From 1d4d7ce5b15955d35b6c3b2336fc5da6cf98a06a Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 01 2019 21:45:44 +0000 Subject: import osinfo-db-tools-1.5.0-4.el8 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a8f81a6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/osinfo-db-tools-1.5.0.tar.gz diff --git a/.osinfo-db-tools.metadata b/.osinfo-db-tools.metadata new file mode 100644 index 0000000..e856d69 --- /dev/null +++ b/.osinfo-db-tools.metadata @@ -0,0 +1 @@ +859f5ee44bde621da7da3ed90b52d5848baf3004 SOURCES/osinfo-db-tools-1.5.0.tar.gz diff --git a/SOURCES/0001-import-Don-t-call-unlink-NULL.patch b/SOURCES/0001-import-Don-t-call-unlink-NULL.patch new file mode 100644 index 0000000..264027a --- /dev/null +++ b/SOURCES/0001-import-Don-t-call-unlink-NULL.patch @@ -0,0 +1,53 @@ +From ab1b0bf0f3611b556627f42e5accb1063acd91cc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= +Date: Mon, 20 May 2019 14:19:01 +0200 +Subject: [PATCH 1/3] import: Don't call unlink(NULL) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Although `man 3 unlink` doesn't mention what should be the unlink() +behaviour when NULL is passed to it, both coverity and clang complains +about that. + +Error: FORWARD_NULL (CWE-476): +osinfo-db-tools-1.5.0/tools/osinfo-db-import.c:157: var_compare_op: +Comparing "*source_file" to null implies that "*source_file" might be +null. +osinfo-db-tools-1.5.0/tools/osinfo-db-import.c:181: var_deref_model: +Passing null pointer "*source_file" to "unlink", which dereferences it. + # 179| g_error_free(err); + # 180| if (ret != 0) + # 181|-> unlink(*source_file); + # 182| + # 183| return ret; + +Error: CLANG_WARNING: +osinfo-db-tools-1.5.0/tools/osinfo-db-import.c:181:9: warning: Null +pointer passed as an argument to a 'nonnull' parameter + # unlink(*source_file); + # ^ + +Signed-off-by: Fabiano Fidêncio +Reviewed-by: Cole Robinson +(cherry picked from commit 07be7309d830419c27ec65c76905d1e23219f480) +--- + tools/osinfo-db-import.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/osinfo-db-import.c b/tools/osinfo-db-import.c +index 920f71b..11e68ae 100644 +--- a/tools/osinfo-db-import.c ++++ b/tools/osinfo-db-import.c +@@ -177,7 +177,7 @@ osinfo_db_import_download_file(GFile *file, + g_object_unref(out); + if (err != NULL) + g_error_free(err); +- if (ret != 0) ++ if (ret != 0 && *source_file != NULL) + unlink(*source_file); + + return ret; +-- +2.21.0 + diff --git a/SOURCES/0002-export-Remove-unused-variable.patch b/SOURCES/0002-export-Remove-unused-variable.patch new file mode 100644 index 0000000..7ef64ee --- /dev/null +++ b/SOURCES/0002-export-Remove-unused-variable.patch @@ -0,0 +1,62 @@ +From 125f04cb6d742fb13f691cfbff54437014a399bd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= +Date: Mon, 20 May 2019 14:25:34 +0200 +Subject: [PATCH 2/3] export: Remove unused variable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +err is declared, set to NULL, but never used in +osinfo_db_export_create(). + +Error: DEADCODE (CWE-561): +osinfo-db-tools-1.5.0/tools/osinfo-db-export.c:410: assignment: +Assigning: "err" = "NULL". +osinfo-db-tools-1.5.0/tools/osinfo-db-export.c:448: null: At condition +"err", the value of "err" must be "NULL". +osinfo-db-tools-1.5.0/tools/osinfo-db-export.c:448: dead_error_condition: +The condition "err" cannot be true. +osinfo-db-tools-1.5.0/tools/osinfo-db-export.c:449: dead_error_line: +Execution cannot reach this statement: "g_error_free(err);". +osinfo-db-tools-1.5.0/tools/osinfo-db-export.c:449: