- Update to version 2.0.7

* This is a bug fix release
- Drop patch contained in new tarball
  CVE-2022-2211-options-fix-buffer-overflow-in-get_keys.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/virt-v2v?expand=0&rev=32

CVE-2022-2211-options-fix-buffer-overflow-in-get_keys.patch

@@ -1,116 +0,0 @@
-Subject: options: fix buffer overflow in get_keys() [CVE-2022-2211]
-From: Laszlo Ersek lersek@redhat.com Tue Jun 28 13:49:04 2022 +0200
-Date: Wed Jun 29 15:17:17 2022 +0200:
-Git: 35467027f657de76aca34b48a6f23e9608b23a57
-
-When calculating the greatest possible number of matching keys in
-get_keys(), the current expression
-
-  MIN (1, ks->nr_keys)
-
-is wrong -- it will return at most 1.
-
-If all "nr_keys" keys match however, then we require "nr_keys" non-NULL
-entries in the result array; in other words, we need
-
-  MAX (1, ks->nr_keys)
-
-(The comment just above the expression is correct; the code is wrong.)
-
-This buffer overflow is easiest to trigger in those guestfs tools that
-parse the "--key" option in C; that is, with "OPTION_key". For example,
-the command
-
-$ virt-cat $(seq -f '--key /dev/sda2:key:%g' 200) -d DOMAIN /no-such-file
-
-which passes 200 (different) passphrases for the LUKS-encrypted block
-device "/dev/sda2", crashes with a SIGSEGV.
-
-A slightly better reproducer from Rich Jones is the following, since it
-doesn't require an encrypted guest disk image:
-
-$ echo TEST | guestfish --keys-from-stdin -N part luks-format /dev/sda1 0
-$ virt-cat $(seq -f '--key /dev/sda1:key:%g' 200) -a test1.img /no-such-file
-Segmentation fault (core dumped)
-$ rm test1.img
-
-(
-
-  The buffer overflow is possible to trigger in OCaml-language tools as
-  well; that is, those that call "create_standard_options" with
-  ~key_opts:true.
-
-  Triggering the problem that way is less trivial. The reason is that when
-  the OCaml tools parse the "--key" options, they de-duplicate the options
-  first, based on the device identifier.
-
-  Thus, in theory, this de-duplication masks the issue, as (one would
-  think) only one "--key" option could belong to a single device, and
-  therefore the buffer overflow would not be triggered in practice.
-
-  This is not the case however: the de-duplication does not collapse keys
-  that are provided for the same device, but use different identifier
-  types (such as pathname of device node versus LUKS UUID) -- in that
-  situation, two entries in the keystore will match the device, and the
-  terminating NULL entry will not be present once get_keys() returns. In
-  this scenario, we don't have an out-of-bounds write, but an
-  out-of-bounds read, in decrypt_mountables() [options/decrypt.c].
-
-  There is *yet another* bug in get_keys() though that undoes the above
-  "masking". The "uuid" parameter of get_keys() may be NULL (for example
-  when the device to decrypt uses BitLocker and not LUKS). When this
-  happens, get_keys() adds all keys in the keystore to the result array.
-  Therefore, the out-of-bounds write is easy to trigger with
-  OCaml-language tools as well, as long as we attempt to decrypt a
-  BitLocker (not LUKS) device, and we pass the "--key" options with
-  different device identifiers.
-
-  Subsequent patches in this series fix all of the above; this patch fixes
-  the security bug.
-
-)
-
-Rather than replacing MIN with MAX, open-code the comparison, as we first
-set "len" to 1 anyway.
-
-While at it, rework the NULL-termination such that the (len+1) addition
-not go unchecked.
-
-Fixes: c10c8baedb88e7c2988a01b70fc5f81fa8e4885c
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100862
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20220628114915.5030-2-lersek@redhat.com>
-Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
-
---- a/common/options/keys.c
-+++ b/common/options/keys.c
-@@ -128,17 +128,23 @@ read_first_line_from_file (const char *f
- char **
- get_keys (struct key_store *ks, const char *device, const char *uuid)
- {
--  size_t i, j, len;
-+  size_t i, j, nmemb;
-   char **r;
-   char *s;
- 
-   /* We know the returned list must have at least one element and not
-    * more than ks->nr_keys.
-    */
--  len = 1;
--  if (ks)
--    len = MIN (1, ks->nr_keys);
--  r = calloc (len+1, sizeof (char *));
-+  nmemb = 1;
-+  if (ks && ks->nr_keys > nmemb)
-+    nmemb = ks->nr_keys;
-+
-+  /* make room for the terminating NULL */
-+  if (nmemb == (size_t)-1)
-+    error (EXIT_FAILURE, 0, _("size_t overflow"));
-+  nmemb++;
-+
-+  r = calloc (nmemb, sizeof (char *));
-   if (r == NULL)
-     error (EXIT_FAILURE, errno, "calloc");
- 

virt-v2v-2.0.6.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e5eba9f7960340334100c06e1380bf84d0d730c53cdf587fefbfab7c889aca15
-size 4022694

