* Tue Apr 09 2024 Miroslav Rezanina <mrezanin@redhat.com> - 1.20.0-1

resolves: RHEL-16292

.libnbd.metadata

@@ -0,0 +1,2 @@
+175ea6036c2c7a451a53b81a2ecba5a029582ddc libnbd-1.20.0.tar.gz
+7846f8e741a4dad4b6f44670a29bdd0384d434c1 libnbd-1.20.0.tar.gz.sig

0001-generator-Fix-assertion-in-ext-mode-BLOCK_STATUS-CVE.patch

@@ -1,88 +0,0 @@
-From 4451e5b61ca07771ceef3e012223779e7a0c7701 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Mon, 30 Oct 2023 12:50:53 -0500
-Subject: [PATCH] generator: Fix assertion in ext-mode BLOCK_STATUS,
- CVE-2023-5871
-
-Another round of fuzz testing revealed that when a server negotiates
-extended headers and replies with a 64-bit flag value where the client
-used the 32-bit API command, we were correctly flagging the server's
-response as being an EOVERFLOW condition, but then immediately failing
-in an assertion failure instead of reporting it to the application.
-
-The following one-byte change to qemu.git at commit fd9a38fd43 allows
-the creation of an intentionally malicious server:
-
-| diff --git i/nbd/server.c w/nbd/server.c
-| index 859c163d19f..32e1e771a95 100644
-| --- i/nbd/server.c
-| +++ w/nbd/server.c
-| @@ -2178,7 +2178,7 @@ static void nbd_extent_array_convert_to_be(NBDExtentArray *ea)
-|
-|      for (i = 0; i < ea->count; i++) {
-|          ea->extents[i].length = cpu_to_be64(ea->extents[i].length);
-| -        ea->extents[i].flags = cpu_to_be64(ea->extents[i].flags);
-| +        ea->extents[i].flags = ~cpu_to_be64(ea->extents[i].flags);
-|      }
-|  }
-
-and can then be detected with the following command line:
-
-$ nbdsh -c - <<\EOF
-> def f(a,b,c,d):
->   pass
->
-> h.connect_systemd_socket_activation(["/path/to/bad/qemu-nbd",
->   "-r", "-f", "raw", "TODO"])
-> h.block_staus(h.get_size(), 0, f)
-> EOF
-nbdsh: generator/states-reply-chunk.c:626: enter_STATE_REPLY_CHUNK_REPLY_RECV_BS_ENTRIES: Assertion `(len | flags) <= UINT32_MAX' failed.
-Aborted (core dumped)
-
-whereas a fixed libnbd will give:
-
-nbdsh: command line script failed: nbd_block_status: block-status: command failed: Value too large for defined data type
-
-We can either relax the assertion (by changing to 'assert ((len |
-flags) <= UINT32_MAX || cmd->error)'), or intentionally truncate flags
-to make the existing assertion reliable.  This patch goes with the
-latter approach.
-
-Sadly, this crash is possible in all existing 1.18.x stable releases,
-if they were built with assertions enabled (most distros do this by
-default), meaning a malicious server has an easy way to cause a Denial
-of Service attack by triggering the assertion failure in vulnerable
-clients, so we have assigned this CVE-2023-5871.  Mitigating factors:
-the crash only happens for a server that sends a 64-bit status block
-reply (no known production servers do so; qemu 8.2 will be the first
-known server to support extended headers, but it is not yet released);
-and as usual, a client can use TLS to guarantee it is connecting only
-to a known-safe server.  If libnbd is compiled without assertions,
-there is no crash or other mistaken behavior; and when assertions are
-enabled, the attacker cannot accomplish anything more than a denial of
-service.
-
-Reported-by: Richard W.M. Jones <rjones@redhat.com>
-Fixes: 20dadb0e10 ("generator: Prepare for extent64 callback", v1.17.4)
-Signed-off-by: Eric Blake <eblake@redhat.com>
-(cherry picked from commit 177308adb17e81fce7c0f2b2fcf655c5c0b6a4d6)
-Signed-off-by: Eric Blake <eblake@redhat.com>
----
- generator/states-reply-chunk.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/generator/states-reply-chunk.c b/generator/states-reply-chunk.c
-index 5a31c19..8ab7e8b 100644
---- a/generator/states-reply-chunk.c
-+++ b/generator/states-reply-chunk.c
-@@ -600,6 +600,7 @@ STATE_MACHINE {
-             break; /* Skip this and later extents; we already made progress */
-           /* Expose this extent as an error; we made no progress */
-           cmd->error = cmd->error ? : EOVERFLOW;
-+          flags = (uint32_t)flags;
-         }
-       }
- 
--- 
-2.39.3
-

