!121 [sync] PR-119: backport patches from community

From: @openeuler-sync-bot 
Reviewed-by: @liubo254 
Signed-off-by: @liubo254

0012-rpcdebug-avoid-buffer-underflow-if-read-returns-0.patch

@@ -0,0 +1,29 @@
+From a746c35822e557766d1871ec976490a71e6962d9 Mon Sep 17 00:00:00 2001
+From: Zhi Li <yieli@redhat.com>
+Date: Wed, 5 Apr 2023 12:08:10 -0400
+Subject: [PATCH] rpcdebug: avoid buffer underflow if read() returns 0
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2176740
+
+Signed-off-by: Zhi Li <yieli@redhat.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ tools/rpcdebug/rpcdebug.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/rpcdebug/rpcdebug.c b/tools/rpcdebug/rpcdebug.c
+index 68206cc5..ec05179e 100644
+--- a/tools/rpcdebug/rpcdebug.c
++++ b/tools/rpcdebug/rpcdebug.c
+@@ -257,7 +257,7 @@ get_flags(char *module)
+ 		perror(filename);
+ 		exit(1);
+ 	}
+-	if ((len = read(sysfd, buffer, sizeof(buffer))) < 0) {
++	if ((len = read(sysfd, buffer, sizeof(buffer))) <= 0) {
+ 		perror("read");
+ 		exit(1);
+ 	}
+-- 
+2.33.0
+

0013-export-Fix-rootdir-corner-case-in-next_mnt.patch

@@ -0,0 +1,58 @@
+From c0bf5895173972a0b86633c7d61d0de46798bbe1 Mon Sep 17 00:00:00 2001
+From: Richard Weinberger <richard@nod.at>
+Date: Wed, 5 Apr 2023 12:16:24 -0400
+Subject: [PATCH] export: Fix rootdir corner case in next_mnt()
+
+Currently the following setup causes failure:
+1. /etc/exports:
+/ *(rw,crossmnt,no_subtree_check,fsid=root)
+
+2. /etc/nfs.conf:
+[exports]
+ rootdir=/nfs_srv
+
+3. Mounts:
+/root/fs1.ext4 on /nfs_srv type ext4 (rw,relatime)
+/root/fs2.ext4 on /nfs_srv/fs2 type ext4 (rw,relatime)
+
+4. On the client:
+$ ls /nfs_client/fs2
+ls: cannot open directory '/nfs_client/fs2': Stale file handle
+
+The problem is that next_mnt() misses the corner case that
+every mount is a sub-mount of "/".
+So it fails to see that /nfs_srv/fs2 is a mountpoint when the
+client asks for fs2 it and as consequence the crossmnt mechanism
+fails.
+
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/export/cache.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/support/export/cache.c b/support/export/cache.c
+index 2497d4f4..1c526277 100644
+--- a/support/export/cache.c
++++ b/support/export/cache.c
+@@ -410,12 +410,16 @@ static char *next_mnt(void **v, char *p)
+ 		*v = f;
+ 	} else
+ 		f = *v;
+-	while ((me = getmntent(f)) != NULL && l > 1) {
++	while ((me = getmntent(f)) != NULL && l >= 1) {
+ 		char *mnt_dir = nfsd_path_strip_root(me->mnt_dir);
+ 
+ 		if (!mnt_dir)
+ 			continue;
+ 
++		/* Everything below "/" is a proper sub-mount */
++		if (strcmp(p, "/") == 0)
++			return mnt_dir;
++
+ 		if (strncmp(mnt_dir, p, l) == 0 && mnt_dir[l] == '/')
+ 			return mnt_dir;
+ 	}
+-- 
+2.33.0
+

