From 362730c0698a64ef4370454b56aae2181b7ae056 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 18 2021 10:42:36 +0000 Subject: import libnbd-1.6.0-4.module+el8.6.0+12861+13975d62 --- diff --git a/.gitignore b/.gitignore index c060d61..2f4c71e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/libguestfs.keyring -SOURCES/libnbd-1.2.2.tar.gz +SOURCES/libnbd-1.6.0.tar.gz diff --git a/.libnbd.metadata b/.libnbd.metadata index 33fa200..bcedfd1 100644 --- a/.libnbd.metadata +++ b/.libnbd.metadata @@ -1,2 +1,2 @@ 1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring -68e213e85346cc7b9c390e2a4916c7b3f30345e1 SOURCES/libnbd-1.2.2.tar.gz +b14ac9349d324df71d26cf3de9fb606c56f18cb0 SOURCES/libnbd-1.6.0.tar.gz diff --git a/SOURCES/0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch b/SOURCES/0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch new file mode 100644 index 0000000..80626fa --- /dev/null +++ b/SOURCES/0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch @@ -0,0 +1,30 @@ +From 486799e853aa9df034366303230a1785087a507a Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Fri, 8 Jan 2021 12:14:18 +0000 +Subject: [PATCH] copy/copy-nbd-to-sparse-file.sh: Skip test unless nbdkit + available. + +This test used nbdkit without checking it is available, which broke +the test on RHEL 8 i686. + +Fixes: commit 28fe8d9d8d1ecb491070d20f22e2f34bb147f19f +(cherry picked from commit 781cb44b63a87f2d5f40590ab8c446ad2e7b6702) +--- + copy/copy-nbd-to-sparse-file.sh | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/copy/copy-nbd-to-sparse-file.sh b/copy/copy-nbd-to-sparse-file.sh +index aa2cb1b..47ff09a 100755 +--- a/copy/copy-nbd-to-sparse-file.sh ++++ b/copy/copy-nbd-to-sparse-file.sh +@@ -24,6 +24,7 @@ set -x + requires cmp --version + requires dd --version + requires dd oflag=seek_bytes +Date: Thu, 4 Feb 2021 17:57:06 +0000 +Subject: [PATCH] generator: Refactor CONNECT.START state. + +Small, neutral refactoring to the CONNECT.START to make the subsequent +commit easier. + +(cherry picked from commit cd231fd94bbfaacdd9b89e7d355ba2bbc83c2aeb) +--- + generator/states-connect.c | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + +diff --git a/generator/states-connect.c b/generator/states-connect.c +index 392879d..03b34c7 100644 +--- a/generator/states-connect.c ++++ b/generator/states-connect.c +@@ -47,11 +47,12 @@ disable_nagle (int sock) + + STATE_MACHINE { + CONNECT.START: +- int fd; ++ sa_family_t family; ++ int fd, r; + + assert (!h->sock); +- fd = socket (h->connaddr.ss_family, +- SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0); ++ family = h->connaddr.ss_family; ++ fd = socket (family, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0); + if (fd == -1) { + SET_NEXT_STATE (%.DEAD); + set_error (errno, "socket"); +@@ -65,14 +66,12 @@ STATE_MACHINE { + + disable_nagle (fd); + +- if (connect (fd, (struct sockaddr *) &h->connaddr, +- h->connaddrlen) == -1) { +- if (errno != EINPROGRESS) { +- SET_NEXT_STATE (%.DEAD); +- set_error (errno, "connect"); +- return 0; +- } +- } ++ r = connect (fd, (struct sockaddr *) &h->connaddr, h->connaddrlen); ++ if (r == 0 || (r == -1 && errno == EINPROGRESS)) ++ return 0; ++ assert (r == -1); ++ SET_NEXT_STATE (%.DEAD); ++ set_error (errno, "connect"); + return 0; + + CONNECT.CONNECTING: +-- +2.18.4 + diff --git a/SOURCES/0003-generator-Print-a-better-error-message-if-connect-2-.patch b/SOURCES/0003-generator-Print-a-better-error-message-if-connect-2-.patch