Hello community,
here is the log from the commit of package yast2-registration for
openSUSE:Factory checked in at 2018-11-22 13:24:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-registration (Old)
and /work/SRC/openSUSE:Factory/.yast2-registration.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-registration"
Thu Nov 22 13:24:34 2018 rev:26 rq:650753 version:4.1.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-registration/yast2-registration.changes
2018-11-20 22:31:51.254617576 +0100
+++
/work/SRC/openSUSE:Factory/.yast2-registration.new.19453/yast2-registration.changes
2018-11-22 13:24:40.550053139 +0100
@@ -1,0 +2,7 @@
+Wed Nov 21 16:39:02 CET 2018 - sch...@suse.de
+
+- Do not allow redirection while checking via HTTP request if
+ (old) NCC API is present at the server (bsc#1111404).
+- 4.1.8
+
+-------------------------------------------------------------------
Old:
----
yast2-registration-4.1.7.tar.bz2
New:
----
yast2-registration-4.1.8.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-registration.spec ++++++
--- /var/tmp/diff_new_pack.3bLVBl/_old 2018-11-22 13:24:40.910052764 +0100
+++ /var/tmp/diff_new_pack.3bLVBl/_new 2018-11-22 13:24:40.914052759 +0100
@@ -17,7 +17,7 @@
Name: yast2-registration
-Version: 4.1.7
+Version: 4.1.8
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ yast2-registration-4.1.7.tar.bz2 -> yast2-registration-4.1.8.tar.bz2
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-registration-4.1.7/package/yast2-registration.changes
new/yast2-registration-4.1.8/package/yast2-registration.changes
--- old/yast2-registration-4.1.7/package/yast2-registration.changes
2018-11-19 17:04:25.000000000 +0100
+++ new/yast2-registration-4.1.8/package/yast2-registration.changes
2018-11-21 17:44:29.000000000 +0100
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Wed Nov 21 16:39:02 CET 2018 - sch...@suse.de
+
+- Do not allow redirection while checking via HTTP request if
+ (old) NCC API is present at the server (bsc#1111404).
+- 4.1.8
+
+-------------------------------------------------------------------
Mon Nov 19 16:11:29 CET 2018 - sch...@suse.de
- Improved error messages (bsc#1060151).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-registration-4.1.7/package/yast2-registration.spec
new/yast2-registration-4.1.8/package/yast2-registration.spec
--- old/yast2-registration-4.1.7/package/yast2-registration.spec
2018-11-19 17:04:25.000000000 +0100
+++ new/yast2-registration-4.1.8/package/yast2-registration.spec
2018-11-21 17:44:29.000000000 +0100
@@ -17,7 +17,7 @@
Name: yast2-registration
-Version: 4.1.7
+Version: 4.1.8
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-registration-4.1.7/src/lib/registration/downloader.rb
new/yast2-registration-4.1.8/src/lib/registration/downloader.rb
--- old/yast2-registration-4.1.7/src/lib/registration/downloader.rb
2018-11-19 17:04:25.000000000 +0100
+++ new/yast2-registration-4.1.8/src/lib/registration/downloader.rb
2018-11-21 17:44:29.000000000 +0100
@@ -39,19 +39,27 @@
# is reached the download fails with RuntimeError exception
# @param file_url [String, URI] URL of the file to download
# @param insecure [Boolean] if true the SSL verification errors are ignored
+ # @param allow_redirect [Boolean] true: redirection will be followed
# @return [String] the contents of the downloaded file
- def self.download(file_url, insecure: false)
- download_file(file_url, insecure: insecure)
+ def self.download(file_url, insecure: false, allow_redirect: true)
+ if allow_redirect
+ # Taking default value for redirection_count
+ download_file(file_url, insecure: insecure)
+ else
+ # Do not allow redirection
+ download_file(file_url, insecure: insecure, redirection_count: 0)
+ end
end
# internal method which handles HTTP redirects
# @param file_url [String, URI] URL of the file to download
# @param insecure [Boolean] if true the SSL verification errors are ignored
# @param redirection_count [Numeric] current redirection count, when zero
- # the download fails with RuntimeError exception
+ # the download fails with DownloadError exception
# @return [String] the contents of the downloaded file
def self.download_file(file_url, insecure: false, redirection_count: 10)
- raise "Redirection limit reached, download aborted" if redirection_count
<= 0
+ raise DownloadError,
+ "Redirection not allowed or limit has been reached" if
redirection_count < 0
file_url = URI(file_url) unless file_url.is_a?(URI)
http = Net::HTTP.new(file_url.host, file_url.port)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-registration-4.1.7/src/lib/registration/smt_status.rb
new/yast2-registration-4.1.8/src/lib/registration/smt_status.rb
--- old/yast2-registration-4.1.7/src/lib/registration/smt_status.rb
2018-11-19 17:04:25.000000000 +0100
+++ new/yast2-registration-4.1.8/src/lib/registration/smt_status.rb
2018-11-21 17:44:29.000000000 +0100
@@ -22,7 +22,7 @@
log.info "Checking NCC API presence: #{download_url}"
begin
- Downloader.download(download_url, insecure: insecure)
+ Downloader.download(download_url, insecure: insecure, allow_redirect:
false)
log.info "NCC API found"
return true
rescue DownloadError
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-registration-4.1.7/test/downloader_spec.rb
new/yast2-registration-4.1.8/test/downloader_spec.rb
--- old/yast2-registration-4.1.7/test/downloader_spec.rb 2018-11-19
17:04:25.000000000 +0100
+++ new/yast2-registration-4.1.8/test/downloader_spec.rb 2018-11-21
17:44:29.000000000 +0100
@@ -63,6 +63,19 @@
expect(Registration::Downloader.download(url)).to eq("response")
end
+ it "can block HTTP redirection" do
+ index = Net::HTTPRedirection.new("1.1", 302, "Found")
+ index["location"] = "http://redirected.example.com";
+
+ http = double
+ expect(Net::HTTP).to receive(:new).and_return(http)
+ expect(http).to receive(:request).and_return(index)
+ expect(http).to receive(:proxy?).and_return(false)
+ expect { Registration::Downloader.download(url, allow_redirect: false)
}.to raise_error(
+ Registration::DownloadError, "Redirection not allowed or limit has
been reached"
+ )
+ end
+
it "reads proxy credentials when proxy is used" do
user = "proxy_user"
password = "proxy_password"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-registration-4.1.7/test/smt_status_spec.rb
new/yast2-registration-4.1.8/test/smt_status_spec.rb
--- old/yast2-registration-4.1.7/test/smt_status_spec.rb 2018-11-19
17:04:25.000000000 +0100
+++ new/yast2-registration-4.1.8/test/smt_status_spec.rb 2018-11-21
17:44:29.000000000 +0100
@@ -11,7 +11,7 @@
it "returns true when /center/regsvc?command=listproducts returns OK" do
expect(Registration::Downloader).to receive(:download)
- .with(expected_url, insecure: false)
+ .with(expected_url, insecure: false, allow_redirect: false)
.and_return(true)
expect(subject.ncc_api_present?).to eq(true)
@@ -19,7 +19,7 @@
it "returns false otherwise" do
expect(Registration::Downloader).to receive(:download)
- .with(expected_url, insecure: false)
+ .with(expected_url, insecure: false, allow_redirect: false)
.and_raise(Registration::DownloadError)
expect(subject.ncc_api_present?).to eq(false)
