Hello community, here is the log from the commit of package hawk for openSUSE:Factory checked in at 2012-02-24 12:05:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hawk (Old) and /work/SRC/openSUSE:Factory/.hawk.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hawk", Maintainer is "tser...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/hawk/hawk.changes 2012-02-16 12:22:49.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.hawk.new/hawk.changes 2012-02-24 12:05:02.000000000 +0100 @@ -1,0 +2,9 @@ +Fri Feb 24 06:56:18 UTC 2012 - tser...@suse.com + +- Build: Actually die if "rake makemo" fails +- Misc: Remove obsolete .hu msgids +- Misc: Workaround deprecated Gem.all_load_paths error +- Misc: Suppress ror-sec-scanner false positives +- Upstream version cs:5957498b0c95 + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hawk-0.5.1.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/.hg_archival.txt new/hawk-0.5.1/.hg_archival.txt --- old/hawk-0.5.1/.hg_archival.txt 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/.hg_archival.txt 2012-02-24 07:54:22.000000000 +0100 @@ -1,5 +1,5 @@ repo: 53225c8fc9056b3c31743a53a67c6a0e19c4dfd2 -node: a5fdb745d8e929e4c3de4b7cc97ace30f9253c3e +node: 5957498b0c95fd11653f56631f8e81105d40183d branch: default latesttag: hawk-0.5.1 -latesttagdistance: 15 +latesttagdistance: 28 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/Makefile new/hawk-0.5.1/Makefile --- old/hawk-0.5.1/Makefile 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/Makefile 2012-02-24 07:54:22.000000000 +0100 @@ -62,7 +62,7 @@ SBINDIR = /usr/sbin all: scripts/hawk.$(INIT_STYLE) hawk/config/lighttpd.conf tools/hawk_chkpwd tools/hawk_monitor tools/hawk_invoke - (cd hawk; rake makemo; rake freeze:rails; rake freeze:gems) + (cd hawk; rake makemo && rake freeze:rails && rake freeze:gems) %:: %.in sed \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/doc/TODO new/hawk-0.5.1/doc/TODO --- old/hawk-0.5.1/doc/TODO 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/doc/TODO 2012-02-24 07:54:22.000000000 +0100 @@ -12,11 +12,27 @@ * rsc_ticket support * cibsecret support * new style constraints (rsc_*)? +* Support all operations on shadow CIBs. == Core/General == -* Use PerRequestCache in more places if/when possible. +=== Must === + +* Failed stop with STONITH disabled, resulting in "Started $node (unmanaged) + FAILED" in crm_mon, is erroneously reported as stopped resource in Hawk + (although the failed stop error is shown). +* "crm node fence ..." -- hawk shows node being fenced as online, whereas + crm_mon shows it as unclean. +* Add ability to edit rsc_defaults, op_defaults. + +=== Should & Could (in no particular order) === + +* Replace popen3, safe_x, invoker etc. as much as possible with + David Majda's command.rb +* Use PerRequestCache in more places if/when possible (e.g.: CrmConfig::load_meta, + but that whole crm_config thing really needs a rewrite inline with how the + other CibObject children work). * All instances of jQuery.get() need to be replaced with .ajax() so we can handle errors properly (e.g.: 500 when disk is full running hb_report etc.) * rescue_from with redirect in ApplicationController is probably a bit fragile @@ -25,11 +41,6 @@ * Modal dialogs should probably be made moveable (and *maybe* resizable) * Syntax highlighting for ascii text (crm config, logs in explorer, etc.) * Online help tied to SLE HA manual (on SLES, at least). -* Failed stop with STONITH disabled, resulting in "Started $node (unmanaged) - FAILED" in crm_mon, is erroneously reported as stopped resource in Hawk - (although the failed stop error is shown). -* "crm node fence ..." -- hawk shows node being fenced as online, whereas - crm_mon shows it as unclean. * Need to verify/match op interval when ignoring ops * Translate simple errors from crm (bnc#713917) ** Already did permission denied, but need to check what other simple failures @@ -53,14 +64,13 @@ configured it to run as an LSB resource inside the cluster - not intended to run that way, but...) * Doesn't work with SELinux enforcing (does work with permissive) -* Verify do_or_die in lib/tasks really does do or die. +* Verify do_or_die in lib/tasks really does do or die (I don't think they die). * RAILS_DEFAULT_LOGGER deprecated * Move logfiles to /var/log/hawk ** See also http://www.slideshare.net/lennartkoopmann/managing-the-logs-of-your-rails-applications-arrrrcamp-2011 * Nasty permission denied error if bob enables ACLs * Warn if