[Bug 2085607] Re: [sru] Obfuscation issues in sosreport sos 4.7.2

Mauricio Faria de Oliveira 2085607 at bugs.launchpad.net
Tue Nov 26 22:21:41 UTC 2024 

Hi Arif,

I performed minor changes to your debdiffs for these SRUs.
Please find the list here; hopefully it may be helpful feedback for the future!
If you find anything you disagree with or are not sure about, please let me know.

Thanks for all your great work with sosreport!

Oracular:
--

Version: 
- 4.8.0-1ubuntu1~24.10.1 -> 4.8.0-1ubuntu0.1

Please see the versioning reference [1] for the increment between a non-ubuntu version to ubuntu.
Note the series backport suffix is not needed as the version prefix has not been used/burned yet [2].

Oracular and others:
--

Changelog entries:

I have shortened that for a more SRU-style format, avoiding the duplicated mention of .patch files
and unrelated mention of remaining patches (more helpful in the Merge-style format), and dropping
the update-maintainer change, as it's expected in these cases (thank you for the attention to that!).

Patch files:

Nice touch on 'Origin:'. 
Added 'Bug-Ubuntu:' to the patches.

Renamed  patch 7 'testing Update Ubuntu images' to 'processor check msr module'.
Changed the Origin: link to the merged commit instead of the PR (recommended).
Added 'X-Backport-Note:' to clarify the changes (single hunk).

[1] https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging
[2] https://launchpad.net/ubuntu/+source/sosreport/+publishinghistory

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2085607

Title:
  [sru] Obfuscation issues in sosreport sos 4.7.2

Status in sosreport source package in Focal:
  In Progress
Status in sosreport source package in Jammy:
  In Progress
Status in sosreport source package in Noble:
  In Progress
Status in sosreport source package in Oracular:
  In Progress

Bug description:
  [ Impact ]

  When doing SRU for sos 4.7.2 we encountered obfuscation issues,
  although not a regression at the time, it was still an issue that had
  been present for a while

  So, these passwords would be fully visible to the end support
  personnel and therefore leaked passwords.

  [ Test Plan ]

  1. Deploy a sunbeam simple cloud, and run the sos report, check to see if passwords are obfuscated in configuration file
  2. Deploy heat, and ensure auth_encryption_key is obfuscated in configuration file
  3. Deploy placement, and ensure that both NOVA_API_PASS and PLACEMENT_PASS are obfuscated in configuration file
  4. Deploy mysql and ensure password field is obfuscated in configuration file

  [ Where problems could occur ]

  The corresponding files are not obfuscated, and we need to update the
  patches

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/focal/+source/sosreport/+bug/2085607/+subscriptions

More information about the Ubuntu-sponsors mailing list