Hello community, here is the log from the commit of package yast2-registration for openSUSE:Factory checked in at 2018-12-31 09:44:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-registration (Old) and /work/SRC/openSUSE:Factory/.yast2-registration.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-registration" Mon Dec 31 09:44:01 2018 rev:27 rq:658051 version:4.1.11 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-registration/yast2-registration.changes 2018-11-22 13:24:40.550053139 +0100 +++ /work/SRC/openSUSE:Factory/.yast2-registration.new.28833/yast2-registration.changes 2018-12-31 09:44:03.346331278 +0100 @@ -1,0 +2,20 @@ +Fri Dec 14 13:14:15 UTC 2018 - [email protected] + +- Hardening commands execution (part of bsc#1118291). +- Replace backticks by Yast::Execute. +- 4.1.11 + +------------------------------------------------------------------- +Fri Dec 14 09:41:49 UTC 2018 - [email protected] + +- Fixed UI display issue in the installation workflow + (not cleared screen) (bsc#1117492) +- 4.1.10 + +------------------------------------------------------------------- +Mon Nov 26 01:17:32 UTC 2018 - Noah Davis <[email protected]> + +- Provide icon with module (boo#1109310) +- 4.1.9 + +------------------------------------------------------------------- Old: ---- yast2-registration-4.1.8.tar.bz2 New: ---- yast2-registration-4.1.11.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-registration.spec ++++++ --- /var/tmp/diff_new_pack.3JLkPe/_old 2018-12-31 09:44:03.994330747 +0100 +++ /var/tmp/diff_new_pack.3JLkPe/_new 2018-12-31 09:44:03.998330744 +0100 @@ -17,7 +17,7 @@ Name: yast2-registration -Version: 4.1.8 +Version: 4.1.11 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -98,6 +98,7 @@ %{yast_libdir}/registration %{yast_libdir}/yast %{yast_libdir}/yast/suse_connect.rb +%{yast_icondir} %doc %{yast_docdir} %license COPYING ++++++ yast2-registration-4.1.8.tar.bz2 -> yast2-registration-4.1.11.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/package/yast2-registration.changes new/yast2-registration-4.1.11/package/yast2-registration.changes --- old/yast2-registration-4.1.8/package/yast2-registration.changes 2018-11-21 17:44:29.000000000 +0100 +++ new/yast2-registration-4.1.11/package/yast2-registration.changes 2018-12-14 14:25:06.000000000 +0100 @@ -1,4 +1,24 @@ ------------------------------------------------------------------- +Fri Dec 14 13:14:15 UTC 2018 - [email protected] + +- Hardening commands execution (part of bsc#1118291). +- Replace backticks by Yast::Execute. +- 4.1.11 + +------------------------------------------------------------------- +Fri Dec 14 09:41:49 UTC 2018 - [email protected] + +- Fixed UI display issue in the installation workflow + (not cleared screen) (bsc#1117492) +- 4.1.10 + +------------------------------------------------------------------- +Mon Nov 26 01:17:32 UTC 2018 - Noah Davis <[email protected]> + +- Provide icon with module (boo#1109310) +- 4.1.9 + +------------------------------------------------------------------- Wed Nov 21 16:39:02 CET 2018 - [email protected] - Do not allow redirection while checking via HTTP request if diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/package/yast2-registration.spec new/yast2-registration-4.1.11/package/yast2-registration.spec --- old/yast2-registration-4.1.8/package/yast2-registration.spec 2018-11-21 17:44:29.000000000 +0100 +++ new/yast2-registration-4.1.11/package/yast2-registration.spec 2018-12-14 14:25:06.000000000 +0100 @@ -17,7 +17,7 @@ Name: yast2-registration -Version: 4.1.8 +Version: 4.1.11 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -99,6 +99,7 @@ %{yast_libdir}/registration %{yast_libdir}/yast %{yast_libdir}/yast/suse_connect.rb +%{yast_icondir} %doc %{yast_docdir} %license COPYING diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/src/desktop/add_extensions.desktop new/yast2-registration-4.1.11/src/desktop/add_extensions.desktop --- old/yast2-registration-4.1.8/src/desktop/add_extensions.desktop 2018-11-21 17:44:29.000000000 +0100 +++ new/yast2-registration-4.1.11/src/desktop/add_extensions.desktop 2018-12-14 14:25:06.000000000 +0100 @@ -8,7 +8,7 @@ X-SuSE-YaST-Group=Software X-SuSE-YaST-Keywords=extensions,modules,software,registration,scc,package,repositories -Icon=yast-addon +Icon=yast-addon-extension Exec=/usr/bin/xdg-su -c "/sbin/yast2 scc select_extensions" Name=Add System Extensions or Modules diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/src/icons/hicolor/scalable/apps/yast-addon-extension.svg new/yast2-registration-4.1.11/src/icons/hicolor/scalable/apps/yast-addon-extension.svg --- old/yast2-registration-4.1.8/src/icons/hicolor/scalable/apps/yast-addon-extension.svg 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-registration-4.1.11/src/icons/hicolor/scalable/apps/yast-addon-extension.svg 2018-12-14 14:25:06.000000000 +0100 @@ -0,0 +1 @@ +<svg viewBox="0 0 128 128" xmlns="http://www.w3.org/2000/svg";><linearGradient id="a" gradientUnits="userSpaceOnUse" x1="8" x2="120" y1="238" y2="238"><stop offset="0" stop-color="#c0bfbc"/><stop offset=".143" stop-color="#c0bfbc"/><stop offset=".25" stop-color="#deddda"/><stop offset=".5" stop-color="#c0bfbc" stop-opacity=".939"/><stop offset="1" stop-color="#c0bfbc" stop-opacity=".984"/></linearGradient><g stroke-width="4"><path d="M64 182c-30.928 0-56 25.072-56 56s25.072 56 56 56 56-25.072 56-56-25.072-56-56-56zm0 36a20 20 0 0 1 20 20 20 20 0 0 1-20 20 20 20 0 0 1-20-20 20 20 0 0 1 20-20z" fill="url(#a)" transform="translate(0 -172)"/><path d="M64 8C33.072 8 8 33.072 8 64s25.072 56 56 56 56-25.072 56-56S94.928 8 64 8zm0 36a20 20 0 0 1 20 20 20 20 0 0 1-20 20 20 20 0 0 1-20-20 20 20 0 0 1 20-20z" fill="#deddda"/><path d="M64 44a20 20 0 0 0-20 20 20 20 0 0 0 20 20 20 20 0 0 0 20-20 20 20 0 0 0-20-20zm0 12a8 8 0 0 1 8 8 8 8 0 0 1-8 8 8 8 0 0 1-8-8 8 8 0 0 1 8-8z" fill="#c0bfbc" fill-opacity=".947"/><path d="M64 8v36a20 20 0 0 1 14.133 5.867l25.469-25.469C93.468 14.264 79.464 8 64 8zM49.867 78.132l-25.469 25.469C34.532 113.735 48.536 119.999 64 119.999v-36a20 20 0 0 1-14.133-5.867z" fill="#f6f5f4" opacity=".5"/><path d="M64 40a24 24 0 0 0-24 24 24 24 0 0 0 24 24 24 24 0 0 0 24-24 24 24 0 0 0-24-24zm0 4a20 20 0 0 1 20 20 20 20 0 0 1-20 20 20 20 0 0 1-20-20 20 20 0 0 1 20-20z" fill="#9a9996" fill-opacity=".947"/></g><path d="M117.05 78h-14c-3-1-2.96-1.368-3-3-.052-2.091 3-4 3-7 0-2.216-1.784-4-4-4h-4c-2.216 0-4 1.784-4 4 0 3 2.914 4.751 3 7 .062 1.615 0 2-2.898 3H75.05v16c-1 3-1.368 2.96-3 3-2.092.052-4-3-7-3-2.216 0-4 1.784-4 4v4c0 2.216 1.784 4 4 4 3 0 4.751-2.914 7-3 1.614-.062 2 0 3 