diff --git a/.gitignore b/.gitignore
index abf8eea..10a929e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/libosinfo-1.2.0.tar.gz
+SOURCES/libosinfo-1.5.0.tar.gz
diff --git a/.libosinfo.metadata b/.libosinfo.metadata
index dd7bd0f..77ca966 100644
--- a/.libosinfo.metadata
+++ b/.libosinfo.metadata
@@ -1 +1 @@
-e79bcc14f0506e75e8fd4a2845155d50dc493a85 SOURCES/libosinfo-1.2.0.tar.gz
+0ec54e6e1972c4fbfc97179f943d4f9a2902b879 SOURCES/libosinfo-1.5.0.tar.gz
diff --git a/SOURCES/0001-db-Avoid-dereference-of-null-pointer.patch b/SOURCES/0001-db-Avoid-dereference-of-null-pointer.patch
new file mode 100644
index 0000000..e6947a8
--- /dev/null
+++ b/SOURCES/0001-db-Avoid-dereference-of-null-pointer.patch
@@ -0,0 +1,62 @@
+From cb509ad153a35053e1e003d73fd0ece53bd2c3d8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Tue, 21 May 2019 13:01:26 +0200
+Subject: [PATCH 1/3] db: Avoid dereference of null pointer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+As any consumer of libosinfo API may pass NULL as the @matched argument
+of compare_tree(), the current code could be dereferencing a NULL
+pointer when calling `osinfo_tree_set_os()`.
+
+In order to avoid doing so, let's set the os to the OsinfoTree at the
+moment the @matched argument is set.
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+Reviewed-by: Cole Robinson <crobinso@redhat.com>
+(cherry picked from commit 949ad5e05480470ba1a5913fbec538314807dfc2)
+---
+ osinfo/osinfo_db.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/osinfo/osinfo_db.c b/osinfo/osinfo_db.c
+index b7da2b7..c4cd1e4 100644
+--- a/osinfo/osinfo_db.c
++++ b/osinfo/osinfo_db.c
+@@ -790,6 +790,7 @@ static gboolean compare_tree(OsinfoTree *tree,
+ OsinfoTreeList *tree_list = osinfo_os_get_tree_list(os);
+ GList *trees = osinfo_list_get_elements(OSINFO_LIST(tree_list));
+ GList *tree_iter;
++ gboolean found = FALSE;
+
+ for (tree_iter = trees; tree_iter; tree_iter = tree_iter->next) {
+ OsinfoTree *os_tree = OSINFO_TREE(tree_iter->data);
+@@ -820,8 +821,11 @@ static gboolean compare_tree(OsinfoTree *tree,
+ match_regex(os_treeinfo_version, treeinfo_version) &&
+ match_regex(os_treeinfo_arch, treeinfo_arch)) {
+ *ret_os = os;
+- if (matched != NULL)
++ if (matched != NULL) {
+ *matched = os_tree;
++ osinfo_tree_set_os(*matched, *ret_os);
++ found = TRUE;
++ }
+ break;
+ }
+ }
+@@ -829,10 +833,8 @@ static gboolean compare_tree(OsinfoTree *tree,
+ g_list_free(trees);
+ g_object_unref(tree_list);
+
+- if (*ret_os != NULL) {
+- osinfo_tree_set_os(*matched, *ret_os);
++ if (found)
+ return TRUE;
+- }
+ }
+
+ return FALSE;
+--
+2.21.0
+
diff --git a/SOURCES/0001-test-isodetect-replace-while-loop-with-for-loop.patch b/SOURCES/0001-test-isodetect-replace-while-loop-with-for-loop.patch
deleted file mode 100644
index f9a9e4d..0000000
--- a/SOURCES/0001-test-isodetect-replace-while-loop-with-for-loop.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From c458e1aa57e3c55b56afee699112fa35a3839ba9 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?V=C4=9Bra=20Cholasta?= <vbudikov@redhat.com>
-Date: Wed, 17 Oct 2018 19:22:59 +0200
-Subject: [PATCH] test-isodetect: replace while loop with for loop
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
----
- tests/test-isodetect.c | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/tests/test-isodetect.c b/tests/test-isodetect.c
-index 415770b..b3834b9 100644
---- a/tests/test-isodetect.c
-+++ b/tests/test-isodetect.c
-@@ -388,8 +388,7 @@ static void test_one(const gchar *vendor)
-
- g_assert_nonnull(isos);
-
-- tmp = isos;
-- while (tmp) {
-+ for (tmp = isos; tmp; tmp = tmp->next) {
- struct ISOInfo *info = tmp->data;
- gboolean matched = osinfo_db_identify_media(db, info->media);
- OsinfoOs *os;
-@@ -406,8 +405,6 @@ static void test_one(const gchar *vendor)
- g_assert_cmpstr(shortid, ==, info->shortid);
- g_object_unref(G_OBJECT(os));
- test_langs(info);
--
-- tmp = tmp->next;
- }
-
- g_list_foreach(isos, (GFunc)free_iso, NULL);
---
-2.19.1
-
diff --git a/SOURCES/0002-test-isodetect-continue-after-failure.patch b/SOURCES/0002-test-isodetect-continue-after-failure.patch
deleted file mode 100644
index 41d53cb..0000000
--- a/SOURCES/0002-test-isodetect-continue-after-failure.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 8c7d89af16b943ce8746c2838277c7033967308f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?V=C4=9Bra=20Cholasta?= <vbudikov@redhat.com>
-Date: Wed, 17 Oct 2018 19:23:00 +0200
-Subject: [PATCH] test-isodetect: continue after failure
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1639108
-
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
----
- configure.ac | 4 ++--
- tests/test-isodetect.c | 7 +++++--
- 2 files changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index f7f1c72..c0917d4 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -37,8 +37,8 @@ m4_if(m4_version_compare([2.61a.100],
- m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
-
- # Keep these two definitions in agreement.
