Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package yast2 for openSUSE:Factory checked
in at 2021-04-29 22:44:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2 (Old)
and /work/SRC/openSUSE:Factory/.yast2.new.1947 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2"
Thu Apr 29 22:44:34 2021 rev:509 rq:888755 version:4.4.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2/yast2.changes 2021-04-23
17:50:23.354769788 +0200
+++ /work/SRC/openSUSE:Factory/.yast2.new.1947/yast2.changes 2021-04-29
22:44:44.084209900 +0200
@@ -1,0 +2,13 @@
+Tue Apr 27 10:51:35 UTC 2021 - Josef Reidinger <jreidin...@suse.com>
+
+- Add to yast2 mixin Yast2::SecretAttributes for hiding sensitive
+ information (bsc#1141017)
+- 4.4.2
+
+-------------------------------------------------------------------
+Thu Apr 22 06:35:11 UTC 2021 - Imobach Gonzalez Sosa <igonzalezs...@suse.com>
+
+- The location given to the Y2Issue::Issue constructor can be a
+ string or a location object.
+
+-------------------------------------------------------------------
Old:
----
yast2-4.4.1.tar.bz2
New:
----
yast2-4.4.2.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2.spec ++++++
--- /var/tmp/diff_new_pack.Zzjg6M/_old 2021-04-29 22:44:44.808206676 +0200
+++ /var/tmp/diff_new_pack.Zzjg6M/_new 2021-04-29 22:44:44.812206658 +0200
@@ -17,7 +17,7 @@
Name: yast2
-Version: 4.4.1
+Version: 4.4.2
Release: 0
Summary: YaST2 Main Package
License: GPL-2.0-only
++++++ yast2-4.4.1.tar.bz2 -> yast2-4.4.2.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-4.4.1/library/general/src/lib/y2issues/issue.rb
new/yast2-4.4.2/library/general/src/lib/y2issues/issue.rb
--- old/yast2-4.4.1/library/general/src/lib/y2issues/issue.rb 2021-04-19
08:37:30.000000000 +0200
+++ new/yast2-4.4.2/library/general/src/lib/y2issues/issue.rb 2021-04-27
13:02:04.000000000 +0200
@@ -38,7 +38,7 @@
class Issue
include Yast::I18n
- # @return [String,nil] Where the error is located.
+ # @return [Location,nil] Where the error is located.
attr_reader :location
# @return [String] Error message
attr_reader :message
@@ -46,13 +46,13 @@
attr_reader :severity
# @param message [String] User-oriented message describing the problem
- # @param location [URI,String,nil] Where the error is located. Use a URI or
+ # @param location [String,nil] Where the error is located. Use a URI or
# a string to represent the error location. Use 'nil' if it
# does not exist an specific location.
# @param severity [Symbol] warning (:warn) or fatal (:fatal)
def initialize(message, location: nil, severity: :warn)
@message = message
- @location = Location.parse(location) if location
+ @location = location.is_a?(String) ? Location.parse(location) : location
@severity = severity
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-4.4.1/library/general/src/lib/yast2/secret_attributes.rb
new/yast2-4.4.2/library/general/src/lib/yast2/secret_attributes.rb
--- old/yast2-4.4.1/library/general/src/lib/yast2/secret_attributes.rb
1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-4.4.2/library/general/src/lib/yast2/secret_attributes.rb
2021-04-27 13:02:04.000000000 +0200
@@ -0,0 +1,85 @@
+# Copyright (c) [2017] SUSE LLC
+#
+# All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of version 2 of the GNU General Public License as published
+# by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, contact SUSE LLC.
+#
+# To contact SUSE LLC about this file by physical or electronic mail, you may
+# find current contact information at www.suse.com.
+
+module Yast2
+ # Mixin that enables a class to define attributes that are never exposed via
+ # #inspect, #to_s or similar methods, with the goal of preventing
+ # unintentional leaks of sensitive information in the application logs.
