import virt-v2v-1.42.0-21.module+el8.7.0+15868+7d816fcd

This commit is contained in:
CentOS Sources 2022-09-20 23:08:07 +00:00 committed by Stepan Oksanichenko
parent 167e234e6b
commit 267be3daeb
3 changed files with 158 additions and 2 deletions

View File

@ -0,0 +1,98 @@
From 87e5404d20ec54d16d22a7bb8f06ea91076c91f7 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 25 May 2022 16:47:04 +0100
Subject: [PATCH] convert: If listing RPM applications fails, rebuild DB and
retry
In libguestfs before commit 488245ed6c ("daemon: rpm: Check return
values from librpm calls") we didn't bother to check the return values
from any librpm calls. In some cases where the RPM database is
faulty, this caused us to return a zero-length array of applications
(but no error indication). Libguestfs has subsequently been fixed so
now it returns an error if the RPM database is corrupt.
This commit changes virt-v2v behaviour so that if either
guestfs_inspect_list_applications2 returns a zero-length list (ie. old
libguestfs) or it throws an error (new libguestfs) then we attempt to
rebuild the RPM database and retry the operation. Rebuilding the
database can recover from some but not all RPM DB corruption.
See-also: https://bugzilla.redhat.com/show_bug.cgi?id=2089623#c12
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2089623
Reported-by: Xiaodai Wang
Reported-by: Ming Xie
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 31bf5db25bcfd8a9f5a48cc0523abae28861de9a)
---
v2v/inspect_source.ml | 34 ++++++++++++++++++++++++++++++++--
1 file changed, 32 insertions(+), 2 deletions(-)
diff --git a/v2v/inspect_source.ml b/v2v/inspect_source.ml
index b8a3c8ad..554fde1d 100644
--- a/v2v/inspect_source.ml
+++ b/v2v/inspect_source.ml
@@ -34,6 +34,7 @@ let rec inspect_source root_choice g =
reject_if_not_installed_image g root;
let typ = g#inspect_get_type root in
+ let package_format = g#inspect_get_package_format root in
(* Mount up the filesystems. *)
let mps = g#inspect_get_mountpoints root in
@@ -71,7 +72,7 @@ let rec inspect_source root_choice g =
) mps;
(* Get list of applications/packages installed. *)
- let apps = g#inspect_list_applications2 root in
+ let apps = list_applications g root package_format in
let apps = Array.to_list apps in
(* A map of app2_name -> application2, for easier lookups. Note
@@ -106,7 +107,7 @@ let rec inspect_source root_choice g =
i_arch = g#inspect_get_arch root;
i_major_version = g#inspect_get_major_version root;
i_minor_version = g#inspect_get_minor_version root;
- i_package_format = g#inspect_get_package_format root;
+ i_package_format = package_format;
i_package_management = g#inspect_get_package_management root;
i_product_name = g#inspect_get_product_name root;
i_product_variant = g#inspect_get_product_variant root;
@@ -186,6 +187,35 @@ and reject_if_not_installed_image g root =
if fmt <> "installed" then
error (f_"libguestfs thinks this is not an installed operating system (it might be, for example, an installer disk or live CD). If this is wrong, it is probably a bug in libguestfs. root=%s fmt=%s") root fmt
+(* Wrapper around g#inspect_list_applications2 which, for RPM
+ * guests, on failure tries to rebuild the RPM database before
+ * repeating the operation.
+ *)
+and list_applications g root = function
+ | "rpm" ->
+ (* RPM guest.
+ *
+ * In libguestfs before commit 488245ed6c ("daemon: rpm: Check
+ * return values from librpm calls"), a corrupt RPM database
+ * would return an empty array here with no exception. Hence
+ * the check below which turns empty array => exception. In
+ * libguestfs after that commit, inspect_list_applications2
+ * will raise an exception if it detects a corrupt RPM database.
+ *)
+ (try
+ let apps = g#inspect_list_applications2 root in
+ if apps = [||] then raise (G.Error "no applications returned");
+ apps
+ with G.Error msg ->
+ debug "%s" msg;
+ debug "rebuilding RPM database and retrying ...";
+ ignore (g#sh "rpmdb --rebuilddb");
+ g#inspect_list_applications2 root
+ )
+ | _ ->
+ (* Non-RPM guest, just do it. *)
+ g#inspect_list_applications2 root
+
(* See if this guest could use UEFI to boot. It should use GPT and
* it should have an EFI System Partition (ESP).
*
--
2.31.1