--GLIB_MINIMUM_VERSION="2.36"
--GLIB_ENCODED_VERSION="GLIB_VERSION_2_36"
-+GLIB_MINIMUM_VERSION="2.38"
-+GLIB_ENCODED_VERSION="GLIB_VERSION_2_38"
-
- PKG_CHECK_MODULES([LIBXML], [libxml-2.0 >= 2.6.0])
- PKG_CHECK_MODULES([LIBXSLT], [libxslt >= 1.0.0])
-diff --git a/tests/test-isodetect.c b/tests/test-isodetect.c
-index b3834b9..b2a4e06 100644
---- a/tests/test-isodetect.c
-+++ b/tests/test-isodetect.c
-@@ -396,8 +396,10 @@ static void test_one(const gchar *vendor)
- g_test_message("checking OS %s for ISO %s",
- info->shortid, info->filename);
- if (!matched) {
-- g_error("ISO %s was not matched by OS %s",
-- info->filename, info->shortid);
-+ g_printerr("ISO %s was not matched by OS %s\n/isodetect/%s: ",
-+ info->filename, info->shortid, vendor);
-+ g_test_fail();
-+ continue;
- }
-
- g_object_get(info->media, "os", &os, NULL);
-@@ -417,6 +419,7 @@ int
- main(int argc, char *argv[])
- {
- g_test_init(&argc, &argv, NULL);
-+ g_test_set_nonfatal_assertions();
-
- GList *vendors = load_vendors(NULL);
- GList *it;
---
-2.19.1
-
diff --git a/SOURCES/0002-tree-Avoid-use-of-memory-after-it-s-freed.patch b/SOURCES/0002-tree-Avoid-use-of-memory-after-it-s-freed.patch
new file mode 100644
index 0000000..d607cf9
--- /dev/null
+++ b/SOURCES/0002-tree-Avoid-use-of-memory-after-it-s-freed.patch
@@ -0,0 +1,50 @@
+From d1baaf2946513be06f97ab66e7845e14073add3d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Tue, 21 May 2019 13:29:18 +0200
+Subject: [PATCH 2/3] tree: Avoid use of memory after it's freed
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We've been passing data->location as the @url argument of
+osinfo_tree_create_from_location_async_helper(), freeing it and trying
+to g_strdup() it as the new content of data->location.
+
+In order to avoid doing so, let's set the data->location only once, in
+the first caller of osinfo_tree_create_from_location_async_helper(), as
+its content is always going to be the same doesn't matter the treeinfo
+format to be used with.
