Re: [Libguestfs] LUKS decryption with Clevis+Tang | CVE-2022-2211

Hi, * in response to this cover letter, I'm going to post four series (one for each of libguestfs-common, libguestfs, guestfs-tools, virt-v2v). These four series implement LUKS decryption with Clevis+Tang: https://bugzilla.redhat.com/show_bug.cgi?id=1809453 * The first patch in the libguestfs-common series fixes a bug that I'd found while working on the feature, and ended up receiving a CVE number (CVE-2022-2211): https://bugzilla.redhat.com/show_bug.cgi?id=2100862 This patch is an integral part of the larger Clevis+Tang feature. However, it can be backported easily to stable branches that only want the bugfix. * Correspondingly, the first patch in the libguestfs series documents the new CVE (and updates the common submodule just enough to get the CVE fix). This patch should also be easy to backport to stable branches. A later patch in the libguestfs series updates the "common" submodule checkout to the end of the libguestfs-common series. * In each of the guestfs-tools and virt-v2v series, the full "common" submodule series is consumed right in the first patch, covering both the CVE fix and the new stuff needed for the Clevis feature. Thanks, Laszlo _______________________________________________ Libguestfs mailing list Libguestfs(a)redhat.com https://listman.redhat.com/mailman/listinfo/libguestfs