Hello community,
here is the log from the commit of package yast2-registration for openSUSE:Factory checked in at 2018-12-31 09:44:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-registration (Old)
and /work/SRC/openSUSE:Factory/.yast2-registration.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-registration"
Mon Dec 31 09:44:01 2018 rev:27 rq:658051 version:4.1.11
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-registration/yast2-registration.changes 2018-11-22 13:24:40.550053139 +0100
+++ /work/SRC/openSUSE:Factory/.yast2-registration.new.28833/yast2-registration.changes 2018-12-31 09:44:03.346331278 +0100
@@ -1,0 +2,20 @@
+Fri Dec 14 13:14:15 UTC 2018 - jlopez@suse.com
+
+- Hardening commands execution (part of bsc#1118291).
+- Replace backticks by Yast::Execute.
+- 4.1.11
+
+-------------------------------------------------------------------
+Fri Dec 14 09:41:49 UTC 2018 - lslezak@suse.cz
+
+- Fixed UI display issue in the installation workflow
+ (not cleared screen) (bsc#1117492)
+- 4.1.10
+
+-------------------------------------------------------------------
+Mon Nov 26 01:17:32 UTC 2018 - Noah Davis
+
+- Provide icon with module (boo#1109310)
+- 4.1.9
+
+-------------------------------------------------------------------
Old:
----
yast2-registration-4.1.8.tar.bz2
New:
----
yast2-registration-4.1.11.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-registration.spec ++++++
--- /var/tmp/diff_new_pack.3JLkPe/_old 2018-12-31 09:44:03.994330747 +0100
+++ /var/tmp/diff_new_pack.3JLkPe/_new 2018-12-31 09:44:03.998330744 +0100
@@ -17,7 +17,7 @@
Name: yast2-registration
-Version: 4.1.8
+Version: 4.1.11
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -98,6 +98,7 @@
%{yast_libdir}/registration
%{yast_libdir}/yast
%{yast_libdir}/yast/suse_connect.rb
+%{yast_icondir}
%doc %{yast_docdir}
%license COPYING
++++++ yast2-registration-4.1.8.tar.bz2 -> yast2-registration-4.1.11.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/package/yast2-registration.changes new/yast2-registration-4.1.11/package/yast2-registration.changes
--- old/yast2-registration-4.1.8/package/yast2-registration.changes 2018-11-21 17:44:29.000000000 +0100
+++ new/yast2-registration-4.1.11/package/yast2-registration.changes 2018-12-14 14:25:06.000000000 +0100
@@ -1,4 +1,24 @@
-------------------------------------------------------------------
+Fri Dec 14 13:14:15 UTC 2018 - jlopez@suse.com
+
+- Hardening commands execution (part of bsc#1118291).
+- Replace backticks by Yast::Execute.
+- 4.1.11
+
+-------------------------------------------------------------------
+Fri Dec 14 09:41:49 UTC 2018 - lslezak@suse.cz
+
+- Fixed UI display issue in the installation workflow
+ (not cleared screen) (bsc#1117492)
+- 4.1.10
+
+-------------------------------------------------------------------
+Mon Nov 26 01:17:32 UTC 2018 - Noah Davis
+
+- Provide icon with module (boo#1109310)
+- 4.1.9
+
+-------------------------------------------------------------------
Wed Nov 21 16:39:02 CET 2018 - schubi@suse.de
- Do not allow redirection while checking via HTTP request if
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/package/yast2-registration.spec new/yast2-registration-4.1.11/package/yast2-registration.spec
--- old/yast2-registration-4.1.8/package/yast2-registration.spec 2018-11-21 17:44:29.000000000 +0100
+++ new/yast2-registration-4.1.11/package/yast2-registration.spec 2018-12-14 14:25:06.000000000 +0100
@@ -17,7 +17,7 @@
Name: yast2-registration
