Hello community, here is the log from the commit of package system-config-printer for openSUSE:11.4 checked in at Thu Dec 8 17:37:01 CET 2011. -------- --- old-versions/11.4/UPDATES/all/system-config-printer/system-config-printer.changes 2011-12-06 17:43:59.000000000 +0100 +++ 11.4/system-config-printer/system-config-printer.changes 2011-12-08 11:05:38.000000000 +0100 @@ -1,0 +2,6 @@ +Thu Dec 8 09:54:03 UTC 2011 - vuntz@opensuse.org + +- Add system-config-printer-subprocess-no-shell.patch: avoid + escaping issues when running commands. Fix bnc#735322. + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 New: ---- system-config-printer-subprocess-no-shell.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ system-config-printer.spec ++++++ --- /var/tmp/diff_new_pack.df3zZh/_old 2011-12-08 17:36:35.000000000 +0100 +++ /var/tmp/diff_new_pack.df3zZh/_new 2011-12-08 17:36:35.000000000 +0100 @@ -22,7 +22,7 @@ License: GPLv2+ Group: Hardware/Printing Version: 1.2.5 -Release: 5.<RELEASE6> +Release: 5.<RELEASE8> Summary: A printer administration tool Url: http://cyberelk.net/tim/software/system-config-printer/ Source0: http://cyberelk.net/tim/data/system-config-printer/1.0.x/system-config-printer-%{version}.tar.bz2 @@ -32,6 +32,8 @@ Patch18: system-config-printer-firewall-menu.patch # PATCH-FIX-OPENSUSE system-config-printer-no-openprinting.patch bnc#733542 vuntz@opensuse.org -- Disable feature that downloads ppd from openprinting.org Patch19: system-config-printer-no-openprinting.patch +# PATCH-FIX-UPSTREAM system-config-printer-subprocess-no-shell.patch bnc#735322 vuntz@opensuse.org -- Always use sequences for subprocess to avoid escaping issues; sent upstream by mail +Patch20: system-config-printer-subprocess-no-shell.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Obsoletes: gnome-cups-manager <= 0.33 BuildRequires: cups-devel @@ -107,6 +109,7 @@ %patch13 -p1 %patch18 -p1 %patch19 -p1 +%patch20 -p1 gnome-patch-translation-update %build ++++++ system-config-printer-subprocess-no-shell.patch ++++++
From 08dac9a6bc423166ee5593b56aa29a51c0b61584 Mon Sep 17 00:00:00 2001 From: Vincent Untz
Date: Thu, 8 Dec 2011 10:24:24 +0100 Subject: [PATCH] Always use a sequence as args for timedops.TimedSubprocess()
This helps make sure there is never an issue where we forget to escape a string. See https://bugzilla.novell.com/show_bug.cgi?id=735322 Index: system-config-printer-1.2.5/system-config-printer.py =================================================================== --- system-config-printer-1.2.5.orig/system-config-printer.py +++ system-config-printer-1.2.5/system-config-printer.py @@ -4902,11 +4902,13 @@ class NewPrinterGUI(GtkGUI): self.add_devices (devices, current_uri, no_more=True) def get_hpfax_device_id(self, faxuri): - os.environ["URI"] = faxuri - cmd = 'LC_ALL=C DISPLAY= hp-info -x -i -d"${URI}"' - debugprint (faxuri + ": " + cmd) + new_environ = os.environ.copy() + new_environ['LC_ALL'] = "C" + new_environ['DISPLAY'] = "" + args = ["hp-info", "-x", "-i", "-d" + faxuri] + debugprint (faxuri + ": " + args) try: - p = subprocess.Popen (cmd, shell=True, close_fds=True, + p = subprocess.Popen (args, env=new_environ, close_fds=True, stdin=file("/dev/null"), stdout=subprocess.PIPE, stderr=subprocess.PIPE) @@ -4933,15 +4935,14 @@ class NewPrinterGUI(GtkGUI): return 'MFG:HP;MDL:Fax;DES:HP Fax;' def get_hplip_uri_for_network_printer(self, host, mode): - os.environ["HOST"] = host if mode == "print": mod = "-c" elif mode == "fax": mod = "-f" else: mod = "-c" - cmd = 'hp-makeuri ' + mod + ' "${HOST}"' - debugprint (host + ": " + cmd) + args = ["hp-makeuri", mod, host] + debugprint (host + ": " + args) uri = None try: - p = subprocess.Popen (cmd, shell=True, close_fds=True, + p = subprocess.Popen (args, close_fds=True, stdin=file("/dev/null"), stdout=subprocess.PIPE, stderr=subprocess.PIPE) @@ -4977,12 +4978,11 @@ class NewPrinterGUI(GtkGUI): host = device.uri[s:s+e] # Try to get make and model via SNMP if host: - os.environ["HOST"] = host - cmd = '/usr/lib/cups/backend/snmp "${HOST}"' - debugprint (host + ": " + cmd) + args = ["/usr/lib/cups/backend/snmp", host] + debugprint (host + ": " + args) stdout = None try: - p = subprocess.Popen (cmd, shell=True, close_fds=True, + p = subprocess.Popen (args, close_fds=True, stdin=file("/dev/null"), stdout=subprocess.PIPE, stderr=subprocess.PIPE) Index: system-config-printer-1.2.5/troubleshoot/CheckPrinterSanity.py =================================================================== --- system-config-printer-1.2.5.orig/troubleshoot/CheckPrinterSanity.py +++ system-config-printer-1.2.5/troubleshoot/CheckPrinterSanity.py @@ -81,16 +81,17 @@ class CheckPrinterSanity(Question): elif scheme == "smb": u = smburi.SMBURI (uri) (group, host, share, user, password) = u.separate () - os.environ['HOST'] = host + new_environ = os.environ.copy() + new_environ['LC_ALL'] = "C" if group: - os.environ['GROUP'] = group - cmdline = 'LC_ALL=C nmblookup -W "$GROUP" "$HOST"' + args = ["nmblookup", "-W", group, host] else: - cmdline = 'LC_ALL=C nmblookup "$HOST"' + args = ["nmblookup", host] try: p = TimedSubprocess (parent=parent, timeout=5000, - args=cmdline, shell=True, + args=args, + env=new_environ, close_fds=True, stdin=file("/dev/null"), stdout=subprocess.PIPE, @@ -110,13 +111,15 @@ class CheckPrinterSanity(Question): # Problem executing command. pass elif scheme == "hp": - os.environ['URI'] = uri + new_environ = os.environ.copy() + new_environ['LC_ALL'] = "C" + new_environ['DISPLAY'] = "" try: p = TimedSubprocess (parent=parent, timeout=3000, - args='LC_ALL=C DISPLAY= hp-info -d"$URI"', + args=["hp-info", "-d" + uri, close_fds=True, - shell=True, + env=new_environ, stdin=file("/dev/null"), stdout=subprocess.PIPE, stderr=subprocess.PIPE) Index: system-config-printer-1.2.5/troubleshoot/CheckSELinux.py =================================================================== --- system-config-printer-1.2.5.orig/troubleshoot/CheckSELinux.py +++ system-config-printer-1.2.5/troubleshoot/CheckSELinux.py @@ -45,17 +45,19 @@ class CheckSELinux(Question): if not selinux.is_selinux_enabled(): return False - paths = "/etc/cups/ /usr/lib/cups/ /usr/share/cups/" + paths = ["/etc/cups/", "/usr/lib/cups/", "/usr/share/cups/"] null = file ("/dev/null", "r+") parent = self.troubleshooter.get_window () contexts = {} - restorecon_args = "LC_ALL=C " + RESTORECON + " -nvR " + paths + new_environ = os.environ.copy() + new_environ['LC_ALL'] = "C" + restorecon_args = [RESTORECON, "-nvR"].extend(paths) try: # Run restorecon -nvR self.op = TimedSubprocess (parent=parent, args=restorecon_args, close_fds=True, - shell=True, + env=new_environ, stdin=null, stdout=subprocess.PIPE, stderr=null) Index: system-config-printer-1.2.5/troubleshoot/CheckUSBPermissions.py =================================================================== --- system-config-printer-1.2.5.orig/troubleshoot/CheckUSBPermissions.py +++ system-config-printer-1.2.5/troubleshoot/CheckUSBPermissions.py @@ -57,13 +57,16 @@ class CheckUSBPermissions(Question): if not os.access (GETFACL, os.X_OK): return False + new_environ = os.environ.copy() + new_environ['LC_ALL'] = "C" + # Run lsusb parent = self.troubleshooter.get_window () try: self.op = TimedSubprocess (parent=parent, - args="LC_ALL=C " + LSUSB + " -v", + args=[LSUSB, "-v"], close_fds=True, - shell=True, + env=new_environ, stdin=file("/dev/null"), stdout=subprocess.PIPE, stderr=subprocess.PIPE) @@ -141,10 +144,9 @@ class CheckUSBPermissions(Question): for path in paths: try: self.op = TimedSubprocess (parent=parent, - args="LC_ALL=C %s %s" % (GETFACL, - path), + args=[GETFACL, path], close_fds=True, - shell=True, + env=new_environ, stdin=file("/dev/null"), stdout=subprocess.PIPE, stderr=subprocess.PIPE) continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org