new file mode 100644 index 0000000..071d901 --- /dev/null +++ b/SOURCES/0003-generator-Print-a-better-error-message-if-connect-2-.patch @@ -0,0 +1,48 @@ +From f094472efcf34cea8bf1f02a1c5c9442ffc4ca53 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Thu, 4 Feb 2021 18:02:46 +0000 +Subject: [PATCH] generator: Print a better error message if connect(2) returns + EAGAIN. + +The new error message is: + +nbd_connect_unix: connect: server backlog overflowed, see https://bugzilla.redhat.com/1925045: Resource temporarily unavailable + +Fixes: https://bugzilla.redhat.com/1925045 +Thanks: Xin Long, Lukas Doktor, Eric Blake +Reviewed-by: Martin Kletzander +(cherry picked from commit 85ed74960a658a82d7b61b0be07f43d1b2dcede9) +--- + generator/states-connect.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/generator/states-connect.c b/generator/states-connect.c +index 03b34c7..98c26e5 100644 +--- a/generator/states-connect.c ++++ b/generator/states-connect.c +@@ -70,6 +70,22 @@ STATE_MACHINE { + if (r == 0 || (r == -1 && errno == EINPROGRESS)) + return 0; + assert (r == -1); ++#ifdef __linux__ ++ if (errno == EAGAIN && family == AF_UNIX) { ++ /* This can happen on Linux when connecting to a Unix domain ++ * socket, if the server's backlog is full. Unfortunately there ++ * is nothing good we can do on the client side when this happens ++ * since any solution would involve sleeping or busy-waiting. The ++ * only solution is on the server side, increasing the backlog. ++ * But at least improve the error message. ++ * https://bugzilla.redhat.com/1925045 ++ */ ++ SET_NEXT_STATE (%.DEAD); ++ set_error (errno, "connect: server backlog overflowed, " ++ "see https://bugzilla.redhat.com/1925045"); ++ return 0; ++ } ++#endif + SET_NEXT_STATE (%.DEAD); + set_error (errno, "connect"); + return 0; +-- +2.18.4 + diff --git a/SOURCES/0004-opt_go-Tolerate-unplanned-server-death.patch b/SOURCES/0004-opt_go-Tolerate-unplanned-server-death.patch new file mode 100644 index 0000000..3cc5b76 --- /dev/null +++ b/SOURCES/0004-opt_go-Tolerate-unplanned-server-death.patch @@ -0,0 +1,59 @@ +From ffe8f0a994c1f2656aa011353b386663d32db69e Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Mon, 1 Mar 2021 15:25:31 -0600 +Subject: [PATCH] opt_go: Tolerate unplanned server death + +While debugging some experimental nbdkit code that was triggering an +assertion failure in nbdkit, I noticed a secondary failure of nbdsh +also dying from an assertion: + +libnbd: debug: nbdsh: nbd_opt_go: transition: NEWSTYLE.OPT_GO.SEND -> DEAD +libnbd: debug: nbdsh: nbd_opt_go: option queued, ignoring state machine failure +nbdsh: opt.c:86: nbd_unlocked_opt_go: Assertion `nbd_internal_is_state_negotiating (get_next_state (h))' failed. + +Although my trigger was from non-production nbdkit code, libnbd should +never die from an assertion failure merely because a server +disappeared at the wrong moment during an incomplete reply to +NBD_OPT_GO or NBD_OPT_INFO. If this is assigned a CVE, a followup +patch will add mention of it in docs/libnbd-security.pod. + +Fixes: bbf1c51392 (api: Give aio_opt_go a completion callback) +(cherry picked from commit fb4440de9cc76e9c14bd3ddf3333e78621f40ad0) +--- + lib/opt.