Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package wicked for openSUSE:Factory checked
in at 2024-03-21 17:00:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/wicked (Old)
and /work/SRC/openSUSE:Factory/.wicked.new.1905 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wicked"
Thu Mar 21 17:00:08 2024 rev:99 rq:1159817 version:0.6.74
Changes:
--------
--- /work/SRC/openSUSE:Factory/wicked/wicked.changes 2024-03-17
22:10:35.688525514 +0100
+++ /work/SRC/openSUSE:Factory/.wicked.new.1905/wicked.changes 2024-03-21
17:00:18.912088559 +0100
@@ -1,0 +2,7 @@
+Thu Mar 19 17:00:01 UTC 2024 - Clemens Famulla-Conrad <cfamullacon...@suse.com>
+
+- hide secrets in debug log (bsc#1221194)
+ [+ 0003-move-all-attribute-definitions-to-compiler-h.patch]
+ [+ 0004-hide-secrets-in-debug-log-bsc-1221194.patch]
+
+-------------------------------------------------------------------
New:
----
0003-move-all-attribute-definitions-to-compiler-h.patch
0004-hide-secrets-in-debug-log-bsc-1221194.patch
BETA DEBUG BEGIN:
New:- hide secrets in debug log (bsc#1221194)
[+ 0003-move-all-attribute-definitions-to-compiler-h.patch]
[+ 0004-hide-secrets-in-debug-log-bsc-1221194.patch]
New: [+ 0003-move-all-attribute-definitions-to-compiler-h.patch]
[+ 0004-hide-secrets-in-debug-log-bsc-1221194.patch]
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ wicked.spec ++++++
--- /var/tmp/diff_new_pack.w5FqJR/_old 2024-03-21 17:00:19.476109728 +0100
+++ /var/tmp/diff_new_pack.w5FqJR/_new 2024-03-21 17:00:19.480109878 +0100
@@ -28,6 +28,8 @@
Source1: wicked-rpmlintrc
Patch1: 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch
Patch2: 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch
+Patch3: 0003-move-all-attribute-definitions-to-compiler-h.patch
+Patch4: 0004-hide-secrets-in-debug-log-bsc-1221194.patch
#
# Upstream First - openSUSE Build Service Policy:
#
@@ -173,7 +175,7 @@
%autopatch -p1
%build
-test -x ./configure || autoreconf --force --install
+autoreconf --force --install
export CFLAGS="-std=gnu89 $RPM_OPT_FLAGS -fPIC" LDFLAGS="-pie"
%configure \
--with-piddir=%{wicked_piddir} \
++++++ 0003-move-all-attribute-definitions-to-compiler-h.patch ++++++
>From 71c88af525fe35e32af665dfa776104aa2a48f67 Mon Sep 17 00:00:00 2001
From: Clemens Famulla-Conrad <cfamullacon...@suse.de>
Date: Tue, 19 Mar 2024 10:15:12 +0100
Subject: [PATCH 1/3] Move all __attribute__ definitions to compiler.h
---
client/ifreload.c | 15 +++++++-------
include/Makefile.am | 1 +
include/wicked/compiler.h | 42 +++++++++++++++++++++++++++++++++++++++
include/wicked/logging.h | 24 +++++++++-------------
src/duid.c | 9 +--------
src/duid.h | 15 +++++---------
src/fsm.c | 3 ++-
testing/wunit.h | 5 +++--
8 files changed, 71 insertions(+), 43 deletions(-)
create mode 100644 include/wicked/compiler.h
diff --git a/client/ifreload.c b/client/ifreload.c
index 8786cb3b..d8525457 100644
--- a/client/ifreload.c
+++ b/client/ifreload.c
@@ -38,6 +38,7 @@
#include <wicked/netinfo.h>
#include <wicked/logging.h>
#include <wicked/fsm.h>
+#include <wicked/compiler.h>
