c8-stream-rhel
imports/c8-stream-rhel/libnbd-1.6.0-6.module+el8.10.0+22250+3c790083
parent
0f54f0ea8c
commit
6215c7828d
@ -0,0 +1,94 @@
|
|||||||
|
From cd4f3bed33d5ffdba6846d270c0e11713bc1caf6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Tue, 25 Jun 2024 10:55:54 +0100
|
||||||
|
Subject: [PATCH] build: Move to minimum gnutls >= 3.5.18
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
This version matches current qemu.
|
||||||
|
|
||||||
|
RHEL 7 gnutls is too old (lacks gnutls_session_set_verify_cert), which
|
||||||
|
means TLS will be disabled on this platform. RHEL 8 has gnutls 3.6.14.
|
||||||
|
|
||||||
|
I also unconditionally enabled the gnutls/socket.h header. This
|
||||||
|
header was added in 2016 (gnutls 3.5.3), so it's not present in RHEL 7.
|
||||||
|
|
||||||
|
On RHEL 7 the configure-time test now prints:
|
||||||
|
|
||||||
|
checking for GNUTLS... no
|
||||||
|
configure: WARNING: gnutls not found or < 3.5.18, TLS support will be disabled.
|
||||||
|
...
|
||||||
|
Optional library features:
|
||||||
|
TLS support ............................ no
|
||||||
|
|
||||||
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
(cherry picked from commit 5ff09cdbbd19226dd2d5015d76134f88dee9321e)
|
||||||
|
(cherry picked from commit cb6df4f81a97d5d58385d89b0135039f1eddee15)
|
||||||
|
---
|
||||||
|
configure.ac | 12 +++---------
|
||||||
|
lib/crypto.c | 5 +----
|
||||||
|
2 files changed, 4 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index da3dc38a..29e3b47a 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -94,12 +94,13 @@ AC_ARG_WITH([gnutls],
|
||||||
|
[],
|
||||||
|
[with_gnutls=check])
|
||||||
|
AS_IF([test "$with_gnutls" != "no"],[
|
||||||
|
- PKG_CHECK_MODULES([GNUTLS], [gnutls >= 3.3.0], [
|
||||||
|
+ PKG_CHECK_MODULES([GNUTLS], [gnutls >= 3.5.18], [
|
||||||
|
+ printf "gnutls version is "; $PKG_CONFIG --modversion gnutls
|
||||||
|
AC_SUBST([GNUTLS_CFLAGS])
|
||||||
|
AC_SUBST([GNUTLS_LIBS])
|
||||||
|
AC_DEFINE([HAVE_GNUTLS],[1],[gnutls found at compile time.])
|
||||||
|
], [
|
||||||
|
- AC_MSG_WARN([gnutls not found or < 3.3.0, TLS support will be disabled.])
|
||||||
|
+ AC_MSG_WARN([gnutls not found or < 3.5.18, TLS support will be disabled.])
|
||||||
|
])
|
||||||
|
])
|
||||||
|
AM_CONDITIONAL([HAVE_GNUTLS], [test "x$GNUTLS_LIBS" != "x"])
|
||||||
|
@@ -114,13 +115,6 @@ AS_IF([test "$GNUTLS_LIBS" != ""],[
|
||||||
|
AC_MSG_RESULT([$tls_priority])
|
||||||
|
AC_DEFINE_UNQUOTED([TLS_PRIORITY],["$tls_priority"],
|
||||||
|
[Default TLS session priority string])
|
||||||
|
-
|
||||||
|
- # Check for APIs which may not be present.
|
||||||
|
- old_LIBS="$LIBS"
|
||||||
|
- LIBS="$GNUTLS_LIBS $LIBS"
|
||||||
|
- AC_CHECK_FUNCS([\
|
||||||
|
- gnutls_session_set_verify_cert])
|
||||||
|
- LIBS="$old_LIBS"
|
||||||
|
])
|
||||||
|
|
||||||
|
dnl certtool (part of GnuTLS) for testing TLS with certificates.
|
||||||
|
diff --git a/lib/crypto.c b/lib/crypto.c
|
||||||
|
index a9b3789c..705e114a 100644
|
||||||
|
--- a/lib/crypto.c
|
||||||
|
+++ b/lib/crypto.c
|
||||||
|
@@ -28,6 +28,7 @@
|
||||||
|
|
||||||
|
#ifdef HAVE_GNUTLS
|
||||||
|
#include <gnutls/gnutls.h>
|
||||||
|
+#include <gnutls/socket.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include "internal.h"
|
||||||
|
@@ -512,12 +513,8 @@ set_up_certificate_credentials (struct nbd_handle *h,
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
found_certificates:
|
||||||
|
-#ifdef HAVE_GNUTLS_SESSION_SET_VERIFY_CERT
|
||||||
|
if (h->hostname && h->tls_verify_peer)
|
||||||
|
gnutls_session_set_verify_cert (session, h->hostname, 0);
|
||||||
|
-#else
|
||||||
|
- debug (h, "ignoring nbd_set_tls_verify_peer, this requires GnuTLS >= 3.4.6");
|
||||||
|
-#endif
|
||||||
|
|
||||||
|
err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, ret);
|
||||||
|
if (err < 0) {
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,727 @@
|
|||||||
|
From a852cec30a6540b5c1ea2947195454eef6269944 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Fri, 27 Aug 2021 15:12:12 +0100
|
||||||
|
Subject: [PATCH] tests: Factor out some common Makefile flags
|
||||||
|
|
||||||
|
We can use AM_CPPFLAGS, AM_CFLAGS etc to factor out some common flags
|
||||||
|
in the tests. Note the rules here are complicated, see:
|
||||||
|
|
||||||
|
https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
|
||||||
|
|
||||||
|
and for unclear reasons there is no AM_LDADD nor any workaround:
|
||||||
|
|
||||||
|
https://stackoverflow.com/questions/29252969/automake-am-ldadd-workaround
|
||||||
|
|
||||||
|
This commit is mostly pure refactoring but it also tries to make the
|
||||||
|
flags usage more consistent across tests so it may have side-effects
|
||||||
|
like enabling more warnings.
|
||||||
|
|
||||||
|
(cherry picked from commit 5fd648f821e9ab3ee08bf360348d1fb01537a267)
|
||||||
|
(cherry picked from commit 6cb1f74b09beca1ddaef794136f221bfb7bb4faa)
|
||||||
|
---
|
||||||
|
interop/Makefile.am | 57 ++++++-------
|
||||||
|
tests/Makefile.am | 190 ++++++++++++++++++--------------------------
|
||||||
|
2 files changed, 104 insertions(+), 143 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/interop/Makefile.am b/interop/Makefile.am
|
||||||
|
index 9787c26e..9432ad43 100644
|
||||||
|
--- a/interop/Makefile.am
|
||||||
|
+++ b/interop/Makefile.am
|
||||||
|
@@ -28,6 +28,16 @@ LOG_COMPILER = $(top_builddir)/run
|
||||||
|
check_PROGRAMS =
|
||||||
|
TESTS =
|
||||||
|
|
||||||
|
+# Common flags.
|
||||||
|
+# Note there is no such thing as "AM_LDADD".
