diff --git a/.gitignore b/.gitignore index 2f4c71e..9291a4e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/libguestfs.keyring -SOURCES/libnbd-1.6.0.tar.gz +libguestfs.keyring +libnbd-1.20.2.tar.gz diff --git a/.libnbd.metadata b/.libnbd.metadata deleted file mode 100644 index bcedfd1..0000000 --- a/.libnbd.metadata +++ /dev/null @@ -1,2 +0,0 @@ -1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring -b14ac9349d324df71d26cf3de9fb606c56f18cb0 SOURCES/libnbd-1.6.0.tar.gz diff --git a/0001-generator-Print-full-error-in-handle_reply_error.patch b/0001-generator-Print-full-error-in-handle_reply_error.patch new file mode 100644 index 0000000..460a9e3 --- /dev/null +++ b/0001-generator-Print-full-error-in-handle_reply_error.patch @@ -0,0 +1,191 @@ +From 9e51ca3dc11b4abe2e5145837ae80863fc300646 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Tue, 23 Jul 2024 17:22:12 +0100 +Subject: [PATCH] generator: Print full error in handle_reply_error + +Print the full error from the server during handshaking. This +modifies the contract of handle_reply_error so it calls set_error, +which can be overridden by callers or ignored completely. + +(cherry picked from commit cf49a49adc8abc8c917437db7461ed9956583877) +--- + generator/states-newstyle-opt-go.c | 32 +-------- + generator/states-newstyle-opt-list.c | 5 +- + generator/states-newstyle-opt-meta-context.c | 8 +-- + generator/states-newstyle.c | 68 ++++++++++++++++++-- + 4 files changed, 69 insertions(+), 44 deletions(-) + +diff --git a/generator/states-newstyle-opt-go.c b/generator/states-newstyle-opt-go.c +index 5bc9a9ae..f6eb8afc 100644 +--- a/generator/states-newstyle-opt-go.c ++++ b/generator/states-newstyle-opt-go.c +@@ -247,37 +247,9 @@ STATE_MACHINE { + SET_NEXT_STATE (%.DEAD); + return 0; + } +- /* Decode expected known errors into a nicer string */ +- switch (reply) { +- case NBD_REP_ERR_UNSUP: ++ if (reply == NBD_REP_ERR_UNSUP) + assert (h->opt_current == NBD_OPT_INFO); +- set_error (ENOTSUP, "handshake: server lacks NBD_OPT_INFO support"); +- break; +- case NBD_REP_ERR_POLICY: +- case NBD_REP_ERR_PLATFORM: +- set_error (0, "handshake: server policy prevents NBD_OPT_GO"); +- break; +- case NBD_REP_ERR_INVALID: +- case NBD_REP_ERR_TOO_BIG: +- set_error (EINVAL, "handshake: server rejected NBD_OPT_GO as invalid"); +- break; +- case NBD_REP_ERR_TLS_REQD: +- set_error (ENOTSUP, "handshake: server requires TLS encryption first"); +- break; +- case NBD_REP_ERR_UNKNOWN: +- set_error (ENOENT, "handshake: server has no export named '%s'", +- h->export_name); +- break; +- case NBD_REP_ERR_SHUTDOWN: +- set_error (ESHUTDOWN, "handshake: server is shutting down"); +- break; +- case NBD_REP_ERR_BLOCK_SIZE_REQD: +- set_error (EINVAL, "handshake: server requires specific block sizes"); +- break; +- default: +- set_error (0, "handshake: unknown reply from NBD_OPT_GO: 0x%" PRIx32, +- reply); +- } ++ + nbd_internal_reset_size_and_flags (h); + h->meta_valid = false; + err = nbd_get_errno () ? : ENOTSUP; +diff --git a/generator/states-newstyle-opt-list.c b/generator/states-newstyle-opt-list.c +index cdd4676e..6605ee0a 100644 +--- a/generator/states-newstyle-opt-list.c ++++ b/generator/states-newstyle-opt-list.c +@@ -127,9 +127,8 @@ STATE_MACHINE { + SET_NEXT_STATE (%.DEAD); + return 0; + } +- err = ENOTSUP; +- set_error (err, "unexpected response, possibly the server does not " +- "support listing exports"); ++ debug (h, "unexpected response, possibly the server does not " ++ "support listing exports"); + break; + } + +diff --git a/generator/states-newstyle-opt-meta-context.c b/generator/states-newstyle-opt-meta-context.c +index 6f016e66..3945411e 100644 +--- a/generator/states-newstyle-opt-meta-context.c ++++ b/generator/states-newstyle-opt-meta-context.c +@@ -270,12 +270,8 @@ STATE_MACHINE { + } + + if (opt == h->opt_current) { +- /* XXX Should we decode specific expected errors, like +- * REP_ERR_UNKNOWN to ENOENT or REP_ERR_TOO_BIG to ERANGE? +- */ +- err = ENOTSUP; +- set_error (err, "unexpected response, possibly the server does not " +- "support meta contexts"); ++ debug (h, "unexpected response, possibly the server does not " ++ "support meta contexts"); + CALL_CALLBACK (h->opt_cb.completion, &err); + nbd_internal_free_option (h); + SET_NEXT_STATE (%.NEGOTIATING); +diff --git a/generator/states-newstyle.c b/generator/states-newstyle.c +index 45893a8b..6c7cc45c 100644 +--- a/generator/states-newstyle.c ++++ b/generator/states-newstyle.c +@@ -79,14 +79,18 @@ prepare_for_reply_payload (struct nbd_handle *h, uint32_t opt) + return 0; + } + +-/* Check an unexpected server reply. If it is an error, log any +- * message from the server and return 0; otherwise, return -1. ++/* Check an unexpected server reply error. ++ * ++ * This calls set_error with a descriptive error message and returns ++ * 0. Unless there is a further unexpected error while processing ++ * this error, in which case it calls set_error and returns -1. + */ + static int + handle_reply_error (struct nbd_handle *h) + { + uint32_t len; + uint32_t reply; ++ char *msg = NULL; + + len = be32toh (h->sbuf.or.option_reply.replylen); + reply = be32toh (h->sbuf.or.option_reply.reply); +@@ -101,9 +105,63 @@ handle_reply_error (struct nbd_handle *h) + return -1; + } + +- if (len > 0) +- debug (h, "handshake: server error message: %.*s", (int)len, +- h->sbuf.or.payload.err_msg); ++ /* Decode expected errors into a nicer string. ++ * ++ * XXX Note this string comes directly from the server, and most ++ * libnbd users simply print the error using 'fprintf'. We really ++ * ought to quote this string somehow, but we don't have a useful ++ * function for that. ++ */ ++ if (len > 0) { ++ if (asprintf (&msg, ": %.*s", ++ (int)len, h->sbuf.or.payload.err_msg) == -1) { ++ set_error (errno, "asprintf"); ++ return -1; ++ } ++ } ++ ++ switch (reply) { ++ case NBD_REP_ERR_UNSUP: ++ set_error (ENOTSUP, "the operation is not supported by the server%s", ++ msg ? : ""); ++ break; ++ case NBD_REP_ERR_POLICY: ++ set_error (0, "server policy prevents the operation%s", ++ msg ? : ""); ++ break; ++ case NBD_REP_ERR_PLATFORM: ++ set_error (0, "the operation is not supported by the server platform%s", ++ msg ? : ""); ++ break; ++ case NBD_REP_ERR_INVALID: ++ set_error (EINVAL, "the server rejected this operation as invalid%s", ++ msg ? : ""); ++ break; ++ case NBD_REP_ERR_TOO_BIG: ++ set_error (EINVAL, "the operation is too large to process%s", ++ msg ? : ""); ++ break; ++ case NBD_REP_ERR_TLS_REQD: ++ set_error (ENOTSUP, "the server requires TLS encryption first%s", ++ msg ? : ""); ++ break; ++ case NBD_REP_ERR_UNKNOWN: ++ set_error (ENOENT, "the server has no export named '%s'%s", ++ h->export_name, msg ? : ""); ++ break; ++ case NBD_REP_ERR_SHUTDOWN: ++ set_error (ESHUTDOWN, "the server is shutting down%s", ++ msg ? : ""); ++ break; ++ case NBD_REP_ERR_BLOCK_SIZE_REQD: ++ set_error (EINVAL, "the server requires specific block sizes%s", ++ msg ? : ""); ++ break; ++ default: ++ set_error (0, "handshake: unknown reply from the server: 0x%" PRIx32 "%s", ++ reply, msg ? : ""); ++ } ++ free (msg); + + return 0; + } +-- +2.43.0 + diff --git a/0002-lib-Don-t-overwrite-error-in-nbd_opt_-go-info.patch b/0002-lib-Don-t-overwrite-error-in-nbd_opt_-go-info.patch new file mode 100644 index 0000000..8b6dd8b --- /dev/null +++ b/0002-lib-Don-t-overwrite-error-in-nbd_opt_-go-info.patch @@ -0,0 +1,38 @@ +From 6ef03cf2a1fe9f88c07c6f2d97afe9f82bfe03a8 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Tue, 23 Jul 2024 17:26:39 +0100 +Subject: [PATCH] lib: Don't overwrite error in nbd_opt_{go,info} + +We already set the error in handle_reply_error, so don't overwrite +that here. + +(cherry picked from commit 474a4ae6c8d11212a4a8c06ea3e8b3fd97a7e97d) +--- + lib/opt.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/opt.c b/lib/opt.c +index 600265a0..5872dd54 100644 +--- a/lib/opt.c ++++ b/lib/opt.c +@@ -99,7 +99,7 @@ nbd_unlocked_opt_go (struct nbd_handle *h) + if (r == 0 && err) { + assert (nbd_internal_is_state_negotiating (get_next_state (h)) || + nbd_internal_is_state_dead (get_next_state (h))); +- set_error (err, "server replied with error to opt_go request"); ++ /* handle_reply_error already called set_error */ + return -1; + } + if (r == 0) +@@ -122,7 +122,7 @@ nbd_unlocked_opt_info (struct nbd_handle *h) + if (r == 0 && err) { + assert (nbd_internal_is_state_negotiating (get_next_state (h)) || + nbd_internal_is_state_dead (get_next_state (h))); +- set_error (err, "server replied with error to opt_info request"); ++ /* handle_reply_error already called set_error */ + return -1; + } + return r; +-- +2.43.0 + diff --git a/0003-generator-Restore-assignment-to-local-err.patch b/0003-generator-Restore-assignment-to-local-err.patch new file mode 100644 index 0000000..290b8c1 --- /dev/null +++ b/0003-generator-Restore-assignment-to-local-err.patch @@ -0,0 +1,43 @@ +From 1357302046b5eaae09a8817ff050790b0285183d Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Thu, 25 Jul 2024 13:39:28 +0100 +Subject: [PATCH] generator: Restore assignment to local 'err' + +I accidentally removed the assignment of local variable 'err' along +these paths in commit cf49a49adc ("generator: Print full error in +handle_reply_error"). + +Fixes: commit cf49a49adc8abc8c917437db7461ed9956583877 +(cherry picked from commit e75d20b9e19143b1bd0d232fc49cb2e0287f824a) +--- + generator/states-newstyle-opt-list.c | 1 + + generator/states-newstyle-opt-meta-context.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/generator/states-newstyle-opt-list.c b/generator/states-newstyle-opt-list.c +index 6605ee0a..48559574 100644 +--- a/generator/states-newstyle-opt-list.c ++++ b/generator/states-newstyle-opt-list.c +@@ -129,6 +129,7 @@ STATE_MACHINE { + } + debug (h, "unexpected response, possibly the server does not " + "support listing exports"); ++ err = ENOTSUP; + break; + } + +diff --git a/generator/states-newstyle-opt-meta-context.c b/generator/states-newstyle-opt-meta-context.c +index 3945411e..699e24aa 100644 +--- a/generator/states-newstyle-opt-meta-context.c ++++ b/generator/states-newstyle-opt-meta-context.c +@@ -272,6 +272,7 @@ STATE_MACHINE { + if (opt == h->opt_current) { + debug (h, "unexpected response, possibly the server does not " + "support meta contexts"); ++ err = ENOTSUP; + CALL_CALLBACK (h->opt_cb.completion, &err); + nbd_internal_free_option (h); + SET_NEXT_STATE (%.NEGOTIATING); +-- +2.43.0 + diff --git a/0004-generator-states-newstyle.c-Quote-untrusted-string-f.patch b/0004-generator-states-newstyle.c-Quote-untrusted-string-f.patch new file mode 100644 index 0000000..bdc9946 --- /dev/null +++ b/0004-generator-states-newstyle.c-Quote-untrusted-string-f.patch @@ -0,0 +1,175 @@ +From 1de017428047f1a8991285766b69b767ab895c24 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Thu, 25 Jul 2024 13:25:34 +0100 +Subject: [PATCH] generator/states-newstyle.c: Quote untrusted string from the + server + +Updates: commit cf49a49adc8abc8c917437db7461ed9956583877 +(cherry picked from commit 5dbfc418cb6176102634acea2256b2335520159c) +--- + generator/states-newstyle.c | 124 ++++++++++++++++++++---------------- + 1 file changed, 68 insertions(+), 56 deletions(-) + +diff --git a/generator/states-newstyle.c b/generator/states-newstyle.c +index 6c7cc45c..8c483bd2 100644 +--- a/generator/states-newstyle.c ++++ b/generator/states-newstyle.c +@@ -18,6 +18,7 @@ + + #include + ++#include "ascii-ctype.h" + #include "internal.h" + + /* Common code for parsing a reply to NBD_OPT_*. */ +@@ -88,80 +89,91 @@ prepare_for_reply_payload (struct nbd_handle *h, uint32_t opt) + static int + handle_reply_error (struct nbd_handle *h) + { +- uint32_t len; + uint32_t reply; +- char *msg = NULL; ++ uint32_t replylen; ++ FILE *fp; ++ char *s = NULL; ++ size_t len = 0; ++ int err = 0; + +- len = be32toh (h->sbuf.or.option_reply.replylen); + reply = be32toh (h->sbuf.or.option_reply.reply); + if (!NBD_REP_IS_ERR (reply)) { + set_error (0, "handshake: unexpected option reply type %d", reply); + return -1; + } + ++ replylen = be32toh (h->sbuf.or.option_reply.replylen); + assert (NBD_MAX_STRING < sizeof h->sbuf.or.payload); +- if (len > NBD_MAX_STRING) { ++ if (replylen > NBD_MAX_STRING) { + set_error (0, "handshake: option error string too long"); + return -1; + } + +- /* Decode expected errors into a nicer string. +- * +- * XXX Note this string comes directly from the server, and most +- * libnbd users simply print the error using 'fprintf'. We really +- * ought to quote this string somehow, but we don't have a useful +- * function for that. +- */ +- if (len > 0) { +- if (asprintf (&msg, ": %.*s", +- (int)len, h->sbuf.or.payload.err_msg) == -1) { +- set_error (errno, "asprintf"); +- return -1; +- } ++ /* Decode expected errors into a nicer string. */ ++ fp = open_memstream (&s, &len); ++ if (fp == NULL) { ++ set_error (errno, "open_memstream"); ++ return -1; + } + + switch (reply) { + case NBD_REP_ERR_UNSUP: +- set_error (ENOTSUP, "the operation is not supported by the server%s", +- msg ? : ""); +- break; +- case NBD_REP_ERR_POLICY: +- set_error (0, "server policy prevents the operation%s", +- msg ? : ""); +- break; +- case NBD_REP_ERR_PLATFORM: +- set_error (0, "the operation is not supported by the server platform%s", +- msg ? : ""); +- break; +- case NBD_REP_ERR_INVALID: +- set_error (EINVAL, "the server rejected this operation as invalid%s", +- msg ? : ""); +- break; +- case NBD_REP_ERR_TOO_BIG: +- set_error (EINVAL, "the operation is too large to process%s", +- msg ? : ""); +- break; +- case NBD_REP_ERR_TLS_REQD: +- set_error (ENOTSUP, "the server requires TLS encryption first%s", +- msg ? : ""); +- break; +- case NBD_REP_ERR_UNKNOWN: +- set_error (ENOENT, "the server has no export named '%s'%s", +- h->export_name, msg ? : ""); +- break; +- case NBD_REP_ERR_SHUTDOWN: +- set_error (ESHUTDOWN, "the server is shutting down%s", +- msg ? : ""); +- break; +- case NBD_REP_ERR_BLOCK_SIZE_REQD: +- set_error (EINVAL, "the server requires specific block sizes%s", +- msg ? : ""); +- break; +- default: +- set_error (0, "handshake: unknown reply from the server: 0x%" PRIx32 "%s", +- reply, msg ? : ""); ++ err = ENOTSUP; ++ fprintf (fp, "the operation is not supported by the server"); ++ break; ++ case NBD_REP_ERR_POLICY: ++ fprintf (fp, "server policy prevents the operation"); ++ break; ++ case NBD_REP_ERR_PLATFORM: ++ fprintf (fp, "the operation is not supported by the server platform"); ++ break; ++ case NBD_REP_ERR_INVALID: ++ err = EINVAL; ++ fprintf (fp, "the server rejected this operation as invalid"); ++ break; ++ case NBD_REP_ERR_TOO_BIG: ++ err = EINVAL; ++ fprintf (fp, "the operation is too large to process"); ++ break; ++ case NBD_REP_ERR_TLS_REQD: ++ err = ENOTSUP; ++ fprintf (fp, "the server requires TLS encryption first"); ++ break; ++ case NBD_REP_ERR_UNKNOWN: ++ err = ENOENT; ++ fprintf (fp, "the server has no export named '%s'", h->export_name); ++ break; ++ case NBD_REP_ERR_SHUTDOWN: ++ err = ESHUTDOWN; ++ fprintf (fp, "the server is shutting down"); ++ break; ++ case NBD_REP_ERR_BLOCK_SIZE_REQD: ++ err = EINVAL; ++ fprintf (fp, "the server requires specific block sizes"); ++ break; ++ default: ++ fprintf (fp, "handshake: unknown reply from the server: 0x%" PRIx32, ++ reply); ++ } ++ ++ if (replylen > 0) { ++ /* Since this message comes from the server, take steps to quote it. */ ++ uint32_t i; ++ const char *msg = h->sbuf.or.payload.err_msg; ++ ++ fprintf (fp, ": "); ++ for (i = 0; i < replylen; ++i) { ++ if (ascii_isprint (msg[i])) ++ fputc (msg[i], fp); ++ else ++ fprintf (fp, "\\x%02x", msg[i]); + } +- free (msg); ++ } ++ ++ fclose (fp); ++ ++ set_error (err, "%s", s); ++ free (s); + + return 0; + } +-- +2.43.0 + diff --git a/0005-generator-states-newstyle.c-Don-t-sign-extend-escape.patch b/0005-generator-states-newstyle.c-Don-t-sign-extend-escape.patch new file mode 100644 index 0000000..f4c8f90 --- /dev/null +++ b/0005-generator-states-newstyle.c-Don-t-sign-extend-escape.patch @@ -0,0 +1,27 @@ +From f24c7801aef0e2f8936d74ac5237c3391fb39d26 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Thu, 25 Jul 2024 15:48:46 +0100 +Subject: [PATCH] generator/states-newstyle.c: Don't sign extend escaped chars + +Fixes: commit 5dbfc418cb6176102634acea2256b2335520159c +(cherry picked from commit 0d6c6bbb3386de3b60ab6c4831045f2b1896051b) +--- + generator/states-newstyle.