#include "wicked-client.h"
#include "appconfig.h"
@@ -59,7 +60,7 @@ ifreload_mark_add(ni_ifworker_array_t *marked, ni_ifworker_t
*w)
static inline void
ifreload_mark_down_lower_deps(const ni_fsm_t *fsm, ni_ifworker_array_t
*marked, ni_ifworker_t *lower,
- void (*logit)(const char *, ...) __fmtattr)
+ void (*logit)(const char *, ...) ni__printf(1,
2))
{
ni_ifworker_t *w;
unsigned int i;
@@ -94,7 +95,7 @@ ifreload_mark_down_lower_deps(const ni_fsm_t *fsm,
ni_ifworker_array_t *marked,
static ni_bool_t
ifreload_mark_down(const ni_fsm_t *fsm, ni_ifworker_array_t *marked,
ni_ifworker_t *w,
- void (*logit)(const char *, ...) __fmtattr,
+ void (*logit)(const char *, ...) ni__printf(1,
2),
unsigned int depth)
{
/* ifdown is disabled when persistent mode is on (todo: add --force?) */
@@ -176,7 +177,7 @@ ifreload_mark_down(const ni_fsm_t *fsm, ni_ifworker_array_t
*marked, ni_ifworker
static void
ifreload_mark_up_slave_deps(const ni_fsm_t *fsm, ni_ifworker_array_t *marked,
ni_ifworker_t *master,
- void (*logit)(const char *, ...) __fmtattr)
+ void (*logit)(const char *, ...) ni__printf(1,
2))
{
ni_ifworker_t *w;
unsigned int i;
@@ -207,7 +208,7 @@ ifreload_mark_up_slave_deps(const ni_fsm_t *fsm,
ni_ifworker_array_t *marked, ni
static void
ifreload_mark_up_master(const ni_fsm_t *fsm, ni_ifworker_array_t *marked,
ni_ifworker_t *w,
- void (*logit)(const char *, ...) __fmtattr)
+ void (*logit)(const char *, ...) ni__printf(1,
2))
{
if (!ni_ifcheck_worker_config_exists(w)) {
logit("skipping %s set-up: no configuration available",
w->name);
@@ -228,7 +229,7 @@ ifreload_mark_up_master(const ni_fsm_t *fsm,
ni_ifworker_array_t *marked, ni_ifw
static void
ifreload_mark_up_lower_deps(const ni_fsm_t *fsm, ni_ifworker_array_t *marked,
ni_ifworker_t *lower,
- void (*logit)(const char *, ...) __fmtattr)
+ void (*logit)(const char *, ...) ni__printf(1,
2))
{
ni_ifworker_t *w;
unsigned int i;
@@ -268,7 +269,7 @@ ifreload_mark_up_lower_deps(const ni_fsm_t *fsm,
ni_ifworker_array_t *marked, ni
static ni_bool_t
ifreload_mark_up(const ni_fsm_t *fsm, ni_ifworker_array_t *marked,
ni_ifworker_t *w,
- void (*logit)(const char *, ...) __fmtattr)
+ void (*logit)(const char *, ...) ni__printf(1,
2))
{
if (!ni_ifcheck_worker_config_exists(w)) {
logit("skipping %s set-up: no configuration available",
w->name);
@@ -299,7 +300,7 @@ ifreload_mark_up(const ni_fsm_t *fsm, ni_ifworker_array_t
*marked, ni_ifworker_t
static void
ifreload_mark_workers(const ni_fsm_t *fsm, ni_ifworker_array_t *down_marked,
ni_ifworker_array_t *up_marked, const char *ifname)
{
- void (*logit)(const char *, ...) __fmtattr = ifname ? ni_note : ni_info;
+ void (*logit)(const char *, ...) ni__printf(1, 2) = ifname ? ni_note :
ni_info;
ni_ifworker_t *w;
unsigned int i;
diff --git a/include/Makefile.am b/include/Makefile.am
index b913cafa..fed931d1 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -10,6 +10,7 @@ wicked_include_HEADERS = \
wicked/bridge.h \
wicked/client.h \
wicked/constants.h \
+ wicked/compiler.h \
wicked/dbus.h \
wicked/dbus-errors.h \
wicked/dbus-service.h \
