From fb09e4e130202e7b4b528123401396688d245155 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Wed, 26 Jul 2023 13:06:12 +0000 Subject: [PATCH] import UBI sos-4.5.5-2.el8 --- .gitignore | 2 +- .sos.metadata | 2 +- .../sos-bz2207562-clean-obfuscate-mac.patch | 57 ++++++++++++ ...-bz2218279-clean-respect-permissions.patch | 93 +++++++++++++++++++ SPECS/sos.spec | 24 ++++- 5 files changed, 172 insertions(+), 6 deletions(-) create mode 100644 SOURCES/sos-bz2207562-clean-obfuscate-mac.patch create mode 100644 SOURCES/sos-bz2218279-clean-respect-permissions.patch diff --git a/.gitignore b/.gitignore index ffb4d34..070b750 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/sos-4.5.4.tar.gz +SOURCES/sos-4.5.5.tar.gz SOURCES/sos-audit-0.3.tgz diff --git a/.sos.metadata b/.sos.metadata index 61e625d..9b6751a 100644 --- a/.sos.metadata +++ b/.sos.metadata @@ -1,2 +1,2 @@ -e2c0fe1ab4ab24b7d91d3fb2c590a00bf4f3cf98 SOURCES/sos-4.5.4.tar.gz +cc86572817d14115c3dc5a942c79e89fa17514c4 SOURCES/sos-4.5.5.tar.gz 9d478b9f0085da9178af103078bbf2fd77b0175a SOURCES/sos-audit-0.3.tgz diff --git a/SOURCES/sos-bz2207562-clean-obfuscate-mac.patch b/SOURCES/sos-bz2207562-clean-obfuscate-mac.patch new file mode 100644 index 0000000..51a866d --- /dev/null +++ b/SOURCES/sos-bz2207562-clean-obfuscate-mac.patch @@ -0,0 +1,57 @@ +From 59c2660584734af92eca2eae31af3fbf5557f853 Mon Sep 17 00:00:00 2001 +From: Jan Jansky +Date: Mon, 10 Jul 2023 13:10:22 +0200 +Subject: [PATCH] [clean] Properly obfuscate MAC addresses + +Some of mac addresses was not properly obfuscated because +some collected data contains mac addresses in format +01: and parser was not ready for that. + +Also added mapper which will obfuscate mac address in case +it is in format with _ instead of : as for example + +00_50_56_87_5d_01 + +instead of + +00:50:56:87:5d:01 + +Format with _ is used for example by vmware plugin. + +Resolves: #3302 + +Signed-off-by: Jan Jansky +--- + sos/cleaner/mappings/mac_map.py | 2 +- + sos/cleaner/parsers/mac_parser.py | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/sos/cleaner/mappings/mac_map.py b/sos/cleaner/mappings/mac_map.py +index 334a6681..4ccba25a 100644 +--- a/sos/cleaner/mappings/mac_map.py ++++ b/sos/cleaner/mappings/mac_map.py +@@ -75,5 +75,5 @@ class SoSMacMap(SoSMap): + if re.match('(([0-9a-fA-F]{4}:){3}([0-9a-fA-F]){4})', item): + return self.mac6_quad_template % hextets + # match 48-bit IPv4 MAC addresses +- if re.match('([0-9a-fA-F]:?){12}', item): ++ if re.match('([0-9a-fA-F][:_]?){12}', item): + return self.mac_template % hextets +diff --git a/sos/cleaner/parsers/mac_parser.py b/sos/cleaner/parsers/mac_parser.py +index 88b0ac2e..4e790018 100644 +--- a/sos/cleaner/parsers/mac_parser.py ++++ b/sos/cleaner/parsers/mac_parser.py +@@ -25,8 +25,8 @@ IPV6_REG_4HEX = ( + ) + # aa:bb:cc:dd:ee:ff avoiding ipv6 substring matches + IPV4_REG = ( +- r'((? +Date: Wed, 28 Jun 2023 11:49:56 +0200 +Subject: [PATCH 1/2] [clean] Respect permissions of sanitised files + +When copying files we applied a substitution in, we must replace just +original file content (shutil.copyfile) and not also its stat data +(shutil.copy). + +Resolves: #3292 + +Signed-off-by: Pavel Moravec +--- + sos/cleaner/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sos/cleaner/__init__.py b/sos/cleaner/__init__.py +index feeedf66..fbcaa9c3 100644 +--- a/sos/cleaner/__init__.py ++++ b/sos/cleaner/__init__.py +@@ -778,7 +778,7 @@ third party. + % (short_name, err), caller=arc_name) + tfile.seek(0) + if subs: +- shutil.copy(tfile.name, filename) ++ shutil.copyfile(tfile.name, filename) + tfile.close() + + _ob_short_name = self.obfuscate_string(short_name.split('/')[-1]) +-- +2.31.1 + + +From fc1489a621108d3613d3337489a64950e52d77c3 Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Thu, 29 Jun 2023 22:57:46 +0200 +Subject: [PATCH 2/2] [tests] add test for #3292 + +Add a test that cleaner keeps permissions of a sanitised file + +Relevant to: #3292 + +Signed-off-by: Pavel Moravec +--- + .../basic_function_tests/report_with_mask.py | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/tests/cleaner_tests/basic_function_tests/report_with_mask.py b/tests/cleaner_tests/basic_function_tests/report_with_mask.py +index 7c4d3905..baee836a 100644 +--- a/tests/cleaner_tests/basic_function_tests/report_with_mask.py ++++ b/tests/cleaner_tests/basic_function_tests/report_with_mask.py +@@ -9,6 +9,7 @@ + from sos_tests import StageOneReportTest, StageTwoReportTest + + import re ++from os import stat + + + class ReportWithMask(StageOneReportTest): +@@ -18,6 +19,17 @@ class ReportWithMask(StageOneReportTest): + """ + + sos_cmd = '--mask -o host,networking' ++ hosts_obfuscated = None ++ ++ def pre_sos_setup(self): ++ # obfuscate a random word from /etc/hosts and ensure the updated ++ # sanitised file has same permissions (a+r) ++ try: ++ self.hosts_obfuscated = open('/etc/hosts').read().strip('#\n').split()[-1] ++ except (FileNotFoundError, IndexError) as e: ++ self.warning(f"Unable to process /etc/hosts: {e}") ++ if self.hosts_obfuscated: ++ self.sos_cmd += f' --keywords={self.hosts_obfuscated}' + + def test_mask_was_run(self): + self.assertOutputContains('Beginning obfuscation') +@@ -53,6 +65,12 @@ class ReportWithMask(StageOneReportTest): + mac = line.strip().split()[1] + assert mac.startswith('53:4f:53'), "Found unobfuscated mac addr %s" % mac + ++ def test_perms_unchanged_on_modified_file(self): ++ if self.hosts_obfuscated: ++ imode_orig = stat('/etc/hosts').st_mode ++ imode_obfuscated = stat(self.get_name_in_archive('etc/hosts')).st_mode ++ self.assertEqual(imode_orig, imode_obfuscated) ++ + + class ReportWithCleanedKeywords(StageOneReportTest): + """Testing for obfuscated keywords provided by the user +-- +2.31.1 + diff --git a/SPECS/sos.spec b/SPECS/sos.spec index f88db8d..145f9b7 100644 --- a/SPECS/sos.spec +++ b/SPECS/sos.spec @@ -4,8 +4,8 @@ Summary: A set of tools to gather troubleshooting information from a system Name: sos -Version: 4.5.4 -Release: 1%{?dist} +Version: 4.5.5 +Release: 2%{?dist} Group: Applications/System Source0: https://github.com/sosreport/sos/archive/%{version}/sos-%{version}.tar.gz Source1: sos-audit-%{auditversion}.tgz @@ -22,7 +22,8 @@ Recommends: python3-pexpect Recommends: python3-pyyaml Conflicts: vdsm < 4.40 Obsoletes: sos-collector - +Patch1: sos-bz2218279-clean-respect-permissions.patch +Patch2: sos-bz2207562-clean-obfuscate-mac.patch %description Sos is a set of tools that gathers information about system @@ -33,7 +34,8 @@ support technicians and developers. %prep %setup -qn %{name}-%{version} %setup -T -D -a1 -q - +%patch1 -p1 +%patch2 -p1 %build %py3_build @@ -106,6 +108,20 @@ of the system. Currently storage and filesystem commands are audited. %ghost /etc/audit/rules.d/40-sos-storage.rules %changelog +* Fri Jul 14 2023 Jan Jansky = 4.5.5-2 +- Adding patch for mac obfuscation + Resolves: bz2218279 + Resolves: bz2216608 + Resolves: bz2207562 + +* Mon Jul 03 2023 Jan Jansky = 4.5.5-1 +- [clean] Respect permissions of sanitised files + Resolves: bz2218279 +- [plugin] Fix exception when calling os.makedirs + Resolves: bz2216608 +- [cleaner] Enhance trailing characters list after AMC address + Resolves: bz2207562 + * Thu Jun 01 2023 Pavel Moravec = 4.5.4-1 - [plugins] collect strings before commands Resolves: bz2203141