config changed out from under you while saving? (In all cases, editing resources, crm_config, ...) -* Add ability to edit rsc_defaults, op_defaults. * Need real field validation on all fields. * DC etc. not present in footer on all pages except main status page. * Style/theme need fine-tuning/cleaning (dialog titles, buttons etc. rather @@ -68,15 +78,15 @@ * need to cancel running refresh for node details dialog ** actually, need to be able to cancel initial load for any dialog. crap. this is getting kind of messy. -* look for redundant "foo.select.map" * Clean up error display from all crm* invocations (can be smooshed onto one long error line, which is a bit ugly to read). -* Support all operations on shadow CIBs. * remove current_user from cib.rb * use clearTimeout(?) to hose anything set with setTimeout to avoid duplicate requests (should never happen, but might if you run e.g.: update_cib() from firebug). * look at memory usage; hawk running under mongrel eventually goes OOM +* Integrate doc/sessions_controller-cleanup.patch, once we verify that + Shellwords::escape is kosher. == UI Controls == @@ -94,12 +104,12 @@ * Button to refresh current view up to "now" * Cache list might still apepar if you come back to the history page during generation (*sigh*) -* Ability to delete cached reports? +* Ability to delete cached reports (bnc#723338) * Move to tmp directory in hawk, not /tmp? (May not work if not all nodes have Hawk). * "Another 'crm history' is running" thing works (node recent events?), but there's a flash of both "us" and "them" during update. -* May want verbosity increase on detail link +* May want verbosity increase on detail link (bnc#723418) * Really want details to show with selected line highligted, and "fixed" position so it floats down the page (positioning is horribly annoying :-/) * If doing a time period the ends *after* now, need to regenerate each time @@ -109,11 +119,14 @@ == GUI: Simulator == +* Why is the simulator requesting a refresh of "sim:in" or "sim:out" every 15 + seconds? (Well, it's so that the status accurately reflects underlyling + cluster state, but can't we hook this through the long poll somehow?) * Auto-fill of interval when injecting ops just grabs the first one (would be nice to drop-down with interval and more info about which one it was, e.g.: role or OCF_CHECK_LEVEL) * Purports to run even if server dead (i.e.: Run button results in alleged - final state being shown). + final state being shown), see also bnc#723125. * Inject a failed start (e.g.: start:0 c2:0 unknown node-0), gives tooltip "null failed on node-0 (rc=1)", similar in error bar (operation=). So the name of the failed op isnt' being picked up somehow. Actually, it's not @@ -132,7 +145,6 @@ * Add ability for templates to call non-crm commands, e.g.: mkdir on all nodes, and deploy custom configuration files, e.g. httpd.conf (see bnc#710959) -* make apache template work out-of-the-box if possible (see bnc#710959) * ability to have optional steps * list of steps on LHS? @@ -157,7 +169,7 @@ == GUI: status == -* ESC key kills update request, leading to wiping out status! +* ESC key kills update request, leading to wiping out status (on firefox) * unclear how update request interacts with simulator! * Need update to jQuery 1.4.3+ to fix jquery bug #6498 when request timed out on IE7. @@ -234,22 +246,23 @@ == GUI: Constraint Editor == +* See what we can do about making resource templates appear and disappear from + constraint dropdowns depending on what's actually valid. +** Or not -- it might strictly be best to leave this up to crm_verify etc., and + just clean up the error messaging. * https://node-1:7630/cib/live/colocations/fs-then-ctdb/edit picks up an *order* constraint (even though it's actually a colocation) * Need confirmation on delete. -* constraint icon would be better as a little chain, really * Should pre-fill ID field (you generally don't care what it is) ** Probably leave it disabled and just fill based on rsc id -* Offer +/-inf scores +* Offer +/-inf scores (combo box) * Text to describe arrows (will be placed with, will start after) == GUI: Resource Editor == * Primitive editor probably invokes Primitive.types etc. multiple times - which might be causing hideous slowness -* Might be good to have "create another resource" after creation (actually - might be an argument for sidebar selector for status/resource editor/...) + which might be causing hideous slowness (use PerRequestCache) * Create