From bd814fcc347b174e18d208ad720478c5edc52d6f Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Fri, 19 Mar 2021 14:45:29 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/libnbd.git#b5a71ab87ad8c2289fbd2364fae2fe7c2c3629b8 --- 0001-copy-Stable-sort-in-tests.patch | 2 +- ...ocument-assignment-of-CVE-2021-20286.patch | 39 ++++++ 0002-copy-Nicer-sort.patch | 2 +- ...opy-file-ops.c-Remove-unneeded-check.patch | 2 +- ...opy-file-ops.c-Remove-unneeded-check.patch | 2 +- ...Fix-page-eviction-when-len-page_size.patch | 2 +- ...atus-reflect-any-failures-during-NBD.patch | 119 ++++++++++++++++++ libnbd.spec | 28 +++-- sources | 4 +- 9 files changed, 185 insertions(+), 15 deletions(-) create mode 100644 0001-security-Document-assignment-of-CVE-2021-20286.patch create mode 100644 0006-info-Let-exit-status-reflect-any-failures-during-NBD.patch diff --git a/0001-copy-Stable-sort-in-tests.patch b/0001-copy-Stable-sort-in-tests.patch index 93b3ecd..ff86fd7 100644 --- a/0001-copy-Stable-sort-in-tests.patch +++ b/0001-copy-Stable-sort-in-tests.patch @@ -1,7 +1,7 @@ From 8b20bbd329c07941f3e4aa00e14c05ed27b25435 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 2 Mar 2021 22:20:49 +0000 -Subject: [PATCH 1/5] copy: Stable sort in tests. +Subject: [PATCH 1/6] copy: Stable sort in tests. When running the tests in Koji they behaved differently from running locally (under a UTF-8 locale). This turned out to be a difference in diff --git a/0001-security-Document-assignment-of-CVE-2021-20286.patch b/0001-security-Document-assignment-of-CVE-2021-20286.patch new file mode 100644 index 0000000..ca96878 --- /dev/null +++ b/0001-security-Document-assignment-of-CVE-2021-20286.patch @@ -0,0 +1,39 @@ +From 40308a005eaa6b2e8f98da8952d0c0cacc51efde Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Fri, 12 Mar 2021 17:00:58 -0600 +Subject: [PATCH] security: Document assignment of CVE-2021-20286 + +Now that we finally have a CVE number, it's time to document +the problem (it's low severity, but still a denial of service). + +Fixes: fb4440de9cc7 (opt_go: Tolerate unplanned server death) +--- + docs/libnbd-security.pod | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod +index 876ef2f..3c994de 100644 +--- a/docs/libnbd-security.pod ++++ b/docs/libnbd-security.pod +@@ -22,6 +22,12 @@ L + See the full announcement here: + L + ++=head2 CVE-2021-20286 ++denial of service when using L ++ ++See the full announcement here: ++L ++ + =head1 SEE ALSO + + L. +@@ -34,4 +40,4 @@ Richard W.M. Jones + + =head1 COPYRIGHT + +-Copyright (C) 2019 Red Hat Inc. ++Copyright (C) 2019-2021 Red Hat Inc. +-- +2.29.0.rc2 + diff --git a/0002-copy-Nicer-sort.patch b/0002-copy-Nicer-sort.patch index 7ea1409..092ea58 100644 --- a/0002-copy-Nicer-sort.patch +++ b/0002-copy-Nicer-sort.patch @@ -1,7 +1,7 @@ From bae7c41a5126c56da4ee77bce39955036fca8b5f Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Tue, 2 Mar 2021 16:31:39 -0600 -Subject: [PATCH 2/5] copy: Nicer sort +Subject: [PATCH 2/6] copy: Nicer sort Tell sort where the numbers live, so we can get columns in ascending numeric order. Improves 8b20bbd329. diff --git a/0003-Revert-copy-file-ops.c-Remove-unneeded-check.patch b/0003-Revert-copy-file-ops.c-Remove-unneeded-check.patch index b45d880..dc8c37d 100644 --- a/0003-Revert-copy-file-ops.c-Remove-unneeded-check.patch +++ b/0003-Revert-copy-file-ops.c-Remove-unneeded-check.patch @@ -1,7 +1,7 @@ From 4e456ff6363580177ceffdad79b8fc1e8c7f35eb Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Wed, 3 Mar 2021 10:12:31 +0000 -Subject: [PATCH 3/5] Revert "copy: file-ops.c: Remove unneeded check" +Subject: [PATCH 3/6] Revert "copy: file-ops.c: Remove unneeded check" This reverts commit 0f6e4f38bc440fc52c20a3a448ef031f806ec5e2. diff --git a/0004-copy-file-ops.c-Remove-unneeded-check.patch b/0004-copy-file-ops.c-Remove-unneeded-check.patch index 7c5cc03..11f23a5 100644 --- a/0004-copy-file-ops.c-Remove-unneeded-check.patch +++ b/0004-copy-file-ops.c-Remove-unneeded-check.patch @@ -1,7 +1,7 @@ From 94a78764d80b6dc41ff2ae8a0e5f1b35c2fd8e78 Mon Sep 17 00:00:00 2001 From: Nir Soffer Date: Sat, 27 Feb 2021 05:36:38 +0200 -Subject: [PATCH 4/5] copy: file-ops.c: Remove unneeded check +Subject: [PATCH 4/6] copy: file-ops.c: Remove unneeded check This function is called only from page_cache_evict(), which already check that we could map the cached pages. Add an assert to document this diff --git a/0005-copy-file-ops.c-Fix-page-eviction-when-len-page_size.patch b/0005-copy-file-ops.c-Fix-page-eviction-when-len-page_size.patch index 9430c05..ba5811a 100644 --- a/0005-copy-file-ops.c-Fix-page-eviction-when-len-page_size.patch +++ b/0005-copy-file-ops.c-Fix-page-eviction-when-len-page_size.patch @@ -1,7 +1,7 @@ From 107eb605cfb75238020332b5a5461d0e09d62bec Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Wed, 3 Mar 2021 12:51:51 +0100 -Subject: [PATCH 5/5] copy/file-ops.c: Fix page eviction when len < page_size. +Subject: [PATCH 5/6] copy/file-ops.c: Fix page eviction when len < page_size. On Fedora ppc64le at the moment page size is 64K. When asked to evict a range with length < 64K the length calculation wrapped around and it diff --git a/0006-info-Let-exit-status-reflect-any-failures-during-NBD.patch b/0006-info-Let-exit-status-reflect-any-failures-during-NBD.patch new file mode 100644 index 0000000..7ac2cfa --- /dev/null +++ b/0006-info-Let-exit-status-reflect-any-failures-during-NBD.patch @@ -0,0 +1,119 @@ +From 64962a582c00828cc2d26d94b149840ab2402165 Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Thu, 4 Mar 2021 09:27:56 -0600 +Subject: [PATCH 6/6] info: Let exit status reflect any failures during + NBD_OPT_INFO + +It turns out that at least nbdkit's testsuite was relying on a +non-zero exit status from nbdinfo when purposefully attempting to get +info on an invalid export name. Printing as much information as +possible instead of going silent becaus of one error is good, but any +time we print to stderr, the exit status should reflect that. + +Fixes: 5473e34fc1 (info: Don't kill --list early just because one opt_info fails) +Reported-by: Rich Jones +--- + info/nbdinfo.c | 25 +++++++++++++++---------- + 1 file changed, 15 insertions(+), 10 deletions(-) + +diff --git a/info/nbdinfo.c b/info/nbdinfo.c +index 4b18ab2..3dfc463 100644 +--- a/info/nbdinfo.c ++++ b/info/nbdinfo.c +@@ -58,9 +58,9 @@ DEFINE_VECTOR_TYPE (uint32_vector, uint32_t) + static int collect_context (void *opaque, const char *name); + static int collect_export (void *opaque, const char *name, + const char *desc); +-static void list_one_export (struct nbd_handle *nbd, const char *desc, ++static bool list_one_export (struct nbd_handle *nbd, const char *desc, + bool first, bool last); +-static void list_all_exports (struct nbd_handle *nbd1, const char *uri); ++static bool list_all_exports (struct nbd_handle *nbd1, const char *uri); + static void print_json_string (const char *); + static char *get_content (struct nbd_handle *, int64_t size); + static int extent_callback (void *user_data, const char *metacontext, +@@ -124,6 +124,7 @@ main (int argc, char *argv[]) + int tls_negotiated; + char *output = NULL; + size_t output_len = 0; ++ bool list_okay = true; + + progname = argv[0]; + +@@ -336,9 +337,9 @@ main (int argc, char *argv[]) + } + + if (!list_all) +- list_one_export (nbd, NULL, true, true); ++ list_okay = list_one_export (nbd, NULL, true, true); + else +- list_all_exports (nbd, argv[optind]); ++ list_okay = list_all_exports (nbd, argv[optind]); + + if (json_output) + fprintf (fp, "}\n"); +@@ -365,7 +366,7 @@ main (int argc, char *argv[]) + exit (EXIT_FAILURE); + } + +- exit (EXIT_SUCCESS); ++ exit (list_okay ? EXIT_SUCCESS : EXIT_FAILURE); + } + + static int +@@ -398,7 +399,7 @@ collect_export (void *opaque, const char *name, const char *desc) + return 