import virt-v2v-1.42.0-21.module+el8.7.0+15868+7d816fcd
This commit is contained in:
parent
167e234e6b
commit
267be3daeb
@ -0,0 +1,98 @@
|
|||||||
|
From 87e5404d20ec54d16d22a7bb8f06ea91076c91f7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Wed, 25 May 2022 16:47:04 +0100
|
||||||
|
Subject: [PATCH] convert: If listing RPM applications fails, rebuild DB and
|
||||||
|
retry
|
||||||
|
|
||||||
|
In libguestfs before commit 488245ed6c ("daemon: rpm: Check return
|
||||||
|
values from librpm calls") we didn't bother to check the return values
|
||||||
|
from any librpm calls. In some cases where the RPM database is
|
||||||
|
faulty, this caused us to return a zero-length array of applications
|
||||||
|
(but no error indication). Libguestfs has subsequently been fixed so
|
||||||
|
now it returns an error if the RPM database is corrupt.
|
||||||
|
|
||||||
|
This commit changes virt-v2v behaviour so that if either
|
||||||
|
guestfs_inspect_list_applications2 returns a zero-length list (ie. old
|
||||||
|
libguestfs) or it throws an error (new libguestfs) then we attempt to
|
||||||
|
rebuild the RPM database and retry the operation. Rebuilding the
|
||||||
|
database can recover from some but not all RPM DB corruption.
|
||||||
|
|
||||||
|
See-also: https://bugzilla.redhat.com/show_bug.cgi?id=2089623#c12
|
||||||
|
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2089623
|
||||||
|
Reported-by: Xiaodai Wang
|
||||||
|
Reported-by: Ming Xie
|
||||||
|
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit 31bf5db25bcfd8a9f5a48cc0523abae28861de9a)
|
||||||
|
---
|
||||||
|
v2v/inspect_source.ml | 34 ++++++++++++++++++++++++++++++++--
|
||||||
|
1 file changed, 32 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/v2v/inspect_source.ml b/v2v/inspect_source.ml
|
||||||
|
index b8a3c8ad..554fde1d 100644
|
||||||
|
--- a/v2v/inspect_source.ml
|
||||||
|
+++ b/v2v/inspect_source.ml
|
||||||
|
@@ -34,6 +34,7 @@ let rec inspect_source root_choice g =
|
||||||
|
reject_if_not_installed_image g root;
|
||||||
|
|
||||||
|
let typ = g#inspect_get_type root in
|
||||||
|
+ let package_format = g#inspect_get_package_format root in
|
||||||
|
|
||||||
|
(* Mount up the filesystems. *)
|
||||||
|
let mps = g#inspect_get_mountpoints root in
|
||||||
|
@@ -71,7 +72,7 @@ let rec inspect_source root_choice g =
|
||||||
|
) mps;
|
||||||
|
|
||||||
|
(* Get list of applications/packages installed. *)
|
||||||
|
- let apps = g#inspect_list_applications2 root in
|
||||||
|
+ let apps = list_applications g root package_format in
|
||||||
|
let apps = Array.to_list apps in
|
||||||
|
|
||||||
|
(* A map of app2_name -> application2, for easier lookups. Note
|
||||||
|
@@ -106,7 +107,7 @@ let rec inspect_source root_choice g =
|
||||||
|
i_arch = g#inspect_get_arch root;
|
||||||
|
i_major_version = g#inspect_get_major_version root;
|
||||||
|
i_minor_version = g#inspect_get_minor_version root;
|
||||||
|
- i_package_format = g#inspect_get_package_format root;
|
||||||
|
+ i_package_format = package_format;
|
||||||
|
i_package_management = g#inspect_get_package_management root;
|
||||||
|
i_product_name = g#inspect_get_product_name root;
|
||||||
|
i_product_variant = g#inspect_get_product_variant root;
|
||||||
|
@@ -186,6 +187,35 @@ and reject_if_not_installed_image g root =
|
||||||
|
if fmt <> "installed" then
|
||||||
|
error (f_"libguestfs thinks this is not an installed operating system (it might be, for example, an installer disk or live CD). If this is wrong, it is probably a bug in libguestfs. root=%s fmt=%s") root fmt
|
||||||
|
|
||||||
|
+(* Wrapper around g#inspect_list_applications2 which, for RPM
|
||||||
|
+ * guests, on failure tries to rebuild the RPM database before
|
||||||
|
+ * repeating the operation.
|
||||||
|
+ *)
|
||||||
|
+and list_applications g root = function
|
||||||
|
+ | "rpm" ->
|
||||||
|
+ (* RPM guest.
|
||||||
|
+ *
|
||||||
|
+ * In libguestfs before commit 488245ed6c ("daemon: rpm: Check
|
||||||
|
+ * return values from librpm calls"), a corrupt RPM database
|
||||||
|
+ * would return an empty array here with no exception. Hence
|
||||||
|
+ * the check below which turns empty array => exception. In
|
||||||
|
+ * libguestfs after that commit, inspect_list_applications2
|
||||||
|
+ * will raise an exception if it detects a corrupt RPM database.
|
||||||
|
+ *)
|
||||||
|
+ (try
|
||||||
|
+ let apps = g#inspect_list_applications2 root in
|
||||||
|
+ if apps = [||] then raise (G.Error "no applications returned");
|
||||||
|
+ apps
|
||||||
|
+ with G.Error msg ->
|
||||||
|
+ debug "%s" msg;
|
||||||
|
+ debug "rebuilding RPM database and retrying ...";
|
||||||
|
+ ignore (g#sh "rpmdb --rebuilddb");
|
||||||
|
+ g#inspect_list_applications2 root
|
||||||
|
+ )
|
||||||
|
+ | _ ->
|
||||||
|
+ (* Non-RPM guest, just do it. *)
|
||||||
|
+ g#inspect_list_applications2 root
|
||||||
|
+
|
||||||
|
(* See if this guest could use UEFI to boot. It should use GPT and
|
||||||
|
* it should have an EFI System Partition (ESP).