resource, click "Back" - saw "any changes will be lost"? * Intervals must have no freaky characters - add regex verify for attrlist? * op editor shows timeout=20 where there is no timeout specified (still true?) @@ -262,8 +275,8 @@ * Can't edit clone/ms child, group members, order of group members * can't specify arbitrary meta attributes (want combo box) ** e.g.: OCF_CHECK_LEVEL (important) -* For ops, need to hit "+" before modifying timings - consider maybe having - the op auto-add itself when selected, rather than having to hit "+"? +* For ops, need to hit "+" before modifying timings - consider having the op + auto-add itself when selected, rather than having to hit "+"? (bnc#740539) * can't specify arbitrary params * Can't specify resource utilization * Highlight when a setting is different than default diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/doc/notes.txt new/hawk-0.5.1/doc/notes.txt --- old/hawk-0.5.1/doc/notes.txt 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/doc/notes.txt 2012-02-24 07:54:22.000000000 +0100 @@ -27,6 +27,13 @@ == Hacking == +=== @attributes in CibObject subclasses === + +See e.g.: clone.rb. Set @attributes in your subclass to the list +of attributes you want users to be able to edit. Anything in that +list is subject to mass assignment via CibObject::set_attributes. +Nothing outside that list will be set by mass assignment. + === New MVC (e.g.: for Constraints) === ---------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/doc/sessions_controller-cleanup.patch new/hawk-0.5.1/doc/sessions_controller-cleanup.patch --- old/hawk-0.5.1/doc/sessions_controller-cleanup.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/hawk-0.5.1/doc/sessions_controller-cleanup.patch 2012-02-24 07:54:22.000000000 +0100 @@ -0,0 +1,90 @@ +changeset: 612:a233e73886e7 +tag: tip +user: Tim Serong <tser...@suse.com> +date: Mon Feb 20 15:34:21 2012 +1100 +summary: Misc: Clean up SessionsController::create + +This makes control flow in SessionsController::create cleaner, and +allows single quotes and other oddball characters in the username +(the single quoted string is replaced by Shellwords::escape), but +there's a rumour Shellwords::escape misses some meta characters +(see bnc#745611), so we have to verify that before applying this +patch. + +diff -r ffab406528ed -r a233e73886e7 hawk/app/controllers/sessions_controller.rb +--- a/hawk/app/controllers/sessions_controller.rb Mon Feb 13 22:13:33 2012 +1100 ++++ b/hawk/app/controllers/sessions_controller.rb Mon Feb 20 15:34:21 2012 +1100 +@@ -28,6 +28,8 @@ + # + #====================================================================== + ++require 'shellwords' ++ + class SessionsController < ApplicationController + layout 'main' + +@@ -48,36 +50,36 @@ class SessionsController < ApplicationCo + # called from login screen + HAWK_CHKPWD = '/usr/sbin/hawk_chkpwd' + def create +- if params[:username].blank? ++ # Probably overly paranoid ensurance that we've got actual strings, ++ # and not some weird hash or something. ++ username = params[:username].to_s ++ password = params[:password].to_s ++ if username.blank? + flash[:warning] = _('Username not specified') +- redirect_to :action => 'new' +- elsif params[:username].include?("'") || params[:username].include?("$") +- # No ' or $ characters, because this is going to the shell +- flash[:warning] = _('Invalid username') +- redirect_to :action => 'new' +- elsif params[:password].blank? ++ redirect_to :action => 'new' and return ++ end ++ if password.blank? + flash[:warning] = _('Password not specified') +- redirect_to :action => 'new', :username => params[:username] ++ redirect_to :action => 'new', :username => username and return ++ end ++ unless File.exists?(HAWK_CHKPWD) && File.executable?(HAWK_CHKPWD) ++ flash[:warning] = _('%s is not installed') % HAWK_CHKPWD ++ redirect_to :action => 'new', :username => username and return ++ end ++ # RORSCAN_INL: popen call is safe, Shellwords.escape() is safe. ++ IO.popen("#{HAWK_CHKPWD} passwd #{Shellwords.escape(username)}", 'w+') do |pipe| ++ pipe.write password ++ pipe.close_write ++ end ++ if $?.exitstatus == 0 ++ # The user can log in, and they're in our required group ++ reset_session ++ session[:username] = username ++ redirect_back_or_default root_url + else +- if File.exists?(HAWK_CHKPWD) && File.executable?