!42 fix CVE-2022-2806

From: @no_coke 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen

UnionTech-add-UnionTech-policy.patch

@@ -0,0 +1,48 @@
+From ddede462f885e6a5826cefad49fbb6815436a593 Mon Sep 17 00:00:00 2001
+From: panchenbo <panchenbo@uniontech.com>
+Date: Tue, 25 May 2021 11:22:56 +0800
+Subject: [PATCH] add UnionTech policy
+
+---
+ sos/policies/UnionTech.py | 29 +++++++++++++++++++++++++++++
+ 1 file changed, 29 insertions(+)
+ create mode 100644 sos/policies/UnionTech.py
+
+diff --git a/sos/policies/UnionTech.py b/sos/policies/UnionTech.py
+new file mode 100644
+index 0000000..7fbd42c
+--- /dev/null
++++ b/sos/policies/UnionTech.py
+@@ -0,0 +1,29 @@
++from __future__ import print_function
++
++from sos.plugins import RedHatPlugin
++from sos.policies.redhat import RedHatPolicy, OS_RELEASE
++import os
++
++class UnionTechPolicy(RedHatPolicy):
++
++    distro = "UnionTech"
++    vendor = "the UnionTech Project"
++    vendor_url = "https://www.chinauos.com/"
++
++    def __init__(self, sysroot=None):
++        super(UnionTechPolicy, self).__init__(sysroot=sysroot)
++
++    @classmethod
++    def check(cls):
++        """This method checks to see if we are running on UnionTechOS. It returns
++        True or False."""
++        try:
++            with open("/etc/UnionTech-release", "r") as f:
++                return "uos" in f.read()
++        except IOError:
++            return False
++    
++    def UnionTech_version(self):
++       pkg = self.pkg_by_name("UnionTech-release") or \
++            self.all_pkgs_by_name_regex("UnionTech-release-.*")[-1]
++       return int(pkg["version"])
+-- 
+2.20.1
+

backport-ovirt-answer-files-Filter-out-all-password-keys.patch

@@ -0,0 +1,64 @@
+From 1715b06b32cd3db95b45da044e6760574d7f5055 Mon Sep 17 00:00:00 2001
+From: GuoCe <guoce@kylinos.cn>
+Date: Mon, 6 May 2024 17:14:22 +0800
+Subject: [PATCH]  [ovirt] answer files: Filter out all password keys
+
+Instead of hard-coding specific keys and having to maintain them over
+time, replace the values of all keys that have 'password' in their name.
+I think this covers all our current and hopefully future keys. It might
+add "false positives" - keys that are not passwords but have 'password'
+in their name - and I think that's a risk worth taking.
+
+Sadly, the engine admin password prompt's name is
+'OVESETUP_CONFIG_ADMIN_SETUP', which does not include 'password', so has
+to be listed specifically.
+
+A partial list of keys added since the replaced code was written:
+- grafana-related stuff
+- keycloak-related stuff
+- otopi-style answer files
+
+Signed-off-by: Yedidyah Bar David <didi@redhat.com>
+Change-Id: I416c6e4078e7c3638493eb271d08d73a0c22b5ba
+---
+ sos/plugins/ovirt.py | 21 ++++++++++++---------
+ 1 file changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/sos/plugins/ovirt.py b/sos/plugins/ovirt.py
+index 69c7867..a03afbf 100644
+--- a/sos/plugins/ovirt.py
++++ b/sos/plugins/ovirt.py
+@@ -207,18 +207,21 @@ class Ovirt(Plugin, RedHatPlugin):
+             )
+ 
+         # Answer files contain passwords
+-        for key in (
+-            'OVESETUP_CONFIG/adminPassword',
+-            'OVESETUP_CONFIG/remoteEngineHostRootPassword',
+-            'OVESETUP_DWH_DB/password',
+-            'OVESETUP_DB/password',
+-            'OVESETUP_REPORTS_CONFIG/adminPassword',
+-            'OVESETUP_REPORTS_DB/password',
++        # Replace all keys that have 'password' in them, instead of hard-coding
++        # here the list of keys, which changes between versions.
++        # Sadly, the engine admin password prompt name does not contain
++        # 'password'... so neither does the env key.
++        for item in (
++            'password',
++            'OVESETUP_CONFIG_ADMIN_SETUP',
+         ):
+             self.do_path_regex_sub(
+                 r'/var/lib/ovirt-engine/setup/answers/.*',
+-                r'{key}=(.*)'.format(key=key),
+-                r'{key}=********'.format(key=key)
++                re.compile(
++                    r'(?P<key>[^=]*{item}[^=]*)=.*'.format(item=item),
++                    flags=re.IGNORECASE
++                ),
++                r'\g<key>=********'
+             )
+ 
+         # aaa profiles contain passwords
+-- 
+2.27.0
+

kernel-dont-collect-some-tracing-instance-files.patch

@@ -1,34 +0,0 @@
-From d6379b5ba0f381ea8ec2403b9985100a946a5866 Mon Sep 17 00:00:00 2001
-From: Pavel Moravec <pmoravec@redhat.com>
-Date: Mon, 8 Oct 2018 10:45:04 +0200
-Subject: [PATCH 60/87] [kernel] dont collect some tracing instance files
-
-reason: dont collect some tracing instance files
-
-https://github.com/sosreport/sos/pull/1445/files
-
-Resolves: #1445
-
-Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
----
- sos/plugins/kernel.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/sos/plugins/kernel.py b/sos/plugins/kernel.py
-index 7310932..558e714 100644
---- a/sos/plugins/kernel.py
-+++ b/sos/plugins/kernel.py
-@@ -93,7 +93,10 @@ class Kernel(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
-             '/sys/kernel/debug/tracing/events/*',
-             '/sys/kernel/debug/tracing/free_buffer',
-             '/sys/kernel/debug/tracing/trace_marker',
--            '/sys/kernel/debug/tracing/trace_marker_raw'
-+            '/sys/kernel/debug/tracing/trace_marker_raw',
-+            '/sys/kernel/debug/tracing/instances/*/per_cpu/*/snapshot_raw',
-+            '/sys/kernel/debug/tracing/instances/*/per_cpu/*/trace_pipe*',
-+            '/sys/kernel/debug/tracing/instances/*/trace_pipe'
-         ])
-
-         self.add_copy_spec([
---
-1.8.3.1

