Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package yast2 for openSUSE:Factory checked in at 2022-10-10 18:43:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2 (Old) and /work/SRC/openSUSE:Factory/.yast2.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2" Mon Oct 10 18:43:43 2022 rev:541 rq:1008736 version:4.5.16 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2/yast2.changes 2022-09-30 17:57:22.669195174 +0200 +++ /work/SRC/openSUSE:Factory/.yast2.new.2275/yast2.changes 2022-10-10 18:43:54.602784388 +0200 @@ -1,0 +2,7 @@ +Thu Oct 6 13:48:28 UTC 2022 - Josef Reidinger <jreidin...@suse.com> + +- add Yast::ReducedRecorder for Cheetah to filter out certain streams to + be able to not log sensitive information (bsc#1201962) +- 4.5.16 + +------------------------------------------------------------------- Old: ---- yast2-4.5.15.tar.bz2 New: ---- yast2-4.5.16.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2.spec ++++++ --- /var/tmp/diff_new_pack.28wWfi/_old 2022-10-10 18:43:55.382786067 +0200 +++ /var/tmp/diff_new_pack.28wWfi/_new 2022-10-10 18:43:55.390786084 +0200 @@ -17,7 +17,7 @@ Name: yast2 -Version: 4.5.15 +Version: 4.5.16 Release: 0 Summary: YaST2 Main Package ++++++ yast2-4.5.15.tar.bz2 -> yast2-4.5.16.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-4.5.15/library/general/src/lib/installation/proposal_client.rb new/yast2-4.5.16/library/general/src/lib/installation/proposal_client.rb --- old/yast2-4.5.15/library/general/src/lib/installation/proposal_client.rb 2022-09-28 16:02:19.000000000 +0200 +++ new/yast2-4.5.16/library/general/src/lib/installation/proposal_client.rb 2022-10-07 11:03:03.000000000 +0200 @@ -172,10 +172,6 @@ # This module just caused a change of the root partition. # This is only relevant for the "root part" module. # - # * **`"help"`** [String, nil] --- - # Help text for this module which appears in the standard dialog - # help (particular helps for modules sorted by presentation order). - # # * **`"trigger"`** [Hash, nil] defines circumstances when the proposal # should be called again at the end. For instance, when partitioning or # software selection changes. Mandatory keys of the trigger are: @@ -273,6 +269,10 @@ # A programmer-readable unique identifier for this section. This is not # auto-generated to keep the log file readable. # + # * **`"help"`** [String, nil] --- + # Help text for this module which appears in the standard dialog + # help (particular helps for modules sorted by presentation order). + # # This map may be empty. In this case, this proposal section will silently # be ignored. Proposal modules may use this if there is no useful proposal # at all. Use with caution - this may be confusing for the user. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-4.5.15/library/system/src/lib/yast2/execute.rb new/yast2-4.5.16/library/system/src/lib/yast2/execute.rb --- old/yast2-4.5.15/library/system/src/lib/yast2/execute.rb 2022-09-28 16:02:19.000000000 +0200 +++ new/yast2-4.5.16/library/system/src/lib/yast2/execute.rb 2022-10-07 11:03:03.000000000 +0200 @@ -32,6 +32,9 @@ # It also globally switches the default Cheetah logger to # {http://www.rubydoc.info/github/yast/yast-ruby-bindings/Yast%2FLogger Y2Logger}. # + # To limit logging sensitive input/output/arguments, + # you can pass a {ReducedRecorder} as the *recorder* option. + # # @example Methods of this class can be chained. # # Yast::Execute.locally!.stdout("ls", "-l") @@ -245,4 +248,31 @@ "" end end + + # specific recorder which can be used when some sensitive information that + # should not go to log + class ReducedRecorder < Cheetah::DefaultRecorder + # @param skip [Array<Symbol>|Symbol] possible symbols are `:stdin`, + # `:stdout`, `:stderr` and `:args`. Those streams won't be recorded. + def initialize(skip: [], logger: Y2Logger.instance) + super(logger) + + skip = Array(skip) + + skip.each do |m| + method = PARAM_MAPPING[m] + raise ArgumentError, "Invalid value '#{m.inspect}'" unless method + + define_singleton_method(method) { |_| } # intentionally empty + end + end + + PARAM_MAPPING = { + stdin: :record_stdin, + stdout: :record_stdout, + stderr: :record_stderr, + args: :record_commands + }.freeze + private_constant :PARAM_MAPPING + end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-4.5.15/library/system/test/execute_test.rb new/yast2-4.5.16/library/system/test/execute_test.rb --- old/yast2-4.5.15/library/system/test/execute_test.rb 2022-09-28 16:02:19.000000000 +0200 +++ new/yast2-4.5.16/library/system/test/execute_test.rb 2022-10-07 11:03:03.000000000 +0200 @@ -148,3 +148,37 @@ end end end + +describe Yast::ReducedRecorder do + let(:logger) { double(debug: nil, info: nil, warn: nil, error: nil) } + + it "skips logging stdin if :stdin is passed" do + expect(logger).to_not receive(:info).with(/secret/i) + recorder = described_class.new(skip: :stdin, logger: logger) + + Yast::Execute.locally!("echo", stdin: "secret", recorder: recorder) + end + + it "skips logging stdout if :stdout is passed" do + expect(logger).to_not receive(:info).with(/secret/i) + recorder = described_class.new(skip: [:stdout, :args], logger: logger) + + Yast::Execute.locally!("echo", "secret", recorder: recorder) + end + + it "skips logging stderr if :stderr is passed" do + expect(logger).to_not receive(:error).with(/secret/i) + recorder = described_class.new(skip: [:stderr, :args], logger: logger) + + Yast::Execute.locally!("cat", "/dev/supersecretfile", recorder: recorder, + allowed_exitstatus: 1) + end + + it "skips logging of arguments if :args are passed" do + expect(logger).to_not receive(:info).with(/secret/i) + recorder = described_class.new(skip: [:args], logger: logger) + + Yast::Execute.locally!("false", "secret", recorder: recorder, + allowed_exitstatus: 1) + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-4.5.15/package/yast2.changes new/yast2-4.5.16/package/yast2.changes --- old/yast2-4.5.15/package/yast2.changes 2022-09-28 16:02:19.000000000 +0200 +++ new/yast2-4.5.16/package/yast2.changes 2022-10-07 11:03:03.000000000 +0200 @@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Thu Oct 6 13:48:28 UTC 2022 - Josef Reidinger <jreidin...@suse.com> + +- add Yast::ReducedRecorder for Cheetah to filter out certain streams to + be able to not log sensitive information (bsc#1201962) +- 4.5.16 + +------------------------------------------------------------------- Wed Sep 28 12:22:59 UTC 2022 - Ancor Gonzalez Sosa <an...@suse.com> - Better detection of YaST2 Journal (related to bsc#1199840). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-4.5.15/package/yast2.spec new/yast2-4.5.16/package/yast2.spec --- old/yast2-4.5.15/package/yast2.spec 2022-09-28 16:02:19.000000000 +0200 +++ new/yast2-4.5.16/package/yast2.spec 2022-10-07 11:03:03.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2 -Version: 4.5.15 +Version: 4.5.16 Release: 0 Summary: YaST2 Main Package