diff --git a/include/wicked/compiler.h b/include/wicked/compiler.h
new file mode 100644
index 00000000..f5edf9a2
--- /dev/null
+++ b/include/wicked/compiler.h
@@ -0,0 +1,42 @@
+/*
+ * Compiler specific definitions
+ *
+ * Copyright (C) 2024 SUSE LLC
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef NI_WICKED_COMPILER_H
+#define NI_WICKED_COMPILER_H
+
+#ifdef __GNUC__
+
+# define ni__printf(a, b) __attribute__ ((format (printf, a, b)))
+# define ni__noreturn __attribute__ ((noreturn))
+# define ni__packed __attribute__ ((__packed__))
+# define ni__unused __attribute__ ((unused))
+# define ni__constructor __attribute__ ((constructor))
+
+#else /* __GNUC__ */
+
+# define ni__printf(a, b) /* */
+# define ni__noreturn /* */
+# define ni__packed /* */
+# define ni__unused /* */
+# define ni__constructor /* */
+
+#endif
+
+#endif /* NI_WICKED_COMPILER_H */
diff --git a/include/wicked/logging.h b/include/wicked/logging.h
index 7d2fbd89..db8874a5 100644
--- a/include/wicked/logging.h
+++ b/include/wicked/logging.h
@@ -8,22 +8,16 @@
#define __WICKED_LOGGING_H__
#include <wicked/types.h>
+#include <wicked/compiler.h>
-#ifdef __GNUC__
-# define __fmtattr __attribute__ ((format (printf, 1, 2)))
-# define __noreturn __attribute__ ((noreturn))
-#else
-# define __fmtattr /* */
-# define __noreturn /* */
-#endif
-
-extern void ni_info(const char *, ...) __fmtattr;
-extern void ni_note(const char *, ...) __fmtattr;
-extern void ni_warn(const char *, ...) __fmtattr;
-extern void ni_error(const char *, ...) __fmtattr;
-extern void ni_error_extra(const char *, ...) __fmtattr;
-extern void ni_trace(const char *, ...) __fmtattr;
-extern void ni_fatal(const char *, ...) __fmtattr __noreturn;
+
+extern void ni_info(const char *, ...) ni__printf(1, 2);
+extern void ni_note(const char *, ...) ni__printf(1, 2);
+extern void ni_warn(const char *, ...) ni__printf(1, 2);
+extern void ni_error(const char *, ...) ni__printf(1, 2);
+extern void ni_error_extra(const char *, ...) ni__printf(1, 2);
+extern void ni_trace(const char *, ...) ni__printf(1, 2);
+extern void ni_fatal(const char *, ...) ni__printf(1, 2)
ni__noreturn;
extern int ni_enable_debug(const char *);
extern int ni_debug_set_default(const char *);
diff --git a/src/duid.c b/src/duid.c
index 188b9e2d..fcc8321c 100644
--- a/src/duid.c
+++ b/src/duid.c
@@ -71,11 +71,6 @@ struct ni_duid_map {
struct flock flock;
};
-/*
- * compiler (gcc) specific ...
- */
-#define NI_PACKED __attribute__((__packed__))
-
/*
* DUID typed packed data union
*/
@@ -84,9 +79,7 @@ typedef union ni_duid_data {
ni_duid_llt_t llt;
ni_duid_ll_t ll;
ni_duid_en_t en;
-} NI_PACKED ni_duid_data_t;
-
-#undef NI_PACKED
+} ni__packed ni_duid_data_t;
/*
diff --git a/src/duid.h b/src/duid.h
index 756d7cef..c7eec24c 100644
--- a/src/duid.h
+++ b/src/duid.h
@@ -27,6 +27,7 @@
#include <wicked/types.h>
#include <wicked/util.h>
+#include <wicked/compiler.h>
/*
@@ -61,11 +62,6 @@
#define NI_DUID_TYPE_LL 3
#define NI_DUID_TYPE_UUID 4
-/*
- * We use gcc compiler specific attributes for
- * these direct access structs to duid members.
