[Libguestfs] [libguestfs-common PATCH 00/12] LUKS decryption with Clevis+Tang | CVE-2022-2211

[Laszlo Ersek]

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100862

Please refer to the parent cover letter
<https://listman.redhat.com/archives/libguestfs/2022-June/029274.html>
regarding the relationship between the CVE fix and the larger series.

The first four patches are bugfixes (of varying importance).

The rest are refactorings and feature-let additions, intermixed as
needed.

Thanks,
Laszlo

Laszlo Ersek (12):
  options: fix buffer overflow in get_keys() [CVE-2022-2211]
  options: fix UUID comparison logic bug in get_keys()
  mltools/tools_utils: remove unused function "key_store_to_cli"
  mltools/tools_utils: allow multiple "--key" options for OCaml tools
    too
  options: replace NULL-termination with number-of-elements in
    get_keys()
  options: wrap each passphrase from get_keys() into a struct
  options: add back-end for LUKS decryption with Clevis+Tang
  options: introduce selector tpe "key_clevis"
  options: generalize "--key" selector parsing for C-language utilities
  mltools/tools_utils: generalize "--key" selector parsing for OCaml
    utils
  options, mltools/tools_utils: parse "--key ID:clevis" options
  options, mltools/tools_utils: add helper for network dependency

 mltools/tools_utils-c.c |  47 ++++---
 mltools/tools_utils.ml  |  51 ++++----
 mltools/tools_utils.mli |  12 +-
 options/decrypt.c       |  24 ++--
 options/key-option.pod  |   9 ++
 options/keys.c          | 130 ++++++++++++++------
 options/options.h       |  19 ++-
 7 files changed, 195 insertions(+), 97 deletions(-)

-- 
2.19.1.3.g30247aa5d201