+ module SecretAttributes
+ # Inner class to store the value of the attribute without exposing it
+ # directly
+ class Attribute
+ attr_reader :value
+
+ def initialize(value)
+ @value = value
+ end
+
+ def to_s
+ value.nil? ? "" : "<secret>"
+ end
+
+ def inspect
+ value.nil? ? "nil" : "<secret>"
+ end
+
+ def instance_variables
+ # This adds even an extra barrier, just in case some formatter tries to
+ # use deep instrospection
+ []
+ end
+ end
+
+ # Class methods for the mixin
+ module ClassMethods
+ # Similar to .attr_accessor but with additional mechanisms to prevent
+ # exposing the internal value of the attribute
+ #
+ # @example
+ # class TheClass
+ # include Yast2::SecretAttributes
+ #
+ # attr_accessor :name
+ # secret_attr :password
+ # end
+ #
+ # one_object = TheClass.new
+ # one_object.name = "Aa"
+ # one_object.password = "42"
+ #
+ # one_object.password # => "42"
+ # one_object.inspect # => "#<TheClass:0x0f8 @password=<secret>,
@name=\"Aa"\">"
+ def secret_attr(name)
+ define_method(:"#{name}") do
+ attribute = instance_variable_get(:"@#{name}")
+ attribute ? attribute.value : nil
+ end
+
+ define_method(:"#{name}=") do |value|
+ instance_variable_set(:"@#{name}", Attribute.new(value))
+ value
+ end
+ end
+ end
+
+ def self.included(base)
+ base.extend(ClassMethods)
+ end
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-4.4.1/library/general/test/y2issues/issue_test.rb
new/yast2-4.4.2/library/general/test/y2issues/issue_test.rb
--- old/yast2-4.4.1/library/general/test/y2issues/issue_test.rb 2021-04-19
08:37:30.000000000 +0200
+++ new/yast2-4.4.2/library/general/test/y2issues/issue_test.rb 2021-04-27
13:02:04.000000000 +0200
@@ -25,7 +25,9 @@
describe "#new" do
subject(:issue) do
described_class.new(
- "Something went wrong", location: "file:/etc/hosts", severity: :fatal
+ "Something went wrong",
+ location: Y2Issues::Location.parse("file:/etc/hosts"),
+ severity: :fatal
)
end
@@ -35,6 +37,19 @@
expect(issue.severity).to eq(:fatal)
end
+ context "when location is given as a string" do
+ subject(:issue) do
+ described_class.new(
+ "Something went wrong",
+ location: "file:/etc/hosts"
+ )
+ end
+
+ it "parses the given location" do
+ expect(issue.location).to
eq(Y2Issues::Location.parse("file:/etc/hosts"))
+ end
+ end
+
context "when a severity is not given" do
subject(:issue) { described_class.new("Something went wrong") }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-4.4.1/library/general/test/yast2/secret_attributes_test.rb
new/yast2-4.4.2/library/general/test/yast2/secret_attributes_test.rb
--- old/yast2-4.4.1/library/general/test/yast2/secret_attributes_test.rb
1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-4.4.2/library/general/test/yast2/secret_attributes_test.rb
2021-04-27 13:02:04.000000000 +0200
@@ -0,0 +1,190 @@
+#!/usr/bin/env rspec
+# Copyright (c) [2017] SUSE LLC
+#
+# All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of version 2 of the GNU General Public License as published
+# by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, contact SUSE LLC.
+#
+# To contact SUSE LLC about this file by physical or electronic mail, you may
+# find current contact information at www.suse.com.
+
+require_relative "../test_helper"
+require "yast2/secret_attributes"
+require "pp"
+
+describe Yast2::SecretAttributes do
+ # Dummy test clase
+ class ClassWithPassword
+ include Yast2::SecretAttributes
+
+ attr_accessor :name
+ secret_attr :password
+ end
+
+ # Another dummy test clase
+ class ClassWithData
+ include Yast2::SecretAttributes
+
+ attr_accessor :name
+ secret_attr :data
+ end
+
+ # Hypothetical custom formatter that uses instrospection to directly query
the
+ # internal state of the object, ignoring the uniform access principle.
+ def custom_formatter(object)
+ object.instance_variables.each_with_object("") do |var, result|
+ result << "@#{var}: #{object.instance_variable_get(var)};\n"
+ end
+ end
+
+ let(:with_password) { ClassWithPassword.new }
+ let(:with_password2) { ClassWithPassword.new }
+ let(:with_data) { ClassWithData.new }
+ let(:ultimate_hash) { { ultimate_question: 42 } }
+
+ describe ".secret_attr" do
+ it "provides a getter returning nil by default" do
+ expect(with_password.password).to be_nil
+ expect(with_data.data).to be_nil
+ expect(with_data.send(:data)).to be_nil
+ end
+
+ it "provides a setter" do
+ with_password.password = "super-secret"
+ expect(with_password.password).to eq "super-secret"
+ expect(with_password.send(:password)).to eq "super-secret"
+ end
+
+ it "only adds the setter and getter to the correct class" do
+ expect { with_password.data }.to raise_error NoMethodError
+ expect { with_data.password }.to raise_error NoMethodError
+ expect { with_password.data = 2 }.to raise_error NoMethodError
+ expect { with_data.password = "xx" }.to raise_error NoMethodError
+ end
+
+ it "does not mess attributes of different instances" do
+ with_password.password = "super-secret"