|
||||||
|
+AM_CPPFLAGS = \
|
||||||
|
+ -I$(top_srcdir)/include \
|
||||||
|
+ -I$(top_srcdir)/tests \
|
||||||
|
+ $(NULL)
|
||||||
|
+AM_CFLAGS = \
|
||||||
|
+ $(WARNINGS_CFLAGS) \
|
||||||
|
+ $(NULL)
|
||||||
|
+
|
||||||
|
if HAVE_NBD_SERVER
|
||||||
|
|
||||||
|
check_PROGRAMS += \
|
||||||
|
@@ -41,22 +51,20 @@ TESTS += \
|
||||||
|
|
||||||
|
interop_nbd_server_SOURCES = interop.c
|
||||||
|
interop_nbd_server_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER=\"$(NBD_SERVER)\" \
|
||||||
|
-DSERVER_PARAMS='"-d", "-C", "/dev/null", "0", tmpfile' \
|
||||||
|
-DEXPORT_NAME='""'
|
||||||
|
-interop_nbd_server_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
interop_nbd_server_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
list_exports_nbd_server_SOURCES = list-exports.c
|
||||||
|
list_exports_nbd_server_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER=\"$(NBD_SERVER)\" \
|
||||||
|
-DSERVER_PARAMS='"-C", "$(srcdir)/list-exports-nbd-config", "-d", "0"' \
|
||||||
|
-DEXPORTS='"disk1", "disk2"' \
|
||||||
|
-DDESCRIPTIONS='"", ""' \
|
||||||
|
$(NULL)
|
||||||
|
-list_exports_nbd_server_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
list_exports_nbd_server_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
endif HAVE_NBD_SERVER
|
||||||
|
@@ -104,19 +112,18 @@ endif
|
||||||
|
|
||||||
|
interop_qemu_nbd_SOURCES = interop.c
|
||||||
|
interop_qemu_nbd_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSOCKET_ACTIVATION=1 \
|
||||||
|
-DSERVER=\"$(QEMU_NBD)\" \
|
||||||
|
-DSERVER_PARAMS='"-f", "raw", "-x", "/", tmpfile' \
|
||||||
|
-DEXPORT_NAME='"/"' \
|
||||||
|
$(NULL)
|
||||||
|
-interop_qemu_nbd_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
interop_qemu_nbd_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
# qemu-nbd requires absolute path to dir
|
||||||
|
interop_qemu_nbd_tls_certs_SOURCES = interop.c
|
||||||
|
interop_qemu_nbd_tls_certs_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSOCKET_ACTIVATION=1 \
|
||||||
|
-DSERVER=\"$(QEMU_NBD)\" \
|
||||||
|
-DSERVER_PARAMS='"--object", "tls-creds-x509,id=tls0,endpoint=server,dir=$(abs_top_builddir)/tests/pki", "--tls-creds", "tls0", "-f", "raw", "-x", "/", tmpfile' \
|
||||||
|
@@ -124,13 +131,12 @@ interop_qemu_nbd_tls_certs_CPPFLAGS = \
|
||||||
|
-DCERTS=1 \
|
||||||
|
-DTLS_MODE=LIBNBD_TLS_REQUIRE \
|
||||||
|
$(NULL)
|
||||||
|
-interop_qemu_nbd_tls_certs_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
interop_qemu_nbd_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
# qemu-nbd requires absolute path to dir
|
||||||
|
interop_qemu_nbd_tls_psk_SOURCES = interop.c
|
||||||
|
interop_qemu_nbd_tls_psk_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSOCKET_ACTIVATION=1 \
|
||||||
|
-DSERVER=\"$(QEMU_NBD)\" \
|
||||||
|
-DSERVER_PARAMS='"--object", "tls-creds-psk,id=tls0,endpoint=server,dir=$(abs_top_builddir)/tests", "--tls-creds", "tls0", "-f", "raw", "-x", "/", tmpfile' \
|
||||||
|
@@ -138,7 +144,6 @@ interop_qemu_nbd_tls_psk_CPPFLAGS = \
|
||||||
|
-DPSK=1 \
|
||||||
|
-DTLS_MODE=LIBNBD_TLS_REQUIRE \
|
||||||
|
$(NULL)
|
||||||
|
-interop_qemu_nbd_tls_psk_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
interop_qemu_nbd_tls_psk_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
dirty_bitmap_SOURCES = dirty-bitmap.c
|
||||||
|
@@ -148,28 +153,24 @@ dirty_bitmap_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
list_exports_qemu_nbd_SOURCES = list-exports.c
|
||||||
|
list_exports_qemu_nbd_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSOCKET_ACTIVATION=1 \
|
||||||
|
-DSERVER=\"$(QEMU_NBD)\" \
|
||||||
|
-DSERVER_PARAMS='"-f", "raw", "-x", "testing", "-D", "data", tmpfile' \
|
||||||
|
-DEXPORTS='"testing"' \
|
||||||
|
-DDESCRIPTIONS='"data"' \
|
||||||
|
$(NULL)
|
||||||
|
-list_exports_qemu_nbd_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
list_exports_qemu_nbd_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
socket_activation_qemu_nbd_SOURCES = socket-activation.c
|
||||||
|
socket_activation_qemu_nbd_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER=\"$(QEMU_NBD)\" \
|
||||||
|
-DSERVER_PARAMS='"-f", "raw", "-x", "", tmpfile' \
|
||||||
|
$(NULL)
|
||||||
|
-socket_activation_qemu_nbd_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
socket_activation_qemu_nbd_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
structured_read_SOURCES = structured-read.c
|
||||||
|
-structured_read_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-structured_read_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
structured_read_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
endif HAVE_QEMU_NBD
|
||||||
|
@@ -215,88 +216,80 @@ endif
|
||||||
|
|
||||||
|
interop_nbdkit_SOURCES = interop.c
|
||||||
|
interop_nbdkit_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER=\"$(NBDKIT)\" \
|
||||||
|
-DSERVER_PARAMS='"-s", "--exit-with-parent", "file", tmpfile' \
|
||||||
|
$(NULL)
|
||||||
|
-interop_nbdkit_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
interop_nbdkit_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
interop_nbdkit_tls_certs_SOURCES = interop.c
|
||||||
|
interop_nbdkit_tls_certs_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER=\"$(NBDKIT)\" \
|
||||||
|
-DSERVER_PARAMS='"--tls=require", "--tls-certificates=../tests/pki", "-s", "--exit-with-parent", "file", tmpfile' \
|
||||||
|
-DCERTS=1 \
|
||||||
|
-DTLS_MODE=LIBNBD_TLS_REQUIRE \
|
||||||
|
$(NULL)
|
||||||
|
-interop_nbdkit_tls_certs_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
interop_nbdkit_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
interop_nbdkit_tls_certs_allow_enabled_SOURCES = interop.c
|
||||||
|
interop_nbdkit_tls_certs_allow_enabled_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER=\"$(NBDKIT)\" \
|
||||||
|
-DSERVER_PARAMS='"--tls=require", "--tls-certificates=../tests/pki", "-s", "--exit-with-parent", "file", tmpfile' \
|
||||||
|
-DCERTS=1 \
|
||||||
|
-DTLS_MODE=LIBNBD_TLS_ALLOW \
|
||||||
|
$(NULL)
|
||||||
|
-interop_nbdkit_tls_certs_allow_enabled_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
interop_nbdkit_tls_certs_allow_enabled_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
interop_nbdkit_tls_certs_allow_fallback_SOURCES = interop.c
|
||||||
|
interop_nbdkit_tls_certs_allow_fallback_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER=\"$(NBDKIT)\" \
|
||||||
|
-DSERVER_PARAMS='"--tls=off", "-s", "--exit-with-parent", "file", tmpfile' \
|
||||||
|
-DCERTS=1 \
|
||||||
|
-DTLS_MODE=LIBNBD_TLS_ALLOW \
|
||||||
|
-DTLS_FALLBACK=1 \
|
||||||
|
$(NULL)
|
||||||
|
-interop_nbdkit_tls_certs_allow_fallback_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
interop_nbdkit_tls_certs_allow_fallback_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
interop_nbdkit_tls_psk_SOURCES = interop.c
|
||||||
|
interop_nbdkit_tls_psk_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER=\"$(NBDKIT)\" \
|
||||||
|
-DSERVER_PARAMS='"--tls=require", "--tls-psk=../tests/keys.psk", "-s", "--exit-with-parent", "file", tmpfile' \
|
||||||
|
-DPSK=1 \
|
||||||
|
-DTLS_MODE=LIBNBD_TLS_REQUIRE \
|
||||||
|
$(NULL)
|
||||||
|
-interop_nbdkit_tls_psk_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
interop_nbdkit_tls_psk_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
interop_nbdkit_tls_psk_allow_enabled_SOURCES = interop.c
|
||||||
|
interop_nbdkit_tls_psk_allow_enabled_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER=\"$(NBDKIT)\" \
|
||||||
|
-DSERVER_PARAMS='"--tls=require", "--tls-psk=../tests/keys.psk", "-s", "--exit-with-parent", "file", tmpfile' \
|
||||||
|
-DPSK=1 \
|
||||||
|
-DTLS_MODE=LIBNBD_TLS_ALLOW \
|
||||||
|
$(NULL)
|
||||||
|
-interop_nbdkit_tls_psk_allow_enabled_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
interop_nbdkit_tls_psk_allow_enabled_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
interop_nbdkit_tls_psk_allow_fallback_SOURCES = interop.c
|
||||||
|
interop_nbdkit_tls_psk_allow_fallback_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER=\"$(NBDKIT)\" \
|
||||||
|
-DSERVER_PARAMS='"--tls=off", "-s", "--exit-with-parent", "file", tmpfile' \
|
||||||
|
-DPSK=1 \
|
||||||
|
-DTLS_MODE=LIBNBD_TLS_ALLOW \
|
||||||
|
-DTLS_FALLBACK=1 \
|
||||||
|
$(NULL)
|
||||||
|
-interop_nbdkit_tls_psk_allow_fallback_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
interop_nbdkit_tls_psk_allow_fallback_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
socket_activation_nbdkit_SOURCES = socket-activation.c
|
||||||
|
socket_activation_nbdkit_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER=\"$(NBDKIT)\" \
|
||||||
|
-DSERVER_PARAMS='"file", tmpfile' \
|
||||||
|
$(NULL)
|
||||||
|
-socket_activation_nbdkit_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
socket_activation_nbdkit_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
endif HAVE_NBDKIT
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index 64320cad..436e1c10 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -52,6 +52,18 @@ TESTS_ENVIRONMENT = srcdir=$(srcdir) LIBNBD_DEBUG=1
|
||||||
|
# Use the ./run script so we're always using the local library and tools.
|
||||||
|
LOG_COMPILER = $(top_builddir)/run
|
||||||
|
|
||||||
|
+# Common flags.