- */
-#define NI_PACKED __attribute__((__packed__))
/*
* DUID type 1, Link-layer address plus time
@@ -77,7 +73,7 @@ typedef struct ni_duid_llt {
uint16_t hwtype; /* link layer address type */
uint32_t v6time; /* second since 2000 % 2^32 */
unsigned char hwaddr[]; /* link layer address */
-} NI_PACKED ni_duid_llt_t;
+} ni__packed ni_duid_llt_t;
/*
* DUID type 2, Vendor-assigned unique ID based on Enterprise Number
@@ -89,7 +85,7 @@ typedef struct ni_duid_en {
uint16_t type; /* type 2 */
uint32_t enterprise; /* assigned enterprise-number */
unsigned char identifier[]; /* machine unique identifier */
-} NI_PACKED ni_duid_en_t;
+} ni__packed ni_duid_en_t;
/*
* DUID type 3, Link-layer address
@@ -100,7 +96,7 @@ typedef struct ni_duid_ll {
uint16_t type; /* type 3 */
uint16_t hwtype; /* RFC 826 hardware type code */
unsigned char hwaddr[]; /* link layer address */
-} NI_PACKED ni_duid_ll_t;
+} ni__packed ni_duid_ll_t;
/*
* DUID type 4, UUID-Based DHCPv6 Unique Identifier
@@ -111,9 +107,8 @@ typedef struct ni_duid_ll {
typedef struct ni_duid_uuid {
uint16_t type; /* type 4 */
ni_uuid_t uuid; /* RFC4122 UUID as bytes */
-} NI_PACKED ni_duid_uuid_t;
+} ni__packed ni_duid_uuid_t;
-#undef NI_PACKED
typedef struct ni_duid_map ni_duid_map_t;
diff --git a/src/fsm.c b/src/fsm.c
index 603e8b44..caadd9b9 100644
--- a/src/fsm.c
+++ b/src/fsm.c
@@ -26,6 +26,7 @@
#include <wicked/client.h>
#include <wicked/bridge.h>
#include <wicked/ovs.h>
+#include <wicked/compiler.h>
#include <xml-schema.h>
#include "dbus-objects/model.h"
@@ -2910,7 +2911,7 @@ ni_ifworker_type_from_object_path(const char *path, const
char **suffix)
unsigned int
ni_fsm_get_matching_workers(ni_fsm_t *fsm, ni_ifmatcher_t *match,
ni_ifworker_array_t *result)
{
- void (*logit)(const char *, ...) __fmtattr;
+ void (*logit)(const char *, ...) ni__printf(1, 2);
unsigned int i;
if (ni_string_eq(match->name, "all")) {
diff --git a/testing/wunit.h b/testing/wunit.h
index af79826f..84f14223 100644
--- a/testing/wunit.h
+++ b/testing/wunit.h
@@ -43,6 +43,7 @@
#include <string.h>
#include <wicked/logging.h>
#include <wicked/util.h>
+#include <wicked/compiler.h>
typedef struct wunit_s wunit_t;
typedef void (*wunit_test_fn)();
@@ -60,7 +61,7 @@ struct wunit_s {
*current;
};
-__attribute__((unused)) static wunit_t wunit_ctx = {
+ni__unused static wunit_t wunit_ctx = {
.testcases_idx = 0,
.fail = 0,
.ok = 0,
@@ -110,7 +111,7 @@ __attribute__((unused)) static wunit_t wunit_ctx = {
#define TESTCASE(ts_name)
\
static void testcase_##ts_name(void);
\
- static void wunit_register_##ts_name(void)
__attribute__((constructor)); \
+ static void wunit_register_##ts_name(void) ni__constructor;
\
