Sync from SUSE:SLFO:Main libnbd revision b51af95e7a5b33021ebf2926287d929a

2024-08-09 18:36:41 +02:00 · 2024-08-09 18:36:41 +02:00 · fb9f82446d
commit fb9f82446d
parent b189bc15ea
7 changed files with 103 additions and 92 deletions
--- a/4451e5b6-CVE-2023-5871.patch
+++ b/4451e5b6-CVE-2023-5871.patch
@ -1,82 +0,0 @@
-commit 4451e5b61ca07771ceef3e012223779e7a0c7701
-Author: Eric Blake <eblake@redhat.com>
-Date:   Mon Oct 30 12:50:53 2023 -0500
-
-    generator: Fix assertion in ext-mode BLOCK_STATUS, CVE-2023-5871
-    
-    Another round of fuzz testing revealed that when a server negotiates
-    extended headers and replies with a 64-bit flag value where the client
-    used the 32-bit API command, we were correctly flagging the server's
-    response as being an EOVERFLOW condition, but then immediately failing
-    in an assertion failure instead of reporting it to the application.
-    
-    The following one-byte change to qemu.git at commit fd9a38fd43 allows
-    the creation of an intentionally malicious server:
-    
-    | diff --git i/nbd/server.c w/nbd/server.c
-    | index 859c163d19f..32e1e771a95 100644
-    | --- i/nbd/server.c
-    | +++ w/nbd/server.c
-    | @@ -2178,7 +2178,7 @@ static void nbd_extent_array_convert_to_be(NBDExtentArray *ea)
-    |
-    |      for (i = 0; i < ea->count; i++) {
-    |          ea->extents[i].length = cpu_to_be64(ea->extents[i].length);
-    | -        ea->extents[i].flags = cpu_to_be64(ea->extents[i].flags);
-    | +        ea->extents[i].flags = ~cpu_to_be64(ea->extents[i].flags);
-    |      }
-    |  }
-    
-    and can then be detected with the following command line:
-    
-    $ nbdsh -c - <<\EOF
-    > def f(a,b,c,d):
-    >   pass
-    >
-    > h.connect_systemd_socket_activation(["/path/to/bad/qemu-nbd",
-    >   "-r", "-f", "raw", "TODO"])
-    > h.block_staus(h.get_size(), 0, f)
-    > EOF
-    nbdsh: generator/states-reply-chunk.c:626: enter_STATE_REPLY_CHUNK_REPLY_RECV_BS_ENTRIES: Assertion `(len | flags) <= UINT32_MAX' failed.
-    Aborted (core dumped)
-    
-    whereas a fixed libnbd will give:
-    
-    nbdsh: command line script failed: nbd_block_status: block-status: command failed: Value too large for defined data type
-    
-    We can either relax the assertion (by changing to 'assert ((len |
-    flags) <= UINT32_MAX || cmd->error)'), or intentionally truncate flags
-    to make the existing assertion reliable.  This patch goes with the
-    latter approach.
-    
-    Sadly, this crash is possible in all existing 1.18.x stable releases,
-    if they were built with assertions enabled (most distros do this by
-    default), meaning a malicious server has an easy way to cause a Denial
-    of Service attack by triggering the assertion failure in vulnerable
-    clients, so we have assigned this CVE-2023-5871.  Mitigating factors:
-    the crash only happens for a server that sends a 64-bit status block
-    reply (no known production servers do so; qemu 8.2 will be the first
-    known server to support extended headers, but it is not yet released);
-    and as usual, a client can use TLS to guarantee it is connecting only
-    to a known-safe server.  If libnbd is compiled without assertions,
-    there is no crash or other mistaken behavior; and when assertions are
-    enabled, the attacker cannot accomplish anything more than a denial of
-    service.
