From b5bae8d5a2ebb6a7686a5290562268b01627863f Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mar 31 2020 09:33:30 +0000
Subject: import libosinfo-1.1.0-5.el7


---

diff --git a/SOURCES/0011-tools-install-script-Add-config-file-f-option.patch b/SOURCES/0011-tools-install-script-Add-config-file-f-option.patch
new file mode 100644
index 0000000..680af7b
--- /dev/null
+++ b/SOURCES/0011-tools-install-script-Add-config-file-f-option.patch
@@ -0,0 +1,169 @@
+From 08fb8316b4ac42fe74c1fa5ca0ac593222cdf81a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Wed, 3 Jul 2019 14:55:24 +0200
+Subject: [PATCH] tools,install-script: Add --config-file (-f) option
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Let's add a new option so users can set their config from a file,
+instead of directly passing the values via command-line.
+
+CVE-2019-13313
+Libosinfo: osinfo-install-script option leaks password via command line
+argument. 'osinfo-install-script' is used to generate a script for
+automated guest installations. It accepts user and admin passwords via
+command line arguments, thus leaking them via process listing.
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ tools/osinfo-install-script.c | 102 +++++++++++++++++++++++++++++++++-
+ 1 file changed, 101 insertions(+), 1 deletion(-)
+
+diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
+index 15af48d..af58440 100644
+--- a/tools/osinfo-install-script.c
++++ b/tools/osinfo-install-script.c
+@@ -37,6 +37,33 @@ static gboolean list_profile = FALSE;
+ static gboolean list_inj_method = FALSE;
+ static gboolean quiet = FALSE;
+ 
++static const gchar *configs[] = {
++    OSINFO_INSTALL_CONFIG_PROP_HARDWARE_ARCH,
++    OSINFO_INSTALL_CONFIG_PROP_L10N_TIMEZONE,
++    OSINFO_INSTALL_CONFIG_PROP_L10N_LANGUAGE,
++    OSINFO_INSTALL_CONFIG_PROP_L10N_KEYBOARD,
++    OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD,
++    OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD,
++    OSINFO_INSTALL_CONFIG_PROP_USER_LOGIN,
++    OSINFO_INSTALL_CONFIG_PROP_USER_REALNAME,
++    OSINFO_INSTALL_CONFIG_PROP_USER_AUTOLOGIN,
++    OSINFO_INSTALL_CONFIG_PROP_USER_ADMIN,
++    OSINFO_INSTALL_CONFIG_PROP_REG_LOGIN,
++    OSINFO_INSTALL_CONFIG_PROP_REG_PASSWORD,
++    OSINFO_INSTALL_CONFIG_PROP_REG_PRODUCTKEY,
++    OSINFO_INSTALL_CONFIG_PROP_HOSTNAME,
++    OSINFO_INSTALL_CONFIG_PROP_TARGET_DISK,
++    OSINFO_INSTALL_CONFIG_PROP_SCRIPT_DISK,
++    OSINFO_INSTALL_CONFIG_PROP_AVATAR_LOCATION,
++    OSINFO_INSTALL_CONFIG_PROP_AVATAR_DISK,
++    OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_DISK,
++    OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_LOCATION,
++    OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_DISK,
++    OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION,
++    OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
++    NULL
++};
++
+ static OsinfoInstallConfig *config;
+ 
+ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
+@@ -65,6 +93,47 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
+ }
+ 
+ 
++static gboolean handle_config_file(const gchar *option_name G_GNUC_UNUSED,
++                                   const gchar *value,
++                                   gpointer data G_GNUC_UNUSED,
++                                   GError **error)
++{
++    GKeyFile *key_file = NULL;
++    gchar *val = NULL;
++    gsize i;
++    gboolean ret = FALSE;
++
++    key_file = g_key_file_new();
++    if (!g_key_file_load_from_file(key_file, value, G_KEY_FILE_NONE, error))
++        goto error;
++
++    for (i = 0; configs[i] != NULL; i++) {
++        val = g_key_file_get_string(key_file, "install-script", configs[i], error);
++        if (val == NULL) {
++            if (g_error_matches(*error, G_KEY_FILE_ERROR,
++                                G_KEY_FILE_ERROR_KEY_NOT_FOUND)) {
++                g_clear_error(error);
++                continue;
++            }
++
++            goto error;
++        }
++
++        osinfo_entity_set_param(OSINFO_ENTITY(config),
++                                configs[i],
++                                val);
++        g_free(val);
++    }
++
++    ret = TRUE;
++
++error:
++    g_key_file_unref(key_file);
++
++    return ret;
++}
++
++
+ static GOptionEntry entries[] =
+ {
+     { "profile", 'p', 0, G_OPTION_ARG_STRING, (void*)&profile,
+@@ -78,6 +147,9 @@ static GOptionEntry entries[] =
+     { "config", 'c', 0, G_OPTION_ARG_CALLBACK,
+       handle_config,
+       N_("Set configuration parameter"), "key=value" },
++    { "config-file", 'f', 0, G_OPTION_ARG_CALLBACK,
++      handle_config_file,
++      N_("Set configuration parameters"), "file:///path/to/config/file" },
+     { "list-config", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_config,
+       N_("List configuration parameters"), NULL },
+     { "list-profiles", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_profile,
+@@ -448,6 +520,15 @@ script. Defaults to C<media>, but can also be C<network>.
