.gitignore

@@ -1,2 +1,2 @@
 SOURCES/libguestfs.keyring
-SOURCES/nbdkit-1.24.0.tar.gz
+SOURCES/nbdkit-1.36.2.tar.gz

.nbdkit.metadata

@@ -1,2 +1,2 @@
-1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring
-069720cc0d1502b007652101d293a57d7b4d7c41 SOURCES/nbdkit-1.24.0.tar.gz
+cc1b37b9cfafa515aab3eefd345ecc59aac2ce7b SOURCES/libguestfs.keyring
+ca7c103dc96a65bfa5f6263bb5df8478f8038948 SOURCES/nbdkit-1.36.2.tar.gz

SOURCES/0001-cache-cow-Fix-data-corruption-in-zero-and-trim-on-un.patch

@@ -1,82 +0,0 @@
-From 99788909d9ec36e3210cf85976fe5b18da690ddd Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Wed, 4 Aug 2021 20:24:59 +0100
-Subject: [PATCH] cache, cow: Fix data corruption in zero and trim on unaligned
- tail
-
-Commit eb6009b092 ("cache, cow: Reduce use of bounce-buffer") first
-introduced in nbdkit 1.14 added an optimization of the
-read-modify-write mechanism used for unaligned heads and tails when
-zeroing in the cache layer.
-
-Unfortunately the part applied to the tail contained a mistake: It
-zeroes the end of the buffer rather than the beginning.  This causes
-data corruption when you use the zero or trim function with an offset
-and count which is not aligned to the block size.
-
-Although the bug has been around for years, a recent change made it
-more likely to happen.  Commit c1905b0a28 ("cache, cow: Use a 64K
-block size by default") increased the default block size from 4K to
-64K.  Most filesystems use a 4K block size so operations like fstrim
-will make 4K-aligned requests, and with a 4K block size also in the
-cache or cow filter the unaligned case would never have been hit
-before.
-
-We can demonstrate the bug simply by filling a buffer with data
-(100000 bytes in the example), and then trimming that data, which
-ought to zero it out.
-
-Before this commit there is data visible after the trim:
-
-$ nbdkit --filter=cow data "0x21 * 100000" --run 'nbdsh -u $uri -c "h.trim(100000, 0)" ; nbdcopy $uri - | hexdump -C'
-00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-*
-00018000  21 21 21 21 21 21 21 21  21 21 21 21 21 21 21 21  |!!!!!!!!!!!!!!!!|
-*
-000186a0
-
-After this commit the trim completely clears the data:
-
-$ nbdkit --filter=cow data "0x21 * 100000" --run 'nbdsh -u $uri -c "h.trim(100000, 0)" ; nbdcopy $uri - | hexdump -C'
-00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-*
-000186a0
-
-Thanks: Ming Xie for finding the bug
-Fixes: commit eb6009b092ae642ed25f133d487dd40ef7bf70f8
-(cherry picked from commit a0ae7b2158598ce48ac31706319007f716d01c87)
-(cherry picked from commit c0b15574647672cb5c48178333acdd07424692ef)
----
- filters/cache/cache.c | 2 +-
- filters/cow/cow.c     | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/filters/cache/cache.c b/filters/cache/cache.c
-index 91dcc43d..0616cc7b 100644
---- a/filters/cache/cache.c
-+++ b/filters/cache/cache.c
-@@ -493,7 +493,7 @@ cache_zero (struct nbdkit_next_ops *next_ops, void *nxdata,
-     ACQUIRE_LOCK_FOR_CURRENT_SCOPE (&lock);
-     r = blk_read (next_ops, nxdata, blknum, block, err);
-     if (r != -1) {
--      memset (&block[count], 0, blksize - count);
-+      memset (block, 0, count);
-       r = blk_write (next_ops, nxdata, blknum, block, flags, err);
-     }
-     if (r == -1)
-diff --git a/filters/cow/cow.c b/filters/cow/cow.c
-index 51ca64a4..1cfcc4e7 100644
---- a/filters/cow/cow.c
-+++ b/filters/cow/cow.c
-@@ -419,7 +419,7 @@ cow_zero (struct nbdkit_next_ops *next_ops, void *nxdata,
-     ACQUIRE_LOCK_FOR_CURRENT_SCOPE (&lock);
-     r = blk_read (next_ops, nxdata, blknum, block, err);
-     if (r != -1) {
--      memset (&block[count], 0, BLKSIZE - count);
-+      memset (block, 0, count);
-       r = blk_write (blknum, block, err);
-     }
-     if (r == -1)
--- 
-2.31.1
-

SOURCES/0001-configure-Fix-initialization-from-incompatible-point.patch

@@ -0,0 +1,44 @@
+From ac87babe2d1652e3f37715efe9f29ad6f16eb9df Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Mon, 4 Dec 2023 10:23:29 +0000
+Subject: [PATCH] configure: Fix initialization from incompatible pointer type
+
+With GCC 14:
+
+  configure:20816: checking if environ is declared in header files
+  configure:20833: gcc -c -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grec
+ord-gcc-switches -pipe -Wall -Werror=format-security
+-Werror=implicit-function-declaration -Werror=implicit-int
+-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS
+-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong
+-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64   -mtune=generic
+-fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
+-fno-omit-frame-pointer -mno-omit-leaf-frame-pointer   conftest.c >&5
+  conftest.c: In function 'test':
+  conftest.c:62:22: error: initialization of 'const char **' from incompatible p
+ointer type 'char **'
+     62 |   const char **env = environ;
+        |                      ^~~~~~~
+
+Thanks: Florian Weimer
+(cherry picked from commit 32a9ee6650654469cd591a3ae26842c54f898392)
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 3b12e357..beab4674 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -335,7 +335,7 @@ AC_LANG_SOURCE([[
+ static int
+ test (void)
+ {
+-  const char **env = environ;
++  char **env = environ;
+   return env ? 1 : 0; // this just forces env to be used
+ }
+ ]])
+-- 
+2.39.3
+

