Hello community, here is the log from the commit of package system-config-printer for openSUSE:12.1:Update:Test checked in at 2011-12-08 17:38:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/system-config-printer (Old) and /work/SRC/openSUSE:12.1:Update:Test/.system-config-printer.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "system-config-printer", Maintainer is "gnome-maintainers@suse.de" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/system-config-printer/system-config-printer.changes 2011-12-07 19:18:31.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.system-config-printer.new/system-config-printer.changes 2011-12-08 17:38:02.000000000 +0100 @@ -1,0 +2,6 @@ +Thu Dec 8 09:54:03 UTC 2011 - vuntz@opensuse.org + +- Add system-config-printer-subprocess-no-shell.patch: avoid + escaping issues when running commands. Fix bnc#735322. + +------------------------------------------------------------------- New: ---- system-config-printer-subprocess-no-shell.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ system-config-printer.spec ++++++ --- /var/tmp/diff_new_pack.G0JFED/_old 2011-12-08 17:38:02.000000000 +0100 +++ /var/tmp/diff_new_pack.G0JFED/_new 2011-12-08 17:38:02.000000000 +0100 @@ -30,6 +30,8 @@ Patch13: system-config-printer-icon-brp-friendly.patch # PATCH-FIX-OPENSUSE system-config-printer-no-openprinting.patch bnc#733542 vuntz@opensuse.org -- Disable feature that downloads ppd from openprinting.org Patch19: system-config-printer-no-openprinting.patch +# PATCH-FIX-UPSTREAM system-config-printer-subprocess-no-shell.patch bnc#735322 vuntz@opensuse.org -- Always use sequences for subprocess to avoid escaping issues; sent upstream by mail +Patch20: system-config-printer-subprocess-no-shell.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Obsoletes: gnome-cups-manager <= 0.33 BuildRequires: cups-devel @@ -149,6 +151,7 @@ %setup -q %patch13 -p1 %patch19 -p1 +%patch20 -p1 %build %configure \ ++++++ system-config-printer-subprocess-no-shell.patch ++++++
From 08dac9a6bc423166ee5593b56aa29a51c0b61584 Mon Sep 17 00:00:00 2001 From: Vincent Untz
Date: Thu, 8 Dec 2011 10:24:24 +0100 Subject: [PATCH] Always use a sequence as args for timedops.TimedSubprocess()
This helps make sure there is never an issue where we forget to escape a string. See https://bugzilla.novell.com/show_bug.cgi?id=735322 --- newprinter.py | 31 +++++++++++++++---------------- troubleshoot/CheckPrinterSanity.py | 19 +++++++++++-------- troubleshoot/CheckSELinux.py | 8 +++++--- troubleshoot/CheckUSBPermissions.py | 12 +++++++----- troubleshoot/VerifyPackages.py | 7 +++++-- 5 files changed, 43 insertions(+), 34 deletions(-) diff --git a/newprinter.py b/newprinter.py index 75ebbc7..aa4ad56 100644 --- a/newprinter.py +++ b/newprinter.py @@ -1425,11 +1425,13 @@ class NewPrinterGUI(GtkGUI): self.add_devices (devices, current_uri, no_more=True) def get_hpfax_device_id(self, faxuri): - os.environ["URI"] = faxuri - cmd = 'LC_ALL=C DISPLAY= hp-info -x -i -d"${URI}"' - debugprint (faxuri + ": " + cmd) + new_environ = os.environ.copy() + new_environ['LC_ALL'] = "C" + new_environ['DISPLAY'] = "" + args = ["hp-info", "-x", "-i", "-d" + faxuri] + debugprint (faxuri + ": " + args) try: - p = subprocess.Popen (cmd, shell=True, close_fds=True, + p = subprocess.Popen (args, env=new_environ, close_fds=True, stdin=file("/dev/null"), stdout=subprocess.PIPE, stderr=subprocess.PIPE) @@ -1456,11 +1458,10 @@ class NewPrinterGUI(GtkGUI): return 'MFG:HP;MDL:Fax;DES:HP Fax;' def get_hplip_scan_type_for_uri(self, uri): - os.environ["URI"] = uri - cmd = 'hp-query -k scan-type -d "${URI}"' - debugprint (uri + ": " + cmd) + args = ["hp-query", "-k", "scan-type", "-d", uri] + debugprint (uri + ": " + args) try: - p = subprocess.Popen (cmd, shell=True, close_fds=True, + p = subprocess.Popen (args, close_fds=True, stdin=file("/dev/null"), stdout=subprocess.PIPE, stderr=subprocess.PIPE) @@ -1483,15 +1484,14 @@ class NewPrinterGUI(GtkGUI): return value def get_hplip_uri_for_network_printer(self, host, mode): - os.environ["HOST"] = host if mode == "print": mod = "-c" elif mode == "fax": mod = "-f" else: mod = "-c" - cmd = 'hp-makeuri ' + mod + ' "${HOST}"' - debugprint (host + ": " + cmd) + args = ["hp-makeuri", mod, host] + debugprint (host + ": " + args) uri = None try: - p = subprocess.Popen (cmd, shell=True, close_fds=True, + p = subprocess.Popen (args, close_fds=True, stdin=file("/dev/null"), stdout=subprocess.PIPE, stderr=subprocess.PIPE) @@ -1527,12 +1527,11 @@ class NewPrinterGUI(GtkGUI): host = device.uri[s:s+e] # Try to get make and model via SNMP if host: - os.environ["HOST"] = host - cmd = '/usr/lib/cups/backend/snmp "${HOST}"' - debugprint (host + ": " + cmd) + args = ["/usr/lib/cups/backend/snmp", host] + debugprint (host + ": " + args) stdout = None try: - p = subprocess.Popen (cmd, shell=True, close_fds=True, + p = subprocess.Popen (args, close_fds=True, stdin=file("/dev/null"), stdout=subprocess.PIPE, stderr=subprocess.PIPE) diff --git a/troubleshoot/CheckPrinterSanity.py b/troubleshoot/CheckPrinterSanity.py index de0a6c3..226e972 100644 --- a/troubleshoot/CheckPrinterSanity.py +++ b/troubleshoot/CheckPrinterSanity.py @@ -81,16 +81,17 @@ class CheckPrinterSanity(Question): elif scheme == "smb": u = smburi.SMBURI (uri) (group, host, share, user, password) = u.separate () - os.environ['HOST'] = host + new_environ = os.environ.copy() + new_environ['LC_ALL'] = "C" if group: - os.environ['GROUP'] = group - cmdline = 'LC_ALL=C nmblookup -W "$GROUP" "$HOST"' + args = ["nmblookup", "-W", group, host] else: - cmdline = 'LC_ALL=C nmblookup "$HOST"' + args = ["nmblookup", host] try: p = TimedSubprocess (parent=parent, timeout=5000, - args=cmdline, shell=True, + args=args, + env=new_environ, close_fds=True, stdin=file("/dev/null"), stdout=subprocess.PIPE, @@ -110,13 +111,15 @@ class CheckPrinterSanity(Question): # Problem executing command. pass elif scheme == "hp": - os.environ['URI'] = uri + new_environ = os.environ.copy() + new_environ['LC_ALL'] = "C" + new_environ['DISPLAY'] = "" try: p = TimedSubprocess (parent=parent, timeout=3000, - args='LC_ALL=C DISPLAY= hp-info -d"$URI"', + args=["hp-info", "-d" + uri, close_fds=True, - shell=True, + env=new_environ, stdin=file("/dev/null"), stdout=subprocess.PIPE, stderr=subprocess.PIPE) diff --git a/troubleshoot/CheckSELinux.py b/troubleshoot/CheckSELinux.py index 4fae324..1e99358 100644 --- a/troubleshoot/CheckSELinux.py +++ b/troubleshoot/CheckSELinux.py @@ -45,17 +45,19 @@ class CheckSELinux(Question): if not selinux.is_selinux_enabled(): return False - paths = "/etc/cups/ /usr/lib/cups/ /usr/share/cups/" + paths = ["/etc/cups/", "/usr/lib/cups/", "/usr/share/cups/"] null = file ("/dev/null", "r+") parent = self.troubleshooter.get_window () contexts = {} - restorecon_args = "LC_ALL=C " + RESTORECON + " -nvR " + paths + new_environ = os.environ.copy() + new_environ['LC_ALL'] = "C" + restorecon_args = [RESTORECON, "-nvR"].extend(paths) try: # Run restorecon -nvR self.op = TimedSubprocess (parent=parent, args=restorecon_args, close_fds=True, - shell=True, + env=new_environ, stdin=null, stdout=subprocess.PIPE, stderr=null) diff --git a/troubleshoot/CheckUSBPermissions.py b/troubleshoot/CheckUSBPermissions.py index 33c903a..9d11be3 100644 --- a/troubleshoot/CheckUSBPermissions.py +++ b/troubleshoot/CheckUSBPermissions.py @@ -57,13 +57,16 @@ class CheckUSBPermissions(Question): if not os.access (GETFACL, os.X_OK): return False + new_environ = os.environ.copy() + new_environ['LC_ALL'] = "C" + # Run lsusb parent = self.troubleshooter.get_window () try: self.op = TimedSubprocess (parent=parent, - args="LC_ALL=C " + LSUSB + " -v", + args=[LSUSB, "-v"], close_fds=True, - shell=True, + env=new_environ, stdin=file("/dev/null"), stdout=subprocess.PIPE, stderr=subprocess.PIPE) @@ -141,10 +144,9 @@ class CheckUSBPermissions(Question): for path in paths: try: self.op = TimedSubprocess (parent=parent, - args="LC_ALL=C %s %s" % (GETFACL, - path), + args=[GETFACL, path], close_fds=True, - shell=True, + env=new_environ, stdin=file("/dev/null"), stdout=subprocess.PIPE, stderr=subprocess.PIPE) diff --git a/troubleshoot/VerifyPackages.py b/troubleshoot/VerifyPackages.py index f4ded8c..cf60bee0 100644 --- a/troubleshoot/VerifyPackages.py +++ b/troubleshoot/VerifyPackages.py @@ -46,13 +46,16 @@ class VerifyPackages(Question): null = file ("/dev/null", "r+") parent = self.troubleshooter.get_window () + new_environ = os.environ.copy() + new_environ['LC_ALL'] = "C" + for package in packages: - verification_args = "LC_ALL=C " + package_manager + " -V " + package + verification_args = [package_manager, "-V", package] try: self.op = TimedSubprocess (parent=parent, args=verification_args, close_fds=True, - shell=True, + env=new_environ, stdin=null, stdout=subprocess.PIPE, stderr=null) -- 1.7.7.3 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org