diff --git a/.gitignore b/.gitignore index 10a929e..4f086e2 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libosinfo-1.5.0.tar.gz +SOURCES/libosinfo-1.8.0.tar.xz diff --git a/.libosinfo.metadata b/.libosinfo.metadata index 77ca966..9df0a3a 100644 --- a/.libosinfo.metadata +++ b/.libosinfo.metadata @@ -1 +1 @@ -0ec54e6e1972c4fbfc97179f943d4f9a2902b879 SOURCES/libosinfo-1.5.0.tar.gz +49c18e72a894422ef88c1df8a940375b4ad5792a SOURCES/libosinfo-1.8.0.tar.xz diff --git a/SOURCES/0001-db-Avoid-dereference-of-null-pointer.patch b/SOURCES/0001-db-Avoid-dereference-of-null-pointer.patch deleted file mode 100644 index e6947a8..0000000 --- a/SOURCES/0001-db-Avoid-dereference-of-null-pointer.patch +++ /dev/null @@ -1,62 +0,0 @@ -From cb509ad153a35053e1e003d73fd0ece53bd2c3d8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= -Date: Tue, 21 May 2019 13:01:26 +0200 -Subject: [PATCH 1/3] db: Avoid dereference of null pointer -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -As any consumer of libosinfo API may pass NULL as the @matched argument -of compare_tree(), the current code could be dereferencing a NULL -pointer when calling `osinfo_tree_set_os()`. - -In order to avoid doing so, let's set the os to the OsinfoTree at the -moment the @matched argument is set. - -Signed-off-by: Fabiano Fidêncio -Reviewed-by: Cole Robinson -(cherry picked from commit 949ad5e05480470ba1a5913fbec538314807dfc2) ---- - osinfo/osinfo_db.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/osinfo/osinfo_db.c b/osinfo/osinfo_db.c -index b7da2b7..c4cd1e4 100644 ---- a/osinfo/osinfo_db.c -+++ b/osinfo/osinfo_db.c -@@ -790,6 +790,7 @@ static gboolean compare_tree(OsinfoTree *tree, - OsinfoTreeList *tree_list = osinfo_os_get_tree_list(os); - GList *trees = osinfo_list_get_elements(OSINFO_LIST(tree_list)); - GList *tree_iter; -+ gboolean found = FALSE; - - for (tree_iter = trees; tree_iter; tree_iter = tree_iter->next) { - OsinfoTree *os_tree = OSINFO_TREE(tree_iter->data); -@@ -820,8 +821,11 @@ static gboolean compare_tree(OsinfoTree *tree, - match_regex(os_treeinfo_version, treeinfo_version) && - match_regex(os_treeinfo_arch, treeinfo_arch)) { - *ret_os = os; -- if (matched != NULL) -+ if (matched != NULL) { - *matched = os_tree; -+ osinfo_tree_set_os(*matched, *ret_os); -+ found = TRUE; -+ } - break; - } - } -@@ -829,10 +833,8 @@ static gboolean compare_tree(OsinfoTree *tree, - g_list_free(trees); - g_object_unref(tree_list); - -- if (*ret_os != NULL) { -- osinfo_tree_set_os(*matched, *ret_os); -+ if (found) - return TRUE; -- } - } - - return FALSE; --- -2.21.0 - diff --git a/SOURCES/0002-tree-Avoid-use-of-memory-after-it-s-freed.patch b/SOURCES/0002-tree-Avoid-use-of-memory-after-it-s-freed.patch deleted file mode 100644 index d607cf9..0000000 --- a/SOURCES/0002-tree-Avoid-use-of-memory-after-it-s-freed.patch +++ /dev/null @@ -1,50 +0,0 @@ -From d1baaf2946513be06f97ab66e7845e14073add3d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= -Date: Tue, 21 May 2019 13:29:18 +0200 -Subject: [PATCH 2/3] tree: Avoid use of memory after it's freed -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We've been passing data->location as the @url argument of -osinfo_tree_create_from_location_async_helper(), freeing it and trying -to g_strdup() it as the new content of data->location. - -In order to avoid doing so, let's set the data->location only once, in -the first caller of osinfo_tree_create_from_location_async_helper(), as -its content is always going to be the same doesn't matter the treeinfo -format to be used with. - -Signed-off-by: Fabiano Fidêncio -Reviewed-by: Cole Robinson -(cherry picked from commit d7bc838a96acf5f058e13d2b49157b4ba396cd87) ---- - osinfo/osinfo_tree.