!1 init repo

Merge pull request !1 from openeuler-basic/dev

0001-db-Force-anchored-patterns-when-matching-regex.patch

@@ -0,0 +1,34 @@
+From e6168463f4fc659b9827b5c8694dc1c6d7d5239a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Fri, 7 Sep 2018 15:53:20 +0200
+Subject: [PATCH] db: Force anchored patterns when matching regex
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Without forcing anchored patterns some matches may be completely wrong
+as "(J_)?CENN?A_X64FREV" (volume-id for Windows 10) that could be taken
+as a match for "HRM_CENNA_X64FREV" (volume-id of a Windows 8 ISO).
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+Reviewed-by: Cole Robinson <crobinso@redhat.com>
+---
+ osinfo/osinfo_db.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/osinfo/osinfo_db.c b/osinfo/osinfo_db.c
+index fa14c6d..f4b3a8c 100644
+--- a/osinfo/osinfo_db.c
++++ b/osinfo/osinfo_db.c
+@@ -37,7 +37,7 @@ G_DEFINE_TYPE(OsinfoDb, osinfo_db, G_TYPE_OBJECT);
+ #define match_regex(pattern, str)                                       \
+     (((pattern) == NULL) ||                                             \
+      (((str) != NULL) &&                                                \
+-      g_regex_match_simple((pattern), (str), 0, 0)))
++      g_regex_match_simple((pattern), (str), 0, G_REGEX_MATCH_ANCHORED)))
+ 
+ static gchar *get_raw_lang(const char *volume_id, const gchar *regex_str)
+ {
+-- 
+1.8.3.1
+

