000..326344b --- /dev/null +++ b/debian/patches/fsidd-call-anonymous-sockets-by-their-name-only-don-.patch @@ -0,0 +1,116 @@ +From: Ahelenia Ziemiaska <nabijaczleweli@nabijaczleweli.xyz> +Date: Mon, 27 Nov 2023 10:41:04 -0500 +Subject: fsidd: call anonymous sockets by their name only, don't fill with + NULs to 108 bytes +Origin: https://git.kernel.org/linus/46f91dc8f0d9aa31e18327cf3ad61c27551c4cfc +Bug-Debian: https://bugs.debian.org/1051132 + +Since e00ab3c0616fe6d83ab0710d9e7d989c299088f7, ss -l looks like this: + u_seq LISTEN 0 5 @/run/fsid.sock@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 26989379 * 0 +with fsidd pushing all the addresses to 108 bytes wide, which is deeply +egregious if you don't filter it out and recolumnate. + +This is because, naturally (unix(7)), "Null bytes in the name have +no special significance": abstract addresses are binary blobs, but +paths automatically terminate at the first NUL byte, since paths +can't contain those. + +So just specify the correct address length when we're using the abstract domain: +unix(7) recommends "offsetof(struct sockaddr_un, sun_path) + strlen(sun_path) + 1" +for paths, but we don't want to include the terminating NUL, so it's just +"offsetof(struct sockaddr_un, sun_path) + strlen(sun_path)". +This brings the width back to order: +-- >8 -- +$ ss -la | grep @ +u_str ESTAB 0 0 @45208536ec96909a/bus/systemd-timesyn/bus-api-timesync 18500238 * 18501249 +u_str ESTAB 0 0 @fecc9657d2315eb7/bus/systemd-network/bus-api-network 18495452 * 18494406 +u_seq LISTEN 0 5 @/run/fsid.sock 27168796 * 0 +u_str ESTAB 0 0 @ac308f35f50797a2/bus/systemd-logind/system 19406 * 15153 +u_str ESTAB 0 0 @b6606e0dfacbae75/bus/systemd/bus-api-system 18494353 * 18495334 +u_str ESTAB 0 0 @5880653d215718a7/bus/systemd/bus-system 26930876 * 26930003 +-- >8 -- + +Fixes: e00ab3c0616fe6d83ab0710d9e7d989c299088f7 ("fsidd: provide + better default socket name.") +Reviewed-by: NeilBrown <neilb@suse.de> +Signed-off-by: Ahelenia Ziemia?ska <nabijaczleweli@nabijaczleweli.xyz> +Signed-off-by: Steve Dickson <steved@redhat.com> +--- + support/reexport/fsidd.c | 9 ++++++--- + support/reexport/reexport.c | 8 ++++++-- + 2 files changed, 12 insertions(+), 5 deletions(-) + +diff --git a/support/reexport/fsidd.c b/support/reexport/fsidd.c +index 3e62b3fc1370..8a70b78f6362 100644 +--- a/support/reexport/fsidd.c ++++ b/support/reexport/fsidd.c +@@ -147,6 +147,7 @@ int main(void) + { + struct event *srv_ev; + struct sockaddr_un addr; ++ socklen_t addr_len; + char *sock_file; + int srv; + +@@ -161,10 +162,12 @@ int main(void) + memset(&addr, 0, sizeof(struct sockaddr_un)); + addr.sun_family = AF_UNIX; + strncpy(addr.sun_path, sock_file, sizeof(addr.sun_path) - 1); +- if (addr.sun_path[0] == '@') ++ addr_len = sizeof(struct sockaddr_un); ++ if (addr.sun_path[0] == '@') { + /* "abstract" socket namespace */ ++ addr_len = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path); + addr.sun_path[0] = 0; +- else ++ } else + unlink(sock_file); + + srv = socket(AF_UNIX, SOCK_SEQPACKET | SOCK_NONBLOCK, 0); +@@ -173,7 +176,7 @@ int main(void) + return 1; + } + +- if (bind(srv, (const struct sockaddr *)&addr, sizeof(struct sockaddr_un)) == -1) { ++ if (bind(srv, (const struct sockaddr *)&addr, addr_len) == -1) { + xlog(L_WARNING, "Unable to bind %s: %m\n", sock_file); + return 1; + } +diff --git a/support/reexport/reexport.c b/support/reexport/reexport.c +index 78516586b98e..0fb49a46723c 100644 +--- a/support/reexport/reexport.c ++++ b/support/reexport/reexport.c +@@ -21,6 +21,7 @@ static int fsidd_srv = -1; + static bool connect_fsid_service(void) + { + struct sockaddr_un addr; ++ socklen_t addr_len; + char *sock_file; + int ret; + int s; +@@ -33,9 +34,12 @@ static bool connect_fsid_service(void) + memset(&addr, 0, sizeof(struct sockaddr_un)); + addr.sun_family = AF_UNIX; + strncpy(addr.sun_path, sock_file, sizeof(addr.sun_path) - 1); +- if (addr.sun_path[0] == '@') ++ addr_len = sizeof(struct sockaddr_un); ++ if (addr.sun_path[0] == '@') { + /* "abstract" socket namespace */ ++ addr_len = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path); + addr.sun_path[0] = 0; ++ } + + s = socket(AF_UNIX, SOCK_SEQPACKET, 0); + if (s == -1) { +@@ -43,7 +47,7 @@ static bool connect_fsid_service(void) + return false; + } + +- ret = connect(s, (const struct sockaddr *)&addr, sizeof(struct sockaddr_un)); ++ ret = connect(s, (const struct sockaddr *)&addr, addr_len); + if (ret == -1) { + xlog(L_WARNING, "Unable to connect %s: %m, is fsidd running?\n", sock_file); + return false; +-- +2.43.0 + diff --git a/debian/patches/multiarch-kerberos-paths.patch b/debian/patches/multiarch-kerberos-paths.patch new file mode 100644 index 0000000..ed63325 --- /dev/null +++ b/debian/patches/multiarch-kerberos-paths.patch @@ -0,0 +1,22 @@ +Author: Luk Claes <luk@debian.org> +Description: Support multiarch kerberos paths (Closes: #642797). + +diff -Naurp nfs-utils.orig/aclocal/kerberos5.m4 nfs-utils/aclocal/kerberos5.m4 +--- nfs-utils.orig/aclocal/kerberos5.m4 ++++ nfs-utils/aclocal/kerberos5.m4 +@@ -29,6 +29,7 @@ AC_DEFUN([AC_KERBEROS_V5],[ + elif test -f "/usr/lib/mit/bin/krb5-config"; then + K5CONFIG="/usr/lib/mit/bin/krb5-config" + fi ++ MULTIARCH=`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null || true` + if test "$K5CONFIG" != ""; then + KRBCFLAGS=`$K5CONFIG --cflags` + KRBLIBS=`$K5CONFIG --libs` +@@ -43,6 +44,7 @@ AC_DEFUN([AC_KERBEROS_V5],[ + -f $dir/lib32/libgssapi_krb5.so -o \ + -f $dir/lib64/libgssapi_krb5.a -o \ + -f $dir/lib64/libgssapi_krb5.so -o \ ++ -f $dir/lib/$MULTIARCH/libgssapi_krb5.so -o \ + -f $dir/lib/$(uname -m)-linux-gnu/libgssapi_krb5.a -o \ + -f $dir/lib/$(uname -m)-linux-gnu/libgssapi_krb5.so \) ; then + AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries]) diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..cd3fe23 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,3 @@ +multiarch-kerberos-paths.patch +always-run-generator.patch +fsidd-call-anonymous-sockets-by-their-name-only-don-.patch |