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+Reviewed-by: Cole Robinson <crobinso@redhat.com>
+(cherry picked from commit d7bc838a96acf5f058e13d2b49157b4ba396cd87)
+---
+ osinfo/osinfo_tree.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/osinfo/osinfo_tree.c b/osinfo/osinfo_tree.c
+index 88a2d6e..ab498f0 100644
+--- a/osinfo/osinfo_tree.c
++++ b/osinfo/osinfo_tree.c
+@@ -702,9 +702,6 @@ osinfo_tree_create_from_location_async_helper(const gchar *url,
+ g_clear_object(&data->file);
+ data->file = g_file_new_for_uri(location);
+
+- g_free(data->location);
+- data->location = g_strdup(url);
+-
+ g_free(data->treeinfo);
+ data->treeinfo = g_strdup(treeinfo);
+
+@@ -740,6 +737,8 @@ void osinfo_tree_create_from_location_async(const gchar *location,
+ user_data);
+ g_task_set_priority(data->res, priority);
+
++ data->location = g_strdup(location);
++
+ osinfo_tree_create_from_location_async_helper(location,
+ ".treeinfo",
+ cancellable,
+--
+2.21.0
+
diff --git a/SOURCES/0003-tests-continue-after-failure-in-mediauris-treeuris.patch b/SOURCES/0003-tests-continue-after-failure-in-mediauris-treeuris.patch
deleted file mode 100644
index 0dc9962..0000000
--- a/SOURCES/0003-tests-continue-after-failure-in-mediauris-treeuris.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 9ac796a5476d9973376fbea9d49876ddc1c7008c Mon Sep 17 00:00:00 2001
-From: Vera Cholasta <vbudikov@redhat.com>
-Date: Thu, 8 Nov 2018 20:51:19 +0100
-Subject: [PATCH] tests: continue after failure in mediauris & treeuris
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1639108
-
-Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
----
- tests/test-mediauris.c | 1 +
- tests/test-treeuris.c | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/tests/test-mediauris.c b/tests/test-mediauris.c
-index 4bf8ead..811b57f 100644
---- a/tests/test-mediauris.c
-+++ b/tests/test-mediauris.c
-@@ -116,6 +116,7 @@ main(int argc, char *argv[])
- int ret;
-
- g_test_init(&argc, &argv, NULL);
-+ g_test_set_nonfatal_assertions();
-
- g_test_add_func("/mediauris/uris", test_uris);
-
-diff --git a/tests/test-treeuris.c b/tests/test-treeuris.c
-index 2b37bfb..bba3aa0 100644
---- a/tests/test-treeuris.c
-+++ b/tests/test-treeuris.c
-@@ -116,6 +116,7 @@ main(int argc, char *argv[])
- int ret;
-
- g_test_init(&argc, &argv, NULL);
-+ g_test_set_nonfatal_assertions();
-
- g_test_add_func("/treeuris/uris", test_uris);
-
---
-2.19.1
-
diff --git a/SOURCES/0003-tree-Cleanup-_create_from_location_async_helper.patch b/SOURCES/0003-tree-Cleanup-_create_from_location_async_helper.patch
new file mode 100644
index 0000000..c5d4de8
--- /dev/null
+++ b/SOURCES/0003-tree-Cleanup-_create_from_location_async_helper.patch
@@ -0,0 +1,92 @@
+From 97d60a2e53439d6ad1a462267c3bdf0f09a6f7c8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Tue, 21 May 2019 13:33:27 +0200
+Subject: [PATCH 3/3] tree: Cleanup _create_from_location_async_helper()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+There's no need to pass neither the URL nor the cancellable to this
+function as those can be taken directly from data.
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+Reviewed-by: Cole Robinson <crobinso@redhat.com>
+(cherry picked from commit dfda02598034737610b69fdd08d62f62cbf5b0cb)
+---
+ osinfo/osinfo_tree.c | 27 ++++++++-------------------
+ 1 file changed, 8 insertions(+), 19 deletions(-)
+
+diff --git a/osinfo/osinfo_tree.c b/osinfo/osinfo_tree.c
+index ab498f0..0f14276 100644
+--- a/osinfo/osinfo_tree.c
++++ b/osinfo/osinfo_tree.c
+@@ -631,10 +631,8 @@ static OsinfoTree *load_keyinfo(const gchar *location,
+ }
+
+ static void
+-osinfo_tree_create_from_location_async_helper(const gchar *url,
+- const gchar *treeinfo,
+- GCancellable *cancellable,
+- CreateFromLocationAsyncData *data);
++osinfo_tree_create_from_location_async_helper(CreateFromLocationAsyncData *data,
++ const gchar *treeinfo);
+
+ static void on_location_read(GObject *source,
+ GAsyncResult *res,
