Hello community, here is the log from the commit of package yast2-support for openSUSE:Factory checked in at 2019-01-03 18:06:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-support (Old) and /work/SRC/openSUSE:Factory/.yast2-support.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-support" Thu Jan 3 18:06:36 2019 rev:50 rq:660233 version:4.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-support/yast2-support.changes 2018-09-07 15:39:54.934503211 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-support.new.28833/yast2-support.changes 2019-01-03 18:06:37.860140202 +0100 @@ -1,0 +2,18 @@ +Thu Dec 13 13:08:25 UTC 2018 - [email protected] + +- always use absolute path to binaries (bsc#1118291) +- properly escape shell arguments (bsc#1118291) +- 4.1.0 + +------------------------------------------------------------------- +Mon Nov 26 05:01:10 UTC 2018 - Noah Davis <[email protected]> + +- Provide icon with module (boo#1109310) +- 4.0.2 + +------------------------------------------------------------------- +Tue Oct 16 15:16:10 CEST 2018 - [email protected] + +- Added license file to spec. + +------------------------------------------------------------------- Old: ---- yast2-support-4.0.1.tar.bz2 New: ---- yast2-support-4.1.0.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-support.spec ++++++ --- /var/tmp/diff_new_pack.XSPqO7/_old 2019-01-03 18:06:38.364139755 +0100 +++ /var/tmp/diff_new_pack.XSPqO7/_new 2019-01-03 18:06:38.368139752 +0100 @@ -17,7 +17,7 @@ Name: yast2-support -Version: 4.0.1 +Version: 4.1.0 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -35,7 +35,7 @@ Requires: yast2-ruby-bindings >= 3.1.36 Summary: YaST2 - Support Inquiries -License: GPL-2.0 +License: GPL-2.0-only Group: System/YaST %description @@ -62,6 +62,8 @@ %{yast_moduledir}/Support.* %{yast_desktopdir}/support.desktop %{yast_scrconfdir}/*.scr +%{yast_icondir} %doc %{yast_docdir} +%license COPYING %changelog ++++++ yast2-support-4.0.1.tar.bz2 -> yast2-support-4.1.0.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-support-4.0.1/package/yast2-support.changes new/yast2-support-4.1.0/package/yast2-support.changes --- old/yast2-support-4.0.1/package/yast2-support.changes 2018-09-05 15:20:13.000000000 +0200 +++ new/yast2-support-4.1.0/package/yast2-support.changes 2018-12-20 10:46:21.000000000 +0100 @@ -1,4 +1,22 @@ ------------------------------------------------------------------- +Thu Dec 13 13:08:25 UTC 2018 - [email protected] + +- always use absolute path to binaries (bsc#1118291) +- properly escape shell arguments (bsc#1118291) +- 4.1.0 + +------------------------------------------------------------------- +Mon Nov 26 05:01:10 UTC 2018 - Noah Davis <[email protected]> + +- Provide icon with module (boo#1109310) +- 4.0.2 + +------------------------------------------------------------------- +Tue Oct 16 15:16:10 CEST 2018 - [email protected] + +- Added license file to spec. + +------------------------------------------------------------------- Thu Aug 30 13:01:32 UTC 2018 - [email protected] - In ncurses the "Next" button to submit the gathered information diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-support-4.0.1/package/yast2-support.spec new/yast2-support-4.1.0/package/yast2-support.spec --- old/yast2-support-4.0.1/package/yast2-support.spec 2018-09-05 15:20:13.000000000 +0200 +++ new/yast2-support-4.1.0/package/yast2-support.spec 2018-12-20 10:46:21.000000000 +0100 @@ -17,7 +17,7 @@ Name: yast2-support -Version: 4.0.1 +Version: 4.1.0 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -63,4 +63,6 @@ %{yast_moduledir}/Support.