+ with_password2.password = "not so secret"
+ expect(with_password.password).to eq "super-secret"
+ expect(with_password2.password).to eq "not so secret"
+ end
+
+ it "does not modify #inspect for the attribute" do
+ expect(with_data.data.inspect).to eq "nil"
+
+ with_data.data = ultimate_hash
+
+ expect(with_data.data.inspect).to eq ultimate_hash.inspect
+ end
+
+ it "does not modify #to_s for the attribute" do
+ expect(with_data.data.to_s).to eq ""
+
+ with_data.data = ultimate_hash
+
+ expect(with_data.data.to_s).to eq ultimate_hash.to_s
+ expect(with_data.send(:data).to_s).to eq ultimate_hash.to_s
+ end
+
+ it "does not modify interpolation for the attribute" do
+ expect("String: #{with_data.data}").to eq "String: "
+
+ with_data.data = ultimate_hash
+
+ expect("String: #{with_data.data}").to eq "String: #{ultimate_hash}"
+ end
+
+ it "is copied in dup just like .attr_accessor" do
+ with_password.name = "data1"
+ with_password.password = "xxx"
+ duplicate = with_password.dup
+
+ expect(duplicate.name).to eq "data1"
+ expect(duplicate.password).to eq "xxx"
+
+ duplicate.password = "yyy"
+ expect(duplicate.password).to eq "yyy"
+ expect(with_password.password).to eq "xxx"
+
+ with_password2.name = "data2"
+ with_password2.password = "xx2"
+ duplicate2 = with_password2.dup
+ duplicate2.name.concat("X")
+ duplicate2.password.concat("X")
+
+ expect(with_password2.name).to eq "data2X"
+ expect(with_password2.password).to eq "xx2X"
+ end
+
+ context "when the attribute has never been set" do
+ it "is not displayed in #inspect (like .attr_accessor)" do
+ expect(with_password.inspect).to_not include "@name"
+ expect(with_password.inspect).to_not include "@password"
+ end
+
+ it "is not displayed by pp (like .attr_accessor)" do
+ expect(with_password.inspect).to_not include "@name"
+ expect(with_password.inspect).to_not include "@password"
+ end
+
+ it "is not exposed to formatters directly inspecting the internal state"
do
+ expect(custom_formatter(with_password)).to_not include "@name:"
+ expect(custom_formatter(with_password)).to_not include "@password:"
+ end
+ end
+
+ context "when the attribute has been set to nil" do
+ before do
+ with_password.name = nil
+ with_password.password = nil
+ end
+
+ it "is displayed as nil in #inspect (like .attr_accessor)" do
+ expect(with_password.inspect).to include "@name=nil"
+ expect(with_password.inspect).to include "@password=nil"
+ end
+
+ it "is displayed as nil by pp (like .attr_accessor)" do
+ expect(with_password.inspect).to include "@name=nil"
+ expect(with_password.inspect).to include "@password=nil"
+ end
+
+ it "is reported as empty to formatters directly inspecting the internal
state" do
+ expect(custom_formatter(with_password)).to include "@name:"
+ expect(custom_formatter(with_password)).to include "@password:"
+ end
+ end
+
+ context "when the attribute has a value" do
+ before do
+ with_password.name = "Skroob"
+ with_password.password = "12345"
+ end
+
+ it "is hidden in #inspect" do
+ expect(with_password.inspect).to include "@name=\"Skroob\""
+ expect(with_password.inspect).to include "@password=<secret>"
+ end
+
+ it "is hidden to pp" do
+ expect(with_password.inspect).to include "@name=\"Skroob\""
+ expect(with_password.inspect).to include "@password=<secret>"
+ end
+
+ it "is hidden from formatters directly inspecting the internal state" do
+ expect(custom_formatter(with_password)).to include "@name: Skroob;"
+ expect(custom_formatter(with_password)).to include "@password:
<secret>;"
+ end
+ end
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-4.4.1/package/yast2.changes
new/yast2-4.4.2/package/yast2.changes
--- old/yast2-4.4.1/package/yast2.changes 2021-04-19 08:37:30.000000000
+0200
+++ new/yast2-4.4.2/package/yast2.changes 2021-04-27 13:02:04.000000000
+0200
@@ -1,4 +1,17 @@
-------------------------------------------------------------------
+Tue Apr 27 10:51:35 UTC 2021 - Josef Reidinger <jreidin...@suse.com>
+
+- Add to yast2 mixin Yast2::SecretAttributes for hiding sensitive
+ information (bsc#1141017)
+- 4.4.2
+
+-------------------------------------------------------------------
+Thu Apr 22 06:35:11 UTC 2021 - Imobach Gonzalez Sosa <igonzalezs...@suse.com>
+
+- The location given to the Y2Issue::Issue constructor can be a
+ string or a location object.
+
+-------------------------------------------------------------------
Fri Apr 16 12:03:50 UTC 2021 - Imobach Gonzalez Sosa <igonzalezs...@suse.com>
- Add a mechanism to report issues to the user (related to
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-4.4.1/package/yast2.spec
new/yast2-4.4.2/package/yast2.spec
--- old/yast2-4.4.1/package/yast2.spec 2021-04-19 08:37:30.000000000 +0200
+++ new/yast2-4.4.2/package/yast2.spec 2021-04-27 13:02:04.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2
-Version: 4.4.1
+Version: 4.4.2
Release: 0
Summary: YaST2 Main Package
License: GPL-2.0-only
