Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package yast2-bootloader for
openSUSE:Factory checked in at 2022-10-13 15:39:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-bootloader (Old)
and /work/SRC/openSUSE:Factory/.yast2-bootloader.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-bootloader"
Thu Oct 13 15:39:43 2022 rev:326 rq:1009299 version:4.5.7
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-bootloader/yast2-bootloader.changes
2022-09-22 14:49:46.558413548 +0200
+++
/work/SRC/openSUSE:Factory/.yast2-bootloader.new.2275/yast2-bootloader.changes
2022-10-13 15:39:47.182447182 +0200
@@ -1,0 +2,6 @@
+Wed Oct 5 21:35:19 UTC 2022 - Josef Reidinger <jreidin...@suse.com>
+
+- prevent leak of grub2 password to logs(bsc#1201962)
+- 4.5.7
+
+-------------------------------------------------------------------
Old:
----
yast2-bootloader-4.5.6.tar.bz2
New:
----
yast2-bootloader-4.5.7.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-bootloader.spec ++++++
--- /var/tmp/diff_new_pack.XNCPfx/_old 2022-10-13 15:39:51.746457380 +0200
+++ /var/tmp/diff_new_pack.XNCPfx/_new 2022-10-13 15:39:51.750457389 +0200
@@ -17,7 +17,7 @@
Name: yast2-bootloader
-Version: 4.5.6
+Version: 4.5.7
Release: 0
Summary: YaST2 - Bootloader Configuration
License: GPL-2.0-or-later
@@ -25,8 +25,8 @@
URL: https://github.com/yast/yast-bootloader
Source0: %{name}-%{version}.tar.bz2
-# yast2 with default boot_timeout
-BuildRequires: yast2 >= 4.4.43
+# ReducedRecorder
+BuildRequires: yast2 >= 4.5.16
BuildRequires: yast2-devtools >= 4.2.2
# yast/rspec/helpers.rb
BuildRequires: yast2-ruby-bindings >= 4.4.7
@@ -42,8 +42,8 @@
PreReq: /bin/sed %fillup_prereq
# Base classes for inst clients
Requires: parted
-# Replace PackageSystem with Package
-Requires: yast2 >= 4.4.43
+# ReducedRecorder
+Requires: yast2 >= 4.5.16
Requires: yast2-core >= 2.18.7
Requires: yast2-packager >= 2.17.24
Requires: yast2-pkg-bindings >= 2.17.25
++++++ yast2-bootloader-4.5.6.tar.bz2 -> yast2-bootloader-4.5.7.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.5.6/package/yast2-bootloader.changes
new/yast2-bootloader-4.5.7/package/yast2-bootloader.changes
--- old/yast2-bootloader-4.5.6/package/yast2-bootloader.changes 2022-09-22
09:38:02.000000000 +0200
+++ new/yast2-bootloader-4.5.7/package/yast2-bootloader.changes 2022-10-10
10:22:49.000000000 +0200
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Wed Oct 5 21:35:19 UTC 2022 - Josef Reidinger <jreidin...@suse.com>
+
+- prevent leak of grub2 password to logs(bsc#1201962)
+- 4.5.7
+
+-------------------------------------------------------------------
Wed Sep 21 20:42:31 UTC 2022 - Josef Reidinger <jreidin...@suse.com>
- write stage1 location on transactional systems (bsc#1128853)
@@ -9,7 +15,7 @@
- bsc#1203418
- added default proposal for hidden timeout
-- 4.5.5
+- 4.5.5
-------------------------------------------------------------------
Mon Sep 12 10:04:01 UTC 2022 - Josef Reidinger <jreidin...@suse.com>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-bootloader-4.5.6/package/yast2-bootloader.spec
new/yast2-bootloader-4.5.7/package/yast2-bootloader.spec
--- old/yast2-bootloader-4.5.6/package/yast2-bootloader.spec 2022-09-22
09:38:02.000000000 +0200
+++ new/yast2-bootloader-4.5.7/package/yast2-bootloader.spec 2022-10-10
10:22:49.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-bootloader
-Version: 4.5.6
+Version: 4.5.7
Release: 0
Summary: YaST2 - Bootloader Configuration
License: GPL-2.0-or-later
@@ -25,8 +25,8 @@
URL: https://github.com/yast/yast-bootloader
Source0: %{name}-%{version}.tar.bz2
-# yast2 with default boot_timeout
-BuildRequires: yast2 >= 4.4.43
+# ReducedRecorder
+BuildRequires: yast2 >= 4.5.16
BuildRequires: yast2-devtools >= 4.2.2
# yast/rspec/helpers.rb
BuildRequires: yast2-ruby-bindings >= 4.4.7
@@ -42,8 +42,8 @@
PreReq: /bin/sed %fillup_prereq
# Base classes for inst clients
Requires: parted
-# Replace PackageSystem with Package
-Requires: yast2 >= 4.4.43
+# ReducedRecorder
+Requires: yast2 >= 4.5.16
Requires: yast2-core >= 2.18.7
Requires: yast2-packager >= 2.17.24
Requires: yast2-pkg-bindings >= 2.17.25
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.5.6/src/lib/bootloader/grub2pwd.rb
new/yast2-bootloader-4.5.7/src/lib/bootloader/grub2pwd.rb
--- old/yast2-bootloader-4.5.6/src/lib/bootloader/grub2pwd.rb 2022-09-22
09:38:02.000000000 +0200
+++ new/yast2-bootloader-4.5.7/src/lib/bootloader/grub2pwd.rb 2022-10-10
10:22:49.000000000 +0200
@@ -2,6 +2,7 @@
require "yast"
require "shellwords"
+require "yast2/execute"
Yast.import "Stage"
@@ -132,9 +133,10 @@
def encrypt(password)
result = Yast::Execute.on_target("/usr/bin/grub2-mkpasswd-pbkdf2",
- env: { "LANG" => "C" },
- stdin: "#{password}\n#{password}\n",
- stdout: :capture)
+ env: { "LANG" => "C" },
+ stdin: "#{password}\n#{password}\n",
+ stdout: :capture,
+ recorder: Yast::ReducedRecorder.new(skip: :stdin))
pwd_line = result.split("\n").grep(/password is/).first
if !pwd_line
