From fb09e4e130202e7b4b528123401396688d245155 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <andrew.lukoshko@gmail.com>
Date: Wed, 26 Jul 2023 13:06:12 +0000
Subject: [PATCH] import UBI sos-4.5.5-2.el8

---
 .gitignore                                    |  2 +-
 .sos.metadata                                 |  2 +-
 .../sos-bz2207562-clean-obfuscate-mac.patch   | 57 ++++++++++++
 ...-bz2218279-clean-respect-permissions.patch | 93 +++++++++++++++++++
 SPECS/sos.spec                                | 24 ++++-
 5 files changed, 172 insertions(+), 6 deletions(-)
 create mode 100644 SOURCES/sos-bz2207562-clean-obfuscate-mac.patch
 create mode 100644 SOURCES/sos-bz2218279-clean-respect-permissions.patch

diff --git a/.gitignore b/.gitignore
index ffb4d34..070b750 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/sos-4.5.4.tar.gz
+SOURCES/sos-4.5.5.tar.gz
 SOURCES/sos-audit-0.3.tgz
diff --git a/.sos.metadata b/.sos.metadata
index 61e625d..9b6751a 100644
--- a/.sos.metadata
+++ b/.sos.metadata
@@ -1,2 +1,2 @@
-e2c0fe1ab4ab24b7d91d3fb2c590a00bf4f3cf98 SOURCES/sos-4.5.4.tar.gz
+cc86572817d14115c3dc5a942c79e89fa17514c4 SOURCES/sos-4.5.5.tar.gz
 9d478b9f0085da9178af103078bbf2fd77b0175a SOURCES/sos-audit-0.3.tgz
diff --git a/SOURCES/sos-bz2207562-clean-obfuscate-mac.patch b/SOURCES/sos-bz2207562-clean-obfuscate-mac.patch
new file mode 100644
index 0000000..51a866d
--- /dev/null
+++ b/SOURCES/sos-bz2207562-clean-obfuscate-mac.patch
@@ -0,0 +1,57 @@
+From 59c2660584734af92eca2eae31af3fbf5557f853 Mon Sep 17 00:00:00 2001
+From: Jan Jansky <jjansky@redhat.com>
+Date: Mon, 10 Jul 2023 13:10:22 +0200
+Subject: [PATCH] [clean] Properly obfuscate MAC addresses
+
+Some of mac addresses was not properly obfuscated because
+some collected data contains mac addresses in format
+01:<mac> and parser was not ready for that.
+
+Also added mapper which will obfuscate mac address in case
+it is in format with _ instead of : as for example
+
+00_50_56_87_5d_01
+
+instead of
+
+00:50:56:87:5d:01
+
+Format with _ is used for example by vmware plugin.
+
+Resolves: #3302
+
+Signed-off-by: Jan Jansky <jjansky@redhat.com>
+---
+ sos/cleaner/mappings/mac_map.py   | 2 +-
+ sos/cleaner/parsers/mac_parser.py | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/sos/cleaner/mappings/mac_map.py b/sos/cleaner/mappings/mac_map.py
+index 334a6681..4ccba25a 100644
+--- a/sos/cleaner/mappings/mac_map.py
++++ b/sos/cleaner/mappings/mac_map.py
+@@ -75,5 +75,5 @@ class SoSMacMap(SoSMap):
+         if re.match('(([0-9a-fA-F]{4}:){3}([0-9a-fA-F]){4})', item):
+             return self.mac6_quad_template % hextets
+         # match 48-bit IPv4 MAC addresses
+-        if re.match('([0-9a-fA-F]:?){12}', item):
++        if re.match('([0-9a-fA-F][:_]?){12}', item):
+             return self.mac_template % hextets
+diff --git a/sos/cleaner/parsers/mac_parser.py b/sos/cleaner/parsers/mac_parser.py
+index 88b0ac2e..4e790018 100644
+--- a/sos/cleaner/parsers/mac_parser.py
++++ b/sos/cleaner/parsers/mac_parser.py
+@@ -25,8 +25,8 @@ IPV6_REG_4HEX = (
+ )
+ # aa:bb:cc:dd:ee:ff avoiding ipv6 substring matches
+ IPV4_REG = (
+-    r'((?<!([0-9a-fA-F\'\"]:)|::)(([^:\-])?([0-9a-fA-F]{2}([:-])){5}'
+-    r'([0-9a-fA-F]){2}(\'|\")?(\/|\,|\-|\.|\s|$)))'
++    r'((?<!([0-9a-fA-F\'\"]:)|::)'
++    r'(([^:\-])?(([0-9a-fA-F]{2}([:\-\_])){5,6}([0-9a-fA-F]{2}))))'
+ )
+ 
+ 
+-- 
+2.31.1
+
diff --git a/SOURCES/sos-bz2218279-clean-respect-permissions.patch b/SOURCES/sos-bz2218279-clean-respect-permissions.patch
new file mode 100644
index 0000000..ab384f8
--- /dev/null
+++ b/SOURCES/sos-bz2218279-clean-respect-permissions.patch
@@ -0,0 +1,93 @@
+From cca04c1e1fdc97632cdefdc1d1d7a3dea9cb4aea Mon Sep 17 00:00:00 2001
+From: Pavel Moravec <pmoravec@redhat.com>
+Date: Wed, 28 Jun 2023 11:49:56 +0200
+Subject: [PATCH 1/2] [clean] Respect permissions of sanitised files
+
+When copying files we applied a substitution in, we must replace just
+original file content (shutil.copyfile) and not also its stat data
+(shutil.copy).
+
+Resolves: #3292
+
+Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
+---
+ sos/cleaner/__init__.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sos/cleaner/__init__.py b/sos/cleaner/__init__.py
+index feeedf66..fbcaa9c3 100644
+--- a/sos/cleaner/__init__.py
++++ b/sos/cleaner/__init__.py
+@@ -778,7 +778,7 @@ third party.
+                                        % (short_name, err), caller=arc_name)
+             tfile.seek(0)
+             if subs:
+-                shutil.copy(tfile.name, filename)
++                shutil.copyfile(tfile.name, filename)
+             tfile.close()
+ 
+         _ob_short_name = self.obfuscate_string(short_name.split('/')[-1])
+-- 
+2.31.1
+
+
+From fc1489a621108d3613d3337489a64950e52d77c3 Mon Sep 17 00:00:00 2001
+From: Pavel Moravec <pmoravec@redhat.com>
+Date: Thu, 29 Jun 2023 22:57:46 +0200
+Subject: [PATCH 2/2] [tests] add test for #3292
+
+Add a test that cleaner keeps permissions of a sanitised file
+
+Relevant to: #3292
+
+Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
+---
+ .../basic_function_tests/report_with_mask.py   | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/tests/cleaner_tests/basic_function_tests/report_with_mask.py b/tests/cleaner_tests/basic_function_tests/report_with_mask.py
+index 7c4d3905..baee836a 100644
+--- a/tests/cleaner_tests/basic_function_tests/report_with_mask.py
++++ b/tests/cleaner_tests/basic_function_tests/report_with_mask.py
+@@ -9,6 +9,7 @@
+ from sos_tests import StageOneReportTest, StageTwoReportTest
+ 
+ import re
++from os import stat
+ 
+ 
+ class ReportWithMask(StageOneReportTest):
+@@ -18,6 +19,17 @@ class ReportWithMask(StageOneReportTest):
+     """
+ 
+     sos_cmd = '--mask -o host,networking'
++    hosts_obfuscated = None
++
++    def pre_sos_setup(self):
++        # obfuscate a random word from /etc/hosts and ensure the updated
++        # sanitised file has same permissions (a+r)
++        try:
++            self.hosts_obfuscated = open('/etc/hosts').read().strip('#\n').split()[-1]
++        except (FileNotFoundError, IndexError) as e:
++            self.warning(f"Unable to process /etc/hosts: {e}")
++        if self.hosts_obfuscated:
++            self.sos_cmd += f' --keywords={self.hosts_obfuscated}'
+ 
+     def test_mask_was_run(self):
+         self.assertOutputContains('Beginning obfuscation')
+@@ -53,6 +65,12 @@ class ReportWithMask(StageOneReportTest):
+                 mac = line.strip().split()[1]
+                 assert mac.startswith('53:4f:53'), "Found unobfuscated mac addr %s" % mac
+ 
++    def test_perms_unchanged_on_modified_file(self):
++        if self.hosts_obfuscated:
++            imode_orig = stat('/etc/hosts').st_mode
++            imode_obfuscated = stat(self.get_name_in_archive('etc/hosts')).st_mode
++            self.assertEqual(imode_orig, imode_obfuscated)
++
+ 
+ class ReportWithCleanedKeywords(StageOneReportTest):
+     """Testing for obfuscated keywords provided by the user
+-- 
+2.31.1
+
diff --git a/SPECS/sos.spec b/SPECS/sos.spec
index f88db8d..145f9b7 100644
--- a/SPECS/sos.spec
+++ b/SPECS/sos.spec
@@ -4,8 +4,8 @@
 
