Fix escaping of nbdkit-vddk-plugin export parameter

resolves: RHEL-102734
2025-07-10 20:03:53 +01:00 · 2025-07-10 20:03:53 +01:00 · 77496488a3
commit 77496488a3
parent b099d8081c
14 changed files with 95 additions and 26 deletions
--- a/0007-input-input_vddk.ml-Fix-escaping-of-export-.-paramet.patch
+++ b/0007-input-input_vddk.ml-Fix-escaping-of-export-.-paramet.patch
@ -0,0 +1,66 @@
+From 5461976e229873a203062848c0de30e70067b3fb Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 10 Jul 2025 09:13:54 +0100
+Subject: [PATCH] input/input_vddk.ml: Fix escaping of export=... parameter
+
+Commit b49ee14368 ("input: vddk: Use single nbdkit-vddk-plugin
+instance with exports") switched to using the new nbdkit-vddk-plugin
+export feature, where we can run a single nbdkit instance and choose
+which disk we want to see using the NBD protocol exportname feature.
+
+As part of this, we are required to set an export parameter, which is
+a wildcard that all exportnames must match.  This is a safety feature
+so that nbdkit will only serve a subset of the VMware files, instead
+of allowing anyone who can attach to the nbdkit socket to read any
+file on the server.  (The socket is further protected by not being
+readable to users other than the user running virt-v2v.)
+
+We compute this by doing a longest common prefix of all the disk names
+associated with a guest.
+
+Ming Xie found a case where this failed.  Given two names called:
+
+  "[datastore1 (3)] esx8.0-win11-efi-secureboot-with-vtpm-and-turn-on-bitlocker/esx8.0-win11-efi-secureboot-with-vtpm-and-turn-on-bitlocker.vmdk"
+  "[datastore1 (3)] esx8.0-win11-efi-secureboot-with-vtpm-and-turn-on-bitlocker/esx8.0-win11-efi-secureboot-with-vtpm-and-turn-on-bitlocker_1.vmdk"
+
+we computed the wildcard:
+
+  "\[datastore1 (3)\] esx8.0-win11-efi-secureboot-with-vtpm-and-turn-on-bitlocker/esx8.0-win11-efi-secureboot-with-vtpm-and-turn-on-bitlocker\*.vmdk"
+
+However the escaping is wrong.  We correctly escape the '[' and ']'
+characters, but incorrectly escape the '*' character (which is meant
+to be a wildcard).
+
+This caused failure to convert when a guest has multiple disks and
+nbdkit >= 1.44 is installed.
+
+Reported-by: Ming Xie
+Fixes: commit 076727e55f4d4fed246097d3f89ebfe83e3de88f
+Fixes: https://issues.redhat.com/browse/RHEL-102734
+---
+ input/input_vddk.ml | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/input/input_vddk.ml b/input/input_vddk.ml
+index fc09c532..e88befa2 100644
+--- a/input/input_vddk.ml
+++ b/input/input_vddk.ml
+@@ -418,7 +418,7 @@ See also the virt-v2v-input-vmware(1) manual.") libNN
+         let wildcard =
+           match files with
+           | [] -> assert false (* can't happen, see assert above *)
+-          | [f] -> f
+          | [f] -> fnmatch_escape f
+           | files ->
+              (* Calculate the longest common prefix across all the files,
+               * then set the wildcard to this.
+@@ -426,8 +426,7 @@ See also the virt-v2v-input-vmware(1) manual.") libNN
+               * XXX Is every file we want to read called *.vmdk?
+               *)
+              let prefix = String.longest_common_prefix files in
+-             prefix ^ "*.vmdk" in
+-        let wildcard = fnmatch_escape wildcard in
+             fnmatch_escape prefix ^ "*.vmdk" in
+ 
+         let socket = sprintf "%s/in0" dir in
+         On_exit.unlink socket;
--- a/0008-RHEL-Fixes-for-libguestfs-winsupport.patch
+++ b/0008-RHEL-Fixes-for-libguestfs-winsupport.patch
@ -1,4 +1,4 @@
-From 9936298e0fcfd8dd7e59e9546bda6d9c6f0f250d Mon Sep 17 00:00:00 2001
+From 30fbc31e3f120bbcd7f2f672b7ab3bbcce2d30b8 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Sun, 30 Aug 2015 03:21:57 -0400
 Subject: [PATCH] RHEL: Fixes for libguestfs-winsupport.
--- a/0009-RHEL-v2v-Select-correct-qemu-binary-for-o-qemu-mode-.patch
+++ b/0009-RHEL-v2v-Select-correct-qemu-binary-for-o-qemu-mode-.patch
@ -1,4 +1,4 @@
-From 584811b0cd9b42ab239ba6e4f39a366faf54bbbc Mon Sep 17 00:00:00 2001
+From a662fb76d04dba110b2a3a99a211fd00acc2d3c0 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Sun, 28 Sep 2014 19:14:43 +0100
 Subject: [PATCH] RHEL: v2v: Select correct qemu binary for -o qemu mode