effectively_constant: +Local variable "err" is assigned only once, to a constant value, making +it effectively constant throughout its scope. If this is not the intent, +examine the logic to see if there is a missing assigment that would make +"err" not remain constant. + # 447| archive_write_free(arc); + # 448| if (err) + # 449|-> g_error_free(err); + # 450| return ret; + # 451| } + +Signed-off-by: Fabiano Fidêncio +Reviewed-by: Cole Robinson +(cherry picked from commit 2d747c637c78c000002f97880436d94cc08a6b5c) +--- + tools/osinfo-db-export.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/tools/osinfo-db-export.c b/tools/osinfo-db-export.c +index 3137e1d..eef6688 100644 +--- a/tools/osinfo-db-export.c ++++ b/tools/osinfo-db-export.c +@@ -407,7 +407,6 @@ static int osinfo_db_export_create(const gchar *prefix, + struct archive *arc; + int ret = -1; + int r; +- GError *err = NULL; + + arc = archive_write_new(); + +@@ -445,8 +444,6 @@ static int osinfo_db_export_create(const gchar *prefix, + ret = 0; + cleanup: + archive_write_free(arc); +- if (err) +- g_error_free(err); + return ret; + } + +-- +2.21.0 + diff --git a/SOURCES/0003-validate-Don-t-leak-files.patch b/SOURCES/0003-validate-Don-t-leak-files.patch new file mode 100644 index 0000000..4f1c8d9 --- /dev/null +++ b/SOURCES/0003-validate-Don-t-leak-files.patch @@ -0,0 +1,36 @@ +From f4f65ea3e895eaab87af049300d2d69ba3d51c9f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= +Date: Mon, 20 May 2019 14:28:22 +0200 +Subject: [PATCH 3/3] validate: Don't leak "files" +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Error: CLANG_WARNING: +osinfo-db-tools-1.5.0/tools/osinfo-db-validate.c:319:9: warning: +Potential leak of memory pointed to by 'files' + # g_printerr("%s\n", error->message); + # ^ + +Signed-off-by: Fabiano Fidêncio +Reviewed-by: Cole Robinson +(cherry picked from commit 7ac63b928df3f445ede81cac0ade0ed6d810c3cb) +--- + tools/osinfo-db-validate.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tools/osinfo-db-validate.c b/tools/osinfo-db-validate.c +index 0e28e1c..7fd87d2 100644 +--- a/tools/osinfo-db-validate.c ++++ b/tools/osinfo-db-validate.c +@@ -327,6 +327,7 @@ gint main(gint argc, gchar **argv) + g_object_unref(schema); + if (dir) + g_object_unref(dir); ++ g_free(files); + g_clear_error(&error); + g_option_context_free(context); + +-- +2.21.0 + diff --git a/SOURCES/0004-import-Don-t-call-unlink-NULL-in-_import_extract.patch b/SOURCES/0004-import-Don-t-call-unlink-NULL-in-_import_extract.patch new file mode 100644 index 0000000..2f0d1f3 --- /dev/null +++ b/SOURCES/0004-import-Don-t-call-unlink-NULL-in-_import_extract.patch @@ -0,0 +1,43 @@ +From 66cdd50832a99e175079bfb36a321fd9499c6f0e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= +Date: Wed, 22 May 2019 18:06:28 +0200 +Subject: [PATCH] import: Don't call unlink(NULL) in _import_extract() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Similarly to the issue fixed by ae52b0fbc, here we're also potentially +passing NULL to unlink(). + +Error: FORWARD_NULL (CWE-476): +osinfo-db-tools-1.5.0/tools/osinfo-db-import.c:332: var_compare_op: Comparing "source_file" to null implies that "source_file" might be null. +osinfo-db-tools-1.5.0/tools/osinfo-db-import.c:374: var_deref_model: Passing null pointer "source_file" to "unlink", which dereferences it. + # 372| g_object_unref(file); + # 373| if (!file_is_native) + # 374|-> unlink(source_file); + # 375| g_free(source_file); + # 376| return ret; + +Signed-off-by: Fabiano Fidêncio +Reviewed-by: Cole Robinson +(cherry picked from commit 69eb33ad4207c76c0738bfa00b40c97892bab0ad) +--- + tools/osinfo-db-import.