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/osinfo/osinfo_tree.c b/osinfo/osinfo_tree.c -index 88a2d6e..ab498f0 100644 ---- a/osinfo/osinfo_tree.c -+++ b/osinfo/osinfo_tree.c -@@ -702,9 +702,6 @@ osinfo_tree_create_from_location_async_helper(const gchar *url, - g_clear_object(&data->file); - data->file = g_file_new_for_uri(location); - -- g_free(data->location); -- data->location = g_strdup(url); -- - g_free(data->treeinfo); - data->treeinfo = g_strdup(treeinfo); - -@@ -740,6 +737,8 @@ void osinfo_tree_create_from_location_async(const gchar *location, - user_data); - g_task_set_priority(data->res, priority); - -+ data->location = g_strdup(location); -+ - osinfo_tree_create_from_location_async_helper(location, - ".treeinfo", - cancellable, --- -2.21.0 - diff --git a/SOURCES/0003-tree-Cleanup-_create_from_location_async_helper.patch b/SOURCES/0003-tree-Cleanup-_create_from_location_async_helper.patch deleted file mode 100644 index c5d4de8..0000000 --- a/SOURCES/0003-tree-Cleanup-_create_from_location_async_helper.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 97d60a2e53439d6ad1a462267c3bdf0f09a6f7c8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= -Date: Tue, 21 May 2019 13:33:27 +0200 -Subject: [PATCH 3/3] tree: Cleanup _create_from_location_async_helper() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There's no need to pass neither the URL nor the cancellable to this -function as those can be taken directly from data. - -Signed-off-by: Fabiano Fidêncio -Reviewed-by: Cole Robinson -(cherry picked from commit dfda02598034737610b69fdd08d62f62cbf5b0cb) ---- - osinfo/osinfo_tree.c | 27 ++++++++------------------- - 1 file changed, 8 insertions(+), 19 deletions(-) - -diff --git a/osinfo/osinfo_tree.c b/osinfo/osinfo_tree.c -index ab498f0..0f14276 100644 ---- a/osinfo/osinfo_tree.c -+++ b/osinfo/osinfo_tree.c -@@ -631,10 +631,8 @@ static OsinfoTree *load_keyinfo(const gchar *location, - } - - static void --osinfo_tree_create_from_location_async_helper(const gchar *url, -- const gchar *treeinfo, -- GCancellable *cancellable, -- CreateFromLocationAsyncData *data); -+osinfo_tree_create_from_location_async_helper(CreateFromLocationAsyncData *data, -+ const gchar *treeinfo); - - static void on_location_read(GObject *source, - GAsyncResult *res, -@@ -657,10 +655,7 @@ static void on_location_read(GObject *source, - /* It means no ".treeinfo" file has been found. Try again, this time - * looking for a "treeinfo" file. */ - if (g_str_equal(data->treeinfo, ".treeinfo")) { -- osinfo_tree_create_from_location_async_helper(data->location, -- "treeinfo", -- g_task_get_cancellable(data->res), -- data); -+ osinfo_tree_create_from_location_async_helper(data, "treeinfo"); - return; - } - -@@ -687,17 +682,14 @@ static void on_location_read(GObject *source, - } - - static void --osinfo_tree_create_from_location_async_helper(const gchar *url, -- const gchar *treeinfo, -- GCancellable *cancellable, -- CreateFromLocationAsyncData *data) -+osinfo_tree_create_from_location_async_helper(CreateFromLocationAsyncData *data, -+ const gchar *treeinfo) - { - gchar *location; - -- g_return_if_fail(url != NULL); - g_return_if_fail(treeinfo != NULL); - -- location = g_strdup_printf("%s/%s", url, treeinfo); -+ location = g_strdup_printf("%s/%s", data->location, treeinfo); - - g_clear_object(&data->file); - data->file = g_file_new_for_uri(location); -@@ -706,7 +698,7 @@ osinfo_tree_create_from_location_async_helper(const gchar *url, - data->treeinfo = g_strdup(treeinfo); - - g_file_load_contents_async(data->file, -- cancellable, -+ g_task_get_cancellable(data->res), - on_location_read, - data); - g_free(location); -@@ -739,10 +731,7 @@ void osinfo_tree_create_from_location_async(const gchar *location, - - data->location = g_strdup(location); - -- osinfo_tree_create_from_location_async_helper(location, -- ".treeinfo", -- cancellable, -- data); -+ osinfo_tree_create_from_location_async_helper(data, ".treeinfo"); - } - - --- -2.21.0 - diff --git a/SOURCES/0004-tools-install-script-Add-config-file-f-option.patch b/SOURCES/0004-tools-install-script-Add-config-file-f-option.patch deleted