0; + } + +-static void ++static bool + list_one_export (struct nbd_handle *nbd, const char *desc, + bool first, bool last) + { +@@ -424,7 +425,7 @@ list_one_export (struct nbd_handle *nbd, const char *desc, + nbd_opt_go (nbd) == -1) { + fprintf (stderr, "%s: %s: %s\n", progname, nbd_get_export_name (nbd), + nbd_get_error ()); +- return; ++ return false; + } + size = nbd_get_size (nbd); + if (size == -1) { +@@ -599,12 +600,14 @@ list_one_export (struct nbd_handle *nbd, const char *desc, + free (content); + free (export_name); + free (export_desc); ++ return true; + } + +-static void ++static bool + list_all_exports (struct nbd_handle *nbd1, const char *uri) + { + size_t i; ++ bool list_okay = true; + + if (export_list.size == 0 && json_output) + fprintf (fp, "\"exports\": []\n"); +@@ -639,14 +642,16 @@ list_all_exports (struct nbd_handle *nbd1, const char *uri) + } + + /* List the metadata of this export. */ +- list_one_export (nbd2, export_list.ptr[i].desc, i == 0, +- i + 1 == export_list.size); ++ if (!list_one_export (nbd2, export_list.ptr[i].desc, i == 0, ++ i + 1 == export_list.size)) ++ list_okay = false; + + if (probe_content) { + nbd_shutdown (nbd2, 0); + nbd_close (nbd2); + } + } ++ return list_okay; + } + + static void +-- +2.29.0.rc2 + diff --git a/libnbd.spec b/libnbd.spec index 785c0d7..da39a6f 100644 --- a/libnbd.spec +++ b/libnbd.spec @@ -8,7 +8,7 @@ %global source_directory 1.7-development Name: libnbd -Version: 1.7.3 +Version: 1.7.4 Release: 1%{?dist} Summary: NBD client library in userspace @@ -25,13 +25,6 @@ Source2: libguestfs.keyring # Maintainer script which helps with handling patches. Source3: copy-patches.sh -# Upstream patches to fix tests. -Patch0001: 0001-copy-Stable-sort-in-tests.patch -Patch0002: 0002-copy-Nicer-sort.patch -Patch0003: 0003-Revert-copy-file-ops.c-Remove-unneeded-check.patch -Patch0004: 0004-copy-file-ops.c-Remove-unneeded-check.patch -Patch0005: 0005-copy-file-ops.c-Fix-page-eviction-when-len-page_size.patch - %if 0%{patches_touch_autotools} BuildRequires: autoconf, automake, libtool %endif @@ -222,6 +215,15 @@ touch interop/structured-read.sh chmod +x interop/structured-read.sh %endif +# interop/interop-qemu-storage-daemon.sh fails in RHEL 9 because of +# this bug in qemu: +# https://lists.nongnu.org/archive/html/qemu-devel/2021-03/threads.html#03544 +%if 0%{?rhel} +rm interop/interop-qemu-storage-daemon.sh +touch interop/interop-qemu-storage-daemon.sh +chmod +x interop/interop-qemu-storage-daemon.sh +%endif + # All fuse tests fail in Koji with: # fusermount: entry for fuse/test-*.d not found in /etc/mtab # for unknown reasons but probably related to the Koji environment. @@ -308,6 +310,16 @@ make %{?_smp_mflags} check || { %changelog +* Mon Mar 15 2021 Richard W.M. Jones - 1.7.4-1 +- New upstream development version 1.7.4. + +* Mon Mar 15 2021 Richard W.M. Jones - 1.7.3-3 +- Update documentation for CVE-2021-20286. +- Workaround broken interop/interop-qemu-storage-daemon.sh test in RHEL 9. + +* Thu Mar 4 2021 Richard W.M. Jones - 1.7.3-2 +- Add fix for nbdkit test suite. + * Tue Mar 2 2021 Richard W.M. Jones - 1.7.3-1 - New upstream version 1.7.3. diff --git a/sources b/sources index 2a25167..062ad7d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (libnbd-1.7.3.tar.gz) = 1d7a0e6a5797d1df2e40b5e211ccea78926e2df882423a557acbc3c040f1b4c3f782a4754340be64d1176f0fd3524b094b9266186e25a80668494c7f72e3ef13 -SHA512 (libnbd-1.7.3.tar.gz.sig) = 0d693add7361b29dab7f744d24dce56518f64c0f3133847e685175d711e281c924850046a573d64d8354b5acd21bee34815163f7a8eb9f41266026435f1ba892 +SHA512 (libnbd-1.7.4.tar.gz) = bf5174664b3950a6a81dc56393e51cd151ab6829206cc6289a149b371ab5ea85403c8501ee9d3ba14d16084fd9cdfaa4c35dcb4519cf6ce24d1713fadbc2dfb1 +SHA512 (libnbd-1.7.4.tar.gz.sig) = d101df29237948ac6820ded33c10b80711ec24a5827fe4851904885382ef20b202537625dba301847be5bf22857655a2e3da36cc38e1202d546dc079a5121e19