libnbd.spec

@@ -1,15 +1,27 @@
+# i686 no longer has any kind of OCaml compiler, not even ocamlc.
+%ifnarch %{ix86}
+%global have_ocaml 1
+%endif
+
+# No ublk in RHEL 9.
+%if !0%{?rhel}
+%global have_ublk 1
+%endif
+
+# No nbd.ko in RHEL 9.
+%if !0%{?rhel}
+%global have_nbd_ko 1
+%endif
+
 # If we should verify tarball signature with GPGv2.
 %global verify_tarball_signature 1
 
-# If there are patches which touch autotools files, set this to 1.
-%global patches_touch_autotools %{nil}
-
 # The source directory.
-%global source_directory 1.18-stable
+%global source_directory 1.20-stable
 
 Name:           libnbd
-Version:        1.18.1
+Version:        1.20.0
-Release:        2%{?dist}
+Release:        1%{?dist}
 Summary:        NBD client library in userspace
 
 License:        LGPL-2.0-or-later AND BSD-3-Clause
@@ -28,17 +40,13 @@ Source3:        copy-patches.sh
 # Patches are stored in the upstream repository:
 # https://gitlab.com/nbdkit/libnbd/-/commits/rhel-9.4/
 
-# Patches.
-Patch0001:     0001-generator-Fix-assertion-in-ext-mode-BLOCK_STATUS-CVE.patch
-
-%if 0%{patches_touch_autotools}
-BuildRequires: autoconf, automake, libtool
-%endif
-
 %if 0%{verify_tarball_signature}
 BuildRequires:  gnupg2
 %endif
 
+# For rebuilding autoconf cruft.
+BuildRequires:  autoconf, automake, libtool
+
 # For the core library.
 BuildRequires:  gcc
 BuildRequires:  make
@@ -49,7 +57,7 @@ BuildRequires:  libxml2-devel
 # For nbdfuse.
 BuildRequires:  fuse3, fuse3-devel
 
-%if !0%{?rhel}
+%if 0%{?have_ublk}
 # For nbdublk
 BuildRequires:  liburing-devel >= 2.2
 BuildRequires:  ubdsrv-devel >= 1.0-3.rc6
@@ -58,7 +66,7 @@ BuildRequires:  ubdsrv-devel >= 1.0-3.rc6
 # For the Python 3 bindings.
 BuildRequires:  python3-devel
 
-%ifnarch %{ix86}
+%if 0%{?have_ocaml}
 # For the OCaml bindings.
 BuildRequires:  ocaml
 BuildRequires:  ocaml-findlib-devel
@@ -77,7 +85,7 @@ BuildRequires:  gcc-c++
 BuildRequires:  gnutls-utils
 BuildRequires:  iproute
 BuildRequires:  jq
-%if !0%{?rhel}
+%if 0%{?have_nbd_ko}
 BuildRequires:  nbd
 %endif
 BuildRequires:  util-linux
@@ -98,7 +106,7 @@ BuildRequires:  nbdkit-sh-plugin
 BuildRequires:  nbdkit-sparse-random-plugin
 %endif
 
-%ifnarch %{ix86}
+%if 0%{?have_ocaml}
 # The OCaml runtime system does not provide this symbol
 %global __ocaml_requires_opts -x Stdlib__Callback
 %endif
@@ -134,7 +142,7 @@ Requires:       %{name}%{?_isa} = %{version}-%{release}
 This package contains development headers for %{name}.
 
 
-%ifnarch %{ix86}
+%if 0%{?have_ocaml}
 %package -n ocaml-%{name}
 Summary:        OCaml language bindings for %{name}
 Requires:       %{name}%{?_isa} = %{version}-%{release}
@@ -180,7 +188,7 @@ Recommends:     fuse3
 This package contains FUSE support for %{name}.
 
