Hello community, here is the log from the commit of package yast2-sound for openSUSE:Factory checked in at 2018-12-31 09:44:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-sound (Old) and /work/SRC/openSUSE:Factory/.yast2-sound.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-sound" Mon Dec 31 09:44:57 2018 rev:93 rq:660235 version:4.1.1 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-sound/yast2-sound.changes 2018-07-03 23:31:56.616616285 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-sound.new.28833/yast2-sound.changes 2018-12-31 09:44:59.258285475 +0100 @@ -1,0 +2,30 @@ +Tue Dec 18 16:00:39 UTC 2018 - [email protected] + +- always use absolute path to binaries (bsc#1118291) +- properly escape shell arguments (bsc#1118291) +- 4.1.1 + +------------------------------------------------------------------- +Wed Dec 12 17:20:57 UTC 2018 - [email protected] + +- Hardening commands execution (part of bsc#1118291). +- Replace backticks by Yast::Execute. +- 4.1.0 + +------------------------------------------------------------------- +Mon Nov 26 04:52:22 UTC 2018 - Noah Davis <[email protected]> + +- Provide icon with module (boo#1109310) +- 4.0.2 + +------------------------------------------------------------------- +Wed Aug 22 16:17:28 CEST 2018 - [email protected] + +- Switched license in spec file from SPDX2 to SPDX3 format. + +------------------------------------------------------------------- +Tue Aug 21 09:26:06 CEST 2018 - [email protected] + +- Changed dir of COPYING file. + +------------------------------------------------------------------- Old: ---- yast2-sound-4.0.1.tar.bz2 New: ---- yast2-sound-4.1.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-sound.spec ++++++ --- /var/tmp/diff_new_pack.ynyLNB/_old 2018-12-31 09:44:59.574285216 +0100 +++ /var/tmp/diff_new_pack.ynyLNB/_new 2018-12-31 09:44:59.574285216 +0100 @@ -17,7 +17,7 @@ Name: yast2-sound -Version: 4.0.1 +Version: 4.1.1 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -76,7 +76,7 @@ Requires: yast2-ruby-bindings >= 1.0.0 Summary: YaST2 - Sound Configuration -License: GPL-2.0+ +License: GPL-2.0-or-later Group: System/YaST %description @@ -121,8 +121,11 @@ %{yast_plugindir}/libpy2ag_audio.so* %{yast_scrconfdir}/*.scr +# icons +%{yast_icondir} + %dir %{yast_docdir} %doc %{yast_docdir}/README -%doc %{yast_docdir}/COPYING +%license %{yast_docdir}/COPYING %changelog ++++++ yast2-sound-4.0.1.tar.bz2 -> yast2-sound-4.1.1.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-sound-4.0.1/data/alsa_drivers.rb new/yast2-sound-4.1.1/data/alsa_drivers.rb --- old/yast2-sound-4.0.1/data/alsa_drivers.rb 2018-07-02 16:25:12.000000000 +0200 +++ new/yast2-sound-4.1.1/data/alsa_drivers.rb 2018-12-20 10:57:59.000000000 +0100 @@ -1,3 +1,22 @@ +require "yast" +require "yast2/execute" + +# Auxiliary module to run a command and get its output +module Command + # Returns the output of the given command + # + # @param args [Array<String>, Array<Array<String>>] the command to execute and + # its arguments. For a detailed description, see + # https://www.rubydoc.info/github/openSUSE/cheetah/Cheetah#run-class_method + # @return [String] commmand output or an empty string if the command fails. + def self.output(*args) + Yast::Execute.locally!