* %{yast_desktopdir}/support.desktop %{yast_scrconfdir}/*.scr +%{yast_icondir} %doc %{yast_docdir} +%license COPYING diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-support-4.0.1/src/icons/hicolor/scalable/apps/yast-support.svg new/yast2-support-4.1.0/src/icons/hicolor/scalable/apps/yast-support.svg --- old/yast2-support-4.0.1/src/icons/hicolor/scalable/apps/yast-support.svg 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-support-4.1.0/src/icons/hicolor/scalable/apps/yast-support.svg 2018-12-20 10:46:21.000000000 +0100 @@ -0,0 +1 @@ +<svg height="128" width="128" xmlns="http://www.w3.org/2000/svg"; xmlns:xlink="http://www.w3.org/1999/xlink";><linearGradient id="b"><stop offset="0" stop-color="#f6f5f4"/><stop offset="1" stop-color="#e7e6e4"/></linearGradient><linearGradient id="a"><stop offset="0" stop-color="#e01b24"/><stop offset="1" stop-color="#c01c28"/></linearGradient><linearGradient id="c" gradientUnits="userSpaceOnUse" x1="64" x2="64" xlink:href="#a" y1="96" y2="120"/><linearGradient id="g" gradientUnits="userSpaceOnUse" x1="64" x2="64" xlink:href="#a" y1="8" y2="32"/><linearGradient id="f" gradientUnits="userSpaceOnUse" x1="92" x2="92" xlink:href="#b" y1="12" y2="52"/><linearGradient id="d" gradientUnits="userSpaceOnUse" x1="44" x2="44" xlink:href="#b" y1="80" y2="112"/><linearGradient id="e" gradientUnits="userSpaceOnUse" x1="64" x2="64" xlink:href="#a" y1="52" y2="80"/><g stroke-width="4"><path d="M51.76 93.552l-9.176 22.152a56 56 0 0 0 42.844.036l-9.184-22.176a32 32 0 0 1-24.484-.012z" fill="url(#c)"/><path d="M34.46 76.204l-22.148 9.18a56 56 0 0 0 30.276 30.32l9.176-22.172A32 32 0 0 1 34.46 76.204zm59.108.056A32 32 0 0 1 76.24 93.564l9.18 22.148a56 56 0 0 0 30.32-30.264z" fill="url(#d)"/><path d="M12.328 42.548a56 56 0 0 0-.04 42.844l22.172-9.188a32 32 0 0 1 .016-24.484zm103.452.056l-22.172 9.18a32 32 0 0 1-.016 24.48l22.148 9.184a56 56 0 0 0 .04-42.844z" fill="url(#e)"/><path d="M42.648 12.272a56 56 0 0 0-30.32 30.276l22.172 9.18A32 32 0 0 1 51.82 34.42zm42.836.016L76.296 34.46a32 32 0 0 1 17.312 17.32l22.148-9.172a56 56 0 0 0-30.272-30.32z" fill="url(#f)"/><path d="M76.308 34.436l9.176-22.152a56 56 0 0 0-42.844-.036l9.184 22.176a32 32 0 0 1 24.484.012z" fill="url(#g)"/></g></svg> \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-support-4.0.1/src/include/support/complex.rb new/yast2-support-4.1.0/src/include/support/complex.rb --- old/yast2-support-4.0.1/src/include/support/complex.rb 2018-09-05 15:20:13.000000000 +0200 +++ new/yast2-support-4.1.0/src/include/support/complex.rb 2018-12-20 10:46:21.000000000 +0100 @@ -25,6 +25,9 @@ # Authors: Michal Zugec <[email protected]> # # $Id: complex.ycp 41350 2007-10-10 16:59:00Z dfiser $ + +require "shellwords" + module Yast module SupportComplexInclude def initialize_support_complex(include_target) @@ -64,21 +67,15 @@ # if (!Confirm::MustBeRoot()) return `abort; if Support.WhoAmI != 0 # use configuration file in home directory - cmd = Builtins.sformat("ls %1", "~/.supportconfig") - out = Convert.to_map(SCR.Execute(path(".target.bash_output"), cmd)) + out = SCR.Execute(path(".target.bash_output"), "/usr/bin/ls ~/.supportconfig") file = Ops.get_string(out, "stdout", "") file = Ops.get(Builtins.splitstring(file, "\n"), 0, "") return :abort if !Confirm.MustBeRoot if file == "" || file == nil Builtins.y2milestone("Using configuration file %1", file) Builtins.setenv("SC_CONF", file) # ensure ~/.supportconfig does exist - if Ops.less_than(SCR.Read(path(".target.size"), file), 0) - cmd2 = Builtins.sformat( - "/bin/cp %1 %2", - "/etc/supportconfig.conf", - file - ) - SCR.Execute(path(".target.bash"), cmd2) + if SCR.Read(path(".target.size"), file) < 0 + SCR.Execute(path(".target.bash"), "/usr/bin/cp /etc/supportconfig.conf #{file.shellescape}") end SCR.UnregisterAgent(path(".etc.supportconfig")) SCR.RegisterAgent( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-support-4.0.1/src/include/support/dialogs.rb new/yast2-support-4.1.0/src/include/support/dialogs.rb --- old/yast2-support-4.0.1/src/include/support/dialogs.rb 2018-09-05 15:20:13.000000000 +0200 +++ new/yast2-support-4.1.0/src/include/support/dialogs.rb 2018-12-20 10:46:21.000000000 +0100 @@ -28,6 +28,8 @@ require "yast/core_ext" +require "shellwords" + # Main file for support configuration. Uses all other files. module Yast module SupportDialogsInclude @@ -153,11 +155,7 @@ Popup.Error(_("Could not find any installed browser.")) else url = "'http://scc.suse.com/tickets'" - if 0 == - SCR.Execute( - path(".target.bash"), - "env|grep LOGNAME|cut -d'=' -f2- | grep root" - ) + if ENV["LOGNAME"] == "root" if Popup.ContinueCancel( Builtins.sformat( _( @@ -176,7 +174,7 @@ ) SCR.Execute( path(".target.bash"), - Builtins.sformat("%1 %2", Support.browser, url) + Builtins.sformat("%1 %2", Support.browser.shellescape, url.shellescape) ) end else @@ -185,12 +183,13 @@ Support.browser, url ) + SCR.Execute( path(".target.bash"), Builtins.sformat( - "su $(env|grep LOGNAME|cut -d'=' -f2-) -c \"%1 %2\"", - Support.browser, - url + "/usr/bin/su #{ENV["LOGNAME"].shellescape} -c %1", + # double shell escaping is needed here as first it is evaluated by shell and then by su + "#{Support.browser.shellescape} #{url.shellescape}".shellescape ) ) end @@ -209,15 +208,7 @@ ) Builtins.y2milestone("URL value from /etc/supportconfig.conf : %1", url) Builtins.y2milestone("%1", Support.log_files) - dir_to_save = Ops.get_string( - Convert.convert( - SCR.Execute(path(".target.bash_output"), "echo ~|tr -d '\n'"), - :from => "any", - :to => "map <string, any>" - ), - "stdout", - "" - ) + dir_to_save = ENV["HOME"] if dir_to_save == "/root" dir_to_save = "/var/log" end @@ -278,28 +269,29 @@ if ret == :next if !data_prepared unpack = Builtins.sformat( - "cd %1 && tar xvf %2", - Ops.get_string(Support.log_files, "tmp_dir", ""), - Ops.get_string(Support.log_files, "tarball", "") + "cd %1 && /usr/bin/tar xvf %2", + Ops.get_string(Support.log_files, "tmp_dir", "").shellescape, + Ops.get_string(Support.log_files, "tarball", "").shellescape ) + result = SCR.Execute(path(".target.bash_output"), unpack) Builtins.y2milestone( "unpack %1", - SCR.Execute(path(".target.bash_output"), unpack) - ) + result + ) # break; end Builtins.y2milestone("data_prepared %1", data_prepared) Builtins.y2milestone("Support::log_files %1", Support.log_files) command = Builtins.sformat( - "supportconfig %1 -f %2", - Support.GetParameterList, - Ops.get_string(Support.log_files, "tmp_dir", "") + "/sbin/supportconfig %1 -f %2", + Support.GetParameterList, # cannot escape as it is list of params + Ops.get_string(Support.log_files, "tmp_dir", "").shellescape ) if Convert.to_boolean(UI.QueryWidget(:upload, :Value)) url2 = Convert.to_string(UI.QueryWidget(:url, :Value)) if Ops.greater_than(Builtins.size(url2), 0) #{ - command = Builtins.sformat("%1 -u -U '%2'", command, url2) - end + command = Builtins.sformat("%1 -u -U %2", command, url2.shellescape) + end # } end if Support.WhoAmI != 0 @@ -311,8 +303,8 @@ Ops.add(Support.root_pw, "\n") ) command = Builtins.sformat( - "cat %2 | su -c '%1'", - command, + "/usr/bin/cat %2 | /usr/bin/su -c %1", + command.shellescape, Support.pwd_file ) end @@ -842,10 +834,10 @@ "novell.com" ) ? "-q" : "" cmd = Builtins.sformat( - "supportconfig %1 %2 -t %3", + "/sbin/supportconfig %1 %2 -t %3", Support.GetParameterList, uuid_param, - Ops.get_string(Support.log_files, "tmp_dir", "") + Ops.get_string(Support.log_files, "tmp_dir", "").shellescape ) if Support.WhoAmI != 0 return :back if !Support.AskForRootPwd @@ -901,13 +893,11 @@ def FilesDialog caption = _("Collected Data Review") # FIXME use list of generated files, as well as directory prefix - output = Convert.to_map( - SCR.Execute( - path(".target.bash_output"), - Builtins.sformat( - "ls -t %1|grep nts|head -n1|tr -d '\n'", - Ops.get_string(Support.log_files, "tmp_dir", "") - ) + output = SCR.Execute( + path(".target.bash_output"), + Builtins.sformat( + "/usr/bin/ls -t %1 | /usr/bin/grep nts | /usr/bin/head -n1 | /usr/bin/tr -d '\n'", + Ops.get_string(Support.log_files, "tmp_dir", "").shellescape ) ) Builtins.y2milestone("output %1", output) @@ -928,7 +918,7 @@ output = Convert.to_map( SCR.Execute( path(".target.bash_output"), - Builtins.sformat("ls %1", full_log_path) + "/usr/bin/ls #{full_log_path.shellescape}" ) ) if Ops.get_integer(output, "exit", -1) != 0 @@ -1000,10 +990,11 @@ ) ret = :filelist # FIXME uncomment, following line not tested - Builtins.y2milestone("removing %1%2", full_log_path, file) + path = File.join(full_log_path, file) + Builtins.y2milestone("removing #{path}") SCR.Execute( path(".target.bash"), - Builtins.sformat("/bin/rm %1%2", full_log_path, file) + "/bin/rm #{path.shellescape}" ) end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-support-4.0.1/src/modules/Support.rb new/yast2-support-4.1.0/src/modules/Support.rb --- old/yast2-support-4.0.1/src/modules/Support.rb 2018-09-05 15:20:13.000000000 +0200 +++ new/yast2-support-4.1.0/src/modules/Support.rb 2018-12-20 10:46:21.000000000 +0100 @@ -30,6 +30,9 @@ # Input and output routines. require "yast" +require "shellwords" +require "fileutils" + module Yast class SupportClass < Module include Yast::Logger @@ -97,21 +100,16 @@ end SCR.Execute( path(".target.bash"), - Builtins.sformat("test -e %1 || touch %1", @pwd_file) - ) - SCR.Execute( - path(".target.bash"), - Builtins.sformat("chmod 600 %1", @pwd_file) + Builtins.sformat("/usr/bin/test -e %1 || /usr/bin/touch %1", @pwd_file.shellescape) ) + ::FileUtils.chmod(0o600, @pwd_file) SCR.Write(path(".target.string"), @pwd_file, Ops.add(pw, "\n")) - exit = Convert.to_integer( - SCR.Execute( - path(".target.bash"), - Builtins.sformat("cat %1 | su -c 'echo 0'", @pwd_file) - ) + exitcode = SCR.Execute( + path(".target.bash"), + "/usr/bin/cat #{@pwd_file.shellescape} | /usr/bin/su -c '/usr/bin/echo 0'" ) SCR.Write(path(".target.string"), @pwd_file, "") - success = exit == 0 + success = exitcode == 0 Builtins.y2milestone("Root password check: %1", success) @root_pw = pw if success success
