Hello community,
here is the log from the commit of package yast2-http-server for openSUSE:Factory checked in at 2018-12-31 09:43:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-http-server (Old)
and /work/SRC/openSUSE:Factory/.yast2-http-server.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-http-server"
Mon Dec 31 09:43:25 2018 rev:85 rq:657270 version:4.1.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-http-server/yast2-http-server.changes 2018-08-18 00:02:34.670802045 +0200
+++ /work/SRC/openSUSE:Factory/.yast2-http-server.new.28833/yast2-http-server.changes 2018-12-31 09:43:26.914361111 +0100
@@ -1,0 +2,23 @@
+Tue Dec 11 13:04:16 UTC 2018 - jreidinger@suse.com
+
+- always use absolute path to binaries (bsc#1118291)
+- properly escape shell arguments (bsc#1118291)
+- 4.1.3
+
+-------------------------------------------------------------------
+Sat Nov 24 22:02:56 UTC 2018 - Stasiek Michalski
+
+- Provide icon with module (boo#1109310)
+- 4.1.2
+
+-------------------------------------------------------------------
+Tue Oct 16 16:15:53 CEST 2018 - schubi@suse.de
+
+- Added license file to spec.
+
+-------------------------------------------------------------------
+Mon Aug 20 13:55:03 CEST 2018 - schubi@suse.de
+
+- Switched license in spec file from SPDX2 to SPDX3 format.
+
+-------------------------------------------------------------------
Old:
----
yast2-http-server-4.1.1.tar.bz2
New:
----
yast2-http-server-4.1.3.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-http-server.spec ++++++
--- /var/tmp/diff_new_pack.KWTl9i/_old 2018-12-31 09:43:27.330360771 +0100
+++ /var/tmp/diff_new_pack.KWTl9i/_new 2018-12-31 09:43:27.334360768 +0100
@@ -17,7 +17,7 @@
Name: yast2-http-server
-Version: 4.1.1
+Version: 4.1.3
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -49,7 +49,7 @@
Requires: yast2-ruby-bindings >= 1.0.0
Summary: YaST2 - HTTP Server Configuration
-License: GPL-2.0
+License: GPL-2.0-only
Group: System/YaST
%description
@@ -77,5 +77,7 @@
%{yast_scrconfdir}/*
%{yast_agentdir}/*
%doc %{yast_docdir}
+%{yast_icondir}
+%license COPYING
%changelog
++++++ yast2-http-server-4.1.1.tar.bz2 -> yast2-http-server-4.1.3.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-http-server-4.1.1/package/yast2-http-server.changes new/yast2-http-server-4.1.3/package/yast2-http-server.changes
--- old/yast2-http-server-4.1.1/package/yast2-http-server.changes 2018-08-15 08:57:46.000000000 +0200
+++ new/yast2-http-server-4.1.3/package/yast2-http-server.changes 2018-12-11 17:06:11.000000000 +0100
@@ -1,4 +1,27 @@
-------------------------------------------------------------------
+Tue Dec 11 13:04:16 UTC 2018 - jreidinger@suse.com
+
+- always use absolute path to binaries (bsc#1118291)
+- properly escape shell arguments (bsc#1118291)
+- 4.1.3
+
+-------------------------------------------------------------------
+Sat Nov 24 22:02:56 UTC 2018 - Stasiek Michalski
+
+- Provide icon with module (boo#1109310)
+- 4.1.2
+
+-------------------------------------------------------------------
+Tue Oct 16 16:15:53 CEST 2018 - schubi@suse.de
+
+- Added license file to spec.
+
+-------------------------------------------------------------------
+Mon Aug 20 13:55:03 CEST 2018 - schubi@suse.de
+
+- Switched license in spec file from SPDX2 to SPDX3 format.
