14 changed files with 233 additions and 153 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,22 +1,2 @@
-/sos-4.2.tar.gz
+SOURCES/sos-4.10.0.tar.gz
-/sos-audit-0.3.tgz
+SOURCES/sos-audit-0.3-1.tgz
 /sos-4.3.tar.gz
 /sos-4.4.tar.gz
 /sos-4.5.0.tar.gz
 /sos-4.5.1.tar.gz
 /sos-4.5.3.tar.gz
 /sos-4.5.4.tar.gz
 /sos-4.5.6.tar.gz
 /sos-4.6.0.tar.gz
 /sos-4.6.1.tar.gz
 /sos-4.7.0.tar.gz
 /sos-4.7.1.tar.gz
 /sos-4.7.2.tar.gz
 /sos-4.8.0.tar.gz
 /sos-4.8.1.tar.gz
 /sos-4.8.2.tar.gz
 /sos-4.9.1.tar.gz
 /sos-audit-0.3-1.tgz
 /sos-4.9.2.tar.gz
 /sos-4.10.0.tar.gz
 /sos-4.10.1.tar.gz
--- a/.sos.metadata
+++ b/.sos.metadata
@ -0,0 +1,2 @@
 6042daa19f01ecf2f1e331ae70482653fd500d1f SOURCES/sos-4.10.0.tar.gz
 00752b68ec5e1141192a9dab7d44377b8d637bf7 SOURCES/sos-audit-0.3-1.tgz
--- a/0005-pulpcore-RFE-export-table-contents-as-CSV.patch
+++ b/0005-pulpcore-RFE-export-table-contents-as-CSV.patch
@ -1,60 +0,0 @@
 From 6402b4240929b334c31a38a9c86e16e0b6a9e4dd Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pablo=20Fern=C3=A1ndez=20Rodr=C3=ADguez?=
 <pafernan@redhat.com>
 Date: Fri, 21 Nov 2025 12:32:30 +0100
 Subject: [PATCH] [pulpcore] RFE export table contents as CSV
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Resolves: #4152
 Signed-off-by: Pablo Fernández Rodríguez <pafernan@redhat.com>
 ---
 sos/report/plugins/pulpcore.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)
 diff --git a/sos/report/plugins/pulpcore.py b/sos/report/plugins/pulpcore.py
 index ffd53e01..4b126e78 100644
 --- a/sos/report/plugins/pulpcore.py
 +++ b/sos/report/plugins/pulpcore.py
@@ -127,14 +127,15 @@ class PulpCore(Plugin, IndependentPlugin):
                       "AND table_schema = 'public' AND column_name NOT IN"
                       " ('args', 'kwargs', 'enc_args', 'enc_kwargs'))"
                       " TO STDOUT;")
 -            col_out = self.exec_cmd(self.build_query_cmd(_query), env=self.env,
 +            col_out = self.exec_cmd(self.build_query_cmd(_query, csv=False),
 +                                    env=self.env,
                                     runas=self.runas,
                                     container=self.in_container)
             columns = col_out['output'] if col_out['status'] == 0 else '*'
             _query = (f"select {columns} from {table} where pulp_last_updated"
                       f"> NOW() - interval '{task_days} days' order by"
                       " pulp_last_updated")
 -            _cmd = self.build_query_cmd(_query)
 +            _cmd = self.build_query_cmd(_query, csv=True)
             self.add_cmd_output(_cmd, env=self.env, suggest_filename=table,
                                 runas=self.runas, container=self.in_container)
@@ -152,7 +153,8 @@ class PulpCore(Plugin, IndependentPlugin):
             "pg_total_relation_size(reltoastrelid) AS toast_bytes "
             "FROM pg_class c LEFT JOIN pg_namespace n ON "
             "n.oid = c.relnamespace WHERE relkind = 'r') a) a order by "
 -            "total_bytes DESC"
 +            "total_bytes DESC",