(*args, stdout: :capture) + rescue Cheetah::ExecutionFailed => error + puts error.message + "" + end +end + # handle modalias settings from modinfo output # parses the device ID string to Vendor and Device parts class ModAlias @@ -60,29 +79,25 @@ # read the description from the driver def description - `/sbin/modinfo -F description #{@mod_path}`.strip + Command::output("/sbin/modinfo", "-F", "description", @mod_path).strip end # read the device module aliases def modaliases - lst = `/sbin/modinfo -F alias #{@mod_path}`.split("\n") - ret = [] + aliases = Command::output("/sbin/modinfo", "-F", "alias", @mod_path).split("\n") + aliases = aliases.grep(/^pci:/) - lst.each do |a| - ret << ModAlias.new(a) if a.match /^pci:/ - end + mod_aliases = aliases.map { |a| ModAlias.new(a) } - extra_ids = YAML.load_file "data_extra_id.yml" - extra_ids.each do |id| - ret << ModAlias.new("pci:v#{id[1]}d#{id[2]}sv*sd*") if id[0] == name - end + extra_ids = YAML.load_file("data_extra_id.yml") + extra_ids = extra_ids.select { |id| id[0] == name } - ret + mod_aliases + extra_ids.map { |id| ModAlias.new("pci:v#{id[1]}d#{id[2]}sv*sd*") } end # read the module parameters def params - lst = `/sbin/modinfo #{@mod_path}`.split("\n") + lst = Command::output("/sbin/modinfo", @mod_path).split("\n") ret = [] lst.each do |a| @@ -107,15 +122,10 @@ # find all sound drivers below the given path def self.find_all(path) - ret = [] - lst = `find #{path} -type f -name 'snd-*.ko'`.split("\n").sort{|p1, p2| - p1.split('/').last <=> p2.split('/').last - } + files = Dir.glob(File.join(path, "**", "snd-*.ko")).select { |f| File.file?(f) } - lst.each do |m| - ret << AlsaModule.new(m) - end + files.sort! { |f1, f2| File.basename(f1) <=> File.basename(f2) } - ret + files.map { |f| AlsaModule.new(f) } end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-sound-4.0.1/package/yast2-sound.changes new/yast2-sound-4.1.1/package/yast2-sound.changes --- old/yast2-sound-4.0.1/package/yast2-sound.changes 2018-07-02 16:25:12.000000000 +0200 +++ new/yast2-sound-4.1.1/package/yast2-sound.changes 2018-12-20 10:57:59.000000000 +0100 @@ -1,4 +1,34 @@ ------------------------------------------------------------------- +Tue Dec 18 16:00:39 UTC 2018 - [email protected] + +- always use absolute path to binaries (bsc#1118291) +- properly escape shell arguments (bsc#1118291) +- 4.1.1 + +------------------------------------------------------------------- +Wed Dec 12 17:20:57 UTC 2018 - [email protected] + +- Hardening commands execution (part of bsc#1118291). +- Replace backticks by Yast::Execute. +- 4.1.0 + +------------------------------------------------------------------- +Mon Nov 26 04:52:22 UTC 2018 - Noah Davis <[email protected]> + +- Provide icon with module (boo#1109310) +- 4.0.2 + +------------------------------------------------------------------- +Wed Aug 22 16:17:28 CEST 2018 - [email protected] + +- Switched license in spec file from SPDX2 to SPDX3 format. + +------------------------------------------------------------------- +Tue Aug 21 09:26:06 CEST 2018 - [email protected] + +- Changed dir of COPYING file. + +------------------------------------------------------------------- Thu Jun 28 14:24:04 CEST 2018 - [email protected] - Added additional searchkeys to desktop file (fate#321043). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-sound-4.0.1/package/yast2-sound.spec new/yast2-sound-4.1.1/package/yast2-sound.spec --- old/yast2-sound-4.0.1/package/yast2-sound.spec 2018-07-02 16:25:12.000000000 +0200 +++ new/yast2-sound-4.1.1/package/yast2-sound.spec 2018-12-20 10:57:59.000000000 +0100 @@ -17,7 +17,7 @@ Name: yast2-sound -Version: 4.0.1 +Version: 4.1.1 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -76,7 +76,7 @@ Requires: yast2-ruby-bindings >= 1.0.0 Summary: YaST2 - Sound Configuration -License: GPL-2.0+ +License: GPL-2.0-or-later Group: System/YaST %description @@ -121,8 +121,11 @@ %{yast_plugindir}/libpy2ag_audio.so* %{yast_scrconfdir}/*.scr +# icons +%{yast_icondir} + %dir %{yast_docdir} %doc %{yast_docdir}/README -%doc %{yast_docdir}/COPYING +%license %{yast_docdir}/COPYING %changelog diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-sound-4.0.1/src/Makefile.am new/yast2-sound-4.1.1/src/Makefile.am --- old/yast2-sound-4.0.1/src/Makefile.am 2018-07-02 16:25:12.000000000 +0200 +++ new/yast2-sound-4.1.1/src/Makefile.am 2018-12-20 10:57:59.000000000 +0100 @@ -45,6 +45,10 @@ desktop_DATA = \ desktop/sound.desktop -EXTRA_DIST = $(module_DATA) $(client_DATA) $(ynclude_DATA) $(scrconf_DATA) $(schemafiles_DATA) $(ybin_SCRIPTS) $(ydata_DATA) $(desktop_DATA) +scalabledir = @icondir@/hicolor/scalable/apps +scalable_DATA = \ + icons/hicolor/scalable/apps/yast-sound.svg + +EXTRA_DIST = $(module_DATA) $(client_DATA) $(ynclude_DATA) $(scrconf_DATA) $(schemafiles_DATA) $(ybin_SCRIPTS) $(ydata_DATA) $(desktop_DATA) $(scalable_DATA) include $(top_srcdir)/Makefile.am.common diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-sound-4.0.1/src/icons/hicolor/scalable/apps/yast-sound.svg new/yast2-sound-4.1.1/src/icons/hicolor/scalable/apps/yast-sound.svg --- old/yast2-sound-4.0.1/src/icons/hicolor/scalable/apps/yast-sound.svg 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-sound-4.1.1/src/icons/hicolor/scalable/apps/yast-sound.svg 2018-12-20 10:57:59.000000000 +0100 @@ -0,0 +1 @@ +<svg height="128" width="128" xmlns="http://www.w3.org/2000/svg";><radialGradient id="b" cx="64" cy="55.96" gradientUnits="userSpaceOnUse" r="24"><stop offset="0" stop-color="#f8e45c"/><stop offset="1" stop-color="#f6d32d"/></radialGradient><linearGradient id="a" gradientUnits="userSpaceOnUse" x1="24" x2="104" y1="119.96" y2="119.96"><stop offset="0" stop-color="#5e5c64"/><stop offset=".05" stop-color="#9a9996"/><stop offset=".1" stop-color="#5e5c64"/><stop offset=".9" stop-color="#5e5c64"/><stop offset=".95" stop-color="#9a9996"/><stop offset="1" stop-color="#5e5c64"/></linearGradient><g stroke-width="4"><rect fill="url(#a)" height="104" rx="8" width="80" x="24" y="16"/><rect fill="#9a9996" height="104" rx="8" width="80" x="24" y="8"/><rect fill="#5e5c64" height="16" ry="4" width="16" x="76" y="84"/><path d="M64 40a32 32 0 0 0-32 32 32 32 0 0 0 32 32 32 32 0 0 0 32-32 32 32 0 0 0-32-32z" fill="#5e5c64"/><rect fill="#3d3846" height="16" ry="4" width="16" x="72" y="80"/><g fill="#5e5c64"><rect height="16" ry="4" width="16" x="36" y="44"/><rect height="16" ry="4" width="16" x="76" y="44"/><rect height="16" ry="4" width="16" x="36" y="84"/></g><g fill="#3d3846"><circle cx="64" cy="72" r="28"/><rect height="16" ry="4" width="16" x="40" y="48"/><rect height="16" ry="4" width="16" x="72" y="48"/><rect