0001-db-Force-anchored-patterns-when-matching-regex.patch

@@ -0,0 +1,34 @@
+From e6168463f4fc659b9827b5c8694dc1c6d7d5239a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
+Date: Fri, 7 Sep 2018 15:53:20 +0200
+Subject: [PATCH] db: Force anchored patterns when matching regex
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Without forcing anchored patterns some matches may be completely wrong
+as "(J_)?CENN?A_X64FREV" (volume-id for Windows 10) that could be taken
+as a match for "HRM_CENNA_X64FREV" (volume-id of a Windows 8 ISO).
+
+Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
+Reviewed-by: Cole Robinson <crobinso@redhat.com>
+---
+ osinfo/osinfo_db.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/osinfo/osinfo_db.c b/osinfo/osinfo_db.c
+index fa14c6d..f4b3a8c 100644
+--- a/osinfo/osinfo_db.c
++++ b/osinfo/osinfo_db.c
+@@ -37,7 +37,7 @@ G_DEFINE_TYPE(OsinfoDb, osinfo_db, G_TYPE_OBJECT);
+ #define match_regex(pattern, str)                                       \
+     (((pattern) == NULL) ||                                             \
+      (((str) != NULL) &&                                                \
+-      g_regex_match_simple((pattern), (str), 0, 0)))
++      g_regex_match_simple((pattern), (str), 0, G_REGEX_MATCH_ANCHORED)))
+ 
+ static gchar *get_raw_lang(const char *volume_id, const gchar *regex_str)
+ {
+-- 
+1.8.3.1
+

backport-add-check-for-unknown-filetype.patch

@@ -0,0 +1,45 @@
+From d3b1587f7b77b630bae8ab3f4760eda69bd7fe66 Mon Sep 17 00:00:00 2001
+From: Victor Toso <victortoso@redhat.com>
+Date: Fri, 26 Nov 2021 17:36:09 +0100
+Subject: [PATCH] loader: add check for unknown file type
+
+So we can provide a meaningful error message in case the provided path
+is not accessible to running process.
+
+e.g: running HOME=/root osinfo-query os we would get
+  `Error loading OS data: Unexpected file type`
+and now we get
+  `Error loading OS data: Can't read path /root/.config/osinfo`
+
+This error was first hit with v2v [0] that was leaking $USER and $HOME
+of root user when osinfo-query as vsdm user with `sudo -c vdsm`. The
+example above is a simple way to show lack of permision of
+osinfo-query to read the root's $HOME.
+
+[0] https://bugzilla.redhat.com/show_bug.cgi?id=1901423
+
+Related: https://bugzilla.redhat.com/show_bug.cgi?id=1902720
+Signed-off-by: Victor Toso <victortoso@redhat.com>
+---
+ osinfo/osinfo_loader.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/osinfo/osinfo_loader.c b/osinfo/osinfo_loader.c
+index 972f2a4..4403b75 100644
+--- a/osinfo/osinfo_loader.c
++++ b/osinfo/osinfo_loader.c
+@@ -2356,6 +2356,11 @@ static void osinfo_loader_find_files(OsinfoLoader *loader,
+         }
+         g_object_unref(ents);
+         g_list_free(children);
++    } else if (type == G_FILE_TYPE_UNKNOWN) {
++        g_autofree gchar *path = g_file_get_path(file);
++        g_autofree gchar *msg = g_strdup_printf("Can't read path %s", path);
++        OSINFO_LOADER_SET_ERROR(&error, msg);
++        g_propagate_error(err, error);
+     } else {
+         OSINFO_LOADER_SET_ERROR(&error, "Unexpected file type");
+         g_propagate_error(err, error);
+-- 
+2.27.0
+

fix-build-error-for-CVE-2019-13313.patch

@@ -0,0 +1,24 @@
+From 1698257717d7a6be38ce81b4da2fbcd1e775dd6d Mon Sep 17 00:00:00 2001
+From: openEuler Buildteam <buildteam@openeuler.org>
+Date: Tue, 31 Dec 2019 23:34:18 +0800
+Subject: [PATCH] fix build error for CVE-2019-13313
+
+---
+ tools/osinfo-install-script.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
+index 67df0a0..c2f2bc1 100644
+--- a/tools/osinfo-install-script.c
++++ b/tools/osinfo-install-script.c
+@@ -61,7 +61,6 @@ static const gchar *configs[] = {
+     OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_DISK,
+     OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION,
+     OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
+-    OSINFO_INSTALL_CONFIG_PROP_INSTALLATION_URL,
+     NULL
+ };
+ 
+-- 
+1.8.3.1
+

libosinfo.spec

@@ -1,12 +1,12 @@
 Name: libosinfo
-Version: 1.11.0
-Release: 4
+Version: 1.8.0
+Release: 2
 Summary: A library for managing OS information for virtualization
-License: LGPL-2.0-or-later
+License: LGPLv2+
 URL: https://libosinfo.org/
 Source: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz
 
-BuildRequires: hwdata gobject-introspection-devel osinfo-db meson cmake libsoup3-devel gtk-doc
+BuildRequires: hwdata gobject-introspection-devel osinfo-db meson cmake libsoup-devel gtk-doc
 BuildRequires: libcurl-devel intltool glib2-devel
 BuildRequires: perl-podlators vala vala-tools
 BuildRequires: libxml2-devel >= 2.6.0
@@ -14,6 +14,10 @@ BuildRequires: libxslt-devel >= 1.0.0
 Requires: hwdata osinfo-db-tools
 Requires: osinfo-db >= 20180920-1
 
+Patch0001: 0001-db-Force-anchored-patterns-when-matching-regex.patch
+Patch6002: fix-build-error-for-CVE-2019-13313.patch
+Patch6003: backport-add-check-for-unknown-filetype.patch
+
 Provides: %{name}-vala
 Obsoletes: %{name}-vala
 
@@ -47,10 +51,10 @@ Language support for libosindo.
 
 %build
 %meson \
- -Denable-gtk-doc=true \
- -Denable-tests=true \
- -Denable-introspection=enabled \
- -Denable-vala=enabled
+ -Denble-gtk-doc=true \
+ -Denble-tests=true \
+ -Denble-introspection=enabled \
+ -Denble-vala=enabled
 %meson_build
 
 %install
@@ -91,21 +95,6 @@ rm -rf %{buildroot}
 %files lang -f %{name}.lang
 
 %changelog
-* Mon Dec 18 2023 zhangkea <zhangkea@uniontech.com>  - 1.11.0-4
-- Upgrade version 1.11.0
-
-* Mon Mar 27 2023 lin zhang <lin.zhang@turbolinux.com.cn>  - 1.10.0-4
-- rebuild for libsoup3-devel (issue:I6QG8N)
-
-* Wed Aug 03 2022 liukuo <liukuo@kylinos.cn> - 1.10.0-3
-- License compliance rectification
-
-* Mon Jun 20 2022 guozhaorui <guozhaorui1@h-partners.com> - 1.10.0-2
-- fix build fail on meson-0.6
-
-* Thu May 26 2022 Chenxi Mao <chenxi.mao@suse.com> - 1.10.0-1
-- upgrade version to 1.10.0
-
 * Wed Jan 26 2022 tianwei <tianwei12@huawei.com> - 1.8.0-2
 - add check for unknown file type