-Version: 4.1.8
+Version: 4.1.11
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -99,6 +99,7 @@
%{yast_libdir}/registration
%{yast_libdir}/yast
%{yast_libdir}/yast/suse_connect.rb
+%{yast_icondir}
%doc %{yast_docdir}
%license COPYING
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/src/desktop/add_extensions.desktop new/yast2-registration-4.1.11/src/desktop/add_extensions.desktop
--- old/yast2-registration-4.1.8/src/desktop/add_extensions.desktop 2018-11-21 17:44:29.000000000 +0100
+++ new/yast2-registration-4.1.11/src/desktop/add_extensions.desktop 2018-12-14 14:25:06.000000000 +0100
@@ -8,7 +8,7 @@
X-SuSE-YaST-Group=Software
X-SuSE-YaST-Keywords=extensions,modules,software,registration,scc,package,repositories
-Icon=yast-addon
+Icon=yast-addon-extension
Exec=/usr/bin/xdg-su -c "/sbin/yast2 scc select_extensions"
Name=Add System Extensions or Modules
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/src/icons/hicolor/scalable/apps/yast-addon-extension.svg new/yast2-registration-4.1.11/src/icons/hicolor/scalable/apps/yast-addon-extension.svg
--- old/yast2-registration-4.1.8/src/icons/hicolor/scalable/apps/yast-addon-extension.svg 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-registration-4.1.11/src/icons/hicolor/scalable/apps/yast-addon-extension.svg 2018-12-14 14:25:06.000000000 +0100
@@ -0,0 +1 @@
+<svg viewBox="0 0 128 128" xmlns="http://www.w3.org/2000/svg"><linearGradient id="a" gradientUnits="userSpaceOnUse" x1="8" x2="120" y1="238" y2="238"><stop offset="0" stop-color="#c0bfbc"/><stop offset=".143" stop-color="#c0bfbc"/><stop offset=".25" stop-color="#deddda"/><stop offset=".5" stop-color="#c0bfbc" stop-opacity=".939"/><stop offset="1" stop-color="#c0bfbc" stop-opacity=".984"/></linearGradient><g stroke-width="4"><path d="M64 182c-30.928 0-56 25.072-56 56s25.072 56 56 56 56-25.072 56-56-25.072-56-56-56zm0 36a20 20 0 0 1 20 20 20 20 0 0 1-20 20 20 20 0 0 1-20-20 20 20 0 0 1 20-20z" fill="url(#a)" transform="translate(0 -172)"/><path d="M64 8C33.072 8 8 33.072 8 64s25.072 56 56 56 56-25.072 56-56S94.928 8 64 8zm0 36a20 20 0 0 1 20 20 20 20 0 0 1-20 20 20 20 0 0 1-20-20 20 20 0 0 1 20-20z" fill="#deddda"/><path d="M64 44a20 20 0 0 0-20 20 20 20 0 0 0 20 20 20 20 0 0 0 20-20 20 20 0 0 0-20-20zm0 12a8 8 0 0 1 8 8 8 8 0 0 1-8 8 8 8 0 0 1-8-8 8 8 0 0 1 8-8z" fill="#c0bfbc" fill-opacity=".947"/><path d="M64 8v36a20 20 0 0 1 14.133 5.867l25.469-25.469C93.468 14.264 79.464 8 64 8zM49.867 78.132l-25.469 25.469C34.532 113.735 48.536 119.999 64 119.999v-36a20 20 0 0 1-14.133-5.867z" fill="#f6f5f4" opacity=".5"/><path d="M64 40a24 24 0 0 0-24 24 24 24 0 0 0 24 24 24 24 0 0 0 24-24 24 24 0 0 0-24-24zm0 4a20 20 0 0 1 20 20 20 20 0 0 1-20 20 20 20 0 0 1-20-20 20 20 0 0 1 20-20z" fill="#9a9996" fill-opacity=".947"/></g><path d="M117.05 78h-14c-3-1-2.96-1.368-3-3-.052-2.091 3-4 3-7 0-2.216-1.784-4-4-4h-4c-2.216 0-4 1.784-4 4 0 3 2.914 4.751 3 7 .062 1.615 0 2-2.898 3H75.05v16c-1 3-1.368 2.96-3 3-2.092.052-4-3-7-3-2.216 0-4 1.784-4 4v4c0 2.216 1.784 4 4 4 3 0 4.751-2.914 7-3 1.614-.062 2 0 3 2.898V120h42v-14.246c-.96-2.74-1.363-2.814-2.948-2.754-2.248.087-4 3-7 3a3.99 3.99 0 0 1-4-4v-4c0-2.215 1.784-4 4-4 3 0 4.909 3.052 7 3 1.601-.04 1.989-.018 2.948-2.851z" fill="#1a5fb4"/><path d="M117 76h-14c-3-1-2.96-1.368-3-3-.052-2.091 3-4 3-7 0-2.216-1.784-4-4-4h-4c-2.216 0-4 1.784-4 4 0 3 2.914 4.751 3 7 .062 1.615 0 2-2.898 3H75v16c-1 3-1.368 2.96-3 3-2.092.052-4-3-7-3-2.216 0-4 1.784-4 4v4c0 2.216 1.784 4 4 4 3 0 4.751-2.914 7-3 1.614-.062 2 0 3 2.898V118h42v-14.246c-.96-2.74-1.363-2.814-2.948-2.754-2.248.087-4 3-7 3a3.99 3.99 0 0 1-4-4v-4c0-2.215 1.784-4 4-4 3 0 4.909 3.052 7 3 1.601-.04 1.989-.018 2.948-2.851z" fill="#3584e4"/></svg>
