diff --git a/.gitignore b/.gitignore index abf8eea..10a929e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libosinfo-1.2.0.tar.gz +SOURCES/libosinfo-1.5.0.tar.gz diff --git a/.libosinfo.metadata b/.libosinfo.metadata index dd7bd0f..77ca966 100644 --- a/.libosinfo.metadata +++ b/.libosinfo.metadata @@ -1 +1 @@ -e79bcc14f0506e75e8fd4a2845155d50dc493a85 SOURCES/libosinfo-1.2.0.tar.gz +0ec54e6e1972c4fbfc97179f943d4f9a2902b879 SOURCES/libosinfo-1.5.0.tar.gz diff --git a/SOURCES/0001-db-Avoid-dereference-of-null-pointer.patch b/SOURCES/0001-db-Avoid-dereference-of-null-pointer.patch new file mode 100644 index 0000000..e6947a8 --- /dev/null +++ b/SOURCES/0001-db-Avoid-dereference-of-null-pointer.patch @@ -0,0 +1,62 @@ +From cb509ad153a35053e1e003d73fd0ece53bd2c3d8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= +Date: Tue, 21 May 2019 13:01:26 +0200 +Subject: [PATCH 1/3] db: Avoid dereference of null pointer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +As any consumer of libosinfo API may pass NULL as the @matched argument +of compare_tree(), the current code could be dereferencing a NULL +pointer when calling `osinfo_tree_set_os()`. + +In order to avoid doing so, let's set the os to the OsinfoTree at the +moment the @matched argument is set. + +Signed-off-by: Fabiano Fidêncio +Reviewed-by: Cole Robinson +(cherry picked from commit 949ad5e05480470ba1a5913fbec538314807dfc2) +--- + osinfo/osinfo_db.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/osinfo/osinfo_db.c b/osinfo/osinfo_db.c +index b7da2b7..c4cd1e4 100644 +--- a/osinfo/osinfo_db.c ++++ b/osinfo/osinfo_db.c +@@ -790,6 +790,7 @@ static gboolean compare_tree(OsinfoTree *tree, + OsinfoTreeList *tree_list = osinfo_os_get_tree_list(os); + GList *trees = osinfo_list_get_elements(OSINFO_LIST(tree_list)); + GList *tree_iter; ++ gboolean found = FALSE; + + for (tree_iter = trees; tree_iter; tree_iter = tree_iter->next) { + OsinfoTree *os_tree = OSINFO_TREE(tree_iter->data); +@@ -820,8 +821,11 @@ static gboolean compare_tree(OsinfoTree *tree, + match_regex(os_treeinfo_version, treeinfo_version) && + match_regex(os_treeinfo_arch, treeinfo_arch)) { + *ret_os = os; +- if (matched != NULL) ++ if (matched != NULL) { + *matched = os_tree; ++ osinfo_tree_set_os(*matched, *ret_os); ++ found = TRUE; ++ } + break; + } + } +@@ -829,10 +833,8 @@ static gboolean compare_tree(OsinfoTree *tree, + g_list_free(trees); + g_object_unref(tree_list); + +- if (*ret_os != NULL) { +- osinfo_tree_set_os(*matched, *ret_os); ++ if (found) + return TRUE; +- } + } + + return FALSE; +-- +2.21.0 + diff --git a/SOURCES/0001-test-isodetect-replace-while-loop-with-for-loop.patch b/SOURCES/0001-test-isodetect-replace-while-loop-with-for-loop.patch deleted file mode 100644 index f9a9e4d..0000000 --- a/SOURCES/0001-test-isodetect-replace-while-loop-with-for-loop.patch +++ /dev/null @@ -1,39 +0,0 @@ -From c458e1aa57e3c55b56afee699112fa35a3839ba9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?V=C4=9Bra=20Cholasta?= -Date: Wed, 17 Oct 2018 19:22:59 +0200 -Subject: [PATCH] test-isodetect: replace while loop with for loop -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Reviewed-by: Fabiano Fidêncio ---- - tests/test-isodetect.c | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/tests/test-isodetect.c b/tests/test-isodetect.c -index 415770b..b3834b9 100644 ---- a/tests/test-isodetect.c -+++ b/tests/test-isodetect.c -@@ -388,8 +388,7 @@ static void test_one(const gchar *vendor) - - g_assert_nonnull(isos); - -- tmp = isos; -- while (tmp) { -+ for (tmp = isos; tmp; tmp = tmp->next) { - struct ISOInfo *info = tmp->data; - gboolean matched = osinfo_db_identify_media(db, info->media); - OsinfoOs *os; -@@ -406,8 +405,6 @@ static void test_one(const gchar *vendor) - g_assert_cmpstr(shortid, ==, info->shortid); - g_object_unref(G_OBJECT(os)); - test_langs(info); -- -- tmp = tmp->next; - } - - g_list_foreach(isos, (GFunc)free_iso, NULL); --- -2.19.1 - diff --git a/SOURCES/0002-test-isodetect-continue-after-failure.patch b/SOURCES/0002-test-isodetect-continue-after-failure.patch deleted file mode 100644 index 41d53cb..0000000 --- a/SOURCES/0002-test-isodetect-continue-after-failure.