0014-Move-version.h-into-a-common-include-directory.patch

@@ -0,0 +1,64 @@
+From 47e6d7667cd7cd82c9033a3176afbdd2341065b0 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Wed, 22 Sep 2021 11:29:34 -0400
+Subject: [PATCH] Move version.h into a common include directory
+
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/include/version.h | 1 +
+ utils/gssd/svcgssd_krb5.c | 2 +-
+ utils/nfsd/nfssvc.c       | 2 +-
+ utils/nfsdcld/nfsdcld.c   | 2 +-
+ 4 files changed, 4 insertions(+), 3 deletions(-)
+ create mode 120000 support/include/version.h
+
+diff --git a/support/include/version.h b/support/include/version.h
+new file mode 120000
+index 00000000..b7db0bbb
+--- /dev/null
++++ b/support/include/version.h
+@@ -0,0 +1 @@
++../../utils/mount/version.h
+\ No newline at end of file
+diff --git a/utils/gssd/svcgssd_krb5.c b/utils/gssd/svcgssd_krb5.c
+index 305d4751..2503c384 100644
+--- a/utils/gssd/svcgssd_krb5.c
++++ b/utils/gssd/svcgssd_krb5.c
+@@ -46,7 +46,7 @@
+ #include "gss_oids.h"
+ #include "err_util.h"
+ #include "svcgssd_krb5.h"
+-#include "../mount/version.h"
++#include "version.h"
+ 
+ #define MYBUFLEN 1024
+ 
+diff --git a/utils/nfsd/nfssvc.c b/utils/nfsd/nfssvc.c
+index 720bdd97..46452d97 100644
+--- a/utils/nfsd/nfssvc.c
++++ b/utils/nfsd/nfssvc.c
+@@ -25,7 +25,7 @@
+ #include "nfslib.h"
+ #include "xlog.h"
+ #include "nfssvc.h"
+-#include "../mount/version.h"
++#include "version.h"
+ 
+ #ifndef NFSD_FS_DIR
+ #define NFSD_FS_DIR	  "/proc/fs/nfsd"
+diff --git a/utils/nfsdcld/nfsdcld.c b/utils/nfsdcld/nfsdcld.c
+index 636c3983..dbc7a57f 100644
+--- a/utils/nfsdcld/nfsdcld.c
++++ b/utils/nfsdcld/nfsdcld.c
+@@ -45,7 +45,7 @@
+ #include "cld.h"
+ #include "cld-internal.h"
+ #include "sqlite.h"
+-#include "../mount/version.h"
++#include "version.h"
+ #include "conffile.h"
+ #include "legacy.h"
+ 
+-- 
+2.25.1
+

0015-mountd-only-do-NFSv4-logging-on-supported-kernels.patch

@@ -0,0 +1,35 @@
+From feb3dfc7127cf1337530ccb06ed90e818b026a07 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Wed, 22 Sep 2021 11:31:56 -0400
+Subject: [PATCH] mountd: only do NFSv4 logging on supported kernels.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1979816
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/export/v4clients.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/support/export/v4clients.c b/support/export/v4clients.c
+index dd985463..5e4f1058 100644
+--- a/support/export/v4clients.c
++++ b/support/export/v4clients.c
+@@ -10,6 +10,7 @@
+ #include <sys/inotify.h>
+ #include <errno.h>
+ #include "export.h"
++#include "version.h"
+ 
+ /* search.h declares 'struct entry' and nfs_prot.h
+  * does too.  Easiest fix is to trick search.h into
+@@ -23,6 +24,8 @@ static int clients_fd = -1;
+ 
+ void v4clients_init(void)
+ {
++	if (linux_version_code() < MAKE_VERSION(5, 3, 0))
++		return;
+ 	if (clients_fd >= 0)
+ 		return;
+ 	clients_fd = inotify_init1(IN_NONBLOCK);
+-- 
+2.25.1
+