+ 
+ Set the configuration parameter C<key> to C<value>.
+ 
++=item B<--config-file=config-file>
++
++Set the configurations parameters according to the config-file passed.
++
++Note that use of --config-file is strongly recommended if the user or
++admin passwords need to be set. Providing passwords directly using
++B<--config=> is insecure as the password is visible to all processes
++and users on the same host.
++
+ =back
+ 
+ =head1 CONFIGURATION KEYS
+@@ -510,9 +591,29 @@ The software registration user password
+ 
+ =back
+ 
++=head1 CONFIGURATION FILE FORMAT
++
++The configuration file must consist in a file which contains a
++`install-script` group and, under this group, C<key>=C<value>
++pairs, as shown below:
++
++[install-script]
++l10n-timezone=GMT
++l10n-keyboard=uk
++l10n-language=en_GB
++admin-password=123456
++user-login=berrange
++user-password=123456
++user-realname="Daniel P Berrange"
++
+ =head1 EXAMPLE USAGE
+ 
+-The following usage generates a Fedora 16 kickstart script
++The following usages generates a Fedora 16 kickstart script
++
++  # osinfo-install-script \
++         --profile jeos \
++         --config-file /path/to/config/file \
++         fedora16
+ 
+   # osinfo-install-script \
+          --profile jeos \
+-- 
+2.21.0
+
diff --git a/SOURCES/0012-tools-install-script-Deprecate-config-user-admin-pas.patch b/SOURCES/0012-tools-install-script-Deprecate-config-user-admin-pas.patch
new file mode 100644
index 0000000..3889bfd
--- /dev/null
+++ b/SOURCES/0012-tools-install-script-Deprecate-config-user-admin-pas.patch
@@ -0,0 +1,59 @@
+From 3654abee6ead9f11f8bb9ba8fc71efd6fa4dabbc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Wed, 3 Jul 2019 14:59:07 +0200
+Subject: [PATCH] tools,install-script: Deprecate --config
+ {user,admin}-password
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Let's deprecate user-password and admin-password options of --config and
+also warn out whenever they're passed to osinfo-install-script.
+
+CVE-2019-13313
+Libosinfo: osinfo-install-script option leaks password via command line
+argument. 'osinfo-install-script' is used to generate a script for
+automated guest installations. It accepts user and admin passwords via
+command line arguments, thus leaking them via process listing.
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ tools/osinfo-install-script.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
+index af58440..c0528e7 100644
+--- a/tools/osinfo-install-script.c
++++ b/tools/osinfo-install-script.c
+@@ -85,6 +85,12 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
+     val++;
+     key = g_strndup(value, len);
+ 
++    if (g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD) ||
++        g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD)) {
++        g_warning("When setting user or admin password, use --config-file "
++                  "instead.\n");
++    }
++
+     osinfo_entity_set_param(OSINFO_ENTITY(config),
+                             key,
+                             val);
+@@ -556,10 +562,14 @@ The local language
+ =item C<admin-password>
+ 
+ The administrator password
++This option has been deprecated, use B<--config-file>
++for setting the admin password.
+ 
+ =item C<user-password>
+ 
+ The user password
++This option has been deprecated, use B<--config-file>
++for setting the user password.
+ 
+ =item C<user-login>
+ 
+-- 
+2.21.0
+
diff --git a/SOURCES/0013-loader-Don-t-expand-entities-when-parsing-XML.patch b/SOURCES/0013-loader-Don-t-expand-entities-when-parsing-XML.patch
new file mode 100644
index 0000000..8916caa
--- /dev/null
+++ b/SOURCES/0013-loader-Don-t-expand-entities-when-parsing-XML.patch
@@ -0,0 +1,37 @@
+From f02004601780c9281a192293f963854e8ecf1179 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Mon, 12 Aug 2019 15:25:40 +0200
+Subject: [PATCH] loader: Don't expand entities when parsing XML
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The XML_PARSE_NOENT flag to libxml will cause it to expand all entities
+in the input XML document when parsing. Doing this is bad practice if the
+XML input file comes from an untrusted source, because it can cause the
+XML parser to load arbitrary files that are readable by the user running
+XML parsing.