(HAWK_CHKPWD) +- IO.popen("#{HAWK_CHKPWD} passwd '#{params[:username]}'", 'w+') do |pipe| +- pipe.write params[:password] +- pipe.close_write +- end +- if $?.exitstatus == 0 +- # The user can log in, and they're in our required group +- reset_session +- session[:username] = params[:username] +- redirect_back_or_default root_url +- else +- # No dice... +- flash[:warning] = _('Invalid username or password') +- redirect_to :action => 'new', :username => params[:username] +- end +- else +- flash[:warning] = _('%s is not installed') % HAWK_CHKPWD +- redirect_to :action => 'new', :username => params[:username] +- end ++ # No dice... ++ flash[:warning] = _('Invalid username or password') ++ redirect_to :action => 'new', :username => username + end + end + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/application_controller.rb new/hawk-0.5.1/hawk/app/controllers/application_controller.rb --- old/hawk-0.5.1/hawk/app/controllers/application_controller.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/app/controllers/application_controller.rb 2012-02-24 07:54:22.000000000 +0100 @@ -38,7 +38,7 @@ protect_from_forgery # See ActionController::RequestForgeryProtection for details # Scrub sensitive parameters from your log - filter_parameter_logging :password + filter_parameter_logging :password # RORSCAN_ITL # Force back to status page if e.g.: cluster offline when trying to access # resources, etc. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/cib_controller.rb new/hawk-0.5.1/hawk/app/controllers/cib_controller.rb --- old/hawk-0.5.1/hawk/app/controllers/cib_controller.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/app/controllers/cib_controller.rb 2012-02-24 07:54:22.000000000 +0100 @@ -49,6 +49,8 @@ def show begin + # Not mass assignment (CWE-642) or improper access control (CWE-285) + # because Cib::initialize sanitizes params[:id], so RORSCAN_INL cib = Cib.new(params[:id], current_user, params[:debug] == 'file') rescue ArgumentError => e render :status => :not_found, :json => { :errors => [ e.message ] } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/clones_controller.rb new/hawk-0.5.1/hawk/app/controllers/clones_controller.rb --- old/hawk-0.5.1/hawk/app/controllers/clones_controller.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/app/controllers/clones_controller.rb 2012-02-24 07:54:22.000000000 +0100 @@ -39,7 +39,7 @@ # This is overkill - we actually only need the cib for its id, # and for getting a list of primitives and groups that can be # clone children when creating a new clone. - @cib = Cib.new params[:cib_id], current_user + @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass assignment) end def initialize @@ -59,7 +59,7 @@ redirect_to cib_resources_path return end - @res = Clone.new params[:clone] + @res = Clone.new params[:clone] # RORSCAN_ITL (mass ass. OK) if @res.save flash[:highlight] = _('Clone created successfully') redirect_to :action => 'edit', :id => @res.id @@ -69,7 +69,7 @@ end def edit - @res = Clone.find params[:id] + @res = Clone.find params[:id] # RORSCAN_ITL (authz via cibadmin) end def update @@ -81,8 +81,8 @@ redirect_to cib_resources_path return end - @res = Clone.find params[:id] - if @res.update_attributes(params[:clone]) + @res = Clone.find params[:id] # RORSCAN_ITL (authz via cibadmin) + if @res.update_attributes(params[:clone]) # RORSCAN_ITL (mass ass. OK) flash[:highlight] = _('Clone updated successfully') redirect_to :action => 'edit', :id => @res.id else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/colocations_controller.rb new/hawk-0.5.1/hawk/app/controllers/colocations_controller.rb --- old/hawk-0.5.1/hawk/app/controllers/colocations_controller.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/app/controllers/colocations_controller.rb 2012-02-24 07:54:22.000000000 +0100 @@ -35,7 +35,7 @@ before_filter :get_cib def get_cib - @cib = Cib.new params[:cib_id], current_user + @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass assignment) end def initialize @@ -55,7 +55,7 @@ return end normalize_resources!(params[:colocation]) - @col = Colocation.new params[:colocation] + @col = Colocation.new params[:colocation] # RORSCAN_ITL (mass ass. OK) if @col.save flash[:highlight] = _('Constraint created successfully') redirect_to :action => 'edit', :id => @col.id @@ -65,7 +65,7 @@ end def edit - @col = Colocation.find params[:id] + @col = Colocation.find params[:id] # RORSCAN_ITL (authz via cibadmin) end def update @@ -77,9 +77,9 @@ redirect_to cib_constraints_path return end - @col = Colocation.find params[:id] + @col = Colocation.find params[:id] # RORSCAN_ITL (authz via cibadmin) normalize_resources!