Rebase to new stable branch version 1.12.6

resolves: rhbz#2059288

Fix remote TLS failures
resolves: rhbz#2111524
(and 2111813)

0001-Add-nbddump-tool.patch

@@ -1,4 +1,4 @@
-From 3cdec593e221231333d0dcdab0556e0c149ac606 Mon Sep 17 00:00:00 2001
+From 90fd39da16256407b9229cd17a830739b03629d6 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Thu, 30 Jun 2022 09:07:27 +0100
 Subject: [PATCH] Add nbddump tool
@@ -151,10 +151,10 @@ index a740be9..a342003 100644
  complete -o default -F _nbdinfo nbdinfo
  complete -o default -F _nbdsh nbdsh
 diff --git a/configure.ac b/configure.ac
-index 2b28678..488f3b0 100644
+index b1bfaac..49ca8ab 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -570,6 +570,7 @@ AC_CONFIG_FILES([Makefile
+@@ -574,6 +574,7 @@ AC_CONFIG_FILES([Makefile
                   common/utils/Makefile
                   copy/Makefile
                   docs/Makefile
@@ -163,7 +163,7 @@ index 2b28678..488f3b0 100644
                   fuse/Makefile
                   fuzzing/Makefile
 diff --git a/copy/nbdcopy.pod b/copy/nbdcopy.pod
-index 54e4391..94c713f 100644
+index 7fe3fd1..fd10f7c 100644
 --- a/copy/nbdcopy.pod
 +++ b/copy/nbdcopy.pod
 @@ -285,7 +285,7 @@ Some examples follow.
@@ -175,7 +175,7 @@ index 54e4391..94c713f 100644
  
  =head2 nbdcopy -- [ qemu-nbd -f qcow2 disk.qcow2 ] [ nbdkit memory 1G ]
  
-@@ -311,6 +311,7 @@ server will match a hole in the other.
+@@ -299,6 +299,7 @@ so this command has no overall effect, but is useful for testing.
  =head1 SEE ALSO
  
  L<libnbd(3)>,

0002-dump-Visually-separate-columns-0-7-and-8-15.patch

@@ -1,4 +1,4 @@
-From cf2edbb9e5ff7d37b089d6c96df001eec74984c4 Mon Sep 17 00:00:00 2001
+From ec947323528725fcf12b5b9ba32b02d36dbd9621 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Thu, 30 Jun 2022 21:09:39 +0100
 Subject: [PATCH] dump: Visually separate columns 0-7 and 8-15

0003-dump-Fix-build-on-i686.patch

@@ -1,4 +1,4 @@
-From b8e1b582e417de651fac93416624990361213263 Mon Sep 17 00:00:00 2001
+From 590e3a010d2c840314702883e44ec9841e3383c6 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Thu, 30 Jun 2022 22:27:43 +0100
 Subject: [PATCH] dump: Fix build on i686

0004-dump-Fix-tests-on-Debian-10.patch

@@ -1,4 +1,4 @@
-From 4aff2e5be9fab82fb9ae0841ef2696cc75a5bb66 Mon Sep 17 00:00:00 2001
+From e7a2815412891d5c13b5b5f0e9aa61882880c87f Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Thu, 30 Jun 2022 22:31:00 +0100
 Subject: [PATCH] dump: Fix tests on Debian 10

0005-dump-dump-data.sh-Test-requires-nbdkit-1.22.patch

@@ -1,4 +1,4 @@
-From 36a78e18ce7312c714d11f1d62a163526ce01107 Mon Sep 17 00:00:00 2001
+From 7c669783b1b3fab902ce34d7914b62617ed8b263 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Thu, 30 Jun 2022 22:35:05 +0100
 Subject: [PATCH] dump/dump-data.sh: Test requires nbdkit 1.22

0006-copy-Store-the-preferred-block-size-in-the-operation.patch

@@ -1,4 +1,4 @@
-From 392818d207a34b6d70adfc4285e3d01ce368195b Mon Sep 17 00:00:00 2001
+From 8dce43a3ea7a529bc37cbe5607a8d52186cc8169 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 28 Jun 2022 18:27:58 +0100
 Subject: [PATCH] copy: Store the preferred block size in the operations struct