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/generator/states-newstyle.c b/generator/states-newstyle.c +index 8c483bd2..1e026a8a 100644 +--- a/generator/states-newstyle.c ++++ b/generator/states-newstyle.c +@@ -159,7 +159,7 @@ handle_reply_error (struct nbd_handle *h) + if (replylen > 0) { + /* Since this message comes from the server, take steps to quote it. */ + uint32_t i; +- const char *msg = h->sbuf.or.payload.err_msg; ++ const unsigned char *msg = (unsigned char *) h->sbuf.or.payload.err_msg; + + fprintf (fp, ": "); + for (i = 0; i < replylen; ++i) { +-- +2.43.0 + diff --git a/SOURCES/0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch b/SOURCES/0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch deleted file mode 100644 index bf90cec..0000000 --- a/SOURCES/0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 486799e853aa9df034366303230a1785087a507a Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Fri, 8 Jan 2021 12:14:18 +0000 -Subject: [PATCH] copy/copy-nbd-to-sparse-file.sh: Skip test unless nbdkit - available. - -This test used nbdkit without checking it is available, which broke -the test on RHEL 8 i686. - -Fixes: commit 28fe8d9d8d1ecb491070d20f22e2f34bb147f19f -(cherry picked from commit 781cb44b63a87f2d5f40590ab8c446ad2e7b6702) ---- - copy/copy-nbd-to-sparse-file.sh | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/copy/copy-nbd-to-sparse-file.sh b/copy/copy-nbd-to-sparse-file.sh -index aa2cb1b9..47ff09ae 100755 ---- a/copy/copy-nbd-to-sparse-file.sh -+++ b/copy/copy-nbd-to-sparse-file.sh -@@ -24,6 +24,7 @@ set -x - requires cmp --version - requires dd --version - requires dd oflag=seek_bytes -Date: Thu, 4 Feb 2021 17:57:06 +0000 -Subject: [PATCH] generator: Refactor CONNECT.START state. - -Small, neutral refactoring to the CONNECT.START to make the subsequent -commit easier. - -(cherry picked from commit cd231fd94bbfaacdd9b89e7d355ba2bbc83c2aeb) ---- - generator/states-connect.c | 21 ++++++++++----------- - 1 file changed, 10 insertions(+), 11 deletions(-) - -diff --git a/generator/states-connect.c b/generator/states-connect.c -index 392879d4..03b34c7d 100644 ---- a/generator/states-connect.c -+++ b/generator/states-connect.c -@@ -47,11 +47,12 @@ disable_nagle (int sock) - - STATE_MACHINE { - CONNECT.START: -- int fd; -+ sa_family_t family; -+ int fd, r; - - assert (!h->sock); -- fd = socket (h->connaddr.ss_family, -- SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0); -+ family = h->connaddr.ss_family; -+ fd = socket (family, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0); - if (fd == -1) { - SET_NEXT_STATE (%.DEAD); - set_error (errno, "socket"); -@@ -65,14 +66,12 @@ STATE_MACHINE { - - disable_nagle (fd); - -- if (connect (fd, (struct sockaddr *) &h->connaddr, -- h->connaddrlen) == -1) { -- if (errno != EINPROGRESS) { -- SET_NEXT_STATE (%.DEAD); -- set_error (errno, "connect"); -- return 0; -- } -- } -+ r = connect (fd, (struct sockaddr *) &h->connaddr, h->connaddrlen); -+ if (r == 0 || (r == -1 && errno == EINPROGRESS)) -+ return 0; -+ assert (r == -1); -+ SET_NEXT_STATE (%.DEAD); -+ set_error (errno, "connect"); - return 0; - - CONNECT.CONNECTING: --- -2.43.0 - diff --git a/SOURCES/0003-generator-Print-a-better-error-message-if-connect-2-.patch b/SOURCES/0003-generator-Print-a-better-error-message-if-connect-2-.patch deleted file mode 100644 index ef4ec0c..0000000 --- a/SOURCES/0003-generator-Print-a-better-error-message-if-connect-2-.patch +++ /dev/null @@ -1,48 +0,0 @@ -From f094472efcf34cea8bf1f02a1c5c9442ffc4ca53 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Thu, 4 Feb 2021 18:02:46 +0000 -Subject: [PATCH] generator: Print a better error message if connect(2) returns - EAGAIN. - -The new error message is: - -nbd_connect_unix: connect: server backlog overflowed, see https://bugzilla.redhat.com/1925045: Resource temporarily unavailable - -Fixes: https://bugzilla.redhat.com/1925045 -Thanks: Xin Long, Lukas Doktor, Eric Blake -Reviewed-by: Martin Kletzander -(cherry picked from commit 85ed74960a658a82d7b61b0be07f43d1b2dcede9) ---- - generator/states-connect.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/generator/states-connect.c b/generator/states-connect.c -index 03b34c7d..98c26e54 100644 ---- a/generator/states-connect.c -+++ b/generator/states-connect.c -@@ -70,6 +70,22 @@ STATE_MACHINE { - if (r == 0 || (r == -1 && errno == EINPROGRESS)) - return 0; - assert (r == -1); -+#ifdef __linux__ -+ if (errno == EAGAIN && family == AF_UNIX) { -+ /* This can happen on Linux when connecting to a Unix domain -+ * socket, if the server's backlog is full. Unfortunately there -+ * is nothing good we can do on the client side when this happens -+ * since any solution would involve sleeping or busy-waiting. The -+ * only solution is on the server side, increasing the backlog. -+ * But at least improve the error message. -+ * https://bugzilla.redhat.com/1925045 -+ */ -+ SET_NEXT_STATE (%.DEAD); -+ set_error (errno, "connect: server backlog overflowed, " -+ "see https://bugzilla.redhat.com/1925045"); -+ return 0; -+ } -+#endif - SET_NEXT_STATE (%.DEAD); - set_error (errno, "connect"); - return 0; --- -2.43.0 - diff --git a/SOURCES/0004-opt_go-Tolerate-unplanned-server-death.patch b/SOURCES/0004-opt_go-Tolerate-unplanned-server-death.patch deleted file mode 100644 index 46a5a4e..0000000 --- a/SOURCES/0004-opt_go-Tolerate-unplanned-server-death.patch +++ /dev/null @@ -1,59 +0,0 @@ -From ffe8f0a994c1f2656aa011353b386663d32db69e Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Mon, 1 Mar 2021 15:25:31 -0600 -Subject: [PATCH] opt_go: Tolerate unplanned server death - -While debugging some experimental nbdkit code that was triggering an -assertion failure in nbdkit, I noticed a secondary failure of nbdsh -also dying from an assertion: - -libnbd: debug: nbdsh: nbd_opt_go: transition: NEWSTYLE.OPT_GO.SEND -> DEAD -libnbd: debug: nbdsh: nbd_opt_go: option queued, ignoring state machine failure -nbdsh: opt.c:86: nbd_unlocked_opt_go: Assertion `nbd_internal_is_state_negotiating (get_next_state (h))' failed. - -Although my trigger was from non-production nbdkit code, libnbd should -never die from an assertion failure merely because a server -disappeared at the wrong moment during an incomplete reply to -NBD_OPT_GO or NBD_OPT_INFO. If this is assigned a CVE, a followup -patch will add mention of it in docs/libnbd-security.pod. - -Fixes: bbf1c51392 (api: Give aio_opt_go a completion callback) -(cherry picked from commit fb4440de9cc76e9c14bd3ddf3333e78621f40ad0) ---- - lib/opt.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/lib/opt.c b/lib/opt.c -index 2317b72a..e5802f4d 100644 ---- a/lib/opt.c -+++ b/lib/opt.c -@@ -1,5 +1,5 @@ - /* NBD client library in userspace -- * Copyright (C) 2020 Red Hat Inc. -+ * Copyright (C) 2020-2021 Red Hat Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public -@@ -83,7 +83,8 @@ nbd_unlocked_opt_go (struct nbd_handle *h) - - r = wait_for_option (h); - if (r == 0 && err) { -- assert (nbd_internal_is_state_negotiating (get_next_state (h))); -+ assert (nbd_internal_is_state_negotiating (get_next_state (h)) || -+ nbd_internal_is_state_dead (get_next_state (h))); - set_error (err, "server replied with error to opt_go request"); - return -1; - } -@@ -105,7 +106,8 @@ nbd_unlocked_opt_info (struct nbd_handle *h) - - r = wait_for_option (h); - if (r == 0 && err) { -- assert (nbd_internal_is_state_negotiating (get_next_state (h))); -+ assert (nbd_internal_is_state_negotiating (get_next_state (h)) || -+ nbd_internal_is_state_dead (get_next_state (h))); - set_error (err, "server replied with error to opt_info request"); - return -1; - } --- -2.43.0 - diff --git a/SOURCES/0005-security-Document-assignment-of-CVE-2021-20286.patch b/SOURCES/0005-security-Document-assignment-of-CVE-2021-20286.patch deleted file mode 100644 index d9960a0..0000000 --- a/SOURCES/0005-security-Document-assignment-of-CVE-2021-20286.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 171ffdde8be590f784086a021a7e6f36c4ecdb4b Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Fri, 12 Mar 2021 17:00:58 -0600 -Subject: [PATCH] security: Document assignment of CVE-2021-20286 - -Now that we finally have a CVE number, it's time to document -the problem (it's low severity, but still a denial of service). - -Fixes: fb4440de9cc7 (opt_go: Tolerate unplanned server death) -(cherry picked from commit 40308a005eaa6b2e8f98da8952d0c0cacc51efde) ---- - docs/libnbd-security.pod | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod -index d8ead875..0cae8462 100644 ---- a/docs/libnbd-security.pod -+++ b/docs/libnbd-security.pod -@@ -22,6 +22,12 @@ L - See the full announcement here: - L - -+=head2 CVE-2021-20286 -+denial of service when using L -+ -+See the full announcement here: -+L -+ - =head1 SEE ALSO - - L. -@@ -34,4 +40,4 @@ Richard W.M. Jones - - =head1 COPYRIGHT - --Copyright (C) 2019 Red Hat Inc. -+Copyright (C) 2019-2021 Red Hat Inc. --- -2.43.0 - diff --git a/SOURCES/0006-copy-Pass-in-dummy-variable-rather-than-errno-to-cal.patch b/SOURCES/0006-copy-Pass-in-dummy-variable-rather-than-errno-to-cal.patch deleted file mode 100644 index 61454d9..0000000 --- a/SOURCES/0006-copy-Pass-in-dummy-variable-rather-than-errno-to-cal.patch +++ /dev/null @@ -1,163 +0,0 @@ -From 22572f8ac13e2e8daf91d227eac2f384303fb5b4 Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Thu, 3 Feb 2022 14:25:57 -0600 -Subject: [PATCH] copy: Pass in dummy variable rather than &errno to callback - -In several places where asynch handlers manually call the provided -nbd_completion_callback, the value of errno is indeterminate (for -example, in file-ops.c:file_asynch_read(), the previous call to -file_synch_read() already triggered exit() on error, but does not -guarantee what is left in errno on success). As the callback should -be paying attention to the value of *error (to be fixed in the next -patch), we are better off ensuring that we pass in a pointer to a -known-zero value. Besides, passing in &errno carries a risk that if -the callback uses any other library function that alters errno prior -to dereferncing *error, it will no longer see the value we passed in. -Thus, it is easier to use a dummy variable on the stack than to mess -around with errno and it's magic macro expansion into a thread-local -storage location. - -Note that several callsites then check if the callback returned -1, -and if so assume that the callback has caused errno to now have a sane -value to pass on to perror. In theory, the fact that we are no longer -passing in &errno means that if the callback assigns into *error but -did not otherwise affect errno (a tenuous assumption, given our -argument above that we could not even guarantee that the callback does -not accidentally alter errno prior to reading *error), our perror call -would no longer reflect the intended error value from the callback. -But in practice, since the callback never actually returned -1, nor -even assigned into *error, the call to perror is dead code; although I -have chosen to defer that additional cleanup to the next patch. - -Message-Id: <20220203202558.203013-5-eblake@redhat.com> -Acked-by: Richard W.M. Jones -Acked-by: Nir Soffer -Reviewed-by: Laszlo Ersek -(cherry picked from commit 794c8ce06e995ebd282e8f2b9465a06140572112) -Conflicts: - copy/file-ops.c - no backport of d5f65e56 ("copy: Do not use trim - for zeroing"), so asynch_trim needed same treatment - copy/multi-thread-copying.c - context due to missing refactoring - copy/null-ops.c - no backport of 0b16205e "copy: Implement "null:" - destination." -(cherry picked from commit 26e3dcf80815fe2db320d3046aabc2580c2f7a0d) ---- - copy/file-ops.c | 22 +++++++++++++--------- - copy/multi-thread-copying.c | 8 +++++--- - 2 files changed, 18 insertions(+), 12 deletions(-) - -diff --git a/copy/file-ops.c b/copy/file-ops.c -index 086348a2..cc312b48 100644 ---- a/copy/file-ops.c -+++ b/copy/file-ops.c -@@ -1,5 +1,5 @@ - /* NBD client library in userspace. -- * Copyright (C) 2020 Red Hat Inc. -+ * Copyright (C) 2020-2022 Red Hat Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public -@@ -158,10 +158,11 @@ file_asynch_read (struct rw *rw, - struct command *command, - nbd_completion_callback cb) - { -+ int dummy = 0; -+ - file_synch_read (rw, slice_ptr (command->slice), - command->slice.len, command->offset); -- errno = 0; -- if (cb.callback (cb.user_data, &errno) == -1) { -+ if (cb.callback (cb.user_data, &dummy) == -1) { - perror (rw->name); - exit (EXIT_FAILURE); - } -@@ -172,10 +173,11 @@ file_asynch_write (struct rw *rw, - struct command *command, - nbd_completion_callback cb) - { -+ int dummy = 0; -+ - file_synch_write (rw, slice_ptr (command->slice), - command->slice.len, command->offset); -- errno = 0; -- if (cb.callback (cb.user_data, &errno) == -1) { -+ if (cb.callback (cb.user_data, &dummy) == -1) { - perror (rw->name); - exit (EXIT_FAILURE); - } -@@ -185,10 +187,11 @@ static bool - file_asynch_trim (struct rw *rw, struct command *command, - nbd_completion_callback cb) - { -+ int dummy = 0; -+ - if (!file_synch_trim (rw, command->offset, command->slice.len)) - return false; -- errno = 0; -- if (cb.callback (cb.user_data, &errno) == -1) { -+ if (cb.callback (cb.user_data, &dummy) == -1) { - perror (rw->name); - exit (EXIT_FAILURE); - } -@@ -199,10 +202,11 @@ static bool - file_asynch_zero (struct rw *rw, struct command *command, - nbd_completion_callback cb) - { -+ int dummy = 0; -+ - if (!file_synch_zero (rw, command->offset, command->slice.len)) - return false; -- errno = 0; -- if (cb.callback (cb.user_data, &errno) == -1) { -+ if (cb.callback (cb.user_data, &dummy) == -1) { - perror (rw->name); - exit (EXIT_FAILURE); - } -diff --git a/copy/multi-thread-copying.c b/copy/multi-thread-copying.c -index a7aaa7de..2593ff76 100644 ---- a/copy/multi-thread-copying.c -+++ b/copy/multi-thread-copying.c -@@ -1,5 +1,5 @@ - /* NBD client library in userspace. -- * Copyright (C) 2020 Red Hat Inc. -+ * Copyright (C) 2020-2022 Red Hat Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public -@@ -391,6 +391,7 @@ finished_read (void *vp, int *error) - bool last_is_hole = false; - uint64_t i; - struct command *newcommand; -+ int dummy = 0; - - /* Iterate over whole blocks in the command, starting on a block - * boundary. -@@ -473,7 +474,7 @@ finished_read (void *vp, int *error) - /* Free the original command since it has been split into - * subcommands and the original is no longer needed. - */ -- free_command (command, &errno); -+ free_command (command, &dummy); - } - - return 1; /* auto-retires the command */ -@@ -498,6 +499,7 @@ static void - fill_dst_range_with_zeroes (struct command *command) - { - char *data; -+ int dummy = 0; - - if (destination_is_zero) - goto free_and_return; -@@ -541,7 +543,7 @@ fill_dst_range_with_zeroes (struct command *command) - free (data); - - free_and_return: -- free_command (command, &errno); -+ free_command (command, &dummy); - } - - static int --- -2.43.0 - diff --git a/SOURCES/0007-copy-CVE-2022-0485-Fail-nbdcopy-if-NBD-read-or-write.patch b/SOURCES/0007-copy-CVE-2022-0485-Fail-nbdcopy-if-NBD-read-or-write.patch deleted file mode 100644 index 93d414a..0000000 --- a/SOURCES/0007-copy-CVE-2022-0485-Fail-nbdcopy-if-NBD-read-or-write.patch +++ /dev/null @@ -1,318 +0,0 @@ -From 1b0b732e6a9b4979fccf6a09eb6704264edf675d Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Thu, 3 Feb 2022 14:25:58 -0600 -Subject: [PATCH] copy: CVE-2022-0485: Fail nbdcopy if NBD read or write fails - -nbdcopy has a nasty bug when performing multi-threaded copies using -asynchronous nbd calls - it was blindly treating the completion of an -asynchronous command as successful, rather than checking the *error -parameter. This can result in the silent creation of a corrupted -image in two different ways: when a read fails, we blindly wrote -garbage to the destination; when a write fails, we did not flag that -the destination was not written. - -Since nbdcopy already calls exit() on a synchronous read or write -failure to a file, doing the same for an asynchronous op to an NBD -server is the simplest solution. A nicer solution, but more invasive -to code and thus not done here, might be to allow up to N retries of -the transaction (in case the read or write failure was transient), or -even having a mode where as much data is copied as possible (portions -of the copy that failed would be logged on stderr, and nbdcopy would -still fail with a non-zero exit status, but this would copy more than -just stopping at the first error, as can be done with rsync or -ddrescue). - -Note that since we rely on auto-retiring and do NOT call -nbd_aio_command_completed, our completion callbacks must always return -1 (if they do not exit() first), even when acting on *error, so as not -leave the command allocated until nbd_close. As such, there is no -sane way to return an error to a manual caller of the callback, and -therefore we can drop dead code that calls perror() and exit() if the -callback "failed". It is also worth documenting the contract on when -we must manually call the callback during the asynch_zero callback, so -that we do not leak or double-free the command; thankfully, all the -existing code paths were correct. - -The added testsuite script demonstrates several scenarios, some of -which fail without the rest of this patch in place, and others which -showcase ways in which sparse images can bypass errors. - -Once backports are complete, a followup patch on the main branch will -edit docs/libnbd-security.pod with the mailing list announcement of -the stable branch commit ids and release versions that incorporate -this fix. - -Reported-by: Nir Soffer -Fixes: bc896eec4d ("copy: Implement multi-conn, multiple threads, multiple requests in flight.", v1.5.6) -Fixes: https://bugzilla.redhat.com/2046194 -Message-Id: <20220203202558.203013-6-eblake@redhat.com> -Acked-by: Richard W.M. Jones -Acked-by: Nir Soffer -[eblake: fix error message per Nir, tweak requires lines in unit test per Rich] -Reviewed-by: Laszlo Ersek - -(cherry picked from commit 8d444b41d09a700c7ee6f9182a649f3f2d325abb) -Conflicts: - copy/nbdcopy.h - copyright context - copy/null-ops.c - no backport of 0b16205e "copy: Implement "null:" - destination." - copy/copy-nbd-error.sh - no backport of d5f65e56 ("copy: Do not use - trim for zeroing"), so one test needed an additional error-trim-rate; - no backport of 4ff9e62d (copy: Add --request-size option") and friends, so - this version uses larger transactions, so change error rate of 0.5 to 1; - no backport of 0b16205e "copy: Implement "null:" destination.", so use - nbdkit null instead -Note that while the use of NBD_CMD_TRIM can create data corruption, it is -not as severe as what this patch fixes, since trim corruption will only -expose what had previously been on the disk, compared to this patch fixing -a potential leak of nbdcopy heap contents into the destination. -(cherry picked from commit 6c8f2f859926b82094fb5e85c446ea099700fa10) ---- - TODO | 1 + - copy/Makefile.am | 4 +- - copy/copy-nbd-error.sh | 81 +++++++++++++++++++++++++++++++++++++ - copy/file-ops.c | 17 +++----- - copy/multi-thread-copying.c | 13 ++++++ - copy/nbdcopy.h | 7 ++-- - 6 files changed, 107 insertions(+), 16 deletions(-) - create mode 100755 copy/copy-nbd-error.sh - -diff --git a/TODO b/TODO -index 510c219a..19c21d44 100644 ---- a/TODO -+++ b/TODO -@@ -35,6 +35,7 @@ nbdcopy: - - Better page cache usage, see nbdkit-file-plugin options - fadvise=sequential cache=none. - - Consider io_uring if there are performance bottlenecks. -+ - Configurable retries in response to read or write failures. - - nbdfuse: - - If you write beyond the end of the virtual file, it returns EIO. -diff --git a/copy/Makefile.am b/copy/Makefile.am -index d318388f..3406cd85 100644 ---- a/copy/Makefile.am -+++ b/copy/Makefile.am -@@ -1,5 +1,5 @@ - # nbd client library in userspace --# Copyright (C) 2020 Red Hat Inc. -+# Copyright (C) 2020-2022 Red Hat Inc. - # - # This library is free software; you can redistribute it and/or - # modify it under the terms of the GNU Lesser General Public -@@ -30,6 +30,7 @@ EXTRA_DIST = \ - copy-nbd-to-small-nbd-error.sh \ - copy-nbd-to-sparse-file.sh \ - copy-nbd-to-stdout.sh \ -+ copy-nbd-error.sh \ - copy-progress-bar.sh \ - copy-sparse.sh \ - copy-sparse-allocated.sh \ -@@ -105,6 +106,7 @@ TESTS += \ - copy-nbd-to-sparse-file.sh \ - copy-stdin-to-nbd.sh \ - copy-nbd-to-stdout.sh \ -+ copy-nbd-error.sh \ - copy-progress-bar.sh \ - copy-sparse.sh \ - copy-sparse-allocated.sh \ -diff --git a/copy/copy-nbd-error.sh b/copy/copy-nbd-error.sh -new file mode 100755 -index 00000000..bba71db5 ---- /dev/null -+++ b/copy/copy-nbd-error.sh -@@ -0,0 +1,81 @@ -+#!