.gitignore

@@ -1,4 +1,2 @@
-/clog
-/nbdkit-*.tar.gz
-/nbdkit-*.tar.gz.sig
-/*~
+SOURCES/libguestfs.keyring
+SOURCES/nbdkit-1.24.0.tar.gz

.nbdkit.metadata

@@ -0,0 +1,2 @@
+1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring
+069720cc0d1502b007652101d293a57d7b4d7c41 SOURCES/nbdkit-1.24.0.tar.gz

0001-common-Add-ONCE-macro-to-run-code-only-once.patch

@@ -1,272 +0,0 @@
-From de37da4184c55c6811dd02707fdd3b1773a7ce66 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Fri, 4 Jul 2025 08:13:48 +0100
-Subject: [PATCH] common: Add ONCE macro to run code only once
-
-This macro can be used to run code once, especially for debug messages
-and similar.  eg:
-
-  /* Print this once in the log. */
-  ONCE (nbdkit_debug ("falling back to less efficient method"));
-
-(cherry picked from commit ad8630deab4639e636212f11a5a47d2c34ef2949)
----
- .gitignore                 |   1 +
- common/include/Makefile.am |   6 ++
- common/include/once.h      |  67 ++++++++++++++++++++
- common/include/test-once.c | 126 +++++++++++++++++++++++++++++++++++++
- 4 files changed, 200 insertions(+)
- create mode 100644 common/include/once.h
- create mode 100644 common/include/test-once.c
-
-diff --git a/.gitignore b/.gitignore
-index 3629ef39..827fd53c 100644
---- a/.gitignore
-+++ b/.gitignore
-@@ -68,6 +68,7 @@ plugins/*/*.3
- /common/include/test-iszero
- /common/include/test-minmax
- /common/include/test-nextnonzero
-+/common/include/test-once
- /common/include/test-random
- /common/include/test-tvdiff
- /common/protocol/generate-protostrings.sh
-diff --git a/common/include/Makefile.am b/common/include/Makefile.am
-index ca488e68..3a3757e2 100644
---- a/common/include/Makefile.am
-+++ b/common/include/Makefile.am
-@@ -49,6 +49,7 @@ EXTRA_DIST = \
- 	iszero.h \
- 	minmax.h \
- 	nextnonzero.h \
-+	once.h \
- 	random.h \
- 	rounding.h \
- 	static-assert.h \
-@@ -71,6 +72,7 @@ TESTS = \
- 	test-iszero \
- 	test-minmax \
- 	test-nextnonzero \
-+	test-once \
- 	test-random \
- 	test-tvdiff \
- 	$(NULL)
-@@ -120,6 +122,10 @@ test_nextnonzero_SOURCES = test-nextnonzero.c nextnonzero.h
- test_nextnonzero_CPPFLAGS = -I$(srcdir)
- test_nextnonzero_CFLAGS = $(WARNINGS_CFLAGS)
- 
-+test_once_SOURCES = test-once.c once.h
-+test_once_CPPFLAGS = -I$(srcdir)
-+test_once_CFLAGS = $(WARNINGS_CFLAGS)
-+
- test_random_SOURCES = test-random.c random.h
- test_random_CPPFLAGS = -I$(srcdir)
- test_random_CFLAGS = $(WARNINGS_CFLAGS)
-diff --git a/common/include/once.h b/common/include/once.h
-new file mode 100644
-index 00000000..bb93e767
---- /dev/null
-+++ b/common/include/once.h
-@@ -0,0 +1,67 @@
-+/* nbdkit
-+ * Copyright Red Hat
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions are
-+ * met:
-+ *
-+ * * Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * * Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ *
-+ * * Neither the name of Red Hat nor the names of its contributors may be
-+ * used to endorse or promote products derived from this software without
-+ * specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
-+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
-+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ */
-+
-+#ifndef NBDKIT_ONCE_H
-+#define NBDKIT_ONCE_H
-+
-+#ifdef HAVE_STDATOMIC_H
-+#include <stdatomic.h>
-+#else
-+/* This is best effort on platforms that don't support atomic.
-+ * 32 bit ints are generally fine in reality.
-+ */
-+#define _Atomic /**/
-+#endif
-+
-+#include "unique-name.h"
-+
-+/* Run the statement once (per nbdkit run). */
-+#define ONCE(stmt) ONCE_1(NBDKIT_UNIQUE_NAME(_once), (stmt))
-+
-+/* The actual implementation:
-+ *
-+ * The comparison with 0 avoids var wrapping around.  Mostly var will
-+ * only be 0 or 1, or in rare cases other small integers.
-+ *
-+ * The atomic increment & comparison with 1 is what only allows a
-+ * single thread to run the statement.
-+ *
-+ * To avoid optimisations: Use 'volatile' so reads and writes are not
-+ * removed, and use 'unsigned' to avoid any with signed overflow.
-+ */
-+#define ONCE_1(var, stmt)                       \
-+  do {                                          \
-+    static volatile _Atomic unsigned var = 0;   \
-+    if (var == 0 && ++var == 1) { stmt; }       \
-+  } while (0)
-+
-+#endif /* NBDKIT_ONCE_H */
-diff --git a/common/include/test-once.c b/common/include/test-once.c
-new file mode 100644
-index 00000000..d7dd5c42
---- /dev/null
-+++ b/common/include/test-once.c
-@@ -0,0 +1,126 @@
-+/* nbdkit
-+ * Copyright Red Hat
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions are
-+ * met:
-+ *
-+ * * Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * * Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ *
-+ * * Neither the name of Red Hat nor the names of its contributors may be
-+ * used to endorse or promote products derived from this software without
-+ * specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
-+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
-+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ */
-+
-+#include <config.h>
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+
-+#ifndef HAVE_STDATOMIC_H
-+
-+/* Skip the test if no <stdatomic.h> */
-+
-+int
-+main (void)
-+{
-+  printf ("SKIP: no <stdatomic.h> on this platform\n");
-+  exit (77);
-+}
-+
-+#else /* HAVE_STDATOMIC_H */
-+
-+#include <stdatomic.h>
-+#include <errno.h>
-+#include <unistd.h>
-+
-+#undef NDEBUG /* Keep test strong even for nbdkit built without assertions */
-+#include <assert.h>
-+
-+#include <pthread.h>
-+
-+#include "once.h"
-+
-+#define NR_THREADS 8
-+
-+static volatile _Atomic unsigned count1 = 0, count2 = 0,
-+  count3 = 0, count4 = 0;
-+static pthread_barrier_t barrier;
-+
-+static void * __attribute__((noreturn))
-+start_thread (void *idxp)
-+{
-+  //int idx = * (int*) idxp;
-+
-+  pthread_barrier_wait (&barrier);
-+
-+  for (;;) {
-+    ONCE (count1++);
-+    ONCE (count2++);
-+    ONCE (count3++);
-+    ONCE (count4++);
-+  }
-+}
-+
-+int
-+main (void)
-+{
-+  int i, err;
-+  pthread_t th[NR_THREADS];
-+  int idx[NR_THREADS];
-+
-+  err = pthread_barrier_init (&barrier, NULL, NR_THREADS);
-+  if (err != 0) {
-+    errno = err;
-+    perror ("pthread_barrier_init");
-+    exit (EXIT_FAILURE);
-+  }
-+
-+  for (i = 0; i < NR_THREADS; ++i) {
-+    idx[i] = i;
-+    err = pthread_create (&th[i], NULL, start_thread, &idx[i]);
-+    if (err != 0) {
-+      errno = err;
-+      perror ("pthread_create");
-+      exit (EXIT_FAILURE);
-+    }
-+  }
-+
-+  do {
-+    sleep (1);
-+  } while (count1 + count2 + count3 + count4 < 4);
-+
-+  for (i = 0; i < NR_THREADS; ++i) {
-+    pthread_cancel (th[i]);
-+  }
-+
-+  pthread_barrier_destroy (&barrier);
-+
-+  if (count1 != 1 || count2 != 1 || count3 != 1 || count4 != 1) {
-+    fprintf (stderr, "FAIL: counts incremented to %u %u %u %u "
-+             "(expected 1 1 1 1)\n", count1, count2, count3, count4);
-+    exit (EXIT_FAILURE);
-+  }
-+
-+  exit (EXIT_SUCCESS);
-+}
-+
-+#endif /* HAVE_STDATOMIC_H */
--- 
-2.47.1
-

0002-file-zero-Print-the-debug-message-on-the-fallback-pa.patch

@@ -1,38 +0,0 @@
-From 56dba3f1fe87f119e05b74787197ec776ef2692d Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Fri, 4 Jul 2025 08:20:43 +0100
-Subject: [PATCH] file: zero: Print the debug message on the fallback path once
-
-Use the new ONCE() macro to print the debug message when we fall back
-to emulating zero only once.  (Actually the core server code contains
-a similar message so we probably don't need this at all.)
-
-(cherry picked from commit fbb5d8211bf4c30144d01be80720e1a63ecd6e81)
----
- plugins/file/file.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/plugins/file/file.c b/plugins/file/file.c
-index 9c43ff24..b881da37 100644
---- a/plugins/file/file.c
-+++ b/plugins/file/file.c
-@@ -71,6 +71,7 @@
- #include "isaligned.h"
- #include "ispowerof2.h"
- #include "minmax.h"
-+#include "once.h"
- #include "utils.h"
- 
- static enum {
-@@ -1165,7 +1166,7 @@ file_zero (void *handle, uint32_t count, uint64_t offset, uint32_t flags)
- 
-   /* Trigger a fall back to writing */
-   if (file_debug_zero)
--    nbdkit_debug ("zero falling back to writing");
-+    ONCE (nbdkit_debug ("%s: zero falling back to writing", h->name));
-   errno = EOPNOTSUPP;
-   return -1;
- 
--- 
-2.47.1
-

0003-file-trim-Don-t-try-BLKDISCARD-if-earlier-FALLOC_FL_.patch

@@ -1,65 +0,0 @@
-From c9132973f88015586aa847ffcaa96e86bb23776f Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Fri, 4 Jul 2025 08:14:55 +0100
-Subject: [PATCH] file: trim: Don't try BLKDISCARD if earlier
- FALLOC_FL_PUNCH_HOLE worked
-
-In file_zero, we test if the operations we are trying succeed and if
-so jump to a single 'out:' label where we deal with the success path
-out of that function.
-
-We did not do the same thing in file_trim.  Thus in the case where
-FALLOC_FL_PUNCH_HOLE succeeds, we might fall through to trying
-BLKDISCARD as well.  As it happens we probably don't do this (at
-least, in Linux) because we only try BLKDISCARD for block devices, and
-FALLOC_FL_PUNCH_HOLE does not work on those.  But it's a good thing to
-clean up this code anyway, especially if we were to add more cases in
-future.
-
-This also adds a debug message if none of the trim methods worked,
-which is also analogous to what happens in the same part of file_zero.
-
-(cherry picked from commit 909e483c121c69e6b2759ef9d5401eb3d5acc998)
----
- plugins/file/file.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/plugins/file/file.c b/plugins/file/file.c
-index b881da37..66d03d4f 100644
---- a/plugins/file/file.c
-+++ b/plugins/file/file.c
-@@ -1191,6 +1191,7 @@ file_trim (void *handle, uint32_t count, uint64_t offset, uint32_t flags)
- 
-     r = do_fallocate (h->fd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
-                       offset, count);
-+    if (r == 0) goto out;
-     if (r == -1) {
-       if (!is_enotsup (errno)) {
-         nbdkit_error ("fallocate: %s: offset=%" PRIu64 ", count=%" PRIu32 ":"
-@@ -1214,6 +1215,7 @@ file_trim (void *handle, uint32_t count, uint64_t offset, uint32_t flags)
-     uint64_t range[2] = {offset, count};
- 
-     r = ioctl (h->fd, BLKDISCARD, &range);
-+    if (r == 0) goto out;
-     if (r == -1) {
-       if (!is_enotsup (errno)) {
-         nbdkit_error ("ioctl: %s: offset=%" PRIu64 ", count=%" PRIu32 ":"
-@@ -1227,6 +1229,15 @@ file_trim (void *handle, uint32_t count, uint64_t offset, uint32_t flags)
-   }
- #endif
- 
-+  /* Trim is advisory.  If we got here, we were unable to trim. */
-+  ONCE (nbdkit_debug ("%s: could not trim, no trim methods worked",
-+                      h->name));
-+  return 0;
-+
-+#ifdef __clang__
-+  __attribute__ ((unused))
-+#endif
-+ out:
-   if ((flags & NBDKIT_FLAG_FUA) && file_flush (handle, 0) == -1)
-     return -1;
- 
--- 
-2.47.1
-