+
+-------------------------------------------------------------------
Tue Aug 14 11:04:38 UTC 2018 - lslezak@suse.cz
- Fixed PHP support (use PHP7 instead of dropped PHP5)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-http-server-4.1.1/package/yast2-http-server.spec new/yast2-http-server-4.1.3/package/yast2-http-server.spec
--- old/yast2-http-server-4.1.1/package/yast2-http-server.spec 2018-08-15 08:57:46.000000000 +0200
+++ new/yast2-http-server-4.1.3/package/yast2-http-server.spec 2018-12-11 17:06:11.000000000 +0100
@@ -17,14 +17,14 @@
Name: yast2-http-server
-Version: 4.1.1
+Version: 4.1.3
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Source0: %{name}-%{version}.tar.bz2
Group: System/YaST
-License: GPL-2.0
+License: GPL-2.0-only
BuildRequires: yast2-network docbook-xsl-stylesheets doxygen libxslt perl-XML-Writer popt-devel sgml-skel update-desktop-files yast2-packagemanager-devel yast2-perl-bindings yast2-testsuite libzio
BuildRequires: yast2-devtools >= 3.1.10
# Yast2::ServiceWidget
@@ -65,3 +65,5 @@
%{yast_scrconfdir}/*
%{yast_agentdir}/*
%doc %{yast_docdir}
+%{yast_icondir}
+%license COPYING
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-http-server-4.1.1/src/Makefile.am new/yast2-http-server-4.1.3/src/Makefile.am
--- old/yast2-http-server-4.1.1/src/Makefile.am 2018-08-15 08:57:46.000000000 +0200
+++ new/yast2-http-server-4.1.3/src/Makefile.am 2018-12-11 17:06:11.000000000 +0100
@@ -40,6 +40,13 @@
desktop_DATA = \
desktop/http-server.desktop
-EXTRA_DIST = $(module_DATA) $(module1_DATA) $(module2_DATA) $(client_DATA) $(ynclude_DATA) $(scrconf_DATA) $(agent_SCRIPTS) $(schemafiles_DATA) $(desktop_DATA)
+symbolicdir = @icondir@/hicolor/symbolic/apps
+symbolic_DATA = \
+ icons/hicolor/symbolic/apps/yast-http-server-symbolic.svg
+scalabledir = @icondir@/hicolor/scalable/apps
+scalable_DATA = \
+ icons/hicolor/scalable/apps/yast-http-server.svg
-include $(top_srcdir)/Makefile.am.common
\ No newline at end of file
+EXTRA_DIST = $(module_DATA) $(module1_DATA) $(module2_DATA) $(client_DATA) $(ynclude_DATA) $(scrconf_DATA) $(agent_SCRIPTS) $(schemafiles_DATA) $(desktop_DATA) $(symbolic_DATA) $(scalable_DATA)
+
+include $(top_srcdir)/Makefile.am.common
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-http-server-4.1.1/src/icons/hicolor/scalable/apps/yast-http-server.svg new/yast2-http-server-4.1.3/src/icons/hicolor/scalable/apps/yast-http-server.svg
--- old/yast2-http-server-4.1.1/src/icons/hicolor/scalable/apps/yast-http-server.svg 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-http-server-4.1.3/src/icons/hicolor/scalable/apps/yast-http-server.svg 2018-12-11 17:06:11.000000000 +0100
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="128" height="128" version="1.1" viewBox="0 0 128 128.00001" xmlns="http://www.w3.org/2000/svg">
+<defs>
+<linearGradient id="a" x1="2" x2="30" y1="27" y2="27" gradientTransform="matrix(4,0,0,4,0,-4)" gradientUnits="userSpaceOnUse">
+<stop stop-color="#5e5c64" offset="0"/>
+<stop stop-color="#9a9996" offset=".035714"/>
+<stop stop-color="#5e5c64" offset=".071429"/>
+<stop stop-color="#5e5c64" offset=".92857"/>
+<stop stop-color="#9a9996" offset=".96429"/>
+<stop stop-color="#5e5c64" offset="1"/>
+</linearGradient>
+</defs>
+<rect x="8" y="24" width="112" height="24" ry="4" fill="#5e5c64"/>
+<rect x="8" y="48" width="112" height="24" ry="4" fill="#5e5c64"/>
