Hello community,
here is the log from the commit of package yast2-core
checked in at Mon Nov 5 11:37:15 CET 2007.
--------
--- yast2-core/yast2-core.changes 2007-10-04 15:08:31.000000000 +0200
+++ /mounts/work_src_done/STABLE/yast2-core/yast2-core.changes 2007-11-02 14:03:47.000000000 +0100
@@ -1,0 +2,7 @@
+Fri Nov 2 14:03:37 CET 2007 - mvidner@suse.cz
+
+- Do not look for YCP scripts under the current working
+ directory, unless explicitly requested (#330965).
+- 2.16.2
+
+-------------------------------------------------------------------
Old:
----
yast2-core-2.16.1.tar.bz2
New:
----
yast2-core-2.16.2.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-core.spec ++++++
--- /var/tmp/diff_new_pack.jMo614/_old 2007-11-05 11:36:28.000000000 +0100
+++ /var/tmp/diff_new_pack.jMo614/_new 2007-11-05 11:36:28.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package yast2-core (Version 2.16.1)
+# spec file for package yast2-core (Version 2.16.2)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -11,12 +11,12 @@
# norootforbuild
Name: yast2-core
-Version: 2.16.1
+Version: 2.16.2
Release: 1
License: GPL v2 or later
Group: System/YaST
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source0: yast2-core-2.16.1.tar.bz2
+Source0: yast2-core-2.16.2.tar.bz2
Prefix: /usr
# obviously
BuildRequires: gcc-c++
@@ -122,7 +122,7 @@
Stanislav Visnovsky
%prep
-%setup -n yast2-core-2.16.1
+%setup -n yast2-core-2.16.2
%build
%{prefix}/bin/y2tool y2autoconf
@@ -199,6 +199,10 @@
%doc %{prefix}/share/doc/packages/yast2-core
/usr/share/YaST2/data/devtools/bin/generateYCPWrappers
%changelog
+* Fri Nov 02 2007 - mvidner@suse.cz
+- Do not look for YCP scripts under the current working
+ directory, unless explicitly requested (#330965).
+- 2.16.2
* Thu Oct 04 2007 - mvidner@suse.cz
- Distinguish "foo.ycp contains an error" from "foo.ycp not found"
(#330656).
++++++ yast2-core-2.16.1.tar.bz2 -> yast2-core-2.16.2.tar.bz2 ++++++
++++ 14817 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-core-2.16.1/configure.in new/yast2-core-2.16.2/configure.in
--- old/yast2-core-2.16.1/configure.in 2007-10-04 15:50:56.000000000 +0200
+++ new/yast2-core-2.16.2/configure.in 2007-11-02 14:20:54.000000000 +0100
@@ -1,9 +1,9 @@
dnl configure.in for yast2-core
dnl
-dnl -- This file is generated by y2autoconf 2.15.9 - DO NOT EDIT! --
+dnl -- This file is generated by y2autoconf 2.16.1 - DO NOT EDIT! --
dnl (edit configure.in.in instead)
-AC_INIT(yast2-core, 2.16.1, http://bugs.opensuse.org/, yast2-core)
+AC_INIT(yast2-core, 2.16.2, http://bugs.opensuse.org/, yast2-core)
dnl Check for presence of file 'RPMNAME'
AC_CONFIG_SRCDIR([RPMNAME])
@@ -14,10 +14,11 @@
AC_PREFIX_DEFAULT(/usr)
-AM_INIT_AUTOMAKE(tar-ustar) dnl searches for some needed programs
+dnl long filenames; we use GNU Make extensions and that's ok
+AM_INIT_AUTOMAKE(tar-ustar -Wno-portability)
dnl Important YaST2 variables
-VERSION="2.16.1"
+VERSION="2.16.2"
RPMNAME="yast2-core"
MAINTAINER="Martin Vidner "
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-core-2.16.1/libycp/src/pathsearch.cc new/yast2-core-2.16.2/libycp/src/pathsearch.cc
--- old/yast2-core-2.16.1/libycp/src/pathsearch.cc 2007-10-02 16:28:52.000000000 +0200
