diff -Nru nbd-3.15/ChangeLog nbd-3.15.1/ChangeLog --- nbd-3.15/ChangeLog 2016-12-19 22:44:20.000000000 +0000 +++ nbd-3.15.1/ChangeLog 1970-01-01 00:00:00.000000000 +0000 @@ -1,1434 +0,0 @@ -commit 045881397f745a12efc159fd0b2fe590228016c3 -Author: Wouter Verhelst -Date: Mon Dec 19 23:41:52 2016 +0100 - - Add the NBD_FLAG_CAN_MULTI_CONN flag, unless copyonwrite was selected - - Signed-off-by: Wouter Verhelst - -commit fdc3df5d5cdcc6770aac3da318a2317c47ec5dda -Author: Wouter Verhelst -Date: Mon Dec 19 23:19:14 2016 +0100 - - Don't use relative paths for certdir - -commit 5c479091bfc0f378fa15e89e9430641dbcf3aae6 -Author: Wouter Verhelst -Date: Mon Dec 19 23:09:35 2016 +0100 - - Ship the self-signed key and certificate, too - - Signed-off-by: Wouter Verhelst - -commit 6886c00df68996b436512d27afaa4c7bb547cc82 -Author: Wouter Verhelst -Date: Mon Dec 19 23:09:00 2016 +0100 - - Define certdir in a VPATH-compatible way - - Signed-off-by: Wouter Verhelst - -commit c6586bf58f6f1cb5161dadae0eda795b1f96ddeb -Author: Wouter Verhelst -Date: Mon Dec 19 19:27:17 2016 +0100 - - Add initial implementation of client certificate verification - - There are still a few things we should really be checking, but those are - less critical and can be done later. - - Signed-off-by: Wouter Verhelst - -commit dad33cc151273fe518447b8461fc880f22c14c31 -Author: Eric Blake -Date: Mon Dec 19 22:45:24 2016 +0100 - - Fix -d behaviour - - Since -d stops all sort of forking, we don't have a parent process to - talk to, so don't even try. - - Fixes: 7e901617 - Signed-off-by: Wouter Verhelst - -commit fcf2df42f62a3ab639e5336f8116ee68b57a2562 -Author: Wouter Verhelst -Date: Mon Dec 19 18:55:44 2016 +0100 - - Add self-signed (i.e., intentionally invalid) certificate for the tlswrongcert test - -commit 9759456c58009a4e88981eea354d01cb3c678c76 -Author: Wouter Verhelst -Date: Mon Dec 19 18:41:45 2016 +0100 - - Add missing -t option - -commit 36bf76f7a6f8a4a4c060b416cb8d9a3708e90c8c -Author: Alex Bligh -Date: Sat Dec 17 12:19:59 2016 +0000 - - WRITE_ZEROES is no longer an extension - - Signed-off-by: Alex Bligh - -commit cd344bd4f45c820926bc1e131ad8e15cfcee5cad -Author: Alex Bligh -Date: Sat Dec 17 12:04:45 2016 +0000 - - INFO extension does not define NBD_OPT_BLOCKSIZE - - (it uses NBD_INFO_BLOCKSIZE) - - Signed-off-by: Alex Bligh - -commit 21476f1553c2fadb36bbc29f14d1ffda56478c82 -Author: Alex Bligh -Date: Thu Dec 15 17:37:31 2016 +0000 - - nbd-server: Kill dead mainloop() - - Unused since commit 6c2d8511. Be the chainsaw mentioned in the comment :) - - Signed-off-by: Eric Blake - Signed-off-by: Alex Bligh - -commit b7ffc95bd05a139aeeee470a33b962fd9a9e1721 -Author: Alex Bligh -Date: Thu Dec 15 16:35:51 2016 +0000 - - write-zeroes: Fix doc typo prior to mainline merge - - Signed-off-by: Eric Blake - Signed-off-by: Alex Bligh - -commit 24be8b7c9fdaece02b2e76c4a7c006b1e2a4a7bf -Merge: a9c0af9 b9029eb -Author: Alex Bligh -Date: Thu Dec 15 09:40:33 2016 +0000 - - Merge branch 'master' into extension-write-zeroes - - Signed-off-by: Alex Bligh - -commit b9029ebff1a75c1c0dea8c2e53f871f02ed1b00b -Author: Alex Bligh -Date: Thu Dec 15 08:18:26 2016 +0000 - - Remove second include of unistd.h - - Signed-off-by: Alex Bligh - -commit 62dbc8f69ef10d3d779b9ec4f60e13b0766ea570 -Author: Alex Bligh -Date: Thu Dec 15 08:13:00 2016 +0000 - - Fix warning that would SEGV - - Signed-off-by: Alex Bligh - -commit 53a90021bcd9a2be2b121935839e1016de6f29c7 -Author: Wouter Verhelst -Date: Sun Nov 27 20:28:04 2016 +0100 - - Add BLOCK_STATUS flag - - Used by the extension of the same name. - - Signed-off-by: Wouter Verhelst - -commit e8e730c2292c574d876256f7d3c211f6205d3351 -Author: Wouter Verhelst -Date: Sun Nov 27 20:24:47 2016 +0100 - - Refer to the project rather than the user - - Since the canonical location is now in the NetworkBlockDevice - organisation rather than the yoe user, update URLs that we link to. - - Signed-off-by: Wouter Verhelst - -commit eb9e7946d35eb3572365251263906ff5b24bb838 -Author: Wouter Verhelst -Date: Tue Nov 22 18:23:53 2016 +0100 - - Make note about NBD_FLAG_CAN_MULTI_CONN - - Signed-off-by: Wouter Verhelst - -commit e02ca86cc7414cbbb85a1a73cece47e7573c7975 -Author: Wouter Verhelst -Date: Mon Nov 21 09:14:21 2016 +0100 - - Request (but do not require) a certificate - - If the client has a certificate, at least we can send it to them then, - that way. - - Signed-off-by: Wouter Verhelst - -commit b22c01d3d889b2f0eee4b3ec10edeb4cabf6b6bc -Author: Wouter Verhelst -Date: Mon Nov 21 09:13:33 2016 +0100 - - Add a "wrong certificate used" test - - We want to fail authentication when the certificate in use is one not - signed by the correct CA, so ensure that that happens. - - Signed-off-by: Wouter Verhelst - -commit be8fd20a2af8f9f9021537029d974859ac959181 -Author: Wouter Verhelst -Date: Sun Nov 20 21:21:50 2016 +0100 - - Re-add the SERVER_PRECEDENCE flag - - That's still a good idea, even if we require TLS1.2 - - Signed-off-by: Wouter Verhelst - -commit 12c9dd2486a8cda46b75ce4aff6d7755f7062ab2 -Author: Wouter Verhelst -Date: Sun Nov 20 21:19:03 2016 +0100 - - Swap hostname and tlshostname - - The "tlshostname" argument must match the CN attribute on the server's - certificate if we want SNI to work. Since that is set to "localhost", we - should make sure that the -H argument actually matches that, or this - test may fail (depending on GnuTLS version) - - Signed-off-by: Wouter Verhelst - -commit 771b90365cdb66150ec23c97c5bbb592f9d756af -Author: Wouter Verhelst -Date: Sun Nov 20 20:54:17 2016 +0100 - - Reorder tls initialization - - If we're going to check whether tlshostname != NULL, then make sure we - don't just always set it to !NULL the line before. - - Signed-off-by: Wouter Verhelst - -commit a57790cf49bcac165ecc1d7d28e9d91647b378d4 -Author: Wouter Verhelst -Date: Sun Nov 20 20:46:39 2016 +0100 - - Update priority string - - We want to disallow TLS <1.2, as per spec, so update the priority string - to do so. - - Signed-off-by: Wouter Verhelst - -commit 6ea2da41c6cf703266db988ed3b74b8766660f81 -Author: Wouter Verhelst -Date: Sun Nov 20 20:44:42 2016 +0100 - - Move DH initialization into the start of the program - - Initializing DH parameters takes a while (~1s on a 2.3GHz Intel Haswell - core i7). Rather than doing it once per connection, do it once per - nbd-server run. - - Signed-off-by: Wouter Verhelst - -commit 563f453e215eca0b24e05c46648d166d1e06e100 -Author: Wouter Verhelst -Date: Thu Nov 10 00:09:12 2016 +0100 - - Update HAVE_GNUTLS checks in nbd-tester-client, too - - Signed-off-by: Wouter Verhelst - -commit d4c38c958191d3db8f88024f24427974c1077eb4 -Author: Wouter Verhelst -Date: Thu Nov 10 00:07:53 2016 +0100 - - Improve TLS-related help output - - - Make it fit without 80 columns - - Add note about -x parameter, too - - Signed-off-by: Wouter Verhelst - -commit 5787482079e230f2f98639c803d8a49664dd1836 -Author: Wouter Verhelst -Date: Thu Nov 10 00:03:20 2016 +0100 - - Sigh - - Add the missing "x" - - Signed-off-by: Wouter Verhelst - -commit f5b6ab1efdcc7b5628d449c4a3ff928ce70e4ac0 -Author: Wouter Verhelst -Date: Wed Nov 9 23:57:47 2016 +0100 - - Fix check for HAVE_GNUTLS - - If we always define a variable (but simply set it to 0 sometimes), we - cannot use #ifdef but must use #if instead. - - Signed-off-by: Wouter Verhelst - -commit 88d33c6f5663f24e5d8e2577f0a12364036074e5 -Author: Wouter Verhelst -Date: Wed Nov 9 23:50:57 2016 +0100 - - Fix shell syntaxis - - The "test" command takes one or more arguments, which are then evaluated - in the shell before processing. An assignment results in an exit state, - which as far as test is concerned, is fine enough. - - Since we wrote "x$HAVE_GNUTLS=1", that would get expanded to "x0=1", - meaning, we were assigning the value 1 to the variable "x0", which meant - that "test" was seeing one argument rather than the three that we wanted - to give it, and so it was happy. - - Fix by adding the required spaces to make test see the equals sign and - perform the comparison. - - Shell is a horrible language. - - Signed-off-by: Wouter Verhelst - -commit 9cc03b4f046112a798c831834d3b14e56701d2c9 -Author: Wouter Verhelst -Date: Wed Nov 9 23:10:48 2016 +0100 - - Remove last reference to tls_dir option - - This option no longer exists, so we shouldn't reference it anymore. - - Signed-off-by: Wouter Verhelst - -commit ed1147c62b7e24bcc38225eeacedef86158d8b62 -Author: Alex Bligh -Date: Wed Nov 9 12:25:17 2016 +0000 - - Set GnuTLS 2.12.0 as the minimum version - - We now compile against GnuTLS 2.12.0 (probably an earlier version would work - too, but I don't have one right here to test against). - - Signed-off-by: Alex Bligh - -commit ad7a3cca8d6b5f3311cd195c133237aabafe1898 -Author: Alex Bligh -Date: Wed Nov 9 12:17:47 2016 +0000 - - gnutls_transport_set_int is only available for gnutls 3.1.9 or later - - gnutls_transport_set_int is only available for gnutls 3.1.9 or later so - on earlier versions use gnutls_transport_set_ptr with a cast, or more - accurately two casts (ugly), as that eliminates a warning about a cast - from an integer to a pointer of a different size. - - Signed-off-by: Alex Bligh - -commit f503c4ebd14f57f16f8107136b17a991cf955d32 -Author: Alex Bligh -Date: Wed Nov 9 12:06:38 2016 +0000 - - GNUTLS_SEC_PARAM_MEDIUM was previously called GNUTLS_SEC_PARAM_NORMAL - - Fix one compilation error on early GnuTLS thanks to their non-backwards - compatible API change. - - Signed-off-by: Alex Bligh - -commit b5342f66b4d36f2fca3492eb6b966207c6f8eba2 -Author: Alex Bligh -Date: Wed Nov 9 11:47:58 2016 +0000 - - Update crypto-gnutls.c to upstream - - Update crypto-gnutls.c to upstream to fix bug when GNU_TLS_E_AGAIN - is returned. See: - https://github.com/abligh/tlsproxy/issues/1 - - Signed-off-by: Alex Bligh - -commit 2b2756b048b0e11b8378ddbb449fcc7c82b32c99 -Author: Wouter Verhelst -Date: Wed Nov 9 00:36:21 2016 +0100 - - Fix defines again - - s/WITH_GNUTLS/HAVE_GNUTLS/g - - Signed-off-by: Wouter Verhelst - -commit a15507f5e914855205d7eab370e1bc853d7360bd -Author: Wouter Verhelst -Date: Wed Nov 9 00:27:25 2016 +0100 - - Allow anonymous TLS, too - - Certificate authentication is nice, but we shouldn't require it. - - Signed-off-by: Wouter Verhelst - -commit 2ac4a4979d2e875e494efa4055a671e83cd25018 -Author: Wouter Verhelst -Date: Wed Nov 9 00:27:02 2016 +0100 - - Document nbd-client options - - Signed-off-by: Wouter Verhelst - -commit 4b2555fbb897864afd43c3cc064f0e558d90c6ae -Author: Wouter Verhelst -Date: Wed Nov 9 00:24:54 2016 +0100 - - Remove hostname confusion - - Currently, there is a "hostname" argument (which specifies the server to - connect to, and which is not an option argument) and a '-hostname' - argument (which takes the hostname for SNI connectivity in the TLS - context). The two are only tangentially related, and it could be - confusing to have two "hostname" arguments. - - Rename the TLS-related one to tlshostname to clarify. - - Signed-off-by: Wouter Verhelst - -commit 1b8615852b623005e35aa4e50bc98b0572439497 -Author: Alex Bligh -Date: Tue Apr 12 14:18:27 2016 +0100 - - Add TLS support to NBD client - - Signed-off-by: Alex Bligh - (cherry picked from commit ad3ddfe14bce1c7fca8ab7205d210ab2e312aaac) - [wouter: fix conflict with multiple connections changes] - Signed-off-by: Wouter Verhelst - -commit 18ceafed9bf4d2070848711d4d9a90327ad88094 -Author: Alex Bligh -Date: Tue Apr 12 13:07:26 2016 +0100 - - Add options to nbd-client for TLS support - - Signed-off-by: Alex Bligh - (cherry picked from commit 40426ea76ab4c2c37ddda96e56f9145f53c531aa) - [wouter: make --certfile be -F rather than -C, which was already taken by --connections] - Signed-off-by: Wouter Verhelst - -commit 7317e855f5377e37be94ce2c6cc962e4ee229af5 -Author: Wouter Verhelst -Date: Tue Nov 8 21:01:46 2016 +0100 - - Reorder code - - No need to #endif out of the TLS code block if we're going to #ifdef it again - half a screen further down - - Signed-off-by: Wouter Verhelst - -commit 251866769312fd5fc9e4d5210e6e115d0ee1d603 -Author: Wouter Verhelst -Date: Tue Nov 8 20:34:56 2016 +0100 - - send_export_info(): use socket_write() - - This function was still using plain write() calls rather than socket_write() - ones. Fix. - - This makes nbd-server survive the TLS test suite. - - Signed-off-by: Wouter Verhelst - -commit 1816ba896bbe0201cb11d081f9527bafe3c9e88b -Author: Wouter Verhelst -Date: Tue Nov 8 19:50:01 2016 +0100 - - Fix logic error - - The combined check for tls-only exports with "is this the right export" - was failing. Additionally, it was complicated code. Rather than trying - to fix it, separate the two checks and use "continue" to move on to the - next export if the tls check fails. - - Signed-off-by: Wouter Verhelst - -commit b689690786569ad2ddcf3d1240dfc24142b75769 -Author: Wouter Verhelst -Date: Tue Nov 8 19:39:54 2016 +0100 - - Don't forget to read and check length of STARTTLS - - We forgot to read the "length" field of the STARTTLS command. - Additionally, we need to check that the length is in fact zero - (otherwise the STARTTLS command is invalid) - - Signed-off-by: Wouter Verhelst - -commit f33f5d2390ef07e5a4e582d05d1de21de1a1346c -Author: Wouter Verhelst -Date: Sat Nov 5 14:36:29 2016 +0100 - - Be a bit clearer on failure - - Saying "it wasn't NBD_REP_ACK isn't as useful as "I received foo while I - expected NBD_REP_ACK" for debugging. - - Signed-off-by: Wouter Verhelst - -commit 8bcf04543a39269a5f5d8aad0a02629ea204013e -Author: Wouter Verhelst -Date: Sat Nov 5 14:35:33 2016 +0100 - - Show some more information on why we failed - - When the handshake fails, it's useful to know why exactly it fails, so - produce an error message in that case. - - Signed-off-by: Wouter Verhelst - -commit fbebdc16f7c0ea753c2e0c9a115c2858fbd20ff1 -Author: Wouter Verhelst -Date: Sat Nov 5 14:34:42 2016 +0100 - - Don't dereference pointers that may be NULL - - There's a test for !client, but that is done after we try to dereference - it. That can't be right. - - Signed-off-by: Wouter Verhelst - -commit c0362143d27ed455a3bc4c330c676a3b4a24dde4 -Author: Wouter Verhelst -Date: Thu Nov 3 19:52:23 2016 +0100 - - Dereference the correct variable - - tlsdir no longer exists, so stop trying to read from it. - - Signed-off-by: Wouter Verhelst - -commit 7011116b2deddc5003da0a909bca26fc44397e15 -Author: Wouter Verhelst -Date: Thu Nov 3 19:50:14 2016 +0100 - - Update comment to sync with reality - - Signed-off-by: Wouter Verhelst - -commit aac312d425e5fd97391f75e7a1c247841bcf91aa -Author: Wouter Verhelst -Date: Thu Nov 3 19:49:31 2016 +0100 - - Fix AC_DEFINE usage - - Apparently AC_DEFINE does not expand shell variables, so we need to - place it inside an if structure. - - Signed-off-by: Wouter Verhelst - -commit 10fb1a964fb81cb479f10f1378f41dacfc8f297b -Author: Wouter Verhelst -Date: Sat Nov 5 14:41:25 2016 +0100 - - Log something on address family mismatch - - Currently, when we refuse to match an authorized_file entry for address - family mismatches, we don't say anything and instead just exit. That - works, but makes debugging harder. - - Add a log message, so that users can at least figure out why things - fail. - - Should help for github issue #35, although it's not a full fix. - - Signed-off-by: Wouter Verhelst - -commit 2152174451123ab12e00fc8511264a5b5f259ca0 -Author: Wouter Verhelst -Date: Thu Nov 3 19:28:58 2016 +0100 - - Add the set_nonblocking function - - Commit be34514f857d60b453bb12a8dca626ace1dc79a5 (which we don't want) - added the set_nonblocking() function to cliserv.c, which - 2a5a4f2058827279247641d2db326079b026ca15 added to nbd-tester-client. - - Add this now. - - Fixes: 2a5a4f2058827279247641d2db326079b026ca15 - Signed-off-by: Wouter Verhelst - -commit 02470c40d2f01c2eed8da4a17df2d1729678b53a -Author: Wouter Verhelst -Date: Thu Nov 3 19:24:55 2016 +0100 - - Use correct #ifdefs - - I forgot to update nbd-tester-client.c to check the correct #ifdefs - (HAVE_GNUTLS rather than WITH_GNUTLS). Fix. - - Fixes: 2a5a4f2058827279247641d2db326079b026ca15 - Signed-off-by: Wouter Verhelst - -commit 184fd13f6b3624a35adde1f4573519c8ffac2deb -Author: Wouter Verhelst -Date: Thu Nov 3 19:22:57 2016 +0100 - - Improve upon build system even further - - We botched the build system changes a bit, so fix them properly now. - - Signed-off-by: Wouter Verhelst - -commit 8dff595904b0f45c3667c23cf9f42fd94f35a83e -Author: Wouter Verhelst -Date: Thu Nov 3 19:20:07 2016 +0100 - - Make nbd-client -l work again - - We don't need to open an nbd device if all we're going to ask for is the - list of exports. - - Also, nbd-client -l is a valid thing to run even if you don't have - access to /dev/nbd* (which the test suite does, for instance), so don't - even try to open the device node unless we really need to. - - Fixes: 4e08f11ab9996d0c4a8c52d5acecf8b33890825f - Signed-off-by: Wouter Verhelst - -commit 2a5a4f2058827279247641d2db326079b026ca15 -Author: Alex Bligh -Date: Mon Apr 11 17:46:35 2016 +0100 - - Add TLS testing to nbd-tester-client.c - - This commit adds TLS testing to nbd-tester-client and 'make check'. - If TLS is not compiled in, then the test is skipped. - - Signed-off-by: Alex Bligh - (cherry picked from commit 48065afaa8dee3eda6221660200ac473becf5c0e) - [wouter: update to make it apply in the face of handshake test] - Signed-off-by: Wouter Verhelst - -commit 3123cbe4c32336520b53672c25be8bb68e246c2a -Author: Wouter Verhelst -Date: Thu Nov 3 19:02:41 2016 +0100 - - Clarify which group - - We specify the name of the group in an extra parameter, without actually - using it, which causes a compiler warning. While removing that extra - parameter would have fixed this, stating which group we're failing on is - actually useful information, so add that to the output. - - Signed-off-by: Wouter Verhelst - -commit 779e43a680e6ca80c177565bb38c293ff291973f -Author: Wouter Verhelst -Date: Thu Nov 3 19:02:08 2016 +0100 - - Use correct function - - strcmp doesn't take a length, but strncmp does - - Signed-off-by: Wouter Verhelst - -commit 896435c7676efd93646f24587dd0eb033c5bd9ad -Author: Wouter Verhelst -Date: Thu Nov 3 19:00:26 2016 +0100 - - Fix tls options - - Rather than specifying a single directory that contains all files, - specify the three options which we need by individual files. - - Based on commit e851a027fe889779c091233849797718a7ae3792, originally by - Alex Bligh , but significantly altered to make it also - remove my older stuff. - - Signed-off-by: Wouter Verhelst - -commit 91cbdfa8f16050494795299bab597593c7baedeb -Author: Alex Bligh -Date: Sun Apr 10 14:33:56 2016 +0100 - - Add GnuTLS infrastructure - - Add configure.ac section to detect GnuTLS - - Add buffer.[ch] and crypto-gnutls.[ch] from - https://github.com/abligh/tlsproxy - - Add Makefile.am changes to link these new files in - - Signed-off-by: Alex Bligh - (cherry picked from commit aac8f6afbaf982431b4b97c978c3d0156badbbe5) - [wouter: updated to cooperate with server-side GnuTLS support that already exists] - Signed-off-by: Wouter Verhelst - -commit 6a73e15efca75d30965e14a9e352d27fefce6f52 -Author: Wouter Verhelst -Date: Tue Nov 1 10:28:51 2016 +0100 - - doc: Allow NBD_OPT_ABORT in FORCEDTLS - - It does not make sense to disallow a soft disconnect when the client - cannot do TLS, so make that explicitly legal as well in the FORCEDTLS - situation. - - Signed-off-by: Wouter Verhelst - -commit 7bdccfe8f5430ea71677b3d040e4ab711889f049 -Author: Wouter Verhelst -Date: Mon Oct 31 03:03:28 2016 +0100 - - Allow setting the number of connections from the nbdtab file, too - - Signed-off-by: Wouter Verhelst - -commit 8773ea7f71babba6ab2a66ddbacd42cf692e08d0 -Author: Wouter Verhelst -Date: Mon Oct 31 02:54:36 2016 +0100 - - Document new options - - The last two patches introduced new command-line options for nbd-client - and new config file options for nbd-server, but did not document them. - Fix. - - Signed-off-by: Wouter Verhelst - -commit 4e08f11ab9996d0c4a8c52d5acecf8b33890825f -Author: Josef Bacik -Date: Thu Sep 8 12:30:27 2016 -0700 - - nbd-client: add support for multiple client connections - - Now that the kernel provides the ability to have multiple connections per NBD - device, provide an option for the user to specify how many connections to open - up. - - Signed-off-by: Josef Bacik - (cherry picked from commit 4eec891cd6cd25a420f3fe10b32cd9d561058572) - Signed-off-by: Wouter Verhelst - -commit 95df23896e42730563c26d703bc19ed92d2f2f78 -Author: Josef Bacik -Date: Tue Jul 5 14:53:20 2016 -0400 - - Add splice support - - Using splice can net a pretty big performance improvement. Add a per export - option to enable