SOURCES/0002-file-Rework-documentation-for-dir-parameter.patch

@@ -0,0 +1,58 @@
+From 054798ca11b9f0b71fbad302edf66b52519f5aa2 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 14 Dec 2023 17:47:10 +0000
+Subject: [PATCH] file: Rework documentation for dir= parameter
+
+The existing documentation tended towards jargon and lacked examples.
+
+(cherry picked from commit 7cbd49ced6414e49fcf4ff1a967929a2b83ab44e)
+---
+ plugins/file/nbdkit-file-plugin.pod | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/plugins/file/nbdkit-file-plugin.pod b/plugins/file/nbdkit-file-plugin.pod
+index 857ad21e..e47eae97 100644
+--- a/plugins/file/nbdkit-file-plugin.pod
++++ b/plugins/file/nbdkit-file-plugin.pod
+@@ -64,13 +64,23 @@ symbolic links.  Other special files in the directory (such as
+ subdirectories, pipes, or Unix sockets) are ignored.
+ 
+ When this mode is used, the file to be served is chosen by the export
+-name passed by the client, where the client can request a list of
+-available exports using NBD_OPT_LIST.  A client that requests the
+-default export (C<"">) will be rejected.  However, you can use
+-L<nbdkit-exportname-filter(1)> to adjust what export names the client
+-sees or uses as a default.  For security, when using directory mode,
++name passed by the client.  For security, when using directory mode,
+ this plugin will not accept export names containing slash (C</>).
+ 
++To list exports, use L<nbdinfo(1)> I<--list> option, for example:
++
++ nbdinfo --list nbd://localhost
++
++An NBD client can request a list of available exports using
++C<NBD_OPT_LIST>.
++
++A client that requests the default export (C<"">) will be rejected.
++However, you can use L<nbdkit-exportname-filter(1)> to adjust what
++export names the client sees, and which one the client uses as a
++default.  For example to make F</dir/file> be the default export:
++
++ nbdkit file dir=/dir --filter=exportname default-export=file
++
+ =item B<dirfd=>FILE_DESCRIPTOR
+ 
+ (nbdkit E<ge> 1.34, not Windows)
+@@ -262,7 +272,8 @@ L<nbdkit-tmpdisk-plugin(1)>,
+ L<nbdkit-exportname-filter(1)>,
+ L<nbdkit-fua-filter(1)>,
+ L<nbdkit-luks-filter(1)>,
+-L<nbdkit-noextents-filter(1)>.
++L<nbdkit-noextents-filter(1)>,
++L<nbdinfo(1)>.
+ 
+ =head1 AUTHORS
+ 
+-- 
+2.39.3
+

SOURCES/0002-server-CVE-2021-3716-reset-structured-replies-on-sta.patch

@@ -1,94 +0,0 @@
-From 6b9d4380df9bd0be91f49aad8c4f47b4e672adde Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Mon, 16 Aug 2021 13:43:29 -0500
-Subject: [PATCH] server: CVE-2021-3716 reset structured replies on starttls
-
-https://nostarttls.secvuln.info/ pointed out a series of CVEs in
-common implementation flaw in various SMTP and IMAP clients and
-servers, all with a common thread of improperly caching plaintext
-state across the STARTTLS encryption boundary; and recommended that
-other protocols with a STARTTLS operation perform a similar audit.
-
-It turns out that nbdkit has the same vulnerability in regards to the
-NBD protocol: when nbdkit is run in opportunistic TLS mode, an
-attacker is able to inject a plaintext NBD_OPT_STRUCTURED_REPLY before
-proxying everything else a client sends to the server; if the server
-then acts on that plaintext request (as nbdkit did before this patch),
-then the server ends up sending structured replies to at least
-NBD_CMD_READ, even though the client was assuming that the transition
-to TLS has ruled out a MitM attack.
-
-On the bright side, nbdkit's behavior on a second
-NBD_OPT_STRUCTURED_REPLY was to still reply with success, so a client
-that always requests structured replies after starting TLS sees no
-difference in behavior (that is, qemu 2.12 and later are immune) (had
-nbdkit given an error to the second request, that may have caused
-confusion to more clients).  And there is always the mitigation of
-using --tls=require, which lets nbdkit reject the MitM message
-pre-encryption.  However, nbd-client 3.15 to the present do not
-understand structured replies, and I have confirmed that a MitM
-attacker can thus cause a denial-of-service attack that does not
-trigger until the client does its first encrypted NBD_CMD_READ.
-
-The NBD spec has been recently tightened to declare the nbdkit
-behavior to be a security hole:
-https://github.com/NetworkBlockDevice/nbd/commit/77e55378096aa
-Fixes: eaa4c6e9a2c4bd (server: Minimal implementation of NBD Structured Replies.)
-
-(cherry picked from commit 09a13dafb7bb3a38ab52eb5501cba786365ba7fd)
-(cherry picked from commit 6185b15a81e6915734d678f0781e31d45a7941a1)
----
- docs/nbdkit-security.pod             | 11 +++++++++--
- server/protocol-handshake-newstyle.c |  3 ++-
- 2 files changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/docs/nbdkit-security.pod b/docs/nbdkit-security.pod
-index 3a28e54d..5a4e6da8 100644
---- a/docs/nbdkit-security.pod
-+++ b/docs/nbdkit-security.pod
-@@ -10,7 +10,7 @@ For how to report new security issues, see the C<SECURITY> file in the
- top level source directory, also available online here:
- L<https://github.com/libguestfs/nbdkit/blob/master/SECURITY>
- 
--=head2 CVE-2019-14850 
-+=head2 CVE-2019-14850
- denial of service due to premature opening of back-end connection
- 
- See the full announcement and links to mitigation, tests and fixes
-@@ -26,6 +26,13 @@ See the full announcement and links to mitigation, tests and fixes
- here:
- https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html
- 
-+=head2 CVE-2021-3716
-+structured read denial of service attack against starttls
-+
-+See the full announcement and links to mitigation, tests and fixes
-+here:
-+https://www.redhat.com/archives/libguestfs/2021-August/msg00083.html
-+
- =head1 SEE ALSO
- 
- L<nbdkit(1)>.
-@@ -38,4 +45,4 @@ Richard W.M. Jones
- 
- =head1 COPYRIGHT
- 
--Copyright (C) 2013-2020 Red Hat Inc.
-+Copyright (C) 2013-2021 Red Hat Inc.
-diff --git a/server/protocol-handshake-newstyle.c b/server/protocol-handshake-newstyle.c
-index 0a76a814..b94950e2 100644
---- a/server/protocol-handshake-newstyle.c
-+++ b/server/protocol-handshake-newstyle.c
-@@ -495,7 +495,8 @@ negotiate_handshake_newstyle_options (void)
-           return -1;
-         conn->using_tls = true;
-         debug ("using TLS on this connection");
--        /* Wipe out any cached default export name. */
-+        /* Wipe out any cached state. */
-+        conn->structured_replies = false;
-         for_each_backend (b) {
-           struct handle *h = get_handle (conn, b->i);
-           free (h->default_exportname);
--- 
-2.31.1
-