static void wunit_register_##ts_name(void)
\
{
\
unsigned int i = wunit_ctx.testcases_idx;
\
--
2.35.3
>From c273e4f26650059b69c097c671b7bfb8c1018068 Mon Sep 17 00:00:00 2001
From: Clemens Famulla-Conrad <cfamullacon...@suse.de>
Date: Tue, 19 Mar 2024 10:16:03 +0100
Subject: [PATCH 2/3] wunit.h: add header guard macros
---
testing/wunit.h | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/testing/wunit.h b/testing/wunit.h
index 84f14223..6fb31d60 100644
--- a/testing/wunit.h
+++ b/testing/wunit.h
@@ -38,6 +38,9 @@
* make check
*/
+#ifndef NI_TESTING_WUNIT_H
+#define NI_TESTING_WUNIT_H
+
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
@@ -151,3 +154,5 @@ ni__unused static wunit_t wunit_ctx = {
\
return wunit_ctx.fail > 0 ? 1 : 0;
\
}
+
+#endif /* NI_TESTING_WUNIT_H */
--
2.35.3
>From 4847702c1872661e80e5802cbf8405c033d310ec Mon Sep 17 00:00:00 2001
From: Clemens Famulla-Conrad <cfamullacon...@suse.de>
Date: Tue, 19 Mar 2024 10:16:03 +0100
Subject: [PATCH 3/3] logging.h: align header guard macro
---
include/wicked/logging.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/wicked/logging.h b/include/wicked/logging.h
index db8874a5..4938450e 100644
--- a/include/wicked/logging.h
+++ b/include/wicked/logging.h
@@ -4,8 +4,8 @@
* Copyright (C) 2010-2012 Olaf Kirch <o...@suse.de>
*/
-#ifndef __WICKED_LOGGING_H__
-#define __WICKED_LOGGING_H__
+#ifndef NI_WICKED_LOGGING_H
+#define NI_WICKED_LOGGING_H
#include <wicked/types.h>
#include <wicked/compiler.h>
@@ -143,4 +143,4 @@ extern unsigned int ni_log_level;
__warned = 1; \
} while (0)
-#endif /* __WICKED_LOGGING_H__ */
+#endif /* NI_WICKED_LOGGING_H */
--
2.35.3
++++++ 0004-hide-secrets-in-debug-log-bsc-1221194.patch ++++++
>From 4e71bade4efa1eb62468a715b973d8b77daf59b1 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <m...@suse.com>
Date: Tue, 19 Mar 2024 11:01:32 +0100
Subject: [PATCH 1/5] xml: add xml_node_hide_cdata utility function
---
include/wicked/xml.h | 18 +++----
src/xml.c | 113 ++++++++++++++++++++++++++++++++++++++++---
2 files changed, 115 insertions(+), 16 deletions(-)
diff --git a/include/wicked/xml.h b/include/wicked/xml.h
index dbf3a80e..8acf24b2 100644
--- a/include/wicked/xml.h
+++ b/include/wicked/xml.h
@@ -3,7 +3,8 @@
* This basically parses tags, attributes and CDATA, and that's
* just about it.
*
- * Copyright (C) 2009-2012 Olaf Kirch <o...@suse.de>
+ * Copyright (C) 2009-2012 Olaf Kirch <o...@suse.de>
+ * Copyright (C) 2009-2024 SUSE LLC
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,15 +16,11 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/> or write
- * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
- * Boston, MA 02110-1301 USA.