 
-%if !0%{?rhel}
+%if 0%{?have_ublk}
 %package -n nbdublk
 Summary:        Userspace NBD block device
 Requires:       %{name}%{?_isa} = %{version}-%{release}
@@ -213,25 +221,30 @@ for %{name}.
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %endif
 %autosetup -p1
-%if 0%{patches_touch_autotools}
 autoreconf -i
-%endif
 
 
 %build
 %configure \
     --disable-static \
     --with-tls-priority=@LIBNBD,SYSTEM \
+    --with-bash-completions \
     PYTHON=%{__python3} \
     --enable-python \
-%ifnarch %{ix86}
+%if 0%{?have_ocaml}
     --enable-ocaml \
 %else
     --disable-ocaml \
 %endif
     --enable-fuse \
     --disable-golang \
-    --disable-rust
+    --disable-rust \
+%if 0%{?have_ublk}
+    --enable-ublk \
+%else
+    --disable-ublk \
+%endif
+    %{nil}
 
 make %{?_smp_mflags}
 
@@ -245,16 +258,11 @@ find $RPM_BUILD_ROOT -name '*.la' -delete
 # Delete the golang man page since we're not distributing the bindings.
 rm $RPM_BUILD_ROOT%{_mandir}/man3/libnbd-golang.3*
 
-%ifarch %{ix86}
+%if !0%{?have_ocaml}
 # Delete the OCaml man page on i686.
 rm $RPM_BUILD_ROOT%{_mandir}/man3/libnbd-ocaml.3*
 %endif
 
-%if 0%{?rhel}
-# Delete nbdublk on RHEL.
-rm $RPM_BUILD_ROOT%{_datadir}/bash-completion/completions/nbdublk
-%endif
-
 
 %check
 function skip_test ()
@@ -266,12 +274,6 @@ function skip_test ()
     done
 }
 
-# interop/structured-read.sh fails with the old qemu-nbd in Fedora 29,
-# so disable it there.
-%if 0%{?fedora} <= 29
-skip_test interop/structured-read.sh
-%endif
-
 # interop/interop-qemu-storage-daemon.sh fails in RHEL 9 because of
 # this bug in qemu:
 # https://lists.nongnu.org/archive/html/qemu-devel/2021-03/threads.html#03544
@@ -322,7 +324,7 @@ make %{?_smp_mflags} check || {
 %{_mandir}/man3/nbd_*.3*
 
 
-%ifnarch %{ix86}
+%if 0%{?have_ocaml}
 %files -n ocaml-%{name}
 %dir %{_libdir}/ocaml/nbd
 %{_libdir}/ocaml/nbd/META
@@ -361,7 +363,7 @@ make %{?_smp_mflags} check || {
 %{_mandir}/man1/nbdfuse.1*
 
 
-%if !0%{?rhel}
+%if 0%{?have_ublk}
 %files -n nbdublk
 %{_bindir}/nbdublk
 %{_mandir}/man1/nbdublk.1*
@@ -381,6 +383,14 @@ make %{?_smp_mflags} check || {
 
 
 %changelog
+* Tue Apr 09 2024 Miroslav Rezanina <mrezanin@redhat.com> - 1.20.0-1
+- Rebase to 1.20.0
+  resolves: RHEL-31883
+
+* Mon Nov 13 2023 Eric Blake <eblake@redhat.com> - 1.18.1-3
+- Backport unit test of recent libnbd API addition
+  resolves: RHEL-16292
+
 * Wed Nov 01 2023 Richard W.M. Jones <rjones@redhat.com> - 1.18.1-2
 - Fix assertion in ext-mode BLOCK_STATUS (CVE-2023-5871)
   resolves: RHEL-15143

sources

@@ -1,2 +1,2 @@
-SHA512 (libnbd-1.18.1.tar.gz) = f4262666be55d580550e053355f14f80d352bf869ae7241e9fa032a9b5cd9e027eb89a536871c1206422413fc7ed745da7d612b3e1413f76ec17168705fbf12c
+SHA512 (libnbd-1.20.0.tar.gz) = 28b72c8252cc7f497fc87c2a885256bdaeeb5fcf60f8df882e603b94e6a753191a9f081e65f8afc3d70cf1156b78c49ec53b89188bb82f6d2eeb172402ad7bd8
-SHA512 (libnbd-1.18.1.tar.gz.sig) = 57798aa8b8c0973c0e13f431a6735e13a5aa546190e5de9cb43f78d54c5438df70bdf6e875282a3c4221c222a1517c64bb311e769f7c1a3e61d5b1a4e7f75e2d
+SHA512 (libnbd-1.20.0.tar.gz.sig) = 214233d7d0f06bd1774d4edba99c3d4bc37715023ca798cc0982820ceaf9cad4926989078a1544897e2fb4bf9b450a8e2d9b9113d4ed8b6eb08d9c5e4618f255