file mode 100644 index be355aa..0000000 --- a/SOURCES/0004-tools-install-script-Add-config-file-f-option.patch +++ /dev/null @@ -1,170 +0,0 @@ -From 08fb8316b4ac42fe74c1fa5ca0ac593222cdf81a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= -Date: Wed, 3 Jul 2019 14:55:24 +0200 -Subject: [PATCH] tools,install-script: Add --config-file (-f) option -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Let's add a new option so users can set their config from a file, -instead of directly passing the values via command-line. - -CVE-2019-13313 -Libosinfo: osinfo-install-script option leaks password via command line -argument. 'osinfo-install-script' is used to generate a script for -automated guest installations. It accepts user and admin passwords via -command line arguments, thus leaking them via process listing. - -Signed-off-by: Fabiano Fidêncio -Reviewed-by: Daniel P. Berrangé ---- - tools/osinfo-install-script.c | 103 +++++++++++++++++++++++++++++++++- - 1 file changed, 102 insertions(+), 1 deletion(-) - -diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c -index 15af48d..af58440 100644 ---- a/tools/osinfo-install-script.c -+++ b/tools/osinfo-install-script.c -@@ -37,6 +37,34 @@ static gboolean list_profile = FALSE; - static gboolean list_inj_method = FALSE; - static gboolean quiet = FALSE; - -+static const gchar *configs[] = { -+ OSINFO_INSTALL_CONFIG_PROP_HARDWARE_ARCH, -+ OSINFO_INSTALL_CONFIG_PROP_L10N_TIMEZONE, -+ OSINFO_INSTALL_CONFIG_PROP_L10N_LANGUAGE, -+ OSINFO_INSTALL_CONFIG_PROP_L10N_KEYBOARD, -+ OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD, -+ OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD, -+ OSINFO_INSTALL_CONFIG_PROP_USER_LOGIN, -+ OSINFO_INSTALL_CONFIG_PROP_USER_REALNAME, -+ OSINFO_INSTALL_CONFIG_PROP_USER_AUTOLOGIN, -+ OSINFO_INSTALL_CONFIG_PROP_USER_ADMIN, -+ OSINFO_INSTALL_CONFIG_PROP_REG_LOGIN, -+ OSINFO_INSTALL_CONFIG_PROP_REG_PASSWORD, -+ OSINFO_INSTALL_CONFIG_PROP_REG_PRODUCTKEY, -+ OSINFO_INSTALL_CONFIG_PROP_HOSTNAME, -+ OSINFO_INSTALL_CONFIG_PROP_TARGET_DISK, -+ OSINFO_INSTALL_CONFIG_PROP_SCRIPT_DISK, -+ OSINFO_INSTALL_CONFIG_PROP_AVATAR_LOCATION, -+ OSINFO_INSTALL_CONFIG_PROP_AVATAR_DISK, -+ OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_DISK, -+ OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_LOCATION, -+ OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_DISK, -+ OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION, -+ OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING, -+ OSINFO_INSTALL_CONFIG_PROP_INSTALLATION_URL, -+ NULL -+}; -+ - static OsinfoInstallConfig *config; - - static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED, -@@ -65,6 +93,47 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED, - } - - -+static gboolean handle_config_file(const gchar *option_name G_GNUC_UNUSED, -+ const gchar *value, -+ gpointer data G_GNUC_UNUSED, -+ GError **error) -+{ -+ GKeyFile *key_file = NULL; -+ gchar *val = NULL; -+ gsize i; -+ gboolean ret = FALSE; -+ -+ key_file = g_key_file_new(); -+ if (!g_key_file_load_from_file(key_file, value, G_KEY_FILE_NONE, error)) -+ goto error; -+ -+ for (i = 0; configs[i] != NULL; i++) { -+ val = g_key_file_get_string(key_file, "install-script", configs[i], error); -+ if (val == NULL) { -+ if (g_error_matches(*error, G_KEY_FILE_ERROR, -+ G_KEY_FILE_ERROR_KEY_NOT_FOUND)) { -+ g_clear_error(error); -+ continue; -+ } -+ -+ goto error; -+ } -+ -+ osinfo_entity_set_param(OSINFO_ENTITY(config), -+ configs[i], -+ val); -+ g_free(val); -+ } -+ -+ ret = TRUE; -+ -+error: -+ g_key_file_unref(key_file); -+ -+ return ret; -+} -+ -+ - static GOptionEntry entries[] = - { - { "profile", 'p', 0, G_OPTION_ARG_STRING, (void*)&profile, -@@ -78,6 +147,9 @@ static GOptionEntry entries[] = - { "config", 'c', 0, G_OPTION_ARG_CALLBACK, - handle_config, - N_("Set configuration parameter"), "key=value" }, -+ { "config-file", 'f', 0, G_OPTION_ARG_CALLBACK, -+ handle_config_file, -+ N_("Set configuration parameters"), "file:///path/to/config/file" }, - { "list-config", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_config, - N_("List configuration parameters"), NULL }, - { "list-profiles", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_profile, -@@ -448,6 +520,15 @@ script. Defaults to C, but can also be C. - - Set the configuration parameter C to C. - -+=item B<--config-file=config-file> -+ -+Set the configurations parameters according to the config-file passed. -+ -+Note that use of --config-file is strongly recommended if the user or -+admin passwords need to be set. Providing passwords directly using -+B<--config=> is insecure as the password is visible to all processes -+and users on the same host. -+ - =back - - =head1 CONFIGURATION KEYS -@@ -510,9 +591,29 @@ The software registration user password - - =back - -+=head1 CONFIGURATION FILE FORMAT -+ -+The configuration file must consist in a file which contains a -+`install-script` group and, under this group, C=C -+pairs, as shown below: -+ -+[install-script] -+l10n-timezone=GMT -+l10n-keyboard=uk -+l10n-language=en_GB -+admin-password=123456 -+user-login=berrange -+user-password=123456 -+user-realname="Daniel P Berrange" -+ - =head1 EXAMPLE USAGE - --The following usage generates a Fedora 16 kickstart script -+The following usages generates a Fedora 16 kickstart script -+ -+ # osinfo-install-script \ -+ --profile jeos \ -+ --config-file /path/to/config/file \ -+ fedora16 - - # osinfo-install-script \ - --profile jeos \ --- -2.21.0 - diff --git a/SOURCES/0005-tools-install-script-Deprecate-config-user-admin-pas.patch b/SOURCES/0005-tools-install-script-Deprecate-config-user-admin-pas.patch deleted file mode 100644 index 3889bfd..0000000 --- a/SOURCES/0005-tools-install-script-Deprecate-config-user-admin-pas.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 3654abee6ead9f11f8bb9ba8fc71efd6fa4dabbc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= -Date: Wed, 3 Jul 2019 14:59:07 +0200 -Subject: [PATCH] tools,install-script: Deprecate --config - {user,admin}-password -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Let's deprecate user-password and admin-password options of --config and -also warn out whenever they're passed to osinfo-install-script. - -CVE-2019-13313 -Libosinfo: osinfo-install-script option leaks password via command line -argument. 'osinfo-install-script' is used to generate a script for -automated guest installations. It accepts user and admin passwords via -command line arguments, thus leaking them via process listing. - -Signed-off-by: Fabiano Fidêncio -Reviewed-by: Daniel P. Berrangé ---- - tools/osinfo-install-script.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c -index af58440..c0528e7 100644 ---- a/tools/osinfo-install-script.c -+++ b/tools/osinfo-install-script.c -@@ -85,6 +85,12 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED, - val++; - key = g_strndup(value, len); - -+ if (g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD) || -+ g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD)) { -+ g_warning("When setting user or admin password, use --config-file " -+ "instead.\n"); -+ } -+ - osinfo_entity_set_param(OSINFO_ENTITY(config), - key, - val); -@@ -556,10 +562,14 @@ The local language - =item C - - The administrator password -+This option has been deprecated, use B<--config-file> -+for setting the admin password. - - =item C - - The user password -+This option has been deprecated, use B<--config-file> -+for setting the user password. - - =item C - --- -2.21.0 - diff --git a/SPECS/libosinfo.spec b/SPECS/libosinfo.spec index e2a3c86..37b0aad 100644 --- a/SPECS/libosinfo.spec +++ b/SPECS/libosinfo.spec @@ -2,35 +2,31 @@ Summary: A library for managing OS information for virtualization Name: libosinfo -Version: 1.5.0 -Release: 3%{?dist}%{?extra_release} +Version: 1.8.0 +Release: 