/usr/bin/env bash -+# nbd client library in userspace -+# Copyright (C) 2022 Red Hat Inc. -+# -+# This library is free software; you can redistribute it and/or -+# modify it under the terms of the GNU Lesser General Public -+# License as published by the Free Software Foundation; either -+# version 2 of the License, or (at your option) any later version. -+# -+# This library is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+# Lesser General Public License for more details. -+# -+# You should have received a copy of the GNU Lesser General Public -+# License along with this library; if not, write to the Free Software -+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -+ -+# Tests several scenarios of handling NBD server errors -+# Serves as a regression test for the CVE-2022-0485 fix. -+ -+. ../tests/functions.sh -+ -+set -e -+set -x -+ -+requires nbdkit --exit-with-parent --version -+requires nbdkit --filter=noextents null --version -+requires nbdkit --filter=error pattern --version -+requires nbdkit --filter=nozero memory --version -+ -+fail=0 -+ -+# Failure to get block status should not be fatal, but merely downgrade to -+# reading the entire image as if data -+echo "Testing extents failures on source" -+$VG nbdcopy -- [ nbdkit --exit-with-parent -v --filter=error pattern 5M \ -+ error-extents-rate=1 ] [ nbdkit --exit-with-parent -v null 5M ] || fail=1 -+ -+# Failure to read should be fatal -+echo "Testing read failures on non-sparse source" -+$VG nbdcopy -- [ nbdkit --exit-with-parent -v --filter=error pattern 5M \ -+ error-pread-rate=1 ] [ nbdkit --exit-with-parent -v null 5M ] && fail=1 -+ -+# However, reliable block status on a sparse image can avoid the need to read -+echo "Testing read failures on sparse source" -+$VG nbdcopy -- [ nbdkit --exit-with-parent -v --filter=error null 5M \ -+ error-pread-rate=1 ] [ nbdkit --exit-with-parent -v null 5M ] || fail=1 -+ -+# Failure to write data should be fatal -+echo "Testing write data failures on arbitrary destination" -+$VG nbdcopy -- [ nbdkit --exit-with-parent -v pattern 5M ] \ -+ [ nbdkit --exit-with-parent -v --filter=error --filter=noextents \ -+ memory 5M error-pwrite-rate=1 ] && fail=1 -+ -+# However, writing zeroes can bypass the need for normal writes -+echo "Testing write data failures from sparse source" -+$VG nbdcopy -- [ nbdkit --exit-with-parent -v null 5M ] \ -+ [ nbdkit --exit-with-parent -v --filter=error --filter=noextents \ -+ memory 5M error-pwrite-rate=1 ] || fail=1 -+ -+# Failure to write zeroes should be fatal -+echo "Testing write zero failures on arbitrary destination" -+$VG nbdcopy -- [ nbdkit --exit-with-parent -v null 5M ] \ -+ [ nbdkit --exit-with-parent -v --filter=error memory 5M \ -+ error-trim-rate=1 error-zero-rate=1 ] && fail=1 -+ -+# However, assuming/learning destination is zero can skip need to write -+echo "Testing write failures on pre-zeroed destination" -+$VG nbdcopy --destination-is-zero -- \ -+ [ nbdkit --exit-with-parent -v null 5M ] \ -+ [ nbdkit --exit-with-parent -v --filter=error memory 5M \ -+ error-pwrite-rate=1 error-zero-rate=1 ] || fail=1 -+ -+# Likewise, when write zero is not advertised, fallback to normal write works -+echo "Testing write zeroes to destination without zero support" -+$VG nbdcopy -- [ nbdkit --exit-with-parent -v null 5M ] \ -+ [ nbdkit --exit-with-parent -v --filter=nozero --filter=error memory 5M \ -+ error-zero-rate=1 ] || fail=1 -+ -+exit $fail -diff --git a/copy/file-ops.c b/copy/file-ops.c -index cc312b48..b19af04c 100644 ---- a/copy/file-ops.c -+++ b/copy/file-ops.c -@@ -162,10 +162,8 @@ file_asynch_read (struct rw *rw, - - file_synch_read (rw, slice_ptr (command->slice), - command->slice.len, command->offset); -- if (cb.callback (cb.user_data, &dummy) == -1) { -- perror (rw->name); -- exit (EXIT_FAILURE); -- } -+ /* file_synch_read called exit() on error */ -+ cb.callback (cb.user_data, &dummy); - } - - static void -@@ -177,10 +175,8 @@ file_asynch_write (struct rw *rw, - - file_synch_write (rw, slice_ptr (command->slice), - command->slice.len, command->offset); -- if (cb.callback (cb.user_data, &dummy) == -1) { -- perror (rw->name); -- exit (EXIT_FAILURE); -- } -+ /* file_synch_write called exit() on error */ -+ cb.callback (cb.user_data, &dummy); - } - - static bool -@@ -206,10 +202,7 @@ file_asynch_zero (struct rw *rw, struct command *command, - - if (!file_synch_zero (rw, command->offset, command->slice.len)) - return false; -- if (cb.callback (cb.user_data, &dummy) == -1) { -- perror (rw->name); -- exit (EXIT_FAILURE); -- } -+ cb.callback (cb.user_data, &dummy); - return true; - } - -diff --git a/copy/multi-thread-copying.c b/copy/multi-thread-copying.c -index 2593ff76..28749ae7 100644 ---- a/copy/multi-thread-copying.c -+++ b/copy/multi-thread-copying.c -@@ -28,6 +28,7 @@ - #include - #include - #include -+#include - - #include - -@@ -374,6 +375,12 @@ finished_read (void *vp, int *error) - { - struct command *command = vp; - -+ if (*error) { -+ fprintf (stderr, "read at offset %" PRId64 " failed: %s\n", -+ command->offset, strerror (*error)); -+ exit (EXIT_FAILURE); -+ } -+ - if (allocated || sparse_size == 0) { - /* If sparseness detection (see below) is turned off then we write - * the whole command. -@@ -552,6 +559,12 @@ free_command (void *vp, int *error) - struct command *command = vp; - struct buffer *buffer = command->slice.buffer; - -+ if (*error) { -+ fprintf (stderr, "write at offset %" PRId64 " failed: %s\n", -+ command->offset, strerror (*error)); -+ exit (EXIT_FAILURE); -+ } -+ - if (buffer != NULL) { - if (--buffer->refs == 0) { - free (buffer->data); -diff --git a/copy/nbdcopy.h b/copy/nbdcopy.h -index 3dcc6dfe..9626a52c 100644 ---- a/copy/nbdcopy.h -+++ b/copy/nbdcopy.h -@@ -1,5 +1,5 @@ - /* NBD client library in userspace. -- * Copyright (C) 2020 Red Hat Inc. -+ * Copyright (C) 2020-2022 Red Hat Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public -@@ -134,7 +134,8 @@ struct rw_ops { - bool (*synch_zero) (struct rw *rw, uint64_t offset, uint64_t count); - - /* Asynchronous I/O operations. These start the operation and call -- * 'cb' on completion. -+ * 'cb' on completion. 'cb' will return 1, for auto-retiring with -+ * asynchronous libnbd calls. - * - * The file_ops versions are actually implemented synchronously, but - * still call 'cb'. -@@ -156,7 +157,7 @@ struct rw_ops { - nbd_completion_callback cb); - - /* Asynchronously zero. command->slice.buffer is not used. If not possible, -- * returns false. -+ * returns false. 'cb' must be called only if returning true. - */ - bool (*asynch_zero) (struct rw *rw, struct command *command, - nbd_completion_callback cb); --- -2.43.0 - diff --git a/SOURCES/0008-build-Move-to-minimum-gnutls-3.5.18.patch b/SOURCES/0008-build-Move-to-minimum-gnutls-3.5.18.patch deleted file mode 100644 index cb95661..0000000 --- a/SOURCES/0008-build-Move-to-minimum-gnutls-3.5.18.patch +++ /dev/null @@ -1,94 +0,0 @@ -From cd4f3bed33d5ffdba6846d270c0e11713bc1caf6 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Tue, 25 Jun 2024 10:55:54 +0100 -Subject: [PATCH] build: Move to minimum gnutls >= 3.5.18 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This version matches current qemu. - -RHEL 7 gnutls is too old (lacks gnutls_session_set_verify_cert), which -means TLS will be disabled on this platform. RHEL 8 has gnutls 3.6.14. - -I also unconditionally enabled the gnutls/socket.h header. This -header was added in 2016 (gnutls 3.5.3), so it's not present in RHEL 7. - -On RHEL 7 the configure-time test now prints: - - checking for GNUTLS... no - configure: WARNING: gnutls not found or < 3.5.18, TLS support will be disabled. - ... - Optional library features: - TLS support ............................ no - -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 5ff09cdbbd19226dd2d5015d76134f88dee9321e) -(cherry picked from commit cb6df4f81a97d5d58385d89b0135039f1eddee15) ---- - configure.ac | 12 +++--------- - lib/crypto.c | 5 +---- - 2 files changed, 4 insertions(+), 13 deletions(-) - -diff --git a/configure.ac b/configure.ac -index da3dc38a..29e3b47a 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -94,12 +94,13 @@ AC_ARG_WITH([gnutls], - [], - [with_gnutls=check]) - AS_IF([test "$with_gnutls" != "no"],[ -- PKG_CHECK_MODULES([GNUTLS], [gnutls >= 3.3.0], [ -+ PKG_CHECK_MODULES([GNUTLS], [gnutls >= 3.5.18], [ -+ printf "gnutls version is "; $PKG_CONFIG --modversion gnutls - AC_SUBST([GNUTLS_CFLAGS]) - AC_SUBST([GNUTLS_LIBS]) - AC_DEFINE([HAVE_GNUTLS],[1],[gnutls found at compile time.]) - ], [ -- AC_MSG_WARN([gnutls not found or < 3.3.0, TLS support will be disabled.]) -+ AC_MSG_WARN([gnutls not found or < 3.5.18, TLS support will be disabled.]) - ]) - ]) - AM_CONDITIONAL([HAVE_GNUTLS], [test "x$GNUTLS_LIBS" != "x"]) -@@ -114,13 +115,6 @@ AS_IF([test "$GNUTLS_LIBS" != ""],[ - AC_MSG_RESULT([$tls_priority]) - AC_DEFINE_UNQUOTED([TLS_PRIORITY],["$tls_priority"], - [Default TLS session priority string]) -- -- # Check for APIs which may not be present. -- old_LIBS="$LIBS" -- LIBS="$GNUTLS_LIBS $LIBS" -- AC_CHECK_FUNCS([\ -- gnutls_session_set_verify_cert]) -- LIBS="$old_LIBS" - ]) - - dnl certtool (part of GnuTLS) for testing TLS with certificates. -diff --git a/lib/crypto.c b/lib/crypto.c -index a9b3789c..705e114a 100644 ---- a/lib/crypto.c -+++ b/lib/crypto.c -@@ -28,6 +28,7 @@ - - #ifdef HAVE_GNUTLS - #include -+#include - #endif - - #include "internal.h" -@@ -512,12 +513,8 @@ set_up_certificate_credentials (struct nbd_handle *h, - return NULL; - - found_certificates: --#ifdef HAVE_GNUTLS_SESSION_SET_VERIFY_CERT - if (h->hostname && h->tls_verify_peer) - gnutls_session_set_verify_cert (session, h->hostname, 0); --#else -- debug (h, "ignoring nbd_set_tls_verify_peer, this requires GnuTLS >= 3.4.6"); --#endif - - err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, ret); - if (err < 0) { --- -2.43.0 - diff --git a/SOURCES/0009-tests-Factor-out-some-common-Makefile-flags.patch b/SOURCES/0009-tests-Factor-out-some-common-Makefile-flags.patch deleted file mode 100644 index baf36e4..0000000 --- a/SOURCES/0009-tests-Factor-out-some-common-Makefile-flags.patch +++ /dev/null @@ -1,727 +0,0 @@ -From a852cec30a6540b5c1ea2947195454eef6269944 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Fri, 27 Aug 2021 15:12:12 +0100 -Subject: [PATCH] tests: Factor out some common Makefile flags - -We can use AM_CPPFLAGS, AM_CFLAGS etc to factor out some common flags -in the tests. Note the rules here are complicated, see: - -https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html - -and for unclear reasons there is no AM_LDADD nor any workaround: - -https://stackoverflow.com/questions/29252969/automake-am-ldadd-workaround - -This commit is mostly pure refactoring but it also tries to make the -flags usage more consistent across tests so it may have side-effects -like enabling more warnings. - -(cherry picked from commit 5fd648f821e9ab3ee08bf360348d1fb01537a267) -(cherry picked from commit 6cb1f74b09beca1ddaef794136f221bfb7bb4faa) ---- - interop/Makefile.am | 57 ++++++------- - tests/Makefile.am | 190 ++++++++++++++++++-------------------------- - 2 files changed, 104 insertions(+), 143 deletions(-) - -diff --git a/interop/Makefile.am b/interop/Makefile.am -index 9787c26e..9432ad43 100644 ---- a/interop/Makefile.am -+++ b/interop/Makefile.am -@@ -28,6 +28,16 @@ LOG_COMPILER = $(top_builddir)/run - check_PROGRAMS = - TESTS = - -+# Common flags. -+# Note there is no such thing as "AM_LDADD". -+AM_CPPFLAGS = \ -+ -I$(top_srcdir)/include \ -+ -I$(top_srcdir)/tests \ -+ $(NULL) -+AM_CFLAGS = \ -+ $(WARNINGS_CFLAGS) \ -+ $(NULL) -+ - if HAVE_NBD_SERVER - - check_PROGRAMS += \ -@@ -41,22 +51,20 @@ TESTS += \ - - interop_nbd_server_SOURCES = interop.c - interop_nbd_server_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBD_SERVER)\" \ - -DSERVER_PARAMS='"-d", "-C", "/dev/null", "0", tmpfile' \ - -DEXPORT_NAME='""' --interop_nbd_server_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbd_server_LDADD = $(top_builddir)/lib/libnbd.la - - list_exports_nbd_server_SOURCES = list-exports.c - list_exports_nbd_server_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBD_SERVER)\" \ - -DSERVER_PARAMS='"-C", "$(srcdir)/list-exports-nbd-config", "-d", "0"' \ - -DEXPORTS='"disk1", "disk2"' \ - -DDESCRIPTIONS='"", ""' \ - $(NULL) --list_exports_nbd_server_CFLAGS = $(WARNINGS_CFLAGS) - list_exports_nbd_server_LDADD = $(top_builddir)/lib/libnbd.la - - endif HAVE_NBD_SERVER -@@ -104,19 +112,18 @@ endif - - interop_qemu_nbd_SOURCES = interop.c - interop_qemu_nbd_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSOCKET_ACTIVATION=1 \ - -DSERVER=\"$(QEMU_NBD)\" \ - -DSERVER_PARAMS='"-f", "raw", "-x", "/", tmpfile' \ - -DEXPORT_NAME='"/"' \ - $(NULL) --interop_qemu_nbd_CFLAGS = $(WARNINGS_CFLAGS) - interop_qemu_nbd_LDADD = $(top_builddir)/lib/libnbd.la - - # qemu-nbd requires absolute path to dir - interop_qemu_nbd_tls_certs_SOURCES = interop.c - interop_qemu_nbd_tls_certs_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSOCKET_ACTIVATION=1 \ - -DSERVER=\"$(QEMU_NBD)\" \ - -DSERVER_PARAMS='"--object", "tls-creds-x509,id=tls0,endpoint=server,dir=$(abs_top_builddir)/tests/pki", "--tls-creds", "tls0", "-f", "raw", "-x", "/", tmpfile' \ -@@ -124,13 +131,12 @@ interop_qemu_nbd_tls_certs_CPPFLAGS = \ - -DCERTS=1 \ - -DTLS_MODE=LIBNBD_TLS_REQUIRE \ - $(NULL) --interop_qemu_nbd_tls_certs_CFLAGS = $(WARNINGS_CFLAGS) - interop_qemu_nbd_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la - - # qemu-nbd requires absolute path to dir - interop_qemu_nbd_tls_psk_SOURCES = interop.c - interop_qemu_nbd_tls_psk_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSOCKET_ACTIVATION=1 \ - -DSERVER=\"$(QEMU_NBD)\" \ - -DSERVER_PARAMS='"--object", "tls-creds-psk,id=tls0,endpoint=server,dir=$(abs_top_builddir)/tests", "--tls-creds", "tls0", "-f", "raw", "-x", "/", tmpfile' \ -@@ -138,7 +144,6 @@ interop_qemu_nbd_tls_psk_CPPFLAGS = \ - -DPSK=1 \ - -DTLS_MODE=LIBNBD_TLS_REQUIRE \ - $(NULL) --interop_qemu_nbd_tls_psk_CFLAGS = $(WARNINGS_CFLAGS) - interop_qemu_nbd_tls_psk_LDADD = $(top_builddir)/lib/libnbd.la - - dirty_bitmap_SOURCES = dirty-bitmap.c -@@ -148,28 +153,24 @@ dirty_bitmap_LDADD = $(top_builddir)/lib/libnbd.la - - list_exports_qemu_nbd_SOURCES = list-exports.c - list_exports_qemu_nbd_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSOCKET_ACTIVATION=1 \ - -DSERVER=\"$(QEMU_NBD)\" \ - -DSERVER_PARAMS='"-f", "raw", "-x", "testing", "-D", "data", tmpfile' \ - -DEXPORTS='"testing"' \ - -DDESCRIPTIONS='"data"' \ - $(NULL) --list_exports_qemu_nbd_CFLAGS = $(WARNINGS_CFLAGS) - list_exports_qemu_nbd_LDADD = $(top_builddir)/lib/libnbd.la - - socket_activation_qemu_nbd_SOURCES = socket-activation.c - socket_activation_qemu_nbd_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(QEMU_NBD)\" \ - -DSERVER_PARAMS='"-f", "raw", "-x", "", tmpfile' \ - $(NULL) --socket_activation_qemu_nbd_CFLAGS = $(WARNINGS_CFLAGS) - socket_activation_qemu_nbd_LDADD = $(top_builddir)/lib/libnbd.la - - structured_read_SOURCES = structured-read.c --structured_read_CPPFLAGS = -I$(top_srcdir)/include --structured_read_CFLAGS = $(WARNINGS_CFLAGS) - structured_read_LDADD = $(top_builddir)/lib/libnbd.la - - endif HAVE_QEMU_NBD -@@ -215,88 +216,80 @@ endif - - interop_nbdkit_SOURCES = interop.c - interop_nbdkit_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"-s", "--exit-with-parent", "file", tmpfile' \ - $(NULL) --interop_nbdkit_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbdkit_LDADD = $(top_builddir)/lib/libnbd.la - - interop_nbdkit_tls_certs_SOURCES = interop.c - interop_nbdkit_tls_certs_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"--tls=require", "--tls-certificates=../tests/pki", "-s", "--exit-with-parent", "file", tmpfile' \ - -DCERTS=1 \ - -DTLS_MODE=LIBNBD_TLS_REQUIRE \ - $(NULL) --interop_nbdkit_tls_certs_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbdkit_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la - - interop_nbdkit_tls_certs_allow_enabled_SOURCES = interop.c - interop_nbdkit_tls_certs_allow_enabled_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"--tls=require", "--tls-certificates=../tests/pki", "-s", "--exit-with-parent", "file", tmpfile' \ - -DCERTS=1 \ - -DTLS_MODE=LIBNBD_TLS_ALLOW \ - $(NULL) --interop_nbdkit_tls_certs_allow_enabled_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbdkit_tls_certs_allow_enabled_LDADD = $(top_builddir)/lib/libnbd.la - - interop_nbdkit_tls_certs_allow_fallback_SOURCES = interop.c - interop_nbdkit_tls_certs_allow_fallback_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"--tls=off", "-s", "--exit-with-parent", "file", tmpfile' \ - -DCERTS=1 \ - -DTLS_MODE=LIBNBD_TLS_ALLOW \ - -DTLS_FALLBACK=1 \ - $(NULL) --interop_nbdkit_tls_certs_allow_fallback_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbdkit_tls_certs_allow_fallback_LDADD = $(top_builddir)/lib/libnbd.la - - interop_nbdkit_tls_psk_SOURCES = interop.c - interop_nbdkit_tls_psk_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"--tls=require", "--tls-psk=../tests/keys.psk", "-s", "--exit-with-parent", "file", tmpfile' \ - -DPSK=1 \ - -DTLS_MODE=LIBNBD_TLS_REQUIRE \ - $(NULL) --interop_nbdkit_tls_psk_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbdkit_tls_psk_LDADD = $(top_builddir)/lib/libnbd.la - - interop_nbdkit_tls_psk_allow_enabled_SOURCES = interop.c - interop_nbdkit_tls_psk_allow_enabled_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"--tls=require", "--tls-psk=../tests/keys.psk", "-s", "--exit-with-parent", "file", tmpfile' \ - -DPSK=1 \ - -DTLS_MODE=LIBNBD_TLS_ALLOW \ - $(NULL) --interop_nbdkit_tls_psk_allow_enabled_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbdkit_tls_psk_allow_enabled_LDADD = $(top_builddir)/lib/libnbd.la - - interop_nbdkit_tls_psk_allow_fallback_SOURCES = interop.c - interop_nbdkit_tls_psk_allow_fallback_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"--tls=off", "-s", "--exit-with-parent", "file", tmpfile' \ - -DPSK=1 \ - -DTLS_MODE=LIBNBD_TLS_ALLOW \ - -DTLS_FALLBACK=1 \ - $(NULL) --interop_nbdkit_tls_psk_allow_fallback_CFLAGS = $(WARNINGS_CFLAGS) - interop_nbdkit_tls_psk_allow_fallback_LDADD = $(top_builddir)/lib/libnbd.la - - socket_activation_nbdkit_SOURCES = socket-activation.c - socket_activation_nbdkit_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER=\"$(NBDKIT)\" \ - -DSERVER_PARAMS='"file", tmpfile' \ - $(NULL) --socket_activation_nbdkit_CFLAGS = $(WARNINGS_CFLAGS) - socket_activation_nbdkit_LDADD = $(top_builddir)/lib/libnbd.la - - endif HAVE_NBDKIT -diff --git a/tests/Makefile.am b/tests/Makefile.am -index 64320cad..436e1c10 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -52,6 +52,18 @@ TESTS_ENVIRONMENT = srcdir=$(srcdir) LIBNBD_DEBUG=1 - # Use the ./run script so we're always using the local library and tools. - LOG_COMPILER = $(top_builddir)/run - -+# Common flags. -+# Note there is no such thing as "AM_LDADD". -+AM_CPPFLAGS = \ -+ -I$(top_srcdir)/include \ -+ $(NULL) -+AM_CFLAGS = \ -+ $(WARNINGS_CFLAGS) \ -+ $(NULL) -+AM_CXXFLAGS = \ -+ $(WARNINGS_CFLAGS) \ -+ $(NULL) -+ - #---------------------------------------------------------------------- - # The following tests do not need an NBD server. - -@@ -81,45 +93,30 @@ TESTS += \ - .PHONY: compile - - compile_header_only_SOURCES = compile-header-only.c --compile_header_only_CPPFLAGS = -I$(top_srcdir)/include --compile_header_only_CFLAGS = $(WARNINGS_CFLAGS) - compile_header_only_LDADD = $(top_builddir)/lib/libnbd.la - - compile_c_SOURCES = compile.c --compile_c_CPPFLAGS = -I$(top_srcdir)/include --compile_c_CFLAGS = $(WARNINGS_CFLAGS) - compile_c_LDADD = $(top_builddir)/lib/libnbd.la - - compile_ansi_c_SOURCES = compile-ansi-c.c - compile_ansi_c_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -std=c90 -pedantic --compile_ansi_c_CFLAGS = $(WARNINGS_CFLAGS) - compile_ansi_c_LDADD = $(top_builddir)/lib/libnbd.la - - close_null_SOURCES = close-null.c --close_null_CPPFLAGS = -I$(top_srcdir)/include --close_null_CFLAGS = $(WARNINGS_CFLAGS) - close_null_LDADD = $(top_builddir)/lib/libnbd.la - - debug_SOURCES = debug.c --debug_CPPFLAGS = -I$(top_srcdir)/include --debug_CFLAGS = $(WARNINGS_CFLAGS) - debug_LDADD = $(top_builddir)/lib/libnbd.la - - debug_environment_SOURCES = debug-environment.c --debug_environment_CPPFLAGS = -I$(top_srcdir)/include --debug_environment_CFLAGS = $(WARNINGS_CFLAGS) - debug_environment_LDADD = $(top_builddir)/lib/libnbd.la - - version_SOURCES = version.c --version_CPPFLAGS = -I$(top_srcdir)/include --version_CFLAGS = $(WARNINGS_CFLAGS) - version_LDADD = $(top_builddir)/lib/libnbd.la - - export_name_SOURCES = export-name.c --export_name_CPPFLAGS = -I$(top_srcdir)/include --export_name_CFLAGS = $(WARNINGS_CFLAGS) - export_name_LDADD = $(top_builddir)/lib/libnbd.la - - if HAVE_CXX -@@ -128,8 +125,6 @@ check_PROGRAMS += compile-cxx - TESTS += compile-cxx - - compile_cxx_SOURCES = compile-cxx.cpp --compile_cxx_CPPFLAGS = -I$(top_srcdir)/include --compile_cxx_CXXFLAGS = $(WARNINGS_CFLAGS) - compile_cxx_LDADD = $(top_builddir)/lib/libnbd.la - - endif HAVE_CXX -@@ -220,243 +215,208 @@ TESTS += \ - $(NULL) - - errors_SOURCES = errors.c --errors_CPPFLAGS = -I$(top_srcdir)/include --errors_CFLAGS = $(WARNINGS_CFLAGS) - errors_LDADD = $(top_builddir)/lib/libnbd.la - - server_death_SOURCES = server-death.c --server_death_CPPFLAGS = -I$(top_srcdir)/include --server_death_CFLAGS = $(WARNINGS_CFLAGS) - server_death_LDADD = $(top_builddir)/lib/libnbd.la - - shutdown_flags_SOURCES = shutdown-flags.c --shutdown_flags_CPPFLAGS = -I$(top_srcdir)/include --shutdown_flags_CFLAGS = $(WARNINGS_CFLAGS) - shutdown_flags_LDADD = $(top_builddir)/lib/libnbd.la - - get_size_SOURCES = get-size.c --get_size_CPPFLAGS = -I$(top_srcdir)/include --get_size_CFLAGS = $(WARNINGS_CFLAGS) - get_size_LDADD = $(top_builddir)/lib/libnbd.la - - read_only_flag_SOURCES = read-only-flag.c --read_only_flag_CPPFLAGS = -I$(top_srcdir)/include --read_only_flag_CFLAGS = $(WARNINGS_CFLAGS) - read_only_flag_LDADD = $(top_builddir)/lib/libnbd.la - - read_write_flag_SOURCES = read-write-flag.c --read_write_flag_CPPFLAGS = -I$(top_srcdir)/include --read_write_flag_CFLAGS = $(WARNINGS_CFLAGS) - read_write_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_flush_flag_SOURCES = eflags.c - can_flush_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_flush \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_flush \ - $(NULL) --can_flush_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_flush_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_flush_flag_SOURCES = eflags.c - can_not_flush_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_flush -Dvalue=false \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_flush -Dvalue=false \ - $(NULL) --can_not_flush_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_flush_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_fua_flag_SOURCES = eflags.c - can_fua_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_fua -Dvalue=native \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_fua -Dvalue=native \ - $(NULL) --can_fua_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_fua_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_fua_flag_SOURCES = eflags.c - can_not_fua_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_fua -Dvalue=none \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_fua -Dvalue=none \ - $(NULL) --can_not_fua_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_fua_flag_LDADD = $(top_builddir)/lib/libnbd.la - - is_rotational_flag_SOURCES = eflags.c - is_rotational_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=is_rotational \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=is_rotational \ - $(NULL) --is_rotational_flag_CFLAGS = $(WARNINGS_CFLAGS) - is_rotational_flag_LDADD = $(top_builddir)/lib/libnbd.la - - is_not_rotational_flag_SOURCES = eflags.c - is_not_rotational_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=is_rotational -Dvalue=false \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=is_rotational -Dvalue=false \ - $(NULL) --is_not_rotational_flag_CFLAGS = $(WARNINGS_CFLAGS) - is_not_rotational_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_trim_flag_SOURCES = eflags.c - can_trim_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_trim \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_trim \ - $(NULL) --can_trim_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_trim_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_trim_flag_SOURCES = eflags.c - can_not_trim_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_trim -Dvalue=false \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_trim -Dvalue=false \ - $(NULL) --can_not_trim_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_trim_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_zero_flag_SOURCES = eflags.c - can_zero_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_zero \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_zero \ - $(NULL) --can_zero_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_zero_flag_SOURCES = eflags.c - can_not_zero_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_zero -Dvalue=false \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_zero -Dvalue=false \ - -Dfilter='"--filter=nozero"' \ - $(NULL) --can_not_zero_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_fast_zero_flag_SOURCES = eflags.c - can_fast_zero_flag_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/include -Dflag=can_fast_zero \ - -Drequire='"has_can_fast_zero=1"' \ - $(NULL) --can_fast_zero_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_fast_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_fast_zero_flag_SOURCES = eflags.c - can_not_fast_zero_flag_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/include -Dflag=can_fast_zero -Dvalue=false \ - -Drequire='"has_can_fast_zero=1"' \ - $(NULL) --can_not_fast_zero_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_fast_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_df_flag_SOURCES = eflags.c - can_df_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_df \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_df \ - $(NULL) --can_df_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_df_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_df_flag_SOURCES = eflags.c - can_not_df_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_df -Dvalue=false -Dno_sr \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_df -Dvalue=false -Dno_sr \ - $(NULL) --can_not_df_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_df_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_multi_conn_flag_SOURCES = eflags.c - can_multi_conn_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_multi_conn \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_multi_conn \ - $(NULL) --can_multi_conn_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_multi_conn_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_multi_conn_flag_SOURCES = eflags.c - can_not_multi_conn_flag_CPPFLAGS = \ -- -I$(top_srcdir)/include -Dflag=can_multi_conn -Dvalue=false \ -+ $(AM_CPPFLAGS) \ -+ -Dflag=can_multi_conn -Dvalue=false \ - $(NULL) --can_not_multi_conn_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_multi_conn_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_cache_flag_SOURCES = eflags.c - can_cache_flag_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/include -Dflag=can_cache -Dvalue=native \ - -Drequire='"has_can_cache=1"' \ - $(NULL) --can_cache_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_cache_flag_LDADD = $(top_builddir)/lib/libnbd.la - - can_not_cache_flag_SOURCES = eflags.c - can_not_cache_flag_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/include -Dflag=can_cache -Dvalue=none \ - -Drequire='"has_can_cache=1"' \ - $(NULL) --can_not_cache_flag_CFLAGS = $(WARNINGS_CFLAGS) - can_not_cache_flag_LDADD = $(top_builddir)/lib/libnbd.la - - oldstyle_SOURCES = oldstyle.c --oldstyle_CPPFLAGS = -I$(top_srcdir)/include --oldstyle_CFLAGS = $(WARNINGS_CFLAGS) - oldstyle_LDADD = $(top_builddir)/lib/libnbd.la - - newstyle_limited_SOURCES = newstyle-limited.c --newstyle_limited_CPPFLAGS = -I$(top_srcdir)/include --newstyle_limited_CFLAGS = $(WARNINGS_CFLAGS) - newstyle_limited_LDADD = $(top_builddir)/lib/libnbd.la - - opt_abort_SOURCES = opt-abort.c --opt_abort_CPPFLAGS = -I$(top_srcdir)/include --opt_abort_CFLAGS = $(WARNINGS_CFLAGS) - opt_abort_LDADD = $(top_builddir)/lib/libnbd.la - - opt_list_SOURCES = opt-list.c - opt_list_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSCRIPT='"$(abs_srcdir)/opt-list.sh"' \ - $(NULL) --opt_list_CFLAGS = $(WARNINGS_CFLAGS) - opt_list_LDADD = $(top_builddir)/lib/libnbd.la - - opt_info_SOURCES = opt-info.c - opt_info_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSCRIPT='"$(abs_srcdir)/opt-info.sh"' \ - $(NULL) --opt_info_CFLAGS = $(WARNINGS_CFLAGS) - opt_info_LDADD = $(top_builddir)/lib/libnbd.la - - opt_list_meta_SOURCES = opt-list-meta.c --opt_list_meta_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -- $(NULL) --opt_list_meta_CFLAGS = $(WARNINGS_CFLAGS) - opt_list_meta_LDADD = $(top_builddir)/lib/libnbd.la - - connect_unix_SOURCES = connect-unix.c --connect_unix_CPPFLAGS = -I$(top_srcdir)/include --connect_unix_CFLAGS = $(WARNINGS_CFLAGS) - connect_unix_LDADD = $(top_builddir)/lib/libnbd.la - - connect_tcp_SOURCES = connect-tcp.c --connect_tcp_CPPFLAGS = -I$(top_srcdir)/include --connect_tcp_CFLAGS = $(WARNINGS_CFLAGS) - connect_tcp_LDADD = $(top_builddir)/lib/libnbd.la - - aio_parallel_SOURCES = aio-parallel.c - aio_parallel_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/common/include \ - $(NULL) --aio_parallel_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS) - aio_parallel_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS) - - aio_parallel_load_SOURCES = aio-parallel-load.c --aio_parallel_load_CPPFLAGS = -I$(top_srcdir)/include --aio_parallel_load_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS) - aio_parallel_load_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS) - - synch_parallel_SOURCES = synch-parallel.c - synch_parallel_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/common/include \ - $(NULL) --synch_parallel_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS) -+synch_parallel_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS) - synch_parallel_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS) - - meta_base_allocation_SOURCES = meta-base-allocation.c --meta_base_allocation_CPPFLAGS = -I$(top_srcdir)/include --meta_base_allocation_CFLAGS = $(WARNINGS_CFLAGS) - meta_base_allocation_LDADD = $(top_builddir)/lib/libnbd.la - - closure_lifetimes_SOURCES = closure-lifetimes.c --closure_lifetimes_CPPFLAGS = -I$(top_srcdir)/include --closure_lifetimes_CFLAGS = $(WARNINGS_CFLAGS) - closure_lifetimes_LDADD = $(top_builddir)/lib/libnbd.la - - #---------------------------------------------------------------------- -@@ -470,8 +430,10 @@ check_DATA += pki/stamp-pki - TESTS += connect-tls-certs - - connect_tls_certs_SOURCES = connect-tls.c --connect_tls_certs_CPPFLAGS = -I$(top_srcdir)/include -DCERTS=1 --connect_tls_certs_CFLAGS = $(WARNINGS_CFLAGS) -+connect_tls_certs_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ -+ -DCERTS=1 \ -+ $(NULL) - connect_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la - - pki/stamp-pki: $(srcdir)/make-pki.sh -@@ -499,31 +461,36 @@ TESTS += \ - check_DATA += keys.psk - - connect_tls_psk_SOURCES = connect-tls.c --connect_tls_psk_CPPFLAGS = -I$(top_srcdir)/include -DPSK=1 --connect_tls_psk_CFLAGS = $(WARNINGS_CFLAGS) -+connect_tls_psk_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ -+ -DPSK=1 \ -+ $(NULL) - connect_tls_psk_LDADD = $(top_builddir)/lib/libnbd.la - - aio_parallel_tls_SOURCES = aio-parallel.c - aio_parallel_tls_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/common/include \ - -DTLS=1 \ - $(NULL) --aio_parallel_tls_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS) -+aio_parallel_tls_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS) - aio_parallel_tls_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS) - - aio_parallel_load_tls_SOURCES = aio-parallel-load.c --aio_parallel_load_tls_CPPFLAGS = -I$(top_srcdir)/include -DTLS=1 --aio_parallel_load_tls_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS) -+aio_parallel_load_tls_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ -+ -DTLS=1 \ -+ $(NULL) -+aio_parallel_load_tls_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS) - aio_parallel_load_tls_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS) - - synch_parallel_tls_SOURCES = synch-parallel.c - synch_parallel_tls_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -I$(top_srcdir)/common/include \ - -DTLS=1 \ - $(NULL) --synch_parallel_tls_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS) -+synch_parallel_tls_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS) - synch_parallel_tls_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS) - - keys.psk: -@@ -550,18 +517,19 @@ TESTS += \ - RANDOM1 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))") - connect_uri_nbd_SOURCES = connect-uri.c - connect_uri_nbd_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER_PARAMS='"-p", "$(RANDOM1)"' \ - -DPIDFILE='"connect-uri-nbd.pid"' \ -- -DURI='"nbd://localhost:$(RANDOM1)/"' --connect_uri_nbd_CFLAGS = $(WARNINGS_CFLAGS) -+ -DURI='"nbd://localhost:$(RANDOM1)/"' \ -+ $(NULL) -+connect_uri_nbd_CFLAGS = $(AM_CFLAGS) - connect_uri_nbd_LDADD = $(top_builddir)/lib/libnbd.la - - CONNECT_URI_NBD_UNIX_SOCKET := \ - $(shell mktemp /tmp/connect-uri-nbd-unix-socket-XXXXXX) - connect_uri_nbd_unix_SOURCES = connect-uri.c - connect_uri_nbd_unix_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER_PARAMS='"-U", SOCKET' \ - -DSOCKET='"$(CONNECT_URI_NBD_UNIX_SOCKET)"' \ - -DPIDFILE='"connect-uri-nbd-unix.pid"' \ -@@ -584,18 +552,18 @@ TESTS += \ - RANDOM2 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))") - connect_uri_nbds_SOURCES = connect-uri.c - connect_uri_nbds_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER_PARAMS='"-p", "$(RANDOM2)", "--tls=require", "--tls-certificates=pki"' \ - -DPIDFILE='"connect-uri-nbds.pid"' \ -- -DURI='"nbds://localhost:$(RANDOM2)/"' --connect_uri_nbds_CFLAGS = $(WARNINGS_CFLAGS) -+ -DURI='"nbds://localhost:$(RANDOM2)/"' \ -+ $(NULL) - connect_uri_nbds_LDADD = $(top_builddir)/lib/libnbd.la - - CONNECT_URI_NBDS_UNIX_SOCKET := \ - $(shell mktemp /tmp/connect-uri-nbds-unix-socket-XXXXXX) - connect_uri_nbds_unix_SOURCES = connect-uri.c - connect_uri_nbds_unix_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER_PARAMS='"-U", SOCKET, "--tls=require", "--tls-certificates=pki"' \ - -DSOCKET='"$(CONNECT_URI_NBDS_UNIX_SOCKET)"' \ - -DPIDFILE='"connect-uri-nbds-unix.pid"' \ -@@ -617,11 +585,11 @@ TESTS += \ - RANDOM3 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))") - connect_uri_nbds_psk_SOURCES = connect-uri.c - connect_uri_nbds_psk_CPPFLAGS = \ -- -I$(top_srcdir)/include \ -+ $(AM_CPPFLAGS) \ - -DSERVER_PARAMS='"-p", "$(RANDOM3)", "--tls=require", "--tls-psk=keys.psk"' \ - -DPIDFILE='"connect-uri-nbds-psk.pid"' \ -- -DURI='"nbds://alice@localhost:$(RANDOM3)/?tls-psk-file=keys.psk"' --connect_uri_nbds_psk_CFLAGS = $(WARNINGS_CFLAGS) -+ -DURI='"nbds://alice@localhost:$(RANDOM3)/?tls-psk-file=keys.psk"' \ -+ $(NULL) - connect_uri_nbds_psk_LDADD = $(top_builddir)/lib/libnbd.la - - endif HAVE_PSKTOOL --- -2.43.0 - diff --git a/SOURCES/0010-tests-connect-uri.c-Ensure-Unix-domain-socket-is-cle.patch b/SOURCES/0010-tests-connect-uri.c-Ensure-Unix-domain-socket-is-cle.patch deleted file mode 100644 index 5668a44..0000000 --- a/SOURCES/0010-tests-connect-uri.c-Ensure-Unix-domain-socket-is-cle.patch +++ /dev/null @@ -1,149 +0,0 @@ -From da628792ddf7a3d3cb8f8b770c7dbb9b9d67444b Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Sat, 24 Apr 2021 21:40:58 +0100 -Subject: [PATCH] tests/connect-uri.c: Ensure Unix domain socket is cleaned up - on exit - -Commit 70f83fed13 ("tests: Create test sockets in /tmp instead of -local directory.") aimed to create sockets with short path names in -/tmp. However it never cleaned them up. Worse still, every time the -Makefile was evaluated at all a temporary file was created. - -Fix this properly in the C file. - -Fixes: commit 70f83fed131c7e52b1a31a28d9acaf19f6c11d57 -(cherry picked from commit f5955c4c5bb0269e192b906a3ef98601aa63ad59) -(cherry picked from commit 502f0b59ec1dbd64c6c64279316e03540258a54c) ---- - tests/Makefile.am | 16 ++++++---------- - tests/connect-uri.c | 45 +++++++++++++++++++++++++++++++++++++++------ - 2 files changed, 45 insertions(+), 16 deletions(-) - -diff --git a/tests/Makefile.am b/tests/Makefile.am -index 436e1c10..ed5585a5 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -525,15 +525,13 @@ connect_uri_nbd_CPPFLAGS = \ - connect_uri_nbd_CFLAGS = $(AM_CFLAGS) - connect_uri_nbd_LDADD = $(top_builddir)/lib/libnbd.la - --CONNECT_URI_NBD_UNIX_SOCKET := \ -- $(shell mktemp /tmp/connect-uri-nbd-unix-socket-XXXXXX) - connect_uri_nbd_unix_SOURCES = connect-uri.c - connect_uri_nbd_unix_CPPFLAGS = \ - $(AM_CPPFLAGS) \ -- -DSERVER_PARAMS='"-U", SOCKET' \ -- -DSOCKET='"$(CONNECT_URI_NBD_UNIX_SOCKET)"' \ -+ -DNEEDS_UNIX_SOCKET=1 \ -+ -DSERVER_PARAMS='"-U", UNIX_SOCKET' \ - -DPIDFILE='"connect-uri-nbd-unix.pid"' \ -- -DURI='"nbd+unix:///?socket=" SOCKET' -+ -DURI='"nbd+unix:///?socket="' # UNIX_SOCKET appended - connect_uri_nbd_unix_CFLAGS = $(WARNINGS_CFLAGS) - connect_uri_nbd_unix_LDADD = $(top_builddir)/lib/libnbd.la - -@@ -559,15 +557,13 @@ connect_uri_nbds_CPPFLAGS = \ - $(NULL) - connect_uri_nbds_LDADD = $(top_builddir)/lib/libnbd.la - --CONNECT_URI_NBDS_UNIX_SOCKET := \ -- $(shell mktemp /tmp/connect-uri-nbds-unix-socket-XXXXXX) - connect_uri_nbds_unix_SOURCES = connect-uri.c - connect_uri_nbds_unix_CPPFLAGS = \ - $(AM_CPPFLAGS) \ -- -DSERVER_PARAMS='"-U", SOCKET, "--tls=require", "--tls-certificates=pki"' \ -- -DSOCKET='"$(CONNECT_URI_NBDS_UNIX_SOCKET)"' \ -+ -DNEEDS_UNIX_SOCKET=1 \ -+ -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-certificates=pki"' \ - -DPIDFILE='"connect-uri-nbds-unix.pid"' \ -- -DURI='"nbds+unix:///?socket=" SOCKET' -+ -DURI='"nbds+unix:///?socket="' # UNIX_SOCKET appended - connect_uri_nbds_unix_CFLAGS = $(WARNINGS_CFLAGS) - connect_uri_nbds_unix_LDADD = $(top_builddir)/lib/libnbd.la - -diff --git a/tests/connect-uri.c b/tests/connect-uri.c -index 6e7d1685..ce9e4d9b 100644 ---- a/tests/connect-uri.c -+++ b/tests/connect-uri.c -@@ -29,16 +29,49 @@ - - #include - -+#ifdef NEEDS_UNIX_SOCKET -+#define UNIX_SOCKET tmp -+static char tmp[] = "/tmp/nbdXXXXXX"; -+ -+static void -+unlink_unix_socket (void) -+{ -+ unlink (UNIX_SOCKET); -+} -+#endif /* NEEDS_UNIX_SOCKET */ -+ - int - main (int argc, char *argv[]) - { - struct nbd_handle *nbd; - pid_t pid; - size_t i; -+#ifdef NEEDS_UNIX_SOCKET -+ char *uri; -+#else -+ const char *uri = URI; -+#endif -+ -+#ifdef NEEDS_UNIX_SOCKET -+ int fd = mkstemp (UNIX_SOCKET); -+ if (fd == -1 || -+ close (fd) == -1) { -+ perror (UNIX_SOCKET); -+ exit (EXIT_FAILURE); -+ } -+ /* We have to remove the temporary file first, since we will create -+ * a socket in its place, and ensure the socket is removed on exit. -+ */ -+ unlink_unix_socket (); -+ atexit (unlink_unix_socket); - --#ifdef SOCKET -- unlink (SOCKET); -+ /* uri = URI + UNIX_SOCKET */ -+ if (asprintf (&uri, "%s%s", URI, UNIX_SOCKET) == -1) { -+ perror ("asprintf"); -+ exit (EXIT_FAILURE); -+ } - #endif -+ - unlink (PIDFILE); - - pid = fork (); -@@ -75,13 +108,13 @@ main (int argc, char *argv[]) - - nbd_set_uri_allow_local_file (nbd, true); - -- if (nbd_connect_uri (nbd, URI) == -1) { -+ if (nbd_connect_uri (nbd, uri) == -1) { - fprintf (stderr, "%s\n", nbd_get_error ()); - exit (EXIT_FAILURE); - } - - /* Check we negotiated the right kind of connection. */ -- if (strncmp (URI, "nbds", 4) == 0) { -+ if (strncmp (uri, "nbds", 4) == 0) { - if (! nbd_get_tls_negotiated (nbd)) { - fprintf (stderr, "%s: failed to negotiate a TLS connection\n", - argv[0]); -@@ -95,8 +128,8 @@ main (int argc, char *argv[]) - } - - nbd_close (nbd); --#ifdef SOCKET -- unlink (SOCKET); -+#ifdef NEEDS_UNIX_SOCKET -+ free (uri); - #endif - exit (EXIT_SUCCESS); - } --- -2.43.0 - diff --git a/SOURCES/0011-lib-Allow-tls-certificates-DIR-query-parameter-in-UR.patch b/SOURCES/0011-lib-Allow-tls-certificates-DIR-query-parameter-in-UR.patch deleted file mode 100644 index 4226f72..0000000 --- a/SOURCES/0011-lib-Allow-tls-certificates-DIR-query-parameter-in-UR.patch +++ /dev/null @@ -1,194 +0,0 @@ -From ee3f88640062372d04406da321270a775377eb6c Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Fri, 3 Sep 2021 08:42:31 +0100 -Subject: [PATCH] lib: Allow tls-certificates= query parameter in URIs - -For nbd_connect_uri, this allows a non-default path to a certificates -directory to be specified. For example: - - nbds+unix://user@/?socket=/tmp/sock&tls-certificates=tests/pki - -nbd_get_uri is also extended to produce the tls-certificates query -field if nbd_set_tls_certificates was called. - -The main work here is extending the test suite so it actually tests -TLS URIs properly. Firstly we need to add --tls-verify-peer to the -nbdkit command line so it checks TLS client credentials at all -(previously it enabled TLS but didn't verify the client). Then we -need to add tests which use TLS certificates (previously only PSK was -being tested). And finally I loosened the rules for comparing URIs -since the order that query strings are returned by nbd_get_uri is not -necessarily the same as the query strings in nbd_connect_uri. - -(cherry picked from commit 847e0b9830f6a9f07b4c242e1a500cd2b90cca5a) -(cherry picked from commit 5e85582ec79460c95552f06c6d6c41d15dae092f) ---- - .gitignore | 5 +++-- - generator/API.ml | 10 ++++++++++ - lib/uri.c | 14 ++++++++++++-- - tests/Makefile.am | 47 +++++++++++++++++++++++++++++------------------ - 4 files changed, 54 insertions(+), 22 deletions(-) - -diff --git a/.gitignore b/.gitignore -index 4935b81b..c974e27b 100644 ---- a/.gitignore -+++ b/.gitignore -@@ -167,9 +167,10 @@ Makefile.in - /tests/connect-unix - /tests/connect-uri-nbd - /tests/connect-uri-nbd-unix --/tests/connect-uri-nbds -+/tests/connect-uri-nbds-certs - /tests/connect-uri-nbds-psk --/tests/connect-uri-nbds-unix -+/tests/connect-uri-nbds-unix-certs -+/tests/connect-uri-nbds-unix-psk - /tests/debug - /tests/debug-environment - /tests/errors -diff --git a/generator/API.ml b/generator/API.ml -index a46c6407..4b2a62e8 100644 ---- a/generator/API.ml -+++ b/generator/API.ml -@@ -1231,6 +1231,11 @@ Connect over the Unix domain socket F to - an NBD server running locally. The export name is set to C - (note without any leading C character). - -+=item C -+ -+Connect over a Unix domain socket, enabling TLS and setting the -+path to a directory containing certificates and keys. -+ - =item C - - In this scenario libnbd is running in a virtual machine. Connect -@@ -1291,6 +1296,11 @@ Specifies the Unix domain socket to connect on. - Must be present for the C<+unix> transport and must not - be present for the other transports. - -+=item BF -+ -+Set the certificates directory. See L. -+Note this is not allowed by default - see next section. -+ - =item BF - - Set the PSK file. See L. Note -diff --git a/lib/uri.c b/lib/uri.c -index 9f5a2901..c8d9041e 100644 ---- a/lib/uri.c -+++ b/lib/uri.c -@@ -249,9 +249,19 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri) - if (tls && nbd_unlocked_set_tls (h, LIBNBD_TLS_REQUIRE) == -1) - goto cleanup; - -- /* Look for some tls-* parameters. XXX More to come. */ -+ /* Look for some tls-* parameters. */ - for (i = 0; i < queries.size; i++) { -- if (strcmp (queries.ptr[i].name, "tls-psk-file") == 0) { -+ if (strcmp (queries.ptr[i].name, "tls-certificates") == 0) { -+ if (! h->uri_allow_local_file) { -+ set_error (EPERM, -+ "local file access (tls-certificates) is not allowed, " -+ "call nbd_set_uri_allow_local_file to enable this"); -+ goto cleanup; -+ } -+ if (nbd_unlocked_set_tls_certificates (h, queries.ptr[i].value) == -1) -+ goto cleanup; -+ } -+ else if (strcmp (queries.ptr[i].name, "tls-psk-file") == 0) { - if (! h->uri_allow_local_file) { - set_error (EPERM, - "local file access (tls-psk-file) is not allowed, " -diff --git a/tests/Makefile.am b/tests/Makefile.am -index ed5585a5..3c33b747 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -539,33 +539,32 @@ if HAVE_GNUTLS - if HAVE_CERTTOOL - - check_PROGRAMS += \ -- connect-uri-nbds \ -- connect-uri-nbds-unix \ -+ connect-uri-nbds-certs \ -+ connect-uri-nbds-unix-certs \ - $(NULL) - TESTS += \ -- connect-uri-nbds \ -- connect-uri-nbds-unix \ -+ connect-uri-nbds-certs \ -+ connect-uri-nbds-unix-certs \ - $(NULL) - - RANDOM2 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))") --connect_uri_nbds_SOURCES = connect-uri.c --connect_uri_nbds_CPPFLAGS = \ -+connect_uri_nbds_certs_SOURCES = connect-uri.c -+connect_uri_nbds_certs_CPPFLAGS = \ - $(AM_CPPFLAGS) \ -- -DSERVER_PARAMS='"-p", "$(RANDOM2)", "--tls=require", "--tls-certificates=pki"' \ -- -DPIDFILE='"connect-uri-nbds.pid"' \ -- -DURI='"nbds://localhost:$(RANDOM2)/"' \ -+ -DSERVER_PARAMS='"-p", "$(RANDOM2)", "--tls=require", "--tls-verify-peer", "--tls-certificates=pki"' \ -+ -DPIDFILE='"connect-uri-nbds-certs.pid"' \ -+ -DURI='"nbds://localhost:$(RANDOM2)/?tls-certificates=pki"' \ - $(NULL) --connect_uri_nbds_LDADD = $(top_builddir)/lib/libnbd.la -+connect_uri_nbds_certs_LDADD = $(top_builddir)/lib/libnbd.la - --connect_uri_nbds_unix_SOURCES = connect-uri.c --connect_uri_nbds_unix_CPPFLAGS = \ -+connect_uri_nbds_unix_certs_SOURCES = connect-uri.c -+connect_uri_nbds_unix_certs_CPPFLAGS = \ - $(AM_CPPFLAGS) \ - -DNEEDS_UNIX_SOCKET=1 \ -- -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-certificates=pki"' \ -- -DPIDFILE='"connect-uri-nbds-unix.pid"' \ -- -DURI='"nbds+unix:///?socket="' # UNIX_SOCKET appended --connect_uri_nbds_unix_CFLAGS = $(WARNINGS_CFLAGS) --connect_uri_nbds_unix_LDADD = $(top_builddir)/lib/libnbd.la -+ -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-verify-peer", "--tls-certificates=pki"' \ -+ -DPIDFILE='"connect-uri-nbds-unix-certs.pid"' \ -+ -DURI='"nbds+unix://alice@/?tls-certificates=pki&socket="' # UNIX_SOCKET appended -+connect_uri_nbds_unix_certs_LDADD = $(top_builddir)/lib/libnbd.la - - endif HAVE_CERTTOOL - -@@ -573,21 +572,33 @@ if HAVE_PSKTOOL - - check_PROGRAMS += \ - connect-uri-nbds-psk \ -+ connect-uri-nbds-unix-psk \ - $(NULL) - TESTS += \ - connect-uri-nbds-psk \ -+ connect-uri-nbds-unix-psk \ - $(NULL) - - RANDOM3 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))") - connect_uri_nbds_psk_SOURCES = connect-uri.c - connect_uri_nbds_psk_CPPFLAGS = \ - $(AM_CPPFLAGS) \ -- -DSERVER_PARAMS='"-p", "$(RANDOM3)", "--tls=require", "--tls-psk=keys.psk"' \ -+ -DSERVER_PARAMS='"-p", "$(RANDOM3)", "--tls=require", "--tls-verify-peer", "--tls-psk=keys.psk"' \ - -DPIDFILE='"connect-uri-nbds-psk.pid"' \ - -DURI='"nbds://alice@localhost:$(RANDOM3)/?tls-psk-file=keys.psk"' \ - $(NULL) - connect_uri_nbds_psk_LDADD = $(top_builddir)/lib/libnbd.la - -+connect_uri_nbds_unix_psk_SOURCES = connect-uri.c -+connect_uri_nbds_unix_psk_CPPFLAGS = \ -+ $(AM_CPPFLAGS) \ -+ -DNEEDS_UNIX_SOCKET=1 \ -+ -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-verify-peer", "--tls-psk=keys.psk"' \ -+ -DPIDFILE='"connect-uri-nbds-unix-psk.pid"' \ -+ -DURI='"nbds+unix://alice@/?tls-psk-file=keys.psk&socket="' # UNIX_SOCKET appended \ -+ $(NULL) -+connect_uri_nbds_unix_psk_LDADD = $(top_builddir)/lib/libnbd.la -+ - endif HAVE_PSKTOOL - - endif HAVE_GNUTLS --- -2.43.0 - diff --git a/SOURCES/0012-tests-make-pki.sh-Use-Subject-Alternative-Name-for-s.patch b/SOURCES/0012-tests-make-pki.sh-Use-Subject-Alternative-Name-for-s.patch deleted file mode 100644 index 12e461f..0000000 --- a/SOURCES/0012-tests-make-pki.sh-Use-Subject-Alternative-Name-for-s.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 10ca0d72932092b09475893de233f17d3eff8a72 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Thu, 4 Aug 2022 13:28:25 +0100 -Subject: [PATCH] tests/make-pki.sh: Use Subject Alternative Name for server - certificate - -This allows us to test this feature. - -(cherry picked from nbdkit commit 0c50bef16f9d6705add8db85c7ea7b4523770fba) - -(cherry picked from commit 38eabf6df05fae109212a4ce9afc9c0fe63c2f0e) -(cherry picked from commit b07898e1ee70b0641ec5233d6e8f7fa16b63c287) ---- - tests/make-pki.sh | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/tests/make-pki.sh b/tests/make-pki.sh -index d4f61204..03f4faa1 100755 ---- a/tests/make-pki.sh -+++ b/tests/make-pki.sh -@@ -75,6 +75,9 @@ chmod 0600 $1/server-key.pem - cat > $1/server.info < -Date: Mon, 24 Jun 2024 10:48:12 +0100 -Subject: [PATCH] lib/crypto.c: Check server certificate even when using system - CA -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The previous code checked the server certificate only when a custom -certificate directory was set (ie. nbd_set_tls_certificates / -?tls-certificates=DIR). In the fallback case where we use the system -CA, we never called gnutls_session_set_verify_cert and so the server -certificate was never checked. - -Move the call to gnutls_session_set_verify_cert later so it is called -on both paths. - -If the server certificate does not match the hostname you will see: - -nbdinfo: nbd_connect_uri: gnutls_handshake: Error in the certificate verification. (15/1) - -Reported-by: Jon Szymaniak -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 87ef41b69929d5d293390ec36b1c10aba2c9a57a) -(cherry picked from commit 81bd57bb8ab0b142207efb9f69a233418fbb4f8f) ---- - lib/crypto.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/lib/crypto.c b/lib/crypto.c -index 705e114a..4c398b03 100644 ---- a/lib/crypto.c -+++ b/lib/crypto.c -@@ -513,9 +513,6 @@ set_up_certificate_credentials (struct nbd_handle *h, - return NULL; - - found_certificates: -- if (h->hostname && h->tls_verify_peer) -- gnutls_session_set_verify_cert (session, h->hostname, 0); -- - err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, ret); - if (err < 0) { - set_error (0, "gnutls_credentials_set: %s", gnutls_strerror (err)); -@@ -625,6 +622,9 @@ nbd_internal_crypto_create_session (struct nbd_handle *h, - gnutls_deinit (session); - return NULL; - } -+ -+ if (h->hostname && h->tls_verify_peer) -+ gnutls_session_set_verify_cert (session, h->hostname, 0); - } - - /* Wrap the underlying socket with GnuTLS. */ --- -2.43.0 - diff --git a/SOURCES/0014-lib-crypto.c-Allow-CA-verification-even-if-h-hostnam.patch b/SOURCES/0014-lib-crypto.c-Allow-CA-verification-even-if-h-hostnam.patch deleted file mode 100644 index d8fe97d..0000000 --- a/SOURCES/0014-lib-crypto.c-Allow-CA-verification-even-if-h-hostnam.