--- a/0010-RHEL-v2v-Disable-the-qemu-boot-oo-qemu-boot-option-R.patch
+++ b/0010-RHEL-v2v-Disable-the-qemu-boot-oo-qemu-boot-option-R.patch
@ -1,4 +1,4 @@
-From 6d1f3fcb6c5aa2a8805604def4c6a07d7b2db4f3 Mon Sep 17 00:00:00 2001
+From fb42730cfdf1aab60907ec1e89b81d813706d854 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 30 Sep 2014 10:50:27 +0100
 Subject: [PATCH] RHEL: v2v: Disable the --qemu-boot / -oo qemu-boot option
--- a/0011-RHEL-Fix-list-of-supported-sound-cards-to-match-RHEL.patch
+++ b/0011-RHEL-Fix-list-of-supported-sound-cards-to-match-RHEL.patch
@ -1,4 +1,4 @@
-From 92630606fcd96402742b56f7ba51c50828cff4b3 Mon Sep 17 00:00:00 2001
+From 0be0dc4ba3ea7c2c0b18da752c8f1623745e7799 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Fri, 24 Apr 2015 09:45:41 -0400
 Subject: [PATCH] RHEL: Fix list of supported sound cards to match RHEL qemu
--- a/0012-RHEL-v2v-i-disk-force-VNC-as-display-RHBZ-1372671.patch
+++ b/0012-RHEL-v2v-i-disk-force-VNC-as-display-RHBZ-1372671.patch
@ -1,4 +1,4 @@
-From c81f440ff00ca0dfafccbfad46b9d8707d96c7f9 Mon Sep 17 00:00:00 2001
+From ff2f899c058ab778866994185577c95e67357199 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Thu, 2 Mar 2017 14:21:37 +0100
 Subject: [PATCH] RHEL: v2v: -i disk: force VNC as display (RHBZ#1372671)
--- a/0013-RHEL-point-to-KB-for-supported-v2v-hypervisors-guest.patch
+++ b/0013-RHEL-point-to-KB-for-supported-v2v-hypervisors-guest.patch
@ -1,4 +1,4 @@
-From c97ccc32ceb443f01950f2d8745413deb6848afa Mon Sep 17 00:00:00 2001
+From 2b0b7dcf7320c4d6168b0338c1bc30e046e50818 Mon Sep 17 00:00:00 2001
 From: Pino Toscano <ptoscano@redhat.com>
 Date: Tue, 26 Mar 2019 09:42:25 +0100
 Subject: [PATCH] RHEL: point to KB for supported v2v hypervisors/guests
--- a/0014-RHEL-Remove-input-from-Xen.patch
+++ b/0014-RHEL-Remove-input-from-Xen.patch
@ -1,4 +1,4 @@
-From fe169b7a7647d3dbf723ce07f5da37f697677e06 Mon Sep 17 00:00:00 2001
+From 0de752b6dc94d76c0af910595072783d60103e5c Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Mon, 8 Jul 2024 09:35:54 +0100
 Subject: [PATCH] RHEL: Remove input from Xen
--- a/0015-RHEL-Remove-o-glance.patch
+++ b/0015-RHEL-Remove-o-glance.patch
@ -1,4 +1,4 @@
-From 72a651dfa3de1dfff58b7454860cf872d0baedd3 Mon Sep 17 00:00:00 2001
+From cba913549d610ece1c8debcd6829359fbe8ce66c Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Wed, 30 Jun 2021 11:15:52 +0100
 Subject: [PATCH] RHEL: Remove -o glance
--- a/0016-RHEL-tests-Remove-btrfs-test.patch
+++ b/0016-RHEL-tests-Remove-btrfs-test.patch
@ -1,4 +1,4 @@
-From 26291b59b8735fc1efc8be282067bd1c18d747f3 Mon Sep 17 00:00:00 2001
+From 8d74d632ab8faa9d4a784cbbad53e0f525309973 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 5 Jul 2022 11:58:09 +0100
 Subject: [PATCH] RHEL: tests: Remove btrfs test
--- a/0017-RHEL-Remove-block-driver-option.patch
+++ b/0017-RHEL-Remove-block-driver-option.patch
@ -1,4 +1,4 @@
-From f26534ee1cfec5fe3d02e437d8340cf11dd48b54 Mon Sep 17 00:00:00 2001
+From e15edbfd3a69426dfa624108669e5cce86f1d4bc Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Fri, 28 Apr 2023 12:28:19 +0100
 Subject: [PATCH] RHEL: Remove --block-driver option
--- a/0018-RHEL-Remove-o-ovirt-o-ovirt-upload-and-o-vdsm-modes.patch
+++ b/0018-RHEL-Remove-o-ovirt-o-ovirt-upload-and-o-vdsm-modes.patch
@ -1,4 +1,4 @@
-From fe727ba294110fe49244760176751d605288e246 Mon Sep 17 00:00:00 2001
+From 898c60041ed7ff57d87969ec7830a1611529ec7c Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Mon, 8 Jul 2024 09:56:54 +0100
 Subject: [PATCH] RHEL: Remove -o ovirt, -o ovirt-upload and -o vdsm modes
--- a/0019-RHEL-Add-warning-about-virt-v2v-in-place-not-being-s.patch
+++ b/0019-RHEL-Add-warning-about-virt-v2v-in-place-not-being-s.patch
@ -1,4 +1,4 @@
-From 73632b2c2ab525059c788162d801a59f05161355 Mon Sep 17 00:00:00 2001
+From 2cf49985ecbad6f7dad863a487f6aa581800dc31 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 9 Jul 2024 11:30:09 +0100
 Subject: [PATCH] RHEL: Add warning about virt-v2v-in-place not being supported
--- a/virt-v2v.spec
+++ b/virt-v2v.spec
@ -7,7 +7,7 @@
 Name:          virt-v2v
 Epoch:         1
 Version:       2.8.1
-Release:       2%{?dist}
+Release:       3%{?dist}
 Summary:       Convert a virtual machine to run on KVM

