[Libguestfs] [libguestfs-common PATCH 00/12] LUKS decryption with Clevis+Tang | CVE-2022-2211
Laszlo Ersek
lersek at redhat.com
Tue Jun 28 11:49:03 UTC 2022
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100862
Please refer to the parent cover letter
<https://listman.redhat.com/archives/libguestfs/2022-June/029274.html>
regarding the relationship between the CVE fix and the larger series.
The first four patches are bugfixes (of varying importance).
The rest are refactorings and feature-let additions, intermixed as
needed.
Thanks,
Laszlo
Laszlo Ersek (12):
options: fix buffer overflow in get_keys() [CVE-2022-2211]
options: fix UUID comparison logic bug in get_keys()
mltools/tools_utils: remove unused function "key_store_to_cli"
mltools/tools_utils: allow multiple "--key" options for OCaml tools
too
options: replace NULL-termination with number-of-elements in
get_keys()
options: wrap each passphrase from get_keys() into a struct
options: add back-end for LUKS decryption with Clevis+Tang
options: introduce selector tpe "key_clevis"
options: generalize "--key" selector parsing for C-language utilities
mltools/tools_utils: generalize "--key" selector parsing for OCaml
utils
options, mltools/tools_utils: parse "--key ID:clevis" options
options, mltools/tools_utils: add helper for network dependency
mltools/tools_utils-c.c | 47 ++++---
mltools/tools_utils.ml | 51 ++++----
mltools/tools_utils.mli | 12 +-
options/decrypt.c | 24 ++--
options/key-option.pod | 9 ++
options/keys.c | 130 ++++++++++++++------
options/options.h | 19 ++-
7 files changed, 195 insertions(+), 97 deletions(-)
--
2.19.1.3.g30247aa5d201
More information about the Libguestfs
mailing list