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 8c7d89af16b943ce8746c2838277c7033967308f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?V=C4=9Bra=20Cholasta?= -Date: Wed, 17 Oct 2018 19:23:00 +0200 -Subject: [PATCH] test-isodetect: continue after failure -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -https://bugzilla.redhat.com/show_bug.cgi?id=1639108 - -Reviewed-by: Fabiano Fidêncio ---- - configure.ac | 4 ++-- - tests/test-isodetect.c | 7 +++++-- - 2 files changed, 7 insertions(+), 4 deletions(-) - -diff --git a/configure.ac b/configure.ac -index f7f1c72..c0917d4 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -37,8 +37,8 @@ m4_if(m4_version_compare([2.61a.100], - m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])]) - - # Keep these two definitions in agreement. --GLIB_MINIMUM_VERSION="2.36" --GLIB_ENCODED_VERSION="GLIB_VERSION_2_36" -+GLIB_MINIMUM_VERSION="2.38" -+GLIB_ENCODED_VERSION="GLIB_VERSION_2_38" - - PKG_CHECK_MODULES([LIBXML], [libxml-2.0 >= 2.6.0]) - PKG_CHECK_MODULES([LIBXSLT], [libxslt >= 1.0.0]) -diff --git a/tests/test-isodetect.c b/tests/test-isodetect.c -index b3834b9..b2a4e06 100644 ---- a/tests/test-isodetect.c -+++ b/tests/test-isodetect.c -@@ -396,8 +396,10 @@ static void test_one(const gchar *vendor) - g_test_message("checking OS %s for ISO %s", - info->shortid, info->filename); - if (!matched) { -- g_error("ISO %s was not matched by OS %s", -- info->filename, info->shortid); -+ g_printerr("ISO %s was not matched by OS %s\n/isodetect/%s: ", -+ info->filename, info->shortid, vendor); -+ g_test_fail(); -+ continue; - } - - g_object_get(info->media, "os", &os, NULL); -@@ -417,6 +419,7 @@ int - main(int argc, char *argv[]) - { - g_test_init(&argc, &argv, NULL); -+ g_test_set_nonfatal_assertions(); - - GList *vendors = load_vendors(NULL); - GList *it; --- -2.19.1 - diff --git a/SOURCES/0002-tree-Avoid-use-of-memory-after-it-s-freed.patch b/SOURCES/0002-tree-Avoid-use-of-memory-after-it-s-freed.patch new file mode 100644 index 0000000..d607cf9 --- /dev/null +++ b/SOURCES/0002-tree-Avoid-use-of-memory-after-it-s-freed.patch @@ -0,0 +1,50 @@ +From d1baaf2946513be06f97ab66e7845e14073add3d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= +Date: Tue, 21 May 2019 13:29:18 +0200 +Subject: [PATCH 2/3] tree: Avoid use of memory after it's freed +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We've been passing data->location as the @url argument of +osinfo_tree_create_from_location_async_helper(), freeing it and trying +to g_strdup() it as the new content of data->location. + +In order to avoid doing so, let's set the data->location only once, in +the first caller of osinfo_tree_create_from_location_async_helper(), as +its content is always going to be the same doesn't matter the treeinfo +format to be used with. + +Signed-off-by: Fabiano Fidêncio +Reviewed-by: Cole Robinson +(cherry picked from commit d7bc838a96acf5f058e13d2b49157b4ba396cd87) +--- + osinfo/osinfo_tree.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/osinfo/osinfo_tree.c b/osinfo/osinfo_tree.c +index 88a2d6e..ab498f0 100644 +--- a/osinfo/osinfo_tree.c ++++ b/osinfo/osinfo_tree.c +@@ -702,9 +702,6 @@ osinfo_tree_create_from_location_async_helper(const gchar *url, + g_clear_object(&data->file); + data->file = g_file_new_for_uri(location); + +- g_free(data->location); +- data->location = g_strdup(url); +- + g_free(data->treeinfo); + data->treeinfo = g_strdup(treeinfo); + +@@ -740,6 +737,8 @@ void osinfo_tree_create_from_location_async(const gchar *location, + user_data); + g_task_set_priority(data->res, priority); + ++ data->location = g_strdup(location); ++ + osinfo_tree_create_from_location_async_helper(location, + ".treeinfo", + cancellable, +-- +2.21.0 + diff --git a/SOURCES/0003-tests-continue-after-failure-in-mediauris-treeuris.patch b/SOURCES/0003-tests-continue-after-failure-in-mediauris-treeuris.patch deleted file mode 100644 index 0dc9962..0000000 --- a/SOURCES/0003-tests-continue-after-failure-in-mediauris-treeuris.