+@@ -657,10 +655,7 @@ static void on_location_read(GObject *source,
+ /* It means no ".treeinfo" file has been found. Try again, this time
+ * looking for a "treeinfo" file. */
+ if (g_str_equal(data->treeinfo, ".treeinfo")) {
+- osinfo_tree_create_from_location_async_helper(data->location,
+- "treeinfo",
+- g_task_get_cancellable(data->res),
+- data);
++ osinfo_tree_create_from_location_async_helper(data, "treeinfo");
+ return;
+ }
+
+@@ -687,17 +682,14 @@ static void on_location_read(GObject *source,
+ }
+
+ static void
+-osinfo_tree_create_from_location_async_helper(const gchar *url,
+- const gchar *treeinfo,
+- GCancellable *cancellable,
+- CreateFromLocationAsyncData *data)
++osinfo_tree_create_from_location_async_helper(CreateFromLocationAsyncData *data,
++ const gchar *treeinfo)
+ {
+ gchar *location;
+
+- g_return_if_fail(url != NULL);
+ g_return_if_fail(treeinfo != NULL);
+
+- location = g_strdup_printf("%s/%s", url, treeinfo);
++ location = g_strdup_printf("%s/%s", data->location, treeinfo);
+
+ g_clear_object(&data->file);
+ data->file = g_file_new_for_uri(location);
+@@ -706,7 +698,7 @@ osinfo_tree_create_from_location_async_helper(const gchar *url,
+ data->treeinfo = g_strdup(treeinfo);
+
+ g_file_load_contents_async(data->file,
+- cancellable,
++ g_task_get_cancellable(data->res),
+ on_location_read,
+ data);
+ g_free(location);
+@@ -739,10 +731,7 @@ void osinfo_tree_create_from_location_async(const gchar *location,
+
+ data->location = g_strdup(location);
+
+- osinfo_tree_create_from_location_async_helper(location,
+- ".treeinfo",
+- cancellable,
+- data);
++ osinfo_tree_create_from_location_async_helper(data, ".treeinfo");
+ }
+
+
+--
+2.21.0
+
diff --git a/SOURCES/0004-rhel-Add-rhel8.0-isodata.patch b/SOURCES/0004-rhel-Add-rhel8.0-isodata.patch
deleted file mode 100644
index 3855371..0000000
--- a/SOURCES/0004-rhel-Add-rhel8.0-isodata.patch
+++ /dev/null
@@ -1,286 +0,0 @@
-From b5274811ca21ed3ff672a3530a0d78e9d034d77b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Thu, 15 Nov 2018 16:13:31 +0100
-Subject: [PATCH] rhel: Add rhel8.0 isodata
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
-Reviewed-by: Christophe Fergeau <cfergeau@redhat.com>
----
- .../RHEL-8.0-20181113.1-aarch64-boot.iso.txt | 29 +++++++++++++++++++
- .../RHEL-8.0-20181113.1-aarch64-dvd1.iso.txt | 29 +++++++++++++++++++
- .../RHEL-8.0-20181113.1-ppc64le-boot.iso.txt | 16 ++++++++++
- .../RHEL-8.0-20181113.1-ppc64le-dvd1.iso.txt | 16 ++++++++++
- .../RHEL-8.0-20181113.1-s390x-boot.iso.txt | 29 +++++++++++++++++++
- .../RHEL-8.0-20181113.1-s390x-dvd1.iso.txt | 29 +++++++++++++++++++
- .../RHEL-8.0-20181113.1-x86_64-boot.iso.txt | 29 +++++++++++++++++++
- .../RHEL-8.0-20181113.1-x86_64-dvd1.iso.txt | 29 +++++++++++++++++++
- 8 files changed, 206 insertions(+)
- create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-boot.iso.txt
- create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-dvd1.iso.txt
- create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-boot.iso.txt
- create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-dvd1.iso.txt
- create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-boot.iso.txt
- create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-dvd1.iso.txt
- create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-boot.iso.txt
- create mode 100644 tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-dvd1.iso.txt
-
-diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-boot.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-boot.iso.txt
-new file mode 100644
-index 0000000..b1b7cba
---- /dev/null
-+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-boot.iso.txt
-@@ -0,0 +1,29 @@
-+CD-ROM is in ISO 9660 format
-+System id: LINUX
-+Volume id: RHEL-8-0-BaseOS-aarch64
-+Volume set id:
-+Publisher id:
-+Data preparer id:
-+Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM
-+Copyright File id:
-+Abstract File id:
-+Bibliographic File id:
-+Volume set size is: 1
-+Volume set sequence number is: 1
