Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:arachnos
libzypp
0001-Disable-AnonymousUniqueId.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Disable-AnonymousUniqueId.patch of Package libzypp
From: Arachnos Date: Tue, 8 Dec 2020 00:00:00 +0000 Subject: [PATCH] Disable AnonymousUniqueId References: bnc#431571 bsc#955801 Disable creating and sending "AnonymousUniqueId" and "LastDistributionFlavor" in custom headers to "download.opensuse.org" due to privacy and security implications. --- tests/zypp/Target_test.cc | 2 ++ zypp/Target.cc | 2 ++ zypp/Target.h | 2 ++ zypp/media/CurlHelper.cc | 3 +++ zypp/media/CurlHelper.h | 3 +++ zypp/media/MediaCurl.cc | 3 +++ zypp/target/TargetImpl.cc | 10 ++++++++++ zypp/target/TargetImpl.h | 4 ++++ zypp/zyppng/media/network/request.cc | 3 +++ 9 files changed, 32 insertions(+) diff --git a/tests/zypp/Target_test.cc b/tests/zypp/Target_test.cc index 3ac9138e4..bbdafb6ce 100644 --- a/tests/zypp/Target_test.cc +++ b/tests/zypp/Target_test.cc @@ -33,6 +33,7 @@ BOOST_AUTO_TEST_CASE(target_test) z->initializeTarget( tmp.path() ); +#ifdef ANONYMOUS_ID // bsc#1024741: Omit creating a new uid for chrooted systems (if it already has one, fine) BOOST_CHECK( ! PathInfo( tmp.path() / "/var/lib/zypp/AnonymousUniqueId").isExist() ); // create an artificial one @@ -44,6 +45,7 @@ BOOST_AUTO_TEST_CASE(target_test) } BOOST_CHECK( PathInfo( tmp.path() / "/var/lib/zypp/AnonymousUniqueId").isExist() ); BOOST_CHECK_EQUAL( z->target()->anonymousUniqueId(), "AnonymousUniqueId" ); +#endif // now check the base product BOOST_CHECK_EQUAL( z->target()->targetDistribution(), "sle-10-i586"); diff --git a/zypp/Target.cc b/zypp/Target.cc index acaf9bcd2..9d71b5815 100644 --- a/zypp/Target.cc +++ b/zypp/Target.cc @@ -124,6 +124,7 @@ namespace zypp std::string Target::distributionVersion( const Pathname & root_r ) { return target::TargetImpl::distributionVersion( root_r ); } +#ifdef ANONYMOUS_ID std::string Target::distributionFlavor() const { return _pimpl->distributionFlavor(); } std::string Target::distributionFlavor( const Pathname & root_r ) @@ -133,6 +134,7 @@ namespace zypp { return _pimpl->anonymousUniqueId(); } std::string Target::anonymousUniqueId( const Pathname & root_r ) { return target::TargetImpl::anonymousUniqueId( root_r ); } +#endif const VendorAttr & Target::vendorAttr() const { return _pimpl->vendorAttr(); } diff --git a/zypp/Target.h b/zypp/Target.h index a4c2c8785..0480cd749 100644 --- a/zypp/Target.h +++ b/zypp/Target.h @@ -181,6 +181,7 @@ namespace zypp /** \overload */ static std::string distributionVersion( const Pathname & root_r ); +#ifdef ANONYMOUS_ID /** * This is \c flavor attribute of the installed base product * but does not require the target to be loaded as it remembers @@ -204,6 +205,7 @@ namespace zypp std::string anonymousUniqueId() const; /** \overload */ static std::string anonymousUniqueId( const Pathname & root_r ); +#endif //@} public: diff --git a/zypp/media/CurlHelper.cc b/zypp/media/CurlHelper.cc index cfa8746fb..d13da9ff5 100644 --- a/zypp/media/CurlHelper.cc +++ b/zypp/media/CurlHelper.cc @@ -297,6 +297,8 @@ int env::getZYPP_MEDIA_CURL_IPRESOLVE() } +// Disable custom headers -- Arachnos +#ifdef ANONYMOUS_ID const char * anonymousIdHeader() { // we need to add the release and identifier to the @@ -324,6 +326,7 @@ const char * distributionFlavorHeader() ); return _value.c_str(); } +#endif const char * agentString() { diff --git