CVE-2019-13313-1.patch

@@ -0,0 +1,170 @@
+From 08fb8316b4ac42fe74c1fa5ca0ac593222cdf81a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Wed, 3 Jul 2019 14:55:24 +0200
+Subject: [PATCH 1/2] tools,install-script: Add --config-file (-f) option
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Let's add a new option so users can set their config from a file,
+instead of directly passing the values via command-line.
+
+CVE-2019-13313
+Libosinfo: osinfo-install-script option leaks password via command line
+argument. 'osinfo-install-script' is used to generate a script for
+automated guest installations. It accepts user and admin passwords via
+command line arguments, thus leaking them via process listing.
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ tools/osinfo-install-script.c | 103 +++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 102 insertions(+), 1 deletion(-)
+
+diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
+index 15af48d..af58440 100644
+--- a/tools/osinfo-install-script.c
++++ b/tools/osinfo-install-script.c
+@@ -37,6 +37,34 @@ static gboolean list_profile = FALSE;
+ static gboolean list_inj_method = FALSE;
+ static gboolean quiet = FALSE;
+ 
++static const gchar *configs[] = {
++    OSINFO_INSTALL_CONFIG_PROP_HARDWARE_ARCH,
++    OSINFO_INSTALL_CONFIG_PROP_L10N_TIMEZONE,
++    OSINFO_INSTALL_CONFIG_PROP_L10N_LANGUAGE,
++    OSINFO_INSTALL_CONFIG_PROP_L10N_KEYBOARD,
++    OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD,
++    OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD,
++    OSINFO_INSTALL_CONFIG_PROP_USER_LOGIN,
++    OSINFO_INSTALL_CONFIG_PROP_USER_REALNAME,
++    OSINFO_INSTALL_CONFIG_PROP_USER_AUTOLOGIN,
++    OSINFO_INSTALL_CONFIG_PROP_USER_ADMIN,
++    OSINFO_INSTALL_CONFIG_PROP_REG_LOGIN,
++    OSINFO_INSTALL_CONFIG_PROP_REG_PASSWORD,
++    OSINFO_INSTALL_CONFIG_PROP_REG_PRODUCTKEY,
++    OSINFO_INSTALL_CONFIG_PROP_HOSTNAME,
++    OSINFO_INSTALL_CONFIG_PROP_TARGET_DISK,
++    OSINFO_INSTALL_CONFIG_PROP_SCRIPT_DISK,
++    OSINFO_INSTALL_CONFIG_PROP_AVATAR_LOCATION,
++    OSINFO_INSTALL_CONFIG_PROP_AVATAR_DISK,
++    OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_DISK,
++    OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_LOCATION,
++    OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_DISK,
++    OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION,
++    OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
++    OSINFO_INSTALL_CONFIG_PROP_INSTALLATION_URL,
++    NULL
++};
++
+ static OsinfoInstallConfig *config;
+ 
+ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
+@@ -65,6 +93,47 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
+ }
+ 
+ 
++static gboolean handle_config_file(const gchar *option_name G_GNUC_UNUSED,
++                                   const gchar *value,
++                                   gpointer data G_GNUC_UNUSED,
++                                   GError **error)
++{
++    GKeyFile *key_file = NULL;
++    gchar *val = NULL;
++    gsize i;
++    gboolean ret = FALSE;
++
++    key_file = g_key_file_new();
++    if (!g_key_file_load_from_file(key_file, value, G_KEY_FILE_NONE, error))
++        goto error;
++
++    for (i = 0; configs[i] != NULL; i++) {
++        val = g_key_file_get_string(key_file, "install-script", configs[i], error);
++        if (val == NULL) {
++            if (g_error_matches(*error, G_KEY_FILE_ERROR,
++                                G_KEY_FILE_ERROR_KEY_NOT_FOUND)) {
++                g_clear_error(error);
++                continue;
++            }
++
++            goto error;
++        }
++
++        osinfo_entity_set_param(OSINFO_ENTITY(config),
++                                configs[i],
++                                val);
++        g_free(val);
++    }
++
++    ret = TRUE;
++
++error:
++    g_key_file_unref(key_file);
++
++    return ret;
++}
++
++
+ static GOptionEntry entries[] =
+ {
+     { "profile", 'p', 0, G_OPTION_ARG_STRING, (void*)&profile,
+@@ -78,6 +147,9 @@ static GOptionEntry entries[] =
+     { "config", 'c', 0, G_OPTION_ARG_CALLBACK,
+       handle_config,
+       N_("Set configuration parameter"), "key=value" },
++    { "config-file", 'f', 0, G_OPTION_ARG_CALLBACK,
++      handle_config_file,
++      N_("Set configuration parameters"), "file:///path/to/config/file" },
+     { "list-config", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_config,
+       N_("List configuration parameters"), NULL },
+     { "list-profiles", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_profile,
+@@ -448,6 +520,15 @@ script. Defaults to C<media>, but can also be C<network>.
+ 
+ Set the configuration parameter C<key> to C<value>.
+ 
++=item B<--config-file=config-file>
++
++Set the configurations parameters according to the config-file passed.
++
++Note that use of --config-file is strongly recommended if the user or
++admin passwords need to be set. Providing passwords directly using
++B<--config=> is insecure as the password is visible to all processes
++and users on the same host.
++
+ =back
+ 
+ =head1 CONFIGURATION KEYS
+@@ -510,9 +591,29 @@ The software registration user password
+ 
+ =back
+ 
++=head1 CONFIGURATION FILE FORMAT
++
++The configuration file must consist in a file which contains a
++`install-script` group and, under this group, C<key>=C<value>
++pairs, as shown below:
++
++[install-script]
++l10n-timezone=GMT
++l10n-keyboard=uk
++l10n-language=en_GB
++admin-password=123456
++user-login=berrange
++user-password=123456
++user-realname="Daniel P Berrange"
++
+ =head1 EXAMPLE USAGE
+ 
+-The following usage generates a Fedora 16 kickstart script
++The following usages generates a Fedora 16 kickstart script
++
++  # osinfo-install-script \
++         --profile jeos \
++         --config-file /path/to/config/file \
++         fedora16
+ 
+   # osinfo-install-script \
+          --profile jeos \
+-- 
+1.8.3.1
+

