import libosinfo-1.8.0-1.el8

This commit is contained in:
CentOS Sources 2020-07-28 07:11:03 -04:00 committed by Stepan Oksanichenko
parent a6b67eaaca
commit 2073b70415
8 changed files with 32 additions and 484 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/libosinfo-1.5.0.tar.gz
SOURCES/libosinfo-1.8.0.tar.xz

View File

@ -1 +1 @@
0ec54e6e1972c4fbfc97179f943d4f9a2902b879 SOURCES/libosinfo-1.5.0.tar.gz
49c18e72a894422ef88c1df8a940375b4ad5792a SOURCES/libosinfo-1.8.0.tar.xz

View File

@ -1,62 +0,0 @@
From cb509ad153a35053e1e003d73fd0ece53bd2c3d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Tue, 21 May 2019 13:01:26 +0200
Subject: [PATCH 1/3] db: Avoid dereference of null pointer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
As any consumer of libosinfo API may pass NULL as the @matched argument
of compare_tree(), the current code could be dereferencing a NULL
pointer when calling `osinfo_tree_set_os()`.
In order to avoid doing so, let's set the os to the OsinfoTree at the
moment the @matched argument is set.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
(cherry picked from commit 949ad5e05480470ba1a5913fbec538314807dfc2)
---
osinfo/osinfo_db.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/osinfo/osinfo_db.c b/osinfo/osinfo_db.c
index b7da2b7..c4cd1e4 100644
--- a/osinfo/osinfo_db.c
+++ b/osinfo/osinfo_db.c
@@ -790,6 +790,7 @@ static gboolean compare_tree(OsinfoTree *tree,
OsinfoTreeList *tree_list = osinfo_os_get_tree_list(os);
GList *trees = osinfo_list_get_elements(OSINFO_LIST(tree_list));
GList *tree_iter;
+ gboolean found = FALSE;
for (tree_iter = trees; tree_iter; tree_iter = tree_iter->next) {
OsinfoTree *os_tree = OSINFO_TREE(tree_iter->data);
@@ -820,8 +821,11 @@ static gboolean compare_tree(OsinfoTree *tree,
match_regex(os_treeinfo_version, treeinfo_version) &&
match_regex(os_treeinfo_arch, treeinfo_arch)) {
*ret_os = os;
- if (matched != NULL)
+ if (matched != NULL) {
*matched = os_tree;
+ osinfo_tree_set_os(*matched, *ret_os);
+ found = TRUE;
+ }
break;
}
}
@@ -829,10 +833,8 @@ static gboolean compare_tree(OsinfoTree *tree,
g_list_free(trees);
g_object_unref(tree_list);
- if (*ret_os != NULL) {
- osinfo_tree_set_os(*matched, *ret_os);
+ if (found)
return TRUE;
- }
}
return FALSE;
--
2.21.0

View File

@ -1,50 +0,0 @@
From d1baaf2946513be06f97ab66e7845e14073add3d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Tue, 21 May 2019 13:29:18 +0200
Subject: [PATCH 2/3] tree: Avoid use of memory after it's freed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We've been passing data->location as the @url argument of
osinfo_tree_create_from_location_async_helper(), freeing it and trying
to g_strdup() it as the new content of data->location.
In order to avoid doing so, let's set the data->location only once, in
the first caller of osinfo_tree_create_from_location_async_helper(), as
its content is always going to be the same doesn't matter the treeinfo
format to be used with.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
(cherry picked from commit d7bc838a96acf5f058e13d2b49157b4ba396cd87)
---
osinfo/osinfo_tree.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/osinfo/osinfo_tree.c b/osinfo/osinfo_tree.c
index 88a2d6e..ab498f0 100644
--- a/osinfo/osinfo_tree.c
+++ b/osinfo/osinfo_tree.c
@@ -702,9 +702,6 @@ osinfo_tree_create_from_location_async_helper(const gchar *url,
g_clear_object(&data->file);
data->file = g_file_new_for_uri(location);
- g_free(data->location);
- data->location = g_strdup(url);
-
g_free(data->treeinfo);
data->treeinfo = g_strdup(treeinfo);
@@ -740,6 +737,8 @@ void osinfo_tree_create_from_location_async(const gchar *location,
user_data);
g_task_set_priority(data->res, priority);
+ data->location = g_strdup(location);
+
osinfo_tree_create_from_location_async_helper(location,
".treeinfo",
cancellable,
--
2.21.0