(params[:colocation]) - if @col.update_attributes(params[:colocation]) + if @col.update_attributes(params[:colocation]) # RORSCAN_ITL (mass ass. OK) flash[:highlight] = _('Constraint updated successfully') redirect_to :action => 'edit', :id => @col.id else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/constraints_controller.rb new/hawk-0.5.1/hawk/app/controllers/constraints_controller.rb --- old/hawk-0.5.1/hawk/app/controllers/constraints_controller.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/app/controllers/constraints_controller.rb 2012-02-24 07:54:22.000000000 +0100 @@ -35,7 +35,7 @@ before_filter :get_cib def get_cib - @cib = Cib.new params[:cib_id], current_user + @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass assignment) end def initialize diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/crm_config_controller.rb new/hawk-0.5.1/hawk/app/controllers/crm_config_controller.rb --- old/hawk-0.5.1/hawk/app/controllers/crm_config_controller.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/app/controllers/crm_config_controller.rb 2012-02-24 07:54:22.000000000 +0100 @@ -36,7 +36,7 @@ before_filter :get_cib def get_cib - @cib = Cib.new params[:cib_id], current_user + @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass assignment) end def initialize @@ -63,7 +63,7 @@ # Strictly, this should give you "not found" if the # property set doesn't exist (right now it shows an # empty set) - @crm_config = @cib.find_crm_config(params[:id]) + @crm_config = @cib.find_crm_config(params[:id]) # RORSCAN_ITL (authz via cibadmin) end def show @@ -104,7 +104,7 @@ # might be a bit unsafe. # - current_config = @cib.find_crm_config(params[:id]) + current_config = @cib.find_crm_config(params[:id]) # RORSCAN_ITL (authz via cibadmin) # Want to delete properties that currently exist, aren't readonly # or advanced (invisible in editor), and aren't in the list of @@ -159,6 +159,7 @@ # When this is fixed, config/routes.rb needs to be changed to match, as # does crm_config/edit.html.erb. def info + # RORSCAN_INL (authz via cibadmin) render :json => @cib.find_crm_config(params[:id]).all_types end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/groups_controller.rb new/hawk-0.5.1/hawk/app/controllers/groups_controller.rb --- old/hawk-0.5.1/hawk/app/controllers/groups_controller.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/app/controllers/groups_controller.rb 2012-02-24 07:54:22.000000000 +0100 @@ -39,7 +39,7 @@ # This is overkill - we actually only need the cib for its id, # and for getting a list of primitives that can be group # children when creating a new group. - @cib = Cib.new params[:cib_id], current_user + @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass assignment) end def initialize @@ -59,7 +59,7 @@ redirect_to cib_resources_path return end - @res = Group.new params[:group] + @res = Group.new params[:group] # RORSCAN_ITL (mass ass. OK) if @res.save flash[:highlight] = _('Group created successfully') redirect_to :action => 'edit', :id => @res.id @@ -69,7 +69,7 @@ end def edit - @res = Group.find params[:id] + @res = Group.find params[:id] # RORSCAN_ITL (authz via cibadmin) end def update @@ -81,8 +81,8 @@ redirect_to cib_resources_path return end - @res = Group.find params[:id] - if @res.update_attributes(params[:group]) + @res = Group.find params[:id] # RORSCAN_ITL (authz via cibadmin) + if @res.update_attributes(params[:group]) # RORSCAN_ITL (mass ass. OK) flash[:highlight] = _('Group updated successfully') redirect_to :action => 'edit', :id => @res.id else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/locations_controller.rb new/hawk-0.5.1/hawk/app/controllers/locations_controller.rb --- old/hawk-0.5.1/hawk/app/controllers/locations_controller.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/app/controllers/locations_controller.rb 2012-02-24 07:54:22.000000000 +0100 @@ -35,7 +35,7 @@ before_filter :get_cib def get_cib - @cib = Cib.new params[:cib_id], current_user + @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass assignment) end def initialize @@ -54,7 +54,7 @@ redirect_to cib_constraints_path return end - @loc = Location.new params[:location] + @loc = Location.new params[:location] # RORSCAN_ITL (mass ass. OK) if @loc.save flash[:highlight] = _('Constraint created successfully') redirect_to :action => 'edit', :id => @loc.id @@ -64,7 +64,7 @@ end def edit - @loc = Location.find params[:id] + @loc = Location.find params[:id] # RORSCAN_ITL (authz via cibadmin) end def update @@ -76,8 +76,8 @@ redirect_to cib_constraints_path return end - @loc = Location.find params[:id] - if @loc.update_attributes(params[:location]) + @loc = Location.find params[:id] # RORSCAN_ITL (authz via cibadmin) + if @loc.update_attributes(params[:location]) # RORSCAN_ITL (mass ass. OK) flash[:highlight] = _('Constraint updated successfully') redirect_to :action => 'edit', :id => @loc.id else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/masters_controller.rb new/hawk-0.5.1/hawk/app/controllers/masters_controller.rb --- old/hawk-0.5.1/hawk/app/controllers/masters_controller.