1%{?dist} License: LGPLv2+ -Group: Development/Libraries -Source: https://releases.pagure.io/%{name}/%{name}-%{version}.tar.gz +Source: https://releases.pagure.io/%{name}/%{name}-%{version}.tar.xz URL: https://libosinfo.org/ ### Patches ### -Patch0001: 0001-db-Avoid-dereference-of-null-pointer.patch -Patch0002: 0002-tree-Avoid-use-of-memory-after-it-s-freed.patch -Patch0003: 0003-tree-Cleanup-_create_from_location_async_helper.patch -Patch0004: 0004-tools-install-script-Add-config-file-f-option.patch -Patch0005: 0005-tools-install-script-Deprecate-config-user-admin-pas.patch -BuildRequires: git -BuildRequires: intltool -BuildRequires: glib2-devel >= 2.38 +BuildRequires: meson +BuildRequires: gcc +BuildRequires: gtk-doc +BuildRequires: gettext-devel +BuildRequires: glib2-devel BuildRequires: libxml2-devel >= 2.6.0 BuildRequires: libxslt-devel >= 1.0.0 +BuildRequires: libsoup-devel BuildRequires: vala -BuildRequires: vala-tools -BuildRequires: libcurl-devel BuildRequires: /usr/bin/pod2man BuildRequires: hwdata BuildRequires: gobject-introspection-devel +BuildRequires: osinfo-db +BuildRequires: git Requires: hwdata -Requires: osinfo-db >= 20181011-1 +Requires: osinfo-db Requires: osinfo-db-tools -Requires: gvfs %description libosinfo is a library that allows virtualization provisioning tools to @@ -39,10 +35,12 @@ combination. %package devel Summary: Libraries, includes, etc. to compile with the libosinfo library -Group: Development/Libraries Requires: %{name} = %{version}-%{release} Requires: pkgconfig Requires: glib2-devel +# -vala subpackage removed in F30 +Obsoletes: libosinfo-vala < 1.3.0-3 +Provides: libosinfo-vala = %{version}-%{release} %description devel libosinfo is a library that allows virtualization provisioning tools to @@ -51,47 +49,27 @@ combination. Libraries, includes, etc. to compile with the libosinfo library -%package vala -Summary: Vala bindings -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} - -%description vala -libosinfo is a library that allows virtualization provisioning tools to -determine the optimal device settings for a hypervisor/operating system -combination. - -This package provides the Vala bindings for libosinfo library. - %prep %autosetup -S git %build -autoreconf -vi -%configure --enable-introspection=yes --enable-vala=yes -%__make %{?_smp_mflags} V=1 - -chmod a-x examples/*.js examples/*.py +%meson \ + -Denable-gtk-doc=true \ + -Denable-tests=true \ + -Denable-introspection=enabled \ + -Denable-vala=enabled %install -rm -fr %{buildroot} -%__make install DESTDIR=%{buildroot} -rm -f %{buildroot}%{_libdir}/*.a -rm -f %{buildroot}%{_libdir}/*.la +%meson_install %find_lang %{name} %check -if ! make check -then - cat tests/test-suite.log || true - exit 1 -fi +%meson_test %ldconfig_scriptlets %files -f %{name}.lang -%defattr(-, root, root) %doc AUTHORS ChangeLog COPYING.LIB NEWS README %{_bindir}/osinfo-detect %{_bindir}/osinfo-query @@ -103,9 +81,6 @@ fi %{_libdir}/girepository-1.0/Libosinfo-1.0.typelib %files devel -%defattr(-, root, root) -%doc examples/demo.js -%doc examples/demo.py %{_libdir}/%{name}-1.0.so %dir %{_includedir}/%{name}-1.0/ %dir %{_includedir}/%{name}-1.0/osinfo/ @@ -114,11 +89,17 @@ fi %{_datadir}/gir-1.0/Libosinfo-1.0.gir %{_datadir}/gtk-doc/html/Libosinfo -%files vala -%defattr(-, root, root) +%dir %{_datadir}/vala +%dir %{_datadir}/vala/vapi +%{_datadir}/vala/vapi/libosinfo-1.0.deps %{_datadir}/vala/vapi/libosinfo-1.0.vapi %changelog +* Sun May 31 2020 Fabiano Fidêncio - 1.8.0-1 +- Resolves: rhbz#1815158 - Rebase to libosinfo the latest upstream release +- Resolves: rhbz#1754394 - Provide information about UEFI support for guests (libosinfo) +- Resolves: rhbz#1032520 - WHQL'ed drivers should be made available for Boxes/libosinfo users + * Wed Jul 10 2019 Fabiano Fidêncio - 1.5.0-3 - Resolves: rhbz#1727843 - CVE-2019-13313 libosinfo: osinfo-install-script option leaks password via command line argument