openEuler-add-openEuler-policy.patch

@@ -0,0 +1,47 @@
+From 3b76979a51f8b8e65991c00cd4ebab2f23a467a6 Mon Sep 17 00:00:00 2001
+From: shixuantong <shixuantong@huawei.com>
+Date: Mon, 8 Mar 2021 20:56:05 +0800
+Subject: [PATCH] add openEuler policy
+
+this patch is based on sos-3.8.
+---
+ sos/policies/openEuler.py | 27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+ create mode 100644 sos/policies/openEuler.py
+
+diff --git a/sos/policies/openEuler.py b/sos/policies/openEuler.py
+new file mode 100644
+index 0000000..b3763a8
+--- /dev/null
++++ b/sos/policies/openEuler.py
+@@ -0,0 +1,27 @@
++from __future__ import print_function
++
++from sos.plugins import RedHatPlugin
++from sos.policies.redhat import RedHatPolicy, OS_RELEASE
++import os
++
++class OpenEulerPolicy(RedHatPolicy):
++
++    distro = "OpenEuler"
++    vendor = "the openEuler Project"
++    vendor_url = "https://openeuler.org/"
++
++    def __init__(self, sysroot=None):
++        super(OpenEulerPolicy, self).__init__(sysroot=sysroot) 
++
++    @classmethod
++    def check(cls, remote=''):
++        """This method checks to see if we are running on OpenEuler. It returns
++        True or False."""
++        if remote:
++            return cls.distro in remote
++        return os.path.isfile('/etc/openEuler-release')
++
++    def openEuler_version(self):
++       pkg = self.pkg_by_name("openEuler-release") or \
++            self.all_pkgs_by_name_regex("openEuler-release-.*")[-1]
++       return int(pkg["version"])
+-- 
+1.8.3.1
+

sos.spec

@@ -1,19 +1,21 @@
 %{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
 
 Name:          sos
-Version:       3.6
-Release:       5
+Version:       3.8
+Release:       4
 Summary:       A set of tools to gather troubleshooting information from a system
 License:       GPLv2+
-URL:           http://github.com/sosreport/sos
-Source0:       https://github.com/sosreport/sos/archive/%{version}.tar.gz
+URL:           https://github.com/sosreport/sos
+Source0:       https://github.com/sosreport/sos/archive/%{version}/%{name}-%{version}.tar.gz
+
+Patch9000:     openEuler-add-openEuler-policy.patch
+Patch9001:     UnionTech-add-UnionTech-policy.patch
+Patch9002:     backport-ovirt-answer-files-Filter-out-all-password-keys.patch
 
 BuildRequires: python3-devel gettext python3-six
-Requires:      libxml2-python3 bzip2 xz python3-six
+Requires:      libxml2-python3 xz python3-rpm tar bzip2 python3-six
 BuildArch:     noarch
 
-Patch0:     kernel-dont-collect-some-tracing-instance-files.patch
-
 %description
 Sos is an extensible, portable, support data collection tool primarily
 aimed at Linux distributions and other UNIX-like operating systems.
@@ -28,23 +30,38 @@ aimed at Linux distributions and other UNIX-like operating systems.
 
 %install
 %py3_install '--install-scripts=%{_sbindir}'
+
 install -Dm644 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf
 
 %find_lang %{name} || echo 0
 
 %files -f %{name}.lang
-%license LICENSE
-%defattr(-,root,root)
-%config(noreplace) %{_sysconfdir}/sos.conf
 %{_sbindir}/sosreport
 %{python3_sitelib}/*
+%license LICENSE
+%config(noreplace) %{_sysconfdir}/sos.conf 
 
 %files help
 %defattr(-,root,root)
 %doc AUTHORS README.md
-%{_mandir}/man1/sosreport.1.gz
-%{_mandir}/man5/sos.conf.5.gz
+%{_mandir}/man1/*
+%{_mandir}/man5/*
 
 %changelog
+* Mon May 06 2024 GuoCe <guoce@kylinos.cn> - 3.8-4
+- Fix CVE-2022-2806
+
+* Tue Nov 30 2021 shixuantong <shixuantong@huawei.com> - 3.8-3
+- fix TypeError: __init__() got an unexpected keyword argument 'init'
+
+* Tue Oct 12 2021 wangqing <wangqing@uniontech.com> - 3.8-2
+- fix sosreport exec failed
+
+* Tue Sep 14 2021 baizhonggui <baizhonggui@huawei.com> - 3.8-1
+- Update to 3.8
+
+* Tue May 11 2021 shixuantong <shixuantong@huawei.com> - 3.6-6
+- add openEuler policy and fix exception in plugin method "yum.collect()"
+
 * Mon Feb 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.6-5
 - Package init

sos.yaml

@@ -0,0 +1,4 @@
+version_control: github
+src_repo: sosreport/sos
+tag_prefix: ^v
+seperator: .