splice. Using splice will create a pipe for every write to - buffer our write buffer into, and will create a temporary pipe for reads to read - our data into and splice into our socket. - - Splice has a few limitations. We are limited to the in kernel pipe size for our - requests, so if any request exceeds those limits we'll fall back to normal - read/writes. Copyonwrite would add to the complexity by having multiple pipes - to deal with any diff files, so to avoid that we simply do not allow copyonwrite - coupled with splice. - - Signed-off-by: Josef Bacik - (cherry picked from commit 3135b8677efa31069e846d659398abf2e8827c67) - [wouter: modified to apply after STARTTLS patch, and to not trigger when TLS is active] - Signed-off-by: Wouter Verhelst - -commit 38d62cf88d89244441cb6ba70e7856e319f3f46e -Author: Wouter Verhelst -Date: Mon Oct 31 00:38:10 2016 +0100 - - Provide a success message for the handshake test - - All other tests produce a message upon successful completion of the - test, so make the handshake test follow suit. - - Signed-off-by: Wouter Verhelst - -commit bc66b4b5cd8e3a6ec9d5b05cc9ed153be485f560 -Author: Wouter Verhelst -Date: Mon Oct 31 00:37:06 2016 +0100 - - Move declaration to the right place - - A forward declaration that isn't actually a forward one is less than - helpful. - - Signed-off-by: Wouter Verhelst - -commit 68bce6d6777f8d055118e1be810b41874d8ca3e1 -Author: Eric Blake -Date: Wed Oct 19 19:48:15 2016 -0500 - - tests: Cover recent bug fixes - - Add a new test 'handshake' that intentionally provokes a server error - during option negotiation, before falling back to NBD_OPT_ABORT to - end negotiation, to prove that the server is correctly allowing a - client to fall back to known options; thus covering two recent bug - fixes for a server sending the wrong length in an error reply, and - for a server not reading enough data when replying to an unknown - command. - - Signed-off-by: Eric Blake - [reflowed in light of b8852465a] - Signed-off-by: Wouter Verhelst - -commit 7e901617ece470c26ae0e0159f1a2b466719cdf8 -Author: Wouter Verhelst -Date: Mon Oct 31 00:10:03 2016 +0100 - - Properly handle maxconnections - - The "maxconnections" setting considers connections to all exports, - rather than "just" the one where the "maxconnections" setting is set. - This is unexpected and not useful. - - Fix by creating a socketpair over which the child asks the parent - process whether a connection to the given export is allowed, rather than - doing the check in the client process. - - Closes github #35 - - Signed-off-by: Wouter Verhelst - -commit fa8808d75e4726bdf5eac5d47e3cf4790ef5aa3c -Author: Wouter Verhelst -Date: Fri Oct 21 13:51:55 2016 +0200 - - Add missing #endif - - Commit e8c8cdc removed the non-GnuTLS alternate implementation of - handle_starttls, but accidentally removed the #endif at the end, causing - failure to compile. - - Signed-off-by: Wouter Verhelst - -commit 500dd1c91a63bc5b89d11f8af2f7100a03a7c0e5 -Author: Wouter Verhelst -Date: Fri Oct 21 13:50:17 2016 +0200 - - EXTRA_DIST support/genver.sh - - Now that we pass '-I support' through ACLOCAL_AMFLAGS, the "support" - directory needs to actually exist for things to continue working. - Additionally, support/genver.sh needs to exist in non-git directories - for autoconf to do its thing. - - Ship genver.sh to kill both flies with one stone. - - Signed-off-by: Wouter Verhelst - -commit 5c59f15e0ac4a5c55624cf9591e964bf9b8915b9 -Author: Wouter Verhelst -Date: Fri Oct 21 10:20:05 2016 +0200 - - Don't forget the NBD_REP_ACK - - We're not allowed to start TLS negotiation until *after* we've sent an - ACK to the client. Do so. - - Signed-off-by: Wouter Verhelst - -commit e8c8cdc422162d442e51b6b2b0b2bd7c6bedfe19 -Author: Wouter Verhelst -Date: Fri Oct 21 10:18:05 2016 +0200 - - Send a proper error if GnuTLS was not compiled in - - Currently we just hung up, which is not cool (and not what the spec wants). - Instead, we should send NBD_REP_ERR_PLATFORM. - - Signed-off-by: Wouter Verhelst - -commit ba2892b290fc7ce748f03c6c96737cb105836dc5 -Author: Wouter Verhelst -Date: Fri Oct 21 10:16:44 2016 +0200 - - Don't forget the break - - After successfully negotiating TLS, we should read the next option, not - send NBD_REP_ERR_UNSUP (in the encrypted channel!) to the client... - - Signed-off-by: Wouter Verhelst - -commit 2ab3a2db94930b25bb685d6102e6d1435ebd73d4 -Author: Eric Blake -Date: Mon Oct 17 15:23:40 2016 -0500 - - server: Read client's TLS length data before next option - - Any client attempting to probe support for a new option, such as - NBD_OPT_STARTTLS or NBD_OPT_GO, with plans to do a graceful - fallback to older methods, will fail in its attempt if the server - does not consume the length field and potential payload of the - unrecognized (or rejected) option, because the server will then - be reading out of sync and not see the client's magic for the - next option. While it is true that sane clients are unlikely to - send more than one NBD_OPT_STARTTLS, and thus never trigger some - of the paths in this patch, it is still better to be robust for - all clients. - - Furthermore, even if the server requires TLS, and rejects all but - NBD_OPT_STARTTLS as the first valid option, it should still honor - NBD_OPT_ABORT. - - Signed-off-by: Eric Blake - Signed-off-by: Wouter Verhelst - -commit 381eca11157654de205d4401b157d0283a6231dc -Author: Eric Blake -Date: Mon Oct 17 15:23:38 2016 -0500 - - server: Read client's unknown option length before next option - - Any client attempting to probe support for a new option, such as - NBD_OPT_STARTTLS or NBD_OPT_GO, with plans to do a graceful - fallback to older methods, will fail in its attempt if the server - does not consume the length field and potential payload of the - unrecognized (or rejected) option, because the server will then - be reading out of sync and not see the client's magic for the - next option. This bug has been latent in the reference - server since commit 626c2a3 in 2012, even though it is EXACTLY - the bug that NBD_FLAG_FIXED_NEWSTYLE was designed to prevent. - - The only reason it has been buggy for so long is that it has - taken us this long to finally want to implement clients that use - a new option. - - This patch fixes only the portion of the server that has been - previously released, to make backports easier. The new code for - handling TLS also needs fixing, in the next patch. - - Signed-off-by: Eric Blake - Signed-off-by: Wouter Verhelst - -commit 1a315833ad51636e15a05b930c0318ef36003d25 -Author: Eric Blake -Date: Mon Oct 17 15:23:37 2016 -0500 - - server: Swap argument order in consume() - - The signature of consume() threw me off. Good design says that if - you are going to have paired parameters (buf and bufsize), you - generally want them adjacent, not separated by an unrelated parameter - (len). Move len to be first, adjusting all callers. - - Signed-off-by: Eric Blake - Signed-off-by: Wouter Verhelst - -commit 6201b7dea00afe226832693b6685e4ad793df2a8 -Author: Eric Blake -Date: Mon Oct 17 15:23:36 2016 -0500 - - server: Fix botched strlen computation of error message - - Commit 3b80382 tried to make it easy for the server to send an - error message whose length was determined by strlen(), but ended - up sending a length of UINT32_MAX, causing clients to either - hang up (reply too large) or wait for nearly 4G of data that was - never coming. - - Signed-off-by: Eric Blake - Signed-off-by: Wouter Verhelst - -commit 5ee6fb6e0fe02a6a3bcb365a80200b01db24d149 -Author: Wouter Verhelst -Date: Fri Oct 21 09:55:23 2016 +0200 - - Correct comment - - NBD_OPT_EXPORT_NAME cannot be issued before NBD_OPT_STARTTLS, period, - since it needs to be the final option. However, future versions of - nbd-server will support NBD_OPT_SELECT/NBD_OPT_GO, in which case this - *will* be necessary. - - Signed-off-by: Wouter Verhelst - -commit 8c52d38df45e5acfe9658c3e5a9090910c8f98e6 -Author: Wouter Verhelst -Date: Fri Oct 21 09:54:01 2016 +0200 - - Conditionally compile in GnuTLS - - ... so that we can still compile on platforms that don't have - GnuTLS >= 3.3 - - TODO: consider whether allowing an older version of GnuTLS is sensible. - - Signed-off-by: Wouter Verhelst - -commit 6a70923ef754a59fec52942d621099c128902233 -Author: Wouter Verhelst -Date: Fri Oct 21 09:51:35 2016 +0200 - - Set function pointers - - The client->socket_read and client->socket_write function pointers need - to be changed after we negotiated TLS. Forgetting this means we - negotiate TLS successfully, and then try to continue to communicate in - cleartext... - - Signed-off-by: Wouter Verhelst - -commit 4e8ae317be5a51d58d8879a99ecf632aa84c552c -Author: Wouter Verhelst -Date: Fri Oct 21 09:50:58 2016 +0200 - - Fix memory leak - - If we don't need the session, we need to deallocate after deiniting it. - - Signed-off-by: Wouter Verhelst - -commit 2a6767ce5805edb9f8ecbbcbe458839aaeb8c575 -Author: Eric Blake -Date: Thu Oct 20 14:05:52 2016 -0500 - - build: Ignore copied file during in-tree build - - Commit b885246 creates a symlink to work around an automake weakness, - but forgot to ignore the link when doing an in-tree build. - - Signed-off-by: Eric Blake - Signed-off-by: Wouter Verhelst - -commit b8852465a15c928e0000c43c571a22b4a4152906 -Author: Eric Blake -Date: Wed Oct 19 14:37:15 2016 -0500 - - build: Silence autogen.sh warnings - - Starting from a fresh git checkout, running ./autogen.sh gives a - couple of warnings on my Fedora 24 build tools, one from libtool: - - libtoolize: Consider adding '-I support' to ACLOCAL_AMFLAGS in Makefile.am. - - and one from automake: - - tests/run/Makefile.am:4: warning: source file '$(top_srcdir)/cliserv.c' is in a subdirectory, - tests/run/Makefile.am:4: but option 'subdir-objects' is disabled - automake: warning: possible forward-incompatibility. - automake: At least a source file is in a subdirectory, but the 'subdir-objects' - automake: automake option hasn't been enabled. For now, the corresponding output - automake: object file(s) will be placed in the top-level directory. However, - automake: this behaviour will change in future Automake versions: they will - automake: unconditionally cause object files to be placed in the same subdirectory - automake: of the corresponding sources. - automake: You are advised to start using 'subdir-objects' option throughout your - automake: project, to avoid future incompatibilities. - - Following the advice almost works, except that automake 1.15 still - has a nasty bug (https://debbugs.gnu.org/cgi/bugreport.cgi?bug=13928) - where use of $(foo) in a _SOURCES variable coupled with subdir-objects - creates a directory with a literal name $(foo) rather than the intended - name. And while open-coding it (using ../../ instead of $(top_srcdir)/) - works around the problem of bad naming in automake 1.15, it fails for - automake 1.11 (hello CentOS 6), due to the order in which .deps files - are erased vs. included in makefiles. The solution that works across - all automake versions is to only stick files in _SOURCES that do not - live outside of the subtree. Note that we only need to copy cliserv.c - into the tests/run directory; automakes handling of dependencies will - still rebuild against .h file changes even without listing the .h files - or copying them locally. - - I also noticed that the build was already leaving behind an untracked - manpage.log file, in addition to the new .dirstamp witness file created - by our new use of subdir-objects. - - This patch has been tested with 'make distcheck' across multiple - automake and libtool versions, ranging from CentOS 6 vintage to current - git toolchains. - - Signed-off-by: Eric Blake - Signed-off-by: Wouter Verhelst - -commit a441594cc330ddba9c2cb79594a2fb3c69c05abb -Author: Eric Blake -Date: Wed Oct 19 14:37:14 2016 -0500 - - build: Distribute netdb-compat.h without relying on tests - - nbd-server depends on netdb-compat.h; however, we were only - including it in the tarball as a side effect of it also being - used by the testsuite. Make the dependency explicit. - - Signed-off-by: Eric Blake - Signed-off-by: Wouter Verhelst - -commit 03b47fe6646a870859b8fbc9903dc9aa64cd1b70 -Author: Eric Blake -Date: Thu Oct 20 09:22:06 2016 -0500 - - maint: Let emacs know our preferred style - - Teach emacs that this entire source tree uses Linux style - indentation (8-space indents, but with hard TAB character - instead of spaces). Without this hint, the default emacs - C style tries to use 2-space indentation, making it a pain - to edit correctly when automatic formatting is enabled. - - Signed-off-by: Eric Blake - Signed-off-by: Wouter Verhelst - -commit f89d1c07e2a732bac8481d875f8d0599d0072767 -Author: Wouter Verhelst -Date: Tue Oct 11 20:47:29 2016 +0200 - - Improve string - - Signed-off-by: Wouter Verhelst - -commit 12773c9c3be249f6374a77f80de86e19de84522a -Author: Wouter Verhelst -Date: Tue Oct 11 20:47:04 2016 +0200 - - Rename the goto label to clarify that we're dealing with a hard close here - - Signed-off-by: Wouter Verhelst - -commit 293371004400ed26e0d13820ed3365691a91427f -Author: Wouter Verhelst -Date: Tue Oct 11 20:46:47 2016 +0200 - - Don't send an option reply to OPT_EXPORT_NAME - - Signed-off-by: Wouter Verhelst - -commit 052e20dd472dabf867302295a0d62e94633d68f4 -Author: Wouter Verhelst -Date: Tue Oct 11 20:39:54 2016 +0200 - - Silence compiler warning - - size.c: In function ‘main’: - size.c:12:2: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Wunused-result] - write(fd, filename, 1); - - We don't actually care (if write fails, the size detection will also - fail, so the test will fail), but it doesn't hurt to be somewhat more - explicit. - - Signed-off-by: Wouter Verhelst - -commit 1bcc54eb5954585e6e136d0f2530c7a8f3887a6a -Author: Wouter Verhelst -Date: Tue Oct 11 02:10:56 2016 +0200 - - Whitespace fix - - Signed-off-by: Wouter Verhelst - -commit cbe48a8bb7f92beb1096e115b11e57482c653d02 -Author: Wouter Verhelst -Date: Tue Oct 11 02:08:46 2016 +0200 - - Don't change socket options after negotiation - - Now that we may negotiate TLS in the negotiation function, manually - touching the socket after setting up the GnuTLS context is no longer a - good idea. - - Move the functions that change socket options so they are called before - negotiate(). - - Signed-off-by: Wouter Verhelst - -commit a2b353b51717ee0cf1e179ca7055c18d21fe5f53 -Author: Wouter Verhelst -Date: Tue Oct 11 02:07:55 2016 +0200 - - Send error messages to the client - - When an error occurs during negotiation, make the server send a - human-readable error message to the client along with the error reply - message. - - Signed-off-by: Wouter Verhelst - -commit 3b803827fce1742c6183706f50340f0cb3e2374a -Author: Wouter Verhelst -Date: Tue Oct 11 02:06:53 2016 +0200 - - Allow for easy sending of error messages - - While the protocol spec allows it, currently we don't actually send any - data to the client when we send an error message. - - Change the send_reply() function to make that easier. - - Signed-off-by: Wouter Verhelst - -commit 0c95d8f45c24e9e94c05a0c63683aef117eab5bc -Author: Wouter Verhelst -Date: Tue Oct 11 01:16:46 2016 +0200 - - Implement STARTTLS server side - - This adds support for STARTTLS to nbd-server. Still TODO are: - - Testing - - client-side - - Testing - - Verification that everything works the way it should, also against other - implementations (e.g., qemu) - - Testing - - Add unit tests for STARTTLS implementation, too. - - Testing - - Did I mention this hasn't been tested well, yet? - - At least it compiles. - - Signed-off-by: Wouter Verhelst - -commit 55cdcbb8675dbcfba55919db27183807b487de87 -Author: Wouter Verhelst -Date: Tue Oct 11 00:14:56 2016 +0200 - - Resync comment with reality - - Signed-off-by: Wouter Verhelst - -commit 52ab4d199af66cffdc095e1dad63efaa588b7184 -Author: Wouter Verhelst -Date: Tue Oct 11 00:10:20 2016 +0200 - - Speed up the critical path - - These socket_read() and socket_write() functions will now be called - everywhere in the critical path (especially socket_write(), which will - be called with a mutex held). Therefore, their performance is critical. - - Since a conditional jumps wreak havoc on cache prediction, use function - pointers to avoid them, thereby not negatively impacting performance - too much. - - Signed-off-by: Wouter Verhelst - -commit cccef815a56f2da88b41d2e3a01117e6c09033ad -Author: Wouter Verhelst -Date: Tue Oct 11 00:04:17 2016 +0200 - - Refactor negotiation a bit. - - Currently, we did negotiation by way of direct read() and write() calls. - This has two problems: - - The error handling in the implementation is not perfect; it is - possible to have short reads, which would result in the server - assuming a buffer has a given size, when in reality it does not. - - Having direct read() and write() calls makes it impossible to abstract - away whether we're using TLS or not. - - The easy fix is to use the new socket_read() and socket_write() calls, - but those require a CLIENT* to be available before they can be used. - Rather than allocating it in handle_export_name(), we now allocate it in - negotiate(), passing the pointer to the export name handler, and - removing its allocation. - - Signed-off-by: Wouter Verhelst - -commit 234e6748dbc591d51a72997111cfcc9767f60089 -Author: Wouter Verhelst -Date: Mon Oct 10 22:54:24 2016 +0200 - - Remove bashism - - Running an EXIT trap on abnormal termination of the shell is a bashism; - dash, for instance, does not run them on SIGINT. - - Fix by explicitly adding a trap for SIGINT. - - Signed-off-by: Wouter Verhelst - -commit 0f50492ed7548876892cf39cc6bf88a0b9175d04 -Author: Wouter Verhelst -Date: Fri Oct 7 17:16:07 2016 +0200 - - Re-enable integrityhuge test - - This used to cause deadlocks due to the fact that both server and tester - client did single-threaded and blocking I/O. However, this has now been - fixed, so we really should re-enable the check. - - Signed-off-by: Wouter Verhelst - -commit 3fd96ee040cf94dae4095bd84cd245f1a421b462 -Author: Wouter Verhelst -Date: Fri Oct 7 17:10:35 2016 +0200 - - Prepare for allowing STARTTLS - - Replace every use of readit() or writeit() on a socket by an abstracting - socket_read()/socket_write() function instead. - - This socket_read()/socket_write() function will call - gnutls_record_recv()/gnutls_record_send() if the client is doing TLS, - which we signal by the non-NULL-ness of the new .tls_session member of - the CLIENT struct. - - After that, once we add STARTTLS negotiation, we should be able to do - TLS properly. - - Signed-off-by: Wouter Verhelst - -commit 2ac59db544d75397cd83646a75eb3a0ac63adf9c -Author: Wouter Verhelst -Date: Fri Oct 7 17:08:22 2016 +0200 - - Don't claim we're exiting when we're not. - - Signed-off-by: Wouter Verhelst - -commit 5d914ac71764c54952d7e923a896248bff287838 -Author: Wouter Verhelst -Date: Fri Oct 7 17:07:46 2016 +0200 - - Search for and compile in GnuTLS - - Signed-off-by: Wouter Verhelst - -commit 610e2e04b3ed458e698065d15fb538536e2442cc -Author: Wouter Verhelst -Date: Fri Oct 7 12:48:12 2016 +0200 - - glibc wants _DEFAULT_SOURCE rather than _BSD_SOURCE nowadays - - Signed-off-by: Wouter Verhelst - -commit 485cf8404035116b36a18d690d116972767f13c4 -Author: Josef Bacik -Date: Wed Jul 6 12:30:15 2016 -0400 - - Work with old autotools - - m4_esyscmd_s doesn't exist with old autotools, nor does serial_tests. Fix up - these to use the old variants and not include serial_tests if our autotools - don't have support for it. Also add gthread to the glib check since older glibs - don't get the proper includes/libs by default without it. - - Signed-off-by: Josef Bacik - (cherry picked from commit dc6b6e208f597e7e287a3181f1fcbd923d2bf223) - Signed-off-by: Wouter Verhelst - -commit dace3adbe4b4cea8a49c48ba5474140dbb5ae528 -Author: Josef Bacik -Date: Wed Jul 6 12:25:08 2016 -0400 - - Fix compilation errors on old glib versions - - On centos6 the older version of glib needs to have g_thread_init() run before we - create the threadpool, however this is a deprecated function and we don't need - it on newer glibs. So add a configure check to see if our glib is the old one - and add the appropriate includes and g_thread_init() call. Tested on centos6 - and Fedora 23 to make sure it did the right thing in both cases. - - Signed-off-by: Josef Bacik - (cherry picked from commit 92fc4f11aa6c27aeb7ba28a510b550b550d13b60) - Signed-off-by: Wouter Verhelst - -commit 0200418df37bfeb00adae25eed5031eea762c36d -Author: Wouter Verhelst -Date: Thu Oct 6 14:46:16 2016 +0200 - - Clarify that clients