SOURCES/0003-file-Fix-markup-when-referencing-dir-option-from-dir.patch

@@ -0,0 +1,28 @@
+From 596f97316e65c151741e6ee42893023f6e945c01 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Sat, 16 Dec 2023 18:08:37 +0000
+Subject: [PATCH] file: Fix markup when referencing dir= option from dirfd=
+ docs
+
+Fixes: commit dd28b005430d020ccd1825437937c317332d3007
+(cherry picked from commit 5b8c9c49cc352e9b0fba4dde9e0f57c53c9c2457)
+---
+ plugins/file/nbdkit-file-plugin.pod | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plugins/file/nbdkit-file-plugin.pod b/plugins/file/nbdkit-file-plugin.pod
+index e47eae97..5feb8ea9 100644
+--- a/plugins/file/nbdkit-file-plugin.pod
++++ b/plugins/file/nbdkit-file-plugin.pod
+@@ -85,7 +85,7 @@ default.  For example to make F</dir/file> be the default export:
+ 
+ (nbdkit E<ge> 1.34, not Windows)
+ 
+-This is like the I<dir> option, but instead of specifying the
++This is like the C<dir=> option, but instead of specifying the
+ directory by name, the parent process should open the directory and
+ pass this file descriptor by inheritance to nbdkit.
+ 
+-- 
+2.39.3
+

SOURCES/0003-server-reset-meta-context-replies-on-starttls.patch

@@ -1,40 +0,0 @@
-From add9b794b9dc697a1b52115c997fcfb6e06bf64c Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Mon, 16 Aug 2021 13:43:29 -0500
-Subject: [PATCH] server: reset meta context replies on starttls
-
-Related to CVE-2021-3716, but not as severe.  No compliant client will
-send NBD_CMD_BLOCK_STATUS unless it first negotiates
-NBD_OPT_SET_META_CONTEXT.  If an attacker injects a premature
-SET_META_CONTEXT, either the client will never notice (because it
-never uses BLOCK_STATUS), or the client will overwrite the attacker's
-attempt with the client's own SET_META_CONTEXT request after
-encryption is enabled.  So I don't class this as having the potential
-to trigger denial-of-service due to any protocol mismatch between
-compliant client and server (I don't care what happens with
-non-compliant clients).
-
-Fixes: 26455d45 (server: protocol: Implement Block Status "base:allocation".)
-(cherry picked from commit 6c5faac6a37077cf2366388a80862bb00616d0d8)
-(cherry picked from commit 814d8103fb4b581dc01dfd25d2cd81596576f211)
----
- server/protocol-handshake-newstyle.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/server/protocol-handshake-newstyle.c b/server/protocol-handshake-newstyle.c
-index b94950e2..eb0f3961 100644
---- a/server/protocol-handshake-newstyle.c
-+++ b/server/protocol-handshake-newstyle.c
-@@ -497,6 +497,9 @@ negotiate_handshake_newstyle_options (void)
-         debug ("using TLS on this connection");
-         /* Wipe out any cached state. */
-         conn->structured_replies = false;
-+        free (conn->exportname_from_set_meta_context);
-+        conn->exportname_from_set_meta_context = NULL;
-+        conn->meta_context_base_allocation = false;
-         for_each_backend (b) {
-           struct handle *h = get_handle (conn, b->i);
-           free (h->default_exportname);
--- 
-2.31.1
-

