pool/libosinfo
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Update to version 1.6.0

Browse Source 
Changes in this release include:
  * Add API to get the kernel URL argument for an OsinfoOs
  * Improve detection of PPC ISOs
  * Add API to create an OsinfoMedia from location using OsinfoMediaDetectFlags
  * Add API to get whether a media is bootable or not
  * Add OsinfoTree treeinfo properties
  * Add API to identify an OsinfoTree
  * Deprecate API to guess an OsinfoOs from OsinfoTree
  * Add --config-file to osinfo-install-script tool
  * Deprecate --config usage for user & admin passwords on osinfo-install-script tool
  * Add API to generate an install-script and its command-line for OsinfoTree
  * Use libsoup for "http://" & "https://" requests for creating both OsinfoMedia & OsinfoTree
  * Drop GVFS dependency
  * Add OsinfoOs property to OsinfoTree
- Drop
  CVE-2019-13313-add-new-option-so-users-can-set-config-from-file.patch
  CVE-2019-13313-pass-username-password-via-config-file.patch

OBS-URL: https://build.opensuse.org/package/show/hardware/libosinfo?expand=0&rev=77
This commit is contained in:
Charles Arnold 2019-07-26 20:16:26 +00:00 committed by Git OBS Bridge
parent 319e219000
commit 8749a0555f
6 changed files with 27 additions and 203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

156
CVE-2019-13313-add-new-option-so-users-can-set-config-from-file.patch
View File

@ -1,156 +0,0 @@
Let's add a new option so users can set their config from a file,
instead of directly passing the values via command-line.
Signed-off-by: Fabiano Fidêncio <fidencio redhat com>
---
tools/osinfo-install-script.c | 100 +++++++++++++++++++++++++++++++++-
1 file changed, 97 insertions(+), 3 deletions(-)
diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
index 15af48d..efa96ee 100644
--- a/tools/osinfo-install-script.c
+++ b/tools/osinfo-install-script.c
@@ -37,6 +37,34 @@ static gboolean list_profile = FALSE;
static gboolean list_inj_method = FALSE;
static gboolean quiet = FALSE;
+static const gchar *configs[] = {
+ OSINFO_INSTALL_CONFIG_PROP_HARDWARE_ARCH,
+ OSINFO_INSTALL_CONFIG_PROP_L10N_TIMEZONE,
+ OSINFO_INSTALL_CONFIG_PROP_L10N_LANGUAGE,
+ OSINFO_INSTALL_CONFIG_PROP_L10N_KEYBOARD,
+ OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD,
+ OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD,
+ OSINFO_INSTALL_CONFIG_PROP_USER_LOGIN,
+ OSINFO_INSTALL_CONFIG_PROP_USER_REALNAME,
+ OSINFO_INSTALL_CONFIG_PROP_USER_AUTOLOGIN,
+ OSINFO_INSTALL_CONFIG_PROP_USER_ADMIN,
+ OSINFO_INSTALL_CONFIG_PROP_REG_LOGIN,
+ OSINFO_INSTALL_CONFIG_PROP_REG_PASSWORD,
+ OSINFO_INSTALL_CONFIG_PROP_REG_PRODUCTKEY,
+ OSINFO_INSTALL_CONFIG_PROP_HOSTNAME,
+ OSINFO_INSTALL_CONFIG_PROP_TARGET_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_SCRIPT_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_AVATAR_LOCATION,
+ OSINFO_INSTALL_CONFIG_PROP_AVATAR_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_LOCATION,
+ OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION,
+ OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
+ OSINFO_INSTALL_CONFIG_PROP_INSTALLATION_URL,
+ NULL
+};
+
static OsinfoInstallConfig *config;
static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
@@ -65,6 +93,47 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
}
+static gboolean handle_config_file(const gchar *option_name G_GNUC_UNUSED,
+ const gchar *value,
+ gpointer data G_GNUC_UNUSED,
+ GError **error)
+{
+ GKeyFile *key_file = NULL;
+ gchar *val = NULL;
+ gsize i;
+ gboolean ret = FALSE;
+
+ key_file = g_key_file_new();
+ if (!g_key_file_load_from_file(key_file, value, G_KEY_FILE_NONE, error))
+ goto error;
+
+ for (i = 0; configs[i] != NULL; i++) {
+ val = g_key_file_get_string(key_file, "install-script", configs[i], error);
+ if (val == NULL) {
+ if (g_error_matches(*error, G_KEY_FILE_ERROR,
+ G_KEY_FILE_ERROR_KEY_NOT_FOUND)) {
+ g_clear_error(error);
+ continue;
+ }
+
+ goto error;
+ }
+
+ osinfo_entity_set_param(OSINFO_ENTITY(config),
+ configs[i],
+ val);
+ g_free(val);
+ }
+
+ ret = TRUE;
+
+error:
+ g_key_file_unref(key_file);
+
+ return ret;
+}
+
+
static GOptionEntry entries[] =
{
{ "profile", 'p', 0, G_OPTION_ARG_STRING, (void*)&profile,
@@ -78,6 +147,9 @@ static GOptionEntry entries[] =
{ "config", 'c', 0, G_OPTION_ARG_CALLBACK,
handle_config,
N_("Set configuration parameter"), "key=value" },
+ { "config-file", 'f', 0, G_OPTION_ARG_CALLBACK,
+ handle_config_file,
+ N_("Set configuration parameters"), "file:///path/to/config/file" },
{ "list-config", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_config,
N_("List configuration parameters"), NULL },
{ "list-profiles", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_profile,
@@ -448,6 +520,10 @@ script. Defaults to C<media>, but can also be C<network>.
Set the configuration parameter C<key> to C<value>.
+=item B<--config-file=config-file>
+
+Set the configurations parameters according to the config-file passed.
+
=back
=head1 CONFIGURATION KEYS
@@ -510,18 +586,36 @@ The software registration user password
=back
+=head1 CONFIGURATION FILE FORMAT
+
+The configuration file must consist in a file which contains a
+`install-script` group and, under this group, C<key>=C<value>
+pairs, as shown below:
+
+[install-script]
+l10n-timezone=GMT
+l10n-keyboard=uk
+l10n-language=en_GB
+admin-password=123456
+user-login=berrange
+user-password=123456
+user-realname="Daniel P Berrange"
+
=head1 EXAMPLE USAGE
-The following usage generates a Fedora 16 kickstart script
+The following usages generates a Fedora 16 kickstart script
+
+ # osinfo-install-script \
+ --profile jeos \
+ --config-file /path/to/the/config/file \
+ fedora16
# osinfo-install-script \
--profile jeos \
--config l10n-timezone=GMT \
--config l10n-keyboard=uk \
--config l10n-language=en_GB \
- --config admin-password=123456 \
--config user-login=berrange \
- --config user-password=123456 \
--config user-realname="Daniel P Berrange" \
fedora16