0004-common-include-test-once.c-Skip-test-on-macOS-which-.patch

@@ -1,63 +0,0 @@
-From 48869f1c0b6e4c318b680f6f672a9f90dfe31bff Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Tue, 8 Jul 2025 21:39:04 +0100
-Subject: [PATCH] common/include/test-once.c: Skip test on macOS which lacks
- pthread_barrier_t
-
-See:
-https://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap02.html
-(cherry picked from commit 8271f9244f1521c716460820d8162e7641018674)
----
- common/include/test-once.c | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/common/include/test-once.c b/common/include/test-once.c
-index d7dd5c42..512b1a20 100644
---- a/common/include/test-once.c
-+++ b/common/include/test-once.c
-@@ -34,29 +34,29 @@
- 
- #include <stdio.h>
- #include <stdlib.h>
-+#include <unistd.h>
-+#include <pthread.h>
- 
--#ifndef HAVE_STDATOMIC_H
-+#if !defined(HAVE_STDATOMIC_H) || !defined(_POSIX_BARRIERS)
- 
--/* Skip the test if no <stdatomic.h> */
-+/* Skip the test if no <stdatomic.h> or pthread_barrier_t */
- 
- int
- main (void)
- {
--  printf ("SKIP: no <stdatomic.h> on this platform\n");
-+  fprintf (stderr,
-+           "SKIP: no <stdatomic.h> or pthread_barrier_t on this platform\n");
-   exit (77);
- }
- 
--#else /* HAVE_STDATOMIC_H */
-+#else
- 
- #include <stdatomic.h>
- #include <errno.h>
--#include <unistd.h>
- 
- #undef NDEBUG /* Keep test strong even for nbdkit built without assertions */
- #include <assert.h>
- 
--#include <pthread.h>
--
- #include "once.h"
- 
- #define NR_THREADS 8
-@@ -123,4 +123,4 @@ main (void)
-   exit (EXIT_SUCCESS);
- }
- 
--#endif /* HAVE_STDATOMIC_H */
-+#endif
--- 
-2.47.1
-

0005-common-include-test-once.c-Further-fixes-for-pthread.patch

@@ -1,57 +0,0 @@
-From f694d06d432d10699e26b2234f7a285fc018e94c Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Wed, 9 Jul 2025 12:20:34 +0100
-Subject: [PATCH] common/include/test-once.c: Further fixes for
- pthread_barrier_t
-
-macOS defines _POSIX_BARRIERS but turns out to lack any implementation
-of pthread_barrier_t.  WTF.
-
-FreeBSD requires linking with pthread else we get:
-
-  ld: error: undefined symbol: pthread_barrier_init
-
-Fixes: commit ad8630deab4639e636212f11a5a47d2c34ef2949
-Fixes: commit 8271f9244f1521c716460820d8162e7641018674
-(cherry picked from commit 0d0e2b3d49cf8c9aa8cd37bb36b7002eb4624a2c)
----
- common/include/Makefile.am | 3 ++-
- common/include/test-once.c | 7 +++++--
- 2 files changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/common/include/Makefile.am b/common/include/Makefile.am
-index 3a3757e2..00a01091 100644
---- a/common/include/Makefile.am
-+++ b/common/include/Makefile.am
-@@ -124,7 +124,8 @@ test_nextnonzero_CFLAGS = $(WARNINGS_CFLAGS)
- 
- test_once_SOURCES = test-once.c once.h
- test_once_CPPFLAGS = -I$(srcdir)
--test_once_CFLAGS = $(WARNINGS_CFLAGS)
-+test_once_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS)
-+test_once_LDFLAGS = $(PTHREAD_LIBS)
- 
- test_random_SOURCES = test-random.c random.h
- test_random_CPPFLAGS = -I$(srcdir)
-diff --git a/common/include/test-once.c b/common/include/test-once.c
-index 512b1a20..304d512a 100644
---- a/common/include/test-once.c
-+++ b/common/include/test-once.c
-@@ -37,9 +37,12 @@
- #include <unistd.h>
- #include <pthread.h>
- 
--#if !defined(HAVE_STDATOMIC_H) || !defined(_POSIX_BARRIERS)
-+#if !defined(HAVE_STDATOMIC_H) || !defined(_POSIX_BARRIERS) || \
-+  defined(__APPLE__)
- 
--/* Skip the test if no <stdatomic.h> or pthread_barrier_t */
-+/* Skip the test if no <stdatomic.h> or pthread_barrier_t or on macOS
-+ * which defines _POSIX_BARRIERS but doesn't actually have them.
-+ */
- 
- int
- main (void)
--- 
-2.47.1
-