SOURCES/0004-cow-Fix-for-qemu-6.1-which-requires-backing-format.patch

@@ -1,59 +0,0 @@
-From 3c2879a38c299b725091cea45329879e3f46fc99 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Tue, 31 Aug 2021 11:23:27 +0100
-Subject: [PATCH] cow: Fix for qemu 6.1 which requires backing format
-
-The diffing example in the manual created a qcow2 file with a backing
-file but did not specify the backing format.  However qemu 6.1 now
-requires this and fails with:
-
-  qemu-img: cow-diff.qcow2: Backing file specified without backing format
-
-or:
-
-  qemu-img: Could not change the backing file to 'cow-base.img': backing format must be specified
-
-Fix the example by adding the -F option to the command line.
-
-Also there was a test of this rebasing sequence which failed, so this
-commit updates the test too.
-
-(cherry picked from commit 618290ef33ce13b75c1a79fea1f1ffb327b5ba07)
----
- filters/cow/nbdkit-cow-filter.pod | 4 ++--
- tests/test-cow.sh                 | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/filters/cow/nbdkit-cow-filter.pod b/filters/cow/nbdkit-cow-filter.pod
-index 4d5ae856..510bdd40 100644
---- a/filters/cow/nbdkit-cow-filter.pod
-+++ b/filters/cow/nbdkit-cow-filter.pod
-@@ -101,8 +101,8 @@ At the end, disconnect the client.
- Run these C<qemu-img> commands to construct a qcow2 file containing
- the differences:
- 
-- qemu-img create -f qcow2 -b nbd:localhost diff.qcow2
-- qemu-img rebase -b disk.img diff.qcow2
-+ qemu-img create -F raw -b nbd:localhost -f qcow2 diff.qcow2
-+ qemu-img rebase -F raw -b disk.img -f qcow2 diff.qcow2
- 
- F<diff.qcow2> now contains the differences between the base
- (F<disk.img>) and the changes stored in nbdkit-cow-filter.  C<nbdkit>
-diff --git a/tests/test-cow.sh b/tests/test-cow.sh
-index 8772afd7..edc4c223 100755
---- a/tests/test-cow.sh
-+++ b/tests/test-cow.sh
-@@ -72,8 +72,8 @@ fi
- # If we have qemu-img, try the hairy rebase operation documented
- # in the nbdkit-cow-filter manual.
- if qemu-img --version >/dev/null 2>&1; then
--    qemu-img create -f qcow2 -b nbd:unix:$sock cow-diff.qcow2
--    time qemu-img rebase -b cow-base.img cow-diff.qcow2
-+    qemu-img create -F raw -b nbd:unix:$sock -f qcow2 cow-diff.qcow2
-+    time qemu-img rebase -F raw -b cow-base.img -f qcow2 cow-diff.qcow2
-     qemu-img info cow-diff.qcow2
- 
-     # This checks the file we created exists.
--- 
-2.31.1
-

SOURCES/0004-file-Further-rework-documentation-of-dir-parameter.patch

@@ -0,0 +1,108 @@
+From 0d080223a8567a5ef673deb6ac49152fd67dd1b7 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Sat, 16 Dec 2023 18:03:13 +0000
+Subject: [PATCH] file: Further rework documentation of dir= parameter
+
+Move the documentation to a new section, allowing us to expand on this
+topic.  This also makes the HTML documentation linkable.
+
+Updates: commit 7cbd49ced6414e49fcf4ff1a967929a2b83ab44e
+(cherry picked from commit 74621ec608d0edd76c2d8de140e7d1d5626c8251)
+---
+ plugins/file/nbdkit-file-plugin.pod | 66 +++++++++++++++++++++--------
+ 1 file changed, 49 insertions(+), 17 deletions(-)
+
+diff --git a/plugins/file/nbdkit-file-plugin.pod b/plugins/file/nbdkit-file-plugin.pod
+index 5feb8ea9..de8fbeba 100644
+--- a/plugins/file/nbdkit-file-plugin.pod
++++ b/plugins/file/nbdkit-file-plugin.pod
+@@ -63,23 +63,7 @@ directory named C<DIRECTORY>, including those found by following
+ symbolic links.  Other special files in the directory (such as
+ subdirectories, pipes, or Unix sockets) are ignored.
+ 
+-When this mode is used, the file to be served is chosen by the export
+-name passed by the client.  For security, when using directory mode,
+-this plugin will not accept export names containing slash (C</>).
+-
+-To list exports, use L<nbdinfo(1)> I<--list> option, for example:
+-
+- nbdinfo --list nbd://localhost
+-
+-An NBD client can request a list of available exports using
+-C<NBD_OPT_LIST>.
+-
+-A client that requests the default export (C<"">) will be rejected.
+-However, you can use L<nbdkit-exportname-filter(1)> to adjust what
+-export names the client sees, and which one the client uses as a
+-default.  For example to make F</dir/file> be the default export:
+-
+- nbdkit file dir=/dir --filter=exportname default-export=file
++See L</Serving multiple files and block devices> below.
+ 
+ =item B<dirfd=>FILE_DESCRIPTOR
+ 
+@@ -89,6 +73,8 @@ This is like the C<dir=> option, but instead of specifying the
+ directory by name, the parent process should open the directory and
+ pass this file descriptor by inheritance to nbdkit.
+ 
++See L</Serving multiple files and block devices> below.
++
+ =item B<fadvise=normal>
+ 
+ =item B<fadvise=random>
+@@ -140,6 +126,52 @@ L<https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file#win32-devi
+ 
+ =head1 NOTES
+ 
++=head2 Serving multiple files and block devices
++
++Using C<dir=DIRECTORY> (or C<dirfd=DIRFD>) you can serve all regular
++files and block devices located directly inside the directory named
++C<DIRECTORY>, including those found by following symbolic links.
++Other special files in the directory (such as subdirectories, pipes,
++or Unix sockets) are ignored.
++
++When this mode is used, the file to be served is chosen by the export
++name passed by the client.  For security, when using directory mode,
++this plugin will not accept export names containing slash (C</>).
++
++For example:
++
++ $ ls -l /var/tmp/exports
++ total 0
++ -rw-r--r--. 1 rjones rjones 1048576 Dec 14 15:34 disk1
++ -rw-r--r--. 1 rjones rjones 2097152 Dec 14 15:34 disk2
++ lrwxrwxrwx. 1 rjones rjones       9 Dec 14 15:35 sda1 -> /dev/sda1
++ $ nbdkit file dir=/var/tmp/exports
++
++will serve three exports called C<"disk1">, C<"disk2"> and C<"sda1">.
++The first two are regular files and the last is a block device.  You
++can add or remove files or symbolic links from the directory while
++nbdkit is running.
++
++To list exports, use L<nbdinfo(1)> I<--list> option, for example:
++
++ $ nbdinfo --list nbd://localhost
++ protocol: newstyle-fixed without TLS, using structured packets
++ export="disk1":
++     export-size: 1048576 (1M)
++     uri: nbd://localhost:10809/disk1
++ [etc]
++
++An NBD client can request a list of available exports using
++C<NBD_OPT_LIST>.  For libnbd clients see nbd_opt_list(3).
++
++A client that requests the default export (C<"">) will be rejected.
++However, you can use L<nbdkit-exportname-filter(1)> to adjust the
++default export as well as other transformations of export names.  For
++example to make F</var/tmp/exports/disk1> be the default export:
++
++ nbdkit file dir=/var/tmp/exports \
++        --filter=exportname default-export=disk1
++
+ =head2 Optimizing for random or sequential access
+ 
+ If you know in advance that the NBD client will access the file
+-- 
+2.39.3
+