38
CVE-2019-13313-pass-username-password-via-config-file.patch
View File

@ -1,38 +0,0 @@
As passing user & admin password via command line is a low impact CVE,
let's error out when it's done and advertise the users to use
--config-file instead.
Signed-off-by: Fabiano Fidêncio <fidencio redhat com>
---
tools/osinfo-install-script.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
index efa96ee..3da4a69 100644
--- a/tools/osinfo-install-script.c
+++ b/tools/osinfo-install-script.c
@@ -85,6 +85,15 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
val++;
key = g_strndup(value, len);
+ if (g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD) ||
+ g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD)) {
+ g_set_error(error, OSINFO_ERROR, 0,
+ _("When setting user or admin password, use "
+ "--config-file instead.\n"));
+ g_free(key);
+ return FALSE;
+ }
+
osinfo_entity_set_param(OSINFO_ENTITY(config),
key,
val);
@@ -520,6 +529,8 @@ script. Defaults to C<media>, but can also be C<network>.
Set the configuration parameter C<key> to C<value>.
+Note: this option has been deprecated, use B<--config-file=> instead.
+
=item B<--config-file=config-file>
Set the configurations parameters according to the config-file passed.

3
libosinfo-1.5.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bf692567983478c92bde78d454c18d6196abb032b5a77f430b09a7ef92ec6089
size 998751

3
libosinfo-1.6.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3c385c1cceb46301fdc79115e7b28e3df7aa26fafce0a787a60132a86a1990c7
size 1024787

22
libosinfo.changes
View File

@ -1,3 +1,25 @@
-------------------------------------------------------------------
Fri Jul 26 14:13:05 MDT 2019 - carnold@suse.com
- Update to version 1.6.0
Changes in this release include:
* Add API to get the kernel URL argument for an OsinfoOs
* Improve detection of PPC ISOs
* Add API to create an OsinfoMedia from location using OsinfoMediaDetectFlags
* Add API to get whether a media is bootable or not
* Add OsinfoTree treeinfo properties
* Add API to identify an OsinfoTree
* Deprecate API to guess an OsinfoOs from OsinfoTree
* Add --config-file to osinfo-install-script tool
* Deprecate --config usage for user & admin passwords on osinfo-install-script tool
* Add API to generate an install-script and its command-line for OsinfoTree
* Use libsoup for "http://" & "https://" requests for creating both OsinfoMedia & OsinfoTree
* Drop GVFS dependency
* Add OsinfoOs property to OsinfoTree
- Drop
CVE-2019-13313-add-new-option-so-users-can-set-config-from-file.patch
CVE-2019-13313-pass-username-password-via-config-file.patch
-------------------------------------------------------------------
Mon Jul 8 13:12:39 MDT 2019 - carnold@suse.com

8
libosinfo.spec
View File

@ -13,14 +13,14 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define with_lang 1
Name: libosinfo
Version: 1.5.0
Version: 1.6.0
Release: 0
Summary: Operating system and hypervisor information management library
License: LGPL-2.1-or-later AND GPL-2.0-or-later
@ -28,8 +28,6 @@ Group: Development/Libraries/C and C++
Url: https://releases.pagure.org/libosinfo/
Source0: https://releases.pagure.org/libosinfo/%{name}-%{version}.tar.gz
Source1: ids.tar.bz2
Patch1: CVE-2019-13313-add-new-option-so-users-can-set-config-from-file.patch
Patch2: CVE-2019-13313-pass-username-password-via-config-file.patch
BuildRequires: libcurl-devel
BuildRequires: vala
BuildRequires: pkgconfig(check)
@ -87,8 +85,6 @@ as well as Vala bindings for the libosinfo library.
%endif
%prep
%setup -q -a 1
%patch1 -p1
%patch2 -p1
%build
%configure \