 +            csv=False
         )
         self.add_cmd_output(_cmd, suggest_filename='pulpcore_db_tables_sizes',
                             env=self.env, runas=self.runas,
@@ -168,7 +170,7 @@ class PulpCore(Plugin, IndependentPlugin):
         """
         if csv:
             query = f"COPY ({query}) TO STDOUT " \
 -                    "WITH (FORMAT 'csv', DELIMITER ',', HEADER)"
 +                    "WITH (FORMAT 'csv', DELIMITER ';', HEADER)"
         _dbcmd = "psql --no-password -h %s -p %s -U %s -d %s -c %s"
         return _dbcmd % (self.dbhost, self.dbport,
                          self.dbuser, self.dbname, quote(query))
 -- 
 2.51.1
--- a/0006-cleaner-Mask-IPv6-addresses-with-trailing-or.patch
+++ b/0006-cleaner-Mask-IPv6-addresses-with-trailing-or.patch
@ -1,31 +0,0 @@
 From 1c1ee1ac676961fecfc5513fa4f90656401b3aaa Mon Sep 17 00:00:00 2001
 From: Pavel Moravec <pmoravec@redhat.com>
 Date: Wed, 5 Nov 2025 11:53:57 +0100
 Subject: [PATCH] [cleaner] Mask IPv6 addresses with trailing ':' or '\'
 Additionally, fix missing backslash in subnet identification.
 Resolves: #4154
 Closes: #4155
 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
 ---
 sos/cleaner/parsers/ipv6_parser.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/sos/cleaner/parsers/ipv6_parser.py b/sos/cleaner/parsers/ipv6_parser.py
 index bfb860c7..315241f5 100644
 --- a/sos/cleaner/parsers/ipv6_parser.py
 +++ b/sos/cleaner/parsers/ipv6_parser.py
@@ -27,7 +27,7 @@ class SoSIPv6Parser(SoSCleanerParser):
         # a trailing prefix for the network bits.
         r"(?<![:\\.\\-a-z0-9])((([0-9a-f]{1,4})(:[0-9a-f]{1,4}){7})|"
         r"(([0-9a-f]{1,4}(:[0-9a-f]{0,4}){0,5}))([^.])::(([0-9a-f]{1,4}"
 -        r"(:[0-9a-f]{1,4}){0,5})?)(/\d{1,3})?)(?![:\\a-z0-9])"
 +        r"(:[0-9a-f]{1,4}){0,5})?)(\/\d{1,3})?)(?!([a-z0-9]|:[a-z0-9]))"
     ]
     parser_skip_files = [
         'etc/dnsmasq.conf.*',
 -- 
 2.51.1
--- a/SOURCES/0001-cleaner-Make-cleaner-s-obfuscate_file-properly-worki.patch
+++ b/SOURCES/0001-cleaner-Make-cleaner-s-obfuscate_file-properly-worki.patch
@ -0,0 +1,101 @@
 From 3efc8888852225396ebb4f0f9ae95edf4e5badfa Mon Sep 17 00:00:00 2001
 From: Pavel Moravec <pmoravec@redhat.com>
 Date: Wed, 20 Aug 2025 20:07:05 +0200
 Subject: [PATCH] [cleaner] Make cleaner's obfuscate_file properly working
 The fix is three-fold:
 - obfuscate_file must clean file content and not filename
 - cleaner's main_archive must be populated by parsers first
 - obfuscate_file dont need short_name as it is always called with
  implicit value of short_name that cleaner will strip itself
 Closes: #4109
 Closes: #4110
 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
 ---
 sos/cleaner/__init__.py   | 7 ++++---
 sos/collector/__init__.py | 9 +++------
 sos/report/__init__.py    | 9 +++------
 3 files changed, 10 insertions(+), 15 deletions(-)
 diff --git a/sos/cleaner/__init__.py b/sos/cleaner/__init__.py
 index 4a1470b5..dcd60c66 100644
 --- a/sos/cleaner/__init__.py
 +++ b/sos/cleaner/__init__.py
@@ -537,7 +537,7 @@ third party.
