New upstream development version 1.27.8.

Remove patch which is included upstream.

0001-server-reset-meta-context-replies-on-starttls.patch

@@ -1,38 +0,0 @@
-From 6c5faac6a37077cf2366388a80862bb00616d0d8 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Mon, 16 Aug 2021 13:43:29 -0500
-Subject: [nbdkit PATCH] server: reset meta context replies on starttls
-
-Related to CVE-2021-3716, but not as severe.  No compliant client will
-send NBD_CMD_BLOCK_STATUS unless it first negotiates
-NBD_OPT_SET_META_CONTEXT.  If an attacker injects a premature
-SET_META_CONTEXT, either the client will never notice (because it
-never uses BLOCK_STATUS), or the client will overwrite the attacker's
-attempt with the client's own SET_META_CONTEXT request after
-encryption is enabled.  So I don't class this as having the potential
-to trigger denial-of-service due to any protocol mismatch between
-compliant client and server (I don't care what happens with
-non-compliant clients).
-
-Fixes: 26455d45 (server: protocol: Implement Block Status "base:allocation".)
----
- server/protocol-handshake-newstyle.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/server/protocol-handshake-newstyle.c b/server/protocol-handshake-newstyle.c
-index 7e6b7b1b..79b2c8ce 100644
---- a/server/protocol-handshake-newstyle.c
-+++ b/server/protocol-handshake-newstyle.c
-@@ -497,6 +497,9 @@ negotiate_handshake_newstyle_options (void)
-         debug ("using TLS on this connection");
-         /* Wipe out any cached state. */
-         conn->structured_replies = false;
-+        free (conn->exportname_from_set_meta_context);
-+        conn->exportname_from_set_meta_context = NULL;
-+        conn->meta_context_base_allocation = false;
-         for_each_backend (b) {
-           free (conn->default_exportname[b->i]);
-           conn->default_exportname[b->i] = NULL;
--- 
-2.31.1
-

nbdkit.spec

@@ -50,8 +50,8 @@ ExclusiveArch:  x86_64
 %global source_directory 1.27-development
 
 Name:           nbdkit
-Version:        1.27.7
-Release:        2%{?dist}
+Version:        1.27.8
+Release:        1%{?dist}
 Summary:        NBD server
 
 License:        BSD
@@ -72,9 +72,6 @@ Source2:        libguestfs.keyring
 # Maintainer script which helps with handling patches.
 Source3:        copy-patches.sh
 
-# Fix SET_META_CONTEXT leaking state across STARTTLS
-Patch1:         0001-server-reset-meta-context-replies-on-starttls.patch
-
 BuildRequires: make
 %if 0%{patches_touch_autotools}
 BuildRequires:  autoconf, automake, libtool
@@ -1244,6 +1241,10 @@ export LIBGUESTFS_TRACE=1
 
 
 %changelog
+* Mon Aug 23 2021 Richard W.M. Jones <rjones@redhat.com> - 1.27.8-1
+- New upstream development version 1.27.8.
+- Remove patch which is included upstream.
+
 * Thu Aug 19 2021 Eric Blake <eblake@redhat.com> - 1.27.7-2
 - Include followup patch related to CVE-2021-3716.
 

sources

@@ -1,2 +1,2 @@
-SHA512 (nbdkit-1.27.7.tar.gz) = c772515dd0d1188136856fc103df75cf195c29935eec2f16b61035e9d28d4672a32b19a21cf679de874d61f1fb00e4e8ebe2925a8290d4ef05ef3868e538d035
-SHA512 (nbdkit-1.27.7.tar.gz.sig) = 03819e6b2c4131c48e396cebce3d61cd5e6b4162a059c5661703f2a2a68a8451567228583108a8bfac60a64bb2c5fef2fc181299b09cf8330bb376b3d506b238
+SHA512 (nbdkit-1.27.8.tar.gz) = 0cc03ca57c3732d5f1b34805070b7d9b805253e5fc1cd55dc89638537e1b52465128e27a59c9d46d8de0177cb24f25b4cdd9954a036cf72fc75d5c80c8a603cd
+SHA512 (nbdkit-1.27.8.tar.gz.sig) = 72f2aba33dd95531cac60c7ce34513e9a12725c7546926c8ec663505e80c3a18fef7555da2b6b55bbd2d5e799c850c30b473fc270a6d8c5f211ff875b13bf1a4