CVE-2019-13313-2.patch

@@ -0,0 +1,59 @@
+From 3654abee6ead9f11f8bb9ba8fc71efd6fa4dabbc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Wed, 3 Jul 2019 14:59:07 +0200
+Subject: [PATCH 2/2] tools,install-script: Deprecate --config
+ {user,admin}-password
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Let's deprecate user-password and admin-password options of --config and
+also warn out whenever they're passed to osinfo-install-script.
+
+CVE-2019-13313
+Libosinfo: osinfo-install-script option leaks password via command line
+argument. 'osinfo-install-script' is used to generate a script for
+automated guest installations. It accepts user and admin passwords via
+command line arguments, thus leaking them via process listing.
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ tools/osinfo-install-script.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
+index af58440..c0528e7 100644
+--- a/tools/osinfo-install-script.c
++++ b/tools/osinfo-install-script.c
+@@ -85,6 +85,12 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
+     val++;
+     key = g_strndup(value, len);
+ 
++    if (g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD) ||
++        g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD)) {
++        g_warning("When setting user or admin password, use --config-file "
++                  "instead.\n");
++    }
++
+     osinfo_entity_set_param(OSINFO_ENTITY(config),
+                             key,
+                             val);
+@@ -556,10 +562,14 @@ The local language
+ =item C<admin-password>
+ 
+ The administrator password
++This option has been deprecated, use B<--config-file>
++for setting the admin password.
+ 
+ =item C<user-password>
+ 
+ The user password
++This option has been deprecated, use B<--config-file>
++for setting the user password.
+ 
+ =item C<user-login>
+ 
+-- 
+1.8.3.1
+

bugfix-do-not-raise-error-on-unknown-osinfo-db-directory.patch

@@ -0,0 +1,44 @@
+From 3e61b6ccfc2dcb88cc155b7ca33cbe34f20a25b9 Mon Sep 17 00:00:00 2001
+From: huangkaibin <huangkaibin@huawei.com>
+Date: Fri, 20 Jul 2018 15:54:54 +0800
+Subject: [PATCH] libosinfo: Do not raise error on unknown osinfo db directory.
+
+When an osinfo directory can not be acccessed by the running user,
+g_file_query_info will return a type of G_FILE_TYPE_UNKNOWN, and
+osinfo_loader_find_files will raise an error and abort the application.
+This patch fix this problem by just ignoring this unknown osinfo directory.
+---
+ osinfo/osinfo_loader.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/osinfo/osinfo_loader.c b/osinfo/osinfo_loader.c
+index 46bc633..4c30e6c 100644
+--- a/osinfo/osinfo_loader.c
++++ b/osinfo/osinfo_loader.c
+@@ -35,6 +35,7 @@
+ #include <libxml/tree.h>
+ #include <libxml/xpath.h>
+ #include <libxml/xmlreader.h>
++#include <errno.h>
+ #include "ignore-value.h"
+ #include "osinfo_install_script_private.h"
+ #include "osinfo_device_driver_private.h"
+@@ -2061,8 +2062,14 @@
+         }
+         g_object_unref(ents);
+         g_list_free(children);
++    } else if (type == G_FILE_TYPE_UNKNOWN) {
++        g_warning("File type unknown. path: %s, errno:%d.", g_file_get_path(file), errno);
+     } else {
+-        OSINFO_ERROR(&error, "Unexpected file type");
++        char *error_msg;
++        error_msg = g_strdup_printf("Unexpected file type. type: %d, path: %s, errno:%d.",
++                type, g_file_get_path(file), errno);
++        OSINFO_ERROR(&error, error_msg);
++        free(error_msg);
+         g_propagate_error(err, error);
+     }
+ }
+-- 
+1.8.3.1
+

fix-build-error-for-CVE-2019-13313.patch

@@ -0,0 +1,24 @@
+From 1698257717d7a6be38ce81b4da2fbcd1e775dd6d Mon Sep 17 00:00:00 2001
+From: openEuler Buildteam <buildteam@openeuler.org>
+Date: Tue, 31 Dec 2019 23:34:18 +0800
+Subject: [PATCH] fix build error for CVE-2019-13313
+
+---
+ tools/osinfo-install-script.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
+index 67df0a0..c2f2bc1 100644
+--- a/tools/osinfo-install-script.c
++++ b/tools/osinfo-install-script.c
+@@ -61,7 +61,6 @@ static const gchar *configs[] = {
+     OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_DISK,
+     OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION,
+     OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
+-    OSINFO_INSTALL_CONFIG_PROP_INSTALLATION_URL,
+     NULL
+ };
+ 
+-- 
+1.8.3.1
+