                 logfile.write(line)
         if archive:
 -            self.obfuscate_file(log_name, short_name="sos_logs/cleaner.log")
 +            self.obfuscate_file(log_name)
             self.archive.add_file(log_name, dest="sos_logs/cleaner.log")
     def get_new_checksum(self, archive_path):
@@ -678,6 +678,7 @@ third party.
         for prepper in self.get_preppers():
             for archive in self.report_paths:
                 self._prepare_archive_with_prepper(archive, prepper)
 +        self.main_archive.set_parsers(self.parsers)
     def obfuscate_report(self, archive):  # pylint: disable=too-many-branches
         """Individually handle each archive or directory we've discovered by
@@ -784,8 +785,8 @@ third party.
             self.ui_log.info("Exception while processing "
                              f"{archive.archive_name}: {err}")
 -    def obfuscate_file(self, filename, short_name):
 -        self.main_archive.obfuscate_filename(filename, short_name)
 +    def obfuscate_file(self, filename):
 +        self.main_archive.obfuscate_arc_files([filename])
     def obfuscate_symlinks(self, archive):
         """Iterate over symlinks in the archive and obfuscate their names.
 diff --git a/sos/collector/__init__.py b/sos/collector/__init__.py
 index 7a414501..e6b55f20 100644
 --- a/sos/collector/__init__.py
 +++ b/sos/collector/__init__.py
@@ -1405,16 +1405,13 @@ this utility or remote systems that it connects to.
             if do_clean:
                 _dir = os.path.join(self.tmpdir, self.archive._name)
                 cleaner.obfuscate_file(
 -                    os.path.join(_dir, 'sos_logs', 'sos.log'),
 -                    short_name='sos.log'
 +                        os.path.join(_dir, 'sos_logs', 'sos.log')
                 )
                 cleaner.obfuscate_file(
 -                    os.path.join(_dir, 'sos_logs', 'ui.log'),
 -                    short_name='ui.log'
 +                    os.path.join(_dir, 'sos_logs', 'ui.log')
                 )
                 cleaner.obfuscate_file(
 -                    os.path.join(_dir, 'sos_reports', 'manifest.json'),
 -                    short_name='manifest.json'
 +                    os.path.join(_dir, 'sos_reports', 'manifest.json')
                 )
             arc_name = self.archive.finalize(method=None)
 diff --git a/sos/report/__init__.py b/sos/report/__init__.py
 index 074afcff..9fb94d6a 100644
 --- a/sos/report/__init__.py
 +++ b/sos/report/__init__.py
@@ -1571,13 +1571,10 @@ class SoSReport(SoSComponent):
         # Now, separately clean the log files that cleaner also wrote to
         if do_clean:
             _dir = os.path.join(self.tmpdir, self.archive._name)
 -            cleaner.obfuscate_file(os.path.join(_dir, 'sos_logs', 'sos.log'),
 -                                   short_name='sos.log')
 -            cleaner.obfuscate_file(os.path.join(_dir, 'sos_logs', 'ui.log'),
 -                                   short_name='ui.log')
 +            cleaner.obfuscate_file(os.path.join(_dir, 'sos_logs', 'sos.log'))
 +            cleaner.obfuscate_file(os.path.join(_dir, 'sos_logs', 'ui.log'))
             cleaner.obfuscate_file(
 -                os.path.join(_dir, 'sos_reports', 'manifest.json'),
 -                short_name='manifest.json'
 +                    os.path.join(_dir, 'sos_reports', 'manifest.json')
             )
         # Now, just (optionally) pack the report and print work outcome; let
 -- 
 2.49.0
--- a/SOURCES/0002-openstack_nova-Improve-scrubbing.patch