SOURCES/0005-exportname-Fix-markup-for-linking-to-other-man-pages.patch

@@ -0,0 +1,29 @@
+From c155987ee521c2d6a163d2814dc869ec1e89fd90 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Sat, 16 Dec 2023 18:32:50 +0000
+Subject: [PATCH] exportname: Fix markup for linking to other man pages
+
+Fixes: commit 7623b2cc45078cca88fdd2d96c70c7f82a0db49d
+(cherry picked from commit 6104f55f3851f3b82dc69f7e78c32e9c7a93dbc9)
+---
+ filters/exportname/nbdkit-exportname-filter.pod | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/filters/exportname/nbdkit-exportname-filter.pod b/filters/exportname/nbdkit-exportname-filter.pod
+index 1d69f7d4..f95a37be 100644
+--- a/filters/exportname/nbdkit-exportname-filter.pod
++++ b/filters/exportname/nbdkit-exportname-filter.pod
+@@ -10,8 +10,8 @@ nbdkit-exportname-filter - adjust export names between client and plugin
+ 
+ =head1 DESCRIPTION
+ 
+-Some plugins (such as C<nbdkit-file-plugin(1)> and filters (such as
+-C<nbdkit-ext2-filter(1)> are able to serve different content based on
++Some plugins (such as L<nbdkit-file-plugin(1)> and filters (such as
++L<nbdkit-ext2-filter(1)> are able to serve different content based on
+ the export name requested by the client.  The NBD protocol allows a
+ server to advertise the set of export names it is serving.  However,
+ the list advertised (or absent) from the plugin may not always match
+-- 
+2.39.3
+

SOURCES/0005-vddk-Include-VDDK-major-library-version-in-dump-plug.patch

@@ -1,141 +0,0 @@
-From 9e20e2696fdb68008c9b4f1c36298f813320e381 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Sat, 23 Oct 2021 16:16:39 +0100
-Subject: [PATCH] vddk: Include VDDK major library version in --dump-plugin
- output
-
-Although it doesn't seem to be possible to get the precise VDDK
-version, With a relatively simple change we can at least return the
-VDDK major version.  Currently this can be 5, 6 or 7.
-
-(cherry picked from commit 8700649d147948897f3b97810a1dff37924bdd6e)
----
- plugins/vddk/nbdkit-vddk-plugin.pod |  4 ++++
- plugins/vddk/vddk.c                 | 29 +++++++++++++++++++----------
- tests/test-vddk-real-dump-plugin.sh |  2 ++
- 3 files changed, 25 insertions(+), 10 deletions(-)
-
-diff --git a/plugins/vddk/nbdkit-vddk-plugin.pod b/plugins/vddk/nbdkit-vddk-plugin.pod
-index 8b14eda0..822b96be 100644
---- a/plugins/vddk/nbdkit-vddk-plugin.pod
-+++ b/plugins/vddk/nbdkit-vddk-plugin.pod
-@@ -417,6 +417,10 @@ at runtime.
- If this is printed then the C<nfchostport=PORT> parameter is supported
- by this build.
- 
-+=item C<vddk_library_version=...>
-+
-+The VDDK major library version: 5, 6, 7, ...
-+
- =item C<vddk_dll=...>
- 
- Prints the full path to the VDDK shared library.  Since this requires
-diff --git a/plugins/vddk/vddk.c b/plugins/vddk/vddk.c
-index 69193504..291283f4 100644
---- a/plugins/vddk/vddk.c
-+++ b/plugins/vddk/vddk.c
-@@ -77,6 +77,7 @@ int vddk_debug_datapath = 1;
- static void *dl;                           /* dlopen handle */
- static bool init_called;                   /* was InitEx called */
- static __thread int error_suppression;     /* threadlocal error suppression */
-+static int library_version;                /* VDDK major: 5, 6, 7, ... */
- 
- static enum { NONE = 0, ZLIB, FASTLZ, SKIPZ } compression; /* compression */
- static char *config;                       /* config */
-@@ -297,7 +298,10 @@ vddk_config (const char *key, const char *value)
- static void
- load_library (bool load_error_is_fatal)
- {
--  static const char *sonames[] = {
-+  static struct {
-+    const char *soname;
-+    int library_version;
-+  } libs[] = {
-     /* Prefer the newest library in case multiple exist.  Check two
-      * possible directories: the usual VDDK installation puts .so
-      * files in an arch-specific subdirectory of $libdir (our minimum
-@@ -305,12 +309,13 @@ load_library (bool load_error_is_fatal)
-      * but our testsuite is easier to write if we point libdir
-      * directly to a stub .so.
-      */
--    "lib64/libvixDiskLib.so.7",
--    "libvixDiskLib.so.7",
--    "lib64/libvixDiskLib.so.6",
--    "libvixDiskLib.so.6",
--    "lib64/libvixDiskLib.so.5",
--    "libvixDiskLib.so.5",
-+    { "lib64/libvixDiskLib.so.7", 7 },
-+    { "libvixDiskLib.so.7",       7 },
-+    { "lib64/libvixDiskLib.so.6", 6 },
-+    { "libvixDiskLib.so.6",       6 },
-+    { "lib64/libvixDiskLib.so.5", 5 },
-+    { "libvixDiskLib.so.5",       5 },
-+    { NULL }
-   };
-   size_t i;
-   CLEANUP_FREE char *orig_error = NULL;
-@@ -323,19 +328,20 @@ load_library (bool load_error_is_fatal)
-     }
-   }
- 
--  for (i = 0; i < sizeof sonames / sizeof sonames[0]; ++i) {
-+  for (i = 0; libs[i].soname != NULL; ++i) {
-     CLEANUP_FREE char *path;
- 
-     /* Set the full path so that dlopen will preferentially load the
-      * system libraries from the same directory.
-      */
--    if (asprintf (&path, "%s/%s", libdir, sonames[i]) == -1) {
-+    if (asprintf (&path, "%s/%s", libdir, libs[i].soname) == -1) {
-       nbdkit_error ("asprintf: %m");
-       exit (EXIT_FAILURE);
-     }
- 
-     dl = dlopen (path, RTLD_NOW);
-     if (dl != NULL) {
-+      library_version = libs[i].library_version;
-       /* Now that we found the library, ensure that LD_LIBRARY_PATH
-        * includes its directory for all future loads.  This may modify
-        * path in-place and/or re-exec nbdkit, but that's okay.
-@@ -356,10 +362,12 @@ load_library (bool load_error_is_fatal)
-                   "If '%s' is located on a non-standard path you may need to\n"
-                   "set libdir=/path/to/vmware-vix-disklib-distrib.\n\n"
-                   "See nbdkit-vddk-plugin(1) man page section \"LIBRARY LOCATION\" for details.",
--                  orig_error ? : "(unknown error)", sonames[0]);
-+                  orig_error ? : "(unknown error)", libs[0].soname);
-     exit (EXIT_FAILURE);
-   }
- 
-+  assert (library_version >= 5);
-+
-   /* Load symbols. */
- #define STUB(fn,ret,args)                                         \
-   do {                                                            \
-@@ -474,6 +482,7 @@ vddk_dump_plugin (void)
- 
-   printf ("vddk_default_libdir=%s\n", VDDK_LIBDIR);
-   printf ("vddk_has_nfchostport=1\n");
-+  printf ("vddk_library_version=%d\n", library_version);
- 
- #if defined(HAVE_DLADDR)
-   /* It would be nice to print the version of VDDK from the shared
-diff --git a/tests/test-vddk-real-dump-plugin.sh b/tests/test-vddk-real-dump-plugin.sh
-index 1479e416..59c79693 100755
---- a/tests/test-vddk-real-dump-plugin.sh
-+++ b/tests/test-vddk-real-dump-plugin.sh
-@@ -51,10 +51,12 @@ rm -f $files
- cleanup_fn rm -f $files
- 
- nbdkit -f -v vddk libdir="$vddkdir" --dump-plugin > $out
-+cat $out
- 
- # Check the vddk_* entries are set.
- grep ^vddk_default_libdir= $out
- grep ^vddk_has_nfchostport= $out
-+grep ^vddk_library_version= $out
- grep ^vddk_dll= $out
- 
- dll="$(grep ^vddk_dll $out | cut -d= -f2)"
--- 
-2.31.1
-