2.898V120h42v-14.246c-.96-2.74-1.363-2.814-2.948-2.754-2.248.087-4 3-7 3a3.99 3.99 0 0 1-4-4v-4c0-2.215 1.784-4 4-4 3 0 4.909 3.052 7 3 1.601-.04 1.989-.018 2.948-2.851z" fill="#1a5fb4"/><path d="M117 76h-14c-3-1-2.96-1.368-3-3-.052-2.091 3-4 3-7 0-2.216-1.784-4-4-4h-4c-2.216 0-4 1.784-4 4 0 3 2.914 4.751 3 7 .062 1.615 0 2-2.898 3H75v16c-1 3-1.368 2.96-3 3-2.092.052-4-3-7-3-2.216 0-4 1.784-4 4v4c0 2.216 1.784 4 4 4 3 0 4.751-2.914 7-3 1.614-.062 2 0 3 2.898V118h42v-14.246c-.96-2.74-1.363-2.814-2.948-2.754-2.248.087-4 3-7 3a3.99 3.99 0 0 1-4-4v-4c0-2.215 1.784-4 4-4 3 0 4.909 3.052 7 3 1.601-.04 1.989-.018 2.948-2.851z" fill="#3584e4"/></svg> \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/src/icons/hicolor/scalable/apps/yast-product-registration.svg new/yast2-registration-4.1.11/src/icons/hicolor/scalable/apps/yast-product-registration.svg --- old/yast2-registration-4.1.8/src/icons/hicolor/scalable/apps/yast-product-registration.svg 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-registration-4.1.11/src/icons/hicolor/scalable/apps/yast-product-registration.svg 2018-12-14 14:25:06.000000000 +0100 @@ -0,0 +1 @@ +<svg height="128" width="128" xmlns="http://www.w3.org/2000/svg";><linearGradient id="a" gradientUnits="userSpaceOnUse" x1="24" x2="104" y1="20" y2="20"><stop offset="0" stop-color="#8ff0a4"/><stop offset="1" stop-color="#81dffe"/></linearGradient><path d="M20 8h88v108H20z" fill="#f6f5f4"/><path d="M20 116h88v4H20z" fill="#deddda"/><path d="M60 104h44v4H60z" fill="#5e5c64"/><path d="M24 16h80v8H24z" fill="url(#a)"/><path d="M24 32h80v4H24zm0 8h80v4H24zm0 8h52v4H24zm0 12h80v4H24zm0 8h80v4H24zm0 8h60v4H24z" fill="#deddda"/><path d="M60 92h4v12h-4zm4 0h36v4H64zm36 0h4v12h-4z" fill="#5e5c64"/><path d="M24 96h32v8H24z" fill="#deddda"/><path d="M99.828 28.172L60 68l8 8 39.82-39.82a10 10 0 0 0-7.992-8.008z" fill="#f6d32d"/><path d="M60 68l-8 16 16-8z" fill="#ffd097"/><path d="M105.07 30.93L64 72l4 4 39.82-39.82a10 10 0 0 0-2.75-5.25z" fill="#f5c211"/><path d="M64 72L52 84l16-8z" fill="#ffb56c"/><path d="M56 76l4 4-8 4z" fill="#3d3846"/><path d="M58 78l-6 6 8-4z"/><path d="M24 12h8v4h-8zm12 0h8v4h-8z" fill="#9a9996"/></svg> \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/src/lib/registration/clients/inst_scc.rb new/yast2-registration-4.1.11/src/lib/registration/clients/inst_scc.rb --- old/yast2-registration-4.1.8/src/lib/registration/clients/inst_scc.rb 2018-11-21 17:44:29.000000000 +0100 +++ new/yast2-registration-4.1.11/src/lib/registration/clients/inst_scc.rb 2018-12-14 14:25:06.000000000 +0100 @@ -188,7 +188,7 @@ return Mode.normal ? :abort : :auto end - if Mode.update + if Stage.initial Wizard.SetContents( _("Registration"), Empty(), @@ -197,7 +197,9 @@ false, false ) + end + if Mode.update ::Registration::SwMgmt.copy_old_credentials(Installation.destdir) if File.exist?(SUSE::Connect::YaST::GLOBAL_CREDENTIALS_FILE) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/src/lib/registration/sw_mgmt.rb new/yast2-registration-4.1.11/src/lib/registration/sw_mgmt.rb --- old/yast2-registration-4.1.8/src/lib/registration/sw_mgmt.rb 2018-11-21 17:44:29.000000000 +0100 +++ new/yast2-registration-4.1.11/src/lib/registration/sw_mgmt.rb 2018-12-14 14:25:06.000000000 +0100 @@ -25,7 +25,6 @@ require "tmpdir" require "fileutils" -require "shellwords" require "ostruct" require "registration/exceptions" @@ -35,6 +34,7 @@ require "packager/product_patterns" require "y2packager/product_reader" +require "yast2/execute" module Registration Yast.import "AddOnProduct" @@ -481,14 +481,28 @@ # SMT uses extra ACL permissions, make sure they are kept in the copied file, # (use "cp -a ", ::FileUtils.cp(..., preserve: true) cannot be used as it preserves only # the traditional Unix file permissions, the extended ACLs are NOT copied!) - `cp -a #{Shellwords.escape(file)} #{Shellwords.escape(new_file)}` + Yast::Execute.locally!("cp", "-a", file, new_file) - credentials = SUSE::Connect::YaST.credentials(new_file) + use_credentials(new_file) + rescue Cheetah::ExecutionFailed => error + log.warn "Cannot copy the old credentials file #{file} to #{new_file}: #{error.message}" + end + + # Use credentials from a file + # + # @param filename [String] credentials filename. + # @return [Boolean] true if credentials can be used; false otherwise. + def self.use_credentials(filename) + credentials = SUSE::Connect::YaST.credentials(filename) log.info "Using previous credentials (username): #{credentials.username}" + true rescue SUSE::Connect::MalformedSccCredentialsFile => e log.warn "Cannot parse the credentials file: #{e.inspect}" + false end + private_class_method :use_credentials + def self.find_addon_updates(addons) log.info "Available addons: #{addons.map(&:identifier)}" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/src/lib/registration/ui/base_system_registration_dialog.rb new/yast2-registration-4.1.11/src/lib/registration/ui/base_system_registration_dialog.rb --- old/yast2-registration-4.1.8/src/lib/registration/ui/base_system_registration_dialog.rb 2018-11-21 17:44:29.000000000 +0100 +++ new/yast2-registration-4.1.11/src/lib/registration/ui/base_system_registration_dialog.rb 2018-12-14 14:25:06.000000000 +0100 @@ -74,6 +74,8 @@ set_focus event_loop + ensure + Yast::Wizard.ClearContents end # Set the initial action diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/test/sw_mgmt_spec.rb new/yast2-registration-4.1.11/test/sw_mgmt_spec.rb --- old/yast2-registration-4.1.8/test/sw_mgmt_spec.rb 2018-11-21 17:44:29.000000000 +0100 +++ new/yast2-registration-4.1.11/test/sw_mgmt_spec.rb 2018-12-14 14:25:06.000000000 +0100 @@ -224,67 +224,85 @@ let(:scc_credentials) { File.join(root_dir, target_dir, "SCCcredentials") } before do - expect(File).to receive(:exist?).with(target_dir).and_return(false) + allow(File).to receive(:exist?).with(target_dir).and_return(false) allow(File).to receive(:file?).and_return(true) - expect(FileUtils).to receive(:mkdir_p).with(target_dir) + allow(FileUtils).to receive(:mkdir_p).with(target_dir) end it "does not fail when the old credentials are missing" do - expect(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*")) + allow(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*")) .and_return([]) # no copy - expect(FileUtils).to receive(:cp).never + expect(Yast::Execute).to_not receive(:locally!).with("cp", any_args) + + expect { subject.copy_old_credentials(root_dir) }.to_not raise_error + end + + it "does not fail when the old credentials file cannot be copied" do + allow(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*")) + .and_return([ncc_credentials]) + + error = Cheetah::ExecutionFailed.new([], "", nil, nil) + + allow(Yast::Execute).to