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/app/controllers/masters_controller.rb 2012-02-24 07:54:22.000000000 +0100 @@ -39,7 +39,7 @@ # This is overkill - we actually only need the cib for its id, # and for getting a list of primitives and groups that can be # master children when creating a new master. - @cib = Cib.new params[:cib_id], current_user + @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass assignment) end def initialize @@ -59,7 +59,7 @@ redirect_to cib_resources_path return end - @res = Master.new params[:master] + @res = Master.new params[:master] # RORSCAN_ITL (mass ass. OK) if @res.save flash[:highlight] = _('Master/Slave created successfully') redirect_to :action => 'edit', :id => @res.id @@ -69,7 +69,7 @@ end def edit - @res = Master.find params[:id] + @res = Master.find params[:id] # RORSCAN_ITL (authz via cibadmin) end def update @@ -81,8 +81,8 @@ redirect_to cib_resources_path return end - @res = Master.find params[:id] - if @res.update_attributes(params[:master]) + @res = Master.find params[:id] # RORSCAN_ITL (authz via cibadmin) + if @res.update_attributes(params[:master]) # RORSCAN_ITL (mass ass. OK) flash[:highlight] = _('Master/Slave updated successfully') redirect_to :action => 'edit', :id => @res.id else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/nodes_controller.rb new/hawk-0.5.1/hawk/app/controllers/nodes_controller.rb --- old/hawk-0.5.1/hawk/app/controllers/nodes_controller.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/app/controllers/nodes_controller.rb 2012-02-24 07:54:22.000000000 +0100 @@ -37,7 +37,7 @@ before_filter :get_cib def get_cib - @cib = Cib.new params[:cib_id], current_user + @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass assignment) end def initialize @@ -45,7 +45,7 @@ end def show - @node = Node.find params[:id] + @node = Node.find params[:id] # RORSCAN_ITL (authz via cibadmin) end # Don't strictly need CIB for this... diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/orders_controller.rb new/hawk-0.5.1/hawk/app/controllers/orders_controller.rb --- old/hawk-0.5.1/hawk/app/controllers/orders_controller.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/app/controllers/orders_controller.rb 2012-02-24 07:54:22.000000000 +0100 @@ -35,7 +35,7 @@ before_filter :get_cib def get_cib - @cib = Cib.new params[:cib_id], current_user + @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass assignment) end def initialize @@ -56,7 +56,7 @@ end params[:order][:symmetrical] = params[:order][:symmetrical] == "true" ? true : false normalize_resources!(params[:order]) - @ord = Order.new params[:order] + @ord = Order.new params[:order] # RORSCAN_ITL (mass ass. OK) if @ord.save flash[:highlight] = _('Constraint created successfully') redirect_to :action => 'edit', :id => @ord.id @@ -66,7 +66,7 @@ end def edit - @ord = Order.find params[:id] + @ord = Order.find params[:id] # RORSCAN_ITL (authz via cibadmin) end def update @@ -78,10 +78,10 @@ redirect_to cib_constraints_path return end - @ord = Order.find params[:id] + @ord = Order.find params[:id] # RORSCAN_ITL (authz via cibadmin) params[:order][:symmetrical] = params[:order][:symmetrical] == "true" ? true : false normalize_resources!(params[:order]) - if @ord.update_attributes(params[:order]) + if @ord.update_attributes(params[:order]) # RORSCAN_ITL (mass ass. OK) flash[:highlight] = _('Constraint updated successfully') redirect_to :action => 'edit', :id => @ord.id else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/primitives_controller.rb new/hawk-0.5.1/hawk/app/controllers/primitives_controller.rb --- old/hawk-0.5.1/hawk/app/controllers/primitives_controller.