0006-Remove-deprecated-cacheextents-filter.patch

@@ -1,692 +0,0 @@
-From dc8c6aae6aa1c62083421e2b2ce2988e970f2579 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Tue, 1 Jul 2025 13:26:08 +0100
-Subject: [PATCH] Remove deprecated cacheextents filter
-
-This is removed along the development branch (1.45) and in the next
-stable version of nbdkit (1.46).
-
-(cherry picked from commit 886050f6de9179b0e267e15b20376313090b2d3c)
----
- configure.ac                                  |   2 -
- docs/nbdkit-protocol.pod                      |   9 +-
- docs/nbdkit-release-notes-1.14.pod            |   2 +-
- docs/nbdkit-release-notes-1.44.pod            |   2 +-
- filters/cache/nbdkit-cache-filter.pod         |   8 +-
- filters/cacheextents/Makefile.am              |  74 ------
- filters/cacheextents/cacheextents.c           | 212 ------------------
- .../nbdkit-cacheextents-filter.pod            |  76 -------
- filters/cow/nbdkit-cow-filter.pod             |   1 -
- .../extentlist/nbdkit-extentlist-filter.pod   |   1 -
- tests/Makefile.am                             |   4 -
- tests/test-cacheextents.sh                    | 114 ----------
- 12 files changed, 9 insertions(+), 496 deletions(-)
- delete mode 100644 filters/cacheextents/Makefile.am
- delete mode 100644 filters/cacheextents/cacheextents.c
- delete mode 100644 filters/cacheextents/nbdkit-cacheextents-filter.pod
- delete mode 100755 tests/test-cacheextents.sh
-
-diff --git a/configure.ac b/configure.ac
-index 0dca333f..9b057e6f 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -143,7 +143,6 @@ filters="\
-         blocksize-policy \
-         bzip2 \
-         cache \
--        cacheextents \
-         checkwrite \
-         cow \
-         ddrescue \
-@@ -1787,7 +1786,6 @@ AC_CONFIG_FILES([Makefile
-                  filters/blocksize-policy/Makefile
-                  filters/bzip2/Makefile
-                  filters/cache/Makefile
--                 filters/cacheextents/Makefile
-                  filters/checkwrite/Makefile
-                  filters/cow/Makefile
-                  filters/ddrescue/Makefile
-diff --git a/docs/nbdkit-protocol.pod b/docs/nbdkit-protocol.pod
-index ef1934fd..93f5c5fa 100644
---- a/docs/nbdkit-protocol.pod
-+++ b/docs/nbdkit-protocol.pod
-@@ -275,14 +275,13 @@ filters do not work properly in this case.
-    blocksize-policy        Yes
-    bzip2                   No
-    cache                   No
--   cacheextents            No
-    checkwrite              Yes
-    cow                     Yes, since 1.44
-    delay                   Yes
-    error                   Yes
-    evil                    Yes
--
-    exitlast                Yes
-+
-    exitwhen                Yes
-    exportname              Yes
-    ext2                    No
-@@ -292,8 +291,8 @@ filters do not work properly in this case.
-    ip                      Yes
-    limit                   Yes
-    log                     Yes
--
-    luks                    No
-+
-    lzip                    No
-    multi-conn              Yes
-    nocache                 Yes
-@@ -303,8 +302,8 @@ filters do not work properly in this case.
-    nozero                  Yes
-    offset                  Yes, but unlikely to be useful
-    openonce                Yes
--
-    partition               No
-+
-    pause                   Yes
-    protect                 Yes, but unlikely to be useful
-    qcow2dec                No
-@@ -314,8 +313,8 @@ filters do not work properly in this case.
-    retry                   Yes
-    retry-request           Yes
-    rotational              Yes
--
-    scan                    Yes
-+
-    spinning                Yes
-    stats                   Yes
-    swab                    Yes
-diff --git a/docs/nbdkit-release-notes-1.14.pod b/docs/nbdkit-release-notes-1.14.pod
-index 627e7e88..3c8c5d53 100644
---- a/docs/nbdkit-release-notes-1.14.pod
-+++ b/docs/nbdkit-release-notes-1.14.pod
-@@ -50,7 +50,7 @@ plugin’s own choice of thread model.  Used to determine how the thread
- model affects performance, or to serialize plugins if required (Eric
- Blake).
- 
--New L<nbdkit-cacheextents-filter(1)> to cache extents requests,
-+New nbdkit-cacheextents-filter to cache extents requests,
- especially useful with VDDK which has a slow implementation of extents
- (Martin Kletzander).
- 
-diff --git a/docs/nbdkit-release-notes-1.44.pod b/docs/nbdkit-release-notes-1.44.pod
-index 62d69aa5..e5872763 100644
---- a/docs/nbdkit-release-notes-1.44.pod
-+++ b/docs/nbdkit-release-notes-1.44.pod
-@@ -59,7 +59,7 @@ eg. C<@4M> to move the offset to 4194304 (Eric Blake).
- New L<nbdkit-openonce-filter(1)> which can be used to open the
- underlying plugin once, sharing the plugin across connections.
- 
--L<nbdkit-cacheextents-filter(1)> I<has been deprecated>, and is
-+I<nbdkit-cacheextents-filter has been deprecated>, and is
- expected to be removed in S<nbdkit 1.46>.
- 
- L<nbdkit-cow-filter(1)> now understands that the NBD protocol export
-diff --git a/filters/cache/nbdkit-cache-filter.pod b/filters/cache/nbdkit-cache-filter.pod
-index ffa86919..7a64ca66 100644
---- a/filters/cache/nbdkit-cache-filter.pod
-+++ b/filters/cache/nbdkit-cache-filter.pod
-@@ -29,10 +29,9 @@ does not have effective caching, or (with C<cache=unsafe>) to defeat
- flush requests from the client (which is unsafe and can cause data
- loss, as the name suggests).
- 
--This filter only caches image contents.  To cache image metadata, use
--L<nbdkit-cacheextents-filter(1)> between this filter and the plugin.
--To accelerate sequential reads, use L<nbdkit-readahead-filter(1)> or
--L<nbdkit-scan-filter(1)> on top of this filter.
-+This filter only caches image contents.  To accelerate sequential
-+reads, use L<nbdkit-readahead-filter(1)> or L<nbdkit-scan-filter(1)>
-+on top of this filter.
- 
- =head1 PARAMETERS
- 
-@@ -181,7 +180,6 @@ C<nbdkit-cache-filter> first appeared in nbdkit 1.2.
- 
- L<nbdkit(1)>,
- L<nbdkit-file-plugin(1)>,
--L<nbdkit-cacheextents-filter(1)>,
- L<nbdkit-cow-filter(1)>,
- L<nbdkit-readahead-filter(1)>,
- L<nbdkit-filter(3)>,
-diff --git a/filters/cacheextents/Makefile.am b/filters/cacheextents/Makefile.am
-deleted file mode 100644
-index 26ac6642..00000000
---- a/filters/cacheextents/Makefile.am
-+++ /dev/null
-@@ -1,74 +0,0 @@
--# nbdkit
--# Copyright Red Hat
--#
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions are
--# met:
--#
--# * Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# * Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in the
--# documentation and/or other materials provided with the distribution.
--#
--# * Neither the name of Red Hat nor the names of its contributors may be
--# used to endorse or promote products derived from this software without
--# specific prior written permission.
--#
--# THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
--# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
--# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
--# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
--# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
--# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
--# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
--# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
--# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
--# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
--# SUCH DAMAGE.
--
--include $(top_srcdir)/common-rules.mk
--
--EXTRA_DIST = nbdkit-cacheextents-filter.pod
--
--filter_LTLIBRARIES = nbdkit-cacheextents-filter.la
--
--nbdkit_cacheextents_filter_la_SOURCES = \
--	cacheextents.c \
--	$(top_srcdir)/include/nbdkit-filter.h \
--	$(NULL)
--
--nbdkit_cacheextents_filter_la_CPPFLAGS = \
--	-I$(top_srcdir)/include \
--	-I$(top_builddir)/include \
--	-I$(top_srcdir)/common/include \
--	-I$(top_srcdir)/common/utils \
--	$(NULL)
--nbdkit_cacheextents_filter_la_CFLAGS = $(WARNINGS_CFLAGS)
--nbdkit_cacheextents_filter_la_LDFLAGS = \
--	-module -avoid-version -shared $(NO_UNDEFINED_ON_WINDOWS) \
--	$(NULL)
--if USE_LINKER_SCRIPT
--nbdkit_cacheextents_filter_la_LDFLAGS += \
--	-Wl,--version-script=$(top_srcdir)/filters/filters.syms
--endif
--nbdkit_cacheextents_filter_la_LIBADD = \
--	$(top_builddir)/common/utils/libutils.la \
--	$(top_builddir)/common/replacements/libcompat.la \
--	$(IMPORT_LIBRARY_ON_WINDOWS) \
--	$(NULL)
--
--if HAVE_POD
--
--man_MANS = nbdkit-cacheextents-filter.1
--CLEANFILES += $(man_MANS)
--
--nbdkit-cacheextents-filter.1: nbdkit-cacheextents-filter.pod \
--		$(top_builddir)/podwrapper.pl
--	$(PODWRAPPER) --section=1 --man $@ \
--	    --html $(top_builddir)/html/$@.html \
--	    $<
--
--endif HAVE_POD
-diff --git a/filters/cacheextents/cacheextents.c b/filters/cacheextents/cacheextents.c
-deleted file mode 100644
-index 71f73c41..00000000
---- a/filters/cacheextents/cacheextents.c
-+++ /dev/null
-@@ -1,212 +0,0 @@
--/* nbdkit
-- * Copyright Red Hat
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions are
-- * met:
-- *
-- * * Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * * Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- *
-- * * Neither the name of Red Hat nor the names of its contributors may be
-- * used to endorse or promote products derived from this software without
-- * specific prior written permission.
-- *
-- * THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
-- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-- * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
-- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- */
--
--#include <config.h>
--
--#include <stdio.h>
--#include <stdlib.h>
--#include <stdint.h>
--#include <string.h>
--#include <errno.h>
--#include <inttypes.h>
--
--#include <pthread.h>
--
--#include <nbdkit-filter.h>
--
--#include "cleanup.h"
--
--/* -D cacheextents.cache=1: Debug cache operations. */
--NBDKIT_DLL_PUBLIC int cacheextents_debug_cache = 0;
--
--/* This lock protects the global state. */
--static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
--
--/* Cached extents from the last extents () call and its start and end
-- * for the sake of simplicity.
-- */
--struct nbdkit_extents *cache_extents;
--static uint64_t cache_start;
--static uint64_t cache_end;
--
--static void
--cacheextents_unload (void)
--{
--  nbdkit_extents_free (cache_extents);
--}
--
--static int
--cacheextents_add (struct nbdkit_extents *extents, int *err)
--{
--  size_t i = 0;
--
--  for (i = 0; i < nbdkit_extents_count (cache_extents); i++) {
--    struct nbdkit_extent ex = nbdkit_get_extent (cache_extents, i);
--    if (nbdkit_add_extent (extents, ex.offset, ex.length, ex.type) == -1) {
--      *err = errno;
--      return -1;
--    }
--  }
--
--  return 0;
--}
--
--static int
--fill (struct nbdkit_extents *extents, int *err)
--{
--  size_t i = 0;
--  size_t count = nbdkit_extents_count (extents);
--  struct nbdkit_extent first = nbdkit_get_extent (extents, 0);
--  struct nbdkit_extent last = nbdkit_get_extent (extents, count - 1);
--
--  nbdkit_extents_free (cache_extents);
--  cache_start = first.offset;
--  cache_end = last.offset + last.length;
--  cache_extents = nbdkit_extents_new (cache_start, cache_end);
--
--  if (!cache_extents)