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 17dc75c8235af7126b3820d5e0be3488efe74671 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Mon, 24 Jun 2024 10:31:10 +0100 -Subject: [PATCH] lib/crypto.c: Allow CA verification even if h->hostname is - not set -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Calling gnutls_session_set_verify_cert with the hostname parameter set -to NULL is permitted: -https://www.gnutls.org/manual/html_node/Core-TLS-API.html#gnutls_005fsession_005fset_005fverify_005fcert - -It means that the server's hostname in the certificate will not be -verified but we can at least check that the certificate was signed by -the CA. This allows the CA to be checked even for connections over -Unix domain sockets. - -Example: - - $ rm -f /tmp/sock - $ nbdkit -U /tmp/sock -f --tls=require --tls-certificates=$HOME/d/nbdkit/tests/pki memory 1G & - -Before this change: - - $ nbdinfo 'nbds+unix://?socket=/tmp/sock' - protocol: newstyle-fixed with TLS, using structured packets - export="": - export-size: 1073741824 (1G) - content: data - uri: nbds+unix:///?socket=/tmp/sock - [etc] - -(works because it never called gnutls_session_set_verify_cert). - -After this change: - - $ nbdinfo 'nbds+unix://?socket=/tmp/sock' - nbdinfo: nbd_connect_uri: gnutls_handshake: Error in the certificate verification. (15/1) - -(fails because system CA does not know about nbdkit's certificate -which is signed by the CA from the nbdkit/tests/pki directory) - - $ nbdinfo 'nbds+unix://?socket=/tmp/sock&tls-certificates=/home/rjones/d/nbdkit/tests/pki' - protocol: newstyle-fixed with TLS, using structured packets - export="": - export-size: 1073741824 (1G) - content: data - uri: nbds+unix:///?socket=/tmp/sock&tls-certificates=/home/rjones/d/nbdkit/tests/pki - [etc] - -(works because we supplied the correct CA) - -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 6ed47a27d14f6f11946bb096d94e5bf21d97083d) -(cherry picked from commit 42ee6d8dd919b241b1f1510f5759673b26fc9731) ---- - lib/crypto.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/crypto.c b/lib/crypto.c -index 4c398b03..a5177bbb 100644 ---- a/lib/crypto.c -+++ b/lib/crypto.c -@@ -623,7 +623,7 @@ nbd_internal_crypto_create_session (struct nbd_handle *h, - return NULL; - } - -- if (h->hostname && h->tls_verify_peer) -+ if (h->tls_verify_peer) - gnutls_session_set_verify_cert (session, h->hostname, 0); - } - --- -2.43.0 - diff --git a/SOURCES/0015-lib-uri.c-Allow-tls-verify-peer-to-be-overridden-in-.patch b/SOURCES/0015-lib-uri.c-Allow-tls-verify-peer-to-be-overridden-in-.patch deleted file mode 100644 index c2c24d4..0000000 --- a/SOURCES/0015-lib-uri.c-Allow-tls-verify-peer-to-be-overridden-in-.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 1f82b6d2d894bf567926f4ae52f4362654db8f38 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Tue, 25 Jun 2024 11:12:56 +0100 -Subject: [PATCH] lib/uri.c: Allow tls-verify-peer to be overridden in URIs -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Older versions of libnbd didn't always check the server certificate. -Since some clients might be depending on this, allow -?tls-verify-peer=false in URIs to skip this check. - -Reviewed-by: Daniel P. Berrangé -(cherry picked from commit 75641c6b30155abce272f60cf3518a65654aa401) -(cherry picked from commit caad9cfb5dda0957c4b15cc85738a4c6ac856e8b) -(cherry picked from commit 4bfc3176de535350f884732b8793574e37714d2a) ---- - generator/API.ml | 5 +++++ - lib/uri.c | 32 ++++++++++++++++++++++++++++++++ - 2 files changed, 37 insertions(+) - -diff --git a/generator/API.ml b/generator/API.ml -index 4b2a62e8..69ee428d 100644 ---- a/generator/API.ml -+++ b/generator/API.ml -@@ -1306,6 +1306,11 @@ Note this is not allowed by default - see next section. - Set the PSK file. See L. Note - this is not allowed by default - see next section. - -+=item B -+ -+Do not verify the server certificate. See L. -+The default is C. -+ - =back - - =head2 Disable URI features -diff --git a/lib/uri.c b/lib/uri.c -index c8d9041e..8dfefd00 100644 ---- a/lib/uri.c -+++ b/lib/uri.c -@@ -140,6 +140,31 @@ error: - return -1; - } - -+/* Similar to nbdkit_parse_bool */ -+int -+parse_bool (const char *param, const char *value) -+{ -+ if (!strcmp (value, "1") || -+ !strcasecmp (value, "true") || -+ !strcasecmp (value, "t") || -+ !strcasecmp (value, "yes") || -+ !strcasecmp (value, "y") || -+ !strcasecmp (value, "on")) -+ return 1; -+ -+ if (!strcmp (value, "0") || -+ !strcasecmp (value, "false") || -+ !strcasecmp (value, "f") || -+ !strcasecmp (value, "no") || -+ !strcasecmp (value, "n") || -+ !strcasecmp (value, "off")) -+ return 0; -+ -+ set_error (EINVAL, "could not parse %s parameter, expecting %s=true|false", -+ param, param); -+ return -1; -+} -+ - int - nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri) - { -@@ -271,6 +296,13 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri) - if (nbd_unlocked_set_tls_psk_file (h, queries.ptr[i].value) == -1) - goto cleanup; - } -+ else if (strcasecmp (queries.ptr[i].name, "tls-verify-peer") == 0) { -+ int v = parse_bool ("tls-verify-peer", queries.ptr[i].value); -+ if (v == -1) -+ goto cleanup; -+ if (nbd_unlocked_set_tls_verify_peer (h, v) == -1) -+ goto cleanup; -+ } - } - - /* Username. */ --- -2.43.0 - diff --git a/SOURCES/0016-docs-security-Add-link-to-TLS-server-certificate-che.patch b/SOURCES/0016-docs-security-Add-link-to-TLS-server-certificate-che.patch deleted file mode 100644 index 8a6556b..0000000 --- a/SOURCES/0016-docs-security-Add-link-to-TLS-server-certificate-che.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 437d3aedd5ecbcb8d5234665015c5813a6ca1712 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Tue, 25 Jun 2024 17:53:47 +0100 -Subject: [PATCH] docs: security: Add link to TLS server certificate checking - announcement - -(cherry picked from commit 9c723aa660c6ee7d224afbfc16eb7450d21fb9cf) -(cherry picked from commit 9b77d853d82c291f74b51305d58e9db7f555a254) -(cherry picked from commit b477be4ed47daa6ba73c176ae8b0288ec8e84f23) ---- - docs/libnbd-security.pod | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod -index 0cae8462..b31f3f8b 100644 ---- a/docs/libnbd-security.pod -+++ b/docs/libnbd-security.pod -@@ -28,6 +28,11 @@ denial of service when using L - See the full announcement here: - L - -+=head2 multiple flaws in TLS server certificate checking -+ -+See the full announcement here: -+L -+ - =head1 SEE ALSO - - L. --- -2.43.0 - diff --git a/SOURCES/0017-docs-libnbd-security.pod-Assign-CVE-2024-7383.patch b/SOURCES/0017-docs-libnbd-security.pod-Assign-CVE-2024-7383.patch deleted file mode 100644 index efe2348..0000000 --- a/SOURCES/0017-docs-libnbd-security.pod-Assign-CVE-2024-7383.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 626331d88fdf8ed87dc066faeb836fc5926f5420 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Thu, 1 Aug 2024 15:17:29 +0100 -Subject: [PATCH] docs/libnbd-security.pod: Assign CVE-2024-7383 - -CVE-2024-7383 was assigned to the (already published & fixed) flaws -found in libnbd certificate checking. - -Reported-by: Jon Szymaniak -Thanks: Mauro Matteo Cascella -(cherry picked from commit 81a22ac6697ccdeb13509aba3072609251d1378b) -(cherry picked from commit 599281af594db8414d856db409846b04fce03824) -(cherry picked from commit 8f7dce2b6d6716f9eec0f352a3c420ae84a84be9) ---- - docs/libnbd-security.pod | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod -index b31f3f8b..4c3b5bbd 100644 ---- a/docs/libnbd-security.pod -+++ b/docs/libnbd-security.pod -@@ -28,7 +28,8 @@ denial of service when using L - See the full announcement here: - L - --=head2 multiple flaws in TLS server certificate checking -+=head2 CVE-2024-7383 -+multiple flaws in TLS server certificate checking - - See the full announcement here: - L --- -2.43.0 - diff --git a/SOURCES/libnbd-1.6.0.tar.gz.sig b/SOURCES/libnbd-1.6.0.tar.gz.sig deleted file mode 100644 index fa6006d..0000000 --- a/SOURCES/libnbd-1.6.0.tar.gz.sig +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAl/3RFQRHHJpY2hAYW5u -ZXhpYS5vcmcACgkQkXOPc+G3aKD9aw/+Pfg3owjJmhTcCyFvuH2lgiiBb+qL2An+ -hsoax6dM5JxzV6x1Ikgn3C8z2+dLRMowo2FrRgpzTwfaS+ngLDipSC04hKl9MhFN -7OPLCm+L7wcP7KUk4cC0qTSHpHkApo2SP3/bD7vVBYZMYSjgUVFcRoqZlRl3N9RF -7XNsxA2YG9bV4Ln3KbB+k2uxIKNUZIVjmEpretVbb+NTKW9C23ZHicSHYB+Eok1M -iTN6j66rYFn0Xb+L2v7jty19tSdYOMbkdSn0KpniURAWevjjVWGqcojMqW4YuAZ5 -h2MpRfyKFyusbsbtX5bjICTu6+AgFFUALKH7ReDs1RY1cEph9XdBLVulXTggxY05 -E3I1Nns1YmjRlV6ky2Abl2e+Doc44mycINRlwL2q8+Q3TqlVVPFXoVTWxIJ6/Uae -tqnEwWIa2wGv3KU1KLNbWTn1z6I8NM/Nj+7pMKDNnxJzFmHEjL94tmG+iNmHsF34 -vWBZ1q7h9EezxHLOPFYDjlpS+IxeuXakbpuTX2jXvi3zSAbr5WmRR1uO8dAiwu9b -RwOHRmVQOFLAAICYTZDmxl42DpWs5Z2aP7eRwpe8/MOSRiAVepjhUD/bsdaFwmBR -8Z7CGNzyTtt+sy5l7cPBYZ+4RdxWgFEBceBbHs06zdlD/Pui288UQVB/0e9AXYOc -wluyWT1v7sA= -=BaN1 ------END PGP SIGNATURE----- diff --git a/SPECS/libnbd.spec b/SPECS/libnbd.spec deleted file mode 100644 index 983cbcc..0000000 --- a/SPECS/libnbd.spec +++ /dev/null @@ -1,441 +0,0 @@ -# If we should verify tarball signature with GPGv2. -%global verify_tarball_signature 1 - -# If there are patches which touch autotools files, set this to 1. -%global patches_touch_autotools 1 - -# The source directory. -%global source_directory 1.6-stable - -Name: libnbd -Version: 1.6.0 -Release: 6%{?dist} -Summary: NBD client library in userspace - -License: LGPLv2+ -URL: https://github.com/libguestfs/libnbd - -Source0: http://libguestfs.org/download/libnbd/%{source_directory}/%{name}-%{version}.tar.gz -Source1: http://libguestfs.org/download/libnbd/%{source_directory}/%{name}-%{version}.tar.gz.sig -# Keyring used to verify tarball signature. This contains the single -# key from here: -# https://pgp.key-server.io/pks/lookup?search=rjones%40redhat.com&fingerprint=on&op=vindex -Source2: libguestfs.keyring - -# Maintainer script which helps with handling patches. -Source3: copy-patches.sh - -# Patches come from this upstream branch: -# https://github.com/libguestfs/libnbd/tree/rhel-8.10 - -# Patches. -Patch0001: 0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch -Patch0002: 0002-generator-Refactor-CONNECT.START-state.patch -Patch0003: 0003-generator-Print-a-better-error-message-if-connect-2-.patch -Patch0004: 0004-opt_go-Tolerate-unplanned-server-death.patch -Patch0005: 0005-security-Document-assignment-of-CVE-2021-20286.patch -Patch0006: 0006-copy-Pass-in-dummy-variable-rather-than-errno-to-cal.patch -Patch0007: 0007-copy-CVE-2022-0485-Fail-nbdcopy-if-NBD-read-or-write.patch -Patch0008: 0008-build-Move-to-minimum-gnutls-3.5.18.patch -Patch0009: 0009-tests-Factor-out-some-common-Makefile-flags.patch -Patch0010: 0010-tests-connect-uri.c-Ensure-Unix-domain-socket-is-cle.patch -Patch0011: 0011-lib-Allow-tls-certificates-DIR-query-parameter-in-UR.patch -Patch0012: 0012-tests-make-pki.sh-Use-Subject-Alternative-Name-for-s.patch -Patch0013: 0013-lib-crypto.c-Check-server-certificate-even-when-usin.patch -Patch0014: 0014-lib-crypto.c-Allow-CA-verification-even-if-h-hostnam.patch -Patch0015: 0015-lib-uri.c-Allow-tls-verify-peer-to-be-overridden-in-.patch -Patch0016: 0016-docs-security-Add-link-to-TLS-server-certificate-che.patch -Patch0017: 0017-docs-libnbd-security.pod-Assign-CVE-2024-7383.patch - -%if 0%{patches_touch_autotools} -BuildRequires: autoconf, automake, libtool -%endif - -%if 0%{verify_tarball_signature} -BuildRequires: gnupg2 -%endif - -# For the core library. -BuildRequires: gcc -BuildRequires: /usr/bin/pod2man -BuildRequires: gnutls-devel -BuildRequires: libxml2-devel - -# For nbdfuse. -BuildRequires: fuse, fuse-devel - -# For the Python 3 bindings. -BuildRequires: python3-devel - -# For the OCaml bindings. -BuildRequires: ocaml -BuildRequires: ocaml-findlib-devel -BuildRequires: ocaml-ocamldoc - -# Only for building the examples. -BuildRequires: glib2-devel - -# For bash-completion. -BuildRequires: bash-completion - -# Only for running the test suite. -BuildRequires: coreutils -BuildRequires: gcc-c++ -BuildRequires: gnutls-utils -#BuildRequires: jq -%ifnarch %{ix86} -BuildRequires: nbdkit -BuildRequires: nbdkit-data-plugin -#BuildRequires: nbdkit-eval-plugin -BuildRequires: nbdkit-memory-plugin -BuildRequires: nbdkit-null-plugin -BuildRequires: nbdkit-pattern-plugin -BuildRequires: nbdkit-sh-plugin -#BuildRequires: nbdkit-sparse-random-plugin -#BuildRequires: nbd -BuildRequires: qemu-img -%endif -BuildRequires: util-linux - - -%description -NBD — Network Block Device — is a protocol for accessing Block Devices -(hard disks and disk-like things) over a Network. - -This is the NBD client library in userspace, a simple library for -writing NBD clients. - -The key features are: - - * Synchronous and asynchronous APIs, both for ease of use and for - writing non-blocking, multithreaded clients. - - * High performance. - - * Minimal dependencies for the basic library. - - * Well-documented, stable API. - - * Bindings in several programming languages. - - -%package devel -Summary: Development headers for %{name} -License: LGPLv2+ and BSD -Requires: %{name}%{?_isa} = %{version}-%{release} - - -%description devel -This package contains development headers for %{name}. - - -%package -n ocaml-%{name} -Summary: OCaml language bindings for %{name} -Requires: %{name}%{?_isa} = %{version}-%{release} - - -%description -n ocaml-%{name} -This package contains OCaml language bindings for %{name}. - - -%package -n ocaml-%{name}-devel -Summary: OCaml language development package for %{name} -Requires: ocaml-%{name}%{?_isa} = %{version}-%{release} - - -%description -n ocaml-%{name}-devel -This package contains OCaml language development package for -%{name}. Install this if you want to compile OCaml software which -uses %{name}. - - -%package -n python3-%{name} -Summary: Python 3 bindings for %{name} -Requires: %{name}%{?_isa} = %{version}-%{release} -%{?python_provide:%python_provide python3-%{name}} - -# The Python module happens to be called lib*.so. Don't scan it and -# have a bogus "Provides: libnbdmod.*". -%global __provides_exclude_from ^%{python3_sitearch}/lib.*\\.so - - -%description -n python3-%{name} -python3-%{name} contains Python 3 bindings for %{name}. - - -%package -n nbdfuse -Summary: FUSE support for %{name} -License: LGPLv2+ and BSD -Requires: %{name}%{?_isa} = %{version}-%{release} - - -%description -n nbdfuse -This package contains FUSE support for %{name}. - - -%package bash-completion -Summary: Bash tab-completion for %{name} -BuildArch: noarch -Requires: bash-completion >= 2.0 -# Don't use _isa here because it's a noarch package. This dependency -# is just to ensure that the subpackage is updated along with libnbd. -Requires: %{name} = %{version}-%{release} - - -%description bash-completion -Install this package if you want intelligent bash tab-completion -for %{name}. - - -%prep -%if 0%{verify_tarball_signature} -tmphome="$(mktemp -d)" -gpgv2 --homedir "$tmphome" --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} -%endif -%autosetup -p1 -%if 0%{patches_touch_autotools} -autoreconf -i -%endif - - -%build -%configure \ - --disable-static \ - --with-tls-priority=@LIBNBD,SYSTEM \ - PYTHON=%{__python3} \ - --enable-python \ - --enable-ocaml \ - --enable-fuse \ - --disable-golang - -make %{?_smp_mflags} - - -%install -%make_install - -# Delete libtool crap. -find $RPM_BUILD_ROOT -name '*.la' -delete - -# Delete the golang man page since we're not distributing the bindings. -rm $RPM_BUILD_ROOT%{_mandir}/man3/libnbd-golang.3* - - -%check -# interop/structured-read.sh fails with the old qemu-nbd in Fedora 29, -# so disable it there. -%if 0%{?fedora} <= 29 -rm interop/structured-read.sh -touch interop/structured-read.sh -chmod +x interop/structured-read.sh -%endif - -# All fuse tests fail in Koji with: -# fusermount: entry for fuse/test-*.d not found in /etc/mtab -# for unknown reasons but probably related to the Koji environment. -for f in fuse/test-*.sh; do - rm $f - touch $f - chmod +x $f -done - -# info/info-map-base-allocation-json.sh fails because of a bug in -# jq 1.5 in RHEL 8 (fixed in later versions). -rm info/info-map-base-allocation-json.sh -touch info/info-map-base-allocation-json.sh -chmod +x info/info-map-base-allocation-json.sh - -make %{?_smp_mflags} check || { - for f in $(find -name test-suite.log); do - echo - echo "==== $f ====" - cat $f - done - exit 1 - } - - -%files -%doc README -%license COPYING.LIB -%{_bindir}/nbdcopy -%{_bindir}/nbdinfo -%{_libdir}/libnbd.so.* -%{_mandir}/man1/nbdcopy.1* -%{_mandir}/man1/nbdinfo.1* - - -%files devel -%doc TODO examples/*.c -%license examples/LICENSE-FOR-EXAMPLES -%{_includedir}/libnbd.h -%{_libdir}/libnbd.so -%{_libdir}/pkgconfig/libnbd.pc -%{_mandir}/man3/libnbd.3* -%{_mandir}/man1/libnbd-release-notes-1.*.1* -%{_mandir}/man3/libnbd-security.3* -%{_mandir}/man3/nbd_*.3* - - -%files -n ocaml-%{name} -%{_libdir}/ocaml/nbd -%exclude %{_libdir}/ocaml/nbd/*.a -%exclude %{_libdir}/ocaml/nbd/*.cmxa -%exclude %{_libdir}/ocaml/nbd/*.cmx -%exclude %{_libdir}/ocaml/nbd/*.mli -%{_libdir}/ocaml/stublibs/dllmlnbd.so -%{_libdir}/ocaml/stublibs/dllmlnbd.so.owner - - -%files -n ocaml-%{name}-devel -%doc ocaml/examples/*.ml -%license ocaml/examples/LICENSE-FOR-EXAMPLES -%{_libdir}/ocaml/nbd/*.a -%{_libdir}/ocaml/nbd/*.cmxa -%{_libdir}/ocaml/nbd/*.cmx -%{_libdir}/ocaml/nbd/*.mli -%{_mandir}/man3/libnbd-ocaml.3* -%{_mandir}/man3/NBD.3* -%{_mandir}/man3/NBD.