+<rect x="8" y="72" width="112" height="24" ry="4.2348" fill="#5e5c64"/>
+<rect x="8" y="92" width="112" height="20" ry="4" fill="url(#a)"/>
+<rect x="8" y="12" width="112" height="20" ry="4" fill="#9a9996"/>
+<rect x="8" y="36" width="112" height="20" ry="4" fill="#9a9996"/>
+<rect x="8" y="60" width="112" height="20" ry="4" fill="#9a9996"/>
+<rect x="8" y="84" width="112" height="20" ry="4" fill="#9a9996"/>
+<rect x="56" y="16" width="60" height="12" ry="0" fill="#3d3846"/>
+<rect x="56" y="20" width="60" height="8" ry="0" fill="#5e5c64"/>
+<rect x="56" y="40" width="60" height="12" ry="0" fill="#3d3846"/>
+<rect x="56" y="44" width="60" height="8" ry="0" fill="#5e5c64"/>
+<rect x="56" y="64" width="60" height="12" ry="0" fill="#3d3846"/>
+<rect x="56" y="68" width="60" height="8" ry="0" fill="#5e5c64"/>
+<rect x="56" y="88" width="60" height="12" ry="0" fill="#3d3846"/>
+<rect x="56" y="92" width="60" height="8" ry="0" fill="#5e5c64"/>
+<rect x="16" y="16" width="4" height="8" ry="2" fill="#5e5c64"/>
+<rect x="16" y="20" width="4" height="4" ry="2" fill="#f6d32d"/>
+<rect x="24" y="16" width="4" height="8" ry="2" fill="#5e5c64"/>
+<rect x="24" y="20" width="4" height="4" ry="2" fill="#33d17a"/>
+<rect x="16" y="40" width="4" height="8" ry="2" fill="#5e5c64"/>
+<rect x="16" y="44" width="4" height="4" ry="2" fill="#33d17a"/>
+<rect x="24" y="40" width="4" height="8" ry="2" fill="#5e5c64"/>
+<rect x="24" y="44" width="4" height="4" ry="2" fill="#e01b24"/>
+<rect x="16" y="64" width="4" height="8" ry="2" fill="#5e5c64"/>
+<rect x="16" y="68" width="4" height="4" ry="2" fill="#e01b24"/>
+<rect x="24" y="64" width="4" height="8" ry="2" fill="#5e5c64"/>
+<rect x="24" y="68" width="4" height="4" ry="2" fill="#f6d32d"/>
+<rect x="16" y="88" width="4" height="8" ry="2" fill="#5e5c64"/>
+<rect x="16" y="92" width="4" height="4" ry="2" fill="#f6d32d"/>
+<rect x="24" y="88" width="4" height="8" ry="2" fill="#5e5c64"/>
+<rect x="24" y="92" width="4" height="4" ry="2" fill="#33d17a"/>
+<rect x="60" y="44" width="4" height="8" fill="#3d3846"/>
+<rect x="60" y="40" width="4" height="4" fill="#241f31"/>
+<rect x="68" y="44" width="4" height="8" fill="#3d3846"/>
+<rect x="68" y="40" width="4" height="4" fill="#241f31"/>
+<rect x="76" y="44" width="4" height="8" fill="#3d3846"/>
+<rect x="76" y="40" width="4" height="4" fill="#241f31"/>
+<rect x="84" y="44" width="4" height="8" fill="#3d3846"/>
+<rect x="84" y="40" width="4" height="4" fill="#241f31"/>
+<rect x="92" y="44" width="4" height="8" fill="#3d3846"/>
+<rect x="92" y="40" width="4" height="4" fill="#241f31"/>
+<rect x="100" y="44" width="4" height="8" fill="#3d3846"/>
+<rect x="100" y="40" width="4" height="4" fill="#241f31"/>
+<rect x="108" y="44" width="4" height="8" fill="#3d3846"/>
+<rect x="108" y="40" width="4" height="4" fill="#241f31"/>
+<rect x="60" y="20" width="4" height="8" fill="#3d3846"/>
+<rect x="60" y="16" width="4" height="4" fill="#241f31"/>
+<rect x="68" y="20" width="4" height="8" fill="#3d3846"/>
+<rect x="68" y="16" width="4" height="4" fill="#241f31"/>
+<rect x="76" y="20" width="4" height="8" fill="#3d3846"/>
+<rect x="76" y="16" width="4" height="4" fill="#241f31"/>
+<rect x="84" y="20" width="4" height="8" fill="#3d3846"/>
+<rect x="84" y="16" width="4" height="4" fill="#241f31"/>
+<rect x="92" y="20" width="4" height="8" fill="#3d3846"/>
+<rect x="92" y="16" width="4" height="4" fill="#241f31"/>