libosinfo.spec

@@ -0,0 +1,136 @@
+Name: libosinfo
+Version: 1.2.0
+Release: 9
+Summary: A library for managing OS information for virtualization
+License: LGPLv2+
+URL: https://libosinfo.org/
+Source: https://releases.pagure.io/%{name}/%{name}-%{version}.tar.gz
+
+BuildRequires: hwdata gobject-introspection-devel osinfo-db
+BuildRequires: libcurl-devel intltool glib2-devel
+BuildRequires: perl-podlators vala vala-tools
+BuildRequires: libxml2-devel >= 2.6.0
+BuildRequires: libxslt-devel >= 1.0.0
+Requires: hwdata osinfo-db-tools
+Requires: osinfo-db >= 20180920-1
+
+Patch0001: 0001-db-Force-anchored-patterns-when-matching-regex.patch
+Patch6000: CVE-2019-13313-1.patch
+Patch6001: CVE-2019-13313-2.patch
+Patch6002: fix-build-error-for-CVE-2019-13313.patch
+
+Patch9000: bugfix-do-not-raise-error-on-unknown-osinfo-db-directory.patch
+
+Provides: %{name}-vala
+Obsoletes: %{name}-vala
+
+%description
+Libosinfo is designed  to provide a single place containing all the
+information about an operating system that is required in order to
+provision and manage it in a virtualized environment.
+
+%package devel
+Summary: Development package for libosinfo
+Requires: %{name} = %{version}-%{release}
+Requires: glib2-devel pkgconfig
+
+%description devel
+The development package for libosinfo.
+
+%package help
+Summary: Help files for libosinfo
+
+%description help
+The Help files for libosindo.
+
+%package lang
+Summary: Language support for libosinfo
+
+%description lang
+Language support for libosindo.
+
+%prep
+%autosetup -n %{name}-%{version} -p1
+
+%build
+%configure \
+		--enable-introspection=yes \
+		--enable-vala=yes
+%make_build V=1
+chmod a-x examples/*.js examples/*.py
+
+%install
+rm -rf %{buildroot}
+%make_install
+%find_lang %{name}
+
+%check
+if ! make check
+then
+  cat tests/test-suite.log || true
+  exit 1
+fi
+
+%ldconfig_scriptlets
+
+%files
+%{_bindir}/osinfo-detect
+%{_bindir}/osinfo-query
+%{_bindir}/osinfo-install-script
+%{_libdir}/%{name}-1.0.so.*
+%{_libdir}/girepository-1.0/Libosinfo-1.0.typelib
+%{_datadir}/vala/vapi/libosinfo-1.0.vapi
+%doc AUTHORS ChangeLog COPYING.LIB NEWS README
+%exclude %{_libdir}/*.la
+
+%files devel
+%dir %{_includedir}/%{name}-1.0/
+%dir %{_includedir}/%{name}-1.0/osinfo/
+%{_includedir}/%{name}-1.0/osinfo/*.h
+%{_libdir}/%{name}-1.0.so
+%{_libdir}/pkgconfig/%{name}-1.0.pc
+%{_datadir}/gir-1.0/Libosinfo-1.0.gir
+%{_datadir}/gtk-doc/html/Libosinfo
+%doc examples/demo.js
+%doc examples/demo.py
+
+%files help
+%{_mandir}/man1/osinfo-detect.1*
+%{_mandir}/man1/osinfo-query.1*
+%{_mandir}/man1/osinfo-install-script.1*
+
+%files lang -f %{name}.lang
+
+%changelog
+* Wed Aug 21 2019 fangyufa <fangyufa1@huawei.com> - 1.2.0-9
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: modify info of patch
+
+* Fri Aug 02 2019 liujing<liujing144@huawei.com> - 1.2.0-8
+- Type:cves
+- ID:CVE-2019-13313
+- SUG:restart
+- DESC:fix CVE-2019-13313
+
+* Wed Jul 31 2019 zhuguodong <zhuguodong7@huawei.com> - 1.2.0-7
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: openEuler Debranding
+
+* Sat Apr 6 2019 luochunsheng<luochunsheng@huawei.com> - 1.2.0-6
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:remove sensitive information
+
+* Thu Jan 24 2019 wangxiao <wangxiao65@huawei.com> - 1.2.0-5
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:sync patch
+
+* Fri Sep 6 2018 openEuler Buildteam <buildteam@openeuler.org> - 1.2.0-4
+- Package init