SOURCES/0006-partition-Don-t-call-nbdkit_error-twice-on-error-pat.patch

@@ -0,0 +1,30 @@
+From b8eb91e9102a2ae6cb96b0f2ffdb96b724cbb1b7 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Wed, 20 Dec 2023 10:38:27 +0000
+Subject: [PATCH] partition: Don't call nbdkit_error twice on error path
+
+Fixes: commit 7b9301a4c569456a4f96784229a2cd48e8957662
+(cherry picked from commit 036b178a4affd00b8bbdb6cb140e81b62f57a374)
+---
+ filters/partition/partition-gpt.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/filters/partition/partition-gpt.c b/filters/partition/partition-gpt.c
+index 80acddb4..930e2081 100644
+--- a/filters/partition/partition-gpt.c
++++ b/filters/partition/partition-gpt.c
+@@ -92,10 +92,8 @@ find_gpt_partition (nbdkit_next *next,
+   int err;
+ 
+   if (get_gpt_header (header_bytes,
+-                      &nr_partition_entries, &size_partition_entry) == -1) {
+-    nbdkit_error ("cannot support non-standard GPT header");
++                      &nr_partition_entries, &size_partition_entry) == -1)
+     return -1;
+-  }
+ 
+   if (partnum > nr_partition_entries) {
+     nbdkit_error ("GPT partition number out of range");
+-- 
+2.39.3
+

SOURCES/0006-vddk-Only-print-vddk_library_version-when-we-managed.patch

@@ -1,55 +0,0 @@
-From b8b376cf39d97c9f523a9867612126088b43c523 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Sat, 23 Oct 2021 19:50:52 +0100
-Subject: [PATCH] vddk: Only print vddk_library_version when we managed to load
- the library
-
-Because --dump-plugin calls load_library (false) it won't fail if we
-didn't manage to load the library.  This results in library_version
-being 0, which we printed incorrectly.
-
-Resolve this problem by not printing the vddk_library_version entry in
-this case.
-
-Fixes: commit 8700649d147948897f3b97810a1dff37924bdd6e
-(cherry picked from commit a3fba12c3e9c2113009f556360ae0bd04c45f6bb)
----
- plugins/vddk/nbdkit-vddk-plugin.pod | 1 +
- plugins/vddk/vddk.c                 | 9 ++++++++-
- 2 files changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/plugins/vddk/nbdkit-vddk-plugin.pod b/plugins/vddk/nbdkit-vddk-plugin.pod
-index 822b96be..c56faddc 100644
---- a/plugins/vddk/nbdkit-vddk-plugin.pod
-+++ b/plugins/vddk/nbdkit-vddk-plugin.pod
-@@ -420,6 +420,7 @@ by this build.
- =item C<vddk_library_version=...>
- 
- The VDDK major library version: 5, 6, 7, ...
-+If this is omitted it means the library could not be loaded.
- 
- =item C<vddk_dll=...>
- 
-diff --git a/plugins/vddk/vddk.c b/plugins/vddk/vddk.c
-index 291283f4..96615749 100644
---- a/plugins/vddk/vddk.c
-+++ b/plugins/vddk/vddk.c
-@@ -482,7 +482,14 @@ vddk_dump_plugin (void)
- 
-   printf ("vddk_default_libdir=%s\n", VDDK_LIBDIR);
-   printf ("vddk_has_nfchostport=1\n");
--  printf ("vddk_library_version=%d\n", library_version);
-+
-+  /* Because load_library (false) we might not have loaded VDDK, in
-+   * which case we didn't set library_version.  Note this cannot
-+   * happen in the normal (non-debug-plugin) path because there we use
-+   * load_library (true).
-+   */
-+  if (library_version > 0)
-+    printf ("vddk_library_version=%d\n", library_version);
- 
- #if defined(HAVE_DLADDR)
-   /* It would be nice to print the version of VDDK from the shared
--- 
-2.31.1
-

