[libreport/f21] rooptw lines, OpenStack secrets, ureport config
Jakub Filak
jfilak at fedoraproject.org
Fri Nov 28 13:33:38 UTC 2014
commit ba528492ed3a2660b1a37e3d954b1b6e99e1e164
Author: Jakub Filak <jfilak at redhat.com>
Date: Fri Nov 28 10:20:20 2014 +0100
rooptw lines, OpenStack secrets, ureport config
Resolves: #1041558
0032-anaconda-auto-remove-rootpw-lines.patch | 40 +++++++++++
...rd-put-rootpw-on-the-forbidden-words-list.patch | 27 +++++++
0034-problem_data-make-ks.cfg-file-editable.patch | 45 ++++++++++++
...port_ContactEmail-setting-can-be-left-emp.patch | 25 +++++++
...idden-words-add-OpenStack-related-strings.patch | 42 +++++++++++
...rk-anaconda-tb-as-editable-file-and-remov.patch | 74 ++++++++++++++++++++
libreport.spec | 14 ++++-
7 files changed, 266 insertions(+), 1 deletions(-)
---
diff --git a/0032-anaconda-auto-remove-rootpw-lines.patch b/0032-anaconda-auto-remove-rootpw-lines.patch
new file mode 100644
index 0000000..158ed02
--- /dev/null
+++ b/0032-anaconda-auto-remove-rootpw-lines.patch
@@ -0,0 +1,40 @@
+From 95e51ffb1b5b6b283be9e3eebcf8e4a470532624 Mon Sep 17 00:00:00 2001
+From: Jakub Filak <jfilak at redhat.com>
+Date: Thu, 6 Nov 2014 06:34:35 +0100
+Subject: [PATCH] anaconda: auto-remove rootpw lines
+
+Replace that lines with:
+<auto-removed line containing rootpw>
+
+in the following files:
+ - backtrace
+ - ks.cfg
+
+Related to #1041558
+
+Signed-off-by: Jakub Filak <jfilak at redhat.com>
+---
+ src/plugins/bugzilla_anaconda_event.conf | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/plugins/bugzilla_anaconda_event.conf b/src/plugins/bugzilla_anaconda_event.conf
+index 430e5ee..923dda0 100644
+--- a/src/plugins/bugzilla_anaconda_event.conf
++++ b/src/plugins/bugzilla_anaconda_event.conf
+@@ -1,4 +1,13 @@
+ EVENT=report_Bugzilla component=anaconda
++ # remove sensitive information from the sensitive files
++ for sf in backtrace ks.cfg; do
++ if [ -f $sf ]; then
++ # blindly remove entire line
++ # filing a less usable bug is surely better than publishing passwords
++ sed 's/^.*rootpw.*$/<auto-removed line containing rootpw>/' -i $sf
++ fi
++ done
++ # file a bug in Bugzilla
+ reporter-bugzilla -b \
+ -F /etc/libreport/plugins/bugzilla_format_anaconda.conf \
+ -A /etc/libreport/plugins/bugzilla_formatdup_anaconda.conf
+--
+2.1.0
+
diff --git a/0033-wizard-put-rootpw-on-the-forbidden-words-list.patch b/0033-wizard-put-rootpw-on-the-forbidden-words-list.patch
new file mode 100644
index 0000000..a577aed
--- /dev/null
+++ b/0033-wizard-put-rootpw-on-the-forbidden-words-list.patch
@@ -0,0 +1,27 @@
+From ffdfc69e282ac858704bb1fe5a425420ca455db7 Mon Sep 17 00:00:00 2001
+From: Jakub Filak <jfilak at redhat.com>
+Date: Thu, 6 Nov 2014 06:35:53 +0100
+Subject: [PATCH] wizard: put rootpw on the forbidden words list
+
+Related to #1041558
+
+Signed-off-by: Jakub Filak <jfilak at redhat.com>
+---
+ src/gui-wizard-gtk/forbidden_words.conf | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/gui-wizard-gtk/forbidden_words.conf b/src/gui-wizard-gtk/forbidden_words.conf
+index deab04b..1fbc1ca 100644
+--- a/src/gui-wizard-gtk/forbidden_words.conf
++++ b/src/gui-wizard-gtk/forbidden_words.conf
+@@ -23,6 +23,7 @@ PASS
+ password
+ Password
+ PASSWORD
++rootpw
+ secret
+ Secret
+ SECRET
+--
+2.1.0
+
diff --git a/0034-problem_data-make-ks.cfg-file-editable.patch b/0034-problem_data-make-ks.cfg-file-editable.patch
new file mode 100644
index 0000000..0e621b9
--- /dev/null
+++ b/0034-problem_data-make-ks.cfg-file-editable.patch
@@ -0,0 +1,45 @@
+From a26eed565ac3fe0282e7fbff5a9a446d51a5ed32 Mon Sep 17 00:00:00 2001
+From: Jakub Filak <jfilak at redhat.com>
+Date: Thu, 6 Nov 2014 06:43:42 +0100
+Subject: [PATCH] problem_data: make ks.cfg file editable
+
+Otherwise the GUI will not highlight the forbidden words in that file.