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 9ac796a5476d9973376fbea9d49876ddc1c7008c Mon Sep 17 00:00:00 2001 -From: Vera Cholasta -Date: Thu, 8 Nov 2018 20:51:19 +0100 -Subject: [PATCH] tests: continue after failure in mediauris & treeuris -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -https://bugzilla.redhat.com/show_bug.cgi?id=1639108 - -Reviewed-by: Fabiano Fidêncio ---- - tests/test-mediauris.c | 1 + - tests/test-treeuris.c | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/tests/test-mediauris.c b/tests/test-mediauris.c -index 4bf8ead..811b57f 100644 ---- a/tests/test-mediauris.c -+++ b/tests/test-mediauris.c -@@ -116,6 +116,7 @@ main(int argc, char *argv[]) - int ret; - - g_test_init(&argc, &argv, NULL); -+ g_test_set_nonfatal_assertions(); - - g_test_add_func("/mediauris/uris", test_uris); - -diff --git a/tests/test-treeuris.c b/tests/test-treeuris.c -index 2b37bfb..bba3aa0 100644 ---- a/tests/test-treeuris.c -+++ b/tests/test-treeuris.c -@@ -116,6 +116,7 @@ main(int argc, char *argv[]) - int ret; - - g_test_init(&argc, &argv, NULL); -+ g_test_set_nonfatal_assertions(); - - g_test_add_func("/treeuris/uris", test_uris); - --- -2.19.1 - diff --git a/SOURCES/0003-tree-Cleanup-_create_from_location_async_helper.patch b/SOURCES/0003-tree-Cleanup-_create_from_location_async_helper.patch new file mode 100644 index 0000000..c5d4de8 --- /dev/null +++ b/SOURCES/0003-tree-Cleanup-_create_from_location_async_helper.patch @@ -0,0 +1,92 @@ +From 97d60a2e53439d6ad1a462267c3bdf0f09a6f7c8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= +Date: Tue, 21 May 2019 13:33:27 +0200 +Subject: [PATCH 3/3] tree: Cleanup _create_from_location_async_helper() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There's no need to pass neither the URL nor the cancellable to this +function as those can be taken directly from data. + +Signed-off-by: Fabiano Fidêncio +Reviewed-by: Cole Robinson +(cherry picked from commit dfda02598034737610b69fdd08d62f62cbf5b0cb) +--- + osinfo/osinfo_tree.c | 27 ++++++++------------------- + 1 file changed, 8 insertions(+), 19 deletions(-) + +diff --git a/osinfo/osinfo_tree.c b/osinfo/osinfo_tree.c +index ab498f0..0f14276 100644 +--- a/osinfo/osinfo_tree.c ++++ b/osinfo/osinfo_tree.c +@@ -631,10 +631,8 @@ static OsinfoTree *load_keyinfo(const gchar *location, + } + + static void +-osinfo_tree_create_from_location_async_helper(const gchar *url, +- const gchar *treeinfo, +- GCancellable *cancellable, +- CreateFromLocationAsyncData *data); ++osinfo_tree_create_from_location_async_helper(CreateFromLocationAsyncData *data, ++ const gchar *treeinfo); + + static void on_location_read(GObject *source, + GAsyncResult *res, +@@ -657,10 +655,7 @@ static void on_location_read(GObject *source, + /* It means no ".treeinfo" file has been found. Try again, this time + * looking for a "treeinfo" file. */ + if (g_str_equal(data->treeinfo, ".treeinfo")) { +- osinfo_tree_create_from_location_async_helper(data->location, +- "treeinfo", +- g_task_get_cancellable(data->res), +- data); ++ osinfo_tree_create_from_location_async_helper(data, "treeinfo"); + return; + } + +@@ -687,17 +682,14 @@ static void on_location_read(GObject *source, + } + + static void +-osinfo_tree_create_from_location_async_helper(const gchar *url, +- const gchar *treeinfo, +- GCancellable *cancellable, +- CreateFromLocationAsyncData *data) ++osinfo_tree_create_from_location_async_helper(CreateFromLocationAsyncData *data, ++ const gchar *treeinfo) + { + gchar *location; + +- g_return_if_fail(url != NULL); + g_return_if_fail(treeinfo != NULL); + +- location = g_strdup_printf("%s/%s", url, treeinfo); ++ location = g_strdup_printf("%s/%s", data->location, treeinfo); + + g_clear_object(&data->file); + data->file = g_file_new_for_uri(location); +@@ -706,7 +698,7 @@ osinfo_tree_create_from_location_async_helper(const gchar *url, + data->treeinfo = g_strdup(treeinfo); + + g_file_load_contents_async(data->file, +- cancellable, ++ g_task_get_cancellable(data->res), + on_location_read, + data); + g_free(location); +@@ -739,10 +731,7 @@ void osinfo_tree_create_from_location_async(const gchar *location, + + data->location = g_strdup(location); + +- osinfo_tree_create_from_location_async_helper(location, +- ".treeinfo", +- cancellable, +- data); ++ osinfo_tree_create_from_location_async_helper(data, ".treeinfo"); + } + + +-- +2.21.0 + diff --git a/SOURCES/0004-rhel-Add-rhel8.0-isodata.patch b/SOURCES/0004-rhel-Add-rhel8.0-isodata.patch deleted file mode 100644 index 3855371..0000000 --- a/SOURCES/0004-rhel-Add-rhel8.0-isodata.patch +++ /dev/null @@ -1,286 +0,0 @@ -From b5274811ca21ed3ff672a3530a0d78e9d034d77b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= -Date: Thu, 15 Nov 2018 16:13:31 +0100 -Subject: [PATCH] rhel: Add rhel8.0 isodata -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Fabiano Fidêncio -Reviewed-by: Christophe Fergeau ---- - .../RHEL-8.0-20181113.1-aarch64-boot.iso.txt | 29 +++++++++++++++++++ - .../RHEL-8.0-20181113.1-aarch64-dvd1.iso.txt | 29 +++++++++++++++++++ - .../RHEL-8.0-20181113.1-ppc64le-boot.iso.txt | 16 ++++++++++ - .../RHEL-8.0-20181113.1-ppc64le-dvd1.iso.txt | 16 ++++++++++ - .../RHEL-8.0-20181113.1-s390x-boot.iso.txt | 29 +++++++++++++++++++ - .../RHEL-8.0-20181113.1-s390x-dvd1.iso.txt | 29 +++++++++++++++++++ - .../RHEL-8.0-20181113.1-x86_64-boot.iso.txt | 29 +++++++++++++++++++ - .../RHEL-8.0-20181113.1-x86_64-dvd1.iso.txt | 29 +++++++++++++++++++ - 8 files changed, 206 insertions(+) - create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-boot.iso.txt - create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-dvd1.iso.txt - create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-boot.iso.txt - create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-dvd1.iso.txt - create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-boot.iso.txt - create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-dvd1.iso.txt - create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-boot.iso.txt - create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-dvd1.iso.txt - -diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-boot.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-boot.iso.txt -new file mode 100644 -index 0000000..b1b7cba ---- /dev/null -+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-boot.iso.txt -@@ -0,0 +1,29 @@ -+CD-ROM is in ISO 9660 format -+System id: LINUX -+Volume id: RHEL-8-0-BaseOS-aarch64 -+Volume set id: -+Publisher id: -+Data preparer id: -+Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM -+Copyright File id: -+Abstract File id: -+Bibliographic File id: -+Volume set size is: 1 -+Volume set sequence number is: 1 -+Logical block size is: 2048 -+Volume size is: 256972 -+El Torito VD version 1 found, boot catalog is in sector 42 -+Joliet with UCS level 3 found -+Rock Ridge signatures version 1 found -+Eltorito validation header: -+ Hid 1 -+ Arch 239 (Unknown Arch) -+ ID '' -+ Key 55 AA -+ Eltorito defaultboot header: -+ Bootid 88 (bootable) -+ Boot media 0 (No Emulation Boot) -+ Load segment 0 -+ Sys type 0 -+ Nsect 32D0 -+ Bootoff 2C 44 -diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-dvd1.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-dvd1.iso.txt -new file mode 100644 -index 0000000..ce01c02 ---- /dev/null -+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-dvd1.iso.txt -@@ -0,0 +1,29 @@ -+CD-ROM is in ISO 9660 format -+System id: LINUX -+Volume id: RHEL-8-0-BaseOS-aarch64 -+Volume set id: -+Publisher id: -+Data preparer id: -+Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM -+Copyright File id: -+Abstract File id: -+Bibliographic File id: -+Volume set size is: 1 -+Volume set sequence number is: 1 -+Logical block size is: 2048 -+Volume size is: 2867727 -+El Torito VD version 1 found, boot catalog is in sector 847 -+Joliet with UCS level 3 found -+Rock Ridge signatures version 1 found -+Eltorito validation header: -+ Hid 1 -+ Arch 239 (Unknown Arch) -+ ID '' -+ Key 55 AA -+ Eltorito defaultboot header: -+ Bootid 88 (bootable) -+ Boot media 0 (No Emulation Boot) -+ Load segment 0 -+ Sys type 0 -+ Nsect 32D0 -+ Bootoff F08 3848 -diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-boot.