 Summary: A set of tools to gather troubleshooting information from a system
 Name: sos
-Version: 4.5.4
-Release: 1%{?dist}
+Version: 4.5.5
+Release: 2%{?dist}
 Group: Applications/System
 Source0: https://github.com/sosreport/sos/archive/%{version}/sos-%{version}.tar.gz
 Source1: sos-audit-%{auditversion}.tgz
@@ -22,7 +22,8 @@ Recommends: python3-pexpect
 Recommends: python3-pyyaml
 Conflicts: vdsm < 4.40
 Obsoletes: sos-collector
-
+Patch1: sos-bz2218279-clean-respect-permissions.patch
+Patch2: sos-bz2207562-clean-obfuscate-mac.patch
 
 %description
 Sos is a set of tools that gathers information about system
@@ -33,7 +34,8 @@ support technicians and developers.
 %prep
 %setup -qn %{name}-%{version}
 %setup -T -D -a1 -q
-
+%patch1 -p1
+%patch2 -p1
 
 %build
 %py3_build
@@ -106,6 +108,20 @@ of the system. Currently storage and filesystem commands are audited.
 %ghost /etc/audit/rules.d/40-sos-storage.rules
 
 %changelog
+* Fri Jul 14 2023 Jan Jansky <jjansky@redhat.com> = 4.5.5-2
+- Adding patch for mac obfuscation
+  Resolves: bz2218279
+  Resolves: bz2216608
+  Resolves: bz2207562
+
+* Mon Jul 03 2023 Jan Jansky <jjansky@redhat.com> = 4.5.5-1
+- [clean] Respect permissions of sanitised files
+  Resolves: bz2218279
+- [plugin] Fix exception when calling os.makedirs
+  Resolves: bz2216608
+- [cleaner] Enhance trailing characters list after AMC address
+  Resolves: bz2207562
+
 * Thu Jun 01 2023 Pavel Moravec <pmoravec@redhat.com> = 4.5.4-1
 - [plugins] collect strings before commands
   Resolves: bz2203141