SOURCES/0007-partition-Suggest-alternate-partition-sectorsize.patch

@@ -0,0 +1,52 @@
+From 3b168aa842dc80a6d95b2c1ccb52a8ef664e7aba Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Wed, 20 Dec 2023 10:34:10 +0000
+Subject: [PATCH] partition: Suggest alternate partition-sectorsize
+
+When we reach this error it means that we have failed to detect the
+"EFI PART" signature (indicating GPT) and we've fallen back to parsing
+MBR, but in doing so we have discovered a GPT protective MBR which
+should only happen for GPT.  A possible cause for missing the
+signature was because we have the wrong sector size.
+
+Therefore check for the current sector size (which should be either
+512 or 4096) and suggest that the user sets the other sector size.
+
+Also avoids the case where the user already set partition-sectorsize=4k
+and we were suggesting that they set it again.
+
+Reported-by: Ming Xie
+Fixes: commit 7b9301a4c569456a4f96784229a2cd48e8957662
+Fixes: https://issues.redhat.com/browse/RHEL-19815
+(cherry picked from commit cd761c9bf770b23f678fd82f0d1c8d4cce2ed1b5)
+---
+ filters/partition/partition-mbr.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/filters/partition/partition-mbr.c b/filters/partition/partition-mbr.c
+index 3927c31f..6a81addb 100644
+--- a/filters/partition/partition-mbr.c
++++ b/filters/partition/partition-mbr.c
+@@ -87,9 +87,16 @@ find_mbr_partition (nbdkit_next *next,
+           !is_extended (partition.part_type_byte) &&
+           partnum == i+1) {
+         if (partition.part_type_byte == 0xEE) {
+-          nbdkit_error ("rejecting GPT protective entry from MBR, "
+-                        "if the underlying storage uses 4K sectors "
+-                        "try using partition-sectorsize=4k");
++          if (sector_size == 512)
++            nbdkit_error ("rejecting GPT protective entry from MBR, "
++                          "if the underlying storage uses 4K sectors "
++                          "try using partition-sectorsize=4k");
++          else if (sector_size == 4096)
++            nbdkit_error ("rejecting GPT protective entry from MBR, "
++                          "if the underlying storage uses 512 byte sectors "
++                          "try using partition-sectorsize=512");
++          else
++            nbdkit_error ("rejecting GPT protective entry from MBR");
+           return -1;
+         }
+         *offset_r = partition.start_sector * (int64_t) sector_size;
+-- 
+2.39.3
+

SOURCES/0007-vddk-Add-support-for-VDDK-8.0.0.patch

@@ -1,53 +0,0 @@
-From e850f65053d89ad54c27280f48506da5eb631a68 Mon Sep 17 00:00:00 2001
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Date: Fri, 18 Nov 2022 09:43:19 +0000
-Subject: [PATCH] vddk: Add support for VDDK 8.0.0
-
-There are no changes in any of the structures or enums that we rely on.
-
-Reported-by: Ming Xie
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2143889
-(cherry picked from commit dbe12ed499baeea94d603db55cad9e971e0ebcf0)
----
- plugins/vddk/nbdkit-vddk-plugin.pod | 2 +-
- plugins/vddk/vddk.c                 | 4 +++-
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/plugins/vddk/nbdkit-vddk-plugin.pod b/plugins/vddk/nbdkit-vddk-plugin.pod
-index c56faddc..c94c41eb 100644
---- a/plugins/vddk/nbdkit-vddk-plugin.pod
-+++ b/plugins/vddk/nbdkit-vddk-plugin.pod
-@@ -419,7 +419,7 @@ by this build.
- 
- =item C<vddk_library_version=...>
- 
--The VDDK major library version: 5, 6, 7, ...
-+The VDDK major library version: 5, 6, 7, 8, ...
- If this is omitted it means the library could not be loaded.
- 
- =item C<vddk_dll=...>
-diff --git a/plugins/vddk/vddk.c b/plugins/vddk/vddk.c
-index 96615749..2140789a 100644
---- a/plugins/vddk/vddk.c
-+++ b/plugins/vddk/vddk.c
-@@ -77,7 +77,7 @@ int vddk_debug_datapath = 1;
- static void *dl;                           /* dlopen handle */
- static bool init_called;                   /* was InitEx called */
- static __thread int error_suppression;     /* threadlocal error suppression */
--static int library_version;                /* VDDK major: 5, 6, 7, ... */
-+static int library_version;                /* VDDK major: 5, 6, 7, 8, ... */
- 
- static enum { NONE = 0, ZLIB, FASTLZ, SKIPZ } compression; /* compression */
- static char *config;                       /* config */
-@@ -309,6 +309,8 @@ load_library (bool load_error_is_fatal)
-      * but our testsuite is easier to write if we point libdir
-      * directly to a stub .so.
-      */
-+    { "lib64/libvixDiskLib.so.8", 8 },
-+    { "libvixDiskLib.so.8",       8 },
-     { "lib64/libvixDiskLib.so.7", 7 },
-     { "libvixDiskLib.so.7",       7 },
-     { "lib64/libvixDiskLib.so.6", 6 },
--- 
-2.31.1
-