0016-libnfsidmap-try-to-get-the-domain-directly-from-host.patch

@@ -0,0 +1,54 @@
+From 90a23f7c6343bcb1b69c93ceccc14cc06e14d958 Mon Sep 17 00:00:00 2001
+From: Aram Akhavan <github@aram.nubmail.ca>
+Date: Sat, 15 Jul 2023 13:21:04 -0400
+Subject: [PATCH] libnfsidmap: try to get the domain directly from hostname if
+ the DNS lookup fails and always show the log message if the domain can't be
+ determined
+
+In nfs4_init_name_mapping(), if no domain is specified in the config file, the hostname will be looked up in DNS, and the domain extracted from that.
+If DNS resolution isn't up at this time (i.e. on idmapd startup), the hardcoded domain in IDMAPD_DEFAULT_DOMAIN is used. This will break id mapping
+for anyone who doesn't happen to use "localdomain". Previously, the log message indicating this has happened requires -v to be passed, so the
+"failure" was silent by default.
+
+Signed-off-by: Aram Akhavan <github@aram.nubmail.ca>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/nfsidmap/libnfsidmap.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/support/nfsidmap/libnfsidmap.c b/support/nfsidmap/libnfsidmap.c
+index 0a912e52..f8c36480 100644
+--- a/support/nfsidmap/libnfsidmap.c
++++ b/support/nfsidmap/libnfsidmap.c
+@@ -219,10 +219,15 @@ static int domain_from_dns(char **domain)
+ 
+ 	if (gethostname(hname, sizeof(hname)) == -1)
+ 		return -1;
+-	if ((he = gethostbyname(hname)) == NULL)
+-		return -1;
+-	if ((c = strchr(he->h_name, '.')) == NULL || *++c == '\0')
+-		return -1;
++	if ((he = gethostbyname(hname)) == NULL) {
++		IDMAP_LOG(1, ("libnfsidmap: DNS lookup of hostname failed. Attempting to use domain from hostname as is."));
++		if ((c = strchr(hname, '.')) == NULL || *++c == '\0')
++			return -1;
++	}
++	else {
++		if ((c = strchr(he->h_name, '.')) == NULL || *++c == '\0')
++			return -1;
++	}
+ 	/* 
+ 	 * Query DNS to see if the _nfsv4idmapdomain TXT record exists
+ 	 * If so use it... 
+@@ -387,7 +392,7 @@ int nfs4_init_name_mapping(char *conffile)
+ 		dflt = 1;
+ 		ret = domain_from_dns(&default_domain);
+ 		if (ret) {
+-			IDMAP_LOG(1, ("libnfsidmap: Unable to determine "
++			IDMAP_LOG(0, ("libnfsidmap: Unable to determine "
+ 				  "the NFSv4 domain; Using '%s' as the NFSv4 domain "
+ 				  "which means UIDs will be mapped to the 'Nobody-User' "
+ 				  "user defined in %s", 
+-- 
+2.39.2 (Apple Git-143)
+

0017-Fixed-a-regression-in-the-junction-code.patch

@@ -0,0 +1,31 @@
+From 7916134e5d9b1641effd3b6d964c806a09cfdcee Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Thu, 10 Aug 2023 11:57:39 -0400
+Subject: [PATCH] Fixed a regression in the junction code
+
+commit cdbef4e9 created a regression in the
+in the junction code by adding a O_PATH flag
+to the open() in junction_open_path()
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2213669
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/junction/junction.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/support/junction/junction.c b/support/junction/junction.c
+index 0628bb0f..c1ec8ff8 100644
+--- a/support/junction/junction.c
++++ b/support/junction/junction.c
+@@ -63,7 +63,7 @@ junction_open_path(const char *pathname, int *fd)
+ 	if (pathname == NULL || fd == NULL)
+ 		return FEDFS_ERR_INVAL;
+ 
+-	tmp = open(pathname, O_PATH|O_DIRECTORY);
++	tmp = open(pathname, O_DIRECTORY);
+ 	if (tmp == -1) {
+ 		switch (errno) {
+ 		case EPERM:
+-- 
+2.39.2 (Apple Git-143)
+

0018-export-fix-handling-of-error-from-match_fsid.patch

@@ -0,0 +1,40 @@
+From 92a0f7d3cc7fc1206e0a763ab737f797b8946ca7 Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Wed, 25 Oct 2023 12:34:45 -0400
+Subject: [PATCH] export: fix handling of error from match_fsid()
+
+If match_fsid() returns -1 we shouldn't assume that the path definitely
+doesn't match the fsid, though it might not.
+This is a similar situation to where an export is expected to be a mount
+point, but is found not to be one.  So it can be handled the same way,
+by setting 'dev_missing'.
+This will only have an effect if no other path matched the fsid, which
+is what we want.
+
+The current code results in nothing being exported if any export point,
+or any mount point beneath a crossmnt export point, fails a 'stat'
+request, which is too harsh.
+
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ support/export/cache.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/support/export/cache.c b/support/export/cache.c
+index 19bbba5..e459502 100644
+--- a/support/export/cache.c
++++ b/support/export/cache.c
+@@ -858,7 +858,8 @@ static void nfsd_fh(int f)
+ 			case 0:
+ 				continue;
+ 			case -1:
+-				goto out;
++				dev_missing ++;
++				continue;
+ 			}
+ 			if (is_ipaddr_client(dom)
+ 					&& !ipaddr_client_matches(exp, ai))
+-- 
+1.8.3.1
+