receive(:locally!).with("cp", any_args) + .and_raise(error) expect { subject.copy_old_credentials(root_dir) }.to_not raise_error end it "copies old NCC credentials at upgrade" do - expect(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*")) + allow(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*")) .and_return([ncc_credentials]) - expect(subject).to receive(:`).with("cp -a " + ncc_credentials + " " + - File.join(target_dir, "SCCcredentials")) - expect(SUSE::Connect::YaST).to receive(:credentials).and_return(OpenStruct.new) + allow(SUSE::Connect::YaST).to receive(:credentials).and_return(OpenStruct.new) + + expect(Yast::Execute).to receive(:locally!) + .with("cp", "-a", ncc_credentials, File.join(target_dir, "SCCcredentials")) subject.copy_old_credentials(root_dir) end it "prefers the SCC credentials if both NCC and SCC credentials are present" do # deliberately return the SCC credentials first here - expect(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*")) + allow(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*")) .and_return([scc_credentials, ncc_credentials]) - # copy the credentials in the NCC, SCC order (bsc#1096813) - expect(subject).to receive(:`).with("cp -a " + ncc_credentials + " " + - File.join(target_dir, "SCCcredentials")).ordered - expect(subject).to receive(:`).with("cp -a " + scc_credentials + " " + - File.join(target_dir, "SCCcredentials")).ordered - allow(SUSE::Connect::YaST).to receive(:credentials).and_return(OpenStruct.new) + # copy the credentials in the NCC, SCC order (bsc#1096813) + expect(Yast::Execute).to receive(:locally!) + .with("cp", "-a", ncc_credentials, File.join(target_dir, "SCCcredentials")) + .ordered + + expect(Yast::Execute).to receive(:locally!) + .with("cp", "-a", scc_credentials, File.join(target_dir, "SCCcredentials")) + .ordered + subject.copy_old_credentials(root_dir) end it "copies old SCC credentials at upgrade" do - expect(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*")) + allow(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*")) .and_return([scc_credentials]) - expect(subject).to receive(:`).with("cp -a " + scc_credentials + " " + - File.join(target_dir, "SCCcredentials")) - expect(SUSE::Connect::YaST).to receive(:credentials).and_return(OpenStruct.new) + allow(SUSE::Connect::YaST).to receive(:credentials).and_return(OpenStruct.new) + + expect(Yast::Execute).to receive(:locally!) + .with("cp", "-a", scc_credentials, File.join(target_dir, "SCCcredentials")) subject.copy_old_credentials(root_dir) end it "copies old SMT credentials at upgrade" do smt_credentials = File.join(root_dir, target_dir, "SMT-http_smt_example_com") - expect(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*")) + allow(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*")) .and_return([smt_credentials]) - expect(subject).to receive(:`).with("cp -a " + smt_credentials + " " + - File.join(target_dir, "SMT-http_smt_example_com")) - expect(SUSE::Connect::YaST).to receive(:credentials).and_return(OpenStruct.new) + allow(SUSE::Connect::YaST).to receive(:credentials).and_return(OpenStruct.new) + + expect(Yast::Execute).to receive(:locally!) + .with("cp", "-a", smt_credentials, File.join(target_dir, "SMT-http_smt_example_com")) subject.copy_old_credentials(root_dir) end