+
+Related to #1041558
+
+Signed-off-by: Jakub Filak <jfilak at redhat.com>
+---
+ src/include/internal_libreport.h | 4 ++++
+ src/lib/problem_data.c | 1 +
+ 2 files changed, 5 insertions(+)
+
+diff --git a/src/include/internal_libreport.h b/src/include/internal_libreport.h
+index 585b807..2e75de0 100644
+--- a/src/include/internal_libreport.h
++++ b/src/include/internal_libreport.h
+@@ -910,6 +910,10 @@ struct dump_dir *open_directory_for_writing(
+ #define FILENAME_ABRT_VERSION "abrt_version"
+ #define FILENAME_EXPLOITABLE "exploitable"
+
++/* File names related to Anaconda problems
++ */
++#define FILENAME_KICKSTART_CFG "ks.cfg"
++
+ // Not stored as files, added "on the fly":
+ #define CD_DUMPDIR "Directory"
+
+diff --git a/src/lib/problem_data.c b/src/lib/problem_data.c
+index fc07288..c095f6c 100644
+--- a/src/lib/problem_data.c
++++ b/src/lib/problem_data.c
+@@ -261,6 +261,7 @@ static const char *const editable_files[] = {
+ //FILENAME_COUNT ,
+ //FILENAME_REPORTED_TO,
+ //FILENAME_EVENT_LOG ,
++ FILENAME_KICKSTART_CFG,
+ NULL
+ };
+ static bool is_editable_file(const char *file_name)
+--
+2.1.0
+
diff --git a/0035-ureport-uReport_ContactEmail-setting-can-be-left-emp.patch b/0035-ureport-uReport_ContactEmail-setting-can-be-left-emp.patch
new file mode 100644
index 0000000..680e7a1
--- /dev/null
+++ b/0035-ureport-uReport_ContactEmail-setting-can-be-left-emp.patch
@@ -0,0 +1,25 @@
+From 98fba513ccf70f549dd1915628f1b780f7d4d5fc Mon Sep 17 00:00:00 2001
+From: Jakub Filak <jfilak at redhat.com>
+Date: Thu, 27 Nov 2014 09:14:46 +0100
+Subject: [PATCH] ureport: uReport_ContactEmail setting can be left empty
+
+Signed-off-by: Jakub Filak <jfilak at redhat.com>
+---
+ src/plugins/report_uReport.xml.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/plugins/report_uReport.xml.in b/src/plugins/report_uReport.xml.in
+index 1147880..115b403 100644
+--- a/src/plugins/report_uReport.xml.in
++++ b/src/plugins/report_uReport.xml.in
+@@ -23,6 +23,7 @@
+ <option type="text" name="uReport_ContactEmail">
+ <_label>Contact email address</_label>
+ <_description>Email address that can be used by ABRT server to inform you about news and updates</_description>
++ <allow-empty>yes</allow-empty>
+ </option>
+ <option type="bool" name="uReport_SSLVerify">
+ <_label>Verify SSL</_label>
+--
+2.1.0
+
diff --git a/0036-forbidden-words-add-OpenStack-related-strings.patch b/0036-forbidden-words-add-OpenStack-related-strings.patch
new file mode 100644