cannot expect ordering in the face of multiple connections. - -commit ac45246b0b350f07dce3f9c8e02559867d370cfb -Author: Wouter Verhelst -Date: Sat Oct 1 13:34:51 2016 +0200 - - Clarify that it's not really *all* options - - Closes github issue#40 - -commit d9233191f6e63ca0d5d90c33f80d619a307f8e1c -Author: Alex Bligh -Date: Mon Sep 26 19:36:10 2016 +0100 - - Ensure length of flush command is set to zero - - Signed-off-by: Alex Bligh - -commit c6e9513e4a9de031e793cf3b50a9988b44e834e2 -Author: Carl-Daniel Hailfinger -Date: Mon Sep 26 03:22:52 2016 +0200 - - nbd-tester-client: fix flags usage. - - Running nbd-tester-client against nbdkit with oldstyle negotiation was fun. - I managed to segfault nbdkit and noticed that nbd-tester-client speaks - the oldstyle protocol incorrectly, ignoring flags sent by the server. - - Fix. - -commit faa41ab4a4c80e31582f3d69fcc31ce4105feed9 -Author: Alex Bligh -Date: Thu Sep 15 13:25:47 2016 +0100 - - Docs: remove reference to 'write barrier' in NBD_CMD_FLUSH - - Reference to a 'write barrier' in NBD_CMD_FLUSH is confusing as it might - appear to be a reference to an old-style linux block layer write barrier - which actually waits for all writes to complete, rather than just requiring - writes that have completed (and for which replies have been sent) have - been persisted. - - Signed-off-by: Alex Bligh - -commit a910d5f8471d00c0a872f50996ce2d61bad7d1ab -Author: Wouter Verhelst -Date: Thu Aug 11 19:25:09 2016 +0200 - - Add CII Best Practices badge. No, we're not ready yet. - -commit c8a485f17b127eff204871c57a028a35ccb86b81 -Author: Wouter Verhelst -Date: Wed Jul 13 17:17:30 2016 +0200 - - Don't forget to ship the nbd@.service.tmpl file - -commit f9bcc3dfa53dc2bbcd54c5eeafc19fbb7c8fc986 -Author: Wouter Verhelst -Date: Wed Jul 13 10:42:57 2016 +0200 - - Move statements to their correct section - - Before belongs in the [Unit] section, not the [Service] one. Also, - remove duplicate RequiredBy statement in Service section. - -commit a9c0af91032165eec312b31f25d5dc0fdced7338 -Merge: 345b3b3 772b264 -Author: Alex Bligh -Date: Fri Apr 22 20:11:00 2016 +0100 - - Merge branch 'master' into extension-write-zeroes - -commit 345b3b32e80d2aff16500d5b2564623386ebb181 -Merge: 523adfa 6b5bd32 -Author: Alex Bligh -Date: Thu Apr 21 13:27:13 2016 +0100 - - Merge branch 'master' into extension-write-zeroes - -commit 523adfa67ce571b50b08a6ced28caa19cf979fcb -Author: Alex Bligh -Date: Fri Apr 15 13:02:32 2016 +0100 - - Add support for NBD_CMD_WRITE_ZEROES - - This is a very basic implementation which could do with optimisation. - - Signed-off-by: Alex Bligh - -commit fc30e1f293b2fa707e6b765a04a6c08ade4f0591 -Author: Alex Bligh -Date: Fri Apr 15 13:52:49 2016 +0100 - - Introduce WRITE_ZEROES - - This patch introduces the WRITE_ZEROES extension - - Signed-off-by: Alex Bligh diff -Nru nbd-3.15/configure nbd-3.15.1/configure --- nbd-3.15/configure 2017-03-01 13:32:10.000000000 +0000 +++ nbd-3.15.1/configure 2016-12-20 19:24:55.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for nbd 3.15-305-g081e757. +# Generated by GNU Autoconf 2.69 for nbd debian-3.15.1-1-dirty. # # Report bugs to . # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='nbd' PACKAGE_TARNAME='nbd' -PACKAGE_VERSION='3.15-305-g081e757' -PACKAGE_STRING='nbd 3.15-305-g081e757' +PACKAGE_VERSION='debian-3.15.1-1-dirty' +PACKAGE_STRING='nbd debian-3.15.1-1-dirty' PACKAGE_BUGREPORT='wouter@debian.org' PACKAGE_URL='http://nbd.sourceforge.net/' @@ -1355,7 +1355,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures nbd 3.15-305-g081e757 to adapt to many kinds of systems. +\`configure' configures nbd debian-3.15.1-1-dirty to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1426,7 +1426,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of nbd 3.15-305-g081e757:";; + short | recursive ) echo "Configuration of nbd debian-3.15.1-1-dirty:";; esac cat <<\_ACEOF @@ -1559,7 +1559,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -nbd configure 3.15-305-g081e757 +nbd configure debian-3.15.1-1-dirty generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2268,7 +2268,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by nbd $as_me 3.15-305-g081e757, which was +It was created by nbd $as_me debian-3.15.1-1-dirty, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3132,7 +3132,7 @@ # Define the identity of the package. PACKAGE='nbd' - VERSION='3.15-305-g081e757' + VERSION='debian-3.15.1-1-dirty' cat >>confdefs.h <<_ACEOF @@ -15326,7 +15326,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by nbd $as_me 3.15-305-g081e757, which was +This file was extended by nbd $as_me debian-3.15.1-1-dirty, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -15393,7 +15393,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -nbd config.status 3.15-305-g081e757 +nbd config.status debian-3.15.1-1-dirty configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru nbd-3.15/debian/changelog nbd-3.15.1/debian/changelog --- nbd-3.15/debian/changelog 2017-03-01 13:32:10.000000000 +0000 +++ nbd-3.15.1/debian/changelog 2016-12-20 19:36:11.000000000 +0000 @@ -1,3 +1,17 @@ +nbd (1:3.15.1-2) unstable; urgency=medium + + * Build nbd-client a second time with GnuTLS disabled, and install + that into nbd-client-udeb; Closes: #848862. + + -- Wouter Verhelst Tue, 20 Dec 2016 20:36:11 +0100 + +nbd (1:3.15.1-1) unstable; urgency=medium + + * New upstream version; fixes WRITE_ZEROES with STARTTLS combination + (one-line fix). + + -- Wouter Verhelst Tue, 20 Dec 2016 12:22:53 +0100 + nbd (1:3.15-1) unstable; urgency=medium * New upstream version diff -Nru nbd-3.15/debian/nbd-client-udeb.install nbd-3.15.1/debian/nbd-client-udeb.install --- nbd-3.15/debian/nbd-client-udeb.install 2017-03-01 13:32:10.000000000 +0000 +++ nbd-3.15.1/debian/nbd-client-udeb.install 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -sbin/nbd-client diff -Nru nbd-3.15/debian/rules nbd-3.15.1/debian/rules --- nbd-3.15/debian/rules 2017-03-01 13:32:10.000000000 +0000 +++ nbd-3.15.1/debian/rules 2016-12-20 19:36:11.000000000 +0000 @@ -18,10 +18,12 @@ install -d debian/tmp/usr/share/initramfs-tools/hooks install -d debian/tmp/etc install -d debian/tmp/usr/share/nbd-server + install -d debian/nbd-client-udeb/sbin install -m 644 debian/nbd-client.nbdtab debian/tmp/etc/nbdtab install -m 755 debian/nbd-client.initrd debian/tmp/usr/share/initramfs-tools/scripts/local-top/nbd install -m 755 debian/nbd-client.initramfs-hook debian/tmp/usr/share/initramfs-tools/hooks/nbd install -m 644 debian/nbd-server.conf.tmpl debian/tmp/usr/share/nbd-server/nbd-server.conf.tmpl + install -m 755 debian/tmp/sbin/min-nbd-client debian/nbd-client-udeb/sbin/nbd-client dh_install -s override_dh_installinit: diff -Nru nbd-3.15/.gitignore nbd-3.15.1/.gitignore --- nbd-3.15/.gitignore 1970-01-01 00:00:00.000000000 +0000 +++ nbd-3.15.1/.gitignore 2016-12-20 19:18:35.000000000 +0000 @@ -0,0 +1,56 @@ +.deps +.dirstamp +Makefile +autom4te.cache +autoscan.log +config.h +*~ +config.* +file +nbd-client.8 +nbd-server.1 +stamp-h.in +stamp-h1 +Doxyfile +compile +manpage.refs +manpage.links +mkinstalldirs +nbd-tester-client +nbd-client +nbd-server +doc/doxygen-output +nbd-server.config +nbd-server.5 +nbd-trdump.1 +nbdtab.5 +*.o +nbd-client.8.in +nbd-server.1.in +nbd-server.5.in +nbd-trdump.1.in +nbdtab.5.in +Makefile.in +config.h.in +aclocal.m4 +INSTALL +depcomp +install-sh +configure +man/*.sh +man/*.sh.in +man/manpage.log +make-integrityhuge +nbd-trdump +missing +libtool +*.lo +ltmain.sh +.libs/ +*.la +support/lt* +support/libtool.m4 +ar-lib +tests/run/cliserv.c +.debhelper +*debhelper.log diff -Nru nbd-3.15/gznbd/.gitignore nbd-3.15.1/gznbd/.gitignore --- nbd-3.15/gznbd/.gitignore 1970-01-01 00:00:00.000000000 +0000 +++ nbd-3.15.1/gznbd/.gitignore 2013-12-23 19:34:24.000000000 +0000 @@ -0,0 +1 @@ +gznbd diff -Nru nbd-3.15/Makefile.am nbd-3.15.1/Makefile.am --- nbd-3.15/Makefile.am 2016-11-27 19:37:50.000000000 +0000 +++ nbd-3.15.1/Makefile.am 2016-12-20 19:31:46.000000000 +0000 @@ -6,25 +6,33 @@ noinst_LTLIBRARIES = libnbdsrv.la libcliserv.la libcliserv_la_SOURCES = cliserv.h cliserv.c libcliserv_la_CFLAGS = @CFLAGS@ -nbd_client_SOURCES = nbd-client.c cliserv.h +client_srcs = nbd-client.c cliserv.h nbd_server_SOURCES = nbd-server.c cliserv.h lfs.h nbd.h nbdsrv.h backend.h \ netdb-compat.h nbd_trdump_SOURCES = nbd-trdump.c cliserv.h nbd.h -nbd_client_CFLAGS = @CFLAGS@ +client_flags = @CFLAGS@ nbd_server_CFLAGS = @CFLAGS@ @GLIB_CFLAGS@ nbd_trdump_CFLAGS = @CFLAGS@ @GLIB_CFLAGS@ libnbdsrv_la_SOURCES = nbdsrv.c nbdsrv.h treefiles.c treefiles.h libnbdsrv_la_CFLAGS = @CFLAGS@ @GLIB_CFLAGS@ -nbd_client_LDADD = libcliserv.la +client_libs = libcliserv.la nbd_server_LDADD = @GLIB_LIBS@ libnbdsrv.la libcliserv.la nbd_trdump_LDADD = libcliserv.la make_integrityhuge_SOURCES = make-integrityhuge.c cliserv.h nbd.h nbd-debug.h EXTRA_DIST = maketr CodingStyle autogen.sh README.md support/genver.sh if GNUTLS -nbd_client_SOURCES += crypto-gnutls.c crypto-gnutls.h buffer.c buffer.h -nbd_client_CFLAGS += @GnuTLS_CFLAGS@ -nbd_client_LDADD += @GnuTLS_LIBS@ +sbin_PROGRAMS += min-nbd-client +min_nbd_client_SOURCES = $(client_srcs) +min_nbd_client_CFLAGS = $(client_flags) -DNOTLS +min_nbd_client_LDADD = $(client_libs) +nbd_client_SOURCES = $(client_srcs) crypto-gnutls.c crypto-gnutls.h buffer.c buffer.h +nbd_client_CFLAGS = $(client_flags) @GnuTLS_CFLAGS@ +nbd_client_LDADD = $(client_libs) @GnuTLS_LIBS@ nbd_server_CFLAGS += @GnuTLS_CFLAGS@ nbd_server_LDADD += @GnuTLS_LIBS@ +else +nbd_client_SOURCES = $(client_srcs) +nbd_client_CFLAGS = $(client_flags) +nbd_client_LDADD = $(client_libs) endif diff -Nru nbd-3.15/Makefile.in nbd-3.15.1/Makefile.in --- nbd-3.15/Makefile.in 2017-03-01 13:32:10.000000000 +0000 +++ nbd-3.15.1/Makefile.in 2016-12-20 19:32:32.000000000 +0000 @@ -90,12 +90,11 @@ build_triplet = @build@ host_triplet = @host@ bin_PROGRAMS = nbd-server$(EXEEXT) nbd-trdump$(EXEEXT) +sbin_PROGRAMS = @NBD_CLIENT_NAME@ $(am__EXEEXT_1) EXTRA_PROGRAMS = nbd-client$(EXEEXT) make-integrityhuge$(EXEEXT) -@GNUTLS_TRUE@am__append_1 = crypto-gnutls.c crypto-gnutls.h buffer.c buffer.h +@GNUTLS_TRUE@am__append_1 = min-nbd-client @GNUTLS_TRUE@am__append_2 = @GnuTLS_CFLAGS@ @GNUTLS_TRUE@am__append_3 = @GnuTLS_LIBS@ -@GNUTLS_TRUE@am__append_4 = @GnuTLS_CFLAGS@ -@GNUTLS_TRUE@am__append_5 = @GnuTLS_LIBS@ subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/support/libtool.m4 \ @@ -133,24 +132,36 @@ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libnbdsrv_la_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" +@GNUTLS_TRUE@am__EXEEXT_1 = min-nbd-client$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(sbin_PROGRAMS) am_make_integrityhuge_OBJECTS = make-integrityhuge.