*.3* - - -%files -n python3-%{name} -%{python3_sitearch}/libnbdmod*.so -%{python3_sitearch}/nbd.py -%{python3_sitearch}/nbdsh.py -%{python3_sitearch}/__pycache__/nbd*.py* -%{_bindir}/nbdsh -%{_mandir}/man1/nbdsh.1* - - -%files -n nbdfuse -%{_bindir}/nbdfuse -%{_mandir}/man1/nbdfuse.1* - - -%files bash-completion -%dir %{_datadir}/bash-completion/completions -%{_datadir}/bash-completion/completions/nbdcopy -%{_datadir}/bash-completion/completions/nbdfuse -%{_datadir}/bash-completion/completions/nbdinfo -%{_datadir}/bash-completion/completions/nbdsh - - -%changelog -* Tue Aug 27 2024 Richard W.M. Jones - 1.6.0-6.el8 -- Fix CVE-2024-7383 NBD server improper certificate validation - resolves: RHEL-52728 - -* Mon Feb 7 2022 Richard W.M. Jones - 1.6.0-5.el8 -- Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails - resolves: rhbz#2045718 - -* Thu Sep 2 2021 Danilo C. L. de Paula - 1.6.0-4.el8 -- Resolves: bz#2000225 - (Rebase virt:rhel module:stream based on AV-8.6) - -* Mon Jul 13 2020 Danilo C. L. de Paula - 1.2.2 -- Resolves: bz#1844296 -(Upgrade components in virt:rhel module:stream for RHEL-8.3 release) - -* Wed Feb 5 2020 Richard W.M. Jones - 1.2.2-1 -- New stable release 1.2.2. - -* Tue Dec 3 2019 Richard W.M. Jones - 1.2.1-1 -- New stable release 1.2.1. - -* Thu Nov 14 2019 Richard W.M. Jones - 1.2.0-1 -- New stable release 1.2.0. - -* Wed Oct 9 2019 Richard W.M. Jones - 1.0.3-1 -- New upstream version 1.0.3. -- Contains fix for remote code execution vulnerability. -- Add new libnbd-security(3) man page. - -* Tue Sep 17 2019 Richard W.M. Jones - 1.0.2-1 -- New upstream version 1.0.2. -- Remove patches which are upstream. -- Contains fix for NBD Protocol Downgrade Attack (CVE-2019-14842). -- Fix previous commit message. - -* Thu Sep 12 2019 Richard W.M. Jones - 1.0.1-2 -- Add upstream patch to fix nbdsh (for nbdkit tests). -- Fix interop tests on slow machines. - -* Sun Sep 08 2019 Richard W.M. Jones - 1.0.1-1 -- New stable version 1.0.1. - -* Wed Aug 28 2019 Richard W.M. Jones - 1.0.0-1 -- New upstream version 1.0.0. - -* Wed Aug 21 2019 Miro Hrončok - 0.9.9-2 -- Rebuilt for Python 3.8 - -* Wed Aug 21 2019 Richard W.M. Jones - 0.9.9-1 -- New upstream version 0.9.9. - -* Wed Aug 21 2019 Richard W.M. Jones - 0.9.8-4 -- Fix nbdkit dependencies so we're actually running the tests. -- Add glib2-devel BR so we build the glib main loop example. -- Add upstream patch to fix test error: - nbd_connect_unix: getlogin: No such device or address -- Fix test failure on 32 bit. - -* Tue Aug 20 2019 Richard W.M. Jones - 0.9.8-3 -- Bump and rebuild to fix releng brokenness. - https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/2LIDI33G3IEIPYSCCIP6WWKNHY7XZJGQ/ - -* Mon Aug 19 2019 Miro Hrončok - 0.9.8-2 -- Rebuilt for Python 3.8 - -* Thu Aug 15 2019 Richard W.M. Jones - 0.9.8-1 -- New upstream version 0.9.8. -- Package the new nbd_*(3) man pages. - -* Mon Aug 5 2019 Richard W.M. Jones - 0.9.7-1 -- New upstream version 0.9.7. -- Add libnbd-ocaml(3) man page. - -* Sat Aug 3 2019 Richard W.M. Jones - 0.9.6-2 -- Add all upstream patches since 0.9.6 was released. -- Package the ocaml bindings into a subpackage. - -* Tue Jul 30 2019 Richard W.M. Jones - 0.9.6-1 -- New upstream verison 0.9.6. - -* Fri Jul 26 2019 Richard W.M. Jones - 0.1.9-1 -- New upstream version 0.1.9. - -* Thu Jul 25 2019 Fedora Release Engineering - 0.1.8-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Wed Jul 17 2019 Richard W.M. Jones - 0.1.8-1 -- New upstream version 0.1.8. - -* Tue Jul 16 2019 Richard W.M. Jones - 0.1.7-1 -- New upstream version 0.1.7. - -* Wed Jul 3 2019 Richard W.M. Jones - 0.1.6-1 -- New upstream version 0.1.6. - -* Thu Jun 27 2019 Richard W.M. Jones - 0.1.5-1 -- New upstream version 0.1.5. - -* Sun Jun 09 2019 Richard W.M. Jones - 0.1.4-1 -- New upstream version 0.1.4. - -* Sun Jun 2 2019 Richard W.M. Jones - 0.1.2-2 -- Enable libxml2 for NBD URI support. - -* Thu May 30 2019 Richard W.M. Jones - 0.1.2-1 -- New upstream version 0.1.2. - -* Tue May 28 2019 Richard W.M. Jones - 0.1.1-1 -- Fix license in man pages and examples. -- Add nbdsh(1) man page. -- Include the signature and keyring even if validation is disabled. -- Update devel subpackage license. -- Fix old FSF address in Python tests. -- Filter Python provides. -- Remove executable permission on the tar.gz.sig file. -- Initial release. diff --git a/SOURCES/copy-patches.sh b/copy-patches.sh similarity index 98% rename from SOURCES/copy-patches.sh rename to copy-patches.sh index 36f191b..bab7b72 100755 --- a/SOURCES/copy-patches.sh +++ b/copy-patches.sh @@ -6,7 +6,7 @@ set -e # directory. Use it like this: # ./copy-patches.sh -rhel_version=8.10 +rhel_version=10.0 # Check we're in the right directory. if [ ! -f libnbd.spec ]; then diff --git a/libnbd-1.20.2.tar.gz.sig b/libnbd-1.20.2.tar.gz.sig new file mode 100644 index 0000000..80a5dcf --- /dev/null +++ b/libnbd-1.20.2.tar.gz.sig @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmZ7KY8RHHJpY2hAYW5u +ZXhpYS5vcmcACgkQkXOPc+G3aKAP7A/9EzaUWFPP1GDCrpfvVods7F+8DN87O/aZ +mTzw59HNZVz42Yw0cM8MAEckgnpMdT7d64m6E1lx8fxIYGaO+c4r+VeZfYlsZIam +HFzTe4UYwdjZT1HcR9njSkdL/6th5ZMM6NK+RI3MBmQAc5TfFxPUsXbHSAfLgclb +v3yh2F0x6gnSBMxdVVYGha/eGegLZONGhZIxVYlVr0VlFrpy3Lo6+4mxIw5Sbery +cY+LxKwpyx1Gj01qZS+muub7kCXefwZggf15F1NqaQNz6tzriwXpW1yrZGayERmT +s11htXEvqSI3ViO3Rf/paq5vKwo5v7AMLHI7cv2dzrmNglLrEsY4GywlHdgbDYLh +7qY6/35WzQwCcCWlvXP3K4SIkauH5lVR0KMsdU+idxpodqtHSTQN8f0z1vSSf5We +wilBzw1LPiD55Dz7/9AIbjU/w/iUREsZceplbis1DFsVxf+cVZTtwx0LJn2enKTc +O61LVcV9FDB7EJIdTQfFr9WJTR+6gfSF5R7H4kMX8gZHucoUruoXA+M4fqV8aRHc +5lrzgnsVN/GatF5R63yt6dSByQGqnyhpLynoYWCht64PRglb7XekGuT9AR3m85VP +hTu1fZsLfmVl9iJjc47/c5CKq9mAhoicDiCVCgTidCq5O9SmI2HgmCPUH/nd2+Fc +uB2geCRdnZ0= +=dUDc +-----END PGP SIGNATURE----- diff --git a/libnbd.spec b/libnbd.spec new file mode 100644 index 0000000..a349036 --- /dev/null +++ b/libnbd.spec @@ -0,0 +1,1004 @@ +# i686 no longer has any kind of OCaml compiler, not even ocamlc. +%ifnarch %{ix86} +%global have_ocaml 1 +%endif + +# No ublk in RHEL 9. +%if !0%{?rhel} +%global have_ublk 1 +%endif + +# No nbd.ko in RHEL 9. +%if !0%{?rhel} +%global have_nbd_ko 1 +%endif + +# If we should verify tarball signature with GPGv2. +%global verify_tarball_signature 1 + +# The source directory. +%global source_directory 1.20-stable + +Name: libnbd +Version: 1.20.2 +Release: 2%{?dist} +Summary: NBD client library in userspace + +License: LGPL-2.0-or-later AND BSD-3-Clause +URL: https://gitlab.com/nbdkit/libnbd + +Source0: http://libguestfs.org/download/libnbd/%{source_directory}/%{name}-%{version}.tar.gz +Source1: http://libguestfs.org/download/libnbd/%{source_directory}/%{name}-%{version}.tar.gz.sig +# Keyring used to verify tarball signature. This contains the single +# key from here: +# https://pgp.key-server.io/pks/lookup?search=rjones%40redhat.com&fingerprint=on&op=vindex +Source2: libguestfs.keyring + +# Maintainer script which helps with handling patches. +Source3: copy-patches.sh + +# Patches are stored in the upstream repository: +# https://gitlab.com/nbdkit/libnbd/-/commits/rhel-10.0/ + +Patch0001: 0001-generator-Print-full-error-in-handle_reply_error.patch +Patch0002: 0002-lib-Don-t-overwrite-error-in-nbd_opt_-go-info.patch +Patch0003: 0003-generator-Restore-assignment-to-local-err.patch +Patch0004: 0004-generator-states-newstyle.c-Quote-untrusted-string-f.patch +Patch0005: 0005-generator-states-newstyle.c-Don-t-sign-extend-escape.patch + +%if 0%{verify_tarball_signature} +BuildRequires: gnupg2 +%endif + +# For rebuilding autoconf cruft. +BuildRequires: autoconf, automake, libtool + +# For the core library. +BuildRequires: gcc +BuildRequires: make +BuildRequires: /usr/bin/pod2man +BuildRequires: gnutls-devel +BuildRequires: libxml2-devel + +# For nbdfuse. +BuildRequires: fuse3, fuse3-devel + +%if 0%{?have_ublk} +# For nbdublk +BuildRequires: liburing-devel >= 2.2 +BuildRequires: ubdsrv-devel >= 1.0-3.rc6 +%endif + +# For the Python 3 bindings. +BuildRequires: python3-devel + +%if 0%{?have_ocaml} +# For the OCaml bindings. +BuildRequires: ocaml +BuildRequires: ocaml-findlib-devel +BuildRequires: ocaml-ocamldoc +%endif + +# Only for building the examples. +BuildRequires: glib2-devel + +# For bash-completion. +BuildRequires: bash-completion + +# Only for running the test suite. +BuildRequires: coreutils +BuildRequires: gcc-c++ +BuildRequires: glibc-utils +BuildRequires: gnutls-utils +BuildRequires: iproute +BuildRequires: jq +%if 0%{?have_nbd_ko} +BuildRequires: nbd +%endif +BuildRequires: util-linux + +# On RHEL, maybe even in Fedora in future, we do not build qemu-img or +# nbdkit for i686. These are only needed for the test suite so make +# them optional. This reduces our test exposure on 32 bit platforms, +# although there is still Fedora/armv7 and some upstream testing. +%ifnarch %{ix86} +BuildRequires: qemu-img +BuildRequires: nbdkit +BuildRequires: nbdkit-data-plugin +BuildRequires: nbdkit-eval-plugin +BuildRequires: nbdkit-memory-plugin +BuildRequires: nbdkit-null-plugin +BuildRequires: nbdkit-pattern-plugin +BuildRequires: nbdkit-sh-plugin +BuildRequires: nbdkit-sparse-random-plugin +%endif + + +%description +NBD — Network Block Device — is a protocol for accessing Block Devices +(hard disks and disk-like things) over a Network. + +This is the NBD client library in userspace, a simple library for +writing NBD clients. + +The key features are: + + * Synchronous and asynchronous APIs, both for ease of use and for + writing non-blocking, multithreaded clients. + + * High performance. + + * Minimal dependencies for the basic library. + + * Well-documented, stable API. + + * Bindings in several programming languages. + + +%package devel +Summary: Development headers for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + + +%description devel +This package contains development headers for %{name}. + + +%if 0%{?have_ocaml} +%package -n ocaml-%{name} +Summary: OCaml language bindings for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + + +%description -n ocaml-%{name} +This package contains OCaml language bindings for %{name}. + + +%package -n ocaml-%{name}-devel +Summary: OCaml language development package for %{name} +Requires: ocaml-%{name}%{?_isa} = %{version}-%{release} + + +%description -n ocaml-%{name}-devel +This package contains OCaml language development package for +%{name}. Install this if you want to compile OCaml software which +uses %{name}. +%endif + + +%package -n python3-%{name} +Summary: Python 3 bindings for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +%{?python_provide:%python_provide python3-%{name}} + +# The Python module happens to be called lib*.so. Don't scan it and +# have a bogus "Provides: libnbdmod.*". +%global __provides_exclude_from ^%{python3_sitearch}/lib.*\\.so + + +%description -n python3-%{name} +python3-%{name} contains Python 3 bindings for %{name}. + + +%package -n nbdfuse +Summary: FUSE support for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +Recommends: fuse3 + + +%description -n nbdfuse +This package contains FUSE support for %{name}. + + +%if 0%{?have_ublk} +%package -n nbdublk +Summary: Userspace NBD block device +Requires: %{name}%{?_isa} = %{version}-%{release} +Recommends: kernel >= 6.0.0 +Recommends: %{_sbindir}/ublk + + +%description -n nbdublk +This package contains a userspace NBD block device +based on %{name}. +%endif + + +%package bash-completion +Summary: Bash tab-completion for %{name} +BuildArch: noarch +Requires: bash-completion >= 2.0 +# Don't use _isa here because it's a noarch package. This dependency +# is just to ensure that the subpackage is updated along with libnbd. +Requires: %{name} = %{version}-%{release} + + +%description bash-completion +Install this package if you want intelligent bash tab-completion +for %{name}. + + +%prep +%if 0%{verify_tarball_signature} +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' +%endif +%autosetup -p1 +autoreconf -i + + +%build +%configure \ + --disable-static \ + --with-tls-priority=@LIBNBD,SYSTEM \ + --with-bash-completions \ + PYTHON=%{__python3} \ + --enable-python \ +%if 0%{?have_ocaml} + --enable-ocaml \ +%else + --disable-ocaml \ +%endif + --enable-fuse \ + --disable-golang \ + --disable-rust \ +%if 0%{?have_ublk} + --enable-ublk \ +%else + --disable-ublk \ +%endif + %{nil} + +make %{?_smp_mflags} + + +%install +%make_install + +# Delete libtool crap. +find $RPM_BUILD_ROOT -name '*.la' -delete + +# Delete the golang man page since we're not distributing the bindings. +rm $RPM_BUILD_ROOT%{_mandir}/man3/libnbd-golang.3* + +%if !0%{?have_ocaml} +# Delete the OCaml man page on i686. +rm $RPM_BUILD_ROOT%{_mandir}/man3/libnbd-ocaml.3* +%endif + + +%check +function skip_test () +{ + for f in "$@"; do + rm -f "$f" + echo 'exit 77' > "$f" + chmod +x "$f" + done +} + +# interop/interop-qemu-storage-daemon.sh fails in RHEL 9 because of +# this bug in qemu: +# https://lists.nongnu.org/archive/html/qemu-devel/2021-03/threads.html#03544 +%if 0%{?rhel} +skip_test interop/interop-qemu-storage-daemon.sh +%endif + +# All fuse tests fail in Koji with: +# fusermount: entry for fuse/test-*.d not found in /etc/mtab +# for unknown reasons but probably related to the Koji environment. +skip_test fuse/test-*.sh + +# IPv6 loopback connections fail in Koji. +make -C tests connect-tcp6 ||: +skip_test tests/connect-tcp6 + +make %{?_smp_mflags} check || { + for f in $(find -name test-suite.log); do + echo + echo "==== $f ====" + cat $f + done + exit 1 + } + + +%files +%doc README.md +%license COPYING.LIB +%{_bindir}/nbdcopy +%{_bindir}/nbddump +%{_bindir}/nbdinfo +%{_libdir}/libnbd.so.* +%{_mandir}/man1/nbdcopy.1* +%{_mandir}/man1/nbddump.1* +%{_mandir}/man1/nbdinfo.1* + + +%files devel +%doc TODO examples/*.c +%license examples/LICENSE-FOR-EXAMPLES +%{_includedir}/libnbd.h +%{_libdir}/libnbd.so +%{_libdir}/pkgconfig/libnbd.pc +%{_mandir}/man3/libnbd.3* +%{_mandir}/man1/libnbd-release-notes-1.*.1* +%{_mandir}/man3/libnbd-security.3* +%{_mandir}/man3/nbd_*.3* + + +%if 0%{?have_ocaml} +%files -n ocaml-%{name} +%dir %{_libdir}/ocaml/nbd +%{_libdir}/ocaml/nbd/META +%{_libdir}/ocaml/nbd/*.cma +%{_libdir}/ocaml/nbd/*.cmi +%{_libdir}/ocaml/stublibs/dllmlnbd.so +%{_libdir}/ocaml/stublibs/dllmlnbd.so.owner + + +%files -n ocaml-%{name}-devel +%doc ocaml/examples/*.ml +%license ocaml/examples/LICENSE-FOR-EXAMPLES +%ifarch %{ocaml_native_compiler} +%{_libdir}/ocaml/nbd/*.cmxa +%{_libdir}/ocaml/nbd/*.cmx +%endif +%{_libdir}/ocaml/nbd/*.a +%{_libdir}/ocaml/nbd/*.mli +%{_mandir}/man3/libnbd-ocaml.3* +%{_mandir}/man3/NBD.3* +%{_mandir}/man3/NBD.*.3* +%endif + + +%files -n python3-%{name} +%{python3_sitearch}/libnbdmod*.so +%{python3_sitearch}/nbd.py +%{python3_sitearch}/nbdsh.py +%{python3_sitearch}/__pycache__/nbd*.py* +%{_bindir}/nbdsh +%{_mandir}/man1/nbdsh.1* + + +%files -n nbdfuse +%{_bindir}/nbdfuse +%{_mandir}/man1/nbdfuse.1* + + +%if 0%{?have_ublk} +%files -n nbdublk +%{_bindir}/nbdublk +%{_mandir}/man1/nbdublk.1* +%endif + + +%files bash-completion +%dir %{_datadir}/bash-completion/completions +%{_datadir}/bash-completion/completions/nbdcopy +%{_datadir}/bash-completion/completions/nbddump +%{_datadir}/bash-completion/completions/nbdfuse +%{_datadir}/bash-completion/completions/nbdinfo +%{_datadir}/bash-completion/completions/nbdsh +%if 0%{?have_ublk} +%{_datadir}/bash-completion/completions/nbdublk +%endif + + +%changelog +* Fri Jul 26 2024 Richard W.M. Jones - 1.20.2-2 +- Rebase to libnbd 1.20.2 +- Fix multiple flaws in TLS server certificate checking + resolves: RHEL-49802 +- Print full NBD error from server + resolves: RHEL-50667 + +* Tue Jun 25 2024 Troy Dawson - 1.20.1-5 +- Bump release for June 2024 mass rebuild + +* Wed Jun 19 2024 Richard W.M. Jones - 1.20.1-4 +- OCaml 5.2.0 ppc64le fix + +* Fri Jun 07 2024 Python Maint - 1.20.1-3 +- Rebuilt for Python 3.13 + +* Wed May 29 2024 Richard W.M. Jones - 1.20.1-2 +- OCaml 5.2.0 for Fedora 41 + +* Thu May 23 2024 Jerry James - 1.20.1-1 +- Remove unneeded Stdlib__Callback workaround + +* Tue May 7 2024 Richard W.M. Jones - 1.20.1-1 +- New stable branch version 1.20.1 + +* Mon Apr 15 2024 Miroslav Rezanina - 1.20.0-1 +- New stable branch version 1.20.0 +- Rebuild autoconf cruft unconditionally. +- Resolves: RHEL-32642 + +* Mon Feb 05 2024 Richard W.M. Jones - 1.19.6-1 +- New upstream development version 1.19.6 + +* Thu Jan 25 2024 Richard W.M. Jones - 1.19.5-3 +- Bump and rebuild for ELN + +* Thu Jan 25 2024 Fedora Release Engineering - 1.19.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Jan 22 2024 Richard W.M. Jones - 1.19.5-1 +- New upstream development version 1.19.5 + +* Sun Jan 21 2024 Fedora Release Engineering - 1.19.