-+Logical block size is: 2048
-+Volume size is: 256972
-+El Torito VD version 1 found, boot catalog is in sector 42
-+Joliet with UCS level 3 found
-+Rock Ridge signatures version 1 found
-+Eltorito validation header:
-+ Hid 1
-+ Arch 239 (Unknown Arch)
-+ ID ''
-+ Key 55 AA
-+ Eltorito defaultboot header:
-+ Bootid 88 (bootable)
-+ Boot media 0 (No Emulation Boot)
-+ Load segment 0
-+ Sys type 0
-+ Nsect 32D0
-+ Bootoff 2C 44
-diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-dvd1.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-dvd1.iso.txt
-new file mode 100644
-index 0000000..ce01c02
---- /dev/null
-+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-aarch64-dvd1.iso.txt
-@@ -0,0 +1,29 @@
-+CD-ROM is in ISO 9660 format
-+System id: LINUX
-+Volume id: RHEL-8-0-BaseOS-aarch64
-+Volume set id:
-+Publisher id:
-+Data preparer id:
-+Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM
-+Copyright File id:
-+Abstract File id:
-+Bibliographic File id:
-+Volume set size is: 1
-+Volume set sequence number is: 1
-+Logical block size is: 2048
-+Volume size is: 2867727
-+El Torito VD version 1 found, boot catalog is in sector 847
-+Joliet with UCS level 3 found
-+Rock Ridge signatures version 1 found
-+Eltorito validation header:
-+ Hid 1
-+ Arch 239 (Unknown Arch)
-+ ID ''
-+ Key 55 AA
-+ Eltorito defaultboot header:
-+ Bootid 88 (bootable)
-+ Boot media 0 (No Emulation Boot)
-+ Load segment 0
-+ Sys type 0
-+ Nsect 32D0
-+ Bootoff F08 3848
-diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-boot.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-boot.iso.txt
-new file mode 100644
-index 0000000..ccf738a
---- /dev/null
-+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-boot.iso.txt
-@@ -0,0 +1,16 @@
-+CD-ROM is in ISO 9660 format
-+System id: PPC
-+Volume id: RHEL_8_0_BaseOS_ppc64le
-+Volume set id: 8.0
-+Publisher id:
-+Data preparer id:
-+Application id: Red Hat Enterprise Linux 8.0
-+Copyright File id:
-+Abstract File id:
-+Bibliographic File id:
-+Volume set size is: 1
-+Volume set sequence number is: 1
-+Logical block size is: 2048
-+Volume size is: 279805
-+Joliet with UCS level 3 found
-+Rock Ridge signatures version 1 found
-diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-dvd1.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-dvd1.iso.txt
-new file mode 100644
-index 0000000..1eb781b
---- /dev/null
-+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-ppc64le-dvd1.iso.txt
-@@ -0,0 +1,16 @@
-+CD-ROM is in ISO 9660 format
-+System id: PPC
-+Volume id: RHEL-8-0-BaseOS-ppc64le
-+Volume set id:
-+Publisher id:
-+Data preparer id:
-+Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM
-+Copyright File id:
-+Abstract File id:
-+Bibliographic File id:
-+Volume set size is: 1
-+Volume set sequence number is: 1
-+Logical block size is: 2048
-+Volume size is: 3073014
-+Joliet with UCS level 3 found
-+Rock Ridge signatures version 1 found
-diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-boot.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-boot.iso.txt
-new file mode 100644
-index 0000000..2014004
---- /dev/null
-+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-boot.iso.txt
-@@ -0,0 +1,29 @@
-+CD-ROM is in ISO 9660 format
-+System id: LINUX
-+Volume id: RHEL-8-0-BaseOS-s390x
-+Volume set id:
-+Publisher id:
-+Data preparer id:
-+Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM
-+Copyright File id:
-+Abstract File id:
-+Bibliographic File id:
-+Volume set size is: 1
-+Volume set sequence number is: 1
-+Logical block size is: 2048
-+Volume size is: 237307
-+El Torito VD version 1 found, boot catalog is in sector 34
-+Joliet with UCS level 3 found
-+Rock Ridge signatures version 1 found
-+Eltorito validation header:
-+ Hid 1
-+ Arch 0 (x86)
-+ ID ''
-+ Key 55 AA
-+ Eltorito defaultboot header:
-+ Bootid 88 (bootable)
-+ Boot media 0 (No Emulation Boot)
-+ Load segment 0
-+ Sys type 0
-+ Nsect 4
-+ Bootoff 23 35
-diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-dvd1.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-dvd1.iso.txt
