From 903966e69c12395482a079f21839959de391e40f Mon Sep 17 00:00:00 2001 From: "Danilo C. L. de Paula" Date: Thu, 31 Jan 2019 20:40:05 +0000 Subject: [PATCH] * Thu Jan 31 2019 Danilo Cesar Lemes de Paula - 3.1.0-11.el8 - kvm-Fix-fsfreeze-hook-path-in-the-man-page.patch [bz#1644985] - kvm-json-Fix-handling-when-not-interpolating.patch [bz#1668244] - Resolves: bz#1644985 (The "fsfreeze-hook" script path shown by command "qemu-ga --help" or "man qemu-ga" is wrong - Fast Train) - Resolves: bz#1668244 (qemu-img: /var/tmp/v2vovl9951f8.qcow2: CURL: Error opening file: The requested URL returned error: 404 Not Found) --- ...x-fsfreeze-hook-path-in-the-man-page.patch | 52 ++++++++ ...-Fix-handling-when-not-interpolating.patch | 122 ++++++++++++++++++ qemu-kvm.spec | 14 +- 3 files changed, 187 insertions(+), 1 deletion(-) create mode 100644 kvm-Fix-fsfreeze-hook-path-in-the-man-page.patch create mode 100644 kvm-json-Fix-handling-when-not-interpolating.patch diff --git a/kvm-Fix-fsfreeze-hook-path-in-the-man-page.patch b/kvm-Fix-fsfreeze-hook-path-in-the-man-page.patch new file mode 100644 index 0000000..0f72600 --- /dev/null +++ b/kvm-Fix-fsfreeze-hook-path-in-the-man-page.patch @@ -0,0 +1,52 @@ +From cd667708de23ea78479cc68dd8ae4c9b429a4ec8 Mon Sep 17 00:00:00 2001 +From: Danilo de Paula +Date: Thu, 31 Jan 2019 00:16:44 +0000 +Subject: [PATCH 1/2] Fix fsfreeze-hook path in the man page. + +RH-Author: Danilo de Paula +Message-id: <20190131001644.6237-2-ddepaula@redhat.com> +Patchwork-id: 84152 +O-Subject: [RHEL8/rhel + RHEL8/AV qemu-kvm PATCH 1/1] Fix fsfreeze-hook path in the man page. +Bugzilla: 1644985 +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: Stefan Hajnoczi +RH-Acked-by: Thomas Huth + +fsfreeze-hook final PATH is defined in redhat/qemu-kvm.spec.template +since it's being copied in the install section. + +In that way, even with the configuration changes proposed by Marc +in qemu-devel [1], the information would still be different. + +Wanting to avoid having to re-write some part of the building system +including a new option, or use [1] and call ./configure again with --with-confsuffix=/qemu-ga, +I decided to manually edit this directly in the file. + +To play safe, an alternative is to do this in the spec file with something like +sed -i '/\/etc\/qemu\/fsfreeze-hook/,${s//\/etc\/qemu-ga\/fsfreeze-hook//;b};$q1' qemu-ga.texi +In case the original file changes during a rebase, sed would fail and +the problem could be detected. But I believe this would make maintaining this even harder. + +[1] http://lists.gnu.org/archive/html/qemu-devel/2018-11/msg05088.html + +Signed-off-by: Danilo C. L. de Paula +--- + qemu-ga.texi | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/qemu-ga.texi b/qemu-ga.texi +index 4c7a8fd..3105e30 100644 +--- a/qemu-ga.texi ++++ b/qemu-ga.texi +@@ -58,7 +58,7 @@ file format). + Enable fsfreeze hook. Accepts an optional argument that specifies + script to run on freeze/thaw. Script will be called with + 'freeze'/'thaw' arguments accordingly (default is +- @samp{/etc/qemu/fsfreeze-hook}). If using -F with an argument, do ++ @samp{/etc/qemu-ga/fsfreeze-hook}). If using -F with an argument, do + not follow -F with a space (for example: + @samp{-F/var/run/fsfreezehook.sh}). + +-- +1.8.3.1 + diff --git a/kvm-json-Fix-handling-when-not-interpolating.patch b/kvm-json-Fix-handling-when-not-interpolating.patch new file mode 100644 index 0000000..e589371 --- /dev/null +++ b/kvm-json-Fix-handling-when-not-interpolating.patch @@ -0,0 +1,122 @@ +From ee704181e5f2dd1ebc6a2de0f9e750a11541cd47 Mon Sep 17 00:00:00 2001 +From: Markus Armbruster +Date: Thu, 31 Jan 2019 14:28:01 +0000 +Subject: [PATCH 2/2] json: Fix % handling when not interpolating + +RH-Author: Markus Armbruster +Message-id: <20190131142801.15268-2-armbru@redhat.com> +Patchwork-id: 84158 +O-Subject: [RHEL-8.0/AV qemu-kvm PATCH 1/1] json: Fix % handling when not interpolating +Bugzilla: 1668244 +RH-Acked-by: Richard Jones +RH-Acked-by: Daniel P. Berrange +RH-Acked-by: Danilo de Paula + +From: Christophe Fergeau + +Commit 8bca4613 added support for %% in json strings when interpolating, +but in doing so broke handling of % when not interpolating. + +When parse_string() is fed a string token containing '%', it skips the +'%' regardless of ctxt->ap, i.e. even it's not interpolating. If the +'%' is the string's last character, it fails an assertion. Else, it +"merely" swallows the '%'. + +Fix parse_string() to handle '%' specially only when interpolating. + +To gauge the bug's impact, let's review non-interpolating users of this +parser, i.e. code passing NULL context to