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Tue Jan 16 2024 Richard W.M. Jones - 1.19.4-1 +- New upstream development version 1.19.4 + +* Tue Dec 19 2023 Richard W.M. Jones - 1.19.3-2 +- New upstream development version 1.19.3 + +* Mon Dec 18 2023 Richard W.M. Jones - 1.19.2-4 +- OCaml 5.1.1 + s390x code gen fix for Fedora 40 + +* Thu Dec 14 2023 Richard W.M. Jones - 1.19.2-3 +- Fixes for https://github.com/ocaml/ocaml/issues/12820 + +* Tue Dec 12 2023 Richard W.M. Jones - 1.19.2-2 +- OCaml 5.1.1 rebuild for Fedora 40 + +* Wed Nov 22 2023 Richard W.M. Jones - 1.19.2-1 +- New upstream development version 1.19.2 + +* Tue Oct 31 2023 Richard W.M. Jones - 1.19.1-2 +- Fix assertion in ext-mode BLOCK_STATUS (CVE-2023-5871) + +* Mon Oct 23 2023 Richard W.M. Jones - 1.19.1-1 +- New upstream development version 1.19.1 + +* Thu Oct 05 2023 Richard W.M. Jones - 1.18.0-2 +- OCaml 5.1 rebuild for Fedora 40 + +* Wed Sep 27 2023 Richard W.M. Jones - 1.18.0-1 +- New upstream stable version 1.18.0 + +* Fri Sep 08 2023 Richard W.M. Jones - 1.17.5-1 +- New upstream development version 1.17.5 + +* Wed Aug 30 2023 Richard W.M. Jones - 1.17.4-1 +- New upstream development version 1.17.4 + +* Fri Aug 04 2023 Richard W.M. Jones - 1.17.3-1 +- New upstream development version 1.17.3 +- Disable Rust bindings. + +* Thu Jul 20 2023 Fedora Release Engineering - 1.17.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Fri Jul 14 2023 Richard W.M. Jones - 1.17.2-1 +- New upstream development version 1.17.2 + +* Thu Jul 13 2023 Richard W.M. Jones - 1.17.1-6 +- Bump and rebuild for updated python3 and perl + +* Tue Jul 11 2023 Richard W.M. Jones - 1.17.1-5 +- OCaml 5.0 rebuild for Fedora 39 + +* Mon Jul 10 2023 Jerry James - 1.17.1-4 +- OCaml 5.0.0 rebuild + +* Mon Jun 26 2023 Python Maint - 1.17.1-3 +- Rebuilt for Python 3.12 + +* Thu Jun 22 2023 Richard W.M. Jones - 1.17.1-2 +- Add OCaml 5 support + +* Mon Jun 19 2023 Richard W.M. Jones - 1.17.1-1 +- New upstream development version 1.17.1 + +* Tue Jun 13 2023 Python Maint - 1.16.1-3 +- Rebuilt for Python 3.12 + +* Mon Jun 05 2023 Richard W.M. Jones - 1.16.1-2 +- Migrated to SPDX license + +* Wed May 10 2023 Richard W.M. Jones - 1.16.1-1 +- New upstream stable version 1.16.1 + +* Tue Apr 18 2023 Richard W.M. Jones - 1.16.0-1 +- New upstream stable version 1.16.0 + +* Thu Apr 13 2023 Richard W.M. Jones - 1.15.13-1 +- New upstream development version 1.15.13 + +* Thu Mar 09 2023 Richard W.M. Jones - 1.15.12-1 +- New upstream development version 1.15.12 + +* Tue Feb 28 2023 Richard W.M. Jones - 1.15.11-1 +- New upstream development version 1.15.11 + +* Sat Feb 25 2023 Richard W.M. Jones - 1.15.10-1 +- New upstream development version 1.15.10 + +* Tue Jan 24 2023 Richard W.M. Jones - 1.15.9-2 +- Rebuild OCaml packages for F38 + +* Sat Jan 21 2023 Richard W.M. Jones - 1.15.9-1 +- New upstream development version 1.15.9 + +* Thu Jan 19 2023 Fedora Release Engineering - 1.15.8-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Tue Jan 03 2023 Richard W.M. Jones - 1.15.8-3 +- Fix for Python 3.12 distutils change (RHBZ#2152674). + +* Fri Dec 09 2022 Richard W.M. Jones - 1.15.8-2 +- Rebuild against new ubdsrv API + +* Fri Nov 25 2022 Richard W.M. Jones - 1.15.8-1 +- New upstream development version 1.15.8 + +* Thu Nov 03 2022 Richard W.M. Jones - 1.15.7-1 +- New upstream development version 1.15.7 + +* Thu Oct 13 2022 Richard W.M. Jones - 1.15.6-1 +- New upstream development version 1.15.6 + +* Tue Oct 11 2022 Richard W.M. Jones - 1.15.5-1 +- New upstream development version 1.15.5 + +* Tue Sep 27 2022 Richard W.M. Jones - 1.15.4-1 +- New upstream development version 1.15.4 + +* Fri Sep 02 2022 Richard W.M. Jones - 1.15.3-1 +- New upstream development version 1.15.3 +- New tool: nbdublk + +* Thu Aug 18 2022 Richard W.M. Jones - 1.15.1-1 +- New upstream development version 1.15.1 + +* Thu Aug 11 2022 Richard W.M. Jones - 1.14.1-1 +- New upstream stable version 1.14.1 + +* Tue Aug 02 2022 Richard W.M. Jones - 1.14.0-2 +- Add some small upstream patches since 1.14.0 + +* Mon Aug 01 2022 Richard W.M. Jones - 1.14.0-1 +- New upstream stable version 1.14.0 + +* Fri Jul 29 2022 Richard W.M. Jones - 1.13.9-1 +- New upstream development version 1.13.9 + +* Wed Jul 27 2022 Richard W.M. Jones - 1.13.8-1 +- New upstream development version 1.13.8 + +* Thu Jul 21 2022 Fedora Release Engineering - 1.13.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sun Jul 10 2022 Richard W.M. Jones - 1.13.7-1 +- New upstream development version 1.13.7 + +* Sun Jul 10 2022 Richard W.M. Jones - 1.13.6-1 +- New upstream development version 1.13.6 + +* Fri Jul 01 2022 Richard W.M. Jones - 1.13.5-1 +- New upstream development version 1.13.5 + +* Thu Jun 30 2022 Richard W.M. Jones - 1.13.4-1 +- New upstream development version 1.13.4 +- New tool: nbddump + +* Mon Jun 27 2022 Richard W.M. Jones - 1.13.3-1 +- New upstream development version 1.13.3 + +* Mon Jun 20 2022 Richard W.M. Jones - 1.13.2-5 +- Rebuild for OCaml 4.14.0 because of Python conflict + +* Mon Jun 20 2022 Python Maint - 1.13.2-4 +- Rebuilt for Python 3.11 + +* Sat Jun 18 2022 Richard W.M. Jones - 1.13.2-3 +- OCaml 4.14.0 rebuild + +* Mon Jun 13 2022 Python Maint - 1.13.2-2 +- Rebuilt for Python 3.11 + +* Mon Jun 13 2022 Richard W.M. Jones - 1.13.2-1 +- New upstream development version 1.13.2 + +* Thu Jun 09 2022 Richard W.M. Jones - 1.13.1-1 +- New upstream development version 1.13.1 +- Rename README file. + +* Sun May 29 2022 Richard W.M. Jones - 1.12.3-1 +- New upstream stable version 1.12.3 + +* Tue Mar 15 2022 Richard W.M. Jones - 1.12.2-1 +- New upstream stable version 1.12.2 + +* Tue Mar 01 2022 Richard W.M. Jones - 1.12.1-1 +- New upstream stable version 1.12.1 + +* Thu Feb 24 2022 Richard W.M. Jones - 1.12.0-1 +- New upstream stable version 1.12.0 + +* Sat Feb 19 2022 Richard W.M. Jones - 1.11.11-1 +- New upstream development version 1.11.11 + +* Tue Feb 15 2022 Richard W.M. Jones - 1.11.10-1 +- New upstream development version 1.11.10 + +* Thu Feb 10 2022 Richard W.M. Jones - 1.11.9-1 +- New upstream development version 1.11.9 + +* Sat Feb 05 2022 Richard W.M. Jones - 1.11.8-1 +- New upstream development version 1.11.8. +- Fixes: CVE-2022-0485 nbdcopy may create corrupted destination image + +* Fri Feb 04 2022 Richard W.M. Jones - 1.11.7-3 +- OCaml 4.13.1 rebuild to remove package notes + +* Thu Jan 20 2022 Fedora Release Engineering - 1.11.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Mon Jan 17 2022 Richard W.M. Jones - 1.11.7-1 +- New upstream development version 1.11.7 + +* Tue Jan 04 2022 Richard W.M. Jones - 1.11.6-1 +- New upstream development version 1.11.6 + +* Tue Nov 30 2021 Eric Blake - 1.11.5-1 +- New upstream development version 1.11.5 + +* Fri Nov 19 2021 Richard W.M. Jones - 1.11.4-1 +- New upstream development version 1.11.4 + +* Thu Nov 04 2021 Richard W.M. Jones - 1.11.3-1 +- New upstream development version 1.11.3 + +* Tue Nov 02 2021 Richard W.M. Jones - 1.11.2-1 +- New upstream development version 1.11.2 + +* Mon Oct 25 2021 Richard W.M. Jones - 1.11.1-1 +- New upstream development version 1.11.1 + +* Mon Oct 04 2021 Richard W.M. Jones - 1.10.0-2 +- OCaml 4.13.1 build + +* Thu Sep 23 2021 Richard W.M. Jones - 1.10.0-1 +- New upstream stable branch version 1.10.0 + +* Tue Sep 21 2021 Richard W.M. Jones - 1.9.6-1 +- New upstream development version 1.9.6. + +* Fri Sep 03 2021 Richard W.M. Jones - 1.9.5-1 +- New upstream development version 1.9.5. + +* Fri Aug 27 2021 Richard W.M. Jones - 1.9.4-1 +- New upstream development version 1.9.4. + +* Fri Jul 30 2021 Eric Blake - 1.9.3-1 +- New upstream development version 1.9.3. + +* Thu Jul 22 2021 Fedora Release Engineering - 1.9.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Sat Jul 03 2021 Richard W.M. Jones - 1.9.2-1 +- New upstream development version 1.9.2. + +* Fri Jun 11 2021 Richard W.M. Jones - 1.9.1-1 +- New upstream development version 1.9.1. + +* Mon Jun 07 2021 Python Maint - 1.8.0-2 +- Rebuilt for Python 3.10 + +* Mon Jun 07 2021 Richard W.M. Jones - 1.8.0-1 +- New upstream version 1.8.0. + +* Fri Jun 04 2021 Python Maint - 1.7.12-2 +- Rebuilt for Python 3.10 + +* Sat May 29 2021 Richard W.M. Jones - 1.7.12-1 +- New upstream version 1.7.12. + +* Thu May 20 2021 Richard W.M. Jones - 1.7.11-1 +- New upstream version 1.7.11. + +* Fri May 14 2021 Richard W.M. Jones - 1.7.10-1 +- New upstream version 1.7.10. + +* Thu Apr 29 2021 Richard W.M. Jones - 1.7.9-1 +- New upstream version 1.7.9. +- Switch to fuse3. +- Make nbdfuse package recommend fuse3 (to get fusermount3). + +* Sat Apr 24 2021 Richard W.M. Jones - 1.7.8-1 +- New upstream development version 1.7.8. + +* Sat Apr 10 2021 Richard W.M. Jones - 1.7.7-1 +- New upstream development version 1.7.7. +- +BR iproute +- Add skip_test helper function. +- Skip connect-tcp6 test which fails under Koji. + +* Thu Apr 08 2021 Richard W.M. Jones - 1.7.6-1 +- New upstream development version 1.7.6. + +* Sat Apr 03 2021 Richard W.M. Jones - 1.7.5-1 +- New upstream development version 1.7.5. + +* Mon Mar 15 2021 Richard W.M. Jones - 1.7.4-1 +- New upstream development version 1.7.4. + +* Mon Mar 15 2021 Richard W.M. Jones - 1.7.3-3 +- Update documentation for CVE-2021-20286. +- Workaround broken interop/interop-qemu-storage-daemon.sh test in RHEL 9. + +* Thu Mar 4 2021 Richard W.M. Jones - 1.7.3-2 +- Add fix for nbdkit test suite. + +* Tue Mar 2 2021 Richard W.M. Jones - 1.7.3-1 +- New upstream version 1.7.3. + +* Mon Mar 1 2021 Richard W.M. Jones - 1.7.2-3 +- OCaml 4.12.0 build + +* Wed Feb 24 2021 Richard W.M. Jones - 1.7.2-2 +- Disable nbd BR on RHEL. + +* Mon Feb 22 2021 Richard W.M. Jones - 1.7.2-1 +- New upstream version 1.7.2. + +* Fri Jan 29 2021 Richard W.M. Jones - 1.7.1-6 +- Disable BR qemu-img on i686. + +* Thu Jan 28 2021 Richard W.M. Jones - 1.7.1-3 +- Disable BR nbdkit on i686 because it breaks ELN/RHEL 9. + +* Tue Jan 26 2021 Fedora Release Engineering - 1.7.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 20 2021 Richard W.M. Jones - 1.7.1-1 +- New upstream development version 1.7.1. + +* Thu Jan 07 2021 Richard W.M. Jones - 1.6.0-1 +- New upstream stable version 1.6.0. + +* Tue Dec 08 2020 Richard W.M. Jones - 1.5.9-1 +- New upstream development version 1.5.9. + +* Thu Dec 03 2020 Richard W.M. Jones - 1.5.8-1 +- New upstream development version 1.5.8. +- Unify Fedora and RHEL spec files. + +* Wed Nov 25 2020 Richard W.M. Jones - 1.5.7-1 +- New upstream development version 1.5.7. +- Add some more test suite buildrequires lines. +- Fix bogus date in changelog. + +* Thu Nov 12 2020 Richard W.M. Jones - 1.5.6-1 +- New upstream development version 1.5.6. + +* Mon Nov 02 2020 Richard W.M. Jones - 1.5.5-1 +- New upstream development version 1.5.5. + +* Mon Oct 05 2020 Richard W.M. Jones - 1.5.4-1 +- New upstream development version 1.5.4. +- More OCaml man pages. + +* Sat Sep 26 2020 Richard W.M. Jones - 1.5.3-1 +- New upstream development version 1.5.3. + +* Thu Sep 10 2020 Richard W.M. Jones - 1.5.2-1 +- New upstream development version 1.5.2. + +* Tue Sep 08 2020 Richard W.M. Jones - 1.5.1-1 +- New upstream development version 1.5.1. + +* Tue Sep 01 2020 Richard W.M. Jones - 1.4.0-2 +- OCaml 4.11.1 rebuild + +* Tue Aug 25 2020 Richard W.M. Jones - 1.4.0-1 +- New stable release 1.4.0. + +* Fri Aug 21 2020 Richard W.M. Jones - 1.3.12-3 +- Bump release and rebuild. + +* Fri Aug 21 2020 Richard W.M. Jones - 1.3.12-2 +- OCaml 4.11.0 rebuild + +* Thu Aug 20 2020 Richard W.M. Jones - 1.3.12-1 +- New upstream version 1.3.12. + +* Thu Aug 6 2020 Richard W.M. Jones - 1.3.11-1 +- New upstream version 1.3.11. + +* Tue Aug 4 2020 Richard W.M. Jones - 1.3.10-1 +- New upstream version 1.3.10. + +* Wed Jul 29 2020 Richard W.M. Jones - 1.3.9-3 +- Bump and rebuild. + +* Tue Jul 28 2020 Fedora Release Engineering - 1.3.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 21 2020 Richard W.M. Jones - 1.3.9-1 +- New upstream version 1.3.9. +- New tool: nbdinfo. + +* Fri Jul 17 2020 Richard W.M. Jones - 1.3.8-2 +- New upstream version 1.3.8. +- New tool: nbdcopy +- Add upstream patch to fix compilation with glibc from Rawhide. + +* Tue May 26 2020 Miro Hrončok - 1.3.7-3 +- Rebuilt for Python 3.9 + +* Mon May 04 2020 Richard W.M. Jones - 1.3.7-2 +- OCaml 4.11.0+dev2-2020-04-22 rebuild + +* Thu Apr 23 2020 Richard W.M. Jones - 1.3.7-1 +- New upstream version 1.3.7. + +* Tue Apr 21 2020 Richard W.M. Jones - 1.3.6-5 +- OCaml 4.11.0 pre-release attempt 2 + +* Fri Apr 17 2020 Richard W.M. Jones - 1.3.6-4 +- OCaml 4.11.0 pre-release +- Add upstream patch to fix one of the tests that fails on slow machines. + +* Thu Apr 02 2020 Richard W.M. Jones - 1.3.6-2 +- Update all OCaml dependencies for RPM 4.16. + +* Tue Mar 31 2020 Richard W.M. Jones - 1.3.6-1 +- New upstream development version 1.3.6. +- Golang bindings are contained in this release but not distributed. + +* Wed Mar 11 2020 Richard W.M. Jones - 1.3.5-2 +- Fix bogus runtime Requires of new bash-completion package. + +* Tue Mar 10 2020 Richard W.M. Jones - 1.3.5-1 +- New upstream development version 1.3.5. +- Add new bash-completion subpackage. + +* Sat Feb 29 2020 Richard W.M. Jones - 1.3.4-1 +- New upstream development version 1.3.4. + +* Wed Feb 26 2020 Richard W.M. Jones - 1.3.3-2 +- OCaml 4.10.0 final. + +* Wed Feb 05 2020 Richard W.M. Jones - 1.3.3-1 +- New upstream development version 1.3.3. + +* Thu Jan 30 2020 Richard W.M. Jones - 1.3.2-1 +- New upstream development version 1.3.2. + +* Wed Jan 29 2020 Fedora Release Engineering - 1.3.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sun Jan 19 2020 Richard W.M. Jones - 1.3.1-4 +- Bump release and rebuild. + +* Sun Jan 19 2020 Richard W.M. Jones - 1.3.1-3 +- OCaml 4.10.0+beta1 rebuild. + +* Thu Dec 12 2019 Richard W.M. Jones - 1.3.1-2 +- Rebuild for OCaml 4.09.0. + +* Tue Dec 03 2019 Richard W.M. Jones - 1.3.1-1 +- New upstream development version 1.3.1. + +* Wed Nov 27 2019 Richard W.M. Jones - 1.2.0-2 +- Use gpgverify macro instead of explicit gpgv2 command. + +* Thu Nov 14 2019 Richard W.M. Jones - 1.2.0-1 +- New stable release 1.2.0 + +* Sat Nov 09 2019 Richard W.M. Jones - 1.1.9-1 +- New upstream version 1.1.9. +- Add new nbdkit-release-notes-1.2(1) man page. + +* Wed Nov 06 2019 Richard W.M. Jones - 1.1.8-1 +- New upstream version 1.1.8. + +* Thu Oct 24 2019 Richard W.M. Jones - 1.1.7-1 +- New upstream version 1.1.7. + +* Sat Oct 19 2019 Richard W.M. Jones - 1.1.6-1 +- New upstream version 1.1.6. + +* Sat Oct 12 2019 Richard W.M. Jones - 1.1.5-1 +- New upstream version 1.1.5. +- New tool and subpackage nbdfuse. + +* Wed Oct 9 2019 Richard W.M. Jones - 1.1.4-1 +- New upstream version 1.1.4. +- Contains fix for remote code execution vulnerability. +- Add new libnbd-security(3) man page. + +* Tue Oct 1 2019 Richard W.M. Jones - 1.1.3-1 +- New upstream version 1.1.3. + +* Tue Sep 17 2019 Richard W.M. Jones - 1.1.2-1 +- New upstream version 1.1.2. +- Remove patches which are upstream. +- Contains fix for NBD Protocol Downgrade Attack (CVE-2019-14842). + +* Thu Sep 12 2019 Richard W.M. Jones - 1.1.1-2 +- Add upstream patch to fix nbdsh (for nbdkit tests). + +* Sun Sep 08 2019 Richard W.M. Jones - 1.1.1-1 +- New development version 1.1.1. + +* Wed Aug 28 2019 Richard W.M. Jones - 1.0.0-1 +- New upstream version 1.0.0. + +* Wed Aug 21 2019 Miro Hrončok - 0.9.9-2 +- Rebuilt for Python 3.8 + +* Wed Aug 21 2019 Richard W.M. Jones - 0.9.9-1 +- New upstream version 0.9.9. + +* Wed Aug 21 2019 Richard W.M. Jones - 0.9.8-4 +- Fix nbdkit dependencies so we're actually running the tests. +- Add glib2-devel BR so we build the glib main loop example. +- Add upstream patch to fix test error: + nbd_connect_unix: getlogin: No such device or address +- Fix test failure on 32 bit. + +* Tue Aug 20 2019 Richard W.M. Jones - 0.9.8-3 +- Bump and rebuild to fix releng brokenness. + https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/2LIDI33G3IEIPYSCCIP6WWKNHY7XZJGQ/ + +* Mon Aug 19 2019 Miro Hrončok - 0.9.8-2 +- Rebuilt for Python 3.8 + +* Thu Aug 15 2019 Richard W.M. Jones - 0.9.8-1 +- New upstream version 0.9.8. +- Package the new nbd_*(3) man pages. + +* Mon Aug 5 2019 Richard W.M. Jones - 0.9.7-1 +- New upstream version 0.9.7. +- Add libnbd-ocaml(3) man page. + +* Sat Aug 3 2019 Richard W.M. Jones - 0.9.6-2 +- Add all upstream patches since 0.9.6 was released. +- Package the ocaml bindings into a subpackage. + +* Tue Jul 30 2019 Richard W.M. Jones - 0.9.6-1 +- New upstream verison 0.9.6. + +* Fri Jul 26 2019 Richard W.M. Jones - 0.1.9-1 +- New upstream version 0.1.9. + +* Thu Jul 25 2019 Fedora Release Engineering - 0.1.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Wed Jul 17 2019 Richard W.M. Jones - 0.1.8-1 +- New upstream version 0.1.8. + +* Tue Jul 16 2019 Richard W.M. Jones - 0.1.7-1 +- New upstream version 0.1.7. + +* Wed Jul 3 2019 Richard W.M. Jones - 0.1.6-1 +- New upstream version 0.1.6. + +* Thu Jun 27 2019 Richard W.M. Jones - 0.1.5-1 +- New upstream version 0.1.5. + +* Sun Jun 09 2019 Richard W.M. Jones - 0.1.4-1 +- New upstream version 0.1.4. + +* Sun Jun 2 2019 Richard W.M. Jones - 0.1.2-2 +- Enable libxml2 for NBD URI support. + +* Thu May 30 2019 Richard W.M. Jones - 0.1.2-1 +- New upstream version 0.1.2. + +* Tue May 28 2019 Richard W.M. Jones - 0.1.1-1 +- Fix license in man pages and examples. +- Add nbdsh(1) man page. +- Include the signature and keyring even if validation is disabled. +- Update devel subpackage license. +- Fix old FSF address in Python tests. +- Filter Python provides. +- Remove executable permission on the tar.gz.sig file. +- Initial release. diff --git a/sources b/sources new file mode 100644 index 0000000..f275588 --- /dev/null +++ b/sources @@ -0,0 +1,2 @@ +SHA512 (libguestfs.keyring) = 69663d5dd3edb47af6f18119c0748211c1cecf230c2dd8baaf349f44df1f893730ca6bb8b1f60a55ea42f8ff04fd48c3e5954501bb57952950032012a42c9f19 +SHA512 (libnbd-1.20.2.tar.gz) = e390dc57080e9c7b246d1a4c21b80fd9479f7b5eeeaa7a36615c5d6ebf6df2e14f9b2fbebfb9102de282160d531277c6364c74a47619a20fb0646f8222054852