|
||||||
|
+# Note there is no such thing as "AM_LDADD".
|
||||||
|
+AM_CPPFLAGS = \
|
||||||
|
+ -I$(top_srcdir)/include \
|
||||||
|
+ $(NULL)
|
||||||
|
+AM_CFLAGS = \
|
||||||
|
+ $(WARNINGS_CFLAGS) \
|
||||||
|
+ $(NULL)
|
||||||
|
+AM_CXXFLAGS = \
|
||||||
|
+ $(WARNINGS_CFLAGS) \
|
||||||
|
+ $(NULL)
|
||||||
|
+
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
# The following tests do not need an NBD server.
|
||||||
|
|
||||||
|
@@ -81,45 +93,30 @@ TESTS += \
|
||||||
|
.PHONY: compile
|
||||||
|
|
||||||
|
compile_header_only_SOURCES = compile-header-only.c
|
||||||
|
-compile_header_only_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-compile_header_only_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
compile_header_only_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
compile_c_SOURCES = compile.c
|
||||||
|
-compile_c_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-compile_c_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
compile_c_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
compile_ansi_c_SOURCES = compile-ansi-c.c
|
||||||
|
compile_ansi_c_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-std=c90 -pedantic
|
||||||
|
-compile_ansi_c_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
compile_ansi_c_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
close_null_SOURCES = close-null.c
|
||||||
|
-close_null_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-close_null_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
close_null_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
debug_SOURCES = debug.c
|
||||||
|
-debug_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-debug_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
debug_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
debug_environment_SOURCES = debug-environment.c
|
||||||
|
-debug_environment_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-debug_environment_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
debug_environment_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
version_SOURCES = version.c
|
||||||
|
-version_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-version_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
version_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
export_name_SOURCES = export-name.c
|
||||||
|
-export_name_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-export_name_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
export_name_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
if HAVE_CXX
|
||||||
|
@@ -128,8 +125,6 @@ check_PROGRAMS += compile-cxx
|
||||||
|
TESTS += compile-cxx
|
||||||
|
|
||||||
|
compile_cxx_SOURCES = compile-cxx.cpp
|
||||||
|
-compile_cxx_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-compile_cxx_CXXFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
compile_cxx_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
endif HAVE_CXX
|
||||||
|
@@ -220,243 +215,208 @@ TESTS += \
|
||||||
|
$(NULL)
|
||||||
|
|
||||||
|
errors_SOURCES = errors.c
|
||||||
|
-errors_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-errors_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
errors_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
server_death_SOURCES = server-death.c
|
||||||
|
-server_death_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-server_death_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
server_death_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
shutdown_flags_SOURCES = shutdown-flags.c
|
||||||
|
-shutdown_flags_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-shutdown_flags_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
shutdown_flags_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
get_size_SOURCES = get-size.c
|
||||||
|
-get_size_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-get_size_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
get_size_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
read_only_flag_SOURCES = read-only-flag.c
|
||||||
|
-read_only_flag_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-read_only_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
read_only_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
read_write_flag_SOURCES = read-write-flag.c
|
||||||
|
-read_write_flag_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-read_write_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
read_write_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_flush_flag_SOURCES = eflags.c
|
||||||
|
can_flush_flag_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include -Dflag=can_flush \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -Dflag=can_flush \
|
||||||
|
$(NULL)
|
||||||
|
-can_flush_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_flush_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_not_flush_flag_SOURCES = eflags.c
|
||||||
|
can_not_flush_flag_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include -Dflag=can_flush -Dvalue=false \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -Dflag=can_flush -Dvalue=false \
|
||||||
|
$(NULL)
|
||||||
|
-can_not_flush_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_not_flush_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_fua_flag_SOURCES = eflags.c
|
||||||
|
can_fua_flag_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include -Dflag=can_fua -Dvalue=native \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -Dflag=can_fua -Dvalue=native \
|
||||||
|
$(NULL)
|
||||||
|
-can_fua_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_fua_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_not_fua_flag_SOURCES = eflags.c
|
||||||
|
can_not_fua_flag_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include -Dflag=can_fua -Dvalue=none \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -Dflag=can_fua -Dvalue=none \
|
||||||
|
$(NULL)
|
||||||
|
-can_not_fua_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_not_fua_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
is_rotational_flag_SOURCES = eflags.c
|
||||||
|
is_rotational_flag_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include -Dflag=is_rotational \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -Dflag=is_rotational \
|
||||||
|
$(NULL)
|
||||||
|
-is_rotational_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
is_rotational_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
is_not_rotational_flag_SOURCES = eflags.c
|
||||||
|
is_not_rotational_flag_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include -Dflag=is_rotational -Dvalue=false \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -Dflag=is_rotational -Dvalue=false \
|
||||||
|
$(NULL)
|
||||||
|
-is_not_rotational_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
is_not_rotational_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_trim_flag_SOURCES = eflags.c
|
||||||
|
can_trim_flag_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include -Dflag=can_trim \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -Dflag=can_trim \
|
||||||
|
$(NULL)
|
||||||
|
-can_trim_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_trim_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_not_trim_flag_SOURCES = eflags.c
|
||||||
|
can_not_trim_flag_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include -Dflag=can_trim -Dvalue=false \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -Dflag=can_trim -Dvalue=false \
|
||||||
|
$(NULL)
|
||||||
|
-can_not_trim_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_not_trim_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_zero_flag_SOURCES = eflags.c
|
||||||
|
can_zero_flag_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include -Dflag=can_zero \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -Dflag=can_zero \
|
||||||
|
$(NULL)
|
||||||
|
-can_zero_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_not_zero_flag_SOURCES = eflags.c
|
||||||
|
can_not_zero_flag_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include -Dflag=can_zero -Dvalue=false \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -Dflag=can_zero -Dvalue=false \
|
||||||
|
-Dfilter='"--filter=nozero"' \
|
||||||
|
$(NULL)
|
||||||
|
-can_not_zero_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_not_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_fast_zero_flag_SOURCES = eflags.c
|
||||||
|
can_fast_zero_flag_CPPFLAGS = \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-I$(top_srcdir)/include -Dflag=can_fast_zero \
|
||||||
|
-Drequire='"has_can_fast_zero=1"' \
|
||||||
|
$(NULL)
|
||||||
|
-can_fast_zero_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_fast_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_not_fast_zero_flag_SOURCES = eflags.c
|
||||||
|
can_not_fast_zero_flag_CPPFLAGS = \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-I$(top_srcdir)/include -Dflag=can_fast_zero -Dvalue=false \
|
||||||
|
-Drequire='"has_can_fast_zero=1"' \
|
||||||
|
$(NULL)
|
||||||
|
-can_not_fast_zero_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_not_fast_zero_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_df_flag_SOURCES = eflags.c
|
||||||
|
can_df_flag_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include -Dflag=can_df \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -Dflag=can_df \
|
||||||
|
$(NULL)
|
||||||
|
-can_df_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_df_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_not_df_flag_SOURCES = eflags.c
|
||||||
|
can_not_df_flag_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include -Dflag=can_df -Dvalue=false -Dno_sr \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -Dflag=can_df -Dvalue=false -Dno_sr \
|
||||||
|
$(NULL)
|
||||||
|
-can_not_df_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_not_df_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_multi_conn_flag_SOURCES = eflags.c
|
||||||
|
can_multi_conn_flag_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include -Dflag=can_multi_conn \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -Dflag=can_multi_conn \
|
||||||
|
$(NULL)
|
||||||
|
-can_multi_conn_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_multi_conn_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_not_multi_conn_flag_SOURCES = eflags.c
|
||||||
|
can_not_multi_conn_flag_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include -Dflag=can_multi_conn -Dvalue=false \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -Dflag=can_multi_conn -Dvalue=false \
|
||||||
|
$(NULL)
|
||||||
|
-can_not_multi_conn_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_not_multi_conn_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_cache_flag_SOURCES = eflags.c