+<rect x="100" y="20" width="4" height="8" fill="#3d3846"/>
+<rect x="100" y="16" width="4" height="4" fill="#241f31"/>
+<rect x="108" y="20" width="4" height="8" fill="#3d3846"/>
+<rect x="108" y="16" width="4" height="4" fill="#241f31"/>
+<rect x="60" y="68" width="4" height="8" fill="#3d3846"/>
+<rect x="60" y="64" width="4" height="4" fill="#241f31"/>
+<rect x="68" y="68" width="4" height="8" fill="#3d3846"/>
+<rect x="68" y="64" width="4" height="4" fill="#241f31"/>
+<rect x="76" y="68" width="4" height="8" fill="#3d3846"/>
+<rect x="76" y="64" width="4" height="4" fill="#241f31"/>
+<rect x="84" y="68" width="4" height="8" fill="#3d3846"/>
+<rect x="84" y="64" width="4" height="4" fill="#241f31"/>
+<rect x="92" y="68" width="4" height="8" fill="#3d3846"/>
+<rect x="92" y="64" width="4" height="4" fill="#241f31"/>
+<rect x="100" y="68" width="4" height="8" fill="#3d3846"/>
+<rect x="100" y="64" width="4" height="4" fill="#241f31"/>
+<rect x="108" y="68" width="4" height="8" fill="#3d3846"/>
+<rect x="108" y="64" width="4" height="4" fill="#241f31"/>
+<rect x="60" y="92" width="4" height="8" fill="#3d3846"/>
+<rect x="60" y="88" width="4" height="4" fill="#241f31"/>
+<rect x="68" y="92" width="4" height="8" fill="#3d3846"/>
+<rect x="68" y="88" width="4" height="4" fill="#241f31"/>
+<rect x="76" y="92" width="4" height="8" fill="#3d3846"/>
+<rect x="76" y="88" width="4" height="4" fill="#241f31"/>
+<rect x="84" y="92" width="4" height="8" fill="#3d3846"/>
+<rect x="84" y="88" width="4" height="4" fill="#241f31"/>
+<rect x="92" y="92" width="4" height="8" fill="#3d3846"/>
+<rect x="92" y="88" width="4" height="4" fill="#241f31"/>
+<rect x="100" y="92" width="4" height="8" fill="#3d3846"/>
+<rect x="100" y="88" width="4" height="4" fill="#241f31"/>
+<rect x="108" y="92" width="4" height="8" fill="#3d3846"/>
+<rect x="108" y="88" width="4" height="4" fill="#241f31"/>
+</svg>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-http-server-4.1.1/src/icons/hicolor/symbolic/apps/yast-http-server-symbolic.svg new/yast2-http-server-4.1.3/src/icons/hicolor/symbolic/apps/yast-http-server-symbolic.svg
--- old/yast2-http-server-4.1.1/src/icons/hicolor/symbolic/apps/yast-http-server-symbolic.svg 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-http-server-4.1.3/src/icons/hicolor/symbolic/apps/yast-http-server-symbolic.svg 2018-12-11 17:06:11.000000000 +0100
@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16">
+ <path d="M 2 0 C 0.892 0 0 0.892 0 2 L 0 14 C 0 15.108 0.892 16 2 16 L 10 16 L 10 14 L 2 14 L 2 11 L 10 11 L 10 10 L 2 10 L 2 8 L 14 8 L 14 10 L 16 10 L 16 2 C 16 0.892 15.108 0 14 0 L 2 0 z M 2 2 L 14 2 L 14 4 L 2 4 L 2 2 z M 2 5 L 14 5 L 14 7 L 2 7 L 2 5 z M 11 11 L 11 16 L 16 16 L 16 11 L 11 11 z M 3.5 12 C 3.223 12 3 12.223 3 12.5 C 3 12.777 3.223 13 3.5 13 C 3.777 13 4 12.777 4 12.5 C 4 12.223 3.777 12 3.5 12 z M 5.5 12 C 5.223 12 5 12.223 5 12.5 C 5 12.777 5.223 13 5.5 13 C 5.777 13 6 12.777 6 12.5 C 6 12.223 5.777 12 5.5 12 z M 7.5 12 C 7.223 12 7 12.223 7 12.5 C 7 12.777 7.223 13 7.5 13 L 9.5 13 C 9.777 13 10 12.777 10 12.5 C 10 12.223 9.777 12 9.5 12 L 7.5 12 z M 12 12 L 13 12 L 13 13 L 14 13 L 14 12 L 15 12 L 15 14 L 14 14 L 14 15 L 13 15 L 13 14 L 12 14 L 12 12 z " fill="#c0bfbc" />
+</svg>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-http-server-4.1.1/src/include/http-server/wizard-dialog.rb new/yast2-http-server-4.1.3/src/include/http-server/wizard-dialog.rb
