rpms/qemu-kvm
5
0
Fork 0
Code Issues Pull Requests Releases Activity

* Thu Jan 31 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 3.1.0-11.el8

Browse Source 
- kvm-Fix-fsfreeze-hook-path-in-the-man-page.patch [bz#1644985]
- kvm-json-Fix-handling-when-not-interpolating.patch [bz#1668244]
- Resolves: bz#1644985
  (The "fsfreeze-hook" script path shown by command "qemu-ga --help" or "man qemu-ga" is wrong - Fast Train)
- Resolves: bz#1668244
  (qemu-img: /var/tmp/v2vovl9951f8.qcow2: CURL: Error opening file: The requested URL returned error: 404 Not Found)
This commit is contained in:
Danilo C. L. de Paula 2019-01-31 20:40:05 +00:00
parent d9dd3f8dd3
commit 903966e69c
3 changed files with 187 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
kvm-Fix-fsfreeze-hook-path-in-the-man-page.patch Normal file
View File

@ -0,0 +1,52 @@
From cd667708de23ea78479cc68dd8ae4c9b429a4ec8 Mon Sep 17 00:00:00 2001
From: Danilo de Paula <ddepaula@redhat.com>
Date: Thu, 31 Jan 2019 00:16:44 +0000
Subject: [PATCH 1/2] Fix fsfreeze-hook path in the man page.
RH-Author: Danilo de Paula <ddepaula@redhat.com>
Message-id: <20190131001644.6237-2-ddepaula@redhat.com>
Patchwork-id: 84152
O-Subject: [RHEL8/rhel + RHEL8/AV qemu-kvm PATCH 1/1] Fix fsfreeze-hook path in the man page.
Bugzilla: 1644985
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
fsfreeze-hook final PATH is defined in redhat/qemu-kvm.spec.template
since it's being copied in the install section.
In that way, even with the configuration changes proposed by Marc
in qemu-devel [1], the information would still be different.
Wanting to avoid having to re-write some part of the building system
including a new option, or use [1] and call ./configure again with --with-confsuffix=/qemu-ga,
I decided to manually edit this directly in the file.
To play safe, an alternative is to do this in the spec file with something like
sed -i '/\/etc\/qemu\/fsfreeze-hook/,${s//\/etc\/qemu-ga\/fsfreeze-hook//;b};$q1' qemu-ga.texi
In case the original file changes during a rebase, sed would fail and
the problem could be detected. But I believe this would make maintaining this even harder.
[1] http://lists.gnu.org/archive/html/qemu-devel/2018-11/msg05088.html
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
qemu-ga.texi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/qemu-ga.texi b/qemu-ga.texi
index 4c7a8fd..3105e30 100644
--- a/qemu-ga.texi
+++ b/qemu-ga.texi
@@ -58,7 +58,7 @@ file format).
Enable fsfreeze hook. Accepts an optional argument that specifies
script to run on freeze/thaw. Script will be called with
'freeze'/'thaw' arguments accordingly (default is
- @samp{/etc/qemu/fsfreeze-hook}). If using -F with an argument, do
+ @samp{/etc/qemu-ga/fsfreeze-hook}). If using -F with an argument, do
not follow -F with a space (for example:
@samp{-F/var/run/fsfreezehook.sh}).
--
1.8.3.1

