diff --git a/CVE-2022-2211.patch b/CVE-2022-2211.patch new file mode 100644 index 0000000000000000000000000000000000000000..30a77d08623a0da061066d73804bfe16ade6d44a --- /dev/null +++ b/CVE-2022-2211.patch @@ -0,0 +1,69 @@ +diff -Naru libguestfs-1.40.2/common/options/keys.c libguestfs-1.40.2-new/common/options/keys.c +--- libguestfs-1.40.2/common/options/keys.c 2022-07-19 16:38:26.845447000 +0800 ++++ libguestfs-1.40.2-new/common/options/keys.c 2022-07-19 16:38:58.466582000 +0800 +@@ -124,32 +124,54 @@ + char * + get_key (struct key_store *ks, const char *device) + { +- size_t i; ++ size_t i, j, nmemb; ++ char **r; ++ char *s; ++ ++ /* We know the returned list must have at least one element and not ++ * more than ks->nr_keys. ++ */ ++ nmemb = 1; ++ if (ks && ks->nr_keys > nmemb) ++ nmemb = ks->nr_keys; ++ ++ /* make room for the terminating NULL */ ++ if (nmemb == (size_t)-1) ++ error (EXIT_FAILURE, 0, _("size_t overflow")); ++ nmemb++; ++ ++ r = calloc (nmemb, sizeof (char *)); ++ if (r == NULL) ++ error (EXIT_FAILURE, errno, "calloc"); + ++ j = 0; + if (ks) { + for (i = 0; i < ks->nr_keys; ++i) { + struct key_store_key *key = &ks->keys[i]; +- char *s; +- + if (STRNEQ (key->device, device)) + continue; +- + switch (key->type) { + case key_string: + s = strdup (key->string.s); + if (!s) + error (EXIT_FAILURE, errno, "strdup"); +- return s; ++ r[j++] = s; ++ break; + case key_file: +- return read_first_line_from_file (key->file.name); ++ s = read_first_line_from_file (key->file.name); ++ r[j++] = s; ++ break; + } +- +- /* Key not found in the key store, ask the user for it. */ +- break; + } + } +- +- return read_key (device); ++ if (j == 0) { ++ /* Key not found in the key store, ask the user for it. */ ++ s = read_key (device); ++ if (!s) ++ error (EXIT_FAILURE, 0, _("could not read key from user")); ++ r[0] = s; ++ } ++ return r; + } + + struct key_store * diff --git a/libguestfs.spec b/libguestfs.spec index 304409fcf1b9f9bd1e984f651d7d9b9139c9d48a..e113dd2523b3979b39ff96487204c5fe7540736a 100644 --- a/libguestfs.spec +++ b/libguestfs.spec @@ -4,7 +4,7 @@ Name: libguestfs Version: 1.40.2 -Release: 12 +Release: 13 Epoch: 1 Summary: A set of tools for accessing and modifying virtual machine (VM) disk images License: LGPLv2+ @@ -13,6 +13,8 @@ Source0: http://download.libguestfs.org/1.40-stable/libguestfs-1.40.2.tar. Source1: guestfish.sh Source2: yum.conf.in Patch0000: 0002-fts-remove-NOSTAT_LEAF_OPTIMIZATION.patch +# https://github.com/libguestfs/libguestfs-common/commit/35467027f657de76aca34b48a6f23e9608b23a57 +Patch0001: CVE-2022-2211.patch BuildRequires: gcc-c++, rpcgen, libtirpc-devel, supermin-devel >= 5.1.18, hivex-devel >= 1.2.7-7, ocaml-hivex-devel, perl(Pod::Simple), perl(Pod::Man) BuildRequires: /usr/bin/pod2text, po4a, augeas-devel >= 1.7.0, readline-devel, genisoimage, libxml2-devel, createrepo, glibc-static, libselinux-utils @@ -378,6 +380,9 @@ install -m 0644 utils/boot-benchmark/boot-benchmark.1 $RPM_BUILD_ROOT%{_mandir}/ %exclude %{_mandir}/man1/virt-tar.1* %changelog +* Fri Jul 15 2022 yanghuan - 1:1.40.2-13 +- Fix CVE-2022-2211 + * Tue 20 Jul 2021 sunguoshuai - 1:1.40.2-12 - No /var/cache/yum in build environment and add test incase no cached rpms.