0019-export-move-cache_open-before-workers-are-forked.patch

@@ -0,0 +1,76 @@
+From e115a6edfaa07203c6d6d40eba9e4f097efe0cf2 Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Wed, 25 Oct 2023 12:40:24 -0400
+Subject: [PATCH] export: move cache_open() before workers are forked.
+
+If each worker has a separate open on a cache channel, then each worker
+will potentially receive every upcall request resulting in duplicated
+work.
+
+A worker will only not see a request that another worker sees if that
+other worker answers the request before this worker gets a chance to
+read it.
+
+To avoid duplicate effort between threads and so get maximum benefit
+from multiple threads, open the cache channels before forking.
+
+Note that the kernel provides locking so that only one thread can be
+reading to writing to any channel at any given moment.
+
+Fixes: 5fc3bac9e0c3 ("mountd: Ensure we don't share cache file descriptors among processes.")
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ utils/exportd/exportd.c | 8 ++++++--
+ utils/mountd/mountd.c   | 8 ++++++--
+ 2 files changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/utils/exportd/exportd.c b/utils/exportd/exportd.c
+index 2dd12cb..6f86644 100644
+--- a/utils/exportd/exportd.c
++++ b/utils/exportd/exportd.c
+@@ -289,12 +289,16 @@ main(int argc, char **argv)
+ 	else if (num_threads > MAX_THREADS)
+ 		num_threads = MAX_THREADS;
+ 
++	/* Open cache channel files BEFORE forking so each upcall is
++	 * only handled by one thread.  Kernel provides locking for both
++	 * read and write.
++	 */
++	cache_open();
++
+ 	if (num_threads > 1)
+ 		fork_workers();
+ 
+ 
+-	/* Open files now to avoid sharing descriptors among forked processes */
+-	cache_open();
+ 	v4clients_init();
+ 
+ 	/* Process incoming upcalls */
+diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
+index bcf749f..f9c62cd 100644
+--- a/utils/mountd/mountd.c
++++ b/utils/mountd/mountd.c
+@@ -916,12 +916,16 @@ main(int argc, char **argv)
+ 	else if (num_threads > MAX_THREADS)
+ 		num_threads = MAX_THREADS;
+ 
++	/* Open cache channel files BEFORE forking so each upcall is
++	 * only handled by one thread.  Kernel provides locking for both
++	 * read and write.
++	 */
++	cache_open();
++
+ 	if (num_threads > 1)
+ 		fork_workers();
+ 
+ 	nfsd_path_init();
+-	/* Open files now to avoid sharing descriptors among forked processes */
+-	cache_open();
+ 	v4clients_init();
+ 
+ 	xlog(L_NOTICE, "Version " VERSION " starting");
+-- 
+1.8.3.1
+