-new file mode 100644
-index 0000000..d00ccfb
---- /dev/null
-+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-s390x-dvd1.iso.txt
-@@ -0,0 +1,29 @@
-+CD-ROM is in ISO 9660 format
-+System id: LINUX
-+Volume id: RHEL-8-0-BaseOS-s390x
-+Volume set id:
-+Publisher id:
-+Data preparer id:
-+Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM
-+Copyright File id:
-+Abstract File id:
-+Bibliographic File id:
-+Volume set size is: 1
-+Volume set sequence number is: 1
-+Logical block size is: 2048
-+Volume size is: 2746748
-+El Torito VD version 1 found, boot catalog is in sector 815
-+Joliet with UCS level 3 found
-+Rock Ridge signatures version 1 found
-+Eltorito validation header:
-+ Hid 1
-+ Arch 0 (x86)
-+ ID ''
-+ Key 55 AA
-+ Eltorito defaultboot header:
-+ Bootid 88 (bootable)
-+ Boot media 0 (No Emulation Boot)
-+ Load segment 0
-+ Sys type 0
-+ Nsect 73DC
-+ Bootoff 335 821
-diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-boot.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-boot.iso.txt
-new file mode 100644
-index 0000000..07a61b8
---- /dev/null
-+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-boot.iso.txt
-@@ -0,0 +1,29 @@
-+CD-ROM is in ISO 9660 format
-+System id: LINUX
-+Volume id: RHEL-8-0-BaseOS-x86_64
-+Volume set id:
-+Publisher id:
-+Data preparer id:
-+Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM
-+Copyright File id:
-+Abstract File id:
-+Bibliographic File id:
-+Volume set size is: 1
-+Volume set sequence number is: 1
-+Logical block size is: 2048
-+Volume size is: 276128
-+El Torito VD version 1 found, boot catalog is in sector 44
-+Joliet with UCS level 3 found
-+Rock Ridge signatures version 1 found
-+Eltorito validation header:
-+ Hid 1
-+ Arch 0 (x86)
-+ ID ''
-+ Key 55 AA
-+ Eltorito defaultboot header:
-+ Bootid 88 (bootable)
-+ Boot media 0 (No Emulation Boot)
-+ Load segment 0
-+ Sys type 0
-+ Nsect 4
-+ Bootoff 4227F 270975
-diff --git a/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-dvd1.iso.txt b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-dvd1.iso.txt
-new file mode 100644
-index 0000000..e53b2aa
---- /dev/null
-+++ b/tests/isodata/rhel/rhel8.0/RHEL-8.0-20181113.1-x86_64-dvd1.iso.txt
-@@ -0,0 +1,29 @@
-+CD-ROM is in ISO 9660 format
-+System id: LINUX
-+Volume id: RHEL-8-0-BaseOS-x86_64
-+Volume set id:
-+Publisher id:
-+Data preparer id:
-+Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM
-+Copyright File id:
-+Abstract File id:
-+Bibliographic File id:
-+Volume set size is: 1
-+Volume set sequence number is: 1
-+Logical block size is: 2048
-+Volume size is: 3400439
-+El Torito VD version 1 found, boot catalog is in sector 1028
-+Joliet with UCS level 3 found
-+Rock Ridge signatures version 1 found
-+Eltorito validation header:
-+ Hid 1
-+ Arch 0 (x86)
-+ ID ''
-+ Key 55 AA
-+ Eltorito defaultboot header:
-+ Bootid 88 (bootable)
-+ Boot media 0 (No Emulation Boot)
-+ Load segment 0
-+ Sys type 0
-+ Nsect 4
-+ Bootoff 438C9 276681
---
-2.19.1
-
diff --git a/SOURCES/0004-tools-install-script-Add-config-file-f-option.patch b/SOURCES/0004-tools-install-script-Add-config-file-f-option.patch
new file mode 100644
index 0000000..be355aa
--- /dev/null
+++ b/SOURCES/0004-tools-install-script-Add-config-file-f-option.patch
@@ -0,0 +1,170 @@
+From 08fb8316b4ac42fe74c1fa5ca0ac593222cdf81a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Wed, 3 Jul 2019 14:55:24 +0200
+Subject: [PATCH] tools,install-script: Add --config-file (-f) option
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Let's add a new option so users can set their config from a file,
+instead of directly passing the values via command-line.
+
+CVE-2019-13313
+Libosinfo: osinfo-install-script option leaks password via command line
+argument. 'osinfo-install-script' is used to generate a script for
+automated guest installations. It accepts user and admin passwords via
+command line arguments, thus leaking them via process listing.