0007-copy-Use-preferred-block-size-for-copying.patch

@@ -1,4 +1,4 @@
-From 6ff003b58c8ca3339e1169ce7cfdea0bd0c69c38 Mon Sep 17 00:00:00 2001
+From c8626acc63c4ae1c6cf5d1505e0209ac10f44e81 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 28 Jun 2022 21:58:55 +0100
 Subject: [PATCH] copy: Use preferred block size for copying
@@ -437,7 +437,7 @@ index 06cdb8e..9267545 100644
  
    /* Wait for in flight NBD requests to finish. */
 diff --git a/copy/nbdcopy.pod b/copy/nbdcopy.pod
-index 94c713f..501d6fb 100644
+index fd10f7c..f06d112 100644
 --- a/copy/nbdcopy.pod
 +++ b/copy/nbdcopy.pod
 @@ -182,8 +182,9 @@ Set the maximum number of requests in flight per NBD connection.

0008-dump-Add-another-example-to-the-manual.patch

@@ -1,4 +1,4 @@
-From eada47ee5a81cf74cd8079f5c1e791dec9701d9d Mon Sep 17 00:00:00 2001
+From 5d21b00dbdd1e1a04317bf16afb8f4d2ceaa470f Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Sat, 2 Jul 2022 17:12:46 +0100
 Subject: [PATCH] dump: Add another example to the manual

0009-lib-crypto-Use-GNUTLS_NO_SIGNAL-if-available.patch

@@ -0,0 +1,93 @@
+From a432e773e0cdc24cb27ccdda4111744ea2c3b819 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Wed, 27 Jul 2022 17:08:14 +0100
+Subject: [PATCH] lib/crypto: Use GNUTLS_NO_SIGNAL if available
+
+libnbd has long used MSG_NOSIGNAL to avoid receiving SIGPIPE if we
+accidentally write on a closed socket, which is a nice alternative to
+using a SIGPIPE signal handler.  However with TLS connections, gnutls
+did not use this flag and so programs using libnbd + TLS would receive
+SIGPIPE in some situations, notably if the server closed the
+connection abruptly while we were trying to write something.
+
+GnuTLS 3.4.2 introduces GNUTLS_NO_SIGNAL which does the same thing.
+Use this flag if available.
+
+RHEL 7 has an older gnutls which lacks this flag.  To avoid qemu-nbd
+interop tests failing (rarely, but more often with a forthcoming
+change to TLS shutdown behaviour), register a SIGPIPE signal handler
+in the test if the flag is missing.
+---
+ configure.ac      | 15 +++++++++++++++
+ interop/interop.c | 10 ++++++++++
+ lib/crypto.c      |  7 ++++++-
+ 3 files changed, 31 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 49ca8ab..6bd9e1b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -179,6 +179,21 @@ AS_IF([test "$GNUTLS_LIBS" != ""],[
+         gnutls_session_set_verify_cert \
+         gnutls_transport_is_ktls_enabled \
+     ])
++    AC_MSG_CHECKING([if gnutls has GNUTLS_NO_SIGNAL])
++    AC_COMPILE_IFELSE(
++        [AC_LANG_PROGRAM([
++            #include <gnutls/gnutls.h>
++            gnutls_session_t session;
++         ], [
++            gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_NO_SIGNAL);
++         ])
++    ], [
++        AC_MSG_RESULT([yes])
++        AC_DEFINE([HAVE_GNUTLS_NO_SIGNAL], [1],
++                  [GNUTLS_NO_SIGNAL found at compile time])
++    ], [
++        AC_MSG_RESULT([no])
++    ])
+     LIBS="$old_LIBS"
+ ])
+ 
+diff --git a/interop/interop.c b/interop/interop.c
+index b41f3ca..036545b 100644
+--- a/interop/interop.c
++++ b/interop/interop.c
+@@ -84,6 +84,16 @@ main (int argc, char *argv[])
+   REQUIRES
+ #endif
+ 
++  /* Ignore SIGPIPE.  We only need this for GnuTLS < 3.4.2, since
++   * newer GnuTLS has the GNUTLS_NO_SIGNAL flag which adds
++   * MSG_NOSIGNAL to each write call.
++   */
++#if !HAVE_GNUTLS_NO_SIGNAL
++#if TLS
++  signal (SIGPIPE, SIG_IGN);
++#endif
++#endif
++
+   /* Create a large sparse temporary file. */
+ #ifdef NEEDS_TMPFILE
+   int fd = mkstemp (TMPFILE);
+diff --git a/lib/crypto.c b/lib/crypto.c
+index 1272888..ca9520e 100644
+--- a/lib/crypto.c
++++ b/lib/crypto.c
+@@ -588,7 +588,12 @@ nbd_internal_crypto_create_session (struct nbd_handle *h,
+   gnutls_psk_client_credentials_t pskcreds = NULL;
+   gnutls_certificate_credentials_t xcreds = NULL;
+ 
+-  err = gnutls_init (&session, GNUTLS_CLIENT|GNUTLS_NONBLOCK);
++  err = gnutls_init (&session,
++                     GNUTLS_CLIENT | GNUTLS_NONBLOCK
++#if HAVE_GNUTLS_NO_SIGNAL
++                     | GNUTLS_NO_SIGNAL
++#endif
++                     );
+   if (err < 0) {
+     set_error (errno, "gnutls_init: %s", gnutls_strerror (err));
+     return NULL;
+-- 
+2.31.1
+