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-boot.iso.txt -new file mode 100644 -index 0000000..ccf738a ---- /dev/null -+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-boot.iso.txt -@@ -0,0 +1,16 @@ -+CD-ROM is in ISO 9660 format -+System id: PPC -+Volume id: RHEL_8_0_BaseOS_ppc64le -+Volume set id: 8.0 -+Publisher id: -+Data preparer id: -+Application id: Red Hat Enterprise Linux 8.0 -+Copyright File id: -+Abstract File id: -+Bibliographic File id: -+Volume set size is: 1 -+Volume set sequence number is: 1 -+Logical block size is: 2048 -+Volume size is: 279805 -+Joliet with UCS level 3 found -+Rock Ridge signatures version 1 found -diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-dvd1.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-dvd1.iso.txt -new file mode 100644 -index 0000000..1eb781b ---- /dev/null -+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-dvd1.iso.txt -@@ -0,0 +1,16 @@ -+CD-ROM is in ISO 9660 format -+System id: PPC -+Volume id: RHEL-8-0-BaseOS-ppc64le -+Volume set id: -+Publisher id: -+Data preparer id: -+Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM -+Copyright File id: -+Abstract File id: -+Bibliographic File id: -+Volume set size is: 1 -+Volume set sequence number is: 1 -+Logical block size is: 2048 -+Volume size is: 3073014 -+Joliet with UCS level 3 found -+Rock Ridge signatures version 1 found -diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-boot.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-boot.iso.txt -new file mode 100644 -index 0000000..2014004 ---- /dev/null -+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-boot.iso.txt -@@ -0,0 +1,29 @@ -+CD-ROM is in ISO 9660 format -+System id: LINUX -+Volume id: RHEL-8-0-BaseOS-s390x -+Volume set id: -+Publisher id: -+Data preparer id: -+Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM -+Copyright File id: -+Abstract File id: -+Bibliographic File id: -+Volume set size is: 1 -+Volume set sequence number is: 1 -+Logical block size is: 2048 -+Volume size is: 237307 -+El Torito VD version 1 found, boot catalog is in sector 34 -+Joliet with UCS level 3 found -+Rock Ridge signatures version 1 found -+Eltorito validation header: -+ Hid 1 -+ Arch 0 (x86) -+ ID '' -+ Key 55 AA -+ Eltorito defaultboot header: -+ Bootid 88 (bootable) -+ Boot media 0 (No Emulation Boot) -+ Load segment 0 -+ Sys type 0 -+ Nsect 4 -+ Bootoff 23 35 -diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-dvd1.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-dvd1.iso.txt -new file mode 100644 -index 0000000..d00ccfb ---- /dev/null -+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-dvd1.iso.txt -@@ -0,0 +1,29 @@ -+CD-ROM is in ISO 9660 format -+System id: LINUX -+Volume id: RHEL-8-0-BaseOS-s390x -+Volume set id: -+Publisher id: -+Data preparer id: -+Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM -+Copyright File id: -+Abstract File id: -+Bibliographic File id: -+Volume set size is: 1 -+Volume set sequence number is: 1 -+Logical block size is: 2048 -+Volume size is: 2746748 -+El Torito VD version 1 found, boot catalog is in sector 815 -+Joliet with UCS level 3 found -+Rock Ridge signatures version 1 found -+Eltorito validation header: -+ Hid 1 -+ Arch 0 (x86) -+ ID '' -+ Key 55 AA -+ Eltorito defaultboot header: -+ Bootid 88 (bootable) -+ Boot media 0 (No Emulation Boot) -+ Load segment 0 -+ Sys type 0 -+ Nsect 73DC -+ Bootoff 335 821 -diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-boot.