index 0000000..812495b
--- /dev/null
+++ b/0036-forbidden-words-add-OpenStack-related-strings.patch
@@ -0,0 +1,42 @@
+From 1a81dfacec4f1f5ad57f642ed02d373ae54e3baf Mon Sep 17 00:00:00 2001
+From: Jakub Filak <jfilak at redhat.com>
+Date: Thu, 27 Nov 2014 08:49:29 +0100
+Subject: [PATCH] forbidden words: add OpenStack related strings
+
+"token" - Thanks Nathan Kinder <nkinder at redhat.com>
+"key" - googled for "OpenStack environment variables"
+"https" - forgotten
+
+Signed-off-by: Jakub Filak <jfilak at redhat.com>
+---
+ src/gui-wizard-gtk/forbidden_words.conf | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/gui-wizard-gtk/forbidden_words.conf b/src/gui-wizard-gtk/forbidden_words.conf
+index 1fbc1ca..45725ce 100644
+--- a/src/gui-wizard-gtk/forbidden_words.conf
++++ b/src/gui-wizard-gtk/forbidden_words.conf
+@@ -11,6 +11,10 @@ banking
+ Banking
+ BANKING
+ http://
++https://
++key
++Key
++KEY
+ login
+ Login
+ LOGIN
+@@ -27,6 +31,9 @@ rootpw
+ secret
+ Secret
+ SECRET
++token
++Token
++TOKEN
+ username
+ Username
+ USERNAME
+--
+2.1.0
+
diff --git a/0037-anaconda-mark-anaconda-tb-as-editable-file-and-remov.patch b/0037-anaconda-mark-anaconda-tb-as-editable-file-and-remov.patch
new file mode 100644
index 0000000..595d05d
--- /dev/null
+++ b/0037-anaconda-mark-anaconda-tb-as-editable-file-and-remov.patch
@@ -0,0 +1,74 @@
+From 6e2e2da6736476c8260871988d8e44a4c7797b3f Mon Sep 17 00:00:00 2001
+From: Jakub Filak <jfilak at redhat.com>
+Date: Tue, 18 Nov 2014 10:18:32 +0100
+Subject: [PATCH] anaconda: mark anaconda-tb as editable file and remove rootpw
+ lines
+
+anaconda-tb file contains the main information about Anaconda problems.
+
+report-gtk won't be highlighting forbidden words, because anaconda-tb
+contains many false positives words as the file is mainly composed of
+log outputs.
+
+Related to #1041558
+
+Signed-off-by: Jakub Filak <jfilak at redhat.com>
+---
+ src/gui-wizard-gtk/wizard.c | 2 +-
+ src/include/internal_libreport.h | 1 +
+ src/lib/problem_data.c | 1 +
+ src/plugins/bugzilla_anaconda_event.conf | 2 +-
+ 4 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/gui-wizard-gtk/wizard.c b/src/gui-wizard-gtk/wizard.c
+index 8d0429e..ab6123f 100644
+--- a/src/gui-wizard-gtk/wizard.c
++++ b/src/gui-wizard-gtk/wizard.c
+@@ -1185,7 +1185,7 @@ static void append_item_to_ls_details(gpointer name, gpointer value, gpointer da
+ //FIXME: use the human-readable problem_item_format(item) instead of item->content.