0010-lib-crypto.c-Ignore-TLS-premature-termination-after-.patch

@@ -0,0 +1,100 @@
+From 8bbee9c0ff052cf8ab5ba81fd1b67e3c45e7012a Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Wed, 27 Jul 2022 16:07:37 +0100
+Subject: [PATCH] lib/crypto.c: Ignore TLS premature termination after write
+ shutdown
+
+qemu-nbd doesn't call gnutls_bye to cleanly shut down the connection
+after we send NBD_CMD_DISC.  When copying from a qemu-nbd server (or
+any operation which calls nbd_shutdown) you will see errors like this:
+
+  $ nbdcopy nbds://foo?tls-certificates=/var/tmp/pki null:
+  nbds://foo?tls-certificates=/var/tmp/pki: nbd_shutdown: gnutls_record_recv: The TLS connection was non-properly terminated.
+
+Relatedly you may also see:
+
+  nbd_shutdown: gnutls_record_recv: Error in the pull function.
+
+This commit suppresses the error in the case where we know that we
+have shut down writes (which happens after NBD_CMD_DISC has been sent
+on the wire).
+---
+ interop/interop.c |  9 ---------
+ lib/crypto.c      | 17 +++++++++++++++++
+ lib/internal.h    |  1 +
+ 3 files changed, 18 insertions(+), 9 deletions(-)
+
+diff --git a/interop/interop.c b/interop/interop.c
+index 036545b..cce9407 100644
+--- a/interop/interop.c
++++ b/interop/interop.c
+@@ -226,19 +226,10 @@ main (int argc, char *argv[])
+ 
+   /* XXX In future test more operations here. */
+ 
+-#if !TLS
+-  /* XXX qemu doesn't shut down the connection nicely (using
+-   * gnutls_bye) and because of this the following call will fail
+-   * with:
+-   *
+-   * nbd_shutdown: gnutls_record_recv: The TLS connection was
+-   * non-properly terminated.
+-   */
+   if (nbd_shutdown (nbd, 0) == -1) {
+     fprintf (stderr, "%s\n", nbd_get_error ());
+     exit (EXIT_FAILURE);
+   }
+-#endif
+ 
+   nbd_close (nbd);
+ 
+diff --git a/lib/crypto.c b/lib/crypto.c
+index ca9520e..aa5d820 100644
+--- a/lib/crypto.c
++++ b/lib/crypto.c
+@@ -187,6 +187,22 @@ tls_recv (struct nbd_handle *h, struct socket *sock, void *buf, size_t len)
+       errno = EAGAIN;
+       return -1;
+     }
++    if (h->tls_shut_writes &&
++        (r == GNUTLS_E_PULL_ERROR || r == GNUTLS_E_PREMATURE_TERMINATION)) {
++      /* qemu-nbd doesn't call gnutls_bye to cleanly shut down the
++       * connection after we send NBD_CMD_DISC, instead it simply
++       * closes the connection.  On the client side we see
++       * "gnutls_record_recv: The TLS connection was non-properly
++       * terminated" or "gnutls_record_recv: Error in the pull
++       * function.".
++       *
++       * If we see these errors after we shut down the write side
++       * (h->tls_shut_writes), which happens after we have sent
++       * NBD_CMD_DISC on the wire, downgrade them to a debug message.
++       */
++      debug (h, "gnutls_record_recv: %s", gnutls_strerror (r));
++      return 0; /* EOF */
++    }
+     set_error (0, "gnutls_record_recv: %s", gnutls_strerror (r));
+     errno = EIO;
+     return -1;
+@@ -234,6 +250,7 @@ tls_shut_writes (struct nbd_handle *h, struct socket *sock)
+     return false;
+   if (r != 0)
+     debug (h, "ignoring gnutls_bye failure: %s", gnutls_strerror (r));
++  h->tls_shut_writes = true;
+   return sock->u.tls.oldsock->ops->shut_writes (h, sock->u.tls.oldsock);
+ }
+ 
+diff --git a/lib/internal.h b/lib/internal.h
+index 6aaced3..f1b4c63 100644
+--- a/lib/internal.h
++++ b/lib/internal.h
+@@ -307,6 +307,7 @@ struct nbd_handle {
+   struct command *reply_cmd;
+ 
+   bool disconnect_request;      /* True if we've queued NBD_CMD_DISC */
++  bool tls_shut_writes;         /* Used by lib/crypto.c to track disconnect. */
+ };
+ 
+ struct meta_context {
+-- 
+2.31.1
+