-    
-    Reported-by: Richard W.M. Jones <rjones@redhat.com>
-    Fixes: 20dadb0e10 ("generator: Prepare for extent64 callback", v1.17.4)
-    Signed-off-by: Eric Blake <eblake@redhat.com>
-    (cherry picked from commit 177308adb17e81fce7c0f2b2fcf655c5c0b6a4d6)
-    Signed-off-by: Eric Blake <eblake@redhat.com>
-
-Index: libnbd-1.18.1/generator/states-reply-chunk.c
-===================================================================
--- libnbd-1.18.1.orig/generator/states-reply-chunk.c
-+++ libnbd-1.18.1/generator/states-reply-chunk.c
-@@ -600,6 +600,7 @@ STATE_MACHINE {
-             break; /* Skip this and later extents; we already made progress */
-           /* Expose this extent as an error; we made no progress */
-           cmd->error = cmd->error ? : EOVERFLOW;
-+          flags = (uint32_t)flags;
-         }
-       }
- 
--- a/8
+++ b/8
@ -1,7 +1,7 @@
 <services>
-  <service name="tar_scm" mode="disabled">
+  <service name="tar_scm" mode="manual">
    <param name="filename">libnbd</param>
-    <param name="revision">v1.18.1</param>
+    <param name="revision">v1.18.5</param>
    <param name="scm">git</param>
    <param name="submodules">disable</param>
    <param name="url">https://gitlab.com/nbdkit/libnbd.git</param>
@ -10,9 +10,9 @@
    <param name="versionrewrite-replacement">\1</param>
    <param name="changesgenerate">enable</param>
  </service>
-  <service name="recompress" mode="disabled">
+  <service name="recompress" mode="manual">
    <param name="file">*.tar</param>
    <param name="compression">bz2</param>
  </service>
-  <service name="set_version" mode="disabled"/>
+  <service name="set_version" mode="manual"/>
 </services>
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://gitlab.com/nbdkit/libnbd.git</param>
-              <param name="changesrevision">ebadf0df2122edb99361c66f78ac1f90f1500f96</param></service></servicedata>
+              <param name="changesrevision">dcd1fc77f129cde770b8bf0a18ce23f72ed5c903</param></service></servicedata>
--- a/libnbd-1.18.1.tar.bz2
+++ b/libnbd-1.18.1.tar.bz2
--- a/libnbd-1.18.5.tar.bz2
+++ b/libnbd-1.18.5.tar.bz2
--- a/libnbd.changes
+++ b/libnbd.changes
@ -1,3 +1,97 @@
+-------------------------------------------------------------------
+Mon Aug 05 17:02:18 UTC 2024 - jfehlig@suse.com
+
+- Update to version 1.18.5:
+  * CVE-2024-7383 (bsc#1228872)
+  * Drop upstream patch 4451e5b6-CVE-2023-5871.patch
+  * Version 1.18.5.
+  * docs: security: Add link to TLS server certificate checking announcement
+  * lib/uri.c: Allow tls-verify-peer to be overridden in URIs
+  * interop: Test interop with a bad system CA
+  * interop: Add -DEXPECT_FAIL=1 where we expect the test to fail
+  * interop: Pass -DCERTS and -DPSK as strings
+  * lib/crypto.c: Allow CA verification even if h->hostname is not set
+  * lib/crypto.c: Check server certificate even when using system CA
+  * build: Move to minimum gnutls >= 3.5.18
+  * nbdfuse: Can't use ?tls-certificates or ?tls-psk-file
+  * ci: Fix MacOS builds
+  * tests: Fix CI on Fedora 40
+  * Include <stdint.h> in code which uses standard C int types
+  * common/include, ublk: Include <inttypes.h> in code which uses PRI* or SCN*
+  * Include <stdbool.h> in code which uses bool/true/false
+  * ublk/nbdublk.c: Include <errno.h>
+  * copy, lib, ublk: Include <assert.h> which was missing in a few places
+  * tests: Remove extra whitespace
+  * copy/copy-nbd-to-small-block-error.sh: Use different pidfiles
+  * copy: Use verbose nbdcopy in test
+  * copy: Fix "destination size is smaller than source size" error
+  * ci: refresh with latest 'lcitool manifest'
+  * ci: import lcitool project package list definitions
+  * podwrapper: nbd-server(1), nbd-client(8) are not local man pages
+  * Version 1.18.4.
+  * tests/connect-uri: Remove -DPIDFILE, generate it implicitly
+  * rust: Make the struct Cookie internal field fully public
+  * interop/block-status-64.c: Fix skip path under valgrind
+  * Revert "valgrind: Add suppression for liblzma bug"
+  * ocaml: Add ocamlfind -package to ocamldoc invocation
+  * info/can.c: Assert that 'can' variable is set
+  * info: Fix error message
+  * info: Add note that --can/--is/--has are synonyms
+  * info: Handle failure of call to file
+  * fuzzing: Add a comment that the libfuzzer test is unmaintained
+  * Version 1.18.3.