$(OBJEXT) make_integrityhuge_OBJECTS = $(am_make_integrityhuge_OBJECTS) make_integrityhuge_LDADD = $(LDADD) +am__min_nbd_client_SOURCES_DIST = nbd-client.c cliserv.h +am__objects_1 = min_nbd_client-nbd-client.$(OBJEXT) +@GNUTLS_TRUE@am_min_nbd_client_OBJECTS = $(am__objects_1) +min_nbd_client_OBJECTS = $(am_min_nbd_client_OBJECTS) +@GNUTLS_TRUE@min_nbd_client_DEPENDENCIES = $(client_libs) +min_nbd_client_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(min_nbd_client_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o \ + $@ am__nbd_client_SOURCES_DIST = nbd-client.c cliserv.h crypto-gnutls.c \ crypto-gnutls.h buffer.c buffer.h -@GNUTLS_TRUE@am__objects_1 = nbd_client-crypto-gnutls.$(OBJEXT) \ +am__objects_2 = nbd_client-nbd-client.$(OBJEXT) +@GNUTLS_FALSE@am_nbd_client_OBJECTS = $(am__objects_2) +@GNUTLS_TRUE@am_nbd_client_OBJECTS = $(am__objects_2) \ +@GNUTLS_TRUE@ nbd_client-crypto-gnutls.$(OBJEXT) \ @GNUTLS_TRUE@ nbd_client-buffer.$(OBJEXT) -am_nbd_client_OBJECTS = nbd_client-nbd-client.$(OBJEXT) \ - $(am__objects_1) nbd_client_OBJECTS = $(am_nbd_client_OBJECTS) -am__DEPENDENCIES_1 = -nbd_client_DEPENDENCIES = libcliserv.la $(am__DEPENDENCIES_1) +@GNUTLS_FALSE@nbd_client_DEPENDENCIES = $(client_libs) +@GNUTLS_TRUE@nbd_client_DEPENDENCIES = $(client_libs) nbd_client_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(nbd_client_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am_nbd_server_OBJECTS = nbd_server-nbd-server.$(OBJEXT) nbd_server_OBJECTS = $(am_nbd_server_OBJECTS) +am__DEPENDENCIES_1 = nbd_server_DEPENDENCIES = libnbdsrv.la libcliserv.la \ $(am__DEPENDENCIES_1) nbd_server_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -197,11 +208,14 @@ am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = SOURCES = $(libcliserv_la_SOURCES) $(libnbdsrv_la_SOURCES) \ - $(make_integrityhuge_SOURCES) $(nbd_client_SOURCES) \ - $(nbd_server_SOURCES) $(nbd_trdump_SOURCES) + $(make_integrityhuge_SOURCES) $(min_nbd_client_SOURCES) \ + $(nbd_client_SOURCES) $(nbd_server_SOURCES) \ + $(nbd_trdump_SOURCES) DIST_SOURCES = $(libcliserv_la_SOURCES) $(libnbdsrv_la_SOURCES) \ - $(make_integrityhuge_SOURCES) $(am__nbd_client_SOURCES_DIST) \ - $(nbd_server_SOURCES) $(nbd_trdump_SOURCES) + $(make_integrityhuge_SOURCES) \ + $(am__min_nbd_client_SOURCES_DIST) \ + $(am__nbd_client_SOURCES_DIST) $(nbd_server_SOURCES) \ + $(nbd_trdump_SOURCES) RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ @@ -422,26 +436,34 @@ top_srcdir = @top_srcdir@ ACLOCAL_AMFLAGS = -I support SUBDIRS = . man doc tests systemd gznbd -sbin_PROGRAMS = @NBD_CLIENT_NAME@ noinst_LTLIBRARIES = libnbdsrv.la libcliserv.la libcliserv_la_SOURCES = cliserv.h cliserv.c libcliserv_la_CFLAGS = @CFLAGS@ -nbd_client_SOURCES = nbd-client.c cliserv.h $(am__append_1) +client_srcs = nbd-client.c cliserv.h nbd_server_SOURCES = nbd-server.c cliserv.h lfs.h nbd.h nbdsrv.h backend.h \ netdb-compat.h nbd_trdump_SOURCES = nbd-trdump.c cliserv.h nbd.h -nbd_client_CFLAGS = @CFLAGS@ $(am__append_2) -nbd_server_CFLAGS = @CFLAGS@ @GLIB_CFLAGS@ $(am__append_4) +client_flags = @CFLAGS@ +nbd_server_CFLAGS = @CFLAGS@ @GLIB_CFLAGS@ $(am__append_2) nbd_trdump_CFLAGS = @CFLAGS@ @GLIB_CFLAGS@ libnbdsrv_la_SOURCES = nbdsrv.c nbdsrv.h treefiles.c treefiles.h libnbdsrv_la_CFLAGS = @CFLAGS@ @GLIB_CFLAGS@ -nbd_client_LDADD = libcliserv.la $(am__append_3) +client_libs = libcliserv.la nbd_server_LDADD = @GLIB_LIBS@ libnbdsrv.la libcliserv.la \ - $(am__append_5) + $(am__append_3) nbd_trdump_LDADD = libcliserv.la make_integrityhuge_SOURCES = make-integrityhuge.c cliserv.h nbd.h nbd-debug.h EXTRA_DIST = maketr CodingStyle autogen.sh README.md support/genver.sh +@GNUTLS_TRUE@min_nbd_client_SOURCES = $(client_srcs) +@GNUTLS_TRUE@min_nbd_client_CFLAGS = $(client_flags) -DNOTLS +@GNUTLS_TRUE@min_nbd_client_LDADD = $(client_libs) +@GNUTLS_FALSE@nbd_client_SOURCES = $(client_srcs) +@GNUTLS_TRUE@nbd_client_SOURCES = $(client_srcs) crypto-gnutls.c crypto-gnutls.h buffer.c buffer.h +@GNUTLS_FALSE@nbd_client_CFLAGS = $(client_flags) +@GNUTLS_TRUE@nbd_client_CFLAGS = $(client_flags) @GnuTLS_CFLAGS@ +@GNUTLS_FALSE@nbd_client_LDADD = $(client_libs) +@GNUTLS_TRUE@nbd_client_LDADD = $(client_libs) @GnuTLS_LIBS@ all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -615,6 +637,10 @@ @rm -f make-integrityhuge$(EXEEXT) $(AM_V_CCLD)$(LINK) $(make_integrityhuge_OBJECTS) $(make_integrityhuge_LDADD) $(LIBS) +min-nbd-client$(EXEEXT): $(min_nbd_client_OBJECTS) $(min_nbd_client_DEPENDENCIES) $(EXTRA_min_nbd_client_DEPENDENCIES) + @rm -f min-nbd-client$(EXEEXT) + $(AM_V_CCLD)$(min_nbd_client_LINK) $(min_nbd_client_OBJECTS) $(min_nbd_client_LDADD) $(LIBS) + nbd-client$(EXEEXT): $(nbd_client_OBJECTS) $(nbd_client_DEPENDENCIES) $(EXTRA_nbd_client_DEPENDENCIES) @rm -f nbd-client$(EXEEXT) $(AM_V_CCLD)$(nbd_client_LINK) $(nbd_client_OBJECTS) $(nbd_client_LDADD) $(LIBS) @@ -637,6 +663,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libnbdsrv_la-nbdsrv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libnbdsrv_la-treefiles.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/make-integrityhuge.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/min_nbd_client-nbd-client.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nbd_client-buffer.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nbd_client-crypto-gnutls.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nbd_client-nbd-client.Po@am__quote@ @@ -688,6 +715,20 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libnbdsrv_la_CFLAGS) $(CFLAGS) -c -o libnbdsrv_la-treefiles.lo `test -f 'treefiles.c' || echo '$(srcdir)/'`treefiles.c +min_nbd_client-nbd-client.o: nbd-client.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(min_nbd_client_CFLAGS) $(CFLAGS) -MT min_nbd_client-nbd-client.o -MD -MP -MF $(DEPDIR)/min_nbd_client-nbd-client.Tpo -c -o min_nbd_client-nbd-client.o `test -f 'nbd-client.c' || echo '$(srcdir)/'`nbd-client.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/min_nbd_client-nbd-client.Tpo $(DEPDIR)/min_nbd_client-nbd-client.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='nbd-client.c' object='min_nbd_client-nbd-client.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(min_nbd_client_CFLAGS) $(CFLAGS) -c -o min_nbd_client-nbd-client.o `test -f 'nbd-client.c' || echo '$(srcdir)/'`nbd-client.c + +min_nbd_client-nbd-client.obj: nbd-client.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(min_nbd_client_CFLAGS) $(CFLAGS) -MT min_nbd_client-nbd-client.obj -MD -MP -MF $(DEPDIR)/min_nbd_client-nbd-client.Tpo -c -o min_nbd_client-nbd-client.obj `if test -f 'nbd-client.c'; then $(CYGPATH_W) 'nbd-client.c'; else $(CYGPATH_W) '$(srcdir)/nbd-client.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/min_nbd_client-nbd-client.Tpo $(DEPDIR)/min_nbd_client-nbd-client.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='nbd-client.c' object='min_nbd_client-nbd-client.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(min_nbd_client_CFLAGS) $(CFLAGS) -c -o min_nbd_client-nbd-client.obj `if test -f 'nbd-client.c'; then $(CYGPATH_W) 'nbd-client.c'; else $(CYGPATH_W) '$(srcdir)/nbd-client.c'; fi` + nbd_client-nbd-client.o: nbd-client.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nbd_client_CFLAGS) $(CFLAGS) -MT nbd_client-nbd-client.o -MD -MP -MF $(DEPDIR)/nbd_client-nbd-client.Tpo -c -o nbd_client-nbd-client.o `test -f 'nbd-client.c' || echo '$(srcdir)/'`nbd-client.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/nbd_client-nbd-client.Tpo $(DEPDIR)/nbd_client-nbd-client.Po diff -Nru nbd-3.15/nbd-client.c nbd-3.15.1/nbd-client.c --- nbd-3.15/nbd-client.c 2016-11-27 19:37:50.000000000 +0000 +++ nbd-3.15.1/nbd-client.c 2016-12-20 19:32:27.000000000 +0000 @@ -47,7 +47,7 @@ #define MY_NAME "nbd_client" #include "cliserv.h" -#if HAVE_GNUTLS +#if HAVE_GNUTLS && !defined(NOTLS) #include "crypto-gnutls.h" #endif @@ -309,7 +309,7 @@ if (write(sock, &client_flags, sizeof(client_flags)) < 0) err("Failed/2.1: %m"); -#if HAVE_GNUTLS +#if HAVE_GNUTLS && !defined(NOTLS) /* TLS */ if (tls) { int plainfd[2]; // [0] is used by the proxy, [1] is used by NBD @@ -676,7 +676,7 @@ fprintf(stderr, "Or : nbd-client -c nbd_device\n"); fprintf(stderr, "Or : nbd-client -h|--help\n"); fprintf(stderr, "Or : nbd-client -l|--list host\n"); -#if HAVE_GNUTLS +#if HAVE_GNUTLS && !defined(NOTLS) fprintf(stderr, "All commands that connect to a host also take:\n\t[-F|-certfile certfile] [-K|-keyfile keyfile]\n\t[-A|-cacertfile cacertfile] [-H|-tlshostname hostname] [-x|-enable-tls]\n"); #endif fprintf(stderr, "Default value for blocksize is 1024 (recommended for ethernet)\n"); @@ -755,7 +755,7 @@ logging(MY_NAME); -#if HAVE_GNUTLS +#if HAVE_GNUTLS && !defined(NOTLS) tlssession_init(); #endif @@ -847,7 +847,7 @@ case 'u': b_unix = 1; break; -#if HAVE_GNUTLS +#if HAVE_GNUTLS && !defined(NOTLS) case 'x': tls = true; break; diff -Nru nbd-3.15/nbd-server.c nbd-3.15.1/nbd-server.c --- nbd-3.15/nbd-server.c 2016-12-19 22:41:37.000000000 +0000 +++ nbd-3.15.1/nbd-server.c 2016-12-20 19:18:35.000000000 +0000 @@ -2025,7 +2025,7 @@ // TODO: handle this far more efficiently with reference to the // actual backing driver pthread_mutex_lock(&(client->lock)); - writeit(client->net, &rep, sizeof rep); + socket_write(client, &rep, sizeof rep); pthread_mutex_unlock(&(client->lock)); } diff -Nru nbd-3.15/systemd/.gitignore nbd-3.15.1/systemd/.gitignore --- nbd-3.15/systemd/.gitignore 1970-01-01 00:00:00.000000000 +0000 +++ nbd-3.15.1/systemd/.gitignore 2016-11-27 19:37:50.000000000 +0000 @@ -0,0 +1,3 @@ +nbd@.service +nbd@.service.sh +nbd@.service.sh.in diff -Nru nbd-3.15/tests/code/.gitignore nbd-3.15.1/tests/code/.gitignore --- nbd-3.15/tests/code/.gitignore 1970-01-01 00:00:00.000000000 +0000 +++ nbd-3.15.1/tests/code/.gitignore 2016-11-21 21:43:24.000000000 +0000 @@ -0,0 +1,5 @@ +clientacl +dup +mask +size +trim diff -Nru nbd-3.15/tests/run/buffer.c nbd-3.15.1/tests/run/buffer.c --- nbd-3.15/tests/run/buffer.c 2016-11-27 19:37:50.000000000 +0000 +++ nbd-3.15.1/tests/run/buffer.