|
||||||
|
can_cache_flag_CPPFLAGS = \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-I$(top_srcdir)/include -Dflag=can_cache -Dvalue=native \
|
||||||
|
-Drequire='"has_can_cache=1"' \
|
||||||
|
$(NULL)
|
||||||
|
-can_cache_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_cache_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
can_not_cache_flag_SOURCES = eflags.c
|
||||||
|
can_not_cache_flag_CPPFLAGS = \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-I$(top_srcdir)/include -Dflag=can_cache -Dvalue=none \
|
||||||
|
-Drequire='"has_can_cache=1"' \
|
||||||
|
$(NULL)
|
||||||
|
-can_not_cache_flag_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
can_not_cache_flag_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
oldstyle_SOURCES = oldstyle.c
|
||||||
|
-oldstyle_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-oldstyle_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
oldstyle_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
newstyle_limited_SOURCES = newstyle-limited.c
|
||||||
|
-newstyle_limited_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-newstyle_limited_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
newstyle_limited_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
opt_abort_SOURCES = opt-abort.c
|
||||||
|
-opt_abort_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-opt_abort_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
opt_abort_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
opt_list_SOURCES = opt-list.c
|
||||||
|
opt_list_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSCRIPT='"$(abs_srcdir)/opt-list.sh"' \
|
||||||
|
$(NULL)
|
||||||
|
-opt_list_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
opt_list_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
opt_info_SOURCES = opt-info.c
|
||||||
|
opt_info_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSCRIPT='"$(abs_srcdir)/opt-info.sh"' \
|
||||||
|
$(NULL)
|
||||||
|
-opt_info_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
opt_info_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
opt_list_meta_SOURCES = opt-list-meta.c
|
||||||
|
-opt_list_meta_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
- $(NULL)
|
||||||
|
-opt_list_meta_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
opt_list_meta_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
connect_unix_SOURCES = connect-unix.c
|
||||||
|
-connect_unix_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-connect_unix_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
connect_unix_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
connect_tcp_SOURCES = connect-tcp.c
|
||||||
|
-connect_tcp_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-connect_tcp_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
connect_tcp_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
aio_parallel_SOURCES = aio-parallel.c
|
||||||
|
aio_parallel_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-I$(top_srcdir)/common/include \
|
||||||
|
$(NULL)
|
||||||
|
-aio_parallel_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS)
|
||||||
|
aio_parallel_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS)
|
||||||
|
|
||||||
|
aio_parallel_load_SOURCES = aio-parallel-load.c
|
||||||
|
-aio_parallel_load_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-aio_parallel_load_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS)
|
||||||
|
aio_parallel_load_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS)
|
||||||
|
|
||||||
|
synch_parallel_SOURCES = synch-parallel.c
|
||||||
|
synch_parallel_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-I$(top_srcdir)/common/include \
|
||||||
|
$(NULL)
|
||||||
|
-synch_parallel_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS)
|
||||||
|
+synch_parallel_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS)
|
||||||
|
synch_parallel_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS)
|
||||||
|
|
||||||
|
meta_base_allocation_SOURCES = meta-base-allocation.c
|
||||||
|
-meta_base_allocation_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-meta_base_allocation_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
meta_base_allocation_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
closure_lifetimes_SOURCES = closure-lifetimes.c
|
||||||
|
-closure_lifetimes_CPPFLAGS = -I$(top_srcdir)/include
|
||||||
|
-closure_lifetimes_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
closure_lifetimes_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
@@ -470,8 +430,10 @@ check_DATA += pki/stamp-pki
|
||||||
|
TESTS += connect-tls-certs
|
||||||
|
|
||||||
|
connect_tls_certs_SOURCES = connect-tls.c
|
||||||
|
-connect_tls_certs_CPPFLAGS = -I$(top_srcdir)/include -DCERTS=1
|
||||||
|
-connect_tls_certs_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
+connect_tls_certs_CPPFLAGS = \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -DCERTS=1 \
|
||||||
|
+ $(NULL)
|
||||||
|
connect_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
pki/stamp-pki: $(srcdir)/make-pki.sh
|
||||||
|
@@ -499,31 +461,36 @@ TESTS += \
|
||||||
|
check_DATA += keys.psk
|
||||||
|
|
||||||
|
connect_tls_psk_SOURCES = connect-tls.c
|
||||||
|
-connect_tls_psk_CPPFLAGS = -I$(top_srcdir)/include -DPSK=1
|
||||||
|
-connect_tls_psk_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
+connect_tls_psk_CPPFLAGS = \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -DPSK=1 \
|
||||||
|
+ $(NULL)
|
||||||
|
connect_tls_psk_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
aio_parallel_tls_SOURCES = aio-parallel.c
|
||||||
|
aio_parallel_tls_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-I$(top_srcdir)/common/include \
|
||||||
|
-DTLS=1 \
|
||||||
|
$(NULL)
|
||||||
|
-aio_parallel_tls_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS)
|
||||||
|
+aio_parallel_tls_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS)
|
||||||
|
aio_parallel_tls_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS)
|
||||||
|
|
||||||
|
aio_parallel_load_tls_SOURCES = aio-parallel-load.c
|
||||||
|
-aio_parallel_load_tls_CPPFLAGS = -I$(top_srcdir)/include -DTLS=1
|
||||||
|
-aio_parallel_load_tls_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS)
|
||||||
|
+aio_parallel_load_tls_CPPFLAGS = \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -DTLS=1 \
|
||||||
|
+ $(NULL)
|
||||||
|
+aio_parallel_load_tls_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS)
|
||||||
|
aio_parallel_load_tls_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS)
|
||||||
|
|
||||||
|
synch_parallel_tls_SOURCES = synch-parallel.c
|
||||||
|
synch_parallel_tls_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-I$(top_srcdir)/common/include \
|
||||||
|
-DTLS=1 \
|
||||||
|
$(NULL)
|
||||||
|
-synch_parallel_tls_CFLAGS = $(WARNINGS_CFLAGS) $(PTHREAD_CFLAGS)
|
||||||
|
+synch_parallel_tls_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS)
|
||||||
|
synch_parallel_tls_LDADD = $(top_builddir)/lib/libnbd.la $(PTHREAD_LIBS)
|
||||||
|
|
||||||
|
keys.psk:
|
||||||
|
@@ -550,18 +517,19 @@ TESTS += \
|
||||||
|
RANDOM1 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))")
|
||||||
|
connect_uri_nbd_SOURCES = connect-uri.c
|
||||||
|
connect_uri_nbd_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER_PARAMS='"-p", "$(RANDOM1)"' \
|
||||||
|
-DPIDFILE='"connect-uri-nbd.pid"' \
|
||||||
|
- -DURI='"nbd://localhost:$(RANDOM1)/"'
|
||||||
|
-connect_uri_nbd_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
+ -DURI='"nbd://localhost:$(RANDOM1)/"' \
|
||||||
|
+ $(NULL)
|
||||||
|
+connect_uri_nbd_CFLAGS = $(AM_CFLAGS)
|
||||||
|
connect_uri_nbd_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
CONNECT_URI_NBD_UNIX_SOCKET := \
|
||||||
|
$(shell mktemp /tmp/connect-uri-nbd-unix-socket-XXXXXX)
|
||||||
|
connect_uri_nbd_unix_SOURCES = connect-uri.c
|
||||||
|
connect_uri_nbd_unix_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER_PARAMS='"-U", SOCKET' \
|
||||||
|
-DSOCKET='"$(CONNECT_URI_NBD_UNIX_SOCKET)"' \
|
||||||
|
-DPIDFILE='"connect-uri-nbd-unix.pid"' \
|
||||||
|
@@ -584,18 +552,18 @@ TESTS += \
|
||||||
|
RANDOM2 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))")
|
||||||
|
connect_uri_nbds_SOURCES = connect-uri.c
|
||||||
|
connect_uri_nbds_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER_PARAMS='"-p", "$(RANDOM2)", "--tls=require", "--tls-certificates=pki"' \
|
||||||
|
-DPIDFILE='"connect-uri-nbds.pid"' \
|
||||||
|
- -DURI='"nbds://localhost:$(RANDOM2)/"'
|
||||||
|
-connect_uri_nbds_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
+ -DURI='"nbds://localhost:$(RANDOM2)/"' \
|
||||||
|
+ $(NULL)
|
||||||
|
connect_uri_nbds_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
CONNECT_URI_NBDS_UNIX_SOCKET := \
|
||||||
|
$(shell mktemp /tmp/connect-uri-nbds-unix-socket-XXXXXX)
|
||||||
|
connect_uri_nbds_unix_SOURCES = connect-uri.c
|
||||||
|
connect_uri_nbds_unix_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER_PARAMS='"-U", SOCKET, "--tls=require", "--tls-certificates=pki"' \
|
||||||
|
-DSOCKET='"$(CONNECT_URI_NBDS_UNIX_SOCKET)"' \
|
||||||
|
-DPIDFILE='"connect-uri-nbds-unix.pid"' \
|
||||||
|
@@ -617,11 +585,11 @@ TESTS += \
|
||||||
|
RANDOM3 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))")
|
||||||
|
connect_uri_nbds_psk_SOURCES = connect-uri.c
|
||||||
|
connect_uri_nbds_psk_CPPFLAGS = \
|
||||||
|
- -I$(top_srcdir)/include \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
-DSERVER_PARAMS='"-p", "$(RANDOM3)", "--tls=require", "--tls-psk=keys.psk"' \
|
||||||
|
-DPIDFILE='"connect-uri-nbds-psk.pid"' \
|
||||||
|
- -DURI='"nbds://alice@localhost:$(RANDOM3)/?tls-psk-file=keys.psk"'
|
||||||
|
-connect_uri_nbds_psk_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
+ -DURI='"nbds://alice@localhost:$(RANDOM3)/?tls-psk-file=keys.psk"' \
|
||||||
|
+ $(NULL)
|
||||||
|
connect_uri_nbds_psk_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
endif HAVE_PSKTOOL
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,149 @@
|
|||||||
|
From da628792ddf7a3d3cb8f8b770c7dbb9b9d67444b Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Sat, 24 Apr 2021 21:40:58 +0100
|
||||||
|
Subject: [PATCH] tests/connect-uri.c: Ensure Unix domain socket is cleaned up
|
||||||
|
on exit
|
||||||
|
|
||||||
|
Commit 70f83fed13 ("tests: Create test sockets in /tmp instead of
|
||||||
|
local directory.") aimed to create sockets with short path names in
|
||||||
|
/tmp. However it never cleaned them up. Worse still, every time the
|
||||||
|
Makefile was evaluated at all a temporary file was created.
