diff --git a/SOURCES/0051-convert-If-listing-RPM-applications-fails-rebuild-DB.patch b/SOURCES/0051-convert-If-listing-RPM-applications-fails-rebuild-DB.patch new file mode 100644 index 0000000..10069ed --- /dev/null +++ b/SOURCES/0051-convert-If-listing-RPM-applications-fails-rebuild-DB.patch @@ -0,0 +1,98 @@ +From 87e5404d20ec54d16d22a7bb8f06ea91076c91f7 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Wed, 25 May 2022 16:47:04 +0100 +Subject: [PATCH] convert: If listing RPM applications fails, rebuild DB and + retry + +In libguestfs before commit 488245ed6c ("daemon: rpm: Check return +values from librpm calls") we didn't bother to check the return values +from any librpm calls. In some cases where the RPM database is +faulty, this caused us to return a zero-length array of applications +(but no error indication). Libguestfs has subsequently been fixed so +now it returns an error if the RPM database is corrupt. + +This commit changes virt-v2v behaviour so that if either +guestfs_inspect_list_applications2 returns a zero-length list (ie. old +libguestfs) or it throws an error (new libguestfs) then we attempt to +rebuild the RPM database and retry the operation. Rebuilding the +database can recover from some but not all RPM DB corruption. + +See-also: https://bugzilla.redhat.com/show_bug.cgi?id=2089623#c12 +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2089623 +Reported-by: Xiaodai Wang +Reported-by: Ming Xie +Reviewed-by: Laszlo Ersek +(cherry picked from commit 31bf5db25bcfd8a9f5a48cc0523abae28861de9a) +--- + v2v/inspect_source.ml | 34 ++++++++++++++++++++++++++++++++-- + 1 file changed, 32 insertions(+), 2 deletions(-) + +diff --git a/v2v/inspect_source.ml b/v2v/inspect_source.ml +index b8a3c8ad..554fde1d 100644 +--- a/v2v/inspect_source.ml ++++ b/v2v/inspect_source.ml +@@ -34,6 +34,7 @@ let rec inspect_source root_choice g = + reject_if_not_installed_image g root; + + let typ = g#inspect_get_type root in ++ let package_format = g#inspect_get_package_format root in + + (* Mount up the filesystems. *) + let mps = g#inspect_get_mountpoints root in +@@ -71,7 +72,7 @@ let rec inspect_source root_choice g = + ) mps; + + (* Get list of applications/packages installed. *) +- let apps = g#inspect_list_applications2 root in ++ let apps = list_applications g root package_format in + let apps = Array.to_list apps in + + (* A map of app2_name -> application2, for easier lookups. Note +@@ -106,7 +107,7 @@ let rec inspect_source root_choice g = + i_arch = g#inspect_get_arch root; + i_major_version = g#inspect_get_major_version root; + i_minor_version = g#inspect_get_minor_version root; +- i_package_format = g#inspect_get_package_format root; ++ i_package_format = package_format; + i_package_management = g#inspect_get_package_management root; + i_product_name = g#inspect_get_product_name root; + i_product_variant = g#inspect_get_product_variant root; +@@ -186,6 +187,35 @@ and reject_if_not_installed_image g root = + if fmt <> "installed" then + error (f_"libguestfs thinks this is not an installed operating system (it might be, for example, an installer disk or live CD). If this is wrong, it is probably a bug in libguestfs. root=%s fmt=%s") root fmt + ++(* Wrapper around g#inspect_list_applications2 which, for RPM ++ * guests, on failure tries to rebuild the RPM database before ++ * repeating the operation. ++ *) ++and list_applications g root = function ++ | "rpm" -> ++ (* RPM guest. ++ * ++ * In libguestfs before commit 488245ed6c ("daemon: rpm: Check ++ * return values from librpm calls"), a corrupt RPM database ++ * would return an empty array here with no exception. Hence ++ * the check below which turns empty array => exception. In ++ * libguestfs after that commit, inspect_list_applications2 ++ * will raise an exception if it detects a corrupt RPM database. ++ *) ++ (try ++ let apps = g#inspect_list_applications2 root in ++ if apps = [||] then raise (G.Error "no applications returned"); ++ apps ++ with G.Error msg -> ++ debug "%s" msg; ++ debug "rebuilding RPM database and retrying ..."; ++ ignore (g#sh "rpmdb --rebuilddb"); ++ g#inspect_list_applications2 root ++ ) ++ | _ -> ++ (* Non-RPM guest, just do it. *) ++ g#inspect_list_applications2 root ++ + (* See if this guest could use UEFI to boot. It should use GPT and + * it should have an EFI System Partition (ESP). + * +-- +2.31.1 + diff --git a/SOURCES/0052-update-common-submodule-for-CVE-2022-2211-fix.patch b/SOURCES/0052-update-common-submodule-for-CVE-2022-2211-fix.patch new file mode 100644 index 0000000..ac5ec5e --- /dev/null +++ b/SOURCES/0052-update-common-submodule-for-CVE-2022-2211-fix.patch @@ -0,0 +1,53 @@ +From 5852b85eaa174dfb87ce7a03b9f70e2bffac4ca4 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 29 Jun 2022 15:44:27 +0200 +Subject: [PATCH] update common submodule for CVE-2022-2211 fix + +$ git shortlog 9e990f3e4530..35467027f657 + +Laszlo Ersek (1): + options: fix buffer overflow in get_keys() [CVE-2022-2211] + +Signed-off-by: Laszlo Ersek +(cherry picked from commit 795d5dfcef77fc54fec4d237bda28571454a6d4e) +--- + common | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Submodule common be09523d..1174b443: +diff --git a/common/options/keys.c b/common/options/keys.c +index 798315c..d27a712 100644 +--- a/common/options/keys.c ++++ b/common/options/keys.c +@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename) + char ** + get_keys (struct key_store *ks, const char *device, const char *uuid) + { +- size_t i, j, len; ++ size_t i, j, nmemb; + char **r; + char *s; + + /* We know the returned list must have at least one element and not + * more than ks->nr_keys. + */ +- len = 1; +- if (ks) +- len = MIN (1, ks->nr_keys); +- r = calloc (len+1, sizeof (char *)); ++ nmemb = 1; ++ if (ks && ks->nr_keys > nmemb) ++ nmemb = ks->nr_keys; ++ ++ /* make room for the terminating NULL */ ++ if (nmemb == (size_t)-1) ++ error (EXIT_FAILURE, 0, _("size_t overflow")); ++ nmemb++; ++ ++ r = calloc (nmemb, sizeof (char *)); + if (r == NULL) + error (EXIT_FAILURE, errno, "calloc"); + +-- +2.31.1 + diff --git a/SPECS/virt-v2v.spec b/SPECS/virt-v2v.spec index c018566..f672e99 100644 --- a/SPECS/virt-v2v.spec +++ b/SPECS/virt-v2v.spec @@ -10,7 +10,7 @@ Name: virt-v2v Epoch: 1 Version: 1.42.0 -Release: 19%{?dist} +Release: 21%{?dist} Summary: Convert a virtual machine to run on KVM License: GPLv2+ @@ -86,6 +86,8 @@ Patch0047: 0047-v2v-Cope-with-libvirt-vpx-esx-driver-which-does-not-.patch Patch0048: 0048-o-rhv-upload-wait-for-VM-creation-task.patch Patch0049: 0049-tests-Add-test-of-i-ova-from-a-directory.patch Patch0050: 0050-v2v-i-ova-Fix-parsing-if-OVA-directory-name-has-a-tr.patch +Patch0051: 0051-convert-If-listing-RPM-applications-fails-rebuild-DB.patch +Patch0052: 0052-update-common-submodule-for-CVE-2022-2211-fix.patch # Patches which apply to the common/ submodule. # These have to be hand-modified. @@ -329,11 +331,14 @@ rm $RPM_BUILD_ROOT%{_mandir}/man1/virt-v2v-test-harness.1* %changelog -* Tue Apr 26 2022 Richard W.M. Jones - 1:1.42.0-19 +* Tue Jul 05 2022 Richard W.M. Jones - 1:1.42.0-21 - Fix assertion failure when parsing OVA dir with trailing slash resolves: rhbz#2028823 - For -o rhv-upload wait for VM creation task resolves: rhbz#1985827 +- If listing RPM applications fails, rebuild DB and retry (2089623) +- Fix CVE-2022-2211 Denial of Service in --key parameter + resolves: rhbz#2102720 * Wed Nov 24 2021 Richard W.M. Jones - 1:1.42.0-18 - Additional fix for backing file specified without backing format