+ if (item->flags & CD_FLAG_TXT)
+ {
+- if (item->flags & CD_FLAG_ISEDITABLE)
++ if (item->flags & CD_FLAG_ISEDITABLE && strcmp(name, FILENAME_ANACONDA_TB) != 0)
+ {
+ GtkWidget *tab_lbl = gtk_label_new((char *)name);
+ GtkWidget *tev = gtk_text_view_new();
+diff --git a/src/include/internal_libreport.h b/src/include/internal_libreport.h
+index 2e75de0..d664fa4 100644
+--- a/src/include/internal_libreport.h
++++ b/src/include/internal_libreport.h
+@@ -913,6 +913,7 @@ struct dump_dir *open_directory_for_writing(
+ /* File names related to Anaconda problems
+ */
+ #define FILENAME_KICKSTART_CFG "ks.cfg"
++#define FILENAME_ANACONDA_TB "anaconda-tb"
+
+ // Not stored as files, added "on the fly":
+ #define CD_DUMPDIR "Directory"
+diff --git a/src/lib/problem_data.c b/src/lib/problem_data.c
+index c095f6c..c57e57f 100644
+--- a/src/lib/problem_data.c
++++ b/src/lib/problem_data.c
+@@ -262,6 +262,7 @@ static const char *const editable_files[] = {
+ //FILENAME_REPORTED_TO,
+ //FILENAME_EVENT_LOG ,
+ FILENAME_KICKSTART_CFG,
++ FILENAME_ANACONDA_TB,
+ NULL
+ };
+ static bool is_editable_file(const char *file_name)
+diff --git a/src/plugins/bugzilla_anaconda_event.conf b/src/plugins/bugzilla_anaconda_event.conf
+index 923dda0..e45a10a 100644
+--- a/src/plugins/bugzilla_anaconda_event.conf
++++ b/src/plugins/bugzilla_anaconda_event.conf
+@@ -1,6 +1,6 @@
+ EVENT=report_Bugzilla component=anaconda
+ # remove sensitive information from the sensitive files
+- for sf in backtrace ks.cfg; do
++ for sf in backtrace ks.cfg anaconda-tb; do
+ if [ -f $sf ]; then
+ # blindly remove entire line
+ # filing a less usable bug is surely better than publishing passwords
+--
+2.1.0
+
diff --git a/libreport.spec b/libreport.spec
index 8d5ed6a..2c55845 100644
--- a/libreport.spec
+++ b/libreport.spec
@@ -7,7 +7,7 @@
Summary: Generic library for reporting various problems
Name: libreport
Version: 2.3.0
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Libraries
URL: https://github.com/abrt/abrt/wiki/ABRT-Project
@@ -47,6 +47,12 @@ Patch0027: 0027-testsuite-do-not-expected-ureport-exiting-on-rhsm-ce.patch
Patch0029: 0029-Prevent-duplicate-values-for-CODE_-fields-being-logg.patch
#Patch0030: 0030-spec-update-the-URL.patch
Patch0031: 0031-Revert-ureport-use-rhsm-ssl-client-auth-by-default.patch
+Patch0032: 0032-anaconda-auto-remove-rootpw-lines.patch
+Patch0033: 0033-wizard-put-rootpw-on-the-forbidden-words-list.patch
+Patch0034: 0034-problem_data-make-ks.cfg-file-editable.patch
+Patch0035: 0035-ureport-uReport_ContactEmail-setting-can-be-left-emp.patch
+Patch0036: 0036-forbidden-words-add-OpenStack-related-strings.patch
+Patch0037: 0037-anaconda-mark-anaconda-tb-as-editable-file-and-remov.patch
# git is need for '%%autosetup -S git' which automatically applies all the
# patches above. Please, be aware that the patches must be generated
@@ -709,6 +715,12 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%changelog
+* Fri Nov 28 2014 Jakub Filak <jfilak at redhat.com> 2.3.0-5
+- anaconda: filter out rootpw lines
+- highglit OpenStack related strings
+- ureport: do not bother user with the configuration window
+- Resolves: #1041558
+
* Thu Nov 13 2014 Jakub Filak <jfilak at redhat.com> 2.3.0-4
- ureport: do not use 'rhsm' SSL auth by default
- Resolves: #1163381
More information about the scm-commits
mailing list