--    return -1;
--
--  for (i = 0; i < count; i++) {
--    struct nbdkit_extent ex = nbdkit_get_extent (extents, i);
--
--    if (cacheextents_debug_cache)
--      nbdkit_debug ("cacheextents: updating cache with:"
--                    " offset=%" PRIu64
--                    " length=%" PRIu64
--                    " type=%x",
--                    ex.offset, ex.length, ex.type);
--
--    if (nbdkit_add_extent (cache_extents, ex.offset, ex.length,
--                           ex.type) == -1) {
--      *err = errno;
--      nbdkit_extents_free (cache_extents);
--      cache_extents = NULL;
--      return -1;
--    }
--  }
--
--  return 0;
--}
--
--static int
--cacheextents_extents (nbdkit_next *next,
--                      void *handle, uint32_t count, uint64_t offset,
--                      uint32_t flags,
--                      struct nbdkit_extents *extents,
--                      int *err)
--{
--  ACQUIRE_LOCK_FOR_CURRENT_SCOPE (&lock);
--
--  if (cacheextents_debug_cache)
--    nbdkit_debug ("cacheextents:"
--                  " cache_start=%" PRIu64
--                  " cache_end=%" PRIu64
--                  " cache_extents=%p",
--                  cache_start, cache_end, cache_extents);
--
--  if (cache_extents &&
--      offset >= cache_start && offset < cache_end) {
--    if (cacheextents_debug_cache)
--      nbdkit_debug ("cacheextents: returning from cache");
--    return cacheextents_add (extents, err);
--  }
--
--  if (cacheextents_debug_cache)
--    nbdkit_debug ("cacheextents: cache miss");
--
--  /* Clear REQ_ONE to ask the plugin for as much information as it is
--   * willing to return (the plugin may still truncate if it is too
--   * costly to provide everything).
--   */
--  flags &= ~(NBDKIT_FLAG_REQ_ONE);
--  if (next->extents (next, count, offset, flags, extents, err) == -1)
--    return -1;
--
--  return fill (extents, err);
--}
--
--/* Any changes to the data needs to clean the cache.
-- *
-- * Similar to the readahead filter this could be more intelligent, but
-- * there would be very little benefit.
-- */
--
--static void
--kill_cacheextents (void)
--{
--  ACQUIRE_LOCK_FOR_CURRENT_SCOPE (&lock);
--  nbdkit_extents_free (cache_extents);
--  cache_extents = NULL;
--}
--
--static int
--cacheextents_pwrite (nbdkit_next *next,
--                     void *handle,
--                     const void *buf, uint32_t count, uint64_t offset,
--                     uint32_t flags, int *err)
--{
--  kill_cacheextents ();
--  return next->pwrite (next, buf, count, offset, flags, err);
--}
--
--static int
--cacheextents_trim (nbdkit_next *next,
--                   void *handle,
--                   uint32_t count, uint64_t offset, uint32_t flags,
--                   int *err)
--{
--  kill_cacheextents ();
--  return next->trim (next, count, offset, flags, err);
--}
--
--static int
--cacheextents_zero (nbdkit_next *next,
--                   void *handle,
--                   uint32_t count, uint64_t offset, uint32_t flags,
--                   int *err)
--{
--  kill_cacheextents ();
--  return next->zero (next, count, offset, flags, err);
--}
--
--static struct nbdkit_filter filter = {
--  .name              = "cacheextents",
--  .longname          = "nbdkit cacheextents filter",
--  .unload            = cacheextents_unload,
--  .pwrite            = cacheextents_pwrite,
--  .trim              = cacheextents_trim,
--  .zero              = cacheextents_zero,
--  .extents           = cacheextents_extents,
--};
--
--NBDKIT_REGISTER_FILTER (filter)
-diff --git a/filters/cacheextents/nbdkit-cacheextents-filter.pod b/filters/cacheextents/nbdkit-cacheextents-filter.pod
-deleted file mode 100644
-index 0693ca80..00000000
---- a/filters/cacheextents/nbdkit-cacheextents-filter.pod
-+++ /dev/null
-@@ -1,76 +0,0 @@
--=head1 NAME
--
--nbdkit-cacheextents-filter - cache extents
--
--=head1 SYNOPSIS
--
-- nbdkit --filter=cacheextents plugin
--
--=head1 DEPRECATED
--
--B<The cacheextents filter is deprecated in S<nbdkit E<ge> 1.43.10> and
--will be removed in S<nbdkit 1.46>>.  There is no direct replacement,
--but as the filter only worked for a narrow and unusual range of access
--patterns it is likely that it has no effect and you can just stop
--using it.
--
--=head1 DESCRIPTION
--
--C<nbdkit-cacheextents-filter> is a filter that caches the result of last
--extents() call.
--
--A common use for this filter is to improve performance when using a
--client performing a linear pass over the entire image while asking for
--only one extent at a time (such as S<C<qemu-img convert>>), but where
--the plugin can provide multiple extents for the same high latency as a
--single extent (such as L<nbdkit-vddk-plugin(1)>).  For example:
--
-- nbdkit --filter=cacheextents --run 'qemu-img map "$uri"' vddk ...
--
--For files with big extents (when it is unlikely for one extents() call
--to return multiple different extents) this does not slow down the
--access.
--
--This filter only caches image metadata; to also cache image contents,
--place this filter between L<nbdkit-cache-filter(1)> and the plugin.
--
--=head1 PARAMETERS
--
--There are no parameters specific to nbdkit-cacheextents-filter.  Any
--parameters are passed through to and processed by the underlying
--plugin in the normal way.
--
--=head1 FILES
--
--=over 4
--
--=item F<$filterdir/nbdkit-cacheextents-filter.so>
--
--The filter.
--
--Use C<nbdkit --dump-config> to find the location of C<$filterdir>.
--
--=back
--
--=head1 VERSION
--
--C<nbdkit-cacheextents-filter> first appeared in nbdkit 1.14.
--
--=head1 SEE ALSO
--
--L<nbdkit(1)>,
--L<nbdkit-cache-filter(1)>,
--L<nbdkit-extentlist-filter(1)>,
--L<nbdkit-readahead-filter(1)>,
--L<nbdkit-scan-filter(1)>,
--L<nbdkit-vddk-plugin(1)>,
--L<nbdkit-filter(3)>,
--L<qemu-img(1)>.
--
--=head1 AUTHORS
--
--Martin Kletzander
--
--=head1 COPYRIGHT
--
--Copyright Red Hat
-diff --git a/filters/cow/nbdkit-cow-filter.pod b/filters/cow/nbdkit-cow-filter.pod
-index fd551d93..9462a28d 100644
---- a/filters/cow/nbdkit-cow-filter.pod
-+++ b/filters/cow/nbdkit-cow-filter.pod
-@@ -169,7 +169,6 @@ C<nbdkit-cow-filter> first appeared in nbdkit 1.2.
- L<nbdkit(1)>,
- L<nbdkit-file-plugin(1)>,
- L<nbdkit-cache-filter(1)>,
--L<nbdkit-cacheextents-filter(1)>,
- L<nbdkit-xz-filter(1)>,
- L<nbdkit-filter(3)>,
- L<nbdcopy(1)>,
-diff --git a/filters/extentlist/nbdkit-extentlist-filter.pod b/filters/extentlist/nbdkit-extentlist-filter.pod
-index d5ac81eb..44c81635 100644
---- a/filters/extentlist/nbdkit-extentlist-filter.pod
-+++ b/filters/extentlist/nbdkit-extentlist-filter.pod
-@@ -85,7 +85,6 @@ C<nbdkit-extentlist-filter> first appeared in nbdkit 1.18.
- =head1 SEE ALSO
- 
- L<nbdkit(1)>,
--L<nbdkit-cacheextents-filter(1)>,
- L<nbdkit-noextents-filter(1)>,
- L<nbdkit-filter(3)>,
- L<nbdkit-plugin(3)>.
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index 6d94c327..c16b5912 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -1694,10 +1694,6 @@ EXTRA_DIST += \
- 	test-cache-unaligned.sh \
- 	$(NULL)
- 
--# cacheextents filter test.
--TESTS += test-cacheextents.sh
--EXTRA_DIST += test-cacheextents.sh
--
- # checkwrite filter test.
- TESTS += \
- 	test-checkwrite.sh \
-diff --git a/tests/test-cacheextents.sh b/tests/test-cacheextents.sh
-deleted file mode 100755
-index 34d66217..00000000
---- a/tests/test-cacheextents.sh
-+++ /dev/null
-@@ -1,114 +0,0 @@
--#!/usr/bin/env bash
--# nbdkit
--# Copyright Red Hat
--#
--# Redistribution and use in source and binary forms, with or without
--# modification, are permitted provided that the following conditions are
--# met:
--#
--# * Redistributions of source code must retain the above copyright
--# notice, this list of conditions and the following disclaimer.
--#
--# * Redistributions in binary form must reproduce the above copyright
--# notice, this list of conditions and the following disclaimer in the
--# documentation and/or other materials provided with the distribution.
--#
--# * Neither the name of Red Hat nor the names of its contributors may be
--# used to endorse or promote products derived from this software without
--# specific prior written permission.
--#
--# THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
--# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
--# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
--# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
--# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
--# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
--# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
--# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
--# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
--# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
--# SUCH DAMAGE.
--
--source ./functions.sh
--set -x
--set -u
--set -e
--
--requires_plugin sh
--requires_filter cacheextents
--requires grep --version
--requires qemu-io --version
--requires dd iflag=count_bytes </dev/null
--
--sock=$(mktemp -u /tmp/nbdkit-test-sock.XXXXXX)
--sockurl="nbd+unix:///?socket=$sock"
--pidfile="test-cacheextents.pid"
--accessfile="test-cacheextents-access.log"
--accessfile_full="$PWD/test-cacheextents-access.log"
--files="$pidfile $sock"
--rm -f $files $accessfile
--cleanup_fn rm -f $files
--
--define plugin <<'EOF'
--echo "Call: $@" >>$accessfile_full
--size=4M
--block_size=$((1024*1024))
--case "$1" in
--  thread_model) echo parallel ;;
--  get_size) echo $size ;;
--  can_extents) ;;
--  extents)
--    echo "extents request: $@" >>$accessfile_full
--    offset=$(($4 / $block_size))
--    count=$(($3 / $block_size))
--    length=$(($offset + $count))
--    for i in $(seq $offset $length); do
--      echo ${i}M $block_size $((i%4)) >>$accessfile_full
--      echo ${i}M $block_size $((i%4))
--    done
--    ;;
--  pread) dd if=/dev/zero count=$3 iflag=count_bytes ;;
--  can_write) ;;
--  pwrite) dd of=/dev/null ;;
--  can_trim) ;;
--  trim) ;;
--  can_zero) ;;
--  zero) ;;
--  *) exit 2 ;;
--esac
--EOF
--
--export accessfile_full
--start_nbdkit \
--    -P $pidfile \
--    -U $sock \
--    --filter=cacheextents \
--    sh - <<<"$plugin"
--
--test_me() {
--    num_accesses=$1
--    shift
--
--    qemu-io -f raw "$@" "$sockurl"
--    test "$(grep -c "^extents request: " $accessfile)" -eq "$num_accesses"
--    ret=$?
--    rm -f "$accessfile"
--    return $ret
--}
--
--# First one causes caching, the rest should be returned from cache.
--test_me 1 -c 'map' -c 'map' -c 'map'
--# First one is still cached from last time, discard should kill the cache, then
--# one request should go through.
--test_me 1 -c 'map' -c 'discard 0 1' -c 'map'
--# Same as above, only this time the cache is killed before all the operations as
--# well.  This is used from now on to clear the cache as it seems nicer and
--# faster than running new nbdkit for each test.
--test_me 2 -c 'discard 0 1' -c 'map' -c 'discard 0 1' -c 'map'
--# Write should kill the cache as well.
--test_me 2 -c 'discard 0 1' -c 'map' -c 'write 0 1' -c 'map'
--# Alloc should use cached data from map
--test_me 1 -c 'discard 0 1' -c 'map' -c 'alloc 0'
--# Read should not kill the cache
--test_me 1 -c 'discard 0 1' -c 'map' -c 'read 0 1' -c 'map' -c 'alloc 0'
--- 
-2.47.1
-