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/app/controllers/primitives_controller.rb 2012-02-24 07:54:22.000000000 +0100 @@ -37,7 +37,7 @@ before_filter :get_cib def get_cib - @cib = Cib.new params[:cib_id], current_user + @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass assignment) end def initialize @@ -57,7 +57,7 @@ redirect_to cib_resources_path return end - @res = Primitive.new params[:primitive] + @res = Primitive.new params[:primitive] # RORSCAN_ITL (mass ass. OK) if @res.save flash[:highlight] = _('Resource created successfully') redirect_to :action => 'edit', :id => @res.id @@ -67,7 +67,7 @@ end def edit - @res = Primitive.find params[:id] + @res = Primitive.find params[:id] # RORSCAN_ITL (authz via cibadmin) end def update @@ -79,8 +79,8 @@ redirect_to cib_resources_path return end - @res = Primitive.find params[:id] - if @res.update_attributes(params[:primitive]) + @res = Primitive.find params[:id] # RORSCAN_ITL (authz via cibadmin) + if @res.update_attributes(params[:primitive]) # RORSCAN_ITL (mass ass. OK) flash[:highlight] = _('Resource updated successfully') redirect_to :action => 'edit', :id => @res.id else @@ -95,7 +95,7 @@ # resources, or more if there's depths etc.). def monitor_intervals intervals = [] - @res = Primitive.find params[:id] + @res = Primitive.find params[:id] # RORSCAN_ITL (authz via cibadmin) @res.ops["monitor"].each do |op| intervals << Util.crm_get_msec(op["interval"]) end if @res.ops.has_key?("monitor") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/app/controllers/templates_controller.rb new/hawk-0.5.1/hawk/app/controllers/templates_controller.rb --- old/hawk-0.5.1/hawk/app/controllers/templates_controller.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/app/controllers/templates_controller.rb 2012-02-24 07:54:22.000000000 +0100 @@ -39,7 +39,7 @@ before_filter :get_cib def get_cib - @cib = Cib.new params[:cib_id], current_user + @cib = Cib.new params[:cib_id], current_user # RORSCAN_ITL (not mass assignment) end def initialize @@ -61,7 +61,7 @@ redirect_to cib_resources_path return end - @res = Template.new params[:template] + @res = Template.new params[:template] # RORSCAN_ITL (mass ass. OK) if @res.save flash[:highlight] = _('Template created successfully') redirect_to :action => 'edit', :id => @res.id @@ -71,7 +71,7 @@ end def edit - @res = Template.find params[:id] + @res = Template.find params[:id] # RORSCAN_ITL (authz via cibadmin) render 'primitives/edit' end @@ -84,8 +84,8 @@ redirect_to cib_resources_path return end - @res = Template.find params[:id] - if @res.update_attributes(params[:template]) + @res = Template.find params[:id] # RORSCAN_ITL (authz via cibadmin) + if @res.update_attributes(params[:template]) # RORSCAN_ITL (mass ass. OK) flash[:highlight] = _('Template updated successfully') redirect_to :action => 'edit', :id => @res.id else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/config/boot.rb new/hawk-0.5.1/hawk/config/boot.rb --- old/hawk-0.5.1/hawk/config/boot.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/config/boot.rb 2012-02-24 07:54:22.000000000 +0100 @@ -62,6 +62,7 @@ gem 'rails' end rescue Gem::LoadError => load_error + # RORSCAN_INL (those aren't really backticks in this context) $stderr.puts %(Missing the Rails #{version} gem. Please `gem install -v=#{version} rails`, update your RAILS_GEM_VERSION setting in config/environment.rb for the Rails version you do have installed, or comment out RAILS_GEM_VERSION to use the latest version installed.) exit 1 end @@ -85,6 +86,7 @@ min_version = '1.3.1' require 'rubygems' unless rubygems_version >= min_version + # RORSCAN_INL (those aren't really backticks in this context) $stderr.puts %Q(Rails requires RubyGems >= #{min_version} (you have #{rubygems_version}). Please `gem update --system` and try again.) exit 1 end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/config/environment.rb new/hawk-0.5.1/hawk/config/environment.rb --- old/hawk-0.5.1/hawk/config/environment.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/config/environment.rb 2012-02-24 07:54:22.000000000 +0100 @@ -7,6 +7,18 @@ # Bootstrap the Rails environment, frameworks, and default configuration require File.join(File.dirname(__FILE__), 'boot') +# Evil hack to workaround https://github.com/rubygems/rubygems/issues/171 +# (see also hawk/lib/tasks/lang.rake) +begin + Gem.all_load_paths +rescue NoMethodError + module Gem + def self.all_load_paths + [] + end + end +end + Rails::Initializer.run do |config| # Settings in config/environments/* take precedence over those specified here. # Application configuration should go into files in config/initializers diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/config/initializers/session_store.rb new/hawk-0.5.1/hawk/config/initializers/session_store.rb --- old/hawk-0.5.1/hawk/config/initializers/session_store.