0020-gssd-fix-handling-DNS-lookup-failure.patch

@@ -0,0 +1,116 @@
+From 75b04a9bff709a49f55326b439851822dd630be6 Mon Sep 17 00:00:00 2001
+From: Olga Kornievskaia <kolga@netapp.com>
+Date: Mon, 16 Oct 2023 11:45:54 -0400
+Subject: [PATCH] gssd: fix handling DNS lookup failure
+
+When the kernel does its first ever lookup for a given server ip it
+sends down info for server, protocol, etc. On the gssd side as it
+scans the pipefs structure and sees a new entry it reads that info
+and creates a clp_info structure. At that time it also does
+a DNS lookup of the provided ip to name using getnameinfo(),
+this is saved in clp->servername for all other upcalls that is
+down under that directory.
+
+If this 1st getnameinfo() results in a failed resolution for
+whatever reason (a temporary DNS resolution problem), this cause
+of all other future upcalls to fail.
+
+As a fix, this patch proposed to (1) save the server info that's
+passed only in the initial pipefs new entry creation in the
+clp_info structure, then (2) for the upcalls, if clp->servername
+is NULL, then do the DNS lookup again and set all the needed
+clp_info fields upon successful resolution.
+
+Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ utils/gssd/gssd.c | 41 +++++++++++++++++++++++++++++++++++++++++
+ utils/gssd/gssd.h |  6 ++++++
+ 2 files changed, 47 insertions(+)
+
+diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
+index 833d8e0..ca9b326 100644
+--- a/utils/gssd/gssd.c
++++ b/utils/gssd/gssd.c
+@@ -365,6 +365,12 @@ gssd_read_service_info(int dirfd, struct clnt_info *clp)
+ 
+ fail:
+ 	printerr(0, "ERROR: failed to parse %s/info\n", clp->relpath);
++	clp->upcall_address = strdup(address);
++	clp->upcall_port = strdup(port);
++	clp->upcall_program = program;
++	clp->upcall_vers = version;
++	clp->upcall_protoname = strdup(protoname);
++	clp->upcall_service = strdup(service);
+ 	free(servername);
+ 	free(protoname);
+ 	clp->servicename = NULL;
+@@ -408,6 +414,16 @@ gssd_free_client(struct clnt_info *clp)
+ 	free(clp->servicename);
+ 	free(clp->servername);
+ 	free(clp->protocol);
++	if (!clp->servername) {
++		if (clp->upcall_address)
++			free(clp->upcall_address);
++		if (clp->upcall_port)
++			free(clp->upcall_port);
++		if (clp->upcall_protoname)
++			free(clp->upcall_protoname);
++		if (clp->upcall_service)
++			free(clp->upcall_service);
++	}
+ 	free(clp);
+ }
+ 
+@@ -446,6 +462,31 @@ gssd_clnt_gssd_cb(int UNUSED(fd), short UNUSED(which), void *data)
+ {
+ 	struct clnt_info *clp = data;
+ 
++	/* if there was a failure to translate IP to name for this server,
++	 * try again
++	 */
++	if (!clp->servername) {
++	        if (!gssd_addrstr_to_sockaddr((struct sockaddr *)&clp->addr,
++                                 clp->upcall_address, clp->upcall_port ?
++				 clp->upcall_port : "")) {
++			goto do_upcall;
++		}
++		clp->servername = gssd_get_servername(clp->upcall_address,
++				(struct sockaddr *)&clp->addr, clp->upcall_address);
++		if (!clp->servername)
++			goto do_upcall;
++
++		if (asprintf(&clp->servicename, "%s@%s", clp->upcall_service,
++					clp->servername) < 0) {
++			free(clp->servername);
++			clp->servername = NULL;
++			goto do_upcall;
++		}
++		clp->prog = clp->upcall_program;
++		clp->vers = clp->upcall_vers;
++		clp->protocol = strdup(clp->upcall_protoname);
++	}
++do_upcall:
+ 	handle_gssd_upcall(clp);
+ }
+ 
+diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h
+index 519dc43..4e070ed 100644
+--- a/utils/gssd/gssd.h
++++ b/utils/gssd/gssd.h
+@@ -86,6 +86,12 @@ struct clnt_info {
+ 	int			gssd_fd;
+ 	struct event		*gssd_ev;
+ 	struct			sockaddr_storage addr;
++	char			*upcall_address;
++	char			*upcall_port;
++	int			upcall_program;
++	int			upcall_vers;
++	char			*upcall_protoname;
++	char			*upcall_service;
+ };
+ 
+ struct clnt_upcall_info {
+-- 
+1.8.3.1
+

0021-rpc-gssd-service-has-status-failed-due-to-sgefault.patch

@@ -0,0 +1,39 @@
+From 92995e0d38dc00e930c562cf936220f83c09d082 Mon Sep 17 00:00:00 2001
+From: Paulo Andrade <pandrade@redhat.com>
+Date: Tue, 23 Jul 2024 12:03:30 -0400
+Subject: [PATCH] rpc-gssd.service has status failed (due to rpc.gssd segfault)
+ 
+Ensure strings are not NULL before doing a strdup() in error path.
+ 
+Fixes: https://issues.redhat.com/browse/RHEL-43286
+Signed-off-by: Steve Dickson <steved@redhat.com>
+ 
+Reference:https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=92995e0d38dc00e930c562cf936220f83c09d082
+Conflict:no
+---
+ utils/gssd/gssd.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+ 
+diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
+index d7a2822..01ce7d1 100644
+--- a/utils/gssd/gssd.c
++++ b/utils/gssd/gssd.c
+@@ -365,12 +365,12 @@ gssd_read_service_info(int dirfd, struct clnt_info *clp)
+ 
+ fail:
+ 	printerr(0, "ERROR: failed to parse %s/info\n", clp->relpath);
+-	clp->upcall_address = strdup(address);
+-	clp->upcall_port = strdup(port);
++	clp->upcall_address = address ? strdup(address) : NULL;
++	clp->upcall_port = port ? strdup(port) : NULL;
+ 	clp->upcall_program = program;
+ 	clp->upcall_vers = version;
+-	clp->upcall_protoname = strdup(protoname);
+-	clp->upcall_service = strdup(service);
++	clp->upcall_protoname = protoname ? strdup(protoname) : NULL;
++	clp->upcall_service = service ? strdup(service) : NULL;
+ 	free(servername);
+ 	free(protoname);
+ 	clp->servicename = NULL;
+-- 
+1.8.3.1