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/src/icons/hicolor/scalable/apps/yast-product-registration.svg new/yast2-registration-4.1.11/src/icons/hicolor/scalable/apps/yast-product-registration.svg
--- old/yast2-registration-4.1.8/src/icons/hicolor/scalable/apps/yast-product-registration.svg 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-registration-4.1.11/src/icons/hicolor/scalable/apps/yast-product-registration.svg 2018-12-14 14:25:06.000000000 +0100
@@ -0,0 +1 @@
+<svg height="128" width="128" xmlns="http://www.w3.org/2000/svg"><linearGradient id="a" gradientUnits="userSpaceOnUse" x1="24" x2="104" y1="20" y2="20"><stop offset="0" stop-color="#8ff0a4"/><stop offset="1" stop-color="#81dffe"/></linearGradient><path d="M20 8h88v108H20z" fill="#f6f5f4"/><path d="M20 116h88v4H20z" fill="#deddda"/><path d="M60 104h44v4H60z" fill="#5e5c64"/><path d="M24 16h80v8H24z" fill="url(#a)"/><path d="M24 32h80v4H24zm0 8h80v4H24zm0 8h52v4H24zm0 12h80v4H24zm0 8h80v4H24zm0 8h60v4H24z" fill="#deddda"/><path d="M60 92h4v12h-4zm4 0h36v4H64zm36 0h4v12h-4z" fill="#5e5c64"/><path d="M24 96h32v8H24z" fill="#deddda"/><path d="M99.828 28.172L60 68l8 8 39.82-39.82a10 10 0 0 0-7.992-8.008z" fill="#f6d32d"/><path d="M60 68l-8 16 16-8z" fill="#ffd097"/><path d="M105.07 30.93L64 72l4 4 39.82-39.82a10 10 0 0 0-2.75-5.25z" fill="#f5c211"/><path d="M64 72L52 84l16-8z" fill="#ffb56c"/><path d="M56 76l4 4-8 4z" fill="#3d3846"/><path d="M58 78l-6 6 8-4z"/><path d="M24 12h8v4h-8zm12 0h8v4h-8z" fill="#9a9996"/></svg>
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/src/lib/registration/clients/inst_scc.rb new/yast2-registration-4.1.11/src/lib/registration/clients/inst_scc.rb
--- old/yast2-registration-4.1.8/src/lib/registration/clients/inst_scc.rb 2018-11-21 17:44:29.000000000 +0100
+++ new/yast2-registration-4.1.11/src/lib/registration/clients/inst_scc.rb 2018-12-14 14:25:06.000000000 +0100
@@ -188,7 +188,7 @@
return Mode.normal ? :abort : :auto
end
- if Mode.update
+ if Stage.initial
Wizard.SetContents(
_("Registration"),
Empty(),
@@ -197,7 +197,9 @@
false,
false
)
+ end
+ if Mode.update
::Registration::SwMgmt.copy_old_credentials(Installation.destdir)
if File.exist?(SUSE::Connect::YaST::GLOBAL_CREDENTIALS_FILE)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/src/lib/registration/sw_mgmt.rb new/yast2-registration-4.1.11/src/lib/registration/sw_mgmt.rb
--- old/yast2-registration-4.1.8/src/lib/registration/sw_mgmt.rb 2018-11-21 17:44:29.000000000 +0100
+++ new/yast2-registration-4.1.11/src/lib/registration/sw_mgmt.rb 2018-12-14 14:25:06.000000000 +0100
@@ -25,7 +25,6 @@
require "tmpdir"
require "fileutils"
-require "shellwords"
require "ostruct"
require "registration/exceptions"
@@ -35,6 +34,7 @@
require "packager/product_patterns"
require "y2packager/product_reader"
+require "yast2/execute"
module Registration
Yast.import "AddOnProduct"
@@ -481,14 +481,28 @@
# SMT uses extra ACL permissions, make sure they are kept in the copied file,
# (use "cp -a ", ::FileUtils.cp(..., preserve: true) cannot be used as it preserves only
# the traditional Unix file permissions, the extended ACLs are NOT copied!)
- `cp -a #{Shellwords.escape(file)} #{Shellwords.escape(new_file)}`
+ Yast::Execute.locally!("cp", "-a", file, new_file)
