Author: mvidner Date: Mon Dec 17 16:04:28 2007 New Revision: 43138 URL: http://svn.opensuse.org/viewcvs/yast?rev=43138&view=rev Log: Merged revisions 38324-43136 via svnmerge from http://svn.opensuse.org/svn/yast/branches/SuSE-SLE-10-SP1-Branch/core ........ r40275 | mvidner | 2007-08-15 11:33:40 +0200 (St, 15 srp 2007) | 2 lines Do not log return value from clients (#248300). ........ r43135 | mvidner | 2007-12-17 15:56:24 +0100 (Po, 17 pro 2007) | 3 lines Do not look for YCP scripts under the current working directory, unless explicitly requested (#330965). ........ Modified: branches/SuSE-SLE-10-SP2-Branch/core/ (props changed) branches/SuSE-SLE-10-SP2-Branch/core/VERSION branches/SuSE-SLE-10-SP2-Branch/core/libycp/src/pathsearch.cc branches/SuSE-SLE-10-SP2-Branch/core/package/yast2-core.changes branches/SuSE-SLE-10-SP2-Branch/core/wfm/src/Y2CCWFM.cc branches/SuSE-SLE-10-SP2-Branch/core/wfm/src/Y2WFMComponent.cc Modified: branches/SuSE-SLE-10-SP2-Branch/core/VERSION URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-SLE-10-SP2-Branch/core/VERSION?rev=43138&r1=43137&r2=43138&view=diff ============================================================================== --- branches/SuSE-SLE-10-SP2-Branch/core/VERSION (original) +++ branches/SuSE-SLE-10-SP2-Branch/core/VERSION Mon Dec 17 16:04:28 2007 @@ -1 +1 @@ -2.13.40 +2.13.42 Modified: branches/SuSE-SLE-10-SP2-Branch/core/libycp/src/pathsearch.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-SLE-10-SP2-Branch/core/libycp/src/pathsearch.cc?rev=43138&r1=43137&r2=43138&view=diff ============================================================================== --- branches/SuSE-SLE-10-SP2-Branch/core/libycp/src/pathsearch.cc (original) +++ branches/SuSE-SLE-10-SP2-Branch/core/libycp/src/pathsearch.cc Mon Dec 17 16:04:28 2007 @@ -71,16 +71,25 @@ for (int i = 0; i < NUM_LEVELS; i++) { - if (home - && strcmp (paths[i], "HOME") == 0) + // #330965, avoid publicly writable dirs in search path + // (we return a nonexistent dir because the API does not + // allow us to say Skip, and a cleanup patch to fix that + // would be too large) + static const char * not_there = YAST2DIR "/not-there"; + if (strcmp (paths[i], "HOME") == 0) { + if (home) my_paths[i] = string (home) + "/.yast2"; + else + my_paths[i] = string (not_there); } - else if (y2dir - && (strcmp (paths[i], "Y2DIR") == 0) - && (strcmp (YAST2DIR, y2dir) != 0)) // prevent path duplication + else if (strcmp (paths[i], "Y2DIR") == 0) { + if (y2dir + && (strcmp (YAST2DIR, y2dir) != 0)) // prevent path duplication my_paths[i] = string (y2dir); + else + my_paths[i] = string (not_there); } else { Modified: branches/SuSE-SLE-10-SP2-Branch/core/package/yast2-core.changes URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-SLE-10-SP2-Branch/core/package/yast2-core.changes?rev=43138&r1=43137&r2=43138&view=diff ============================================================================== --- branches/SuSE-SLE-10-SP2-Branch/core/package/yast2-core.changes (original) +++ branches/SuSE-SLE-10-SP2-Branch/core/package/yast2-core.changes Mon Dec 17 16:04:28 2007 @@ -3,6 +3,19 @@ - Enabled iterating over all functions of a Y2Namespace, for a more natural call syntax in yast2-python-bindings (#308213). +- 2.13.42 + +------------------------------------------------------------------- +Mon Oct 29 13:28:57 CET 2007 - mvidner@suse.cz + +- Do not look for YCP scripts under the current working + directory, unless explicitly requested (#330965). +- 2.13.41 + +------------------------------------------------------------------- +Wed Aug 15 11:31:20 CEST 2007 - mvidner@suse.cz + +- Do not log return value from clients (#248300). - 2.13.40 ------------------------------------------------------------------- Modified: branches/SuSE-SLE-10-SP2-Branch/core/wfm/src/Y2CCWFM.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-SLE-10-SP2-Branch/core/wfm/src/Y2CCWFM.cc?rev=43138&r1=43137&r2=43138&view=diff ============================================================================== --- branches/SuSE-SLE-10-SP2-Branch/core/wfm/src/Y2CCWFM.cc (original) +++ branches/SuSE-SLE-10-SP2-Branch/core/wfm/src/Y2CCWFM.cc Mon Dec 17 16:04:28 2007 @@ -90,7 +90,11 @@ { // not found "clients/<name>.ycp" // try plain name + // only if the name contains a slash, #330965#c10 + if (!strchr (name, '/')) + return 0; + // we have to keep completeFilename because it also does :: translation :( fullname = Y2PathSearch::completeFilename (string (name)); if (fullname.empty()) return 0; @@ -99,22 +103,14 @@ if (!file) return 0; // Not found under the direct path either. filename = name; - // 2nd try: examine the file: Is it not executable or does - // the name end in .ycp or does the file begin with #!/bin/y2wfm + // 2nd try: examine the file: does the name end in .ycp bool try_it = false; if (strlen(name) > 4 && !strcmp(name + strlen(name) - 4, ".ycp")) try_it = true; - else { - struct stat buf; - if (0 == stat(name, &buf)) - { - // Try it, if it is not executable - if (S_ISREG(buf.st_mode) && buf.st_mode & S_IXOTH != S_IXOTH) - try_it = true; - } - } + // The stat code that used to be here had a bug + // in operator precedence rendering it useless. let's make it explicit. if (!try_it) return 0; modulename = string(name); Modified: branches/SuSE-SLE-10-SP2-Branch/core/wfm/src/Y2WFMComponent.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-SLE-10-SP2-Branch/core/wfm/src/Y2WFMComponent.cc?rev=43138&r1=43137&r2=43138&view=diff ============================================================================== --- branches/SuSE-SLE-10-SP2-Branch/core/wfm/src/Y2WFMComponent.cc (original) +++ branches/SuSE-SLE-10-SP2-Branch/core/wfm/src/Y2WFMComponent.cc Mon Dec 17 16:04:28 2007 @@ -651,7 +651,9 @@ YCPValue result = client_comp->doActualWork (args, NULL); ee.setFilename (filename); ee.setLinenumber (linenumber); - ycp2milestone (filename.c_str(), linenumber, + ycp2milestone (filename.c_str(), linenumber, "Called YaST client returned."); + // some clients return plaintext secrets #248300 + ycp2debug (filename.c_str(), linenumber, "Called YaST client returned: %s", result.isNull () ? "nil" : result->toString ().c_str ()); return result; -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org