+  * tests/opt-info.c: Free string returned by nbd_get_export_name
+  * valgrind: Add suppression for liblzma bug
+  * info: Try harder to report contents from nbd-server
+  * copy: Add test for server without meta context support
+  * api: Fix nbd_can_meta_context for server that lacks meta contexts
+  * copy, info: Treat can_meta_context failures as unsupported
+  * configure: Copy bash-completions test from nbdkit
+  * podwrapper: Ignore check on older versions of Perl
+  * podwrapper: Allow = (POD directive) followed by bare URL
+  * podwrapper: Check for bare URLs and suggest replacement with L<> links
+  * podwrapper: Move long lines and cross-reference checks earlier
+  * tests: Missed another C test which didn't use NBDKIT
+  * tests: Use $NBDKIT instead of plain 'nbdkit'
+  * tests: Use 'source ./function.sh' consistently in this directory
+  * ocaml/tests: Add replacement for Bytes.set_int64_be
+  * ocaml/tests: Add explicit dependency on ocaml_test_config.cm{o,x}
+  * build: Define the minimum required version of OCaml as 4.05
+  * generator: Remove definition of sort_uniq
+  * configure: Annotate OCaml tests by version of OCaml
+  * ci: Skip certain deadlocking nbd-server tests on Alpine 3.19
+  * docs: Clarify description of block size constraints
+  * ocaml: tests: Compute srcdir centrally in Ocaml_test_config module
+  * ocaml: tests: Use @NBDKIT@ instead of hard coding nbdkit
+  * python: tests: Use $NBDKIT instead of hard coding nbdkit
+  * python: Various fixes to the Python tests and test wrapper
+  * tests: Use wait_for_pidfile instead of open-coded loops
+  * tests: Define NBD_SERVER in config.h and use it for requires tests
+  * tests: Define QEMU_NBD in config.h and use it for requires tests
+  * maint: Be more consistent about using ./configure-defined @NBDKIT@
+  * maint: Be more consistent about using ./configure-defined @QEMU_NBD@
+  * interop: Prefer exporting QEMU_STORAGE_DAEMON through tests/functions.sh
+  * interop: Use nbd-server FORCEDTLS mode
+  * interop: Test write, flush and zero operations
+  * interop: Add nbd-server flush flag
+  * interop: Remove -DNEEDS_TMPFILE
+  * maint: Use @LN_S@ autoconf macro in preference to writing out 'ln -s'
+  * tests: connect-uri: Choose random port for TCP connections at runtime
+  * tests: connect-uri: Change how Unix domain sockets are generated
+  * docs: Fix accidental double line in SECURITY file
+  * bash: Make nbdfuse and nbdublk installation conditional
+  * Version 1.18.2.
+  * ocaml: Nullify custom block before releasing runtime lock
+  * ocaml: Use Gc.finalize instead of a C finalizer
+  * ci: Update to latest lcitool
+  * rust: Avoid compiler warning about unused import
+  * docs: Mention CVE-2023-5871
+  * New mailing list archives
+  * fuzzing: We need to disable Rust bindings when building fuzzer version
+  * tests: Check behavior of nbd_set_strict_mode(STRICT_AUTO_FLAG)
+  * docs: Fix incorrect xref in libnbd-release-notes for 1.18
+  * generator: Fix assertion in ext-mode BLOCK_STATUS, CVE-2023-5871
+
 -------------------------------------------------------------------
 Mon Nov 13 21:15:40 UTC 2023 - James Fehlig <jfehlig@suse.com>

--- a/libnbd.spec
+++ b/libnbd.spec
@ -19,13 +19,12 @@
 %define sover 0

 Name:           libnbd
-Version:        1.18.1
+Version:        1.18.5
 Release:        0
 Summary:        NBD client library in userspace
 License:        LGPL-2.1-or-later
 URL:            https://gitlab.com/nbdkit/libnbd
 Source0:        %{name}-%{version}.tar.bz2
-Patch0:         4451e5b6-CVE-2023-5871.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  fdupes