View File

@ -1,92 +0,0 @@
From 97d60a2e53439d6ad1a462267c3bdf0f09a6f7c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Tue, 21 May 2019 13:33:27 +0200
Subject: [PATCH 3/3] tree: Cleanup _create_from_location_async_helper()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
There's no need to pass neither the URL nor the cancellable to this
function as those can be taken directly from data.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
(cherry picked from commit dfda02598034737610b69fdd08d62f62cbf5b0cb)
---
osinfo/osinfo_tree.c | 27 ++++++++-------------------
1 file changed, 8 insertions(+), 19 deletions(-)
diff --git a/osinfo/osinfo_tree.c b/osinfo/osinfo_tree.c
index ab498f0..0f14276 100644
--- a/osinfo/osinfo_tree.c
+++ b/osinfo/osinfo_tree.c
@@ -631,10 +631,8 @@ static OsinfoTree *load_keyinfo(const gchar *location,
}
static void
-osinfo_tree_create_from_location_async_helper(const gchar *url,
- const gchar *treeinfo,
- GCancellable *cancellable,
- CreateFromLocationAsyncData *data);
+osinfo_tree_create_from_location_async_helper(CreateFromLocationAsyncData *data,
+ const gchar *treeinfo);
static void on_location_read(GObject *source,
GAsyncResult *res,
@@ -657,10 +655,7 @@ static void on_location_read(GObject *source,
/* It means no ".treeinfo" file has been found. Try again, this time
* looking for a "treeinfo" file. */
if (g_str_equal(data->treeinfo, ".treeinfo")) {
- osinfo_tree_create_from_location_async_helper(data->location,
- "treeinfo",
- g_task_get_cancellable(data->res),
- data);
+ osinfo_tree_create_from_location_async_helper(data, "treeinfo");
return;
}
@@ -687,17 +682,14 @@ static void on_location_read(GObject *source,
}
static void
-osinfo_tree_create_from_location_async_helper(const gchar *url,
- const gchar *treeinfo,
- GCancellable *cancellable,
- CreateFromLocationAsyncData *data)
+osinfo_tree_create_from_location_async_helper(CreateFromLocationAsyncData *data,
+ const gchar *treeinfo)
{
gchar *location;
- g_return_if_fail(url != NULL);
g_return_if_fail(treeinfo != NULL);
- location = g_strdup_printf("%s/%s", url, treeinfo);
+ location = g_strdup_printf("%s/%s", data->location, treeinfo);
g_clear_object(&data->file);
data->file = g_file_new_for_uri(location);
@@ -706,7 +698,7 @@ osinfo_tree_create_from_location_async_helper(const gchar *url,
data->treeinfo = g_strdup(treeinfo);
g_file_load_contents_async(data->file,
- cancellable,
+ g_task_get_cancellable(data->res),
on_location_read,
data);
g_free(location);
@@ -739,10 +731,7 @@ void osinfo_tree_create_from_location_async(const gchar *location,
data->location = g_strdup(location);
- osinfo_tree_create_from_location_async_helper(location,
- ".treeinfo",
- cancellable,
- data);
+ osinfo_tree_create_from_location_async_helper(data, ".treeinfo");
}
--
2.21.0

