Hello community, here is the log from the commit of package yast2-rmt for openSUSE:Factory checked in at 2019-06-01 09:50:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-rmt (Old) and /work/SRC/openSUSE:Factory/.yast2-rmt.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "yast2-rmt" Sat Jun 1 09:50:47 2019 rev:13 rq:706075 version:1.2.2 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-rmt/yast2-rmt.changes 2019-02-27 15:09:16.682389851 +0100 +++ /work/SRC/openSUSE:Factory/.yast2-rmt.new.5148/yast2-rmt.changes 2019-06-01 09:50:49.067297288 +0200 @@ -1,0 +2,6 @@ +Tue Feb 12 15:51:18 UTC 2019 - skotov@suse.com + +- Release version 1.2.2 +- Pass SSL password to Cheetah CLI interface securely (bsc#1119835) + +------------------------------------------------------------------- Old: ---- yast2-rmt-1.2.1.tar.bz2 New: ---- yast2-rmt-1.2.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-rmt.spec ++++++ --- /var/tmp/diff_new_pack.f1CITI/_old 2019-06-01 09:50:49.995296971 +0200 +++ /var/tmp/diff_new_pack.f1CITI/_new 2019-06-01 09:50:49.995296971 +0200 @@ -17,7 +17,7 @@ Name: yast2-rmt -Version: 1.2.1 +Version: 1.2.2 Release: 0 BuildArch: noarch ++++++ yast2-rmt-1.2.1.tar.bz2 -> yast2-rmt-1.2.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-rmt-1.2.1/package/yast2-rmt.changes new/yast2-rmt-1.2.2/package/yast2-rmt.changes --- old/yast2-rmt-1.2.1/package/yast2-rmt.changes 2019-02-01 12:01:47.000000000 +0100 +++ new/yast2-rmt-1.2.2/package/yast2-rmt.changes 2019-02-18 16:29:51.000000000 +0100 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Tue Feb 12 15:51:18 UTC 2019 - skotov@suse.com + +- Release version 1.2.2 +- Pass SSL password to Cheetah CLI interface securely (bsc#1119835) + +------------------------------------------------------------------- Fri Feb 1 10:58:34 UTC 2019 - fschueller@suse.com - Release version 1.2.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-rmt-1.2.1/package/yast2-rmt.spec new/yast2-rmt-1.2.2/package/yast2-rmt.spec --- old/yast2-rmt-1.2.1/package/yast2-rmt.spec 2019-02-01 12:01:47.000000000 +0100 +++ new/yast2-rmt-1.2.2/package/yast2-rmt.spec 2019-02-18 16:29:51.000000000 +0100 @@ -17,7 +17,7 @@ Name: yast2-rmt -Version: 1.2.1 +Version: 1.2.2 Release: 0 BuildArch: noarch diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-rmt-1.2.1/spec/rmt/ssl/certificate_generator_spec.rb new/yast2-rmt-1.2.2/spec/rmt/ssl/certificate_generator_spec.rb --- old/yast2-rmt-1.2.1/spec/rmt/ssl/certificate_generator_spec.rb 2019-02-01 12:01:47.000000000 +0100 +++ new/yast2-rmt-1.2.2/spec/rmt/ssl/certificate_generator_spec.rb 2019-02-18 16:29:51.000000000 +0100 @@ -79,9 +79,11 @@ context 'with valid password' do it 'returns true' do + expect_any_instance_of(Cheetah::DefaultRecorder).not_to receive(:record_stdin) expect(RMT::Execute).to receive(:on_target!).with( 'openssl', 'rsa', '-passin', 'stdin', '-in', ssl_files[:ca_private_key], - stdin: password + stdin: password, + logger: nil ).and_return(true) expect(method_call).to eq(true) end @@ -89,9 +91,11 @@ context 'with invalid password' do it 'returns false' do + expect_any_instance_of(Cheetah::DefaultRecorder).not_to receive(:record_stdin) expect(RMT::Execute).to receive(:on_target!).with( 'openssl', 'rsa', '-passin', 'stdin', '-in', ssl_files[:ca_private_key], - stdin: password + stdin: password, + logger: nil ).and_raise(Cheetah::ExecutionFailed.new('', '', '', '')) expect(method_call).to eq(false) end @@ -154,10 +158,12 @@ expect(Yast::SCR).to receive(:Write).with(scr_path, ssl_files[:ca_config], ca_config) expect(Yast::SCR).to