virt-v2v-2.0.6.tar.gz.sig

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmKPUfYRHHJpY2hAYW5u
-ZXhpYS5vcmcACgkQkXOPc+G3aKAr5Q/9E5XizPbQPS47zjQqwY1oS12+R26rRBHR
-WEoBXz8t64xAfUpsYN+LNp/auYKel/Bs7k4br34DzjqtxNOR4HZINbQUyd/cY/nI
-iP9803liXX9z09X2cn52+H2HQ+GGnQhmls3y9d2asZJosw5wjDArUUgvr8Wv+5zn
-DPYfdqauBNLvHSs1Sbhol5mExofW4L6l/rgPLCyO205uPYylPwZH1E8AfAew4dmW
-8iQ2K/AJHBFNKD85ntwV3DKeTRlQxGrh4DkMtVOea+YOKRoqNZVAN5I+WkYQTSWj
-beY4CYnNdfxEO81bNbA1r1sLGpSKf0Dyj/CFzjfYr3nxWMJevmmv1DdkKZGgE0o8
-ve7Coy32WR0b/uCWq4DlFylhYb3PwKoVbcwmHSu18Hd9OZWsltm97ddFqrGLnQg9
-9b9TPtBnhmQRnBY+0AD/lU0xneMfpLZrXo9GstVmH0WvVt5NCyjYxC9xMJvF1S3j
-1m9FZXiLkspB7vvA4aRi6o98AhbGQmRPNe2BZ7SYmJyCleRecWx1Ikv+1ryctbLj
-piWXBBKYZ/ESA1X3LDK9l6JhY0uMGlvqQq3o7W1dCS5UkviSIo9rZOJ7OVAZaED+
-WvphZ4ScUQWgKzqj6wp6ysQscIMaQ1C9qaRjFFt46Ma1KnQo2rnoZ5xdNhE0Ha7w
-osjxDokdICA=
-=nBN0
------END PGP SIGNATURE-----

virt-v2v-2.0.7.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:89b8cdabd04a57c0addb11be043e0f8102d2586590ace493ee849201efde7ba3
+size 7702629

virt-v2v-2.0.7.tar.gz.sig

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmLFq4sRHHJpY2hAYW5u
+ZXhpYS5vcmcACgkQkXOPc+G3aKCdDg/+LQr8ro5P9iKSDRNwLJ4jHmoXOqZVkSqO
+KHk+kHuqFwSruEHxVGZwf9jYBNOuGD9K1d6AFWfYbRS2jEZpiA22ZX1Ym67PF5Fp
+dw72BmWHBOzJ8YO6vauvpaRNLPypSgr3RwJUPlRYw847MFDrn71EVOBv7dqwVp0q
+LqBk1wj/M3wKVV2DL8u0JE+CArSmqYSCCnyl2oq0VfIlhYbPQ4iprqTr5HWdd2fs
+Mc0JkQiuYLoV3V7MP8U0qncktABZ/6gNuTSiUAsWLGSLaH67MNEfqjF4OyEU95cA
+qivB53LEIebIAO07E9bLeFeXx7WLZsPI3Ms5m+aFWqjCLHl7h0qarHsrMMe+SBI6
+aSK+BzPzVHfzrqGRnL+95EQI0Vw9g5yLkxkm69KYGbukMulFdGgI24cGqHKEFadu
+NbrSE/6ydkdKS8NGKeyM+Y5RMoWh379nQcksj8dB6Vv2NV31KQvde9mFxnV92FOn
+1gYbIRwKPM1cc3VF6E3qlmIuBq59vagsJ/rcKg8fe8LNpNiOfi+Cmk8gYs9WuDFH
+/RWCYd3XMWxYQ5ZGi3rCVw4ijZbdHGwc1+sH9/ExLGDVuUJQfJ0fpdjR4mYnghav
+tFKc6EjxJknCR7D4HahVdzFbT/XrD0KpQ5JxToLDA3o7ecPJ42ExfKL53OwYjM/t
+LUUDntYK6sk=
+=Grra
+-----END PGP SIGNATURE-----

virt-v2v.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Jul 12 16:03:38 MDT 2022 - carnold@suse.com
+
+- Update to version 2.0.7
+  * This is a bug fix release
+- Drop patch contained in new tarball
+  CVE-2022-2211-options-fix-buffer-overflow-in-get_keys.patch
+
 -------------------------------------------------------------------
 Wed Jun 29 09:51:03 MDT 2022 - carnold@suse.com
 

virt-v2v.spec

@@ -22,7 +22,7 @@
 # The source directory.
 %global source_directory 2.0-stable
 Name:           virt-v2v
-Version:        2.0.6
+Version:        2.0.7
 Release:        0
 Summary:        Tools to convert a virtual machine to run on KVM
 License:        GPL-2.0-or-later
@@ -30,7 +30,7 @@ Group:          System/Management
 URL:            https://github.com/libguestfs/virt-v2v
 Source0:        https://download.libguestfs.org/virt-v2v/%{source_directory}/%{name}-%{version}.tar.gz
 Source1:        https://download.libguestfs.org/virt-v2v/%{source_directory}/%{name}-%{version}.tar.gz.sig
-Patch1:         CVE-2022-2211-options-fix-buffer-overflow-in-get_keys.patch
+
 BuildRequires:  augeas-devel
 BuildRequires:  file-devel
 #BuildRequires: /usr/bin/pod2man