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/lib/opt.c b/lib/opt.c +index 2317b72..e5802f4 100644 +--- a/lib/opt.c ++++ b/lib/opt.c +@@ -1,5 +1,5 @@ + /* NBD client library in userspace +- * Copyright (C) 2020 Red Hat Inc. ++ * Copyright (C) 2020-2021 Red Hat Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public +@@ -83,7 +83,8 @@ nbd_unlocked_opt_go (struct nbd_handle *h) + + r = wait_for_option (h); + if (r == 0 && err) { +- assert (nbd_internal_is_state_negotiating (get_next_state (h))); ++ assert (nbd_internal_is_state_negotiating (get_next_state (h)) || ++ nbd_internal_is_state_dead (get_next_state (h))); + set_error (err, "server replied with error to opt_go request"); + return -1; + } +@@ -105,7 +106,8 @@ nbd_unlocked_opt_info (struct nbd_handle *h) + + r = wait_for_option (h); + if (r == 0 && err) { +- assert (nbd_internal_is_state_negotiating (get_next_state (h))); ++ assert (nbd_internal_is_state_negotiating (get_next_state (h)) || ++ nbd_internal_is_state_dead (get_next_state (h))); + set_error (err, "server replied with error to opt_info request"); + return -1; + } +-- +2.18.4 + diff --git a/SOURCES/0005-security-Document-assignment-of-CVE-2021-20286.patch b/SOURCES/0005-security-Document-assignment-of-CVE-2021-20286.patch new file mode 100644 index 0000000..0969d47 --- /dev/null +++ b/SOURCES/0005-security-Document-assignment-of-CVE-2021-20286.patch @@ -0,0 +1,40 @@ +From 171ffdde8be590f784086a021a7e6f36c4ecdb4b Mon Sep 17 00:00:00 2001 +From: Eric Blake +Date: Fri, 12 Mar 2021 17:00:58 -0600 +Subject: [PATCH] security: Document assignment of CVE-2021-20286 + +Now that we finally have a CVE number, it's time to document +the problem (it's low severity, but still a denial of service). + +Fixes: fb4440de9cc7 (opt_go: Tolerate unplanned server death) +(cherry picked from commit 40308a005eaa6b2e8f98da8952d0c0cacc51efde) +--- + docs/libnbd-security.pod | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod +index d8ead87..0cae846 100644 +--- a/docs/libnbd-security.pod ++++ b/docs/libnbd-security.pod +@@ -22,6 +22,12 @@ L + See the full announcement here: + L + ++=head2 CVE-2021-20286 ++denial of service when using L ++ ++See the full announcement here: ++L ++ + =head1 SEE ALSO + + L. +@@ -34,4 +40,4 @@ Richard W.M. Jones + + =head1 COPYRIGHT + +-Copyright (C) 2019 Red Hat Inc. ++Copyright (C) 2019-2021 Red Hat Inc. +-- +2.18.4 + diff --git a/SOURCES/copy-patches.sh b/SOURCES/copy-patches.sh new file mode 100755 index 0000000..2ebd67d --- /dev/null +++ b/SOURCES/copy-patches.sh @@ -0,0 +1,55 @@ +#!/bin/bash - + +set -e + +# Maintainer script to copy patches from the git repo to the current +# directory. Use it like this: +# ./copy-patches.sh + +rhel_version=8.4 + +# Check we're in the right directory. +if [ ! -f libnbd.spec ]; then + echo "$0: run this from the directory containing 'libnbd.spec'" + exit 1 +fi + +git_checkout=$HOME/d/libnbd-rhel-$rhel_version +if [ ! -d $git_checkout ]; then + echo "$0: $git_checkout does not exist" + echo "This script is only for use by the maintainer when preparing a" + echo "libnbd release on RHEL." + exit 1 +fi + +# Get the base version of libnbd. +version=`grep '^Version:' libnbd.spec | awk '{print $2}'` +tag="v$version" + +# Remove any existing patches. +git rm -f [0-9]*.patch ||: +rm -f [0-9]*.patch + +# Get the patches. +(cd $git_checkout; rm -f [0-9]*.patch; git format-patch -N $tag) +mv $git_checkout/[0-9]*.patch . + +# Remove any not to be applied. +rm -f *NOT-FOR-RPM*.patch + +# Add the patches. +git add [0-9]*.patch + +# Print out the patch lines. +echo +echo "--- Copy the following text into libnbd.spec file" +echo + +echo "# Patches." +for f in [0-9]*.patch; do + n=`echo $f | awk -F- '{print $1}'` + echo "Patch$n: $f" +done + +echo +echo "--- End of text" diff --git a/SOURCES/libnbd-1.2.2.tar.gz.sig b/SOURCES/libnbd-1.2.2.tar.gz.sig deleted file mode 100644 index a353ae2..0000000 --- a/SOURCES/libnbd-1.2.2.tar.gz.sig +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAl46yJwRHHJpY2hAYW5u -ZXhpYS5vcmcACgkQkXOPc+G3aKBNsBAAi+GGHQZ/2VZ/LiqO+kc5hzAsbxfCUb6e -epLTmHry0sFdDFGeVwaYZxvnALu61nybMvaHsASW8FlWDbtgaqx6tUApgeV46oXb -yvT1EzmxR4+U8cwb9IEDRBjB1WWqYv+TYltljkV5nmO1DADOZr9AV5yRp872SWsP -oshiuuxwIw+ugQfXkyhUPgyO2FzjxntmWCjD13nQhDeD42UQUE+0mxAgXiGfsOj4 -eArCsa4Us/ZWpg9QkoXomzpN1xzMoTEQ9a+7PVTn54bfCCgThdodVN5rNxuNhSKU -yYHl6hUW1gnZaQ17FfqZrOcEFjvVnDYDlkoHF9Vp4AOTNMCd/w008NjKt+yR90WW -yeiJ21mRpkA/6pK5irHEBMFmk9cf/5IIhgF9Xtl5erqKYQu6W5NqXr4BCTdDS4BL -auHV+I8Dqi9IEH8bhZYxErS/eba6N6ZJWkwHqbdwtfZBBSqEcZXrTXviXw0BpCsy -lPGx2xXXmGPB5/BojOmFOEzfPMtiLsLrVW5DwlBoeT90kFEhi7+bGB5gJ24NxL1y -/2XcTxRhv79FMBdLx+6O7/js/tMrOxmKRkUcInU4rjOg+VGmwx6+LeJ2P0au8ufx -8Rvk7DHUF0ZazsbJ4IkL0XP4jWIgB2xMJqjIq+E2duLO+c1sDUBxoU43BgCLYUV9 -92Ap8fwsbvA= -=zo1m ------END PGP SIGNATURE----- diff --git a/SOURCES/libnbd-1.6.0.tar.gz.sig b/SOURCES/libnbd-1.6.0.tar.gz.sig new file mode 100644 index 0000000..fa6006d --- /dev/null +++ b/SOURCES/libnbd-1.6.0.tar.gz.sig @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAl/3RFQRHHJpY2hAYW5u +ZXhpYS5vcmcACgkQkXOPc+G3aKD9aw/+Pfg3owjJmhTcCyFvuH2lgiiBb+qL2An+ +hsoax6dM5JxzV6x1Ikgn3C8z2+dLRMowo2FrRgpzTwfaS+ngLDipSC04hKl9MhFN +7OPLCm+L7wcP7KUk4cC0qTSHpHkApo2SP3/bD7vVBYZMYSjgUVFcRoqZlRl3N9RF +7XNsxA2YG9bV4Ln3KbB+k2uxIKNUZIVjmEpretVbb+NTKW9C23ZHicSHYB+Eok1M +iTN6j66rYFn0Xb+L2v7jty19tSdYOMbkdSn0KpniURAWevjjVWGqcojMqW4YuAZ5 +h2MpRfyKFyusbsbtX5bjICTu6+AgFFUALKH7ReDs1RY1cEph9XdBLVulXTggxY05 +E3I1Nns1YmjRlV6ky2Abl2e+Doc44mycINRlwL2q8+Q3TqlVVPFXoVTWxIJ6/Uae +tqnEwWIa2wGv3KU1KLNbWTn1z6I8NM/Nj+7pMKDNnxJzFmHEjL94tmG+iNmHsF34 +vWBZ1q7h9EezxHLOPFYDjlpS+IxeuXakbpuTX2jXvi3zSAbr5WmRR1uO8dAiwu9b +RwOHRmVQOFLAAICYTZDmxl42DpWs5Z2aP7eRwpe8/MOSRiAVepjhUD/bsdaFwmBR +8Z7CGNzyTtt+sy5l7cPBYZ+4RdxWgFEBceBbHs06zdlD/Pui288UQVB/0e9AXYOc +wluyWT1v7sA= +=BaN1 +-----END PGP SIGNATURE----- diff --git a/SPECS/libnbd.spec b/SPECS/libnbd.spec index 0f8acb9..bd89320 100644 --- a/SPECS/libnbd.spec +++ b/SPECS/libnbd.spec @@ -5,11 +5,11 @@ %global patches_touch_autotools %{nil} # The source directory. -%global source_directory 1.2-stable +%global source_directory 1.6-stable Name: libnbd -Version: 1.2.2 -Release: 1%{?dist} +Version: 1.6.0 +Release: 4%{?dist} Summary: NBD client library in userspace License: LGPLv2+ @@ -22,6 +22,19 @@ Source1: http://libguestfs.org/download/libnbd/%{source_directory}/%{name # https://pgp.key-server.io/pks/lookup?search=rjones%40redhat.com&fingerprint=on&op=vindex Source2: libguestfs.keyring +# Maintainer script which helps with handling patches. +Source3: copy-patches.sh + +# Patches come from this upstream branch: +# https://github.com/libguestfs/libnbd/tree/rhel-8.4 + +# Patches. +Patch0001: 0001-copy-copy-nbd-to-sparse-file.sh-Skip-test-unless-nbd.patch +Patch0002: 0002-generator-Refactor-CONNECT.START-state.patch +Patch0003: 0003-generator-Print-a-better-error-message-if-connect-2-.patch +Patch0004: 0004-opt_go-Tolerate-unplanned-server-death.patch +Patch0005: 0005-security-Document-assignment-of-CVE-2021-20286.patch + %if 0%{patches_touch_autotools} BuildRequires: autoconf, automake, libtool %endif @@ -45,21 +58,32 @@ BuildRequires: python3-devel # For the OCaml bindings. BuildRequires: ocaml BuildRequires: ocaml-findlib-devel +BuildRequires: ocaml-ocamldoc # Only for building the examples. BuildRequires: glib2-devel +# For bash-completion. +BuildRequires: bash-completion + # Only for running the test suite. +BuildRequires: coreutils +BuildRequires: gcc-c++ BuildRequires: gnutls-utils +#BuildRequires: jq %ifnarch %{ix86} BuildRequires: nbdkit -#BuildRequires: nbdkit-memory-plugin -#BuildRequires: nbdkit-null-plugin -#BuildRequires: nbdkit-pattern-plugin -#BuildRequires: nbdkit-sh-plugin +BuildRequires: nbdkit-data-plugin +#BuildRequires: nbdkit-eval-plugin +BuildRequires: nbdkit-memory-plugin +BuildRequires: nbdkit-null-plugin +BuildRequires: nbdkit-pattern-plugin +BuildRequires: nbdkit-sh-plugin +#BuildRequires: nbdkit-sparse-random-plugin +#BuildRequires: nbd BuildRequires: qemu-img %endif -BuildRequires: gcc-c++ +BuildRequires: util-linux %description @@ -137,6 +161,20 @@ Requires: %{name}%{?_isa} = %{version}-%{release} This package contains FUSE support for %{name}. +%package bash-completion +Summary: Bash tab-completion for %{name} +BuildArch: noarch +Requires: bash-completion >= 2.0 +# Don't use _isa here because it's a noarch package. This dependency +# is just to ensure that the subpackage is updated along with libnbd. +Requires: %{name} = %{version}-%{release} + + +%description bash-completion +Install this package if you want intelligent bash tab-completion +for %{name}. + + %prep %if 0%{verify_tarball_signature} tmphome="$(mktemp -d)" @@ -155,7 +193,8 @@ autoreconf -i PYTHON=%{__python3} \ --enable-python \ --enable-ocaml \ - --enable-fuse + --enable-fuse \ + --disable-golang make %{?_smp_mflags} @@ -166,6 +205,9 @@ make %{?_smp_mflags} # Delete libtool crap. find $RPM_BUILD_ROOT -name '*.la' -delete +# Delete the golang man page since we're not distributing the bindings. +rm $RPM_BUILD_ROOT%{_mandir}/man3/libnbd-golang.3* + %check # interop/structured-read.sh fails with the old qemu-nbd in Fedora 29, @@ -185,6 +227,12 @@ for f in fuse/test-*.sh; do chmod +x $f done +# info/info-map-base-allocation-json.sh fails because of a bug in +# jq 1.5 in RHEL 8 (fixed in later versions). +rm info/info-map-base-allocation-json.sh +touch info/info-map-base-allocation-json.sh +chmod +x info/info-map-base-allocation-json.sh + make %{?_smp_mflags} check || { for f in $(find -name test-suite.log); do echo @@ -198,7 +246,11 @@ make %{?_smp_mflags} check || { %files %doc README %license COPYING.LIB +%{_bindir}/nbdcopy +%{_bindir}/nbdinfo %{_libdir}/libnbd.so.* +%{_mandir}/man1/nbdcopy.1* +%{_mandir}/man1/nbdinfo.1* %files devel @@ -231,6 +283,8 @@ make %{?_smp_mflags} check || { %{_libdir}/ocaml/nbd/*.cmx %{_libdir}/ocaml/nbd/*.mli %{_mandir}/man3/libnbd-ocaml.3* +%{_mandir}/man3/NBD.3* +%{_mandir}/man3/NBD.*.3* %files -n python3-%{name} @@ -247,7 +301,19 @@ make %{?_smp_mflags} check || { %{_mandir}/man1/nbdfuse.1* +%files bash-completion +%dir %{_datadir}/bash-completion/completions +%{_datadir}/bash-completion/completions/nbdcopy +%{_datadir}/bash-completion/completions/nbdfuse +%{_datadir}/bash-completion/completions/nbdinfo +%{_datadir}/bash-completion/completions/nbdsh + + %changelog +* Thu Sep 2 2021 Danilo C. L. de Paula - 1.6.0-4.el8 +- Resolves: bz#2000225 + (Rebase virt:rhel module:stream based on AV-8.6) + * Mon Jul 13 2020 Danilo C. L. de Paula - 1.2.2 - Resolves: bz#1844296 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)