|
||||||
|
|
||||||
|
Fix this properly in the C file.
|
||||||
|
|
||||||
|
Fixes: commit 70f83fed131c7e52b1a31a28d9acaf19f6c11d57
|
||||||
|
(cherry picked from commit f5955c4c5bb0269e192b906a3ef98601aa63ad59)
|
||||||
|
(cherry picked from commit 502f0b59ec1dbd64c6c64279316e03540258a54c)
|
||||||
|
---
|
||||||
|
tests/Makefile.am | 16 ++++++----------
|
||||||
|
tests/connect-uri.c | 45 +++++++++++++++++++++++++++++++++++++++------
|
||||||
|
2 files changed, 45 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index 436e1c10..ed5585a5 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -525,15 +525,13 @@ connect_uri_nbd_CPPFLAGS = \
|
||||||
|
connect_uri_nbd_CFLAGS = $(AM_CFLAGS)
|
||||||
|
connect_uri_nbd_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
-CONNECT_URI_NBD_UNIX_SOCKET := \
|
||||||
|
- $(shell mktemp /tmp/connect-uri-nbd-unix-socket-XXXXXX)
|
||||||
|
connect_uri_nbd_unix_SOURCES = connect-uri.c
|
||||||
|
connect_uri_nbd_unix_CPPFLAGS = \
|
||||||
|
$(AM_CPPFLAGS) \
|
||||||
|
- -DSERVER_PARAMS='"-U", SOCKET' \
|
||||||
|
- -DSOCKET='"$(CONNECT_URI_NBD_UNIX_SOCKET)"' \
|
||||||
|
+ -DNEEDS_UNIX_SOCKET=1 \
|
||||||
|
+ -DSERVER_PARAMS='"-U", UNIX_SOCKET' \
|
||||||
|
-DPIDFILE='"connect-uri-nbd-unix.pid"' \
|
||||||
|
- -DURI='"nbd+unix:///?socket=" SOCKET'
|
||||||
|
+ -DURI='"nbd+unix:///?socket="' # UNIX_SOCKET appended
|
||||||
|
connect_uri_nbd_unix_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
connect_uri_nbd_unix_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
@@ -559,15 +557,13 @@ connect_uri_nbds_CPPFLAGS = \
|
||||||
|
$(NULL)
|
||||||
|
connect_uri_nbds_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
-CONNECT_URI_NBDS_UNIX_SOCKET := \
|
||||||
|
- $(shell mktemp /tmp/connect-uri-nbds-unix-socket-XXXXXX)
|
||||||
|
connect_uri_nbds_unix_SOURCES = connect-uri.c
|
||||||
|
connect_uri_nbds_unix_CPPFLAGS = \
|
||||||
|
$(AM_CPPFLAGS) \
|
||||||
|
- -DSERVER_PARAMS='"-U", SOCKET, "--tls=require", "--tls-certificates=pki"' \
|
||||||
|
- -DSOCKET='"$(CONNECT_URI_NBDS_UNIX_SOCKET)"' \
|
||||||
|
+ -DNEEDS_UNIX_SOCKET=1 \
|
||||||
|
+ -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-certificates=pki"' \
|
||||||
|
-DPIDFILE='"connect-uri-nbds-unix.pid"' \
|
||||||
|
- -DURI='"nbds+unix:///?socket=" SOCKET'
|
||||||
|
+ -DURI='"nbds+unix:///?socket="' # UNIX_SOCKET appended
|
||||||
|
connect_uri_nbds_unix_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
connect_uri_nbds_unix_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
diff --git a/tests/connect-uri.c b/tests/connect-uri.c
|
||||||
|
index 6e7d1685..ce9e4d9b 100644
|
||||||
|
--- a/tests/connect-uri.c
|
||||||
|
+++ b/tests/connect-uri.c
|
||||||
|
@@ -29,16 +29,49 @@
|
||||||
|
|
||||||
|
#include <libnbd.h>
|
||||||
|
|
||||||
|
+#ifdef NEEDS_UNIX_SOCKET
|
||||||
|
+#define UNIX_SOCKET tmp
|
||||||
|
+static char tmp[] = "/tmp/nbdXXXXXX";
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+unlink_unix_socket (void)
|
||||||
|
+{
|
||||||
|
+ unlink (UNIX_SOCKET);
|
||||||
|
+}
|
||||||
|
+#endif /* NEEDS_UNIX_SOCKET */
|
||||||
|
+
|
||||||
|
int
|
||||||
|
main (int argc, char *argv[])
|
||||||
|
{
|
||||||
|
struct nbd_handle *nbd;
|
||||||
|
pid_t pid;
|
||||||
|
size_t i;
|
||||||
|
+#ifdef NEEDS_UNIX_SOCKET
|
||||||
|
+ char *uri;
|
||||||
|
+#else
|
||||||
|
+ const char *uri = URI;
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#ifdef NEEDS_UNIX_SOCKET
|
||||||
|
+ int fd = mkstemp (UNIX_SOCKET);
|
||||||
|
+ if (fd == -1 ||
|
||||||
|
+ close (fd) == -1) {
|
||||||
|
+ perror (UNIX_SOCKET);
|
||||||
|
+ exit (EXIT_FAILURE);
|
||||||
|
+ }
|
||||||
|
+ /* We have to remove the temporary file first, since we will create
|
||||||
|
+ * a socket in its place, and ensure the socket is removed on exit.
|
||||||
|
+ */
|
||||||
|
+ unlink_unix_socket ();
|
||||||
|
+ atexit (unlink_unix_socket);
|
||||||
|
|
||||||
|
-#ifdef SOCKET
|
||||||
|
- unlink (SOCKET);
|
||||||
|
+ /* uri = URI + UNIX_SOCKET */
|
||||||
|
+ if (asprintf (&uri, "%s%s", URI, UNIX_SOCKET) == -1) {
|
||||||
|
+ perror ("asprintf");
|
||||||
|
+ exit (EXIT_FAILURE);
|
||||||
|
+ }
|
||||||
|
#endif
|
||||||
|
+
|
||||||
|
unlink (PIDFILE);
|
||||||
|
|
||||||
|
pid = fork ();
|
||||||
|
@@ -75,13 +108,13 @@ main (int argc, char *argv[])
|
||||||
|
|
||||||
|
nbd_set_uri_allow_local_file (nbd, true);
|
||||||
|
|
||||||
|
- if (nbd_connect_uri (nbd, URI) == -1) {
|
||||||
|
+ if (nbd_connect_uri (nbd, uri) == -1) {
|
||||||
|
fprintf (stderr, "%s\n", nbd_get_error ());
|
||||||
|
exit (EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check we negotiated the right kind of connection. */
|
||||||
|
- if (strncmp (URI, "nbds", 4) == 0) {
|
||||||
|
+ if (strncmp (uri, "nbds", 4) == 0) {
|
||||||
|
if (! nbd_get_tls_negotiated (nbd)) {
|
||||||
|
fprintf (stderr, "%s: failed to negotiate a TLS connection\n",
|
||||||
|
argv[0]);
|
||||||
|
@@ -95,8 +128,8 @@ main (int argc, char *argv[])
|
||||||
|
}
|
||||||
|
|
||||||
|
nbd_close (nbd);
|
||||||
|
-#ifdef SOCKET
|
||||||
|
- unlink (SOCKET);
|
||||||
|
+#ifdef NEEDS_UNIX_SOCKET
|
||||||
|
+ free (uri);
|
||||||
|
#endif
|
||||||
|
exit (EXIT_SUCCESS);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,194 @@
|
|||||||
|
From ee3f88640062372d04406da321270a775377eb6c Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Fri, 3 Sep 2021 08:42:31 +0100
|
||||||
|
Subject: [PATCH] lib: Allow tls-certificates=<DIR> query parameter in URIs
|
||||||
|
|
||||||
|
For nbd_connect_uri, this allows a non-default path to a certificates
|
||||||
|
directory to be specified. For example:
|
||||||
|
|
||||||
|
nbds+unix://user@/?socket=/tmp/sock&tls-certificates=tests/pki
|
||||||
|
|
||||||
|
nbd_get_uri is also extended to produce the tls-certificates query
|
||||||
|
field if nbd_set_tls_certificates was called.