0022-nfsidmapd-fix-a-memory-leak.patch

@@ -0,0 +1,28 @@
+From 131ec613bab84b7894e428375cc360bb82a336a3 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Tue, 23 Jul 2024 12:06:28 -0400
+Subject: [PATCH] nfsidmap: Fix a memory leak
+ 
+Reported-by: Zhang Yaqi <zhangyaqi@kylinos.cn>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+ 
+Reference:https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=131ec613bab84b7894e428375cc360bb82a336a3
+Conflict:no
+---
+ support/nfsidmap/umich_ldap.c | 1 +
+ 1 file changed, 1 insertion(+)
+ 
+diff --git a/support/nfsidmap/umich_ldap.c b/support/nfsidmap/umich_ldap.c
+index 1aa2af4..0f88ba4 100644
+--- a/support/nfsidmap/umich_ldap.c
++++ b/support/nfsidmap/umich_ldap.c
+@@ -200,6 +200,7 @@ static int set_krb5_ccname(const char *krb5_ccache_name)
+ 		IDMAP_LOG(5, ("Failed to set creds cache for kerberos, err(%d)",
+ 			      retval));
+ 	}
++	free(env);
+ #endif /* else HAVE_GSS_KRB5_CCACHE_NAME */
+ out:
+ 	return retval;
+-- 
+1.8.3.1

nfs-utils.spec

@@ -4,7 +4,7 @@
 
 Name:    nfs-utils
 Version: 2.5.4
-Release: 11
+Release: 16
 Epoch:   2
 Summary: The Linux NFS userland utility package
 License: MIT and GPLv2 and GPLv2+ and BSD
@@ -24,6 +24,17 @@ Patch8:  0008-svcgssd-Fix-use-after-free-bug-config-variables.patch
 Patch9:  0009-rpc-pipefs-generator-allocate-enough-space-for-pipef.patch
 Patch10: 0010-nfs-utils-Don-t-allow-junction-tests-to-trigger-auto.patch
 Patch11: 0011-Covscan-Scan-Wrong-Check-of-Return-Value.patch
+Patch12: 0012-rpcdebug-avoid-buffer-underflow-if-read-returns-0.patch
+Patch13: 0013-export-Fix-rootdir-corner-case-in-next_mnt.patch
+Patch14: 0014-Move-version.h-into-a-common-include-directory.patch
+Patch15: 0015-mountd-only-do-NFSv4-logging-on-supported-kernels.patch
+Patch16: 0016-libnfsidmap-try-to-get-the-domain-directly-from-host.patch
+Patch17: 0017-Fixed-a-regression-in-the-junction-code.patch
+Patch18: 0018-export-fix-handling-of-error-from-match_fsid.patch
+Patch19: 0019-export-move-cache_open-before-workers-are-forked.patch
+Patch20: 0020-gssd-fix-handling-DNS-lookup-failure.patch
+Patch21: 0021-rpc-gssd-service-has-status-failed-due-to-sgefault.patch
+Patch22: 0022-nfsidmapd-fix-a-memory-leak.patch
 
 BuildRequires: libevent-devel,libcap-devel, libtirpc-devel libblkid-devel
 BuildRequires: krb5-libs >= 1.4 autoconf >= 2.57 openldap-devel >= 2.2
@@ -292,6 +303,21 @@ fi
 %{_mandir}/*/*
 
 %changelog
+* Mon Apr 14 2025 zhangjian <zhangjian496@huawei.com> - 2:2.5.4-16
+- backport bugfix patches from community
+
+* Thu Dec 14 2023 wuguanghao <wuguanghao3@huawei.com> - 2:2.5.4-15
+- backport bugfix patches from community
+
+* Tue Sep 12 2023 wuguanghao <wuguanghao3@huawei.com> - 2:2.5.4-14
+- backport bugfix patches from community
+
+* Tue Aug 29 2023 Zhiqiang Liu <liuzhiqiang26@huawei.com> - 2:2.5.4-13
+- backport two bugfix patches
+
+* Sun Jun 25 2023 wuguanghao <wuguanghao3@huawei.com> - 2:2.5.4-12
+- backport patches from community
+
 * Thu Mar 23 2023 wuguanghao <wuguanghao3@huawei.com> - 2:2.5.4-11
 - backport patches from community