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/config/initializers/session_store.rb 2012-02-24 07:54:22.000000000 +0100 @@ -5,9 +5,11 @@ # Your secret key for verifying cookie session data integrity. # Uses contents of $RAILS_ROOT/tmp/session_secret. Creates this # file with suitable random contents if it doesn't already exist. +# Note that ror-sec-scanner picks up secret assignment, but this +# is OK to ignore. ActionController::Base.session = { :key => '_hawk_session', - :secret => if File.exist?(SESSION_SECRET_FILE) + :secret => if File.exist?(SESSION_SECRET_FILE) # RORSCAN_ITL File.read(SESSION_SECRET_FILE) else # mkdir tmp here if it doesn't already exist (necessary when diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/lib/fcgi.rb new/hawk-0.5.1/hawk/lib/fcgi.rb --- old/hawk-0.5.1/hawk/lib/fcgi.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/lib/fcgi.rb 2012-02-24 07:54:22.000000000 +0100 @@ -589,6 +589,7 @@ def self::each_cgi(*args) require 'cgi' + # RORSCAN_INL eval(<<-EOS,TOPLEVEL_BINDING) class CGI public :env_table diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/lib/tasks/lang.rake new/hawk-0.5.1/hawk/lib/tasks/lang.rake --- old/hawk-0.5.1/hawk/lib/tasks/lang.rake 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/lib/tasks/lang.rake 2012-02-24 07:54:22.000000000 +0100 @@ -37,6 +37,17 @@ desc "Create mo-files" task :makemo do + # Evil hack to workaround https://github.com/rubygems/rubygems/issues/171 + # (see also hawk/config/environment.rb) + begin + Gem.all_load_paths + rescue NoMethodError + module Gem + def self.all_load_paths + [] + end + end + end require 'gettext_rails/tools' GetText.create_mofiles end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/lib/util.rb new/hawk-0.5.1/hawk/lib/util.rb --- old/hawk-0.5.1/hawk/lib/util.rb 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/lib/util.rb 2012-02-24 07:54:22.000000000 +0100 @@ -38,6 +38,7 @@ # else the process won't be complete when you try to get the # exit status. def popen3(*cmd) + raise SecurityError, "Util::popen3 called with < 2 args" if cmd.length < 2 pw = IO::pipe # pipe[0] for read, pipe[1] for write pr = IO::pipe pe = IO::pipe @@ -56,6 +57,7 @@ STDERR.reopen(pe[1]) pe[1].close + # RORSCAN_INL: cmd always has > 1 elem, so safe from shell injection exec(*cmd) } wait_thr = Process.detach(pid) @@ -83,6 +85,7 @@ # let it use a group-writable subdirectory of our tmp directory # so unprivileged users can actually invoke crm without warnings ENV['HOME'] = File.join(RAILS_ROOT, 'tmp', 'home') + # RORSCAN_INL: mutli-arg invocation safe from shell injection. pi = popen3('/usr/sbin/hawk_invoke', user, *cmd) if defined? yield begin @@ -100,6 +103,7 @@ # May block indefinitely if the command executed is expecting something # on STDIN (untested) def safe_x(*cmd) + raise SecurityError, "Util::safe_x called with < 2 args" if cmd.length < 2 pr = IO::pipe # pipe[0] for read, pipe[1] for write pe = IO::pipe pid = fork{ @@ -112,6 +116,7 @@ pe[0].close STDERR.reopen(pe[1]) pe[1].close + # RORSCAN_INL: cmd always has > 1 elem, so safe from shell injection exec(*cmd) } Process.wait diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-0.5.1/hawk/po/hu/hawk.po new/hawk-0.5.1/hawk/po/hu/hawk.po --- old/hawk-0.5.1/hawk/po/hu/hawk.po 2012-02-03 10:27:24.000000000 +0100 +++ new/hawk-0.5.1/hawk/po/hu/hawk.po 2012-02-24 07:54:22.000000000 +0100 @@ -1321,11 +1321,3 @@ msgid "Error invoking cibadmin --replace: %{msg}" msgstr "Hiba történt a cibadmin --replace meghívásakor: %{msg}" -#~ msgid "Cluster Stack:" -#~ msgstr "Fürt:" - -#~ msgid "Pacemaker Version:" -#~ msgstr "Pacemaker verzió:" - -#~ msgid "Current DC:" -#~ msgstr "Aktuális DC:" ++++++ require-rack-1.1.patch ++++++ --- /var/tmp/diff_new_pack.7VhCyu/_old 2012-02-24 12:05:03.000000000 +0100 +++ /var/tmp/diff_new_pack.7VhCyu/_new 2012-02-24 12:05:03.000000000 +0100 @@ -2,7 +2,7 @@ =================================================================== --- hawk/config/environment.rb.orig +++ hawk/config/environment.rb -@@ -24,7 +24,13 @@ Rails::Initializer.run do |config| +@@ -36,7 +36,13 @@ Rails::Initializer.run do |config| config.gem "locale_rails" config.gem "gettext" config.gem "gettext_rails" -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org