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/osinfo-db-import.c b/tools/osinfo-db-import.c +index 11e68ae..675961d 100644 +--- a/tools/osinfo-db-import.c ++++ b/tools/osinfo-db-import.c +@@ -370,7 +370,7 @@ static int osinfo_db_import_extract(GFile *target, + archive_read_free(arc); + if (file) + g_object_unref(file); +- if (!file_is_native) ++ if (!file_is_native && source_file != NULL) + unlink(source_file); + g_free(source_file); + return ret; +-- +2.21.0 + diff --git a/SPECS/osinfo-db-tools.spec b/SPECS/osinfo-db-tools.spec new file mode 100644 index 0000000..4afe45d --- /dev/null +++ b/SPECS/osinfo-db-tools.spec @@ -0,0 +1,104 @@ +# -*- rpm-spec -*- + +Summary: Tools for managing the osinfo database +Name: osinfo-db-tools +Version: 1.5.0 +Release: 4%{?dist} +License: GPLv2+ +Source: https://releases.pagure.io/libosinfo/%{name}-%{version}.tar.gz +URL: http://libosinfo.org/ + +### Patches ### +Patch0001: 0001-import-Don-t-call-unlink-NULL.patch +Patch0002: 0002-export-Remove-unused-variable.patch +Patch0003: 0003-validate-Don-t-leak-files.patch +Patch0004: 0004-import-Don-t-call-unlink-NULL-in-_import_extract.patch + +BuildRequires: intltool +BuildRequires: glib2-devel +BuildRequires: libxml2-devel >= 2.6.0 +BuildRequires: libxslt-devel >= 1.0.0 +BuildRequires: libarchive-devel +BuildRequires: /usr/bin/pod2man +BuildRequires: json-glib-devel +BuildRequires: python3 +BuildRequires: python3-pytest +BuildRequires: python3-requests +Requires: gvfs + +%description +This package provides tools for managing the osinfo database of +information about operating systems for use with virtualization + +%prep +%setup -q + +for p in %patches ; do + %__patch -p1 -i $p +done + +%build +%configure +%__make %{?_smp_mflags} V=1 + +%check +if ! make check +then + cat tests/test-suite.log || true + exit 1 +fi + +%install +%__make install DESTDIR=%{buildroot} + +%find_lang %{name} + +%files -f %{name}.lang +%doc AUTHORS ChangeLog NEWS README +%license COPYING +%{_bindir}/osinfo-db-export +%{_bindir}/osinfo-db-import +%{_bindir}/osinfo-db-path +%{_bindir}/osinfo-db-validate +%{_mandir}/man1/osinfo-db-export.1* +%{_mandir}/man1/osinfo-db-import.1* +%{_mandir}/man1/osinfo-db-path.1* +%{_mandir}/man1/osinfo-db-validate.1* + +%changelog +* Wed May 22 2019 Fabiano Fidêncio - 1.5.0-4 +- Related: rhbz#1712426 - New defects found in + osinfo-db-tools-1.5.0-2.el8 + +* Wed May 22 2019 Fabiano Fidêncio - 1.5.0-3 +- Resolves: rhbz#1712426 - New defects found in + osinfo-db-tools-1.5.0-2.el8 + +* Mon May 20 2019 Fabiano Fidêncio - 1.5.0-2 +- Resolves: rhbz#1681879 - osinfo-db-tools changes blocked until gating + tests are added + +* Fri May 10 2019 Fabiano Fidêncio - 1.5.0-1 +- Update to 1.3.0 release +- Resolves: rhbz#1699989 - Rebase to the latest upstream release + +* Wed Jun 20 2018 Daniel P. Berrangé - 1.2.0-1 +- Update to 1.2.0 release + +* Thu Feb 08 2018 Fedora Release Engineering - 1.1.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 1.1.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 1.1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 1.1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Oct 26 2016 Daniel P. Berrange - 1.1.0-1 +- Update to 1.1.0 release + +* Fri Jul 29 2016 Daniel P. Berrange - 1.0.0-1 +- Initial package after split from libosinfo (rhbz #1361594)