+++ b/SOURCES/0002-openstack_nova-Improve-scrubbing.patch
@ -0,0 +1,72 @@
 From 6378a4ee9fa3eeaf384bd87fc87e24a0c5608658 Mon Sep 17 00:00:00 2001
 From: Pavel Moravec <pmoravec@redhat.com>
 Date: Tue, 19 Aug 2025 09:08:15 +0200
 Subject: [PATCH] [openstack_nova] Improve scrubbing
 Improve postproc obfuscation in two ways:
 - apply postproc also to /var/lib/openstack/config/nova on RedHatNova
 - obfuscate just password from transport_url, not the whole URL
 Closes: #4108
 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
 ---
 sos/report/plugins/openstack_nova.py | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)
 diff --git a/sos/report/plugins/openstack_nova.py b/sos/report/plugins/openstack_nova.py
 index 728aed1e..2635866e 100644
 --- a/sos/report/plugins/openstack_nova.py
 +++ b/sos/report/plugins/openstack_nova.py
@@ -29,6 +29,7 @@ class OpenStackNova(Plugin):
     var_puppet_gen = "/var/lib/config-data/puppet-generated/nova"
     service_name = "openstack-nova-api.service"
     apachepkg = None
 +    postproc_dirs = ["/etc/nova/",]
     def setup(self):
@@ -141,12 +142,13 @@ class OpenStackNova(Plugin):
         self.add_copy_spec(specs)
     def apply_regex_sub(self, regexp, subst):
 -        """ Apply regex substitution """
 -        self.do_path_regex_sub("/etc/nova/*", regexp, subst)
 -        for npath in ['', '_libvirt', '_metadata', '_placement']:
 -            self.do_path_regex_sub(
 -                f"{self.var_puppet_gen}{npath}/etc/nova/*",
 -                regexp, subst)
 +        """ Apply regex substitution to all sensitive dirs """
 +        for _dir in self.postproc_dirs:
 +            self.do_path_regex_sub(f"{_dir}/*", regexp, subst)
 +            for npath in ['', '_libvirt', '_metadata', '_placement']:
 +                self.do_path_regex_sub(
 +                    f"{self.var_puppet_gen}{npath}{_dir}/*",
 +                    regexp, subst)
     def postproc(self):
         protect_keys = [
@@ -155,10 +157,9 @@ class OpenStackNova(Plugin):
             "xenapi_connection_password", "password", "host_password",
             "vnc_password", "admin_password", "connection_password",
             "memcache_secret_key", "s3_secret_key",
 -            "metadata_proxy_shared_secret", "fixed_key", "transport_url",
 -            "rbd_secret_uuid"
 +            "metadata_proxy_shared_secret", "fixed_key", "rbd_secret_uuid"
         ]
 -        connection_keys = ["connection", "sql_connection"]
 +        connection_keys = ["connection", "sql_connection", "transport_url"]
         join_con_keys = "|".join(connection_keys)
@@ -214,6 +215,7 @@ class RedHatNova(OpenStackNova, RedHatPlugin):
     apachepkg = "httpd"
     nova = False
     packages = ('openstack-selinux',)
 +    postproc_dirs = ["/etc/nova/", "/var/lib/openstack/config/nova"]
     def setup(self):
         super().setup()
 -- 
 2.49.0
--- a/SOURCES/0003-component-Fix-regression-57bbc89-in-toolbox-containe.patch
+++ b/SOURCES/0003-component-Fix-regression-57bbc89-in-toolbox-containe.patch
@ -0,0 +1,36 @@
 From c0e514894b2c35c2b36f247f8b84dd4311034fb6 Mon Sep 17 00:00:00 2001
 From: Pavel Moravec <pmoravec@redhat.com>
 Date: Fri, 12 Sep 2025 11:36:02 +0200
 Subject: [PATCH] [component] Fix regression 57bbc89 in toolbox containers
 57bbc89 commit set tmpdir to source the dir from Policy. Which means
 HOST sysroot directory is newly applied already in
 LinuxPolicy._container_init method.
 Removed lines mimic the same in a worse way, so let drop them here.