View File

@ -0,0 +1,53 @@
From 5852b85eaa174dfb87ce7a03b9f70e2bffac4ca4 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 29 Jun 2022 15:44:27 +0200
Subject: [PATCH] update common submodule for CVE-2022-2211 fix
$ git shortlog 9e990f3e4530..35467027f657
Laszlo Ersek (1):
options: fix buffer overflow in get_keys() [CVE-2022-2211]
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 795d5dfcef77fc54fec4d237bda28571454a6d4e)
---
common | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Submodule common be09523d..1174b443:
diff --git a/common/options/keys.c b/common/options/keys.c
index 798315c..d27a712 100644
--- a/common/options/keys.c
+++ b/common/options/keys.c
@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)
char **
get_keys (struct key_store *ks, const char *device, const char *uuid)
{
- size_t i, j, len;
+ size_t i, j, nmemb;
char **r;
char *s;
/* We know the returned list must have at least one element and not
* more than ks->nr_keys.
*/
- len = 1;
- if (ks)
- len = MIN (1, ks->nr_keys);
- r = calloc (len+1, sizeof (char *));
+ nmemb = 1;
+ if (ks && ks->nr_keys > nmemb)
+ nmemb = ks->nr_keys;
+
+ /* make room for the terminating NULL */
+ if (nmemb == (size_t)-1)
+ error (EXIT_FAILURE, 0, _("size_t overflow"));
+ nmemb++;
+
+ r = calloc (nmemb, sizeof (char *));
if (r == NULL)
error (EXIT_FAILURE, errno, "calloc");
--
2.31.1

View File

@ -10,7 +10,7 @@
Name: virt-v2v Name: virt-v2v
Epoch: 1 Epoch: 1
Version: 1.42.0 Version: 1.42.0
Release: 19%{?dist} Release: 21%{?dist}
Summary: Convert a virtual machine to run on KVM Summary: Convert a virtual machine to run on KVM
License: GPLv2+ License: GPLv2+
@ -86,6 +86,8 @@ Patch0047: 0047-v2v-Cope-with-libvirt-vpx-esx-driver-which-does-not-.patch
Patch0048: 0048-o-rhv-upload-wait-for-VM-creation-task.patch Patch0048: 0048-o-rhv-upload-wait-for-VM-creation-task.patch
Patch0049: 0049-tests-Add-test-of-i-ova-from-a-directory.patch Patch0049: 0049-tests-Add-test-of-i-ova-from-a-directory.patch
Patch0050: 0050-v2v-i-ova-Fix-parsing-if-OVA-directory-name-has-a-tr.patch Patch0050: 0050-v2v-i-ova-Fix-parsing-if-OVA-directory-name-has-a-tr.patch
Patch0051: 0051-convert-If-listing-RPM-applications-fails-rebuild-DB.patch
Patch0052: 0052-update-common-submodule-for-CVE-2022-2211-fix.patch
# Patches which apply to the common/ submodule. # Patches which apply to the common/ submodule.
# These have to be hand-modified. # These have to be hand-modified.
@ -329,11 +331,14 @@ rm $RPM_BUILD_ROOT%{_mandir}/man1/virt-v2v-test-harness.1*
%changelog %changelog
* Tue Apr 26 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.42.0-19 * Tue Jul 05 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.42.0-21
- Fix assertion failure when parsing OVA dir with trailing slash - Fix assertion failure when parsing OVA dir with trailing slash
resolves: rhbz#2028823 resolves: rhbz#2028823
- For -o rhv-upload wait for VM creation task - For -o rhv-upload wait for VM creation task
resolves: rhbz#1985827 resolves: rhbz#1985827
- If listing RPM applications fails, rebuild DB and retry (2089623)
- Fix CVE-2022-2211 Denial of Service in --key parameter
resolves: rhbz#2102720
* Wed Nov 24 2021 Richard W.M. Jones <rjones@redhat.com> - 1:1.42.0-18 * Wed Nov 24 2021 Richard W.M. Jones <rjones@redhat.com> - 1:1.42.0-18
- Additional fix for backing file specified without backing format - Additional fix for backing file specified without backing format