0007-New-filter-nbdkit-count-filter-count-bytes-read-writ.patch

@@ -1,500 +0,0 @@
-From 9c28df70cbde94e58e448c8953965510e5d952c2 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Tue, 8 Jul 2025 17:49:00 +0100
-Subject: [PATCH] New filter: nbdkit-count-filter: count bytes read, written
- etc.
-
-This produces a summary of the number of bytes read, written, etc
-through the filter.
-
-This is mainly of use to virt-v2v where it's commonly asked how much
-data was transferred over the wire or written to disk, and we don't
-currently have an easy way to answer that.  By simply adding this
-filter, the numbers will be known from the virt-v2v conversion log.
-
-(cherry picked from commit 3512c3ce9308b4d940119ac6cc87f1baa9afb655)
----
- configure.ac                          |   2 +
- docs/nbdkit-protocol.pod              |   9 +-
- filters/count/Makefile.am             |  70 ++++++++++++++
- filters/count/count.c                 | 132 ++++++++++++++++++++++++++
- filters/count/nbdkit-count-filter.pod |  55 +++++++++++
- filters/log/nbdkit-log-filter.pod     |   1 +
- filters/stats/nbdkit-stats-filter.pod |   3 +
- plugins/file/nbdkit-file-plugin.pod   |   1 +
- tests/Makefile.am                     |   4 +
- tests/test-count.sh                   |  55 +++++++++++
- 10 files changed, 328 insertions(+), 4 deletions(-)
- create mode 100644 filters/count/Makefile.am
- create mode 100644 filters/count/count.c
- create mode 100644 filters/count/nbdkit-count-filter.pod
- create mode 100755 tests/test-count.sh
-
-diff --git a/configure.ac b/configure.ac
-index 9b057e6f..26e59462 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -144,6 +144,7 @@ filters="\
-         bzip2 \
-         cache \
-         checkwrite \
-+        count \
-         cow \
-         ddrescue \
-         delay \
-@@ -1787,6 +1788,7 @@ AC_CONFIG_FILES([Makefile
-                  filters/bzip2/Makefile
-                  filters/cache/Makefile
-                  filters/checkwrite/Makefile
-+                 filters/count/Makefile
-                  filters/cow/Makefile
-                  filters/ddrescue/Makefile
-                  filters/delay/Makefile
-diff --git a/docs/nbdkit-protocol.pod b/docs/nbdkit-protocol.pod
-index 93f5c5fa..edf0efb0 100644
---- a/docs/nbdkit-protocol.pod
-+++ b/docs/nbdkit-protocol.pod
-@@ -276,12 +276,13 @@ filters do not work properly in this case.
-    bzip2                   No
-    cache                   No
-    checkwrite              Yes
-+   count                   Yes
-    cow                     Yes, since 1.44
-    delay                   Yes
-    error                   Yes
-    evil                    Yes
-+
-    exitlast                Yes
--
-    exitwhen                Yes
-    exportname              Yes
-    ext2                    No
-@@ -291,8 +292,8 @@ filters do not work properly in this case.
-    ip                      Yes
-    limit                   Yes
-    log                     Yes
-+
-    luks                    No
--
-    lzip                    No
-    multi-conn              Yes
-    nocache                 Yes
-@@ -302,8 +303,8 @@ filters do not work properly in this case.
-    nozero                  Yes
-    offset                  Yes, but unlikely to be useful
-    openonce                Yes
-+
-    partition               No
--
-    pause                   Yes
-    protect                 Yes, but unlikely to be useful
-    qcow2dec                No
-@@ -313,8 +314,8 @@ filters do not work properly in this case.
-    retry                   Yes
-    retry-request           Yes
-    rotational              Yes
-+
-    scan                    Yes
--
-    spinning                Yes
-    stats                   Yes
-    swab                    Yes
-diff --git a/filters/count/Makefile.am b/filters/count/Makefile.am
-new file mode 100644
-index 00000000..20456e17
---- /dev/null
-+++ b/filters/count/Makefile.am
-@@ -0,0 +1,70 @@
-+# nbdkit
-+# Copyright Red Hat
-+#
-+# Redistribution and use in source and binary forms, with or without
-+# modification, are permitted provided that the following conditions are
-+# met:
-+#
-+# * Redistributions of source code must retain the above copyright
-+# notice, this list of conditions and the following disclaimer.
-+#
-+# * Redistributions in binary form must reproduce the above copyright
-+# notice, this list of conditions and the following disclaimer in the
-+# documentation and/or other materials provided with the distribution.
-+#
-+# * Neither the name of Red Hat nor the names of its contributors may be
-+# used to endorse or promote products derived from this software without
-+# specific prior written permission.
-+#
-+# THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
-+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
-+# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
-+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-+# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-+# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+# SUCH DAMAGE.
-+
-+include $(top_srcdir)/common-rules.mk
-+
-+EXTRA_DIST = nbdkit-count-filter.pod
-+
-+filter_LTLIBRARIES = nbdkit-count-filter.la
-+
-+nbdkit_count_filter_la_SOURCES = \
-+	count.c \
-+	$(top_srcdir)/include/nbdkit-filter.h \
-+	$(NULL)
-+
-+nbdkit_count_filter_la_CPPFLAGS = \
-+	-I$(top_srcdir)/include \
-+	-I$(top_builddir)/include \
-+	$(NULL)
-+nbdkit_count_filter_la_CFLAGS = $(WARNINGS_CFLAGS)
-+nbdkit_count_filter_la_LDFLAGS = \
-+	-module -avoid-version -shared $(NO_UNDEFINED_ON_WINDOWS) \
-+	$(NULL)
-+if USE_LINKER_SCRIPT
-+nbdkit_count_filter_la_LDFLAGS += \
-+	-Wl,--version-script=$(top_srcdir)/filters/filters.syms
-+endif
-+nbdkit_count_filter_la_LIBADD = \
-+	$(IMPORT_LIBRARY_ON_WINDOWS) \
-+	$(NULL)
-+
-+if HAVE_POD
-+
-+man_MANS = nbdkit-count-filter.1
-+CLEANFILES += $(man_MANS)
-+
-+nbdkit-count-filter.1: nbdkit-count-filter.pod \
-+		$(top_builddir)/podwrapper.pl
-+	$(PODWRAPPER) --section=1 --man $@ \
-+	    --html $(top_builddir)/html/$@.html \
-+	    $<
-+
-+endif HAVE_POD
-diff --git a/filters/count/count.c b/filters/count/count.c
-new file mode 100644
-index 00000000..8af7f5a0
---- /dev/null
-+++ b/filters/count/count.c
-@@ -0,0 +1,132 @@
-+/* nbdkit
-+ * Copyright Red Hat
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions are
-+ * met:
-+ *
-+ * * Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * * Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ *
-+ * * Neither the name of Red Hat nor the names of its contributors may be
-+ * used to endorse or promote products derived from this software without
-+ * specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
-+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
-+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ */
-+
-+#include <config.h>
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <stdint.h>
-+#include <inttypes.h>
-+
-+#include <nbdkit-filter.h>
-+
-+#ifdef HAVE_STDATOMIC_H
-+#include <stdatomic.h>
-+#else
-+/* Only used for counting statistics. */
-+#define _Atomic /**/
-+#endif
-+
-+static _Atomic uint64_t bytes_read, bytes_written, bytes_zeroed, bytes_trimmed;
-+
-+static void
-+count_unload (void)
-+{
-+  nbdkit_debug ("count bytes: "
-+                "read %" PRIu64 ", "
-+                "written %" PRIu64 ", "
-+                "zeroed %" PRIu64 ", "
-+                "trimmed %" PRIu64,
-+                bytes_read, bytes_written, bytes_zeroed, bytes_trimmed);
-+}
-+
-+/* Read data. */
-+static int
-+count_pread (nbdkit_next *next,
-+             void *handle,
-+             void *buf,
-+             uint32_t count, uint64_t offset, uint32_t flags,
-+             int *err)
-+{
-+  int r;
-+
-+  r = next->pread (next, buf, count, offset, flags, err);
-+  if (r >= 0)
-+    bytes_read += count;
-+  return r;
-+}
-+
-+/* Write data. */
-+static int
-+count_pwrite (nbdkit_next *next,
-+              void *handle,
-+              const void *buf,
-+              uint32_t count, uint64_t offset, uint32_t flags,
-+              int *err)
-+{
-+  int r;
-+
-+  r = next->pwrite (next, buf, count, offset, flags, err);
-+  if (r >= 0)
-+    bytes_written += count;
-+  return r;
-+}
-+
-+/* Trim data. */
-+static int
-+count_trim (nbdkit_next *next,
-+            void *handle, uint32_t count, uint64_t offset, uint32_t flags,
-+            int *err)
-+{
-+  int r;
-+
-+  r = next->trim (next, count, offset, flags, err);
-+  if (r >= 0)
-+    bytes_trimmed += count;
-+  return r;
-+}
-+
-+/* Zero data. */
-+static int
-+count_zero (nbdkit_next *next,
-+            void *handle, uint32_t count, uint64_t offset, uint32_t flags,
-+            int *err)
-+{
-+  int r;
-+
-+  r = next->zero (next, count, offset, flags, err);
-+  if (r >= 0)
-+    bytes_zeroed += count;
-+  return r;
-+}
-+
-+static struct nbdkit_filter filter = {
-+  .name              = "count",
-+  .longname          = "nbdkit count filter",
-+  .unload            = count_unload,
-+  .pread             = count_pread,
-+  .pwrite            = count_pwrite,
-+  .trim              = count_trim,
-+  .zero              = count_zero,
-+};
-+
-+NBDKIT_REGISTER_FILTER (filter)
-diff --git a/filters/count/nbdkit-count-filter.pod b/filters/count/nbdkit-count-filter.pod
-new file mode 100644
-index 00000000..f0437000
---- /dev/null
-+++ b/filters/count/nbdkit-count-filter.pod
-@@ -0,0 +1,55 @@
-+=head1 NAME
-+
-+nbdkit-count-filter - count bytes read, written, zeroed and trimmed
-+
-+=head1 SYNOPSIS
-+
-+ nbdkit --filter=count plugin
-+
-+=head1 DESCRIPTION
-+
-+C<nbdkit-count-filter> is a filter for L<nbdkit(1)> that simply counts
-+the number of bytes that are read, written, zeroed and trimmed, and
-+reports this number in debugging output when the filter is unloaded
-+(usually when nbdkit exits).
-+
-+This is a very simple and lightweight filter.  For much more
-+comprehensive stats about and logging of operations, use
-+L<nbdkit-stats-filter(1)> or L<nbdkit-log-filter(1)> instead.
-+
-+=head1 PARAMETERS
-+
-+There are no parameters specific to this filter.  All parameters are
-+passed through to the underlying plugin.
-+
-+=head1 FILES
-+
-+=over 4
-+
-+=item F<$filterdir/nbdkit-count-filter.so>
-+
-+The filter.
-+
-+Use C<nbdkit --dump-config> to find the location of C<$filterdir>.
-+
-+=back
-+
-+=head1 VERSION
-+
-+C<nbdkit-count-filter> first appeared in nbdkit 1.46.
-+
-+=head1 SEE ALSO
-+
-+L<nbdkit(1)>,
-+L<nbdkit-file-plugin(1)>,
-+L<nbdkit-log-filter(1)>,
-+L<nbdkit-stats-filter(1)>,
-+L<nbdkit-filter(3)>.
-+
-+=head1 AUTHORS
-+
-+Richard W.M. Jones
-+
-+=head1 COPYRIGHT
-+
-+Copyright Red Hat
-diff --git a/filters/log/nbdkit-log-filter.pod b/filters/log/nbdkit-log-filter.pod
-index b91b60c4..256701a1 100644
---- a/filters/log/nbdkit-log-filter.pod
-+++ b/filters/log/nbdkit-log-filter.pod
-@@ -208,6 +208,7 @@ L<nbdkit(1)>,
- L<nbdkit-file-plugin(1)>,
- L<nbdkit-cow-filter(1)>,
- L<nbdkit-filter(3)>,
-+L<nbdkit-count-filter(1)>,
- L<nbdkit-stats-filter(1)>.
- 
- =head1 AUTHORS
-diff --git a/filters/stats/nbdkit-stats-filter.pod b/filters/stats/nbdkit-stats-filter.pod
-index c0d2b45c..10074b4a 100644
---- a/filters/stats/nbdkit-stats-filter.pod
-+++ b/filters/stats/nbdkit-stats-filter.pod
-@@ -13,6 +13,8 @@ C<nbdkit-stats-filter> is a filter that displays statistics about NBD
- operations, such as the number of bytes read and written.  Statistics
- are written to a file once when nbdkit exits.
- 
-+A lighter weight version of this is L<nbdkit-count-filter(1)>.
-+
- =head1 EXAMPLE OUTPUT
- 
-  # nbdkit --filter=exitlast --filter=stats memory 25G statsfile=example.txt
-@@ -113,6 +115,7 @@ C<nbdkit-stats-filter> first appeared in nbdkit 1.14.
- 
- L<nbdkit(1)>,
- L<nbdkit-filter(3)>,
-+L<nbdkit-count-filter(1)>,
- L<nbdkit-log-filter(1)>.
- 
- =head1 AUTHORS
-diff --git a/plugins/file/nbdkit-file-plugin.pod b/plugins/file/nbdkit-file-plugin.pod
-index 63d07617..626827b2 100644
---- a/plugins/file/nbdkit-file-plugin.pod
-+++ b/plugins/file/nbdkit-file-plugin.pod
-@@ -316,6 +316,7 @@ L<nbdkit-split-plugin(1)>,
- L<nbdkit-partitioning-plugin(1)>,
- L<nbdkit-tmpdisk-plugin(1)>,
- L<nbdkit-nfs-plugin(1)>,
-+L<nbdkit-count-filter(1)>,
- L<nbdkit-exportname-filter(1)>,
- L<nbdkit-fua-filter(1)>,
- L<nbdkit-luks-filter(1)>,
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index c16b5912..d7053ba2 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -1706,6 +1706,10 @@ EXTRA_DIST += \
- 	test-checkwrite-fail.sh \
- 	$(NULL)
- 
-+# count filter test.
-+TESTS += test-count.sh
-+EXTRA_DIST += test-count.sh
-+
- # cow filter test.
- if HAVE_MKE2FS_WITH_D
- TESTS += \
-diff --git a/tests/test-count.sh b/tests/test-count.sh
-new file mode 100755
-index 00000000..e2e10704
---- /dev/null
-+++ b/tests/test-count.sh
-@@ -0,0 +1,55 @@
-+#!/usr/bin/env bash
-+# nbdkit
-+# Copyright Red Hat
-+#
-+# Redistribution and use in source and binary forms, with or without
-+# modification, are permitted provided that the following conditions are
-+# met:
-+#
-+# * Redistributions of source code must retain the above copyright
-+# notice, this list of conditions and the following disclaimer.
-+#
-+# * Redistributions in binary form must reproduce the above copyright
-+# notice, this list of conditions and the following disclaimer in the
-+# documentation and/or other materials provided with the distribution.
-+#
-+# * Neither the name of Red Hat nor the names of its contributors may be
-+# used to endorse or promote products derived from this software without
-+# specific prior written permission.
-+#
-+# THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
-+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
-+# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
-+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-+# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-+# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+# SUCH DAMAGE.
-+
-+# Test nbdkit-count-filter.
-+
-+source ./functions.sh
-+set -e
-+set -x
-+set -u
-+
-+requires_run
-+requires_filter count
-+requires_plugin sparse-random
-+requires_nbdcopy
-+
-+log=test-count.out
-+rm -f $log
-+cleanup_fn rm -f $log
-+
-+# We use sparse-random plugin because it both provides some data for
-+# nbdcopy to copy, and allows writes.
-+nbdkit -v --filter=count sparse-random 1G \
-+       --run 'nbdcopy "$uri" "$uri"' 2>$log
-+
-+# Check that something got logged when the filter was unloaded.
-+grep "count bytes:" $log
--- 
-2.47.1
-

0008-count-Clarify-documentation.patch

@@ -1,41 +0,0 @@
-From 745b959b44a67cd3def7c60b873701ad79137bda Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Tue, 8 Jul 2025 21:20:52 +0100
-Subject: [PATCH] count: Clarify documentation
-
-Updates: commit 3512c3ce9308b4d940119ac6cc87f1baa9afb655
-(cherry picked from commit 7c84314ec7411fc1090bf1ca417c453d08fcf364)
----
- filters/count/nbdkit-count-filter.pod | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/filters/count/nbdkit-count-filter.pod b/filters/count/nbdkit-count-filter.pod
-index f0437000..c20b4737 100644
---- a/filters/count/nbdkit-count-filter.pod
-+++ b/filters/count/nbdkit-count-filter.pod
-@@ -4,17 +4,19 @@ nbdkit-count-filter - count bytes read, written, zeroed and trimmed
- 
- =head1 SYNOPSIS
- 
-- nbdkit --filter=count plugin
-+ nbdkit -fv --filter=count plugin
- 
- =head1 DESCRIPTION
- 
- C<nbdkit-count-filter> is a filter for L<nbdkit(1)> that simply counts
- the number of bytes that are read, written, zeroed and trimmed, and
- reports this number in debugging output when the filter is unloaded
--(usually when nbdkit exits).
-+(usually when nbdkit exits).  The filter output can only be seen when
-+debugging is enabled (I<-v>) which usually implies using the
-+foreground (I<-f>) option as well.
- 
- This is a very simple and lightweight filter.  For much more
--comprehensive stats about and logging of operations, use
-+comprehensive stats and logging of operations, use
- L<nbdkit-stats-filter(1)> or L<nbdkit-log-filter(1)> instead.
- 
- =head1 PARAMETERS
--- 
-2.47.1
-