122
kvm-json-Fix-handling-when-not-interpolating.patch Normal file
View File

@ -0,0 +1,122 @@
From ee704181e5f2dd1ebc6a2de0f9e750a11541cd47 Mon Sep 17 00:00:00 2001
From: Markus Armbruster <armbru@redhat.com>
Date: Thu, 31 Jan 2019 14:28:01 +0000
Subject: [PATCH 2/2] json: Fix % handling when not interpolating
RH-Author: Markus Armbruster <armbru@redhat.com>
Message-id: <20190131142801.15268-2-armbru@redhat.com>
Patchwork-id: 84158
O-Subject: [RHEL-8.0/AV qemu-kvm PATCH 1/1] json: Fix % handling when not interpolating
Bugzilla: 1668244
RH-Acked-by: Richard Jones <rjones@redhat.com>
RH-Acked-by: Daniel P. Berrange <berrange@redhat.com>
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
From: Christophe Fergeau <cfergeau@redhat.com>
Commit 8bca4613 added support for %% in json strings when interpolating,
but in doing so broke handling of % when not interpolating.
When parse_string() is fed a string token containing '%', it skips the
'%' regardless of ctxt->ap, i.e. even it's not interpolating. If the
'%' is the string's last character, it fails an assertion. Else, it
"merely" swallows the '%'.
Fix parse_string() to handle '%' specially only when interpolating.
To gauge the bug's impact, let's review non-interpolating users of this
parser, i.e. code passing NULL context to json_message_parser_init():
* tests/check-qjson.c, tests/test-qobject-input-visitor.c,
tests/test-visitor-serialization.c
Plenty of tests, but we still failed to cover the buggy case.
* monitor.c: QMP input
* qga/main.c: QGA input
* qobject_from_json():
- qobject-input-visitor.c: JSON command line option arguments of
-display and -blockdev
Reproducer: -blockdev '{"%"}'
- block.c: JSON pseudo-filenames starting with "json:"
Reproducer: https://bugzilla.redhat.com/show_bug.cgi?id=1668244#c3
- block/rbd.c: JSON key pairs
Pseudo-filenames starting with "rbd:".
Command line, QMP and QGA input are trusted.
Filenames are trusted when they come from command line, QMP or HMP.
They are untrusted when they come from from image file headers.
Example: QCOW2 backing file name. Note that this is *not* the security
boundary between host and guest. It's the boundary between host and an
image file from an untrusted source.
Neither failing an assertion nor skipping a character in a filename of
your choice looks exploitable. Note that we don't support compiling
with NDEBUG.
Fixes: 8bca4613e6cddd948895b8db3def05950463495b
Cc: qemu-stable@nongnu.org
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Message-Id: <20190102140535.11512-1-cfergeau@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
[Commit message extended to discuss impact]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
(cherry picked from commit bbc0586ced6e9ffdfd29d89fcc917b3d90ac3938)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
qobject/json-parser.c | 10 ++++++----
tests/check-qjson.c | 5 +++++
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/qobject/json-parser.c b/qobject/json-parser.c
index 5a840df..53e91cb 100644
--- a/qobject/json-parser.c
+++ b/qobject/json-parser.c
@@ -208,11 +208,13 @@ static QString *parse_string(JSONParserContext *ctxt, JSONToken *token)
}
break;
case '%':
- if (ctxt->ap && ptr[1] != '%') {
- parse_error(ctxt, token, "can't interpolate into string");
- goto out;
+ if (ctxt->ap) {
+ if (ptr[1] != '%') {
+ parse_error(ctxt, token, "can't interpolate into string");
+ goto out;
+ }
+ ptr++;
}
- ptr++;
/* fall through */
default:
cp = mod_utf8_codepoint(ptr, 6, &end);
diff --git a/tests/check-qjson.c b/tests/check-qjson.c
index d876a7a..fa2afcc 100644
--- a/tests/check-qjson.c
+++ b/tests/check-qjson.c
@@ -176,6 +176,11 @@ static void utf8_string(void)
"\xCE\xBA\xE1\xBD\xB9\xCF\x83\xCE\xBC\xCE\xB5",
"\\u03BA\\u1F79\\u03C3\\u03BC\\u03B5",
},
+ /* '%' character when not interpolating */
+ {
+ "100%",
+ "100%",
+ },
/* 2 Boundary condition test cases */
/* 2.1 First possible sequence of a certain length */
/*
--
1.8.3.1

14
qemu-kvm.spec
View File

@ -68,7 +68,7 @@ Obsoletes: %1-rhev
Summary: QEMU is a machine emulator and virtualizer Summary: QEMU is a machine emulator and virtualizer
Name: qemu-kvm Name: qemu-kvm
Version: 3.1.0 Version: 3.1.0
Release: 10%{?dist} Release: 11%{?dist}
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
Epoch: 15 Epoch: 15
License: GPLv2 and GPLv2+ and CC-BY License: GPLv2 and GPLv2+ and CC-BY
@ -172,6 +172,10 @@ Patch43: kvm-hw-s390x-Fix-bad-mask-in-time2tod.patch
Patch44: kvm-throttle-groups-fix-restart-coroutine-iothread-race.patch Patch44: kvm-throttle-groups-fix-restart-coroutine-iothread-race.patch
# For bz#1655947 - qemu-kvm core dumped after unplug the device which was set io throttling parameters # For bz#1655947 - qemu-kvm core dumped after unplug the device which was set io throttling parameters
Patch45: kvm-iotests-add-238-for-throttling-tgm-unregister-iothre.patch Patch45: kvm-iotests-add-238-for-throttling-tgm-unregister-iothre.patch
# For bz#1644985 - The "fsfreeze-hook" script path shown by command "qemu-ga --help" or "man qemu-ga" is wrong - Fast Train
Patch46: kvm-Fix-fsfreeze-hook-path-in-the-man-page.patch
# For bz#1668244 - qemu-img: /var/tmp/v2vovl9951f8.qcow2: CURL: Error opening file: The requested URL returned error: 404 Not Found
Patch47: kvm-json-Fix-handling-when-not-interpolating.patch
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: glib2-devel BuildRequires: glib2-devel
@ -1019,6 +1023,14 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%changelog %changelog
* Thu Jan 31 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 3.1.0-11.el8
- kvm-Fix-fsfreeze-hook-path-in-the-man-page.patch [bz#1644985]
- kvm-json-Fix-handling-when-not-interpolating.patch [bz#1668244]
- Resolves: bz#1644985
(The "fsfreeze-hook" script path shown by command "qemu-ga --help" or "man qemu-ga" is wrong - Fast Train)
- Resolves: bz#1668244
(qemu-img: /var/tmp/v2vovl9951f8.qcow2: CURL: Error opening file: The requested URL returned error: 404 Not Found)
* Tue Jan 29 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 3.1.0-10.el8 * Tue Jan 29 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 3.1.0-10.el8
- kvm-throttle-groups-fix-restart-coroutine-iothread-race.patch [bz#1655947] - kvm-throttle-groups-fix-restart-coroutine-iothread-race.patch [bz#1655947]
- kvm-iotests-add-238-for-throttling-tgm-unregister-iothre.patch [bz#1655947] - kvm-iotests-add-238-for-throttling-tgm-unregister-iothre.patch [bz#1655947]