+++ new/yast2-core-2.16.2/libycp/src/pathsearch.cc 2007-10-09 09:07:45.000000000 +0200
@@ -71,16 +71,25 @@
for (int i = 0; i < NUM_LEVELS; i++)
{
- if (home
- && strcmp (paths[i], "HOME") == 0)
+ // #330965, avoid publicly writable dirs in search path
+ // (we return a nonexistent dir because the API does not
+ // allow us to say Skip, and a cleanup patch to fix that
+ // would be too large)
+ static const char * not_there = YAST2DIR "/not-there";
+ if (strcmp (paths[i], "HOME") == 0)
{
+ if (home)
my_paths[i] = string (home) + "/.yast2";
+ else
+ my_paths[i] = string (not_there);
}
- else if (y2dir
- && (strcmp (paths[i], "Y2DIR") == 0)
- && (strcmp (YAST2DIR, y2dir) != 0)) // prevent path duplication
+ else if (strcmp (paths[i], "Y2DIR") == 0)
{
+ if (y2dir
+ && (strcmp (YAST2DIR, y2dir) != 0)) // prevent path duplication
my_paths[i] = string (y2dir);
+ else
+ my_paths[i] = string (not_there);
}
else
{
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-core-2.16.1/Makefile.am new/yast2-core-2.16.2/Makefile.am
--- old/yast2-core-2.16.1/Makefile.am 2007-10-04 15:50:59.000000000 +0200
+++ new/yast2-core-2.16.2/Makefile.am 2007-11-02 14:20:54.000000000 +0100
@@ -30,6 +30,7 @@
extra_COPYRIGHT_files = $(if $(HAS_YAST_LICENSE), $(COPYRIGHT_files_yast), $(COPYRIGHT_files_gpl))
+# less strict; prefer bzip2
AUTOMAKE_OPTIONS = foreign dist-bzip2 no-dist-gzip
# where devtools instal m4 snippets
# argh, executed literally
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-core-2.16.1/VERSION new/yast2-core-2.16.2/VERSION
--- old/yast2-core-2.16.1/VERSION 2007-10-04 14:59:57.000000000 +0200
+++ new/yast2-core-2.16.2/VERSION 2007-11-02 14:03:26.000000000 +0100
@@ -1 +1 @@
-2.16.1
+2.16.2
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-core-2.16.1/wfm/src/Y2CCWFM.cc new/yast2-core-2.16.2/wfm/src/Y2CCWFM.cc
--- old/yast2-core-2.16.1/wfm/src/Y2CCWFM.cc 2007-10-04 11:31:55.000000000 +0200
+++ new/yast2-core-2.16.2/wfm/src/Y2CCWFM.cc 2007-10-12 17:19:35.000000000 +0200
@@ -89,7 +89,11 @@
{
// not found "clients/<name>.ycp"
// try plain name
+ // only if the name contains a slash, #330965#c10
+ if (!strchr (name, '/'))
+ return 0;
+ // we have to keep completeFilename because it also does :: translation :(
fullname = Y2PathSearch::completeFilename (string (name));
if (fullname.empty())
return 0;
@@ -98,22 +102,14 @@
if (!file) return 0; // Not found under the direct path either.
filename = name;
- // 2nd try: examine the file: Is it not executable or does
- // the name end in .ycp or does the file begin with #!/bin/y2wfm
+ // 2nd try: examine the file: does the name end in .ycp
bool try_it = false;
if (strlen(name) > 4 && !strcmp(name + strlen(name) - 4, ".ycp"))
try_it = true;
- else {
- struct stat buf;
- if (0 == stat(name, &buf))
- {
- // Try it, if it is not executable
- if (S_ISREG(buf.st_mode) && buf.st_mode & S_IXOTH != S_IXOTH)
- try_it = true;
- }
- }
+ // The stat code that used to be here had a bug
+ // in operator precedence rendering it useless. let's make it explicit.
if (!try_it) return 0;
modulename = string(name);
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org