+
+This is basically the same fix as 47233d0b9dc (from osinfo-db-tools)
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+---
+ osinfo/osinfo_loader.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/osinfo/osinfo_loader.c b/osinfo/osinfo_loader.c
+index 51bd8ac..833a7e5 100644
+--- a/osinfo/osinfo_loader.c
++++ b/osinfo/osinfo_loader.c
+@@ -1844,7 +1844,7 @@ static void osinfo_loader_process_xml(OsinfoLoader *loader,
+     pctxt->sax->error = catchXMLError;
+ 
+     xml = xmlCtxtReadDoc(pctxt, BAD_CAST xmlStr, src, NULL,
+-                         XML_PARSE_NOENT | XML_PARSE_NONET |
++                         XML_PARSE_NONET |
+                          XML_PARSE_NOWARNING);
+     if (!xml)
+         goto cleanup;
+-- 
+2.21.0
+
diff --git a/SOURCES/0014-install-script-Don-t-expand-entities-when-parsing-XM.patch b/SOURCES/0014-install-script-Don-t-expand-entities-when-parsing-XM.patch
new file mode 100644
index 0000000..9f906e0
--- /dev/null
+++ b/SOURCES/0014-install-script-Don-t-expand-entities-when-parsing-XM.patch
@@ -0,0 +1,37 @@
+From 518ac5029578b07471ed2aa15f6c924073075ddf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Mon, 12 Aug 2019 15:28:07 +0200
+Subject: [PATCH] install-script: Don't expand entities when parsing XML
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The XML_PARSE_NOENT flag to libxml will cause it to expand all entities
+in the input XML document when parsing. Doing this is bad practice if the
+XML input file comes from an untrusted source, because it can cause the
+XML parser to load arbitrary files that are readable by the user running
+XML parsing.
+
+This is basically the same fix as 47233d0b9dc (from osinfo-db-tools)
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+---
+ osinfo/osinfo_install_script.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/osinfo/osinfo_install_script.c b/osinfo/osinfo_install_script.c
+index 906fb83..5cd00a0 100644
+--- a/osinfo/osinfo_install_script.c
++++ b/osinfo/osinfo_install_script.c
+@@ -725,7 +725,7 @@ static xsltStylesheetPtr osinfo_install_script_load_template(const gchar *uri,
+     }
+ 
+     if (!(doc = xmlCtxtReadDoc(pctxt, BAD_CAST template, uri, NULL,
+-                               XML_PARSE_NOENT | XML_PARSE_NONET |
++                               XML_PARSE_NONET |
+                                XML_PARSE_NOWARNING))) {
+         g_set_error_literal(error, OSINFO_ERROR, 0,
+                             _("Unable to read XSL template"));
+-- 
+2.21.0
+
diff --git a/SPECS/libosinfo.spec b/SPECS/libosinfo.spec
index c9765c7..c9ecc3d 100644
--- a/SPECS/libosinfo.spec
+++ b/SPECS/libosinfo.spec
@@ -3,7 +3,7 @@
 Summary: A library for managing OS information for virtualization
 Name: libosinfo
 Version: 1.1.0
-Release: 3%{?dist}%{?extra_release}
+Release: 5%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
 Source: https://releases.pagure.io/%{name}/%{name}-%{version}.tar.gz
@@ -21,6 +21,12 @@ Patch0007: 0007-tree-Also-check-fore-treeinfo-in-addition-to-.treein.patch
 Patch0008: 0008-tree-Avoid-use-of-memory-after-it-s-freed.patch
 Patch0009: 0009-tree-Cleanup-_create_from_location_async_helper.patch
 Patch0010: 0010-db-improve-_guess_os_from_media-checks.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1727842
+Patch0011: 0011-tools-install-script-Add-config-file-f-option.patch
+Patch0012: 0012-tools-install-script-Deprecate-config-user-admin-pas.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1740212
+Patch0013: 0013-loader-Don-t-expand-entities-when-parsing-XML.patch
+Patch0014: 0014-install-script-Don-t-expand-entities-when-parsing-XM.patch
 
 BuildRequires: intltool
 BuildRequires: glib2-devel
@@ -125,6 +131,13 @@ rm -fr %{buildroot}
 %{_datadir}/vala/vapi/libosinfo-1.0.vapi
 
 %changelog
+* Tue Aug 13 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.1.0-5
+- Resolves: rhbz#1740212 - New defect found in libosinfo-1.1.0-4.el7
+
+* Fri Aug 02 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.1.0-4
+- Resolves: rhbz#1727842 - CVE-2019-13313 libosinfo: osinfo-install-script
+                           option leaks password via command line argument
+
 * Thu May 23 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.1.0-3
 - Resolves: rhbz#1712458 - [machines] The function of 'Auto-detect guest
                            operating system' is not available on rhel 7.7