json_message_parser_init(): + +* tests/check-qjson.c, tests/test-qobject-input-visitor.c, + tests/test-visitor-serialization.c + + Plenty of tests, but we still failed to cover the buggy case. + +* monitor.c: QMP input + +* qga/main.c: QGA input + +* qobject_from_json(): + + - qobject-input-visitor.c: JSON command line option arguments of + -display and -blockdev + + Reproducer: -blockdev '{"%"}' + + - block.c: JSON pseudo-filenames starting with "json:" + + Reproducer: https://bugzilla.redhat.com/show_bug.cgi?id=1668244#c3 + + - block/rbd.c: JSON key pairs + + Pseudo-filenames starting with "rbd:". + +Command line, QMP and QGA input are trusted. + +Filenames are trusted when they come from command line, QMP or HMP. +They are untrusted when they come from from image file headers. +Example: QCOW2 backing file name. Note that this is *not* the security +boundary between host and guest. It's the boundary between host and an +image file from an untrusted source. + +Neither failing an assertion nor skipping a character in a filename of +your choice looks exploitable. Note that we don't support compiling +with NDEBUG. + +Fixes: 8bca4613e6cddd948895b8db3def05950463495b +Cc: qemu-stable@nongnu.org +Signed-off-by: Christophe Fergeau +Message-Id: <20190102140535.11512-1-cfergeau@redhat.com> +Reviewed-by: Eric Blake +Tested-by: Richard W.M. Jones +[Commit message extended to discuss impact] +Signed-off-by: Markus Armbruster +(cherry picked from commit bbc0586ced6e9ffdfd29d89fcc917b3d90ac3938) + +Signed-off-by: Danilo C. L. de Paula +--- + qobject/json-parser.c | 10 ++++++---- + tests/check-qjson.c | 5 +++++ + 2 files changed, 11 insertions(+), 4 deletions(-) + +diff --git a/qobject/json-parser.c b/qobject/json-parser.c +index 5a840df..53e91cb 100644 +--- a/qobject/json-parser.c ++++ b/qobject/json-parser.c +@@ -208,11 +208,13 @@ static QString *parse_string(JSONParserContext *ctxt, JSONToken *token) + } + break; + case '%': +- if (ctxt->ap && ptr[1] != '%') { +- parse_error(ctxt, token, "can't interpolate into string"); +- goto out; ++ if (ctxt->ap) { ++ if (ptr[1] != '%') { ++ parse_error(ctxt, token, "can't interpolate into string"); ++ goto out; ++ } ++ ptr++; + } +- ptr++; + /* fall through */ + default: + cp = mod_utf8_codepoint(ptr, 6, &end); +diff --git a/tests/check-qjson.c b/tests/check-qjson.c +index d876a7a..fa2afcc 100644 +--- a/tests/check-qjson.c ++++ b/tests/check-qjson.c +@@ -176,6 +176,11 @@ static void utf8_string(void) + "\xCE\xBA\xE1\xBD\xB9\xCF\x83\xCE\xBC\xCE\xB5", + "\\u03BA\\u1F79\\u03C3\\u03BC\\u03B5", + }, ++ /* '%' character when not interpolating */ ++ { ++ "100%", ++ "100%", ++ }, + /* 2 Boundary condition test cases */ + /* 2.1 First possible sequence of a certain length */ + /* +-- +1.8.3.1 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index 974abee..95b3e86 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -68,7 +68,7 @@ Obsoletes: %1-rhev Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 3.1.0 -Release: 10%{?dist} +Release: 11%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 15 License: GPLv2 and GPLv2+ and CC-BY @@ -172,6 +172,10 @@ Patch43: kvm-hw-s390x-Fix-bad-mask-in-time2tod.patch Patch44: kvm-throttle-groups-fix-restart-coroutine-iothread-race.patch # For bz#1655947 - qemu-kvm core dumped after unplug the device which was set io throttling parameters Patch45: kvm-iotests-add-238-for-throttling-tgm-unregister-iothre.patch +# For bz#1644985 - The "fsfreeze-hook" script path shown by command "qemu-ga --help" or "man qemu-ga" is wrong - Fast Train +Patch46: kvm-Fix-fsfreeze-hook-path-in-the-man-page.patch +# For bz#1668244 - qemu-img: /var/tmp/v2vovl9951f8.qcow2: CURL: Error opening file: The requested URL returned error: 404 Not Found +Patch47: kvm-json-Fix-handling-when-not-interpolating.patch BuildRequires: zlib-devel BuildRequires: glib2-devel @@ -1019,6 +1023,14 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %changelog +* Thu Jan 31 2019 Danilo Cesar Lemes de Paula - 3.1.0-11.el8 +- kvm-Fix-fsfreeze-hook-path-in-the-man-page.patch [bz#1644985] +- kvm-json-Fix-handling-when-not-interpolating.patch [bz#1668244] +- Resolves: bz#1644985 + (The "fsfreeze-hook" script path shown by command "qemu-ga --help" or "man qemu-ga" is wrong - Fast Train) +- Resolves: bz#1668244 + (qemu-img: /var/tmp/v2vovl9951f8.qcow2: CURL: Error opening file: The requested URL returned error: 404 Not Found) + * Tue Jan 29 2019 Danilo Cesar Lemes de Paula - 3.1.0-10.el8 - kvm-throttle-groups-fix-restart-coroutine-iothread-race.patch [bz#1655947] - kvm-iotests-add-238-for-throttling-tgm-unregister-iothre.patch [bz#1655947]