- credentials = SUSE::Connect::YaST.credentials(new_file)
+ use_credentials(new_file)
+ rescue Cheetah::ExecutionFailed => error
+ log.warn "Cannot copy the old credentials file #{file} to #{new_file}: #{error.message}"
+ end
+
+ # Use credentials from a file
+ #
+ # @param filename [String] credentials filename.
+ # @return [Boolean] true if credentials can be used; false otherwise.
+ def self.use_credentials(filename)
+ credentials = SUSE::Connect::YaST.credentials(filename)
log.info "Using previous credentials (username): #{credentials.username}"
+ true
rescue SUSE::Connect::MalformedSccCredentialsFile => e
log.warn "Cannot parse the credentials file: #{e.inspect}"
+ false
end
+ private_class_method :use_credentials
+
def self.find_addon_updates(addons)
log.info "Available addons: #{addons.map(&:identifier)}"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/src/lib/registration/ui/base_system_registration_dialog.rb new/yast2-registration-4.1.11/src/lib/registration/ui/base_system_registration_dialog.rb
--- old/yast2-registration-4.1.8/src/lib/registration/ui/base_system_registration_dialog.rb 2018-11-21 17:44:29.000000000 +0100
+++ new/yast2-registration-4.1.11/src/lib/registration/ui/base_system_registration_dialog.rb 2018-12-14 14:25:06.000000000 +0100
@@ -74,6 +74,8 @@
set_focus
event_loop
+ ensure
+ Yast::Wizard.ClearContents
end
# Set the initial action
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-4.1.8/test/sw_mgmt_spec.rb new/yast2-registration-4.1.11/test/sw_mgmt_spec.rb
--- old/yast2-registration-4.1.8/test/sw_mgmt_spec.rb 2018-11-21 17:44:29.000000000 +0100
+++ new/yast2-registration-4.1.11/test/sw_mgmt_spec.rb 2018-12-14 14:25:06.000000000 +0100
@@ -224,67 +224,85 @@
let(:scc_credentials) { File.join(root_dir, target_dir, "SCCcredentials") }
before do
- expect(File).to receive(:exist?).with(target_dir).and_return(false)
+ allow(File).to receive(:exist?).with(target_dir).and_return(false)
allow(File).to receive(:file?).and_return(true)
- expect(FileUtils).to receive(:mkdir_p).with(target_dir)
+ allow(FileUtils).to receive(:mkdir_p).with(target_dir)
end
it "does not fail when the old credentials are missing" do
- expect(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*"))
+ allow(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*"))
.and_return([])
# no copy
- expect(FileUtils).to receive(:cp).never
+ expect(Yast::Execute).to_not receive(:locally!).with("cp", any_args)
+
+ expect { subject.copy_old_credentials(root_dir) }.to_not raise_error
+ end
+
+ it "does not fail when the old credentials file cannot be copied" do
+ allow(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*"))
+ .and_return([ncc_credentials])
+
+ error = Cheetah::ExecutionFailed.new([], "", nil, nil)
+
+ allow(Yast::Execute).to receive(:locally!).with("cp", any_args)
+ .and_raise(error)
expect { subject.copy_old_credentials(root_dir) }.to_not raise_error
end
it "copies old NCC credentials at upgrade" do
- expect(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*"))
+ allow(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*"))
.and_return([ncc_credentials])
- expect(subject).to receive(:`).with("cp -a " + ncc_credentials + " " +
- File.join(target_dir, "SCCcredentials"))
- expect(SUSE::Connect::YaST).to receive(:credentials).and_return(OpenStruct.new)
+ allow(SUSE::Connect::YaST).to receive(:credentials).and_return(OpenStruct.new)
+
+ expect(Yast::Execute).to receive(:locally!)