 License:       GPL-2.0-or-later AND LGPL-2.0-or-later
@ -33,18 +33,19 @@ Patch0003:     0003-docs-Move-oo-verify-server-certificate-docs-to-alpha.patch
 Patch0004:     0004-o-kubevirt-Add-oo-disk-to-allow-disk-names-to-be-ove.patch
 Patch0005:     0005-output-Add-optional-create-parameter.patch
 Patch0006:     0006-o-kubevirt-Add-oo-create-false-to-avoid-disk-creatio.patch
-Patch0007:     0007-RHEL-Fixes-for-libguestfs-winsupport.patch
-Patch0008:     0008-RHEL-v2v-Select-correct-qemu-binary-for-o-qemu-mode-.patch
-Patch0009:     0009-RHEL-v2v-Disable-the-qemu-boot-oo-qemu-boot-option-R.patch
-Patch0010:     0010-RHEL-Fix-list-of-supported-sound-cards-to-match-RHEL.patch
-Patch0011:     0011-RHEL-v2v-i-disk-force-VNC-as-display-RHBZ-1372671.patch
-Patch0012:     0012-RHEL-point-to-KB-for-supported-v2v-hypervisors-guest.patch
-Patch0013:     0013-RHEL-Remove-input-from-Xen.patch
-Patch0014:     0014-RHEL-Remove-o-glance.patch
-Patch0015:     0015-RHEL-tests-Remove-btrfs-test.patch
-Patch0016:     0016-RHEL-Remove-block-driver-option.patch
-Patch0017:     0017-RHEL-Remove-o-ovirt-o-ovirt-upload-and-o-vdsm-modes.patch
-Patch0018:     0018-RHEL-Add-warning-about-virt-v2v-in-place-not-being-s.patch
+Patch0007:     0007-input-input_vddk.ml-Fix-escaping-of-export-.-paramet.patch
+Patch0008:     0008-RHEL-Fixes-for-libguestfs-winsupport.patch
+Patch0009:     0009-RHEL-v2v-Select-correct-qemu-binary-for-o-qemu-mode-.patch
+Patch0010:     0010-RHEL-v2v-Disable-the-qemu-boot-oo-qemu-boot-option-R.patch
+Patch0011:     0011-RHEL-Fix-list-of-supported-sound-cards-to-match-RHEL.patch
+Patch0012:     0012-RHEL-v2v-i-disk-force-VNC-as-display-RHBZ-1372671.patch
+Patch0013:     0013-RHEL-point-to-KB-for-supported-v2v-hypervisors-guest.patch
+Patch0014:     0014-RHEL-Remove-input-from-Xen.patch
+Patch0015:     0015-RHEL-Remove-o-glance.patch
+Patch0016:     0016-RHEL-tests-Remove-btrfs-test.patch
+Patch0017:     0017-RHEL-Remove-block-driver-option.patch
+Patch0018:     0018-RHEL-Remove-o-ovirt-o-ovirt-upload-and-o-vdsm-modes.patch
+Patch0019:     0019-RHEL-Add-warning-about-virt-v2v-in-place-not-being-s.patch

 %if !0%{?rhel}
 # libguestfs hasn't been built on i686 for a while since there is no
@ -335,7 +336,7 @@ done


 %changelog
-* Wed Jul 09 2025 Richard W.M. Jones <rjones@redhat.com> - 1:2.8.1-2
+* Thu Jul 10 2025 Richard W.M. Jones <rjones@redhat.com> - 1:2.8.1-3
 - Rebase to virt-v2v 2.8.1
  related: RHEL-81735
 - Fix virt-v2v -v --install dnf5 error
@ -370,6 +371,8 @@ done
  resolves: RHEL-102619
 - Add -o kubevirt -oo disk and -oo create options
  resolves: RHEL-101599
+- Fix escaping of nbdkit-vddk-plugin export parameter
+  resolves: RHEL-102734

 * Tue Feb 11 2025 Richard W.M. Jones <rjones@redhat.com> - 1:2.7.1-4
 - Rebase to virt-v2v 2.7.1