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,225 +0,0 @@ -/* - -The MIT License (MIT) - -Copyright (c) 2016 Wrymouth Innovation Ltd - -Permission is hereby granted, free of charge, to any person obtaining a -copy of this software and associated documentation files (the "Software"), -to deal in the Software without restriction, including without limitation -the rights to use, copy, modify, merge, publish, distribute, sublicense, -and/or sell copies of the Software, and to permit persons to whom the -Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL -THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -*/ - -#include - -#include "buffer.h" - -typedef struct buffer -{ - char *buf; - ssize_t size; - ssize_t hwm; - ssize_t ridx; - ssize_t widx; - int empty; -} buffer_t; - -/* the buffer is organised internally as follows: - * - * * There are b->size bytes in the buffer. - * - * * Bytes are at offsets 0 to b->size-1 - * - * * b->ridx points to the first readable byte - * - * * b->widx points to the first empty space - * - * * b->ridx < b->widx indicates a non-wrapped buffer: - * - * 0 ridx widx size - * | | | | - * V V V V - * ........XXXXXXXXX................ - * - * * b->ridx > b->widx indicates a wrapped buffer: - * - * 0 widx ridx size - * | | | | - * V V V V - * XXXXXXXX.........XXXXXXXXXXXXXXXX - * - * * b->ridx == b->widx indicates a FULL buffer: - * - * * b->ridx == b->widx indicates a wrapped buffer: - * - * 0 widx == ridx size - * | | | - * V V V - * XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - * - * An empty buffer is indicated by empty=1 - * - */ - -buffer_t * -bufNew (ssize_t size, ssize_t hwm) -{ - buffer_t *b = calloc (1, sizeof (buffer_t)); - b->buf = calloc (1, size); - b->size = size; - b->hwm = hwm; - b->empty = 1; - return b; -} - - -void -bufFree (buffer_t * b) -{ - free (b->buf); - free (b); -} - -/* get a maximal span to read. Returns 0 if buffer - * is empty - */ -ssize_t -bufGetReadSpan (buffer_t * b, void **addr) -{ - if (b->empty) - { - *addr = NULL; - return 0; - } - *addr = &(b->buf[b->ridx]); - ssize_t len = b->widx - b->ridx; - if (len <= 0) - len = b->size - b->ridx; - return len; -} - -/* get a maximal span to write. Returns 0 id buffer is full - */ -ssize_t -bufGetWriteSpan (buffer_t * b, void **addr) -{ - if (b->empty) - { - *addr = b->buf; - b->ridx = 0; - b->widx = 0; - return b->size; - } - if (b->ridx == b->widx) - { - *addr = NULL; - return 0; - } - *addr = &(b->buf[b->widx]); - ssize_t len = b->ridx - b->widx; - if (len <= 0) - len = b->size - b->widx; - return len; -} - -/* mark size bytes as read */ -void -bufDoneRead (buffer_t * b, ssize_t size) -{ - while (!b->empty && (size > 0)) - { - /* empty can't occur here, so equal pointers means full */ - ssize_t len = b->widx - b->ridx; - if (len <= 0) - len = b->size - b->ridx; - - /* len is the number of bytes in one read span */ - if (len > size) - len = size; - - b->ridx += len; - if (b->ridx >= b->size) - b->ridx = 0; - - if (b->ridx == b->widx) - { - b->ridx = 0; - b->widx = 0; - b->empty = 1; - } - - size -= len; - } -} - -/* mark size bytes as written */ -void -bufDoneWrite (buffer_t * b, ssize_t size) -{ - while ((b->empty || (b->ridx != b->widx)) && (size > 0)) - { - /* full can't occur here, so equal pointers means empty */ - ssize_t len = b->ridx - b->widx; - if (len <= 0) - len = b->size - b->widx; - - /* len is the number of bytes in one write span */ - if (len > size) - len = size; - - b->widx += len; - if (b->widx >= b->size) - b->widx = 0; - - /* it can't be empty as we've written at least one byte */ - b->empty = 0; - - size -= len; - } -} - -int -bufIsEmpty (buffer_t * b) -{ - return b->empty; -} - -int -bufIsFull (buffer_t * b) -{ - return !b->empty && (b->ridx == b->widx); -} - -int -bufIsOverHWM (buffer_t * b) -{ - return bufGetCount (b) > b->hwm; -} - -ssize_t -bufGetFree (buffer_t * b) -{ - return b->size - bufGetCount (b); -} - -ssize_t -bufGetCount (buffer_t * b) -{ - if (b->empty) - return 0; - return b->widx - b->ridx + ((b->ridx < b->widx) ? 0 : b->size); -} diff -Nru nbd-3.15/tests/run/cliserv.c nbd-3.15.1/tests/run/cliserv.c --- nbd-3.15/tests/run/cliserv.c 2016-11-27 19:37:50.000000000 +0000 +++ nbd-3.15.1/tests/run/cliserv.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,128 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -const u64 cliserv_magic = 0x00420281861253LL; -const u64 opts_magic = 0x49484156454F5054LL; -const u64 rep_magic = 0x3e889045565a9LL; - -/** - * Set a socket to blocking or non-blocking - * - * @param fd The socket's FD - * @param nb non-zero to set to non-blocking, else 0 to set to blocking - * @return 0 - OK, -1 failed - */ -int set_nonblocking(int fd, int nb) { - int sf = fcntl (fd, F_GETFL, 0); - if (sf == -1) - return -1; - return fcntl (fd, F_SETFL, nb ? (sf | O_NONBLOCK) : (sf & ~O_NONBLOCK)); -} - - -void setmysockopt(int sock) { - int size = 1; -#if 0 - if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, &size, sizeof(int)) < 0) - INFO("(no sockopt/1: %m)"); -#endif -#ifdef IPPROTO_TCP - size = 1; - if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &size, sizeof(int)) < 0) - INFO("(no sockopt/2: %m)"); -#endif -#if 0 - size = 1024; - if (setsockopt(sock, IPPROTO_TCP, TCP_MAXSEG, &size, sizeof(int)) < 0) - INFO("(no sockopt/3: %m)"); -#endif -} - -void err_nonfatal(const char *s) { - char s1[150], *s2; - - strncpy(s1, s, sizeof(s1)); - if ((s2 = strstr(s, "%m"))) { - strcpy(s1 + (s2 - s), strerror(errno)); - s2 += 2; - strcpy(s1 + strlen(s1), s2); - } -#ifndef sun - /* Solaris doesn't have %h in syslog */ - else if ((s2 = strstr(s, "%h"))) { - strcpy(s1 + (s2 - s), hstrerror(h_errno)); - s2 += 2; - strcpy(s1 + strlen(s1), s2); - } -#endif - - s1[sizeof(s1)-1] = '\0'; -#ifdef ISSERVER - syslog(LOG_ERR, "%s", s1); - syslog(LOG_ERR, "Exiting."); -#endif - fprintf(stderr, "Error: %s\n", s1); -} - -void err(const char *s) { - err_nonfatal(s); - fprintf(stderr, "Exiting.\n"); - exit(EXIT_FAILURE); -} - -void logging(const char* name) { -#ifdef ISSERVER - openlog(name, LOG_PID, LOG_DAEMON); -#endif - setvbuf(stdout, NULL, _IONBF, 0); - setvbuf(stderr, NULL, _IONBF, 0); -} - -#ifndef ntohll -#ifdef WORDS_BIGENDIAN -uint64_t ntohll(uint64_t a) { - return a; -} -#else -uint64_t ntohll(uint64_t a) { - u32 lo = a & 0xffffffff; - u32 hi = a >> 32U; - lo = ntohl(lo); - hi = ntohl(hi); - return ((uint64_t) lo) << 32U | hi; -} -#endif -#endif - -/** - * Read data from a file descriptor into a buffer - * - * @param f a file descriptor - * @param buf a buffer - * @param len the number of bytes to be read - **/ -void readit(int f, void *buf, size_t len) { - ssize_t res; - while (len > 0) { - DEBUG("*"); - res = read(f, buf, len); - if (res > 0) { - len -= res; - buf += res; - } else if (res < 0) { - if(errno != EAGAIN) { - err("Read failed: %m"); - } - } else { - err("Read failed: End of file"); - } - } -} diff -Nru nbd-3.15/tests/run/crypto-gnutls.c nbd-3.15.1/tests/run/crypto-gnutls.c --- nbd-3.15/tests/run/crypto-gnutls.c 2016-11-27 19:37:50.000000000 +0000 +++ nbd-3.15.1/tests/run/crypto-gnutls.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,627 +0,0 @@ -/* - -The MIT License (MIT) - -Copyright (c) 2016 Wrymouth Innovation Ltd - -Permission is hereby granted, free of charge, to any person obtaining a -copy of this software and associated documentation files (the "Software"), -to deal in the Software without restriction, including without limitation -the rights to use, copy, modify, merge, publish, distribute, sublicense, -and/or sell copies of the Software, and to permit persons to whom the -Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL -THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -*/ - -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -#include "crypto-gnutls.h" -#include "buffer.h" - -#define MAX_CERTS 10 - -#define FALSE 0 -#define TRUE 1 - -#define PRIORITY "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" - -typedef struct tlssession -{ - gnutls_certificate_credentials_t creds; - gnutls_session_t session; - char *hostname; - int (*quitfn) (void *opaque); - int (*erroutfn) (void *opaque, const char *format, va_list ap); - int debug; - void *opaque; -} tlssession_t; - -#define BUF_SIZE 65536 -#define BUF_HWM ((BUF_SIZE*3)/4) - -static int -falsequit (void *opaque) -{ - return FALSE; -} - -static int -quit (tlssession_t * s) -{ - return s->quitfn (s->opaque); -} - - -static int -stderrout (void *opaque, const char *format, va_list ap) -{ - return vfprintf (stderr, format, ap); -} - -static int -errout (tlssession_t * s, const char *format, ...) -{ - va_list ap; - int ret; - va_start (ap, format); - ret = s->erroutfn (s->opaque, format, ap); - va_end (ap); - return ret; -} - -static int -debugout (tlssession_t * s, const char *format, ...) -{ - va_list ap; - int ret = 0; - va_start (ap, format); - if (s->debug) - ret = s->erroutfn (s->opaque, format, ap); - va_end (ap); - return ret; -} - -static int -socksetnonblock (int fd, int nb) -{ - int sf = fcntl (fd, F_GETFL, 0); - if (sf == -1) - return -1; - return fcntl (fd, F_SETFL, nb ? (sf | O_NONBLOCK) : (sf & ~O_NONBLOCK)); -} - -/* From (public domain) example file in GNUTLS - * - * This function will try to verify the peer's certificate, and - * also check if the hostname matches, and the activation, expiration dates. - */ -static int -verify_certificate_callback (gnutls_session_t session) -{ - unsigned int status; - const gnutls_datum_t *cert_list; - unsigned int cert_list_size; - int ret; - gnutls_x509_crt_t cert; - tlssession_t *s; - - /* read session pointer */ - s = (tlssession_t *) gnutls_session_get_ptr (session); - - /* This verification function uses the trusted CAs in the credentials - * structure. So you must have installed one or more CA certificates. - */ - ret = gnutls_certificate_verify_peers2 (session, &status); - if (ret < 0) - { - debugout (s, "Could not verfify peer certificate due to an error\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - if (status & GNUTLS_CERT_INVALID) - debugout (s, "The certificate is not trusted.\n"); - - if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) - debugout (s, "The certificate hasn't got a known issuer.