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-boot.iso.txt -new file mode 100644 -index 0000000..07a61b8 ---- /dev/null -+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-boot.iso.txt -@@ -0,0 +1,29 @@ -+CD-ROM is in ISO 9660 format -+System id: LINUX -+Volume id: RHEL-8-0-BaseOS-x86_64 -+Volume set id: -+Publisher id: -+Data preparer id: -+Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM -+Copyright File id: -+Abstract File id: -+Bibliographic File id: -+Volume set size is: 1 -+Volume set sequence number is: 1 -+Logical block size is: 2048 -+Volume size is: 276128 -+El Torito VD version 1 found, boot catalog is in sector 44 -+Joliet with UCS level 3 found -+Rock Ridge signatures version 1 found -+Eltorito validation header: -+ Hid 1 -+ Arch 0 (x86) -+ ID '' -+ Key 55 AA -+ Eltorito defaultboot header: -+ Bootid 88 (bootable) -+ Boot media 0 (No Emulation Boot) -+ Load segment 0 -+ Sys type 0 -+ Nsect 4 -+ Bootoff 4227F 270975 -diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-dvd1.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-dvd1.iso.txt -new file mode 100644 -index 0000000..e53b2aa ---- /dev/null -+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-dvd1.iso.txt -@@ -0,0 +1,29 @@ -+CD-ROM is in ISO 9660 format -+System id: LINUX -+Volume id: RHEL-8-0-BaseOS-x86_64 -+Volume set id: -+Publisher id: -+Data preparer id: -+Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM -+Copyright File id: -+Abstract File id: -+Bibliographic File id: -+Volume set size is: 1 -+Volume set sequence number is: 1 -+Logical block size is: 2048 -+Volume size is: 3400439 -+El Torito VD version 1 found, boot catalog is in sector 1028 -+Joliet with UCS level 3 found -+Rock Ridge signatures version 1 found -+Eltorito validation header: -+ Hid 1 -+ Arch 0 (x86) -+ ID '' -+ Key 55 AA -+ Eltorito defaultboot header: -+ Bootid 88 (bootable) -+ Boot media 0 (No Emulation Boot) -+ Load segment 0 -+ Sys type 0 -+ Nsect 4 -+ Bootoff 438C9 276681 --- -2.19.1 - diff --git a/SOURCES/0004-tools-install-script-Add-config-file-f-option.patch b/SOURCES/0004-tools-install-script-Add-config-file-f-option.patch new file mode 100644 index 0000000..be355aa --- /dev/null +++ b/SOURCES/0004-tools-install-script-Add-config-file-f-option.patch @@ -0,0 +1,170 @@ +From 08fb8316b4ac42fe74c1fa5ca0ac593222cdf81a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= +Date: Wed, 3 Jul 2019 14:55:24 +0200 +Subject: [PATCH] tools,install-script: Add --config-file (-f) option +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Let's add a new option so users can set their config from a file, +instead of directly passing the values via command-line. + +CVE-2019-13313 +Libosinfo: osinfo-install-script option leaks password via command line +argument. 'osinfo-install-script' is used to generate a script for +automated guest installations. It accepts user and admin passwords via +command line arguments, thus leaking them via process listing. + +Signed-off-by: Fabiano Fidêncio +Reviewed-by: Daniel P. Berrangé +--- + tools/osinfo-install-script.c | 103 +++++++++++++++++++++++++++++++++- + 1 file changed, 102 insertions(+), 1 deletion(-) + +diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c +index 15af48d..af58440 100644 +--- a/tools/osinfo-install-script.c ++++ b/tools/osinfo-install-script.c +@@ -37,6 +37,34 @@ static gboolean list_profile = FALSE; + static gboolean list_inj_method = FALSE; + static gboolean quiet = FALSE; + ++static const gchar *configs[] = { ++ OSINFO_INSTALL_CONFIG_PROP_HARDWARE_ARCH, ++ OSINFO_INSTALL_CONFIG_PROP_L10N_TIMEZONE, ++ OSINFO_INSTALL_CONFIG_PROP_L10N_LANGUAGE, ++ OSINFO_INSTALL_CONFIG_PROP_L10N_KEYBOARD, ++ OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD, ++ OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD, ++ OSINFO_INSTALL_CONFIG_PROP_USER_LOGIN, ++ OSINFO_INSTALL_CONFIG_PROP_USER_REALNAME, ++ OSINFO_INSTALL_CONFIG_PROP_USER_AUTOLOGIN, ++ OSINFO_INSTALL_CONFIG_PROP_USER_ADMIN, ++ OSINFO_INSTALL_CONFIG_PROP_REG_LOGIN, ++ OSINFO_INSTALL_CONFIG_PROP_REG_PASSWORD, ++ OSINFO_INSTALL_CONFIG_PROP_REG_PRODUCTKEY, ++ OSINFO_INSTALL_CONFIG_PROP_HOSTNAME, ++ OSINFO_INSTALL_CONFIG_PROP_TARGET_DISK, ++ OSINFO_INSTALL_CONFIG_PROP_SCRIPT_DISK, ++ OSINFO_INSTALL_CONFIG_PROP_AVATAR_LOCATION, ++ OSINFO_INSTALL_CONFIG_PROP_AVATAR_DISK, ++ OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_DISK, ++ OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_LOCATION, ++ OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_DISK, ++ OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION, ++ OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING, ++ OSINFO_INSTALL_CONFIG_PROP_INSTALLATION_URL, ++ NULL ++}; ++ + static OsinfoInstallConfig *config; + + static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED, +@@ -65,6 +93,47 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED, + } + + ++static gboolean handle_config_file(const gchar *option_name G_GNUC_UNUSED, ++ const gchar *value, ++ gpointer data G_GNUC_UNUSED, ++ GError **error) ++{ ++ GKeyFile *key_file = NULL; ++ gchar *val = NULL; ++ gsize i; ++ gboolean ret = FALSE; ++ ++ key_file = g_key_file_new(); ++ if (!g_key_file_load_from_file(key_file, value, G_KEY_FILE_NONE, error)) ++ goto error; ++ ++ for (i = 0; configs[i] != NULL; i++) { ++ val = g_key_file_get_string(key_file, "install-script", configs[i], error); ++ if (val == NULL) { ++ if (g_error_matches(*error, G_KEY_FILE_ERROR, ++ G_KEY_FILE_ERROR_KEY_NOT_FOUND)) { ++ g_clear_error(error); ++ continue; ++ } ++ ++ goto error; ++ } ++ ++ osinfo_entity_set_param(OSINFO_ENTITY(config), ++ configs[i], ++ val); ++ g_free(val); ++ } ++ ++ ret = TRUE; ++ ++error: ++ g_key_file_unref(key_file); ++ ++ return ret; ++} ++ ++ + static GOptionEntry entries[] = + { + { "profile", 'p', 0, G_OPTION_ARG_STRING, (void*)&profile, +@@ -78,6 +147,9 @@ static GOptionEntry entries[] = + { "config", 'c', 0, G_OPTION_ARG_CALLBACK, + handle_config, + N_("Set configuration parameter"), "key=value" }, ++ { "config-file", 'f', 0, G_OPTION_ARG_CALLBACK, ++ handle_config_file, ++ N_("Set configuration parameters"), "file:///path/to/config/file" }, + { "list-config", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_config, + N_("List configuration parameters"), NULL }, + { "list-profiles", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_profile, +@@ -448,6 +520,15 @@ script. Defaults to C, but can also be C. + + Set the configuration parameter C to C. + ++=item B<--config-file=config-file> ++ ++Set the configurations parameters according to the config-file passed. ++ ++Note that use of --config-file is strongly recommended if the user or ++admin passwords need to be set. Providing passwords directly using ++B<--config=> is insecure as the password is visible to all processes ++and users on the same host. ++ + =back + + =head1 CONFIGURATION KEYS +@@ -510,9 +591,29 @@ The software registration user password + + =back + ++=head1 CONFIGURATION FILE FORMAT ++ ++The configuration file must consist in a file which contains a ++`install-script` group and, under this group, C=C ++pairs, as shown below: ++ ++[install-script] ++l10n-timezone=GMT ++l10n-keyboard=uk ++l10n-language=en_GB ++admin-password=123456 ++user-login=berrange ++user-password=123456 ++user-realname="Daniel P Berrange" ++ + =head1 EXAMPLE USAGE + +-The following usage generates a Fedora 16 kickstart script ++The following usages generates a Fedora 16 kickstart script ++ ++ # osinfo-install-script \ ++ --profile jeos \ ++ --config-file /path/to/config/file \ ++ fedora16 + + # osinfo-install-script \ + --profile jeos \ +-- +2.21.0 + diff --git a/SOURCES/0005-tools-install-script-Deprecate-config-user-admin-pas.patch b/SOURCES/0005-tools-install-script-Deprecate-config-user-admin-pas.patch new file mode 100644 index 0000000..3889bfd --- /dev/null +++ b/SOURCES/0005-tools-install-script-Deprecate-config-user-admin-pas.patch @@ -0,0 +1,59 @@ +From 3654abee6ead9f11f8bb9ba8fc71efd6fa4dabbc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= +Date: Wed, 3 Jul 2019 14:59:07 +0200 +Subject: [PATCH] tools,install-script: Deprecate --config + {user,admin}-password +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Let's deprecate user-password and admin-password options of --config and +also warn out whenever they're passed to osinfo-install-script. + +CVE-2019-13313 +Libosinfo: osinfo-install-script option leaks password via command line +argument. 