View File

@ -1,170 +0,0 @@
From 08fb8316b4ac42fe74c1fa5ca0ac593222cdf81a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Wed, 3 Jul 2019 14:55:24 +0200
Subject: [PATCH] tools,install-script: Add --config-file (-f) option
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Let's add a new option so users can set their config from a file,
instead of directly passing the values via command-line.
CVE-2019-13313
Libosinfo: osinfo-install-script option leaks password via command line
argument. 'osinfo-install-script' is used to generate a script for
automated guest installations. It accepts user and admin passwords via
command line arguments, thus leaking them via process listing.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
tools/osinfo-install-script.c | 103 +++++++++++++++++++++++++++++++++-
1 file changed, 102 insertions(+), 1 deletion(-)
diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
index 15af48d..af58440 100644
--- a/tools/osinfo-install-script.c
+++ b/tools/osinfo-install-script.c
@@ -37,6 +37,34 @@ static gboolean list_profile = FALSE;
static gboolean list_inj_method = FALSE;
static gboolean quiet = FALSE;
+static const gchar *configs[] = {
+ OSINFO_INSTALL_CONFIG_PROP_HARDWARE_ARCH,
+ OSINFO_INSTALL_CONFIG_PROP_L10N_TIMEZONE,
+ OSINFO_INSTALL_CONFIG_PROP_L10N_LANGUAGE,
+ OSINFO_INSTALL_CONFIG_PROP_L10N_KEYBOARD,
+ OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD,
+ OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD,
+ OSINFO_INSTALL_CONFIG_PROP_USER_LOGIN,
+ OSINFO_INSTALL_CONFIG_PROP_USER_REALNAME,
+ OSINFO_INSTALL_CONFIG_PROP_USER_AUTOLOGIN,
+ OSINFO_INSTALL_CONFIG_PROP_USER_ADMIN,
+ OSINFO_INSTALL_CONFIG_PROP_REG_LOGIN,
+ OSINFO_INSTALL_CONFIG_PROP_REG_PASSWORD,
+ OSINFO_INSTALL_CONFIG_PROP_REG_PRODUCTKEY,
+ OSINFO_INSTALL_CONFIG_PROP_HOSTNAME,
+ OSINFO_INSTALL_CONFIG_PROP_TARGET_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_SCRIPT_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_AVATAR_LOCATION,
+ OSINFO_INSTALL_CONFIG_PROP_AVATAR_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_LOCATION,
+ OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION,
+ OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
+ OSINFO_INSTALL_CONFIG_PROP_INSTALLATION_URL,
+ NULL
+};
+
static OsinfoInstallConfig *config;
static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
@@ -65,6 +93,47 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
}
+static gboolean handle_config_file(const gchar *option_name G_GNUC_UNUSED,
+ const gchar *value,
+ gpointer data G_GNUC_UNUSED,
+ GError **error)
+{
+ GKeyFile *key_file = NULL;
+ gchar *val = NULL;
+ gsize i;
+ gboolean ret = FALSE;
+
+ key_file = g_key_file_new();
+ if (!g_key_file_load_from_file(key_file, value, G_KEY_FILE_NONE, error))
+ goto error;
+
+ for (i = 0; configs[i] != NULL; i++) {
+ val = g_key_file_get_string(key_file, "install-script", configs[i], error);
+ if (val == NULL) {
+ if (g_error_matches(*error, G_KEY_FILE_ERROR,
+ G_KEY_FILE_ERROR_KEY_NOT_FOUND)) {
+ g_clear_error(error);
+ continue;
+ }
+
+ goto error;
+ }
+
+ osinfo_entity_set_param(OSINFO_ENTITY(config),
+ configs[i],
+ val);
+ g_free(val);
+ }
+
+ ret = TRUE;
+
+error:
+ g_key_file_unref(key_file);
+
+ return ret;
+}
+
+
static GOptionEntry entries[] =
{
{ "profile", 'p', 0, G_OPTION_ARG_STRING, (void*)&profile,
@@ -78,6 +147,9 @@ static GOptionEntry entries[] =
{ "config", 'c', 0, G_OPTION_ARG_CALLBACK,
handle_config,
N_("Set configuration parameter"), "key=value" },
+ { "config-file", 'f', 0, G_OPTION_ARG_CALLBACK,
+ handle_config_file,
+ N_("Set configuration parameters"), "file:///path/to/config/file" },
{ "list-config", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_config,
N_("List configuration parameters"), NULL },
{ "list-profiles", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_profile,
@@ -448,6 +520,15 @@ script. Defaults to C<media>, but can also be C<network>.
Set the configuration parameter C<key> to C<value>.
+=item B<--config-file=config-file>
+
+Set the configurations parameters according to the config-file passed.
+
+Note that use of --config-file is strongly recommended if the user or
+admin passwords need to be set. Providing passwords directly using
+B<--config=> is insecure as the password is visible to all processes
+and users on the same host.
+
=back
=head1 CONFIGURATION KEYS
@@ -510,9 +591,29 @@ The software registration user password
=back
+=head1 CONFIGURATION FILE FORMAT
+
+The configuration file must consist in a file which contains a
+`install-script` group and, under this group, C<key>=C<value>
+pairs, as shown below:
+
+[install-script]
+l10n-timezone=GMT
+l10n-keyboard=uk
+l10n-language=en_GB
+admin-password=123456
+user-login=berrange
+user-password=123456
+user-realname="Daniel P Berrange"
+
=head1 EXAMPLE USAGE
-The following usage generates a Fedora 16 kickstart script
+The following usages generates a Fedora 16 kickstart script
+
+ # osinfo-install-script \
+ --profile jeos \
+ --config-file /path/to/config/file \
+ fedora16
# osinfo-install-script \
--profile jeos \
--
2.21.0