|
||||||
|
|
||||||
|
The main work here is extending the test suite so it actually tests
|
||||||
|
TLS URIs properly. Firstly we need to add --tls-verify-peer to the
|
||||||
|
nbdkit command line so it checks TLS client credentials at all
|
||||||
|
(previously it enabled TLS but didn't verify the client). Then we
|
||||||
|
need to add tests which use TLS certificates (previously only PSK was
|
||||||
|
being tested). And finally I loosened the rules for comparing URIs
|
||||||
|
since the order that query strings are returned by nbd_get_uri is not
|
||||||
|
necessarily the same as the query strings in nbd_connect_uri.
|
||||||
|
|
||||||
|
(cherry picked from commit 847e0b9830f6a9f07b4c242e1a500cd2b90cca5a)
|
||||||
|
(cherry picked from commit 5e85582ec79460c95552f06c6d6c41d15dae092f)
|
||||||
|
---
|
||||||
|
.gitignore | 5 +++--
|
||||||
|
generator/API.ml | 10 ++++++++++
|
||||||
|
lib/uri.c | 14 ++++++++++++--
|
||||||
|
tests/Makefile.am | 47 +++++++++++++++++++++++++++++------------------
|
||||||
|
4 files changed, 54 insertions(+), 22 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/.gitignore b/.gitignore
|
||||||
|
index 4935b81b..c974e27b 100644
|
||||||
|
--- a/.gitignore
|
||||||
|
+++ b/.gitignore
|
||||||
|
@@ -167,9 +167,10 @@ Makefile.in
|
||||||
|
/tests/connect-unix
|
||||||
|
/tests/connect-uri-nbd
|
||||||
|
/tests/connect-uri-nbd-unix
|
||||||
|
-/tests/connect-uri-nbds
|
||||||
|
+/tests/connect-uri-nbds-certs
|
||||||
|
/tests/connect-uri-nbds-psk
|
||||||
|
-/tests/connect-uri-nbds-unix
|
||||||
|
+/tests/connect-uri-nbds-unix-certs
|
||||||
|
+/tests/connect-uri-nbds-unix-psk
|
||||||
|
/tests/debug
|
||||||
|
/tests/debug-environment
|
||||||
|
/tests/errors
|
||||||
|
diff --git a/generator/API.ml b/generator/API.ml
|
||||||
|
index a46c6407..4b2a62e8 100644
|
||||||
|
--- a/generator/API.ml
|
||||||
|
+++ b/generator/API.ml
|
||||||
|
@@ -1231,6 +1231,11 @@ Connect over the Unix domain socket F</tmp/nbd.sock> to
|
||||||
|
an NBD server running locally. The export name is set to C<foo>
|
||||||
|
(note without any leading C</> character).
|
||||||
|
|
||||||
|
+=item C<nbds+unix://alice@/?socket=/tmp/nbd.sock&tls-certificates=certs>
|
||||||
|
+
|
||||||
|
+Connect over a Unix domain socket, enabling TLS and setting the
|
||||||
|
+path to a directory containing certificates and keys.
|
||||||
|
+
|
||||||
|
=item C<nbd+vsock:///>
|
||||||
|
|
||||||
|
In this scenario libnbd is running in a virtual machine. Connect
|
||||||
|
@@ -1291,6 +1296,11 @@ Specifies the Unix domain socket to connect on.
|
||||||
|
Must be present for the C<+unix> transport and must not
|
||||||
|
be present for the other transports.
|
||||||
|
|
||||||
|
+=item B<tls-certificates=>F<DIR>
|
||||||
|
+
|
||||||
|
+Set the certificates directory. See L<nbd_set_tls_certificates(3)>.
|
||||||
|
+Note this is not allowed by default - see next section.
|
||||||
|
+
|
||||||
|
=item B<tls-psk-file=>F<PSKFILE>
|
||||||
|
|
||||||
|
Set the PSK file. See L<nbd_set_tls_psk_file(3)>. Note
|
||||||
|
diff --git a/lib/uri.c b/lib/uri.c
|
||||||
|
index 9f5a2901..c8d9041e 100644
|
||||||
|
--- a/lib/uri.c
|
||||||
|
+++ b/lib/uri.c
|
||||||
|
@@ -249,9 +249,19 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri)
|
||||||
|
if (tls && nbd_unlocked_set_tls (h, LIBNBD_TLS_REQUIRE) == -1)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
- /* Look for some tls-* parameters. XXX More to come. */
|
||||||
|
+ /* Look for some tls-* parameters. */
|
||||||
|
for (i = 0; i < queries.size; i++) {
|
||||||
|
- if (strcmp (queries.ptr[i].name, "tls-psk-file") == 0) {
|
||||||
|
+ if (strcmp (queries.ptr[i].name, "tls-certificates") == 0) {
|
||||||
|
+ if (! h->uri_allow_local_file) {
|
||||||
|
+ set_error (EPERM,
|
||||||
|
+ "local file access (tls-certificates) is not allowed, "
|
||||||
|
+ "call nbd_set_uri_allow_local_file to enable this");
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+ if (nbd_unlocked_set_tls_certificates (h, queries.ptr[i].value) == -1)
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+ else if (strcmp (queries.ptr[i].name, "tls-psk-file") == 0) {
|
||||||
|
if (! h->uri_allow_local_file) {
|
||||||
|
set_error (EPERM,
|
||||||
|
"local file access (tls-psk-file) is not allowed, "
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index ed5585a5..3c33b747 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -539,33 +539,32 @@ if HAVE_GNUTLS
|
||||||
|
if HAVE_CERTTOOL
|
||||||
|
|
||||||
|
check_PROGRAMS += \
|
||||||
|
- connect-uri-nbds \
|
||||||
|
- connect-uri-nbds-unix \
|
||||||
|
+ connect-uri-nbds-certs \
|
||||||
|
+ connect-uri-nbds-unix-certs \
|
||||||
|
$(NULL)
|
||||||
|
TESTS += \
|
||||||
|
- connect-uri-nbds \
|
||||||
|
- connect-uri-nbds-unix \
|
||||||
|
+ connect-uri-nbds-certs \
|
||||||
|
+ connect-uri-nbds-unix-certs \
|
||||||
|
$(NULL)
|
||||||
|
|
||||||
|
RANDOM2 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))")
|
||||||
|
-connect_uri_nbds_SOURCES = connect-uri.c
|
||||||
|
-connect_uri_nbds_CPPFLAGS = \
|
||||||
|
+connect_uri_nbds_certs_SOURCES = connect-uri.c
|
||||||
|
+connect_uri_nbds_certs_CPPFLAGS = \
|
||||||
|
$(AM_CPPFLAGS) \
|
||||||
|
- -DSERVER_PARAMS='"-p", "$(RANDOM2)", "--tls=require", "--tls-certificates=pki"' \
|
||||||
|
- -DPIDFILE='"connect-uri-nbds.pid"' \
|
||||||
|
- -DURI='"nbds://localhost:$(RANDOM2)/"' \
|
||||||
|
+ -DSERVER_PARAMS='"-p", "$(RANDOM2)", "--tls=require", "--tls-verify-peer", "--tls-certificates=pki"' \
|
||||||
|
+ -DPIDFILE='"connect-uri-nbds-certs.pid"' \
|
||||||
|
+ -DURI='"nbds://localhost:$(RANDOM2)/?tls-certificates=pki"' \
|
||||||
|
$(NULL)
|
||||||
|
-connect_uri_nbds_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
+connect_uri_nbds_certs_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
-connect_uri_nbds_unix_SOURCES = connect-uri.c
|
||||||
|
-connect_uri_nbds_unix_CPPFLAGS = \
|
||||||
|
+connect_uri_nbds_unix_certs_SOURCES = connect-uri.c
|
||||||
|
+connect_uri_nbds_unix_certs_CPPFLAGS = \
|
||||||
|
$(AM_CPPFLAGS) \
|
||||||
|
-DNEEDS_UNIX_SOCKET=1 \
|
||||||
|
- -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-certificates=pki"' \
|
||||||
|
- -DPIDFILE='"connect-uri-nbds-unix.pid"' \
|
||||||
|
- -DURI='"nbds+unix:///?socket="' # UNIX_SOCKET appended
|
||||||
|
-connect_uri_nbds_unix_CFLAGS = $(WARNINGS_CFLAGS)
|
||||||
|
-connect_uri_nbds_unix_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