 Resolves: #4116
 Closes: #4118
 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
 ---
 sos/component.py | 3 ---
 1 file changed, 3 deletions(-)
 diff --git a/sos/component.py b/sos/component.py
 index a110c270..3e53fe3d 100644
 --- a/sos/component.py
 +++ b/sos/component.py
@@ -170,9 +170,6 @@ class SoSComponent():
         else:
             tmpdir = os.getenv('TMPDIR', None) or self.policy.get_tmp_dir(None)
 -        if os.getenv('HOST', None) and os.getenv('container', None):
 -            tmpdir = os.path.join(os.getenv('HOST'), tmpdir.lstrip('/'))
 -
         # no standard library method exists for this, so call out to stat to
         # avoid bringing in a dependency on psutil
         self.tmpfstype = shell_out(
 -- 
 2.49.0
--- a/SOURCES/0004-revert-PR4092.patch
+++ b/SOURCES/0004-revert-PR4092.patch
--- a/SOURCES/0005-cleaner-rhel8.patch
+++ b/SOURCES/0005-cleaner-rhel8.patch
--- a/SOURCES/sos-python36-walrus-operator.patch
+++ b/SOURCES/sos-python36-walrus-operator.patch
@ -52,15 +52,3 @@
             return _runtime.fmt_container_cmd(container, cmd, quotecmd)
         return ''
 --- a/sos/report/plugins/loki.py	2025-11-24 11:20:56.237814760 +0100
 +++ b/sos/report/plugins/loki.py	2025-11-24 11:28:37.466603011 +0100
@@ -143,7 +143,8 @@
         if self.get_option("collect-logs"):
             endpoint = self.get_option("endpoint") or "http://localhost:3100"
             self.labels = []
 -            if labels_option := self.get_option("labels"):
 +            labels_option = self.get_option("labels")
 +            if labels_option:
                 if isinstance(labels_option, str) and labels_option:
                     self.labels.extend(labels_option.split(":"))
--- a/SOURCES/sosreport-binary.patch
+++ b/SOURCES/sosreport-binary.patch
@ -1,23 +1,25 @@
--- /dev/null			2025-10-28 14:11:21.494784405 +0100
+--- /dev/null			2025-04-03 01:35:45.132999852 +0200
-+++ sos-4.10.1/bin/sosreport	2025-11-24 11:32:54.957181080 +0100
+++ sos-4.10.0/bin/sosreport	2025-04-15 13:54:04.924751581 +0200
@@ -0,0 +1,6 @@
 +#!/usr/bin/python3
 +msg = ("sosreport binary is deprecated, use 'sos report' instead")
 +print(msg)
-+sos report
+exit(1)
 +
 +# vim:ts=4 et sw=4
--- /dev/null				2025-10-28 14:11:21.494784405 +0100
+
-+++ sos-4.10.1/bin/sos-collector	2025-11-24 11:34:23.002478014 +0100
+--- /dev/null			2025-04-03 01:35:45.132999852 +0200
 +++ sos-4.10.0/bin/sos-collector	2025-04-15 15:10:17.780281627 +0200
@@ -0,0 +1,6 @@
 +#!/usr/bin/python3
 +msg = ("sos-collector binary is deprecated, use 'sos collector' instead")
 +print(msg)
-+sos collector
+exit(1)
 +
 +# vim:ts=4 et sw=4
--- sos-4.10.1/setup.py	2025-04-15 15:17:21.938635468 +0200
+
-+++ sos-4.10.1/setup.py	2025-04-15 15:17:41.328198501 +0200
+--- sos-4.9.2/setup.py	2025-04-15 15:17:21.938635468 +0200
 +++ sos-4.9.2/setup.py	2025-04-15 15:17:41.328198501 +0200