'osinfo-install-script' is used to generate a script for +automated guest installations. It accepts user and admin passwords via +command line arguments, thus leaking them via process listing. + +Signed-off-by: Fabiano Fidêncio +Reviewed-by: Daniel P. Berrangé +--- + tools/osinfo-install-script.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c +index af58440..c0528e7 100644 +--- a/tools/osinfo-install-script.c ++++ b/tools/osinfo-install-script.c +@@ -85,6 +85,12 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED, + val++; + key = g_strndup(value, len); + ++ if (g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD) || ++ g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD)) { ++ g_warning("When setting user or admin password, use --config-file " ++ "instead.\n"); ++ } ++ + osinfo_entity_set_param(OSINFO_ENTITY(config), + key, + val); +@@ -556,10 +562,14 @@ The local language + =item C + + The administrator password ++This option has been deprecated, use B<--config-file> ++for setting the admin password. + + =item C + + The user password ++This option has been deprecated, use B<--config-file> ++for setting the user password. + + =item C + +-- +2.21.0 + diff --git a/SPECS/libosinfo.spec b/SPECS/libosinfo.spec index 2463551..e2a3c86 100644 --- a/SPECS/libosinfo.spec +++ b/SPECS/libosinfo.spec @@ -2,19 +2,21 @@ Summary: A library for managing OS information for virtualization Name: libosinfo -Version: 1.2.0 -Release: 5%{?dist}%{?extra_release} +Version: 1.5.0 +Release: 3%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries Source: https://releases.pagure.io/%{name}/%{name}-%{version}.tar.gz URL: https://libosinfo.org/ ### Patches ### -Patch0001: 0001-test-isodetect-replace-while-loop-with-for-loop.patch -Patch0002: 0002-test-isodetect-continue-after-failure.patch -Patch0003: 0003-tests-continue-after-failure-in-mediauris-treeuris.patch -Patch0004: 0004-rhel-Add-rhel8.0-isodata.patch +Patch0001: 0001-db-Avoid-dereference-of-null-pointer.patch +Patch0002: 0002-tree-Avoid-use-of-memory-after-it-s-freed.patch +Patch0003: 0003-tree-Cleanup-_create_from_location_async_helper.patch +Patch0004: 0004-tools-install-script-Add-config-file-f-option.patch +Patch0005: 0005-tools-install-script-Deprecate-config-user-admin-pas.patch +BuildRequires: git BuildRequires: intltool BuildRequires: glib2-devel >= 2.38 BuildRequires: libxml2-devel >= 2.6.0 @@ -25,10 +27,10 @@ BuildRequires: libcurl-devel BuildRequires: /usr/bin/pod2man BuildRequires: hwdata BuildRequires: gobject-introspection-devel -BuildRequires: osinfo-db >= 20181011-7 Requires: hwdata Requires: osinfo-db >= 20181011-1 Requires: osinfo-db-tools +Requires: gvfs %description libosinfo is a library that allows virtualization provisioning tools to @@ -62,11 +64,7 @@ combination. This package provides the Vala bindings for libosinfo library. %prep -%setup -q - -for p in %patches ; do - %__patch -p1 -i $p -done +%autosetup -S git %build autoreconf -vi @@ -121,6 +119,17 @@ fi %{_datadir}/vala/vapi/libosinfo-1.0.vapi %changelog +* Wed Jul 10 2019 Fabiano Fidêncio - 1.5.0-3 +- Resolves: rhbz#1727843 - CVE-2019-13313 libosinfo: osinfo-install-script + option leaks password via command line argument + +* Wed May 22 2019 Fabiano Fidêncio - 1.5.0-2 +- Resolves: rhbz#1712425 - New defects found in libosinfo-1.5.0-1.el8 + +* Fri May 10 2019 Fabiano Fidêncio - 1.5.0-1 +- Update to 1.5.0 release +- Resolves: rhbz#1699988 - Rebase to the latest upstream release + * Fri Nov 30 2018 Fabiano Fidêncio - 1.2.0-5 - Related: rhbz#1650197 - Fix volume-ids for rhel8.0 entry