receive(:Write).with(scr_path, ssl_files[:server_config], server_config) + expect_any_instance_of(Cheetah::DefaultRecorder).not_to receive(:record_stdin) expect(RMT::Execute).to receive(:on_target!).with( 'openssl', 'genrsa', '-aes256', '-passout', 'stdin', '-out', ssl_files[:ca_private_key], described_class::OPENSSL_KEY_BITS, - stdin: ca_password + stdin: ca_password, + logger: nil ) expect(RMT::Execute).to receive(:on_target!).with( @@ -169,7 +175,8 @@ 'openssl', 'req', '-x509', '-new', '-nodes', '-key', ssl_files[:ca_private_key], '-sha256', '-days', described_class::OPENSSL_CA_VALIDITY_DAYS, '-out', ssl_files[:ca_certificate], '-passin', 'stdin', '-config', ssl_files[:ca_config], - stdin: ca_password + stdin: ca_password, + logger: nil ) expect(RMT::Execute).to receive(:on_target!).with( @@ -183,7 +190,8 @@ '-CAkey', ssl_files[:ca_private_key], '-passin', 'stdin', '-days', described_class::OPENSSL_SERVER_CERT_VALIDITY_DAYS, '-sha256', '-CAcreateserial', '-extensions', 'v3_server_sign', '-extfile', ssl_files[:server_config], - stdin: ca_password + stdin: ca_password, + logger: nil ) expect(Yast::SCR).to receive(:Read).with(scr_path, ssl_files[:server_certificate]).and_return(server_cert) @@ -258,13 +266,15 @@ '-out', ssl_files[:server_csr], '-config', ssl_files[:server_config] ) + expect_any_instance_of(Cheetah::DefaultRecorder).not_to receive(:record_stdin) expect(RMT::Execute).to receive(:on_target!).with( 'openssl', 'x509', '-req', '-in', ssl_files[:server_csr], '-out', ssl_files[:server_certificate], '-CA', ssl_files[:ca_certificate], '-CAkey', ssl_files[:ca_private_key], '-passin', 'stdin', '-days', described_class::OPENSSL_SERVER_CERT_VALIDITY_DAYS, '-sha256', '-CAcreateserial', '-extensions', 'v3_server_sign', '-extfile', ssl_files[:server_config], - stdin: ca_password + stdin: ca_password, + logger: nil ) expect(Yast::SCR).to receive(:Read).with(scr_path, ssl_files[:server_certificate]).and_return(server_cert) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-rmt-1.2.1/src/lib/rmt/ssl/certificate_generator.rb new/yast2-rmt-1.2.2/src/lib/rmt/ssl/certificate_generator.rb --- old/yast2-rmt-1.2.1/src/lib/rmt/ssl/certificate_generator.rb 2019-02-01 12:01:47.000000000 +0100 +++ new/yast2-rmt-1.2.2/src/lib/rmt/ssl/certificate_generator.rb 2019-02-18 16:29:51.000000000 +0100 @@ -65,7 +65,8 @@ def valid_password?(password) RMT::Execute.on_target!( 'openssl', 'rsa', '-passin', 'stdin', '-in', @ssl_paths[:ca_private_key], - stdin: password + stdin: password, + logger: nil # do not log in order to securely pass password ) true rescue Cheetah::ExecutionFailed @@ -98,13 +99,15 @@ RMT::Execute.on_target!( 'openssl', 'genrsa', '-aes256', '-passout', 'stdin', '-out', @ssl_paths[:ca_private_key], OPENSSL_KEY_BITS, - stdin: ca_password + stdin: ca_password, + logger: nil # do not log in order to securely pass password ) RMT::Execute.on_target!( 'openssl', 'req', '-x509', '-new', '-nodes', '-key', @ssl_paths[:ca_private_key], '-sha256', '-days', OPENSSL_CA_VALIDITY_DAYS, '-out', @ssl_paths[:ca_certificate], '-passin', 'stdin', '-config', @ssl_paths[:ca_config], - stdin: ca_password + stdin: ca_password, + logger: nil # do not log in order to securely pass password ) end @@ -120,7 +123,8 @@ '-CA', @ssl_paths[:ca_certificate], '-CAkey', @ssl_paths[:ca_private_key], '-passin', 'stdin', '-days', OPENSSL_SERVER_CERT_VALIDITY_DAYS, '-sha256', '-CAcreateserial', '-extensions', 'v3_server_sign', '-extfile', @ssl_paths[:server_config], - stdin: ca_password + stdin: ca_password, + logger: nil # do not log in order to securely pass password ) else RMT::Execute.on_target!(