- *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-
-#ifndef __WICKED_XML_H__
-#define __WICKED_XML_H__
+#ifndef NI_WICKED_XML_H
+#define NI_WICKED_XML_H
#include <stdio.h>
#include <wicked/util.h>
@@ -109,6 +106,7 @@ extern int xml_node_uuid(const xml_node_t *,
unsigned int, const ni_uuid_t *, n
extern int xml_node_content_uuid(const xml_node_t *, unsigned int,
const ni_uuid_t *, ni_uuid_t *);
extern int xml_node_print_fn(const xml_node_t *, void (*)(const
char *, void *), void *);
extern int xml_node_print_debug(const xml_node_t *, unsigned int
facility);
+extern void xml_node_hide_cdata(xml_node_t *, const char * const
[], const char *);
extern xml_node_t * xml_node_scan(FILE *fp, const char *location);
extern void xml_node_set_cdata(xml_node_t *, const char *);
extern void xml_node_set_int(xml_node_t *, int);
@@ -185,4 +183,4 @@ xml_document_is_empty(const xml_document_t *doc)
return (!doc || xml_node_is_empty(doc->root));
}
-#endif /* __WICKED_XML_H__ */
+#endif /* NI_WICKED_XML_H */
diff --git a/src/xml.c b/src/xml.c
index 59c31924..a55af56f 100644
--- a/src/xml.c
+++ b/src/xml.c
@@ -1,7 +1,8 @@
/*
* XML objects - document and node
*
- * Copyright (C) 2009-2012 Olaf Kirch <o...@suse.de>
+ * Copyright (C) 2009-2012 Olaf Kirch <o...@suse.de>
+ * Copyright (C) 2009-2024 SUSE LLC
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -13,11 +14,8 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see <http://www.gnu.org/licenses/> or write
- * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
- * Boston, MA 02110-1301 USA.
- *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -26,6 +24,7 @@
#include <wicked/xml.h>
#include <wicked/logging.h>
#include "util_priv.h"
+#include "slist_priv.h"
#include <inttypes.h>
#define XML_DOCUMENTARRAY_CHUNK 1
@@ -863,3 +862,105 @@ xml_node_dict_set(xml_node_t *parent, const char *name,
const char *value)
child = xml_node_create(parent, name);
xml_node_set_cdata(child, value);
}
+
+typedef struct xml_node_name_path xml_node_name_path_t;
+
+struct xml_node_name_path {
+ xml_node_name_path_t * next;
+ ni_string_array_t path;
+};
+
+static xml_node_name_path_t *
+xml_node_name_path_new(void)
+{
+ return calloc(1, sizeof(xml_node_name_path_t));
+}
+
+static void
+xml_node_name_path_free(xml_node_name_path_t *item)
+{
+ if (item) {
+ ni_string_array_destroy(&item->path);
+ free(item);
+ }
+}
+
+static inline ni_bool_t
+xml_node_name_path_match(xml_node_t *node, const ni_string_array_t *path)
+{
+ ni_bool_t ret = FALSE;
+ const char *name;
+ unsigned int i;
+
+ if (!node || !path)
+ return FALSE;
+
+ for (i = 0; i < path->count; ++i) {
+ name = path->data[i];
+
+ if (!node || !ni_string_eq(node->name, name))
+ return FALSE;
+
+ node = node->parent;
+ ret = TRUE;
+ }
+ return ret;
+}
+
+static ni_define_slist_destroy(xml_node_name_path);
+static ni_define_slist_append(xml_node_name_path);
+
+static ni_bool_t
+xml_node_name_path_list_create(xml_node_name_path_t **list, const char * const
npaths[])
+{
+ xml_node_name_path_t *item;
+ const char * const *nptr;
+
+ if (!list || !npaths)
+ return FALSE;
+
+ for (nptr = npaths; *nptr; ++nptr) {
+ if (!(item = xml_node_name_path_new())) {
+ xml_node_name_path_list_destroy(list);
+ return FALSE;
+ }
+ if (!ni_string_split(&item->path, *nptr, "/", 0))
+ xml_node_name_path_free(item);
+ else
+ xml_node_name_path_list_append(list, item);
+ }
+ return TRUE;
+}
+
+static void
+xml_node_name_path_list_hide_cdata(xml_node_t *node,
+ const xml_node_name_path_t *list, const char *hidden)
+{
+ const xml_node_name_path_t *item;
+ xml_node_t *child;
+
+ ni_slist_foreach(list, item) {
+ if (!xml_node_name_path_match(node, &item->path))
+ continue;
+
+ xml_node_set_cdata(node, hidden);
+ }
+
+ for (child = node->children; child; child = child->next)
+ xml_node_name_path_list_hide_cdata(child, list, hidden);
+}
+
+extern void
+xml_node_hide_cdata(xml_node_t *node, const char * const npaths[], const char
*hidden)
+{
+ xml_node_name_path_t *list = NULL;
+
+ if (!node || !npaths)
+ return;
+
+ if (!xml_node_name_path_list_create(&list, npaths) || !list)
+ return;
+
+ xml_node_name_path_list_hide_cdata(node, list, hidden);
+ xml_node_name_path_list_destroy(&list);
+}
--
2.35.3
>From 6b57f56261bc576aadaaf8c898931ba0170c2171 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <m...@suse.com>
Date: Tue, 19 Mar 2024 11:01:32 +0100
Subject: [PATCH 2/5] logging: add ni_debug_(verbose_)config_xml utility
Replaces cdata in a copy of a config node and it's
children that contain passwords before logging it.