--- old/yast2-http-server-4.1.1/src/include/http-server/wizard-dialog.rb 2018-08-15 08:57:46.000000000 +0200
+++ new/yast2-http-server-4.1.3/src/include/http-server/wizard-dialog.rb 2018-12-11 17:06:11.000000000 +0100
@@ -221,9 +221,7 @@
)
)
- hostname = Convert.to_map(
- SCR.Execute(path(".target.bash_output"), "/bin/hostname")
- )
+ hostname = SCR.Execute(path(".target.bash_output"), "/usr/bin/hostname")
Builtins.y2milestone(
"Hostname : %1",
Ops.get_string(hostname, "stdout", "")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-http-server-4.1.1/src/modules/HttpServer.rb new/yast2-http-server-4.1.3/src/modules/HttpServer.rb
--- old/yast2-http-server-4.1.1/src/modules/HttpServer.rb 2018-08-15 08:57:46.000000000 +0200
+++ new/yast2-http-server-4.1.3/src/modules/HttpServer.rb 2018-12-11 17:06:11.000000000 +0100
@@ -12,6 +12,8 @@
require "yast"
require "yast2/system_service"
require "y2firewall/firewalld"
+require "shellwords"
+require "fileutils"
module Yast
class HttpServerClass < Module
@@ -123,7 +125,7 @@
if w_mode == true
SCR.Execute(
path(".target.bash"),
- Builtins.sformat("rm %1%2", Directory.vardir, "/http_server")
+ "/usr/bin/rm #{File.join(Directory.vardir, "/http_server").shellescape}"
)
Builtins.y2milestone("Set wizard mode on")
else
@@ -245,7 +247,7 @@
if SCR.Read(path(".target.lstat"), "/etc/sysconfig/apache2") == {}
if SCR.Execute(
path(".target.bash"),
- "cp /var/adm/fillup-templates/sysconfig.apache2 /etc/sysconfig/apache2"
+ "/usr/bin/cp /var/adm/fillup-templates/sysconfig.apache2 /etc/sysconfig/apache2"
) != 0
# translators:: error message
Report.Error(Message.CannotWriteSettingsTo("/etc/sysconfig/apache2"))
@@ -360,34 +362,24 @@
end
# add DHCP ones, if we can find out the current IP
devs = NetworkInterfaces.Locate("BOOTPROTO", "dhcp")
- Builtins.foreach(devs) do |dev|
- output = Convert.to_map(
- SCR.Execute(
- path(".target.bash_output"),
- Ops.add("/sbin/ifconfig ", dev),
- { "LC_MESSAGES" => "C" }
- )
+ devs.each do |dev|
+ output = SCR.Execute(
+ path(".target.bash_output"),
+ "/usr/sbin/ip addr show #{dev.shellescape}",
+ { "LC_MESSAGES" => "C" }
)
if Ops.get_integer(output, "exit", -1) == 0
# lookup the correct line first
- line = Builtins.splitstring(
- Ops.get_string(output, "stdout", ""),
- "\n"
- )
- addr = nil
- Builtins.foreach(line) do |ln|
- if Builtins.regexpmatch(ln, "^[ \t]*inet addr:")
- addr = Builtins.regexpsub(
- ln,
- "^[ \t]*inet addr:([0-9\\.]+)[ \t]*",
- "\\1"
- )
- Builtins.y2milestone("Found addr: %1", addr)
- raise Break
- end
- end
-
- Ops.set(@ip2device, addr, dev) if addr != nil && addr != ""
+ lines = Ops.get_string(output, "stdout", "").lines
+ lines.grep(/^\s*inet [0-9.]/)
+ line = lines.first
+ next unless line
+
+ # line looks like
+ # inet 192.168.0.107/24 brd 192.168.0.255 scope global noprefixroute dynamic eth0
+ addr = line[/^\s*inet\s*([0-9.]+)/, 1]
+ Builtins.y2milestone("Found addr: %1", addr)
+ Ops.set(@ip2device, addr, dev)
end
end
@@ -487,10 +479,6 @@
Report.Error(Message.CannotAdjustService(service.name))
end
- # configuration test
- # map test = (map)SCR::Execute(.target.bash_output, "apache2ctl conftest");
- #y2internal("test %1", test);
-
(@files_to_check + dynamic_files_to_check()).each do |file|
FileChanges.StoreFileCheckSum(file)
end
@@ -861,10 +849,10 @@
return if @vhost_files_to_backup.empty?