View File

@ -1,59 +0,0 @@
From 3654abee6ead9f11f8bb9ba8fc71efd6fa4dabbc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Wed, 3 Jul 2019 14:59:07 +0200
Subject: [PATCH] tools,install-script: Deprecate --config
{user,admin}-password
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Let's deprecate user-password and admin-password options of --config and
also warn out whenever they're passed to osinfo-install-script.
CVE-2019-13313
Libosinfo: osinfo-install-script option leaks password via command line
argument. 'osinfo-install-script' is used to generate a script for
automated guest installations. It accepts user and admin passwords via
command line arguments, thus leaking them via process listing.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
tools/osinfo-install-script.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
index af58440..c0528e7 100644
--- a/tools/osinfo-install-script.c
+++ b/tools/osinfo-install-script.c
@@ -85,6 +85,12 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
val++;
key = g_strndup(value, len);
+ if (g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD) ||
+ g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD)) {
+ g_warning("When setting user or admin password, use --config-file "
+ "instead.\n");
+ }
+
osinfo_entity_set_param(OSINFO_ENTITY(config),
key,
val);
@@ -556,10 +562,14 @@ The local language
=item C<admin-password>
The administrator password
+This option has been deprecated, use B<--config-file>
+for setting the admin password.
=item C<user-password>
The user password
+This option has been deprecated, use B<--config-file>
+for setting the user password.
=item C<user-login>
--
2.21.0

View File

@ -2,35 +2,31 @@
Summary: A library for managing OS information for virtualization
Name: libosinfo
Version: 1.5.0
Release: 3%{?dist}%{?extra_release}
Version: 1.8.0
Release: 1%{?dist}
License: LGPLv2+
Group: Development/Libraries
Source: https://releases.pagure.io/%{name}/%{name}-%{version}.tar.gz
Source: https://releases.pagure.io/%{name}/%{name}-%{version}.tar.xz
URL: https://libosinfo.org/
### Patches ###
Patch0001: 0001-db-Avoid-dereference-of-null-pointer.patch
Patch0002: 0002-tree-Avoid-use-of-memory-after-it-s-freed.patch
Patch0003: 0003-tree-Cleanup-_create_from_location_async_helper.patch
Patch0004: 0004-tools-install-script-Add-config-file-f-option.patch
Patch0005: 0005-tools-install-script-Deprecate-config-user-admin-pas.patch
BuildRequires: git
BuildRequires: intltool
BuildRequires: glib2-devel >= 2.38
BuildRequires: meson
BuildRequires: gcc
BuildRequires: gtk-doc
BuildRequires: gettext-devel
BuildRequires: glib2-devel
BuildRequires: libxml2-devel >= 2.6.0
BuildRequires: libxslt-devel >= 1.0.0
BuildRequires: libsoup-devel
BuildRequires: vala
BuildRequires: vala-tools
BuildRequires: libcurl-devel
BuildRequires: /usr/bin/pod2man
BuildRequires: hwdata
BuildRequires: gobject-introspection-devel
BuildRequires: osinfo-db
BuildRequires: git
Requires: hwdata
Requires: osinfo-db >= 20181011-1
Requires: osinfo-db
Requires: osinfo-db-tools
Requires: gvfs
%description
libosinfo is a library that allows virtualization provisioning tools to
@ -39,10 +35,12 @@ combination.
%package devel
Summary: Libraries, includes, etc. to compile with the libosinfo library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: pkgconfig
Requires: glib2-devel
# -vala subpackage removed in F30
Obsoletes: libosinfo-vala < 1.3.0-3
Provides: libosinfo-vala = %{version}-%{release}
%description devel
libosinfo is a library that allows virtualization provisioning tools to
@ -51,47 +49,27 @@ combination.
Libraries, includes, etc. to compile with the libosinfo library
%package vala
Summary: Vala bindings
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
%description vala
libosinfo is a library that allows virtualization provisioning tools to
determine the optimal device settings for a hypervisor/operating system
combination.
This package provides the Vala bindings for libosinfo library.
%prep
%autosetup -S git
%build
autoreconf -vi
%configure --enable-introspection=yes --enable-vala=yes
%__make %{?_smp_mflags} V=1
chmod a-x examples/*.js examples/*.py
%meson \
-Denable-gtk-doc=true \
-Denable-tests=true \
-Denable-introspection=enabled \
-Denable-vala=enabled
%install
rm -fr %{buildroot}
%__make install DESTDIR=%{buildroot}
rm -f %{buildroot}%{_libdir}/*.a
rm -f %{buildroot}%{_libdir}/*.la
%meson_install
%find_lang %{name}
%check
if ! make check
then
cat tests/test-suite.log || true
exit 1
fi
%meson_test
%ldconfig_scriptlets
%files -f %{name}.lang
%defattr(-, root, root)
%doc AUTHORS ChangeLog COPYING.LIB NEWS README
%{_bindir}/osinfo-detect
%{_bindir}/osinfo-query
@ -103,9 +81,6 @@ fi
%{_libdir}/girepository-1.0/Libosinfo-1.0.typelib
%files devel
%defattr(-, root, root)
%doc examples/demo.js
%doc examples/demo.py
%{_libdir}/%{name}-1.0.so
%dir %{_includedir}/%{name}-1.0/
%dir %{_includedir}/%{name}-1.0/osinfo/
@ -114,11 +89,17 @@ fi
%{_datadir}/gir-1.0/Libosinfo-1.0.gir
%{_datadir}/gtk-doc/html/Libosinfo
%files vala
%defattr(-, root, root)
%dir %{_datadir}/vala
%dir %{_datadir}/vala/vapi
%{_datadir}/vala/vapi/libosinfo-1.0.deps
%{_datadir}/vala/vapi/libosinfo-1.0.vapi
%changelog
* Sun May 31 2020 Fabiano Fidêncio <fidencio@redhat.com> - 1.8.0-1
- Resolves: rhbz#1815158 - Rebase to libosinfo the latest upstream release
- Resolves: rhbz#1754394 - Provide information about UEFI support for guests (libosinfo)
- Resolves: rhbz#1032520 - WHQL'ed drivers should be made available for Boxes/libosinfo users
* Wed Jul 10 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.5.0-3
- Resolves: rhbz#1727843 - CVE-2019-13313 libosinfo: osinfo-install-script
option leaks password via command line argument