+ .with("cp", "-a", ncc_credentials, File.join(target_dir, "SCCcredentials"))
subject.copy_old_credentials(root_dir)
end
it "prefers the SCC credentials if both NCC and SCC credentials are present" do
# deliberately return the SCC credentials first here
- expect(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*"))
+ allow(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*"))
.and_return([scc_credentials, ncc_credentials])
- # copy the credentials in the NCC, SCC order (bsc#1096813)
- expect(subject).to receive(:`).with("cp -a " + ncc_credentials + " " +
- File.join(target_dir, "SCCcredentials")).ordered
- expect(subject).to receive(:`).with("cp -a " + scc_credentials + " " +
- File.join(target_dir, "SCCcredentials")).ordered
-
allow(SUSE::Connect::YaST).to receive(:credentials).and_return(OpenStruct.new)
+ # copy the credentials in the NCC, SCC order (bsc#1096813)
+ expect(Yast::Execute).to receive(:locally!)
+ .with("cp", "-a", ncc_credentials, File.join(target_dir, "SCCcredentials"))
+ .ordered
+
+ expect(Yast::Execute).to receive(:locally!)
+ .with("cp", "-a", scc_credentials, File.join(target_dir, "SCCcredentials"))
+ .ordered
+
subject.copy_old_credentials(root_dir)
end
it "copies old SCC credentials at upgrade" do
- expect(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*"))
+ allow(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*"))
.and_return([scc_credentials])
- expect(subject).to receive(:`).with("cp -a " + scc_credentials + " " +
- File.join(target_dir, "SCCcredentials"))
- expect(SUSE::Connect::YaST).to receive(:credentials).and_return(OpenStruct.new)
+ allow(SUSE::Connect::YaST).to receive(:credentials).and_return(OpenStruct.new)
+
+ expect(Yast::Execute).to receive(:locally!)
+ .with("cp", "-a", scc_credentials, File.join(target_dir, "SCCcredentials"))
subject.copy_old_credentials(root_dir)
end
it "copies old SMT credentials at upgrade" do
smt_credentials = File.join(root_dir, target_dir, "SMT-http_smt_example_com")
- expect(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*"))
+ allow(Dir).to receive(:[]).with(File.join(root_dir, target_dir, "*"))
.and_return([smt_credentials])
- expect(subject).to receive(:`).with("cp -a " + smt_credentials + " " +
- File.join(target_dir, "SMT-http_smt_example_com"))
- expect(SUSE::Connect::YaST).to receive(:credentials).and_return(OpenStruct.new)
+ allow(SUSE::Connect::YaST).to receive(:credentials).and_return(OpenStruct.new)
+
+ expect(Yast::Execute).to receive(:locally!)
+ .with("cp", "-a", smt_credentials, File.join(target_dir, "SMT-http_smt_example_com"))
subject.copy_old_credentials(root_dir)
end