+ -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-verify-peer", "--tls-certificates=pki"' \
|
||||||
|
+ -DPIDFILE='"connect-uri-nbds-unix-certs.pid"' \
|
||||||
|
+ -DURI='"nbds+unix://alice@/?tls-certificates=pki&socket="' # UNIX_SOCKET appended
|
||||||
|
+connect_uri_nbds_unix_certs_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
endif HAVE_CERTTOOL
|
||||||
|
|
||||||
|
@@ -573,21 +572,33 @@ if HAVE_PSKTOOL
|
||||||
|
|
||||||
|
check_PROGRAMS += \
|
||||||
|
connect-uri-nbds-psk \
|
||||||
|
+ connect-uri-nbds-unix-psk \
|
||||||
|
$(NULL)
|
||||||
|
TESTS += \
|
||||||
|
connect-uri-nbds-psk \
|
||||||
|
+ connect-uri-nbds-unix-psk \
|
||||||
|
$(NULL)
|
||||||
|
|
||||||
|
RANDOM3 := $(shell bash -c "echo $$(( 32768 + (RANDOM & 16383) ))")
|
||||||
|
connect_uri_nbds_psk_SOURCES = connect-uri.c
|
||||||
|
connect_uri_nbds_psk_CPPFLAGS = \
|
||||||
|
$(AM_CPPFLAGS) \
|
||||||
|
- -DSERVER_PARAMS='"-p", "$(RANDOM3)", "--tls=require", "--tls-psk=keys.psk"' \
|
||||||
|
+ -DSERVER_PARAMS='"-p", "$(RANDOM3)", "--tls=require", "--tls-verify-peer", "--tls-psk=keys.psk"' \
|
||||||
|
-DPIDFILE='"connect-uri-nbds-psk.pid"' \
|
||||||
|
-DURI='"nbds://alice@localhost:$(RANDOM3)/?tls-psk-file=keys.psk"' \
|
||||||
|
$(NULL)
|
||||||
|
connect_uri_nbds_psk_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
|
||||||
|
+connect_uri_nbds_unix_psk_SOURCES = connect-uri.c
|
||||||
|
+connect_uri_nbds_unix_psk_CPPFLAGS = \
|
||||||
|
+ $(AM_CPPFLAGS) \
|
||||||
|
+ -DNEEDS_UNIX_SOCKET=1 \
|
||||||
|
+ -DSERVER_PARAMS='"-U", UNIX_SOCKET, "--tls=require", "--tls-verify-peer", "--tls-psk=keys.psk"' \
|
||||||
|
+ -DPIDFILE='"connect-uri-nbds-unix-psk.pid"' \
|
||||||
|
+ -DURI='"nbds+unix://alice@/?tls-psk-file=keys.psk&socket="' # UNIX_SOCKET appended \
|
||||||
|
+ $(NULL)
|
||||||
|
+connect_uri_nbds_unix_psk_LDADD = $(top_builddir)/lib/libnbd.la
|
||||||
|
+
|
||||||
|
endif HAVE_PSKTOOL
|
||||||
|
|
||||||
|
endif HAVE_GNUTLS
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,33 @@
|
|||||||
|
From 10ca0d72932092b09475893de233f17d3eff8a72 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Thu, 4 Aug 2022 13:28:25 +0100
|
||||||
|
Subject: [PATCH] tests/make-pki.sh: Use Subject Alternative Name for server
|
||||||
|
certificate
|
||||||
|
|
||||||
|
This allows us to test this feature.
|
||||||
|
|
||||||
|
(cherry picked from nbdkit commit 0c50bef16f9d6705add8db85c7ea7b4523770fba)
|
||||||
|
|
||||||
|
(cherry picked from commit 38eabf6df05fae109212a4ce9afc9c0fe63c2f0e)
|
||||||
|
(cherry picked from commit b07898e1ee70b0641ec5233d6e8f7fa16b63c287)
|
||||||
|
---
|
||||||
|
tests/make-pki.sh | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/tests/make-pki.sh b/tests/make-pki.sh
|
||||||
|
index d4f61204..03f4faa1 100755
|
||||||
|
--- a/tests/make-pki.sh
|
||||||
|
+++ b/tests/make-pki.sh
|
||||||
|
@@ -75,6 +75,9 @@ chmod 0600 $1/server-key.pem
|
||||||
|
cat > $1/server.info <<EOF
|
||||||
|
organization = Test
|
||||||
|
cn = localhost
|
||||||
|
+dns_name = localhost
|
||||||
|
+ip_address = 127.0.0.1
|
||||||
|
+ip_address = ::1
|
||||||
|
tls_www_server
|
||||||
|
encryption_key
|
||||||
|
signing_key
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,57 @@
|
|||||||
|
From dab43717f183cf96fcda6a0be22c39801dcfda83 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Mon, 24 Jun 2024 10:48:12 +0100
|
||||||
|
Subject: [PATCH] lib/crypto.c: Check server certificate even when using system
|
||||||
|
CA
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The previous code checked the server certificate only when a custom
|
||||||
|
certificate directory was set (ie. nbd_set_tls_certificates /
|
||||||
|
?tls-certificates=DIR). In the fallback case where we use the system
|
||||||
|
CA, we never called gnutls_session_set_verify_cert and so the server
|
||||||
|
certificate was never checked.
|
||||||
|
|
||||||
|
Move the call to gnutls_session_set_verify_cert later so it is called
|
||||||
|
on both paths.
|
||||||
|
|
||||||
|
If the server certificate does not match the hostname you will see:
|
||||||
|
|
||||||
|
nbdinfo: nbd_connect_uri: gnutls_handshake: Error in the certificate verification. (15/1)
|
||||||
|
|
||||||
|
Reported-by: Jon Szymaniak <jon.szymaniak@gmail.com>
|
||||||
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
(cherry picked from commit 87ef41b69929d5d293390ec36b1c10aba2c9a57a)
|
||||||
|
(cherry picked from commit 81bd57bb8ab0b142207efb9f69a233418fbb4f8f)
|
||||||
|
---
|
||||||
|
lib/crypto.c | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/crypto.c b/lib/crypto.c
|
||||||
|
index 705e114a..4c398b03 100644
|
||||||
|
--- a/lib/crypto.c
|
||||||
|
+++ b/lib/crypto.c
|
||||||
|
@@ -513,9 +513,6 @@ set_up_certificate_credentials (struct nbd_handle *h,
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
found_certificates:
|
||||||
|
- if (h->hostname && h->tls_verify_peer)
|
||||||
|
- gnutls_session_set_verify_cert (session, h->hostname, 0);
|
||||||
|
-
|
||||||
|
err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, ret);
|
||||||
|
if (err < 0) {
|
||||||
|
set_error (0, "gnutls_credentials_set: %s", gnutls_strerror (err));
|
||||||
|
@@ -625,6 +622,9 @@ nbd_internal_crypto_create_session (struct nbd_handle *h,
|
||||||
|
gnutls_deinit (session);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ if (h->hostname && h->tls_verify_peer)
|
||||||
|
+ gnutls_session_set_verify_cert (session, h->hostname, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Wrap the underlying socket with GnuTLS. */
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,76 @@
|
|||||||
|
From 17dc75c8235af7126b3820d5e0be3488efe74671 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Mon, 24 Jun 2024 10:31:10 +0100
|
||||||
|
Subject: [PATCH] lib/crypto.c: Allow CA verification even if h->hostname is
|
||||||
|
not set
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Calling gnutls_session_set_verify_cert with the hostname parameter set
|
||||||
|
to NULL is permitted:
|
||||||
|
https://www.gnutls.org/manual/html_node/Core-TLS-API.html#gnutls_005fsession_005fset_005fverify_005fcert
|
||||||
|
|
||||||
|
It means that the server's hostname in the certificate will not be
|
||||||
|
verified but we can at least check that the certificate was signed by
|
||||||
|
the CA. This allows the CA to be checked even for connections over
|
||||||
|
Unix domain sockets.
