From 3f59d0908f5b70228912b335a1a8df2b5a56d7b6 Mon Sep 17 00:00:00 2001
From: pmmayero <pmmayero@gmail.com>
Date: Wed, 5 Jun 2024 20:37:48 +0300
Subject: [PATCH 1/2] fix: subprocess.check_output to produce string and not
 bytes

---
 fdroidserver/deploy.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fdroidserver/deploy.py b/fdroidserver/deploy.py
index 7dde38b5..1e98f852 100644
--- a/fdroidserver/deploy.py
+++ b/fdroidserver/deploy.py
@@ -268,19 +268,21 @@ def update_remote_storage_with_rclone(
             )
             configfilename = USER_RCLONE_CONF
         else:
+            rclone_conf_str = split("rclone config file")
             logging.info('Custom configuration not found.')
             logging.info(
                 'Using default configuration at {}'.format(
-                    subprocess.check_output('rclone config file')
+                    subprocess.check_output(rclone_conf_str).decode("utf-8")
                 )
             )
             configfilename = None
     else:
+        rclone_conf_str = split("rclone config file")
         logging.warning("'path_to_custom_rclone_config' not found in config.yml")
         logging.info('Custom configuration not found.')
         logging.info(
             'Using default configuration at {}'.format(
-                subprocess.check_output('rclone config file')
+                subprocess.check_output(rclone_conf_str).decode("utf-8")
             )
         )
         configfilename = None

From 8255dec6b8ad0958179a3158d1b13c6d705d7d57 Mon Sep 17 00:00:00 2001
From: pmmayero <pmmayero@gmail.com>
Date: Tue, 11 Jun 2024 05:31:04 +0300
Subject: [PATCH 2/2] fix: jinja 2 CVE

---
 fdroidserver/deploy.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/fdroidserver/deploy.py b/fdroidserver/deploy.py
index 1e98f852..e87703c5 100644
--- a/fdroidserver/deploy.py
+++ b/fdroidserver/deploy.py
@@ -268,21 +268,19 @@ def update_remote_storage_with_rclone(
             )
             configfilename = USER_RCLONE_CONF
         else:
-            rclone_conf_str = split("rclone config file")
             logging.info('Custom configuration not found.')
             logging.info(
                 'Using default configuration at {}'.format(
-                    subprocess.check_output(rclone_conf_str).decode("utf-8")
+                    subprocess.check_output(split("rclone config file")).decode("utf-8")
                 )
             )
             configfilename = None
     else:
-        rclone_conf_str = split("rclone config file")
         logging.warning("'path_to_custom_rclone_config' not found in config.yml")
         logging.info('Custom configuration not found.')
         logging.info(
             'Using default configuration at {}'.format(
-                subprocess.check_output(rclone_conf_str).decode("utf-8")
+                subprocess.check_output(split("rclone config file")).decode("utf-8")
             )
         )
         configfilename = None