Version in base suite: 5.1.7-1

Base version: autofs_5.1.7-1
Target version: autofs_5.1.7-1+deb11u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/a/autofs/autofs_5.1.7-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/a/autofs/autofs_5.1.7-1+deb11u1.dsc

 changelog                                                 |   10 +
 patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch  |   45 ++++++
 patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch |   97 ++++++++++++++
 patches/series                                            |    2 
 4 files changed, 154 insertions(+)

diff -Nru autofs-5.1.7/debian/changelog autofs-5.1.7/debian/changelog
--- autofs-5.1.7/debian/changelog	2021-02-04 12:36:20.000000000 +0000
+++ autofs-5.1.7/debian/changelog	2023-07-10 17:01:17.000000000 +0000
@@ -1,3 +1,13 @@
+autofs (5.1.7-1+deb11u1) bullseye; urgency=medium
+
+  * debian/patches:
+    + Add fix-nfs4-only-mounts-should-not-use-rpcbind.patch. Don't let NFSv4-
+      only mounts use rpcbind portmapper service. (Closes: #1034261).
+    + Add fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch. Fix missing unlock
+      in sasl_do_kinit_ext_cc(). (Closes: #1039967).
+
+ -- Mike Gabriel <sunweaver@debian.org>  Mon, 10 Jul 2023 19:01:17 +0200
+
 autofs (5.1.7-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru autofs-5.1.7/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch autofs-5.1.7/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch
--- autofs-5.1.7/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch	1970-01-01 00:00:00.000000000 +0000
+++ autofs-5.1.7/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch	2023-07-05 10:14:29.000000000 +0000
@@ -0,0 +1,45 @@
+From b2571ed0df973a6dc6a8e661874655fa7cecdc37 Mon Sep 17 00:00:00 2001
+From: James Dingwall <james-autofs@dingwall.me.uk>
+Date: Wed, 20 Jul 2022 13:22:38 +0800
+Subject: autofs-5.1.8 - fix missing unlock in sasl_do_kinit_ext_cc()
+
+There is a missing mutex unlock in function sasl_do_kinit_ext_cc(),
+fix it.
+
+Signed-off-by: James Dingwall <james-autofs@dingwall.me.uk>
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+# CHANGELOG            | 1 +
+ modules/cyrus-sasl.c | 4 ++++
+ 2 files changed, 5 insertions(+)
+
+#diff --git a/CHANGELOG b/CHANGELOG
+#index 1f7c93a..e0b285d 100644
+#--- a/CHANGELOG
+#+++ b/CHANGELOG
+#@@ -27,6 +27,7 @@
+# - add autofs_strerror_r() helper for musl.
+# - update configure.
+# - handle innetgr() not present in musl.
+#+- fix missing unlock in sasl_do_kinit_ext_cc().
+# 
+# 19/10/2021 autofs-5.1.8
+# - add xdr_exports().
+diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c
+index ae046e0..738e363 100644
+--- a/modules/cyrus-sasl.c
++++ b/modules/cyrus-sasl.c
+@@ -721,6 +721,10 @@ sasl_do_kinit_ext_cc(unsigned logopt, struct lookup_context *ctxt)
+ 
+ 	debug(logopt, "Kerberos authentication was successful!");
+ 
++	status = pthread_mutex_unlock(&krb5cc_mutex);
++	if (status)
++		fatal(status);
++
+ 	return 0;
+ 
+ out_cleanup_def_princ:
+-- 
+cgit 
+
diff -Nru autofs-5.1.7/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch autofs-5.1.7/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch
--- autofs-5.1.7/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch	1970-01-01 00:00:00.000000000 +0000
+++ autofs-5.1.7/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch	2023-07-05 10:14:29.000000000 +0000
@@ -0,0 +1,97 @@
+From 80845bbcbc264f19c6c6a81d680e1f2b1ea6d3cc Mon Sep 17 00:00:00 2001
+From: Ian Kent <raven@themaw.net>
+Date: Sun, 31 Oct 2021 07:36:16 +0800
+Subject: autofs-5.1.8 - fix nfsv4 only mounts should not use rpcbind
+
+Commit 606795ecfaa1 ("autofs-5.1.7 - also require TCP_REQUESTED when
