Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package yast2-network for openSUSE:Factory
checked in at 2024-03-15 20:27:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-network (Old)
and /work/SRC/openSUSE:Factory/.yast2-network.new.1905 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-network"
Fri Mar 15 20:27:56 2024 rev:505 rq:1157994 version:5.0.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-network/yast2-network.changes
2024-02-09 23:51:37.089446657 +0100
+++ /work/SRC/openSUSE:Factory/.yast2-network.new.1905/yast2-network.changes
2024-03-15 20:27:58.712782954 +0100
@@ -1,0 +2,6 @@
+Wed Mar 13 14:20:25 UTC 2024 - Stefan Hundhammer <shundham...@suse.com>
+
+- Guard secret attributes against leaking to the log (bsc#1221194)
+- 5.0.3
+
+-------------------------------------------------------------------
Old:
----
yast2-network-5.0.2.tar.bz2
New:
----
yast2-network-5.0.3.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-network.spec ++++++
--- /var/tmp/diff_new_pack.NoWUBK/_old 2024-03-15 20:28:00.372844097 +0100
+++ /var/tmp/diff_new_pack.NoWUBK/_new 2024-03-15 20:28:00.380844392 +0100
@@ -17,7 +17,7 @@
Name: yast2-network
-Version: 5.0.2
+Version: 5.0.3
Release: 0
Summary: YaST2 - Network Configuration
License: GPL-2.0-only
++++++ yast2-network-5.0.2.tar.bz2 -> yast2-network-5.0.3.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-network-5.0.2/package/yast2-network.changes
new/yast2-network-5.0.3/package/yast2-network.changes
--- old/yast2-network-5.0.2/package/yast2-network.changes 2024-02-08
10:08:55.000000000 +0100
+++ new/yast2-network-5.0.3/package/yast2-network.changes 2024-03-13
18:27:00.000000000 +0100
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Wed Mar 13 14:20:25 UTC 2024 - Stefan Hundhammer <shundham...@suse.com>
+
+- Guard secret attributes against leaking to the log (bsc#1221194)
+- 5.0.3
+
+-------------------------------------------------------------------
Tue Jan 16 10:34:01 UTC 2024 - Knut Anderssen <kanders...@suse.com>
- Consider firmware configured interfaces as non bridgeable
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-network-5.0.2/package/yast2-network.spec
new/yast2-network-5.0.3/package/yast2-network.spec
--- old/yast2-network-5.0.2/package/yast2-network.spec 2024-02-08
10:08:55.000000000 +0100
+++ new/yast2-network-5.0.3/package/yast2-network.spec 2024-03-13
18:27:00.000000000 +0100
@@ -17,7 +17,7 @@
Name: yast2-network
-Version: 5.0.2
+Version: 5.0.3
Release: 0
Summary: YaST2 - Network Configuration
License: GPL-2.0-only
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-network-5.0.2/src/lib/y2network/connection_config/wireless.rb
new/yast2-network-5.0.3/src/lib/y2network/connection_config/wireless.rb
--- old/yast2-network-5.0.2/src/lib/y2network/connection_config/wireless.rb
2024-02-08 10:08:55.000000000 +0100
+++ new/yast2-network-5.0.3/src/lib/y2network/connection_config/wireless.rb
2024-03-13 18:27:00.000000000 +0100
@@ -19,12 +19,14 @@
require "y2network/connection_config/base"
require "yast2/equatable"
+require "yast2/secret_attributes"
module Y2Network
module ConnectionConfig
# Configuration for wireless connections
class Wireless < Base
include Yast2::Equatable
+ include Yast2::SecretAttributes
# wireless options
#
@@ -37,13 +39,15 @@
attr_accessor :nwid
# @return [Symbol] Authorization mode (:open, :shared, :psk, :eap)
attr_accessor :auth_mode
+
# FIXME: Consider moving keys to different classes.
# @return [String] WPA preshared key
- attr_accessor :wpa_psk
+ secret_attr :wpa_psk
# @return [Integer]
attr_accessor :key_length
+
# @return [Array<String>] WEP keys
- attr_accessor :keys
+ secret_attr :keys
# @return [Integer] default WEP key
attr_accessor :default_key
# @return [String]
@@ -63,9 +67,10 @@
# FIXME: Consider an enum
# @return [Integer] (0, 1, 2)
attr_accessor :ap_scanmode
+
# TODO: unify psk and password and write correct one depending on mode
# @return [String]
- attr_accessor :wpa_password
+ secret_attr :wpa_password
# @return [String]
attr_accessor :wpa_identity
# @return [String] initial identity used for creating tunnel
@@ -76,8 +81,9 @@
attr_accessor :client_cert
# @return [String] client private key used to encrypt for TLS
attr_accessor :client_key
+
# @return [String] client private key password
- attr_accessor :client_key_password
+ secret_attr :client_key_password
def initialize
super
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-network-5.0.2/test/y2network/config_test.rb
new/yast2-network-5.0.3/test/y2network/config_test.rb
--- old/yast2-network-5.0.2/test/y2network/config_test.rb 2024-02-08
10:08:55.000000000 +0100
+++ new/yast2-network-5.0.3/test/y2network/config_test.rb 2024-03-13
18:27:00.000000000 +0100
@@ -604,4 +604,45 @@
expect(new_config.connections).to eq(updated_connections)
end
end
+
+ context "secret attributes (passwords, keys)" do
+ let(:conn) do
+ Y2Network::ConnectionConfig::Wireless.new.tap do |c|
+ c.wpa_psk = "s3cr3t"
+ c.wpa_password = "s3cr3t"
+ c.client_key_password = "s3cr3t"
+ end
+ end
+
+ describe ".inspect" do
+ it "does not leak a password" do
+ expect(conn.inspect).to_not match(/s3cr3t/)
+ end
+
+ it "contains <secret> instead of passwords" do
+ expect(conn.inspect).to match(/<secret>/)
+ end
+ end
+
+ describe ".to_s" do
+ it "does not leak a password" do
+ # it's usually something like
+ # "#<Y2Network::ConnectionConfig::Wireless:0x000055b752576318>"
+ # so there shouldn't be any attributes - just making sure
+ expect(conn.to_s).to_not match(/s3cr3t/)
+ end
+ end
+
+ describe ".wpa_psk" do
+ it "returns the real password" do
+ expect(conn.wpa_psk).to eq("s3cr3t")
+ end
+ end
+
+ describe ".wpa_psk.to_s" do
+ it "returns the real password" do
+ expect(conn.wpa_psk.to_s).to eq("s3cr3t")
+ end
+ end
+ end
end