---
include/wicked/logging.h | 6 ++++++
src/logging.c | 37 +++++++++++++++++++++++++++++++++++++
2 files changed, 43 insertions(+)
diff --git a/include/wicked/logging.h b/include/wicked/logging.h
index 4938450e..a260a2c6 100644
--- a/include/wicked/logging.h
+++ b/include/wicked/logging.h
@@ -18,6 +18,9 @@ extern void ni_error(const char *, ...)
ni__printf(1, 2);
extern void ni_error_extra(const char *, ...) ni__printf(1, 2);
extern void ni_trace(const char *, ...) ni__printf(1, 2);
extern void ni_fatal(const char *, ...) ni__printf(1, 2)
ni__noreturn;
+extern void ni_debug_verbose_config_xml(const xml_node_t *,
+ unsigned int, unsigned int,
+ const char *, ...) ni__printf(4, 5);
extern int ni_enable_debug(const char *);
extern int ni_debug_set_default(const char *);
@@ -117,6 +120,9 @@ extern unsigned int ni_log_level;
} \
} while (0)
+#define ni_debug_config_xml(xml_node, level, fmt, args...) \
+ ni_debug_verbose_config_xml(xml_node, level, NI_TRACE_WICKED_XML, fmt,
##args)
+
#define ni_debug_none(fmt, args...) do { } while (0)
#define ni_debug_verbose(level, facility, fmt, args...) \
diff --git a/src/logging.c b/src/logging.c
index 42e9f5e5..ce3a1623 100644
--- a/src/logging.c
+++ b/src/logging.c
@@ -18,6 +18,7 @@
#include <wicked/logging.h>
#include <wicked/util.h>
+#include <wicked/xml.h>
#include "util_priv.h"
#define NI_LOG_PID (1 << 0)
@@ -624,3 +625,39 @@ ni_fatal(const char *fmt, ...)
exit(1);
}
+void
+ni_debug_verbose_config_xml(const xml_node_t *node,
+ unsigned int level, unsigned int facility,
+ const char *fmt, ...)