libnbd.spec

@@ -11,7 +11,7 @@
 %global source_directory 1.12-stable
 
 Name:           libnbd
-Version:        1.12.5
+Version:        1.12.6
 Release:        1%{?dist}
 Summary:        NBD client library in userspace
 
@@ -40,6 +40,8 @@ Patch0005:     0005-dump-dump-data.sh-Test-requires-nbdkit-1.22.patch
 Patch0006:     0006-copy-Store-the-preferred-block-size-in-the-operation.patch
 Patch0007:     0007-copy-Use-preferred-block-size-for-copying.patch
 Patch0008:     0008-dump-Add-another-example-to-the-manual.patch
+Patch0009:     0009-lib-crypto-Use-GNUTLS_NO_SIGNAL-if-available.patch
+Patch0010:     0010-lib-crypto.c-Ignore-TLS-premature-termination-after-.patch
 
 %if 0%{patches_touch_autotools}
 BuildRequires: autoconf, automake, libtool
@@ -336,12 +338,15 @@ make %{?_smp_mflags} check || {
 
 
 %changelog
-* Tue Jul 12 2022 Richard W.M. Jones <rjones@redhat.com> - 1.12.5-1
-- Rebase to new stable branch version 1.12.5
+* Thu Jul 28 2022 Richard W.M. Jones <rjones@redhat.com> - 1.12.6-1
+- Rebase to new stable branch version 1.12.6
   resolves: rhbz#2059288
 - New tool: nbddump
 - nbdcopy: Use preferred block size for copying
   related: rhbz#2047660
+- Fix remote TLS failures
+  resolves: rhbz#2111524
+  (and 2111813)
 
 * Thu Feb 10 2022 Richard W.M. Jones <rjones@redhat.com> - 1.10.5-1
 - Rebase to new stable branch version 1.10.5

sources

@@ -1,2 +1,2 @@
-SHA512 (libnbd-1.12.5.tar.gz) = 1ea8c0d0a8a95c42c91d72623d0ade58f37c9acafcd8793b33884929673b943669ebec6ffb8b6e6c5cb296c84241bf6f3f5619f0efea6d1fbdd7c161be6232b3
-SHA512 (libnbd-1.12.5.tar.gz.sig) = 0b4dbde0e357fcd22e47176306024f8137726ede9284f89d9bc10baeab75fa4d9bcc0013f804e2f350ad32bad788a177dadd5252f2270edfb5012e6ec7b675bb
+SHA512 (libnbd-1.12.6.tar.gz) = e6494ac013378b2d57458ea243b99b5ae7dad8894fab2811e4c92ff83fcc5f05aa19a52531f1ba0ed14a4d6d02d38d70d3dc6db813106dc946e51d077d37a756
+SHA512 (libnbd-1.12.6.tar.gz.sig) = 87ea0875bf0bcbdb66747f9608a78aaf6f5fc7539c8550d432a5bc0e856338686f61a5340b4fc070d493cab7279e7af66d984de2d7907f8c81019a8bab500263