backup_dir = File.join(APACHE_VHOSTS_DIR, "YaSTsave")
- SCR.Execute(path(".target.bash"), "mkdir #{backup_dir}")
+ ::FileUtils.mkdir_p(backup_dir)
@vhost_files_to_backup.each do |file|
- SCR.Execute(path(".target.bash"), "cp -a #{file} #{backup_dir}")
+ SCR.Execute(path(".target.bash"), "/usr/bin/cp -a #{file.shellescape} #{backup_dir.shellescape}")
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-http-server-4.1.1/src/modules/HttpServerWidgets.rb new/yast2-http-server-4.1.3/src/modules/HttpServerWidgets.rb
--- old/yast2-http-server-4.1.1/src/modules/HttpServerWidgets.rb 2018-08-15 08:57:46.000000000 +0200
+++ new/yast2-http-server-4.1.3/src/modules/HttpServerWidgets.rb 2018-12-11 17:06:11.000000000 +0100
@@ -11,6 +11,8 @@
require "yast"
require "cwm/service_widget"
+require "shellwords"
+
module Yast
class HttpServerWidgetsClass < Module
@@ -997,7 +999,7 @@
# Reload server
def ReloadServer
- SCR.Execute(path(".target.bash"), "rcapache2 reload")
+ SCR.Execute(path(".target.bash"), "/usr/sbin/rcapache2 reload")
nil
end
@@ -1990,7 +1992,7 @@
if cert_file != nil &&
SCR.Execute(
path(".target.bash"),
- Builtins.sformat("openssl x509 -in %1", cert_file)
+ Builtins.sformat("/usr/bin/openssl x509 -in %1", cert_file.shellescape)
) == 0
UI.ChangeWidget(:certfile, :Value, cert_file)
else
@@ -2004,11 +2006,10 @@
"*.key *.pem",
_("Choose Certificate Key File")
)
- # boolean keyfile = (SCR::Execute(.target.bash, sformat("openssl rsa -in %1", cert_file))==0)?true:false;
if key_file != nil &&
SCR.Execute(
path(".target.bash"),
- Builtins.sformat("openssl rsa -in %1", key_file)
+ Builtins.sformat("/usr/bin/openssl rsa -in %1", key_file.shellescape)
) == 0
UI.ChangeWidget(:keyfile, :Value, key_file)
else
@@ -3149,16 +3150,12 @@
# list of all installed modules
all_modules = Builtins.splitstring(
Ops.get_string(
- Convert.convert(
- SCR.Execute(
- path(".target.bash_output"),
- Builtins.sformat(
- "ls %1|grep \".so$\"|cut -d. -f1|cut -d_ -f2-",
- module_dirs
- )
- ),
- :from => "any",
- :to => "map "
+ SCR.Execute(
+ path(".target.bash_output"),
+ Builtins.sformat(
+ "ls %1|grep \".so$\"|cut -d. -f1|cut -d_ -f2-",
+ module_dirs # do not shellescape as it is multiple files, see above. No shell injection possible.
+ )
),
"stdout",
""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-http-server-4.1.1/src/modules/YaPI/HTTPD.pm new/yast2-http-server-4.1.3/src/modules/YaPI/HTTPD.pm
--- old/yast2-http-server-4.1.1/src/modules/YaPI/HTTPD.pm 2018-08-15 08:57:46.000000000 +0200
+++ new/yast2-http-server-4.1.3/src/modules/YaPI/HTTPD.pm 2018-12-11 17:06:11.000000000 +0100
@@ -904,7 +904,6 @@
BEGIN { $TYPEINFO{GetModuleList} = ["function", [ "list", "string" ] ]; }
sub GetModuleList {
my $self = shift;
-# my $data = SCR->Read('.sysconfig.apache2.APACHE_MODULES'); # FIXME: Error handling
my $data = SCR->Execute('.target.bash_output', 'a2enmod -l')->{'stdout'}; # FIXME: Error handling
$data =~ s/mod_//g;