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ tools/osinfo-install-script.c | 103 +++++++++++++++++++++++++++++++++-
+ 1 file changed, 102 insertions(+), 1 deletion(-)
+
+diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
+index 15af48d..af58440 100644
+--- a/tools/osinfo-install-script.c
++++ b/tools/osinfo-install-script.c
+@@ -37,6 +37,34 @@ static gboolean list_profile = FALSE;
+ static gboolean list_inj_method = FALSE;
+ static gboolean quiet = FALSE;
+
++static const gchar *configs[] = {
++ OSINFO_INSTALL_CONFIG_PROP_HARDWARE_ARCH,
++ OSINFO_INSTALL_CONFIG_PROP_L10N_TIMEZONE,
++ OSINFO_INSTALL_CONFIG_PROP_L10N_LANGUAGE,
++ OSINFO_INSTALL_CONFIG_PROP_L10N_KEYBOARD,
++ OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD,
++ OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD,
++ OSINFO_INSTALL_CONFIG_PROP_USER_LOGIN,
++ OSINFO_INSTALL_CONFIG_PROP_USER_REALNAME,
++ OSINFO_INSTALL_CONFIG_PROP_USER_AUTOLOGIN,
++ OSINFO_INSTALL_CONFIG_PROP_USER_ADMIN,
++ OSINFO_INSTALL_CONFIG_PROP_REG_LOGIN,
++ OSINFO_INSTALL_CONFIG_PROP_REG_PASSWORD,
++ OSINFO_INSTALL_CONFIG_PROP_REG_PRODUCTKEY,
++ OSINFO_INSTALL_CONFIG_PROP_HOSTNAME,
++ OSINFO_INSTALL_CONFIG_PROP_TARGET_DISK,
++ OSINFO_INSTALL_CONFIG_PROP_SCRIPT_DISK,
++ OSINFO_INSTALL_CONFIG_PROP_AVATAR_LOCATION,
++ OSINFO_INSTALL_CONFIG_PROP_AVATAR_DISK,
++ OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_DISK,
++ OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_LOCATION,
++ OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_DISK,
++ OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION,
++ OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
++ OSINFO_INSTALL_CONFIG_PROP_INSTALLATION_URL,
++ NULL
++};
++
+ static OsinfoInstallConfig *config;
+
+ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
+@@ -65,6 +93,47 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
+ }
+
+
++static gboolean handle_config_file(const gchar *option_name G_GNUC_UNUSED,
++ const gchar *value,
++ gpointer data G_GNUC_UNUSED,
++ GError **error)
++{
++ GKeyFile *key_file = NULL;
++ gchar *val = NULL;
++ gsize i;
++ gboolean ret = FALSE;
++
++ key_file = g_key_file_new();
++ if (!g_key_file_load_from_file(key_file, value, G_KEY_FILE_NONE, error))
++ goto error;
++
++ for (i = 0; configs[i] != NULL; i++) {
++ val = g_key_file_get_string(key_file, "install-script", configs[i], error);
++ if (val == NULL) {
++ if (g_error_matches(*error, G_KEY_FILE_ERROR,
++ G_KEY_FILE_ERROR_KEY_NOT_FOUND)) {
++ g_clear_error(error);
++ continue;
++ }
++
++ goto error;
++ }
++
++ osinfo_entity_set_param(OSINFO_ENTITY(config),
++ configs[i],
++ val);
++ g_free(val);
++ }
++
++ ret = TRUE;
++
++error:
++ g_key_file_unref(key_file);
++
++ return ret;
++}
++
++
+ static GOptionEntry entries[] =
+ {
+ { "profile", 'p', 0, G_OPTION_ARG_STRING, (void*)&profile,
+@@ -78,6 +147,9 @@ static GOptionEntry entries[] =
+ { "config", 'c', 0, G_OPTION_ARG_CALLBACK,
+ handle_config,
+ N_("Set configuration parameter"), "key=value" },
++ { "config-file", 'f', 0, G_OPTION_ARG_CALLBACK,
++ handle_config_file,
++ N_("Set configuration parameters"), "file:///path/to/config/file" },
+ { "list-config", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_config,
+ N_("List configuration parameters"), NULL },
+ { "list-profiles", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_profile,
+@@ -448,6 +520,15 @@ script. Defaults to C<media>, but can also be C<network>.
+
+ Set the configuration parameter C<key> to C<value>.
+
++=item B<--config-file=config-file>
++
++Set the configurations parameters according to the config-file passed.
++
++Note that use of --config-file is strongly recommended if the user or
++admin passwords need to be set. Providing passwords directly using
++B<--config=> is insecure as the password is visible to all processes
++and users on the same host.
++
+ =back
+
+ =head1 CONFIGURATION KEYS
+@@ -510,9 +591,29 @@ The software registration user password
+
+ =back
+
++=head1 CONFIGURATION FILE FORMAT
++
++The configuration file must consist in a file which contains a
++`install-script` group and, under this group, C<key>=C<value>
++pairs, as shown below:
++
++[install-script]
++l10n-timezone=GMT
++l10n-keyboard=uk
++l10n-language=en_GB
++admin-password=123456
++user-login=berrange
++user-password=123456
++user-realname="Daniel P Berrange"
++
+ =head1 EXAMPLE USAGE
+
+-The following usage generates a Fedora 16 kickstart script
++The following usages generates a Fedora 16 kickstart script
++
++ # osinfo-install-script \
++ --profile jeos \
++ --config-file /path/to/config/file \
++ fedora16
+
+ # osinfo-install-script \
+ --profile jeos \
+--
+2.21.0
+
diff --git a/SOURCES/0005-tools-install-script-Deprecate-config-user-admin-pas.patch b/SOURCES/0005-tools-install-script-Deprecate-config-user-admin-pas.patch
new file mode 100644
index 0000000..3889bfd
--- /dev/null
+++ b/SOURCES/0005-tools-install-script-Deprecate-config-user-admin-pas.patch
@@ -0,0 +1,59 @@
+From 3654abee6ead9f11f8bb9ba8fc71efd6fa4dabbc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Wed, 3 Jul 2019 14:59:07 +0200
+Subject: [PATCH] tools,install-script: Deprecate --config
+ {user,admin}-password
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Let's deprecate user-password and admin-password options of --config and
+also warn out whenever they're passed to osinfo-install-script.