+setting NFS port" together with commit 26fb6b5408be) caused NFSv4 only
+mounts to also use rpcbind to probe availability which breaks the
+requirememt that this type of mount not use rpcbind at all.
+
+Fix this by treating fstype=nfs4 mounts as a special case which doesn't
+use rpcbind.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+# CHANGELOG            |  1 +
+ include/replicated.h |  2 ++
+ modules/mount_nfs.c  | 13 +++++++------
+ modules/replicated.c |  4 ++--
+ 4 files changed, 12 insertions(+), 8 deletions(-)
+
+#diff --git a/CHANGELOG b/CHANGELOG
+#index 575f186..4e5e82d 100644
+#--- a/CHANGELOG
+#+++ b/CHANGELOG
+#@@ -8,6 +8,7 @@
+# - dont fail on duplicate offset entry tree add.
+# - fix loop under run in cache_get_offset_parent().
+# - bailout on rpc systemerror.
+#+- fix nfsv4 only mounts should not use rpcbind.
+# 
+# 19/10/2021 autofs-5.1.8
+# - add xdr_exports().
+--- a/include/replicated.h
++++ b/include/replicated.h
+@@ -35,6 +35,8 @@
+ #define NFS3_REQUESTED		NFS3_SUPPORTED
+ #define NFS4_REQUESTED		NFS4_SUPPORTED
+ 
++#define NFS4_ONLY_REQUESTED	0x0800
++
+ #define TCP_SUPPORTED		0x0001
+ #define UDP_SUPPORTED		0x0002
+ #define TCP_REQUESTED		TCP_SUPPORTED
+--- a/modules/mount_nfs.c
++++ b/modules/mount_nfs.c
+@@ -92,7 +92,7 @@
+ 	mount_default_proto = defaults_get_mount_nfs_default_proto();
+ 	vers = NFS_VERS_DEFAULT | NFS_PROTO_DEFAULT;
+ 	if (strcmp(fstype, "nfs4") == 0)
+-		vers = NFS4_VERS_DEFAULT | TCP_SUPPORTED;
++		vers = NFS4_VERS_DEFAULT | TCP_SUPPORTED | NFS4_ONLY_REQUESTED;
+ 	else if (mount_default_proto == 4)
+ 		vers = vers | NFS4_VERS_DEFAULT;
+ 
+@@ -157,15 +157,16 @@
+ 			} else {
+ 				/* Is any version of NFSv4 in the options */
+ 				if (_strncmp("vers=4", cp, 6) == 0 ||
+-				    _strncmp("nfsvers=4", cp, 9) == 0)
+-					vers = NFS4_VERS_MASK | TCP_SUPPORTED;
+-				else if (_strncmp("vers=3", cp, o_len) == 0 ||
++				    _strncmp("nfsvers=4", cp, 9) == 0) {
++					vers &= ~(NFS_VERS_MASK);
++					vers |= NFS4_VERS_MASK | TCP_SUPPORTED | NFS4_ONLY_REQUESTED;
++				} else if (_strncmp("vers=3", cp, o_len) == 0 ||
+ 					 _strncmp("nfsvers=3", cp, o_len) == 0) {
+-					vers &= ~(NFS4_VERS_MASK | NFS_VERS_MASK);
++					vers &= ~(NFS4_VERS_MASK | NFS_VERS_MASK | NFS4_ONLY_REQUESTED);
+ 					vers |= NFS3_REQUESTED;
+ 				} else if (_strncmp("vers=2", cp, o_len) == 0 ||
+ 					 _strncmp("nfsvers=2", cp, o_len) == 0) {
+-					vers &= ~(NFS4_VERS_MASK | NFS_VERS_MASK);
++					vers &= ~(NFS4_VERS_MASK | NFS_VERS_MASK | NFS4_ONLY_REQUESTED);
+ 					vers |= NFS2_REQUESTED;
+ 				} else if (strstr(cp, "port=") == cp &&
+ 					 o_len - 5 < 25) {
+--- a/modules/replicated.c
++++ b/modules/replicated.c
+@@ -248,7 +248,7 @@
+ 
+ 	rpc_info->proto = proto;
+ 	if (port < 0) {
+-		if (version & NFS4_REQUESTED)
++		if (version & NFS4_REQUESTED && (version & NFS4_ONLY_REQUESTED))
+ 			rpc_info->port = NFS_PORT;
+ 		else
+ 			port = 0;
+@@ -510,7 +510,7 @@
+ {
+ 	struct conn_info pm_info, rpc_info;
+ 	time_t timeout = RPC_TIMEOUT;
+-	unsigned int supported, vers = (NFS_VERS_MASK | NFS4_VERS_MASK);
++	unsigned int supported, vers = (NFS_VERS_MASK | NFS4_VERS_MASK | NFS4_ONLY_REQUESTED);
+ 	int ret = 0;
+ 
+ 	if (!check_address_proto(logopt, host, version))
diff -Nru autofs-5.1.7/debian/patches/series autofs-5.1.7/debian/patches/series
--- autofs-5.1.7/debian/patches/series	2021-02-04 12:13:20.000000000 +0000
+++ autofs-5.1.7/debian/patches/series	2023-07-05 10:14:29.000000000 +0000
@@ -9,3 +9,5 @@
 spelling-error-fixes.patch
 fix-lookup-ldap-crash.patch
 fix-nfs4-mounts-in-auto-net.patch
+fix-nfs4-only-mounts-should-not-use-rpcbind.patch
+fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch