Compare commits
No commits in common. "c9" and "c8" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/libosinfo-1.10.0.tar.xz
|
||||
SOURCES/libosinfo-1.9.0.tar.xz
|
||||
|
@ -1 +1 @@
|
||||
b57c594b7f45a33575070df86862df78be2c4efb SOURCES/libosinfo-1.10.0.tar.xz
|
||||
1f928e1412ac29e044e6b02254c9d2b2bf969c31 SOURCES/libosinfo-1.9.0.tar.xz
|
||||
|
45
SOURCES/0001-loader-add-check-for-unknown-file-type.patch
Normal file
45
SOURCES/0001-loader-add-check-for-unknown-file-type.patch
Normal file
@ -0,0 +1,45 @@
|
||||
From d3b1587f7b77b630bae8ab3f4760eda69bd7fe66 Mon Sep 17 00:00:00 2001
|
||||
From: Victor Toso <victortoso@redhat.com>
|
||||
Date: Fri, 26 Nov 2021 17:36:09 +0100
|
||||
Subject: [PATCH] loader: add check for unknown file type
|
||||
|
||||
So we can provide a meaningful error message in case the provided path
|
||||
is not accessible to running process.
|
||||
|
||||
e.g: running HOME=/root osinfo-query os we would get
|
||||
`Error loading OS data: Unexpected file type`
|
||||
and now we get
|
||||
`Error loading OS data: Can't read path /root/.config/osinfo`
|
||||
|
||||
This error was first hit with v2v [0] that was leaking $USER and $HOME
|
||||
of root user when osinfo-query as vsdm user with `sudo -c vdsm`. The
|
||||
example above is a simple way to show lack of permision of
|
||||
osinfo-query to read the root's $HOME.
|
||||
|
||||
[0] https://bugzilla.redhat.com/show_bug.cgi?id=1901423
|
||||
|
||||
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1902720
|
||||
Signed-off-by: Victor Toso <victortoso@redhat.com>
|
||||
---
|
||||
osinfo/osinfo_loader.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/osinfo/osinfo_loader.c b/osinfo/osinfo_loader.c
|
||||
index 3f04fa5..96ca6ee 100644
|
||||
--- a/osinfo/osinfo_loader.c
|
||||
+++ b/osinfo/osinfo_loader.c
|
||||
@@ -2374,6 +2374,11 @@ static void osinfo_loader_find_files(OsinfoLoader *loader,
|
||||
}
|
||||
g_object_unref(ents);
|
||||
g_list_free(children);
|
||||
+ } else if (type == G_FILE_TYPE_UNKNOWN) {
|
||||
+ g_autofree gchar *path = g_file_get_path(file);
|
||||
+ g_autofree gchar *msg = g_strdup_printf("Can't read path %s", path);
|
||||
+ OSINFO_LOADER_SET_ERROR(&error, msg);
|
||||
+ g_propagate_error(err, error);
|
||||
} else {
|
||||
OSINFO_LOADER_SET_ERROR(&error, "Unexpected file type");
|
||||
g_propagate_error(err, error);
|
||||
--
|
||||
2.33.1
|
||||
|
@ -0,0 +1,220 @@
|
||||
From e5bdc6759195dbcfc4e7dcb02bf59190a3debe06 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 9 Feb 2022 13:14:54 +0100
|
||||
Subject: [PATCH] loader: work around lstat()/EACCES regression in
|
||||
_g_local_file_info_get()
|
||||
|
||||
In glib commit 71e7b5800a31 ("Handle MLS selinux policy better",
|
||||
2010-07-08), which was made for
|
||||
<https://bugzilla.gnome.org/show_bug.cgi?id=623692>, an lstat() failure
|
||||
with error code EACCES was *masked* in function _g_local_file_info_get().
|
||||
|
||||
Consequently, if osinfo_loader_find_files() calls g_file_query_info() on a
|
||||
file that is inaccessible due to (e.g.) a missing "x" (search) permission
|
||||
on a leading directory, then g_file_query_info() succeeds, our
|
||||
"skipMissing" branch is dead, g_file_info_get_attribute_uint32() is
|
||||
reached, and it returns G_FILE_TYPE_UNKNOWN.
|
||||
|
||||
As a consequence, the outer osinfo_loader_process_default_path() function
|
||||
can fail, even though it passes skipMissing=TRUE to
|
||||
osinfo_loader_process_list(). Example:
|
||||
|
||||
> $ HOME=/root \
|
||||
> OSINFO_SYSTEM_DIR=/usr/share/osinfo \
|
||||
> build/tools/osinfo-query os
|
||||
> Error loading OS data: Can't read path /root/.config/osinfo
|
||||
|
||||
Arguably, this situation should be handled by simply skipping the
|
||||
inaccessible path, as if all leading directories could be searched, and
|
||||
only the last pathname compontent (the filename entry) didn't exist in its
|
||||
direct parent directory.
|
||||
|
||||
The glib regression was reported in 2017:
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=777187
|
||||
|
||||
and then migrated to gitlab:
|
||||
|
||||
https://gitlab.gnome.org/GNOME/glib/-/issues/1237
|
||||
|
||||
but it's still not solved today.
|
||||
|
||||
Work around the issue by honoring "skipMissing" on the G_FILE_TYPE_UNKNOWN
|
||||
branch. Demonstration:
|
||||
|
||||
> $ HOME=/root \
|
||||
> OSINFO_SYSTEM_DIR=/usr/share/osinfo \
|
||||
> build/tools/osinfo-query os
|
||||
>
|
||||
> ** (osinfo-query:9924): WARNING **: 13:23:12.776: Can't read path /root/.config/osinfo
|
||||
> Short ID | Name | Version | ID
|
||||
> ----------------+------------------+---------+----------------------------------------
|
||||
> alpinelinux3.5 | Alpine Linux 3.5 | 3.5 | http://alpinelinux.org/alpinelinux/3.5
|
||||
> ...
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2051559
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
osinfo/osinfo_loader.c | 15 ++++++
|
||||
tests/test-loader.c | 105 +++++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 120 insertions(+)
|
||||
|
||||
diff --git a/osinfo/osinfo_loader.c b/osinfo/osinfo_loader.c
|
||||
index 96ca6ee..e244b3f 100644
|
||||
--- a/osinfo/osinfo_loader.c
|
||||
+++ b/osinfo/osinfo_loader.c
|
||||
@@ -2377,6 +2377,21 @@ static void osinfo_loader_find_files(OsinfoLoader *loader,
|
||||
} else if (type == G_FILE_TYPE_UNKNOWN) {
|
||||
g_autofree gchar *path = g_file_get_path(file);
|
||||
g_autofree gchar *msg = g_strdup_printf("Can't read path %s", path);
|
||||
+ if (skipMissing) {
|
||||
+ /* This is a work-around for
|
||||
+ * <https://gitlab.gnome.org/GNOME/glib/-/issues/1237>. If the
|
||||
+ * lstat() call underlying our g_file_query_info() call at the top
|
||||
+ * of this function fails for "path" with EACCES, then
|
||||
+ * g_file_query_info() should fail, and the "skipMissing" branch up
|
||||
+ * there should suppress the error and return cleanly.
|
||||
+ * Unfortunately, _g_local_file_info_get() masks the lstat()
|
||||
+ * failure, g_file_info_get_attribute_uint32() is reached above,
|
||||
+ * and returns G_FILE_TYPE_UNKNOWN for the file that could never be
|
||||
+ * accessed. So we need to consider "skipMissing" here too.
|
||||
+ */
|
||||
+ g_warning("%s", msg);
|
||||
+ return;
|
||||
+ }
|
||||
OSINFO_LOADER_SET_ERROR(&error, msg);
|
||||
g_propagate_error(err, error);
|
||||
} else {
|
||||
diff --git a/tests/test-loader.c b/tests/test-loader.c
|
||||
index 6644943..bb86585 100644
|
||||
--- a/tests/test-loader.c
|
||||
+++ b/tests/test-loader.c
|
||||
@@ -16,6 +16,8 @@
|
||||
*/
|
||||
|
||||
#include <osinfo/osinfo.h>
|
||||
+#include <glib/gstdio.h>
|
||||
+#include <unistd.h>
|
||||
|
||||
static void
|
||||
test_basic(void)
|
||||
@@ -31,6 +33,101 @@ test_basic(void)
|
||||
g_object_unref(loader);
|
||||
}
|
||||
|
||||
+typedef struct {
|
||||
+ gchar *tmp_parent;
|
||||
+ gchar *tmp_child;
|
||||
+ gchar *orig_userdir;
|
||||
+ gchar *expected_warning;
|
||||
+} TestEaccesFixture;
|
||||
+
|
||||
+static void
|
||||
+eacces_fixture_setup(TestEaccesFixture *fixture, gconstpointer user_data)
|
||||
+{
|
||||
+ gpointer rp;
|
||||
+ gint ri;
|
||||
+ gboolean rb;
|
||||
+
|
||||
+ /* create a temporary directory with permissions 0700 */
|
||||
+ fixture->tmp_parent = g_strdup_printf("%s/%s", g_get_tmp_dir(),
|
||||
+ "test_eacces.XXXXXX");
|
||||
+ rp = g_mkdtemp_full(fixture->tmp_parent, 0700);
|
||||
+ g_assert_nonnull(rp);
|
||||
+
|
||||
+ /* create a child directory called "osinfo" in it, with permissions 0700 */
|
||||
+ fixture->tmp_child = g_strdup_printf("%s/osinfo", fixture->tmp_parent);
|
||||
+ ri = g_mkdir(fixture->tmp_child, 0700);
|
||||
+ g_assert_cmpint(ri, ==, 0);
|
||||
+
|
||||
+ /* revoke the search permission (0100) from the parent */
|
||||
+ ri = g_chmod(fixture->tmp_parent, 0600);
|
||||
+ g_assert_cmpint(ri, ==, 0);
|
||||
+
|
||||
+ /* stash the current value of OSINFO_USER_DIR */
|
||||
+ fixture->orig_userdir = g_strdup(g_getenv("OSINFO_USER_DIR"));
|
||||
+
|
||||
+ /* point osinfo_loader_get_user_path() inside
|
||||
+ * osinfo_loader_process_default_path() to the child directory
|
||||
+ */
|
||||
+ rb = g_setenv("OSINFO_USER_DIR", fixture->tmp_child, TRUE);
|
||||
+ g_assert_true(rb);
|
||||
+
|
||||
+ /* format the pattern for the warning expected later on */
|
||||
+ fixture->expected_warning = g_strdup_printf("Can't read path %s",
|
||||
+ fixture->tmp_child);
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+eacces_fixture_teardown(TestEaccesFixture *fixture, gconstpointer user_data)
|
||||
+{
|
||||
+ gboolean rb;
|
||||
+ gint ri;
|
||||
+
|
||||
+ /* free the expected warning pattern */
|
||||
+ g_free(fixture->expected_warning);
|
||||
+
|
||||
+ /* restore the OSINFO_USER_DIR variable */
|
||||
+ if (fixture->orig_userdir) {
|
||||
+ rb = g_setenv("OSINFO_USER_DIR", fixture->orig_userdir, TRUE);
|
||||
+ g_assert_true(rb);
|
||||
+ g_free(fixture->orig_userdir);
|
||||
+ } else {
|
||||
+ g_unsetenv("OSINFO_USER_DIR");
|
||||
+ }
|
||||
+
|
||||
+ /* restore search permission on the parent */
|
||||
+ ri = g_chmod(fixture->tmp_parent, 0700);
|
||||
+ g_assert_cmpint(ri, ==, 0);
|
||||
+
|
||||
+ /* remove both directories */
|
||||
+ ri = g_rmdir(fixture->tmp_child);
|
||||
+ g_assert_cmpint(ri, ==, 0);
|
||||
+ g_free(fixture->tmp_child);
|
||||
+
|
||||
+ ri = g_rmdir(fixture->tmp_parent);
|
||||
+ g_assert_cmpint(ri, ==, 0);
|
||||
+ g_free(fixture->tmp_parent);
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+test_eacces(TestEaccesFixture *fixture, gconstpointer user_data)
|
||||
+{
|
||||
+ OsinfoLoader *loader = osinfo_loader_new();
|
||||
+ GError *error = NULL;
|
||||
+
|
||||
+ g_assert_true(OSINFO_IS_LOADER(loader));
|
||||
+
|
||||
+ /* this should trigger an EACCES in glib's lstat(), but not break db
|
||||
+ * loading; also we expect the warning here
|
||||
+ */
|
||||
+ g_test_expect_message(G_LOG_DOMAIN, G_LOG_LEVEL_WARNING,
|
||||
+ fixture->expected_warning);
|
||||
+ osinfo_loader_process_default_path(loader, &error);
|
||||
+ g_assert_no_error(error);
|
||||
+ g_test_assert_expected_messages();
|
||||
+
|
||||
+ g_object_unref(loader);
|
||||
+}
|
||||
+
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
@@ -38,6 +135,14 @@ main(int argc, char *argv[])
|
||||
|
||||
g_test_add_func("/loader/basic", test_basic);
|
||||
|
||||
+ /* the following test depends on a directory with file mode bits 0600 being
|
||||
+ * unsearchable for the owner, so skip it if the test is running as root
|
||||
+ */
|
||||
+ if (geteuid() != 0) {
|
||||
+ g_test_add("/loader/eacces", TestEaccesFixture, NULL,
|
||||
+ eacces_fixture_setup, test_eacces, eacces_fixture_teardown);
|
||||
+ }
|
||||
+
|
||||
/* Upfront so we don't confuse valgrind */
|
||||
osinfo_entity_get_type();
|
||||
osinfo_db_get_type();
|
||||
--
|
||||
2.34.1
|
||||
|
@ -2,13 +2,15 @@
|
||||
|
||||
Summary: A library for managing OS information for virtualization
|
||||
Name: libosinfo
|
||||
Version: 1.10.0
|
||||
Release: 1%{?dist}
|
||||
Version: 1.9.0
|
||||
Release: 3%{?dist}
|
||||
License: LGPLv2+
|
||||
Source: https://releases.pagure.io/%{name}/%{name}-%{version}.tar.xz
|
||||
URL: https://libosinfo.org/
|
||||
|
||||
### Patches ###
|
||||
Patch0001: 0001-loader-add-check-for-unknown-file-type.patch
|
||||
Patch0002: 0002-loader-work-around-lstat-EACCES-regression-in-_g_loc.patch
|
||||
|
||||
BuildRequires: meson
|
||||
BuildRequires: gcc
|
||||
@ -96,102 +98,43 @@ Libraries, includes, etc. to compile with the libosinfo library
|
||||
%{_datadir}/vala/vapi/libosinfo-1.0.vapi
|
||||
|
||||
%changelog
|
||||
* Wed Nov 30 2022 Victor Toso <victortoso@redhat.com> - 1.10.0-1
|
||||
- Update to 1.10.0 release
|
||||
* Fri Feb 11 2022 Victor Toso <victortoso@redhat.com> - 1.9.0-3
|
||||
- Resolves: rhbz#2053272
|
||||
|
||||
* Fri Feb 11 2022 Victor Toso <victortoso@redhat.com> - 1.9.0-5
|
||||
- Warn on EACCES error when skipMissing is set
|
||||
Resolves: rhbz#2051559
|
||||
* Thu Dec 16 2021 Victor Toso <victortoso@redhat.com> - 1.9.0-2
|
||||
- Resolves: rhbz#1902720
|
||||
|
||||
* Wed Dec 01 2021 Victor Toso <victortoso@redhat.com> - 1.9.0-4
|
||||
- Improve error message on failure to access database due permission
|
||||
Related: rhbz#1942431
|
||||
* Thu Feb 04 2021 Danilo C. L. de Paula <ddepaula@redhat.com> - 1.9.0-1
|
||||
- Resolves: rhbz#1903299 - Rebase to latest Fedora
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.0-3
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.0-2
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Tue Feb 02 2021 Fabiano Fidêncio <fidencio@redhat.com> - 1.9.0-1
|
||||
- Update to 1.9.0 release
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-5
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Sat May 30 2020 Fabiano Fidêncio <fidencio@redhat.com> - 1.8.0-1
|
||||
- Update to 1.8.0 release
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Mon Jan 13 2020 Fabiano Fidêncio <fidencio@redhat.com> - 1.7.1-2
|
||||
- Fix OsinfoList ABI breakage
|
||||
|
||||
* Wed Dec 04 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.7.1-1
|
||||
- Update to 1.7.1 release
|
||||
|
||||
* Fri Nov 29 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.7.0-1
|
||||
- Update to 1.7.0 release
|
||||
|
||||
* Fri Nov 08 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.6.0-2
|
||||
- Improve ISO detection mechanism
|
||||
|
||||
* Fri Jul 26 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.6.0-1
|
||||
- Update to 1.6.0 release
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.0-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
* Sun May 31 2020 Fabiano Fidêncio <fidencio@redhat.com> - 1.8.0-1
|
||||
- Resolves: rhbz#1815158 - Rebase to libosinfo the latest upstream release
|
||||
- Resolves: rhbz#1754394 - Provide information about UEFI support for guests (libosinfo)
|
||||
- Resolves: rhbz#1032520 - WHQL'ed drivers should be made available for Boxes/libosinfo users
|
||||
|
||||
* Wed Jul 10 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.5.0-3
|
||||
- rhbz#1727767 - CVE-2019-13313 libosinfo: osinfo-install-script
|
||||
- Resolves: rhbz#1727843 - CVE-2019-13313 libosinfo: osinfo-install-script
|
||||
option leaks password via command line argument
|
||||
|
||||
* Mon Jun 03 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.5.0-2
|
||||
- Fix coverity issues
|
||||
* Wed May 22 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.5.0-2
|
||||
- Resolves: rhbz#1712425 - New defects found in libosinfo-1.5.0-1.el8
|
||||
|
||||
* Thu May 09 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.5.0-1
|
||||
* Fri May 10 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.5.0-1
|
||||
- Update to 1.5.0 release
|
||||
- Resolves: rhbz#1699988 - Rebase to the latest upstream release
|
||||
|
||||
* Thu Apr 11 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.4.0-3
|
||||
- rhbz#1698845: Require GVFS
|
||||
* Fri Nov 30 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.2.0-5
|
||||
- Related: rhbz#1650197 - Fix volume-ids for rhel8.0 entry
|
||||
|
||||
* Wed Apr 10 2019 Fabiano Fidêncio <fidencio@redhat.com> - 1.4.0-2
|
||||
- Fix usage of application ID
|
||||
- Fix images' load
|
||||
- Remove tests depending on osinfo-db
|
||||
* Wed Nov 14 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.2.0-4
|
||||
- Resolves: rhbz#1649632 - libosinfo test suite should collect+report all
|
||||
failures, not exit on first error
|
||||
|
||||
* Fri Mar 01 2019 Fabiano Fidêncio <fidencio@redhat.com> 1.4.0-1
|
||||
- Update to 1.4.0 release
|
||||
* Mon Oct 08 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.2.0-3
|
||||
- Related: rhbz#1628027 - Revert ca945cdf04f
|
||||
|
||||
* Mon Feb 04 2019 Kalev Lember <klember@redhat.com> - 1.3.0-3
|
||||
- Use standard vala packaging pattern where vapi files are in -devel
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Wed Jan 30 2019 Daniel P. Berrangé <berrange@redhat.com> - 1.3.0-1
|
||||
- Update to 1.3.0 release
|
||||
|
||||
* Thu Oct 11 2018 Fabiano Fidêncio <fabiano@fidencio.org> - 1.2.0-5
|
||||
- Do not force anchored patterns on libosinfo, leave it for osinfo-db
|
||||
|
||||
* Thu Sep 20 2018 Fabiano Fidêncio <fabiano@fidencio.org> - 1.2.0-4
|
||||
- Require osinfo-db >= 20180920-1
|
||||
|
||||
* Thu Sep 20 2018 Fabiano Fidêncio <fabiano@fidencio.org> - 1.2.0-3
|
||||
- Force anchored patterns when matching regex
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
* Fri Sep 21 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.2.0-2
|
||||
- Resolves: rhbz#1628027 - Force anchored patterns when matching regex
|
||||
|
||||
* Wed Jun 20 2018 Daniel P. Berrangé <berrange@redhat.com> - 1.2.0-1
|
||||
- Update to 1.2.0 release
|
||||
|
Loading…
Reference in New Issue
Block a user