+{
+ static const char *hidden = "***";
+ static const char * const npaths[] = {
+ "client-key-passwd",
+ "passphrase",
+ "password",
+ "modem-pin",
+ "wep/key",
+ NULL
+ };
+ xml_node_t *clone;
+ va_list ap;
+
+ if (!node || !ni_debug_guard(level, facility))
+ return;
+
+ if (!(clone = xml_node_clone(node, NULL)))
+ return;
+
+ xml_node_hide_cdata(clone, npaths, hidden);
+
+ va_start(ap, fmt);
+ if (!ni_log_syslog)
+ __ni_log_stderr("::: ", fmt, ap, "");
+ else
+ vsyslog(level, fmt, ap);
+
+ va_end(ap);
+
+ xml_node_print_debug(clone, facility);
+ xml_node_free(clone);
+}
--
2.35.3
>From fb46cbdb2a200515bdc839dfaeaaf0ec9d0ee78c Mon Sep 17 00:00:00 2001
From: Clemens Famulla-Conrad <cfamullacon...@suse.de>
Date: Tue, 19 Mar 2024 11:01:32 +0100
Subject: [PATCH 3/5] wpa-supplicant: hide private_key_passwd from log
---
src/wpa-supplicant.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/wpa-supplicant.c b/src/wpa-supplicant.c
index 15a62b33..097f3036 100644
--- a/src/wpa-supplicant.c
+++ b/src/wpa-supplicant.c
@@ -1224,7 +1224,9 @@ ni_debug_escape_net_property(const char *prop_name)
NI_WPA_NET_PROPERTY_WEP_KEY1,
NI_WPA_NET_PROPERTY_WEP_KEY2,
NI_WPA_NET_PROPERTY_WEP_KEY3,
- NI_WPA_NET_PROPERTY_PASSWORD
+ NI_WPA_NET_PROPERTY_PASSWORD,
+ NI_WPA_NET_PROPERTY_PRIVATE_KEY,
+ NI_WPA_NET_PROPERTY_PRIVATE_KEY_PASSWD
};
if (!ni_wpa_net_property_type(prop_name, &type))
--
2.35.3
>From 8b1e2826556a4c58a3c63bf41d1a7c2352ac44af Mon Sep 17 00:00:00 2001
From: Clemens Famulla-Conrad <cfamullacon...@suse.de>
Date: Tue, 19 Mar 2024 11:01:32 +0100
Subject: [PATCH 4/5] nanny: use ni_debug_config_xml for config dump
---
nanny/device.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/nanny/device.c b/nanny/device.c
index d769cf24..890f479d 100644
--- a/nanny/device.c
+++ b/nanny/device.c
@@ -205,8 +205,8 @@ ni_factory_device_apply_policy(ni_fsm_t *fsm, ni_ifworker_t
*w, ni_managed_polic
w->name, type_name);
return -1;
}
- ni_debug_nanny("%s: using device config", w->name);
- xml_node_print_debug(config, 0);
+
+ ni_debug_config_xml(config, NI_LOG_DEBUG, "%s: using device config",
w->name);
ni_ifworker_set_config(w, config, ni_fsm_policy_origin(policy));
xml_node_free(config);
@@ -269,8 +269,7 @@ ni_managed_device_apply_policy(ni_managed_device_t *mdev,
ni_managed_policy_t *m
ni_error("%s: error when applying policy to %s document",
w->name, type_name);
return -1;
}
- ni_debug_nanny("%s: using device config", w->name);
- xml_node_print_debug(config, 0);
+ ni_debug_config_xml(config, NI_LOG_DEBUG, "%s: using device config",
w->name);
ni_managed_device_set_policy(mdev, mpolicy, config);
xml_node_free(config);
--
2.35.3
>From 909ee2f91299c8660c675df1170a100c5eb00a89 Mon Sep 17 00:00:00 2001
From: Clemens Famulla-Conrad <cfamullacon...@suse.de>
Date: Tue, 19 Mar 2024 11:01:32 +0100
Subject: [PATCH 5/5] firmware: use ni_debug_config_xml for config dump
---
src/firmware.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/firmware.c b/src/firmware.c
index 2842664b..517bc266 100644
--- a/src/firmware.c
+++ b/src/firmware.c
@@ -158,8 +158,8 @@ ni_netif_firmware_discovery_script_ifconfig(xml_document_t
**doc,
xml_document_free(*doc);
*doc = NULL;
} else if (ni_log_level_at(NI_LOG_DEBUG2)) {
- ni_debug_ifconfig("%s discovery script xml output:",
type);
- xml_node_print_debug(xml_document_root(*doc),
NI_TRACE_IFCONFIG);
+ ni_debug_verbose_config_xml(xml_document_root(*doc),
NI_LOG_DEBUG2,
+ NI_TRACE_IFCONFIG, "%s discovery script
xml output:", type);
}
}
ni_buffer_destroy(&buf);
--
2.35.3