|
||||||
|
*
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,53 @@
|
|||||||
|
From 5852b85eaa174dfb87ce7a03b9f70e2bffac4ca4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Wed, 29 Jun 2022 15:44:27 +0200
|
||||||
|
Subject: [PATCH] update common submodule for CVE-2022-2211 fix
|
||||||
|
|
||||||
|
$ git shortlog 9e990f3e4530..35467027f657
|
||||||
|
|
||||||
|
Laszlo Ersek (1):
|
||||||
|
options: fix buffer overflow in get_keys() [CVE-2022-2211]
|
||||||
|
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit 795d5dfcef77fc54fec4d237bda28571454a6d4e)
|
||||||
|
---
|
||||||
|
common | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
Submodule common be09523d..1174b443:
|
||||||
|
diff --git a/common/options/keys.c b/common/options/keys.c
|
||||||
|
index 798315c..d27a712 100644
|
||||||
|
--- a/common/options/keys.c
|
||||||
|
+++ b/common/options/keys.c
|
||||||
|
@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)
|
||||||
|
char **
|
||||||
|
get_keys (struct key_store *ks, const char *device, const char *uuid)
|
||||||
|
{
|
||||||
|
- size_t i, j, len;
|
||||||
|
+ size_t i, j, nmemb;
|
||||||
|
char **r;
|
||||||
|
char *s;
|
||||||
|
|
||||||
|
/* We know the returned list must have at least one element and not
|
||||||
|
* more than ks->nr_keys.
|
||||||
|
*/
|
||||||
|
- len = 1;
|
||||||
|
- if (ks)
|
||||||
|
- len = MIN (1, ks->nr_keys);
|
||||||
|
- r = calloc (len+1, sizeof (char *));
|
||||||
|
+ nmemb = 1;
|
||||||
|
+ if (ks && ks->nr_keys > nmemb)
|
||||||
|
+ nmemb = ks->nr_keys;
|
||||||
|
+
|
||||||
|
+ /* make room for the terminating NULL */
|
||||||
|
+ if (nmemb == (size_t)-1)
|
||||||
|
+ error (EXIT_FAILURE, 0, _("size_t overflow"));
|
||||||
|
+ nmemb++;
|
||||||
|
+
|
||||||
|
+ r = calloc (nmemb, sizeof (char *));
|
||||||
|
if (r == NULL)
|
||||||
|
error (EXIT_FAILURE, errno, "calloc");
|
||||||
|
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -10,7 +10,7 @@
|
|||||||
Name: virt-v2v
|
Name: virt-v2v
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 1.42.0
|
Version: 1.42.0
|
||||||
Release: 19%{?dist}
|
Release: 21%{?dist}
|
||||||
Summary: Convert a virtual machine to run on KVM
|
Summary: Convert a virtual machine to run on KVM
|
||||||
|
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
@ -86,6 +86,8 @@ Patch0047: 0047-v2v-Cope-with-libvirt-vpx-esx-driver-which-does-not-.patch
|
|||||||
Patch0048: 0048-o-rhv-upload-wait-for-VM-creation-task.patch
|
Patch0048: 0048-o-rhv-upload-wait-for-VM-creation-task.patch
|
||||||
Patch0049: 0049-tests-Add-test-of-i-ova-from-a-directory.patch
|
Patch0049: 0049-tests-Add-test-of-i-ova-from-a-directory.patch
|
||||||
Patch0050: 0050-v2v-i-ova-Fix-parsing-if-OVA-directory-name-has-a-tr.patch
|
Patch0050: 0050-v2v-i-ova-Fix-parsing-if-OVA-directory-name-has-a-tr.patch
|
||||||
|
Patch0051: 0051-convert-If-listing-RPM-applications-fails-rebuild-DB.patch
|
||||||
|
Patch0052: 0052-update-common-submodule-for-CVE-2022-2211-fix.patch
|
||||||
|
|
||||||
# Patches which apply to the common/ submodule.
|
# Patches which apply to the common/ submodule.
|
||||||
# These have to be hand-modified.
|
# These have to be hand-modified.
|
||||||
@ -329,11 +331,14 @@ rm $RPM_BUILD_ROOT%{_mandir}/man1/virt-v2v-test-harness.1*
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Apr 26 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.42.0-19
|
* Tue Jul 05 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.42.0-21
|
||||||
- Fix assertion failure when parsing OVA dir with trailing slash
|
- Fix assertion failure when parsing OVA dir with trailing slash
|
||||||
resolves: rhbz#2028823
|
resolves: rhbz#2028823
|
||||||
- For -o rhv-upload wait for VM creation task
|
- For -o rhv-upload wait for VM creation task
|
||||||
resolves: rhbz#1985827
|
resolves: rhbz#1985827
|
||||||
|
- If listing RPM applications fails, rebuild DB and retry (2089623)
|
||||||
|
- Fix CVE-2022-2211 Denial of Service in --key parameter
|
||||||
|
resolves: rhbz#2102720
|
||||||
|
|
||||||
* Wed Nov 24 2021 Richard W.M. Jones <rjones@redhat.com> - 1:1.42.0-18
|
* Wed Nov 24 2021 Richard W.M. Jones <rjones@redhat.com> - 1:1.42.0-18
|
||||||
- Additional fix for backing file specified without backing format
|
- Additional fix for backing file specified without backing format
|
||||||
|
Loading…
Reference in New Issue
Block a user