@@ -34,7 +34,7 @@
     maintainer_email='jacob.r.hunsaker@gmail.com',
     url='https://github.com/sosreport/sos',
--- a/SPECS/sos.spec
+++ b/SPECS/sos.spec
@ -4,8 +4,8 @@
 Summary: A set of tools to gather troubleshooting information from a system
 Name: sos
-Version: 4.10.1
+Version: 4.10.0
-Release: 1%{?dist}
+Release: 4%{?dist}
 Group: Applications/System
 Source0: https://github.com/sosreport/sos/archive/%{version}/sos-%{version}.tar.gz
 Source1: sos-audit-%{auditversion}.tgz
@ -22,12 +22,13 @@ Recommends: python3-pexpect
 Recommends: python3-pyyaml
 Conflicts: vdsm < 4.40
 Obsoletes: sos-collector
-Patch1: 0001-python3-walrus-operator.patch
+Patch1: sos-python36-walrus-operator.patch
-Patch2: 0002-sosreport-binary.patch
+Patch2: sosreport-binary.patch
-Patch3: 0003-revert-PR4092.patch
+Patch3: 0001-cleaner-Make-cleaner-s-obfuscate_file-properly-worki.patch
-Patch4: 0004-cleaner-rhel8.patch
+Patch4: 0002-openstack_nova-Improve-scrubbing.patch
-Patch5: 0005-pulpcore-RFE-export-table-contents-as-CSV.patch
+Patch5: 0003-component-Fix-regression-57bbc89-in-toolbox-containe.patch
-Patch6: 0006-cleaner-Mask-IPv6-addresses-with-trailing-or.patch
+Patch6: 0004-revert-PR4092.patch
 Patch7: 0005-cleaner-rhel8.patch
 %description
 Sos is a set of tools that gathers information about system
@ -44,6 +45,7 @@ support technicians and developers.
 %patch -P 4 -p1
 %patch -P 5 -p1
 %patch -P 6 -p1
 %patch -P 7 -p1
 %build
 %py3_build
@ -116,10 +118,6 @@ of the system. Currently storage and filesystem commands are audited.
 %license LICENSE
 %changelog
 * Tue Nov 25 2025 Jan Jansky <jjansky@redhat.com> = 4.10.1-1
 - Update to 4.10.1-1
  Resolves: RHEL-121468
 * Tue Sep 23 2025 Jan Jansky <jjansky@redhat.com> = 4.10.0-4
 - Update to 4.10.0-4
  Resolves: RHEL-112413
--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +0,0 @@
 --- !Policy
 product_versions:
  - rhel-8
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
--- a/2
+++ b/2
@ -1,2 +0,0 @@
 SHA512 (sos-4.10.1.tar.gz) = 1cc1d63e4780158a0088b3c6d11b965331577b8f19f80b30e684a4bc84a0d651143f4033dc52e1341e77fa55ca5f57a8188edafa725fa2aea183c0a15e6da618
 SHA512 (sos-audit-0.3-1.tgz) = 24c7bfec7e47a082ca1f2a96c5ad455c692d81dcc4339877de5bd324719609d91bc0ef6ddb95485fb75b81f90f8a7cc58370ada6f626c275bab36e9e2a409330
		`@ -0,0 +1,2 @@`
							`6042daa19f01ecf2f1e331ae70482653fd500d1f SOURCES/sos-4.10.0.tar.gz`
							`00752b68ec5e1141192a9dab7d44377b8d637bf7 SOURCES/sos-audit-0.3-1.tgz`
		`@ -1,2 +0,0 @@`
			`SHA512 (sos-4.10.1.tar.gz) = 1cc1d63e4780158a0088b3c6d11b965331577b8f19f80b30e684a4bc84a0d651143f4033dc52e1341e77fa55ca5f57a8188edafa725fa2aea183c0a15e6da618`
			`SHA512 (sos-audit-0.3-1.tgz) = 24c7bfec7e47a082ca1f2a96c5ad455c692d81dcc4339877de5bd324719609d91bc0ef6ddb95485fb75b81f90f8a7cc58370ada6f626c275bab36e9e2a409330`