+
+CVE-2019-13313
+Libosinfo: osinfo-install-script option leaks password via command line
+argument. 'osinfo-install-script' is used to generate a script for
+automated guest installations. It accepts user and admin passwords via
+command line arguments, thus leaking them via process listing.
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ tools/osinfo-install-script.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
+index af58440..c0528e7 100644
+--- a/tools/osinfo-install-script.c
++++ b/tools/osinfo-install-script.c
+@@ -85,6 +85,12 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
+ val++;
+ key = g_strndup(value, len);
+
++ if (g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD) ||
++ g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD)) {
++ g_warning("When setting user or admin password, use --config-file "
++ "instead.\n");
++ }
++
+ osinfo_entity_set_param(OSINFO_ENTITY(config),
+ key,
+ val);
+@@ -556,10 +562,14 @@ The local language
+ =item C<admin-password>
+
+ The administrator password
++This option has been deprecated, use B<--config-file>
++for setting the admin password.
+
+ =item C<user-password>
+
+ The user password
++This option has been deprecated, use B<--config-file>
++for setting the user password.
+
+ =item C<user-login>
+
+--
+2.21.0
+
diff --git a/SPECS/libosinfo.spec b/SPECS/libosinfo.spec
index 2463551..e2a3c86 100644
--- a/SPECS/libosinfo.spec
+++ b/SPECS/libosinfo.spec
@@ -2,19 +2,21 @@
Summary: A library for managing OS information for virtualization
Name: libosinfo
-Version: 1.2.0
-Release: 5%{?dist}%{?extra_release}
+Version: 1.5.0
+Release: 3%{?dist}%{?extra_release}
License: LGPLv2+
Group: Development/Libraries
Source: https://releases.pagure.io/%{name}/%{name}-%{version}.tar.gz
URL: https://libosinfo.org/
### Patches ###
-Patch0001: 0001-test-isodetect-replace-while-loop-with-for-loop.patch
-Patch0002: 0002-test-isodetect-continue-after-failure.patch
-Patch0003: 0003-tests-continue-after-failure-in-mediauris-treeuris.patch
-Patch0004: 0004-rhel-Add-rhel8.0-isodata.patch
+Patch0001: 0001-db-Avoid-dereference-of-null-pointer.patch
+Patch0002: 0002-tree-Avoid-use-of-memory-after-it-s-freed.patch
+Patch0003: 0003-tree-Cleanup-_create_from_location_async_helper.patch
+Patch0004: 0004-tools-install-script-Add-config-file-f-option.patch
+Patch0005: 0005-tools-install-script-Deprecate-config-user-admin-pas.patch
+BuildRequires: git
BuildRequires: intltool
BuildRequires: glib2-devel >= 2.38
BuildRequires: libxml2-devel >= 2.6.0
@@ -25,10 +27,10 @@ BuildRequires: libcurl-devel
BuildRequires: /usr/bin/pod2man
BuildRequires: hwdata
BuildRequires: gobject-introspection-devel
-BuildRequires: osinfo-db >= 20181011-7
Requires: hwdata
Requires: osinfo-db >= 20181011-1
Requires: osinfo-db-tools
+Requires: gvfs
%description
libosinfo is a library that allows virtualization provisioning tools to
@@ -62,11 +64,7 @@ combination.
This package provides the Vala bindings for libosinfo library.
%prep
-%setup -q
-
-for p in %patches ; do
- %__patch -p1 -i $p
-done
+%autosetup -S git
%build
autoreconf -vi
@@ -121,6 +119,17 @@ fi
%{_datadir}/vala/vapi/libosinfo-1.0.vapi
%changelog
+* Wed Jul 10 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.5.0-3
+- Resolves: rhbz#1727843 - CVE-2019-13313 libosinfo: osinfo-install-script
+ option leaks password via command line argument
+
+* Wed May 22 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.5.0-2
+- Resolves: rhbz#1712425 - New defects found in libosinfo-1.5.0-1.el8
+
+* Fri May 10 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.5.0-1
+- Update to 1.5.0 release
+- Resolves: rhbz#1699988 - Rebase to the latest upstream release
+
* Fri Nov 30 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.2.0-5
- Related: rhbz#1650197 - Fix volume-ids for rhel8.0 entry