diff --git a/0001-server-reset-meta-context-replies-on-starttls.patch b/0001-server-reset-meta-context-replies-on-starttls.patch deleted file mode 100644 index 47ab2a6..0000000 --- a/0001-server-reset-meta-context-replies-on-starttls.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 6c5faac6a37077cf2366388a80862bb00616d0d8 Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Mon, 16 Aug 2021 13:43:29 -0500 -Subject: [nbdkit PATCH] server: reset meta context replies on starttls - -Related to CVE-2021-3716, but not as severe. No compliant client will -send NBD_CMD_BLOCK_STATUS unless it first negotiates -NBD_OPT_SET_META_CONTEXT. If an attacker injects a premature -SET_META_CONTEXT, either the client will never notice (because it -never uses BLOCK_STATUS), or the client will overwrite the attacker's -attempt with the client's own SET_META_CONTEXT request after -encryption is enabled. So I don't class this as having the potential -to trigger denial-of-service due to any protocol mismatch between -compliant client and server (I don't care what happens with -non-compliant clients). - -Fixes: 26455d45 (server: protocol: Implement Block Status "base:allocation".) ---- - server/protocol-handshake-newstyle.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/server/protocol-handshake-newstyle.c b/server/protocol-handshake-newstyle.c -index 7e6b7b1b..79b2c8ce 100644 ---- a/server/protocol-handshake-newstyle.c -+++ b/server/protocol-handshake-newstyle.c -@@ -497,6 +497,9 @@ negotiate_handshake_newstyle_options (void) - debug ("using TLS on this connection"); - /* Wipe out any cached state. */ - conn->structured_replies = false; -+ free (conn->exportname_from_set_meta_context); -+ conn->exportname_from_set_meta_context = NULL; -+ conn->meta_context_base_allocation = false; - for_each_backend (b) { - free (conn->default_exportname[b->i]); - conn->default_exportname[b->i] = NULL; --- -2.31.1 - diff --git a/nbdkit.spec b/nbdkit.spec index 73e3cbb..f7286f8 100644 --- a/nbdkit.spec +++ b/nbdkit.spec @@ -50,8 +50,8 @@ ExclusiveArch: x86_64 %global source_directory 1.27-development Name: nbdkit -Version: 1.27.7 -Release: 2%{?dist} +Version: 1.27.8 +Release: 1%{?dist} Summary: NBD server License: BSD @@ -72,9 +72,6 @@ Source2: libguestfs.keyring # Maintainer script which helps with handling patches. Source3: copy-patches.sh -# Fix SET_META_CONTEXT leaking state across STARTTLS -Patch1: 0001-server-reset-meta-context-replies-on-starttls.patch - BuildRequires: make %if 0%{patches_touch_autotools} BuildRequires: autoconf, automake, libtool @@ -1244,6 +1241,10 @@ export LIBGUESTFS_TRACE=1 %changelog +* Mon Aug 23 2021 Richard W.M. Jones - 1.27.8-1 +- New upstream development version 1.27.8. +- Remove patch which is included upstream. + * Thu Aug 19 2021 Eric Blake - 1.27.7-2 - Include followup patch related to CVE-2021-3716. diff --git a/sources b/sources index b9e609e..0a8762c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (nbdkit-1.27.7.tar.gz) = c772515dd0d1188136856fc103df75cf195c29935eec2f16b61035e9d28d4672a32b19a21cf679de874d61f1fb00e4e8ebe2925a8290d4ef05ef3868e538d035 -SHA512 (nbdkit-1.27.7.tar.gz.sig) = 03819e6b2c4131c48e396cebce3d61cd5e6b4162a059c5661703f2a2a68a8451567228583108a8bfac60a64bb2c5fef2fc181299b09cf8330bb376b3d506b238 +SHA512 (nbdkit-1.27.8.tar.gz) = 0cc03ca57c3732d5f1b34805070b7d9b805253e5fc1cd55dc89638537e1b52465128e27a59c9d46d8de0177cb24f25b4cdd9954a036cf72fc75d5c80c8a603cd +SHA512 (nbdkit-1.27.8.tar.gz.sig) = 72f2aba33dd95531cac60c7ce34513e9a12725c7546926c8ec663505e80c3a18fef7555da2b6b55bbd2d5e799c850c30b473fc270a6d8c5f211ff875b13bf1a4