SOURCES/copy-patches.sh

@@ -6,7 +6,7 @@ set -e
 # directory.  Use it like this:
 #   ./copy-patches.sh
 
-rhel_version=8.8
+rhel_version=9.4
 
 # Check we're in the right directory.
 if [ ! -f nbdkit.spec ]; then

SOURCES/nbdkit-1.24.0.tar.gz.sig

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAl/3RBgRHHJpY2hAYW5u
-ZXhpYS5vcmcACgkQkXOPc+G3aKBIIRAAmgoGrmJ8aYO7z+kKgNFjd/p0QxRTZhS/
-ol59ojG6jIzN2x/C2PFbRmPB6HJTEg4anrDX04WrP6R+lID1RrH9pTFQabv0YDQC
-z49oeXAqINYHvAqgFUJCwlymd7BHEYUudLlK3yu7gQKxMM+J/2v0glpxrtLM7KlD
-vvSZkVfbvHlCWIbMWLWIaRHeoWZIXNOjsAp3uEWN2YgikDoxbXVKoh07JoQx5tJ5
-2U+a/zo4BQuRspjnhmWc252ZF/8d954/L8J+2mKvbRRf2iAmsqPgS+MNi7WKWO4K
-w7/urKn0osuOaArs5xYHJnApmJ9U88CzZpoHQkYhcGgnDOipW9ByJRzT41vVQPW5
-IluQODpZUuawWtRIwV/Eoi+LaV2gINAL48Afr02UFYj4gmYQ5TeayLP7NKRQO0VL
-jwL4Z3a0cDyUX4i1OArn2ll8THfiog38HfLb70AG1l3P1BVoVVBYWCYbs4xgC9IK
-LWkjPKuGXvkGVfZi0nCGdPTOoB1CqCXUvKHXm52FCHg12uJMrBQEivodBoCTbtl0
-fSjULQcfrovUEb4d/rDAX7EgJbFS+1jDnodaFHsmNToo3CqfkMBdhLkxG3XExwjy
-OOR34wZssjTLsLlWH/RPucWD25RDy1vdPBska9QvvO7W0p+aOtFbnttkTh5cqs45
-rHg/sDEiaLA=
-=OrsS
------END PGP SIGNATURE-----

SOURCES/nbdkit-1.36.2.tar.gz.sig

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmVjGrARHHJpY2hAYW5u
+ZXhpYS5vcmcACgkQkXOPc+G3aKD2Kw/8CQVsyhgHBZ/73IRM7hskDVwidNJ9dgaZ
+5BSsgyr8DU0W3yEgwFGAOb7wzKaFBN5vewAiftBz5sDSbddo7b5kzci4Fm+t+G/5
+fE5FRzyj9mwOWvympcfdIwK9lDC+0Kr7lBq7WM8QjS4kG67Dxa9hXFKRxaIHjkY7
+HK2WLUEF8/GU7dE+2aj77CXOo2gwfttCaNdPEv2pqq0ox8TKajWfInsCZ4t7DxUq
+EoWTuDYlIMxLN8TSA71Am+8m8zmAZQ7WUr4cB3F8Y9EP8CljaFymI+sAv/EoeHTd
+At9ZrT4Pjx0eO47MrSliincxlFIkFB9Bo316NHQ0c8gjQLgLq3nkjGlmr0P5S/iI
+VMl4jVp8N2X0gXc78LQy1ARXGUD7IkCm2GePADZb4L8aSewXT6lT3UkONXToZuGE
+yXLOPKVnvlnRE4DHQnvDYrwZns2Xm0u+na2bFTJgRu1i+dVSCa2a+ON7s+I2g9OI
+jPAw/ps9PeNEi2F6shbJPskQCHZxZUKgrWPq4elPhFDFn1OPUBHeE/qwI5PhnpcC
+LL94qWsqI/iXplvcJQ28ioXrbZFygDWheoErMtzt2K36kMDRmCQo4vPf6O+Z3qsb
+9JfMLO0U7yjTI7+NJOrXa/aFAD+d0/twr177ox76kngbt7Bu+Thc7gEdncgC6w0B
+8gBSF4OZ0w0=
+=LFMp
+-----END PGP SIGNATURE-----

SOURCES/nbdkit-find-provides

@@ -0,0 +1,23 @@
+#!/bin/bash -
+
+# Generate RPM provides automatically for nbdkit packages and filters.
+# Copyright (C) 2009-2022 Red Hat Inc.
+
+# To test:
+# find /usr/lib64/nbdkit/plugins | ./nbdkit-find-provides VER REL
+# find /usr/lib64/nbdkit/filters | ./nbdkit-find-provides VER REL
+
+ver="$1"
+rel="$2"
+
+function process_file
+{
+    if [[ $1 =~ /plugins/nbdkit-.*-plugin ]] ||
+       [[ $1 =~ /filters/nbdkit-.*-filter ]]; then
+        echo "Provides:" "$(basename $1 .so)" "=" "$ver-$rel"
+    fi
+}
+
+while read line; do
+    process_file "$line"
+done

SOURCES/nbdkit.attr

@@ -0,0 +1,3 @@
+%__nbdkit_provides %{_rpmconfigdir}/nbdkit-find-provides %{version} %{release}
+%__nbdkit_path     %{_libdir}/nbdkit/(plugins|filters)/nbdkit-.*-(plugin|filter)(\.so)?$
+%__nbdkit_flags    exeonly