\n"); - - if (status & GNUTLS_CERT_REVOKED) - debugout (s, "The certificate has been revoked.\n"); - - if (status & GNUTLS_CERT_EXPIRED) - debugout (s, "The certificate has expired\n"); - - if (status & GNUTLS_CERT_NOT_ACTIVATED) - debugout (s, "The certificate is not yet activated\n"); - - if (status) - return GNUTLS_E_CERTIFICATE_ERROR; - - if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) - return GNUTLS_E_CERTIFICATE_ERROR; - - if (gnutls_x509_crt_init (&cert) < 0) - { - debugout (s, "error in initialization\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - cert_list = gnutls_certificate_get_peers (session, &cert_list_size); - if (cert_list == NULL) - { - debugout (s, "No certificate was found!\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - /* check only the first certificate - seems to be what curl does */ - if (gnutls_x509_crt_import (cert, &cert_list[0], GNUTLS_X509_FMT_DER) < 0) - { - debugout (s, "error parsing certificate\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - if (s->hostname && *s->hostname) - { - if (!gnutls_x509_crt_check_hostname (cert, s->hostname)) - { - debugout (s, - "The certificate's owner does not match hostname '%s'\n", - s->hostname); - return GNUTLS_E_CERTIFICATE_ERROR; - } - } - - gnutls_x509_crt_deinit (cert); - - debugout (s, "Peer passed certificate verification\n"); - - /* notify gnutls to continue handshake normally */ - return 0; -} - -tlssession_t * -tlssession_new (int isserver, - char *keyfile, char *certfile, char *cacertfile, - char *hostname, int insecure, int debug, - int (*quitfn) (void *opaque), - int (*erroutfn) (void *opaque, const char *format, - va_list ap), void *opaque) -{ - int ret; - tlssession_t *s = calloc (1, sizeof (tlssession_t)); - - if (quitfn) - s->quitfn = quitfn; - else - s->quitfn = falsequit; - - if (erroutfn) - s->erroutfn = erroutfn; - else - s->erroutfn = stderrout; - - if (hostname) - s->hostname = strdup (hostname); - - s->debug = debug; - - if (gnutls_certificate_allocate_credentials (&s->creds) < 0) - { - errout (s, "Certificate allocation memory error\n"); - goto error; - } - - if (cacertfile != NULL) - { - ret = - gnutls_certificate_set_x509_trust_file (s->creds, cacertfile, - GNUTLS_X509_FMT_PEM); - if (ret < 0) - { - errout (s, "Error setting the x509 trust file: %s\n", - gnutls_strerror (ret)); - goto error; - } - - if (!insecure) - { - gnutls_certificate_set_verify_function (s->creds, - verify_certificate_callback); - gnutls_certificate_set_verify_flags (s->creds, - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); - } - } - - if (keyfile && !certfile) - certfile = keyfile; - - if (certfile != NULL && keyfile != NULL) - { - ret = - gnutls_certificate_set_x509_key_file (s->creds, certfile, keyfile, - GNUTLS_X509_FMT_PEM); - - if (ret < 0) - { - errout (s, - "Error loading certificate or key file (%s, %s): %s\n", - certfile, keyfile, gnutls_strerror (ret)); - goto error; - } - } - - if (isserver) - { - ret = gnutls_init (&s->session, GNUTLS_SERVER); - } - else - { - ret = gnutls_init (&s->session, GNUTLS_CLIENT); - } - if (ret < 0) - { - errout (s, "Cannot initialize GNUTLS session: %s\n", - gnutls_strerror (ret)); - goto error; - } - - gnutls_session_set_ptr (s->session, (void *) s); - - ret = gnutls_set_default_priority (s->session); - if (ret < 0) - { - errout (s, "Cannot set default GNUTLS session priority: %s\n", - gnutls_strerror (ret)); - goto error; - } - - const char *errpos = NULL; - ret = gnutls_priority_set_direct (s->session, PRIORITY, &errpos); - if (ret < 0) - { - errout (s, "Cannot set GNUTLS session priority: %s\n", - gnutls_strerror (ret)); - goto error; - } - - gnutls_session_set_ptr (s->session, (void *) s); - - ret = gnutls_credentials_set (s->session, GNUTLS_CRD_CERTIFICATE, s->creds); - if (ret < 0) - { - errout (s, "Cannot set session GNUTL credentials: %s\n", - gnutls_strerror (ret)); - goto error; - } - - if (isserver) - { - /* requests but does not check a client certificate */ - gnutls_certificate_server_set_request (s->session, GNUTLS_CERT_REQUEST); - } - - - return s; - -error: - if (s->session) - gnutls_deinit (s->session); - free (s); - return NULL; -} - -void -tlssession_close (tlssession_t * s) -{ - if (s->session) - gnutls_deinit (s->session); - free (s->hostname); - free (s); -} - -int -tlssession_init () -{ - return gnutls_global_init (); -} - - -int -tlssession_mainloop (int cryptfd, int plainfd, tlssession_t * s) -{ - fd_set readfds; - fd_set writefds; - int maxfd; - int tls_wr_interrupted = 0; - int plainEOF = FALSE; - int cryptEOF = FALSE; - int ret; - - buffer_t *plainToCrypt = bufNew (BUF_SIZE, BUF_HWM); - buffer_t *cryptToPlain = bufNew (BUF_SIZE, BUF_HWM); - - if (socksetnonblock (cryptfd, 0) < 0) - { - errout (s, "Could not turn on blocking: %m"); - goto error; - } - - /* set it up to work with our FD */ - gnutls_transport_set_ptr (s->session, - (gnutls_transport_ptr_t) (intptr_t) cryptfd); - - - /* Now do the handshake */ - ret = gnutls_handshake (s->session); - if (ret < 0) - { - errout (s, "TLS handshake failed: %s\n", gnutls_strerror (ret)); - goto error; - } - - if (socksetnonblock (cryptfd, 1) < 0) - { - errout (s, "Could not turn on non-blocking on crypt FD: %m"); - goto error; - } - - if (socksetnonblock (plainfd, 1) < 0) - { - errout (s, "Could not turn on non-blocking on plain FD: %m"); - goto error; - } - - maxfd = (plainfd > cryptfd) ? plainfd + 1 : cryptfd + 1; - - while ((!plainEOF || !cryptEOF) && !quit (s)) - { - struct timeval timeout; - int result; - int selecterrno; - int wait = TRUE; - - FD_ZERO (&readfds); - FD_ZERO (&writefds); - - size_t buffered = gnutls_record_check_pending (s->session); - if (buffered) - wait = FALSE; /* do not wait for select to return if we have buffered data */ - - if (plainEOF) - { - /* plain text end has closed, but me may still have - * data yet to write to the crypt end */ - if (bufIsEmpty (plainToCrypt) && !tls_wr_interrupted) - { - cryptEOF = TRUE; - break; - } - } - else - { - if (!bufIsEmpty (cryptToPlain)) - FD_SET (plainfd, &writefds); - if (!bufIsOverHWM (plainToCrypt)) - FD_SET (plainfd, &readfds); - } - - if (cryptEOF) - { - /* crypt end has closed, but me way still have data to - * write from the crypt buffer */ - if (bufIsEmpty (cryptToPlain) && !buffered) - { - plainEOF = TRUE; - break; - } - } - else - { - if (!bufIsEmpty (plainToCrypt) || tls_wr_interrupted) - FD_SET (cryptfd, &writefds); - if (!bufIsOverHWM (cryptToPlain)) - FD_SET (cryptfd, &readfds); - } - - /* Repeat select whilst EINTR happens */ - do - { - timeout.tv_sec = wait ? 1 : 0; - timeout.tv_usec = 0; - result = select (maxfd, &readfds, &writefds, NULL, &timeout); - - selecterrno = errno; - } - while ((result == -1) && (selecterrno == EINTR) && !quit (s)); - if (quit (s)) - break; - - if (FD_ISSET (plainfd, &readfds)) - { - /* we can read at least one byte */ - void *addr = NULL; - /* get a span of characters to write to the - * buffer. As the empty portion may wrap the end of the - * circular buffer this might not be all we could read. - */ - ssize_t len = bufGetWriteSpan (plainToCrypt, &addr); - if (len > 0) - { - ssize_t ret; - do - { - ret = read (plainfd, addr, (size_t) len); - } - while ((ret < 0) && (errno == EINTR) && !quit (s)); - if (quit (s)) - break; - if (ret < 0) - { - errout (s, "Error on read from plain socket: %m\n"); - goto error; - } - if (ret == 0) - { - plainEOF = TRUE; - } - else - { - bufDoneWrite (plainToCrypt, ret); /* mark ret bytes as written to the buffer */ - } - } - } - - if (FD_ISSET (plainfd, &writefds)) - { - /* we can write at least one byte */ - void *addr = NULL; - /* get a span of characters to read from the buffer - * as the full portion may wrap the end of the circular buffer - * this might not be all we have to write. - */ - ssize_t len = bufGetReadSpan (cryptToPlain, &addr); - if (len > 0) - { - ssize_t ret; - do - { - ret = write (plainfd, addr, (size_t) len); - } - while ((ret < 0) && (errno == EINTR) && !quit (s)); - if (quit (s)) - break; - if (ret < 0) - { - errout (s, "Error on write to plain socket: %m\n"); - goto error; - } - bufDoneRead (cryptToPlain, ret); /* mark ret bytes as read from the buffer */ - } - } - - if (FD_ISSET (cryptfd, &readfds) || buffered) - { - /* we can read at least one byte */ - void *addr = NULL; - /* get a span of characters to write to the - * buffer. As the empty portion may wrap the end of the - * circular buffer this might not be all we could read. - */ - ssize_t len = bufGetWriteSpan (cryptToPlain, &addr); - if (len > 0) - { - ssize_t ret; - do - { - ret = gnutls_record_recv (s->session, addr, (size_t) len); - } - while (ret == GNUTLS_E_INTERRUPTED && !quit (s)); - /* do not loop on GNUTLS_E_AGAIN - this means we'd block so we'd loop for - * ever - */ - if (quit (s)) - break; - if (ret < 0 && ret != GNUTLS_E_AGAIN) - { - errout (s, "Error on read from crypt socket: %s\n", - gnutls_strerror (ret)); - goto error; - } - if (ret == 0) - { - cryptEOF = TRUE; - } - else - { - bufDoneWrite (cryptToPlain, ret); /* mark ret bytes as written to the buffer */ - } - } - } - - if (FD_ISSET (cryptfd, &writefds)) - { - /* we can write at least one byte */ - void *addr = NULL; - /* get a span of characters to read from the buffer - * as the full portion may wrap the end of the circular buffer - * this might not be all we have to write. - */ - ssize_t len = bufGetReadSpan (plainToCrypt, &addr); - if (len > 0) - { - ssize_t ret; - do - { - if (tls_wr_interrupted) - { - ret = gnutls_record_send (s->session, NULL, 0); - } - else - { - ret = gnutls_record_send (s->session, addr, len); - } - } - while (ret == GNUTLS_E_INTERRUPTED && !quit (s)); - if (quit (s)) - break; - if (ret == GNUTLS_E_AGAIN) - { - /* we need to call this again with NULL parameters - * as it blocked - */ - tls_wr_interrupted = TRUE; - } - else if (ret < 0) - { - errout (s, "Error on write to crypto socket: %s\n", - gnutls_strerror (ret)); - goto error; - } - else - { - bufDoneRead (plainToCrypt, ret); /* mark ret bytes as read from the buffer */ - } - } - } - } - - ret = 0; - goto freereturn; - -error: - ret = -1; - -freereturn: - gnutls_bye (s->session, GNUTLS_SHUT_RDWR); - shutdown (plainfd, SHUT_RDWR); - bufFree (plainToCrypt); - bufFree (cryptToPlain); - return ret; -}