height="16" ry="4" width="16" x="40" y="80"/></g><path d="M64 48a24 24 0 0 0-24 24 24 24 0 0 0 24 24 24 24 0 0 0 24-24 24 24 0 0 0-24-24z" fill="url(#b)"/><path d="M64 60a12 12 0 0 0-12 12 12 12 0 0 0 12 12 12 12 0 0 0 12-12 12 12 0 0 0-12-12z" fill="#3d3846"/><path d="M64 48a24 24 0 0 0-24 24 24 24 0 0 0 .1 2.008A24 24 0 0 1 64 52a24 24 0 0 1 23.9 21.992A24 24 0 0 0 88 72a24 24 0 0 0-24-24z" fill="#e5a50a"/><path d="M64 12a12 12 0 0 0-12 12 12 12 0 0 0 12 12 12 12 0 0 0 12-12 12 12 0 0 0-12-12z" fill="#77767b"/><path d="M64 16a8 8 0 0 0-8 8 8 8 0 0 0 8 8 8 8 0 0 0 8-8 8 8 0 0 0-8-8z" fill="#5e5c64"/><path d="M64 16a8 8 0 0 0-8 8 8 8 0 0 0 .256 1.984A8 8 0 0 1 64 20a8 8 0 0 1 7.744 6.016A8 8 0 0 0 72 24a8 8 0 0 0-8-8z" fill="#3d3846"/></g></svg> \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-sound-4.0.1/src/include/sound/routines.rb new/yast2-sound-4.1.1/src/include/sound/routines.rb --- old/yast2-sound-4.0.1/src/include/sound/routines.rb 2018-07-02 16:25:12.000000000 +0200 +++ new/yast2-sound-4.1.1/src/include/sound/routines.rb 2018-12-20 10:57:59.000000000 +0100 @@ -14,6 +14,9 @@ # Dan Meszaros <[email protected]> # # + +require "shellwords" + module Yast module SoundRoutinesInclude def initialize_sound_routines(include_target) @@ -992,7 +995,7 @@ res = Convert.to_map( SCR.Execute( path(".target.bash_output"), - Ops.add(Ops.add(Directory.ybindir, "/copyfonts "), mpoint), + "#{File.join(Directory.ybindir, "/copyfonts")} #{mpoint.shellescape}", {} ) ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-sound-4.0.1/src/include/sound/volume_routines.rb new/yast2-sound-4.1.1/src/include/sound/volume_routines.rb --- old/yast2-sound-4.0.1/src/include/sound/volume_routines.rb 2018-07-02 16:25:12.000000000 +0200 +++ new/yast2-sound-4.1.1/src/include/sound/volume_routines.rb 2018-12-20 10:57:59.000000000 +0100 @@ -14,6 +14,8 @@ # Dan Meszaros <[email protected]> # Jiri Suchomel <[email protected]> # +require "shellwords" + module Yast module SoundVolumeRoutinesInclude def initialize_sound_volume_routines(include_target) @@ -43,8 +45,8 @@ if Arch.sparc cmd = Builtins.sformat( "/usr/bin/aumix -d /dev/mixer%1 -w %2", - cardid, - value + cardid.to_i, + value.to_i ) SCR.Execute(path(".target.bash"), cmd, {}) else @@ -121,12 +123,12 @@ end command = !Sound.use_alsa ? - Builtins.sformat("/usr/bin/mpg123 -a /dev/dsp%1 %2", card_id, fname) : + Builtins.sformat("/usr/bin/mpg123 -a /dev/dsp%1 %2", card_id.to_i, fname.shellescape) : # unset ALSA_CONFIG_PATH (bnc#440981) Builtins.sformat( "ALSA_CONFIG_PATH= /usr/bin/aplay -q -N -D default:%1 %2 > /dev/null 2>&1", - card_id, - fname + card_id.to_i, + fname.shellescape ) Builtins.y2milestone("Executing: %1", command) @@ -156,7 +158,7 @@ snd = Builtins.sformat( "/sbin/modprobe snd snd_cards_limit=%1 snd_major=116", Builtins.size(Sound.modules_conf) - ) + ) #FIXME parameter names for OSS? end @@ -211,7 +213,7 @@ if Builtins.haskey(modules, mod) SCR.Execute( path(".target.bash"), - Builtins.sformat("/sbin/rmmod -r %1", mod) + Builtins.sformat("/sbin/rmmod -r %1", mod.shellescape) ) end end @@ -224,6 +226,8 @@ out = Convert.to_map( SCR.Execute( path(".target.bash_output"), + # cannot escape it here as escaped glob return without asterisk expansion, + # but we provide input Builtins.sformat("echo -n %1", glob) ) ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-sound-4.0.1/src/include/sound/write_routines.rb new/yast2-sound-4.1.1/src/include/sound/write_routines.rb --- old/yast2-sound-4.0.1/src/include/sound/write_routines.rb 2018-07-02 16:25:12.000000000 +0200 +++ new/yast2-sound-4.1.1/src/include/sound/write_routines.rb 2018-12-20 10:57:59.000000000 +0100 @@ -73,7 +73,7 @@ # remove the old configuration file if Ops.get_string(entry, "hwcfg", "") != "" rm = Ops.add( - "rm -f /etc/sysconfig/hardware/hwcfg-", + "/usr/bin/rm -f /etc/sysconfig/hardware/hwcfg-", Ops.get_string(entry, "hwcfg", "") ) Builtins.y2milestone("Removing old configuration file: %1", rm) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-sound-4.0.1/src/modules/PulseAudio.rb new/yast2-sound-4.1.1/src/modules/PulseAudio.rb --- old/yast2-sound-4.0.1/src/modules/PulseAudio.rb 2018-07-02 16:25:12.000000000 +0200 +++ new/yast2-sound-4.1.1/src/modules/PulseAudio.rb 2018-12-20 10:57:59.000000000 +0100 @@ -27,6 +27,9 @@ module Yast class PulseAudioClass < Module + # path to the configuration script + PA_SETUP_SCRIPT = "/usr/bin/setup-pulseaudio".freeze + def main textdomain "sound" @@ -37,20 +40,16 @@ @pa_enabled = nil @modified = false - # path to the configuration script - @pa_setup_script = "/usr/bin/setup-pulseaudio" end def Read # reset the modification flag @modified = false - if FileUtils.Exists(@pa_setup_script) - out = Convert.to_map( - SCR.Execute( - path(".target.bash_output"), - Ops.add(@pa_setup_script, " --status") - ) + if FileUtils.Exists(PA_SETUP_SCRIPT) + out = SCR.Execute( + path(".target.bash_output"), + "#{PA_SETUP_SCRIPT} --status" ) Builtins.y2milestone("Read status: %1", out) @@ -66,7 +65,7 @@ else Builtins.y2warning( "PulseAudio setup script %1 is not present!", - @pa_setup_script + PA_SETUP_SCRIPT ) return false end @@ -124,20 +123,15 @@ # flush the changes SCR.Write(path(".sysconfig.sound"), nil) - if FileUtils.Exists(@pa_setup_script) + if FileUtils.Exists(PA_SETUP_SCRIPT) Builtins.y2milestone( "%1 PulseAudio support", @pa_enabled ? "Enabling" : "Disabling" ) - out = Convert.to_map( - SCR.Execute( - path(".target.bash_output"), - Ops.add( - @pa_setup_script, - @pa_enabled ? " --enable" : " --disable" - ) - ) + out = SCR.Execute( + path(".target.bash_output"), + "#{PA_SETUP_SCRIPT} #{@pa_enabled ? "--enable" : " --disable"}" ) Builtins.y2milestone("Write status: %1", out) @@ -147,7 +141,7 @@ else Builtins.y2warning( "PulseAudio setup script %1 is not present, cannot configure applications", - @pa_setup_script + PA_SETUP_SCRIPT ) # reset the modification flag diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-sound-4.0.1/src/modules/Sound.rb new/yast2-sound-4.1.1/src/modules/Sound.rb --- old/yast2-sound-4.0.1/src/modules/Sound.rb 2018-07-02 16:25:12.000000000 +0200 +++ new/yast2-sound-4.1.1/src/modules/Sound.rb 2018-12-20 10:57:59.000000000 +0100 @@ -7,6 +7,7 @@ # require "yast" require "yaml" +require "shellwords" module Yast class SoundClass < Module @@ -174,7 +175,7 @@ # @param [String] chip chip name # @return non-empty string with card options when card is present def ProbeOldChip(chip) - command = Builtins.sformat("/usr/sbin/alsaconf -p %1", chip) + command = Builtins.sformat("/usr/sbin/alsaconf -p %1", chip.shellescape) name = Ops.get_string( @db_modules, [Ops.add("snd-", chip), "description"],