SOURCES/0001-cache-cow-Fix-data-corruption-in-zero-and-trim-on-un.patch

@@ -0,0 +1,82 @@
+From 99788909d9ec36e3210cf85976fe5b18da690ddd Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Wed, 4 Aug 2021 20:24:59 +0100
+Subject: [PATCH] cache, cow: Fix data corruption in zero and trim on unaligned
+ tail
+
+Commit eb6009b092 ("cache, cow: Reduce use of bounce-buffer") first
+introduced in nbdkit 1.14 added an optimization of the
+read-modify-write mechanism used for unaligned heads and tails when
+zeroing in the cache layer.
+
+Unfortunately the part applied to the tail contained a mistake: It
+zeroes the end of the buffer rather than the beginning.  This causes
+data corruption when you use the zero or trim function with an offset
+and count which is not aligned to the block size.
+
+Although the bug has been around for years, a recent change made it
+more likely to happen.  Commit c1905b0a28 ("cache, cow: Use a 64K
+block size by default") increased the default block size from 4K to
+64K.  Most filesystems use a 4K block size so operations like fstrim
+will make 4K-aligned requests, and with a 4K block size also in the
+cache or cow filter the unaligned case would never have been hit
+before.
+
+We can demonstrate the bug simply by filling a buffer with data
+(100000 bytes in the example), and then trimming that data, which
+ought to zero it out.
+
+Before this commit there is data visible after the trim:
+
+$ nbdkit --filter=cow data "0x21 * 100000" --run 'nbdsh -u $uri -c "h.trim(100000, 0)" ; nbdcopy $uri - | hexdump -C'
+00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+*
+00018000  21 21 21 21 21 21 21 21  21 21 21 21 21 21 21 21  |!!!!!!!!!!!!!!!!|
+*
+000186a0
+
+After this commit the trim completely clears the data:
+
+$ nbdkit --filter=cow data "0x21 * 100000" --run 'nbdsh -u $uri -c "h.trim(100000, 0)" ; nbdcopy $uri - | hexdump -C'
+00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+*
+000186a0
+
+Thanks: Ming Xie for finding the bug
+Fixes: commit eb6009b092ae642ed25f133d487dd40ef7bf70f8
+(cherry picked from commit a0ae7b2158598ce48ac31706319007f716d01c87)
+(cherry picked from commit c0b15574647672cb5c48178333acdd07424692ef)
+---
+ filters/cache/cache.c | 2 +-
+ filters/cow/cow.c     | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/filters/cache/cache.c b/filters/cache/cache.c
+index 91dcc43d..0616cc7b 100644
+--- a/filters/cache/cache.c
++++ b/filters/cache/cache.c
+@@ -493,7 +493,7 @@ cache_zero (struct nbdkit_next_ops *next_ops, void *nxdata,
+     ACQUIRE_LOCK_FOR_CURRENT_SCOPE (&lock);
+     r = blk_read (next_ops, nxdata, blknum, block, err);
+     if (r != -1) {
+-      memset (&block[count], 0, blksize - count);
++      memset (block, 0, count);
+       r = blk_write (next_ops, nxdata, blknum, block, flags, err);
+     }
+     if (r == -1)
+diff --git a/filters/cow/cow.c b/filters/cow/cow.c
+index 51ca64a4..1cfcc4e7 100644
+--- a/filters/cow/cow.c
++++ b/filters/cow/cow.c
+@@ -419,7 +419,7 @@ cow_zero (struct nbdkit_next_ops *next_ops, void *nxdata,
+     ACQUIRE_LOCK_FOR_CURRENT_SCOPE (&lock);
+     r = blk_read (next_ops, nxdata, blknum, block, err);
+     if (r != -1) {
+-      memset (&block[count], 0, BLKSIZE - count);
++      memset (block, 0, count);
+       r = blk_write (blknum, block, err);
+     }
+     if (r == -1)
+-- 
+2.31.1
+

SOURCES/0002-server-CVE-2021-3716-reset-structured-replies-on-sta.patch

@@ -0,0 +1,94 @@
+From 6b9d4380df9bd0be91f49aad8c4f47b4e672adde Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Mon, 16 Aug 2021 13:43:29 -0500
+Subject: [PATCH] server: CVE-2021-3716 reset structured replies on starttls
+
+https://nostarttls.secvuln.info/ pointed out a series of CVEs in
+common implementation flaw in various SMTP and IMAP clients and
+servers, all with a common thread of improperly caching plaintext
+state across the STARTTLS encryption boundary; and recommended that
+other protocols with a STARTTLS operation perform a similar audit.
+
+It turns out that nbdkit has the same vulnerability in regards to the
+NBD protocol: when nbdkit is run in opportunistic TLS mode, an
+attacker is able to inject a plaintext NBD_OPT_STRUCTURED_REPLY before
+proxying everything else a client sends to the server; if the server
+then acts on that plaintext request (as nbdkit did before this patch),
+then the server ends up sending structured replies to at least
+NBD_CMD_READ, even though the client was assuming that the transition
+to TLS has ruled out a MitM attack.
+
+On the bright side, nbdkit's behavior on a second
+NBD_OPT_STRUCTURED_REPLY was to still reply with success, so a client
+that always requests structured replies after starting TLS sees no
+difference in behavior (that is, qemu 2.12 and later are immune) (had
+nbdkit given an error to the second request, that may have caused
+confusion to more clients).  And there is always the mitigation of
+using --tls=require, which lets nbdkit reject the MitM message
+pre-encryption.  However, nbd-client 3.15 to the present do not
+understand structured replies, and I have confirmed that a MitM
+attacker can thus cause a denial-of-service attack that does not
+trigger until the client does its first encrypted NBD_CMD_READ.
+
+The NBD spec has been recently tightened to declare the nbdkit
+behavior to be a security hole:
+https://github.com/NetworkBlockDevice/nbd/commit/77e55378096aa
+Fixes: eaa4c6e9a2c4bd (server: Minimal implementation of NBD Structured Replies.)
+
+(cherry picked from commit 09a13dafb7bb3a38ab52eb5501cba786365ba7fd)
+(cherry picked from commit 6185b15a81e6915734d678f0781e31d45a7941a1)
+---
+ docs/nbdkit-security.pod             | 11 +++++++++--
+ server/protocol-handshake-newstyle.c |  3 ++-
+ 2 files changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/docs/nbdkit-security.pod b/docs/nbdkit-security.pod
+index 3a28e54d..5a4e6da8 100644
+--- a/docs/nbdkit-security.pod
++++ b/docs/nbdkit-security.pod
+@@ -10,7 +10,7 @@ For how to report new security issues, see the C<SECURITY> file in the
+ top level source directory, also available online here:
+ L<https://github.com/libguestfs/nbdkit/blob/master/SECURITY>
+ 
+-=head2 CVE-2019-14850 
++=head2 CVE-2019-14850
+ denial of service due to premature opening of back-end connection
+ 
+ See the full announcement and links to mitigation, tests and fixes
+@@ -26,6 +26,13 @@ See the full announcement and links to mitigation, tests and fixes
+ here:
+ https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html
+ 
++=head2 CVE-2021-3716
++structured read denial of service attack against starttls
++
++See the full announcement and links to mitigation, tests and fixes
++here:
++https://www.redhat.com/archives/libguestfs/2021-August/msg00083.html
++
+ =head1 SEE ALSO
+ 
+ L<nbdkit(1)>.
+@@ -38,4 +45,4 @@ Richard W.M. Jones
+ 
+ =head1 COPYRIGHT
+ 
+-Copyright (C) 2013-2020 Red Hat Inc.
++Copyright (C) 2013-2021 Red Hat Inc.
+diff --git a/server/protocol-handshake-newstyle.c b/server/protocol-handshake-newstyle.c
+index 0a76a814..b94950e2 100644
+--- a/server/protocol-handshake-newstyle.c
++++ b/server/protocol-handshake-newstyle.c
+@@ -495,7 +495,8 @@ negotiate_handshake_newstyle_options (void)
+           return -1;
+         conn->using_tls = true;
+         debug ("using TLS on this connection");
+-        /* Wipe out any cached default export name. */
++        /* Wipe out any cached state. */
++        conn->structured_replies = false;
+         for_each_backend (b) {
+           struct handle *h = get_handle (conn, b->i);
+           free (h->default_exportname);
+-- 
+2.31.1
+

SOURCES/0003-server-reset-meta-context-replies-on-starttls.patch

@@ -0,0 +1,40 @@
+From add9b794b9dc697a1b52115c997fcfb6e06bf64c Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Mon, 16 Aug 2021 13:43:29 -0500
+Subject: [PATCH] server: reset meta context replies on starttls
+
+Related to CVE-2021-3716, but not as severe.  No compliant client will
+send NBD_CMD_BLOCK_STATUS unless it first negotiates
+NBD_OPT_SET_META_CONTEXT.  If an attacker injects a premature
+SET_META_CONTEXT, either the client will never notice (because it
+never uses BLOCK_STATUS), or the client will overwrite the attacker's
+attempt with the client's own SET_META_CONTEXT request after
+encryption is enabled.  So I don't class this as having the potential
+to trigger denial-of-service due to any protocol mismatch between
+compliant client and server (I don't care what happens with
+non-compliant clients).
+
+Fixes: 26455d45 (server: protocol: Implement Block Status "base:allocation".)
+(cherry picked from commit 6c5faac6a37077cf2366388a80862bb00616d0d8)
+(cherry picked from commit 814d8103fb4b581dc01dfd25d2cd81596576f211)
+---
+ server/protocol-handshake-newstyle.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/server/protocol-handshake-newstyle.c b/server/protocol-handshake-newstyle.c
+index b94950e2..eb0f3961 100644
+--- a/server/protocol-handshake-newstyle.c
++++ b/server/protocol-handshake-newstyle.c
+@@ -497,6 +497,9 @@ negotiate_handshake_newstyle_options (void)
+         debug ("using TLS on this connection");
+         /* Wipe out any cached state. */
+         conn->structured_replies = false;
++        free (conn->exportname_from_set_meta_context);
++        conn->exportname_from_set_meta_context = NULL;
++        conn->meta_context_base_allocation = false;
+         for_each_backend (b) {
+           struct handle *h = get_handle (conn, b->i);
+           free (h->default_exportname);
+-- 
+2.31.1
+

SOURCES/0004-cow-Fix-for-qemu-6.1-which-requires-backing-format.patch

@@ -0,0 +1,59 @@
+From 3c2879a38c299b725091cea45329879e3f46fc99 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Tue, 31 Aug 2021 11:23:27 +0100
+Subject: [PATCH] cow: Fix for qemu 6.1 which requires backing format
+
+The diffing example in the manual created a qcow2 file with a backing
+file but did not specify the backing format.  However qemu 6.1 now
+requires this and fails with:
+
+  qemu-img: cow-diff.qcow2: Backing file specified without backing format
+
+or:
+
+  qemu-img: Could not change the backing file to 'cow-base.img': backing format must be specified
+
+Fix the example by adding the -F option to the command line.
+
+Also there was a test of this rebasing sequence which failed, so this
+commit updates the test too.
+
+(cherry picked from commit 618290ef33ce13b75c1a79fea1f1ffb327b5ba07)
+---
+ filters/cow/nbdkit-cow-filter.pod | 4 ++--
+ tests/test-cow.sh                 | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/filters/cow/nbdkit-cow-filter.pod b/filters/cow/nbdkit-cow-filter.pod
+index 4d5ae856..510bdd40 100644
+--- a/filters/cow/nbdkit-cow-filter.pod
++++ b/filters/cow/nbdkit-cow-filter.pod
+@@ -101,8 +101,8 @@ At the end, disconnect the client.
+ Run these C<qemu-img> commands to construct a qcow2 file containing
+ the differences:
+ 
+- qemu-img create -f qcow2 -b nbd:localhost diff.qcow2
+- qemu-img rebase -b disk.img diff.qcow2
++ qemu-img create -F raw -b nbd:localhost -f qcow2 diff.qcow2
++ qemu-img rebase -F raw -b disk.img -f qcow2 diff.qcow2
+ 
+ F<diff.qcow2> now contains the differences between the base
+ (F<disk.img>) and the changes stored in nbdkit-cow-filter.  C<nbdkit>
+diff --git a/tests/test-cow.sh b/tests/test-cow.sh
+index 8772afd7..edc4c223 100755
+--- a/tests/test-cow.sh
++++ b/tests/test-cow.sh
+@@ -72,8 +72,8 @@ fi
+ # If we have qemu-img, try the hairy rebase operation documented
+ # in the nbdkit-cow-filter manual.
+ if qemu-img --version >/dev/null 2>&1; then
+-    qemu-img create -f qcow2 -b nbd:unix:$sock cow-diff.qcow2
+-    time qemu-img rebase -b cow-base.img cow-diff.qcow2
++    qemu-img create -F raw -b nbd:unix:$sock -f qcow2 cow-diff.qcow2
++    time qemu-img rebase -F raw -b cow-base.img -f qcow2 cow-diff.qcow2
+     qemu-img info cow-diff.qcow2
+ 
+     # This checks the file we created exists.
+-- 
+2.31.1
+

