Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lua-lmod for openSUSE:Factory checked in at 2023-01-10 14:59:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lua-lmod (Old) and /work/SRC/openSUSE:Factory/.lua-lmod.new.32243 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lua-lmod" Tue Jan 10 14:59:50 2023 rev:34 rq:1057160 version:8.7.15 Changes: -------- --- /work/SRC/openSUSE:Factory/lua-lmod/lua-lmod.changes 2023-01-04 17:52:58.234311698 +0100 +++ /work/SRC/openSUSE:Factory/.lua-lmod.new.32243/lua-lmod.changes 2023-01-10 15:00:20.093383156 +0100 @@ -1,0 +2,10 @@ +Mon Jan 9 19:43:36 UTC 2023 - Egbert Eich <e...@suse.com> + +- issue-620-Delay-setting-of-LMOD_SHELL_PRGM-until-module-is-actually-called.patch: + Since Lmod sets BASH_ENV to /usr/share/lmod/8.7.15/init/bash, + do not run external commands immediately in this script but only + when `module` is called for the first time. This prevents errors + when this script is run during shell init for access restricted + scripts (apparmor) (boo#1206957). + +------------------------------------------------------------------- New: ---- issue-620-Delay-setting-of-LMOD_SHELL_PRGM-until-module-is-actually-called.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lua-lmod.spec ++++++ --- /var/tmp/diff_new_pack.4EO3LS/_old 2023-01-10 15:00:20.809387269 +0100 +++ /var/tmp/diff_new_pack.4EO3LS/_new 2023-01-10 15:00:20.817387315 +0100 @@ -43,6 +43,7 @@ Source0: https://github.com/TACC/Lmod/archive/%{version}.tar.gz#$/%{name}-%{version}.tar.gz Patch1: Messages-Remove-message-about-creating-a-consulting-ticket.patch Patch2: Doc-Ugly-workaround-for-bug-in-Sphinx.patch +Patch100: issue-620-Delay-setting-of-LMOD_SHELL_PRGM-until-module-is-actually-called.patch BuildRequires: bc BuildRequires: lua >= %{lua_version} @@ -122,6 +123,7 @@ %if 0%{?sle_version:1} && 0%{?sle_version} < 150000 %patch2 -p1 %endif +%patch100 -p1 %build %if 0%{!?build_pdf:1} ++++++ issue-620-Delay-setting-of-LMOD_SHELL_PRGM-until-module-is-actually-called.patch ++++++ From: Egbert Eich <e...@suse.com> Date: Mon Jan 9 18:09:01 2023 +0100 Subject: issue #620: Delay setting of LMOD_SHELL_PRGM until `module` is actually called Patch-mainline: Not yet Git-repo: https://github.com/TACC/Lmod Git-commit: 477d7d5e804b53456f36cfd9d8b1370ca5b50d17 References: The changes introduced in cf0b482a wreak havoc for shell scripts for which security rules are enforced. Thus delay setting of LMOD_SHELL_PRGM until `module` is actually called. Signed-off-by: Egbert Eich <e...@suse.com> Signed-off-by: Egbert Eich <e...@suse.de> --- init/bash.in | 54 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/init/bash.in b/init/bash.in index 1f08627d..357845b5 100644 --- a/init/bash.in +++ b/init/bash.in @@ -47,28 +47,32 @@ findExec () fi unset Nm confPath execNm } -findExec READLINK_CMD @readlink@ readlink -findExec PS_CMD @ps@ ps -findExec EXPR_CMD @expr@ expr -findExec BASENAME_CMD @basename@ basename - -export LMOD_SHELL_PRGM=@my_shell@ -if [ -x $PS_CMD -a -x $EXPR_CMD -a -x $BASENAME_CMD -a -x $READLINK_CMD ]; then - if [ -f /proc/$$/exe ]; then - my_shell=$($READLINK_CMD /proc/$$/exe) - else - my_shell=$($PS_CMD -p $$ -ocomm=) - fi - my_shell=$($EXPR_CMD "$my_shell" : '-*\(.*\)') - my_shell=$($BASENAME_CMD $my_shell) - case ${my_shell} in - bash|zsh|sh) ;; - ksh*) my_shell="ksh";; - *) my_shell="sh";; - esac - LMOD_SHELL_PRGM=$my_shell - unset my_shell -fi + +set_shell_prgm() +{ + findExec READLINK_CMD @readlink@ readlink + findExec PS_CMD @ps@ ps + findExec EXPR_CMD @expr@ expr + findExec BASENAME_CMD @basename@ basename + + export LMOD_SHELL_PRGM=@my_shell@ + if [ -x $PS_CMD -a -x $EXPR_CMD -a -x $BASENAME_CMD -a -x $READLINK_CMD ]; then + if [ -f /proc/$$/exe ]; then + my_shell=$($READLINK_CMD /proc/$$/exe) + else + my_shell=$($PS_CMD -p $$ -ocomm=) + fi + my_shell=$($EXPR_CMD "$my_shell" : '-*\(.*\)') + my_shell=$($BASENAME_CMD $my_shell) + case ${my_shell} in + bash|zsh|sh) ;; + ksh*) my_shell="ksh";; + *) my_shell="sh";; + esac + LMOD_SHELL_PRGM=$my_shell + unset my_shell + fi +} export LMOD_ROOT=@lmod_root@ @@ -119,6 +123,9 @@ export LMOD_SETTARG_FULL_SUPPORT=@lmod_settarg_full_support@ if [ "@silence_shell_debugging@" = "no" ]; then module() { + if [ -z "${LMOD_SHELL_PRGM:-}" ]; then + set_shell_prgm + fi ############################################################ # Run Lmod and eval results eval "$($LMOD_CMD $LMOD_SHELL_PRGM "$@")" && eval $(${LMOD_SETTARG_CMD:-:} -s sh) @@ -141,6 +148,9 @@ else echo "Shell debugging temporarily silenced: export LMOD_SH_DBG_ON=1 for Lmod's output" 1>&2 fi + if [ -z "${LMOD_SHELL_PRGM:-}" ]; then + set_shell_prgm + fi ############################################################ # Run Lmod and eval results eval "$($LMOD_CMD $LMOD_SHELL_PRGM "$@")" && eval "$(${LMOD_SETTARG_CMD:-:} -s sh)"