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
|
$ rm -f /tmp/sock
|
||||||
|
$ nbdkit -U /tmp/sock -f --tls=require --tls-certificates=$HOME/d/nbdkit/tests/pki memory 1G &
|
||||||
|
|
||||||
|
Before this change:
|
||||||
|
|
||||||
|
$ nbdinfo 'nbds+unix://?socket=/tmp/sock'
|
||||||
|
protocol: newstyle-fixed with TLS, using structured packets
|
||||||
|
export="":
|
||||||
|
export-size: 1073741824 (1G)
|
||||||
|
content: data
|
||||||
|
uri: nbds+unix:///?socket=/tmp/sock
|
||||||
|
[etc]
|
||||||
|
|
||||||
|
(works because it never called gnutls_session_set_verify_cert).
|
||||||
|
|
||||||
|
After this change:
|
||||||
|
|
||||||
|
$ nbdinfo 'nbds+unix://?socket=/tmp/sock'
|
||||||
|
nbdinfo: nbd_connect_uri: gnutls_handshake: Error in the certificate verification. (15/1)
|
||||||
|
|
||||||
|
(fails because system CA does not know about nbdkit's certificate
|
||||||
|
which is signed by the CA from the nbdkit/tests/pki directory)
|
||||||
|
|
||||||
|
$ nbdinfo 'nbds+unix://?socket=/tmp/sock&tls-certificates=/home/rjones/d/nbdkit/tests/pki'
|
||||||
|
protocol: newstyle-fixed with TLS, using structured packets
|
||||||
|
export="":
|
||||||
|
export-size: 1073741824 (1G)
|
||||||
|
content: data
|
||||||
|
uri: nbds+unix:///?socket=/tmp/sock&tls-certificates=/home/rjones/d/nbdkit/tests/pki
|
||||||
|
[etc]
|
||||||
|
|
||||||
|
(works because we supplied the correct CA)
|
||||||
|
|
||||||
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
(cherry picked from commit 6ed47a27d14f6f11946bb096d94e5bf21d97083d)
|
||||||
|
(cherry picked from commit 42ee6d8dd919b241b1f1510f5759673b26fc9731)
|
||||||
|
---
|
||||||
|
lib/crypto.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/crypto.c b/lib/crypto.c
|
||||||
|
index 4c398b03..a5177bbb 100644
|
||||||
|
--- a/lib/crypto.c
|
||||||
|
+++ b/lib/crypto.c
|
||||||
|
@@ -623,7 +623,7 @@ nbd_internal_crypto_create_session (struct nbd_handle *h,
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (h->hostname && h->tls_verify_peer)
|
||||||
|
+ if (h->tls_verify_peer)
|
||||||
|
gnutls_session_set_verify_cert (session, h->hostname, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,90 @@
|
|||||||
|
From 1f82b6d2d894bf567926f4ae52f4362654db8f38 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Tue, 25 Jun 2024 11:12:56 +0100
|
||||||
|
Subject: [PATCH] lib/uri.c: Allow tls-verify-peer to be overridden in URIs
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Older versions of libnbd didn't always check the server certificate.
|
||||||
|
Since some clients might be depending on this, allow
|
||||||
|
?tls-verify-peer=false in URIs to skip this check.
|
||||||
|
|
||||||
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
(cherry picked from commit 75641c6b30155abce272f60cf3518a65654aa401)
|
||||||
|
(cherry picked from commit caad9cfb5dda0957c4b15cc85738a4c6ac856e8b)
|
||||||
|
(cherry picked from commit 4bfc3176de535350f884732b8793574e37714d2a)
|
||||||
|
---
|
||||||
|
generator/API.ml | 5 +++++
|
||||||
|
lib/uri.c | 32 ++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 37 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/generator/API.ml b/generator/API.ml
|
||||||
|
index 4b2a62e8..69ee428d 100644
|
||||||
|
--- a/generator/API.ml
|
||||||
|
+++ b/generator/API.ml
|
||||||
|
@@ -1306,6 +1306,11 @@ Note this is not allowed by default - see next section.
|
||||||
|
Set the PSK file. See L<nbd_set_tls_psk_file(3)>. Note
|
||||||
|
this is not allowed by default - see next section.
|
||||||
|
|
||||||
|
+=item B<tls-verify-peer=false>
|
||||||
|
+
|
||||||
|
+Do not verify the server certificate. See L<nbd_set_tls_verify_peer(3)>.
|
||||||
|
+The default is C<true>.
|
||||||
|
+
|
||||||
|
=back
|
||||||
|
|
||||||
|
=head2 Disable URI features
|
||||||
|
diff --git a/lib/uri.c b/lib/uri.c
|
||||||
|
index c8d9041e..8dfefd00 100644
|
||||||
|
--- a/lib/uri.c
|
||||||
|
+++ b/lib/uri.c
|
||||||
|
@@ -140,6 +140,31 @@ error:
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Similar to nbdkit_parse_bool */
|
||||||
|
+int
|
||||||
|
+parse_bool (const char *param, const char *value)
|
||||||
|
+{
|
||||||
|
+ if (!strcmp (value, "1") ||
|
||||||
|
+ !strcasecmp (value, "true") ||
|
||||||
|
+ !strcasecmp (value, "t") ||
|
||||||
|
+ !strcasecmp (value, "yes") ||
|
||||||
|
+ !strcasecmp (value, "y") ||
|
||||||
|
+ !strcasecmp (value, "on"))
|
||||||
|
+ return 1;
|
||||||
|
+
|
||||||
|
+ if (!strcmp (value, "0") ||
|
||||||
|
+ !strcasecmp (value, "false") ||
|
||||||
|
+ !strcasecmp (value, "f") ||
|
||||||
|
+ !strcasecmp (value, "no") ||
|
||||||
|
+ !strcasecmp (value, "n") ||
|
||||||
|
+ !strcasecmp (value, "off"))
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ set_error (EINVAL, "could not parse %s parameter, expecting %s=true|false",
|
||||||
|
+ param, param);
|
||||||
|
+ return -1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int
|
||||||
|
nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri)
|
||||||
|
{
|
||||||
|
@@ -271,6 +296,13 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri)
|
||||||
|
if (nbd_unlocked_set_tls_psk_file (h, queries.ptr[i].value) == -1)
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
+ else if (strcasecmp (queries.ptr[i].name, "tls-verify-peer") == 0) {
|
||||||
|
+ int v = parse_bool ("tls-verify-peer", queries.ptr[i].value);
|
||||||
|
+ if (v == -1)
|
||||||
|
+ goto cleanup;
|
||||||
|
+ if (nbd_unlocked_set_tls_verify_peer (h, v) == -1)
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Username. */
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,32 @@
|
|||||||
|
From 437d3aedd5ecbcb8d5234665015c5813a6ca1712 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Tue, 25 Jun 2024 17:53:47 +0100
|
||||||
|
Subject: [PATCH] docs: security: Add link to TLS server certificate checking
|
||||||
|
announcement
|
||||||
|
|
||||||
|
(cherry picked from commit 9c723aa660c6ee7d224afbfc16eb7450d21fb9cf)
|
||||||
|
(cherry picked from commit 9b77d853d82c291f74b51305d58e9db7f555a254)
|
||||||
|
(cherry picked from commit b477be4ed47daa6ba73c176ae8b0288ec8e84f23)
|
||||||
|
---
|
||||||
|
docs/libnbd-security.pod | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod
|
||||||
|
index 0cae8462..b31f3f8b 100644
|
||||||
|
--- a/docs/libnbd-security.pod
|
||||||
|
+++ b/docs/libnbd-security.pod
|
||||||
|
@@ -28,6 +28,11 @@ denial of service when using L<nbd_set_opt_mode(3)>
|
||||||
|
See the full announcement here:
|
||||||
|
L<https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html>
|
||||||
|
|
||||||
|
+=head2 multiple flaws in TLS server certificate checking
|
||||||
|
+
|
||||||
|
+See the full announcement here:
|
||||||
|
+L<https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/LHR3BW6RJ7K4BJBQIYV3GTZLSY27VZO2/>
|
||||||
|
+
|
||||||
|
=head1 SEE ALSO
|
||||||
|
|
||||||
|
L<libnbd(3)>.
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -0,0 +1,34 @@
|
|||||||
|
From 626331d88fdf8ed87dc066faeb836fc5926f5420 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Thu, 1 Aug 2024 15:17:29 +0100
|
||||||
|
Subject: [PATCH] docs/libnbd-security.pod: Assign CVE-2024-7383
|
||||||
|
|
||||||
|
CVE-2024-7383 was assigned to the (already published & fixed) flaws
|
||||||
|
found in libnbd certificate checking.
|
||||||
|
|
||||||
|
Reported-by: Jon Szymaniak
|
||||||
|
Thanks: Mauro Matteo Cascella
|
||||||
|
(cherry picked from commit 81a22ac6697ccdeb13509aba3072609251d1378b)
|
||||||
|
(cherry picked from commit 599281af594db8414d856db409846b04fce03824)
|
||||||
|
(cherry picked from commit 8f7dce2b6d6716f9eec0f352a3c420ae84a84be9)
|
||||||
|
---
|
||||||
|
docs/libnbd-security.pod | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod
|
||||||
|
index b31f3f8b..4c3b5bbd 100644
|
||||||
|
--- a/docs/libnbd-security.pod
|
||||||
|
+++ b/docs/libnbd-security.pod
|
||||||
|
@@ -28,7 +28,8 @@ denial of service when using L<nbd_set_opt_mode(3)>
|
||||||
|
See the full announcement here:
|
||||||
|
L<https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html>
|
||||||
|
|
||||||
|
-=head2 multiple flaws in TLS server certificate checking
|
||||||
|
+=head2 CVE-2024-7383
|
||||||
|
+multiple flaws in TLS server certificate checking
|
||||||
|
|
||||||
|
See the full announcement here:
|
||||||
|
L<https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/LHR3BW6RJ7K4BJBQIYV3GTZLSY27VZO2/>
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
Loading…
Reference in new issue