[Bug 1980095] Re: libnfsidmap built without hardening flags

Launchpad Bug Tracker 1980095 at bugs.launchpad.net
Thu Jun 30 10:04:31 UTC 2022 

This bug was fixed in the package nfs-utils - 1:2.6.1-2ubuntu1

---------------
nfs-utils (1:2.6.1-2ubuntu1) kinetic; urgency=medium

  * Merge with Debian unstable (LP: #1974233). Remaining changes:
    - d/control: don't provide libnfsidmap2 in libnfsidmap1. This
      package contains not only plugins, but an actual shared library,
      with a different soname.
    - Don't install the regex module, as it's built by
      src:libnfsidmap-regex which is in Universe (MIR: #1960824)
      + d/control: don't conflict/break/etc with libnfsidmap-regex
      + d/libnfsidmap1.install: don't install regex.so
      + d/not-installed: mark files we knowingly don't include in the
        packaging
      + d/p/remove-regex-from-docs.patch: remove the regex section from
        the idmapd.conf(5) manpage, as we are not building that plugin in
        this package
    - Update README file:
      + d/README.Ubuntu: new /etc/nfs.conf config structure
      + d/libnfsidmap1.docs, d/nfs-common.docs: install README.Ubuntu
    - d/nfs-common.postrm: also purge /etc/nfs.conf.d/local.conf
    - d/nfs-common.dirs: we also own /etc/nfs.conf.d
    - New apport hook (LP #1961058):
      + d/source.apport: apport hook for nfs-utils
      + d/control: build-depend dh-apport
      + d/rules: build with apport, and install the hook in the
        nfs-common package which is installed on both client and servers
    - Add more DEP8 tests (LP #1960828):
      + d/t/{control,kerberos-mount,util}: test NFSv4 krb5p mounts
      + d/t/{control, v3-moun}t: specific NFSv3 mount test
  * Dropped:
    - d/nfsconvert.py: add short "u" option for mountd's no-udp
      [Included in 1:2.6.1-2]
    - d/NEWS: explain some of the major changes in 2.6.x
      [Obsoleted by Debian's update to the per-package NEWS files]
    - d/nfs-*.bug-script: update to also include /etc/nfs.conf and
      /etc/nfs.conf.d/*.conf
      [Included in 1:2.6.1-2]
  * Added changes:
    - New binary package libnfsidmap-regex (LP: #1974067):
      + d/control: new package
      + d/libnfsidmap-regex.install: install the plugin file
      + d/not-installed: remove the plugin from the not-installed list
      + d/p/remove-regex-from-docs.patch: deleted
      + d/p/ubuntu-idmapd-manpage-update-regex-other-package.patch:
        note that the regex plugin is in another package
    - rpc.svcgssd fixes and improvements (LP: #1977745):
      + d/p/svcgssd-fix-use-after-free.patch: fix use-after-free which was
        preventing svcgssd options set in /etc/nfs.conf from being used
      + d/p/svcgssd-display-principal-if-set.patch: improve logging,
        showing the expected principal name if it was set in the config
      + d/p/svcgssd-document-missing-options.patch: add missing options to
        the svcgssd manpage
      + d/p/nfs-conf-manpage-missing-svcgssd-options.patch: also
        document the missing svcgssd options to the nfs.conf(5) manpage
    - d/README.Ubuntu: updated with the content of the previous d/NEWS
      file
    - d/rules: re-add hardening option lost from the src:libnfsidmap to
      src:nfs-utils transition (LP: #1980095)

 -- Andreas Hasenack <andreas at canonical.com>  Tue, 28 Jun 2022 10:59:36
-0300

** Changed in: nfs-utils (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1980095

Title:
  libnfsidmap built without hardening flags

Status in nfs-utils package in Ubuntu:
  Fix Released

Bug description:
  $ grep hardening ../lintian.log 
  I: libnfsidmap-regex: hardening-no-bindnow [usr/lib/x86_64-linux-gnu/libnfsidmap/regex.so]
  I: libnfsidmap1: hardening-no-bindnow [usr/lib/x86_64-linux-gnu/libnfsidmap.so.1.0.0]
  I: libnfsidmap1: hardening-no-bindnow [usr/lib/x86_64-linux-gnu/libnfsidmap/nsswitch.so]
  I: libnfsidmap1: hardening-no-bindnow [usr/lib/x86_64-linux-gnu/libnfsidmap/static.so]
  I: libnfsidmap1: hardening-no-bindnow [usr/lib/x86_64-linux-gnu/libnfsidmap/umich_ldap.so]
  I: libnfsidmap-regex: hardening-no-fortify-functions [usr/lib/x86_64-linux-gnu/libnfsidmap/regex.so]

  It was there before when we had src:libnfsidmap:
  https://git.launchpad.net/ubuntu/+source/libnfsidmap/tree/debian/rules#n10

  But we lost it when src:nfs-utils incorporated the libnfsidmap code.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1980095/+subscriptions

More information about the foundations-bugs mailing list