SOURCES/0005-vddk-Include-VDDK-major-library-version-in-dump-plug.patch

@@ -0,0 +1,141 @@
+From 9e20e2696fdb68008c9b4f1c36298f813320e381 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Sat, 23 Oct 2021 16:16:39 +0100
+Subject: [PATCH] vddk: Include VDDK major library version in --dump-plugin
+ output
+
+Although it doesn't seem to be possible to get the precise VDDK
+version, With a relatively simple change we can at least return the
+VDDK major version.  Currently this can be 5, 6 or 7.
+
+(cherry picked from commit 8700649d147948897f3b97810a1dff37924bdd6e)
+---
+ plugins/vddk/nbdkit-vddk-plugin.pod |  4 ++++
+ plugins/vddk/vddk.c                 | 29 +++++++++++++++++++----------
+ tests/test-vddk-real-dump-plugin.sh |  2 ++
+ 3 files changed, 25 insertions(+), 10 deletions(-)
+
+diff --git a/plugins/vddk/nbdkit-vddk-plugin.pod b/plugins/vddk/nbdkit-vddk-plugin.pod
+index 8b14eda0..822b96be 100644
+--- a/plugins/vddk/nbdkit-vddk-plugin.pod
++++ b/plugins/vddk/nbdkit-vddk-plugin.pod
+@@ -417,6 +417,10 @@ at runtime.
+ If this is printed then the C<nfchostport=PORT> parameter is supported
+ by this build.
+ 
++=item C<vddk_library_version=...>
++
++The VDDK major library version: 5, 6, 7, ...
++
+ =item C<vddk_dll=...>
+ 
+ Prints the full path to the VDDK shared library.  Since this requires
+diff --git a/plugins/vddk/vddk.c b/plugins/vddk/vddk.c
+index 69193504..291283f4 100644
+--- a/plugins/vddk/vddk.c
++++ b/plugins/vddk/vddk.c
+@@ -77,6 +77,7 @@ int vddk_debug_datapath = 1;
+ static void *dl;                           /* dlopen handle */
+ static bool init_called;                   /* was InitEx called */
+ static __thread int error_suppression;     /* threadlocal error suppression */
++static int library_version;                /* VDDK major: 5, 6, 7, ... */
+ 
+ static enum { NONE = 0, ZLIB, FASTLZ, SKIPZ } compression; /* compression */
+ static char *config;                       /* config */
+@@ -297,7 +298,10 @@ vddk_config (const char *key, const char *value)
+ static void
+ load_library (bool load_error_is_fatal)
+ {
+-  static const char *sonames[] = {
++  static struct {
++    const char *soname;
++    int library_version;
++  } libs[] = {
+     /* Prefer the newest library in case multiple exist.  Check two
+      * possible directories: the usual VDDK installation puts .so
+      * files in an arch-specific subdirectory of $libdir (our minimum
+@@ -305,12 +309,13 @@ load_library (bool load_error_is_fatal)
+      * but our testsuite is easier to write if we point libdir
+      * directly to a stub .so.
+      */
+-    "lib64/libvixDiskLib.so.7",
+-    "libvixDiskLib.so.7",
+-    "lib64/libvixDiskLib.so.6",
+-    "libvixDiskLib.so.6",
+-    "lib64/libvixDiskLib.so.5",
+-    "libvixDiskLib.so.5",
++    { "lib64/libvixDiskLib.so.7", 7 },
++    { "libvixDiskLib.so.7",       7 },
++    { "lib64/libvixDiskLib.so.6", 6 },
++    { "libvixDiskLib.so.6",       6 },
++    { "lib64/libvixDiskLib.so.5", 5 },
++    { "libvixDiskLib.so.5",       5 },
++    { NULL }
+   };
+   size_t i;
+   CLEANUP_FREE char *orig_error = NULL;
+@@ -323,19 +328,20 @@ load_library (bool load_error_is_fatal)
+     }
+   }
+ 
+-  for (i = 0; i < sizeof sonames / sizeof sonames[0]; ++i) {
++  for (i = 0; libs[i].soname != NULL; ++i) {
+     CLEANUP_FREE char *path;
+ 
+     /* Set the full path so that dlopen will preferentially load the
+      * system libraries from the same directory.
+      */
+-    if (asprintf (&path, "%s/%s", libdir, sonames[i]) == -1) {
++    if (asprintf (&path, "%s/%s", libdir, libs[i].soname) == -1) {
+       nbdkit_error ("asprintf: %m");
+       exit (EXIT_FAILURE);
+     }
+ 
+     dl = dlopen (path, RTLD_NOW);
+     if (dl != NULL) {
++      library_version = libs[i].library_version;
+       /* Now that we found the library, ensure that LD_LIBRARY_PATH
+        * includes its directory for all future loads.  This may modify
+        * path in-place and/or re-exec nbdkit, but that's okay.
+@@ -356,10 +362,12 @@ load_library (bool load_error_is_fatal)
+                   "If '%s' is located on a non-standard path you may need to\n"
+                   "set libdir=/path/to/vmware-vix-disklib-distrib.\n\n"
+                   "See nbdkit-vddk-plugin(1) man page section \"LIBRARY LOCATION\" for details.",
+-                  orig_error ? : "(unknown error)", sonames[0]);
++                  orig_error ? : "(unknown error)", libs[0].soname);
+     exit (EXIT_FAILURE);
+   }
+ 
++  assert (library_version >= 5);
++
+   /* Load symbols. */
+ #define STUB(fn,ret,args)                                         \
+   do {                                                            \
+@@ -474,6 +482,7 @@ vddk_dump_plugin (void)
+ 
+   printf ("vddk_default_libdir=%s\n", VDDK_LIBDIR);
+   printf ("vddk_has_nfchostport=1\n");
++  printf ("vddk_library_version=%d\n", library_version);
+ 
+ #if defined(HAVE_DLADDR)
+   /* It would be nice to print the version of VDDK from the shared
+diff --git a/tests/test-vddk-real-dump-plugin.sh b/tests/test-vddk-real-dump-plugin.sh
+index 1479e416..59c79693 100755
+--- a/tests/test-vddk-real-dump-plugin.sh
++++ b/tests/test-vddk-real-dump-plugin.sh
+@@ -51,10 +51,12 @@ rm -f $files
+ cleanup_fn rm -f $files
+ 
+ nbdkit -f -v vddk libdir="$vddkdir" --dump-plugin > $out
++cat $out
+ 
+ # Check the vddk_* entries are set.
+ grep ^vddk_default_libdir= $out
+ grep ^vddk_has_nfchostport= $out
++grep ^vddk_library_version= $out
+ grep ^vddk_dll= $out
+ 
+ dll="$(grep ^vddk_dll $out | cut -d= -f2)"
+-- 
+2.31.1
+

SOURCES/0006-vddk-Only-print-vddk_library_version-when-we-managed.patch

@@ -0,0 +1,55 @@
+From b8b376cf39d97c9f523a9867612126088b43c523 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Sat, 23 Oct 2021 19:50:52 +0100
+Subject: [PATCH] vddk: Only print vddk_library_version when we managed to load
+ the library
+
+Because --dump-plugin calls load_library (false) it won't fail if we
+didn't manage to load the library.  This results in library_version
+being 0, which we printed incorrectly.
+
+Resolve this problem by not printing the vddk_library_version entry in
+this case.
+
+Fixes: commit 8700649d147948897f3b97810a1dff37924bdd6e
+(cherry picked from commit a3fba12c3e9c2113009f556360ae0bd04c45f6bb)
+---
+ plugins/vddk/nbdkit-vddk-plugin.pod | 1 +
+ plugins/vddk/vddk.c                 | 9 ++++++++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/plugins/vddk/nbdkit-vddk-plugin.pod b/plugins/vddk/nbdkit-vddk-plugin.pod
+index 822b96be..c56faddc 100644
+--- a/plugins/vddk/nbdkit-vddk-plugin.pod
++++ b/plugins/vddk/nbdkit-vddk-plugin.pod
+@@ -420,6 +420,7 @@ by this build.
+ =item C<vddk_library_version=...>
+ 
+ The VDDK major library version: 5, 6, 7, ...
++If this is omitted it means the library could not be loaded.
+ 
+ =item C<vddk_dll=...>
+ 
+diff --git a/plugins/vddk/vddk.c b/plugins/vddk/vddk.c
+index 291283f4..96615749 100644
+--- a/plugins/vddk/vddk.c
++++ b/plugins/vddk/vddk.c
+@@ -482,7 +482,14 @@ vddk_dump_plugin (void)
+ 
+   printf ("vddk_default_libdir=%s\n", VDDK_LIBDIR);
+   printf ("vddk_has_nfchostport=1\n");
+-  printf ("vddk_library_version=%d\n", library_version);
++
++  /* Because load_library (false) we might not have loaded VDDK, in
++   * which case we didn't set library_version.  Note this cannot
++   * happen in the normal (non-debug-plugin) path because there we use
++   * load_library (true).
++   */
++  if (library_version > 0)
++    printf ("vddk_library_version=%d\n", library_version);
+ 
+ #if defined(HAVE_DLADDR)
+   /* It would be nice to print the version of VDDK from the shared
+-- 
+2.31.1
+

SOURCES/0007-vddk-Add-support-for-VDDK-8.0.0.patch

@@ -0,0 +1,53 @@
+From e850f65053d89ad54c27280f48506da5eb631a68 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Fri, 18 Nov 2022 09:43:19 +0000
+Subject: [PATCH] vddk: Add support for VDDK 8.0.0
+
+There are no changes in any of the structures or enums that we rely on.
+
+Reported-by: Ming Xie
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2143889
+(cherry picked from commit dbe12ed499baeea94d603db55cad9e971e0ebcf0)
+---
+ plugins/vddk/nbdkit-vddk-plugin.pod | 2 +-
+ plugins/vddk/vddk.c                 | 4 +++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/plugins/vddk/nbdkit-vddk-plugin.pod b/plugins/vddk/nbdkit-vddk-plugin.pod
+index c56faddc..c94c41eb 100644
+--- a/plugins/vddk/nbdkit-vddk-plugin.pod
++++ b/plugins/vddk/nbdkit-vddk-plugin.pod
+@@ -419,7 +419,7 @@ by this build.
+ 
+ =item C<vddk_library_version=...>
+ 
+-The VDDK major library version: 5, 6, 7, ...
++The VDDK major library version: 5, 6, 7, 8, ...
+ If this is omitted it means the library could not be loaded.
+ 
+ =item C<vddk_dll=...>
+diff --git a/plugins/vddk/vddk.c b/plugins/vddk/vddk.c
+index 96615749..2140789a 100644
+--- a/plugins/vddk/vddk.c
++++ b/plugins/vddk/vddk.c
+@@ -77,7 +77,7 @@ int vddk_debug_datapath = 1;
+ static void *dl;                           /* dlopen handle */
+ static bool init_called;                   /* was InitEx called */
+ static __thread int error_suppression;     /* threadlocal error suppression */
+-static int library_version;                /* VDDK major: 5, 6, 7, ... */
++static int library_version;                /* VDDK major: 5, 6, 7, 8, ... */
+ 
+ static enum { NONE = 0, ZLIB, FASTLZ, SKIPZ } compression; /* compression */
+ static char *config;                       /* config */
+@@ -309,6 +309,8 @@ load_library (bool load_error_is_fatal)
+      * but our testsuite is easier to write if we point libdir
+      * directly to a stub .so.
+      */
++    { "lib64/libvixDiskLib.so.8", 8 },
++    { "libvixDiskLib.so.8",       8 },
+     { "lib64/libvixDiskLib.so.7", 7 },
+     { "libvixDiskLib.so.7",       7 },
+     { "lib64/libvixDiskLib.so.6", 6 },
+-- 
+2.31.1
+

SOURCES/copy-patches.sh

@@ -6,7 +6,7 @@ set -e
 # directory.  Use it like this:
 #   ./copy-patches.sh
 
-rhel_version=10.1
+rhel_version=8.8
 
 # Check we're in the right directory.
 if [ ! -f nbdkit.spec ]; then

SOURCES/nbdkit-1.24.0.tar.gz.sig

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAl/3RBgRHHJpY2hAYW5u
+ZXhpYS5vcmcACgkQkXOPc+G3aKBIIRAAmgoGrmJ8aYO7z+kKgNFjd/p0QxRTZhS/
+ol59ojG6jIzN2x/C2PFbRmPB6HJTEg4anrDX04WrP6R+lID1RrH9pTFQabv0YDQC
+z49oeXAqINYHvAqgFUJCwlymd7BHEYUudLlK3yu7gQKxMM+J/2v0glpxrtLM7KlD
+vvSZkVfbvHlCWIbMWLWIaRHeoWZIXNOjsAp3uEWN2YgikDoxbXVKoh07JoQx5tJ5
+2U+a/zo4BQuRspjnhmWc252ZF/8d954/L8J+2mKvbRRf2iAmsqPgS+MNi7WKWO4K
+w7/urKn0osuOaArs5xYHJnApmJ9U88CzZpoHQkYhcGgnDOipW9ByJRzT41vVQPW5
+IluQODpZUuawWtRIwV/Eoi+LaV2gINAL48Afr02UFYj4gmYQ5TeayLP7NKRQO0VL
+jwL4Z3a0cDyUX4i1OArn2ll8THfiog38HfLb70AG1l3P1BVoVVBYWCYbs4xgC9IK
+LWkjPKuGXvkGVfZi0nCGdPTOoB1CqCXUvKHXm52FCHg12uJMrBQEivodBoCTbtl0
+fSjULQcfrovUEb4d/rDAX7EgJbFS+1jDnodaFHsmNToo3CqfkMBdhLkxG3XExwjy
+OOR34wZssjTLsLlWH/RPucWD25RDy1vdPBska9QvvO7W0p+aOtFbnttkTh5cqs45
+rHg/sDEiaLA=
+=OrsS
+-----END PGP SIGNATURE-----

gating.yaml

@@ -1,6 +0,0 @@
---- !Policy
-product_versions:
-  - rhel-*
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

nbdkit-find-provides

@@ -1,23 +0,0 @@
-#!/bin/bash -
-
-# Generate RPM provides automatically for nbdkit packages and filters.
-# Copyright (C) 2009-2022 Red Hat Inc.
-
-# To test:
-# find /usr/lib64/nbdkit/plugins | ./nbdkit-find-provides VER REL
-# find /usr/lib64/nbdkit/filters | ./nbdkit-find-provides VER REL
-
-ver="$1"
-rel="$2"
-
-function process_file
-{
-    if [[ $1 =~ /plugins/nbdkit-.*-plugin ]] ||
-       [[ $1 =~ /filters/nbdkit-.*-filter ]]; then
-        echo "Provides:" "$(basename $1 .so)" "=" "$ver-$rel"
-    fi
-}
-
-while read line; do
-    process_file "$line"
-done

nbdkit.attr

@@ -1,3 +0,0 @@
-%__nbdkit_provides %{_rpmconfigdir}/nbdkit-find-provides %{version} %{release}
-%__nbdkit_path     %{_libdir}/nbdkit/(plugins|filters)/nbdkit-.*-(plugin|filter)(\.so)?$
-%__nbdkit_flags    exeonly

nbdkit.fc

@@ -1,3 +0,0 @@
-/usr/sbin/nbdkit	 --    gen_context(system_u:object_r:nbdkit_exec_t,s0)
-
-/usr/lib/systemd/system/nbdkit.*	gen_context(system_u:object_r:nbdkit_unit_file_t,s0)

nbdkit.if

@@ -1,207 +0,0 @@
-## <summary>policy for nbdkit</summary>
-
-########################################
-## <summary>
-##    Execute nbdkit_exec_t in the nbdkit domain.
-## </summary>
-## <param name="domain">
-## <summary>
-##    Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`nbdkit_domtrans',`
-	gen_require(`
-		type nbdkit_t, nbdkit_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, nbdkit_exec_t, nbdkit_t)
-')
-
-######################################
-## <summary>
-##    Execute nbdkit in the caller domain.
-## </summary>
-## <param name="domain">
-##    <summary>
-##    Domain allowed access.
-##    </summary>
-## </param>
-#
-interface(`nbdkit_exec',`
-	gen_require(`
-		type nbdkit_exec_t;
-	')
-    
-	corecmd_search_bin($1)
-	can_exec($1, nbdkit_exec_t)
-')
-
-########################################
-## <summary>
-##    Execute nbdkit in the nbdkit domain, and
-##    allow the specified role the nbdkit domain.
-## </summary>
-## <param name="domain">
-##    <summary>
-##    Domain allowed to transition
-##    </summary>
-## </param>
-## <param name="role">
-##    <summary>
-##    The role to be allowed the nbdkit domain.
-##    </summary>
-## </param>
-#
-interface(`nbdkit_run',`
-	gen_require(`
-		type nbdkit_t;
-		attribute_role nbdkit_roles;
-	')
-
-	nbdkit_domtrans($1)
-	roleattribute $2 nbdkit_roles;
-')
-
-########################################
-## <summary>
-##    Role access for nbdkit
-## </summary>
-## <param name="role">
-##    <summary>
-##    Role allowed access
-##    </summary>
-## </param>
-## <param name="domain">
-##    <summary>
-##    User domain for the role
-##    </summary>
-## </param>
-#
-interface(`nbdkit_role',`
-	gen_require(`
-		type nbdkit_t;
-		attribute_role nbdkit_roles;
-	')
-
-	roleattribute $1 nbdkit_roles;
-
-	nbdkit_domtrans($2)
-
-	ps_process_pattern($2, nbdkit_t)
-	allow $2 nbdkit_t:process { signull signal sigkill };
-')
-
-########################################
-## <summary>
-##	Allow attempts to connect to nbdkit
-##	with a unix stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`nbdkit_stream_connect',`
-	gen_require(`
-		type nbdkit_t;
-	')
-
-	allow $1 nbdkit_t:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##      Allow nbdkit_exec_t to be an entrypoint
-##      of the specified domain
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-## <rolecap/>
-#
-interface(`nbdkit_entrypoint',`
-        gen_require(`
-                type nbdkit_exec_t;
-        ')
-        allow $1 nbdkit_exec_t:file entrypoint;
-')
-
-# ----------------------------------------------------------------------
-# RWMJ: See:
-# https://issues.redhat.com/browse/RHEL-5174?focusedId=23387259&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-23387259
-# Remove this when virt.if gets updated.
-
-########################################
-#
-# Interface compatibility blocks
-#
-# The following definitions ensure compatibility with distribution policy
-# versions that do not contain given interfaces (epel, or older Fedora
-# releases).
-# Each block tests for existence of given interface and defines it if needed.
-#
-
-########################################
-## <summary>
-##      Read and write to svirt_image dirs.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-ifndef(`virt_rw_svirt_image_dirs',`
-	interface(`virt_rw_svirt_image_dirs',`
-		gen_require(`
-			type svirt_image_t;
-		')
-
-		allow $1 svirt_image_t:dir rw_dir_perms;
-	')
-')
-
-########################################
-## <summary>
-##      Create svirt_image sock_files.
-## </summary>
-## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
-## </param>
-#
-ifndef(`virt_create_svirt_image_sock_files',`
-	interface(`virt_create_svirt_image_sock_files',`
-		gen_require(`
-			type svirt_image_t;
-		')
-
-		allow $1 svirt_image_t:sock_file create_sock_file_perms;
-	')
-')
-
-########################################
-## <summary>
-## 	Read and write virtlogd pipes.
-## </summary>
-## <param name="domain">
-## <summary>
-##      Domain allowed access.
-## </summary>
-## </param>
-#
-ifndef(`virtlogd_rw_pipes',`
-	interface(`virtlogd_rw_pipes',`
-	        gen_require(`
-	                type virtlogd_t;
-	        ')
-
-	        allow $1 virtlogd_t:fifo_file rw_fifo_file_perms;
-	')
-')

nbdkit.te

@@ -1,100 +0,0 @@
-policy_module(nbdkit, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-gen_require(`
-    type unconfined_t;
-')
-
-type nbdkit_t;
-type nbdkit_exec_t;
-application_domain(nbdkit_t, nbdkit_exec_t)
-mcs_constrained(nbdkit_t)
-role system_r types nbdkit_t;
-
-type nbdkit_home_t;
-userdom_user_home_content(nbdkit_home_t)
-
-type nbdkit_tmp_t;
-files_tmp_file(nbdkit_tmp_t)
-
-type nbdkit_unit_file_t;
-systemd_unit_file(nbdkit_unit_file_t)
-
-permissive nbdkit_t;
-
-########################################
-#
-# nbdkit local policy
-#
-allow nbdkit_t self:capability { setgid setuid };
-allow nbdkit_t self:fifo_file rw_fifo_file_perms;
-allow nbdkit_t self:netlink_route_socket rw_netlink_socket_perms;
-allow nbdkit_t self:process { fork setsockcreate signal_perms };
-allow nbdkit_t self:tcp_socket create_stream_socket_perms;
-allow nbdkit_t self:udp_socket create_socket_perms;
-
-manage_dirs_pattern(nbdkit_t, nbdkit_tmp_t, nbdkit_tmp_t)
-manage_files_pattern(nbdkit_t, nbdkit_tmp_t, nbdkit_tmp_t) 
-userdom_user_tmp_filetrans(nbdkit_t, nbdkit_tmp_t, { dir file })
-
-manage_dirs_pattern(nbdkit_t, nbdkit_home_t, nbdkit_home_t)
-manage_files_pattern(nbdkit_t, nbdkit_home_t, nbdkit_home_t) 
-userdom_user_home_dir_filetrans(nbdkit_t, nbdkit_home_t, { dir file })
-
-corenet_tcp_connect_http_port(nbdkit_t)
-corenet_tcp_connect_ssh_port(nbdkit_t)
-corenet_tcp_connect_tftp_port(nbdkit_t)
-corenet_tcp_bind_generic_port(nbdkit_t)
-corenet_tcp_bind_generic_node(nbdkit_t)
-
-domain_use_interactive_fds(nbdkit_t)
-
-files_read_etc_files(nbdkit_t)
-
-init_abstract_socket_activation(nbdkit_t)
-init_ioctl_stream_sockets(nbdkit_t)
-init_rw_stream_sockets(nbdkit_t)
-
-optional_policy(`
-	auth_use_nsswitch(nbdkit_t)
-')
-
-optional_policy(`
-	logging_send_syslog_msg(nbdkit_t)
-')
-
-optional_policy(`
-	miscfiles_read_localization(nbdkit_t)
-	miscfiles_read_generic_certs(nbdkit_t)
-')
-
-optional_policy(`
-	sysnet_dns_name_resolve(nbdkit_t)
-	sysnet_read_config(nbdkit_t)
-')
-
-optional_policy(`
-	userdom_read_user_home_content_files(nbdkit_t)
-	userdom_use_inherited_user_ptys(nbdkit_t)
-')
-
-optional_policy(`
-	virt_create_svirt_image_sock_files(nbdkit_t)
-	virt_read_qemu_pid_files(nbdkit_t)
-	virtlogd_rw_pipes(nbdkit_t)
-	virt_rw_svirt_image(nbdkit_t)
-	virt_rw_svirt_image_dirs(nbdkit_t)
-	virt_search_lib(nbdkit_t)
-	virt_stream_connect_svirt(nbdkit_t)
-')
-
-
-# FIXME: It would be nice to allow libvirt to transition nbdkit_exec_t to 
-# nbdkit_t when libvirtd was started manually from the commandline (i.e. in 
-# unconfined_t), but we don't want this transition to happen automatically 
-# when starting directly from the shell. I'm not sure how to achieve this...  
-#nbdkit_domtrans(unconfined_t, nbdkit_exec_t, nbdkit_t)

sources

@@ -1,2 +0,0 @@
-SHA512 (nbdkit-1.44.1.tar.gz) = 150a31ca7f64b76a4e4cc90d077e88531458f2766c0bb1f6f1ae23176d5c55a2e4dab61be58bd92b166e67fe70b67c9458a04d29978cbb1b89a6fa8ebca4617d
-SHA512 (nbdkit-1.44.1.tar.gz.sig) = b987c7cfc0cf4585f3db7c33a19a63ac24b5ea5cf10635c497d2780e70f121fcc82dda983a63ef8464b0c8550dd12811499fd171cf7b368ce1a7f0ddd9b60ae7

tests/basic-test.sh

@@ -1,6 +0,0 @@
-#!/bin/bash -
-set -e
-set -x
-
-# Run nbdkit and check that nbdinfo can connect back to it.
-nbdkit -U - memory 1G --run 'nbdinfo "$uri"'

tests/tests.yml

@@ -1,12 +0,0 @@
-- hosts: localhost
-  roles:
-  - role: standard-test-basic
-    tags:
-    - classic
-    required_packages:
-    - libnbd
-    - nbdkit
-    tests:
-    - simple:
-        dir: .
-        run: ./basic-test.sh