a/zypp/media/CurlHelper.h b/zypp/media/CurlHelper.h index 61f1f92c2..00b118428 100644 --- a/zypp/media/CurlHelper.h +++ b/zypp/media/CurlHelper.h @@ -106,6 +106,8 @@ size_t log_redirects_curl( char *ptr, size_t size, size_t nmemb, void *userdata) void fillSettingsFromUrl( const zypp::Url &url, zypp::media::TransferSettings &s ); void fillSettingsSystemProxy( const zypp::Url& url, zypp::media::TransferSettings &s ); +// Disable custom headers -- Arachnos +#ifdef ANONYMOUS_ID /** * initialized only once, this gets the anonymous id * from the target, which we pass in the http header @@ -117,6 +119,7 @@ const char * anonymousIdHeader(); * from the target, which we pass in the http header */ const char * distributionFlavorHeader(); +#endif /** * initialized only once, this gets the agent string diff --git a/zypp/media/MediaCurl.cc b/zypp/media/MediaCurl.cc index 2947c3143..fb39e21bf 100644 --- a/zypp/media/MediaCurl.cc +++ b/zypp/media/MediaCurl.cc @@ -162,12 +162,15 @@ void MediaCurl::setupEasy() // so that we don't add headers twice TransferSettings vol_settings(_settings); +// Disable custom headers -- Arachnos +#ifdef ANONYMOUS_ID // add custom headers for download.opensuse.org (bsc#955801) if ( _url.getHost() == "download.opensuse.org" ) { vol_settings.addHeader(anonymousIdHeader()); vol_settings.addHeader(distributionFlavorHeader()); } +#endif vol_settings.addHeader("Pragma:"); _settings.setTimeout(ZConfig::instance().download_transfer_timeout()); diff --git a/zypp/target/TargetImpl.cc b/zypp/target/TargetImpl.cc index d9f61b723..7f1421f27 100644 --- a/zypp/target/TargetImpl.cc +++ b/zypp/target/TargetImpl.cc @@ -823,11 +823,15 @@ namespace zypp HistoryLog::setRoot(_root); +// Disable AnonymousUniqueId -- Arachnos +#ifdef ANONYMOUS_ID createAnonymousId(); +#endif sigMultiversionSpecChanged(); // HACK: see sigMultiversionSpecChanged MIL << "Initialized target on " << _root << endl; } +#ifdef ANONYMOUS_ID /** * generates a random id using uuidgen */ @@ -934,6 +938,7 @@ namespace zypp return; } } +#endif /////////////////////////////////////////////////////////////////// // @@ -1247,8 +1252,11 @@ namespace zypp } } +// Disable LastDistributionFlavor -- Arachnos +#ifdef ANONYMOUS_ID // now that the target is loaded, we can cache the flavor createLastDistributionFlavorCache(); +#endif MIL << "Target loaded: " << system.solvablesSize() << " resolvables" << endl; } @@ -2904,6 +2912,7 @@ namespace zypp } +#ifdef ANONYMOUS_ID std::string TargetImpl::distributionFlavor() const { return firstNonEmptyLineIn( home() / "LastDistributionFlavor" ); @@ -2939,6 +2948,7 @@ namespace zypp { return guessAnonymousUniqueId( staticGuessRoot(root_r) ); } +#endif /////////////////////////////////////////////////////////////////// diff --git a/zypp/target/TargetImpl.h b/zypp/target/TargetImpl.h index 7cb085e43..c53b052f6 100644 --- a/zypp/target/TargetImpl.h +++ b/zypp/target/TargetImpl.h @@ -67,6 +67,7 @@ namespace zypp /** Dtor. */ virtual ~TargetImpl(); +#ifdef ANONYMOUS_ID /** * generates the unique anonymous id which is called * when creating the target @@ -77,6 +78,7 @@ namespace zypp * generates a cache of the last product flavor */ void createLastDistributionFlavorCache() const; +#endif /** \name Solv file handling. * If target solv file is outdated, but (non-root-)user has @@ -187,6 +189,7 @@ namespace zypp /** \overload */ static std::string distributionVersion( const Pathname & root_r ); +#ifdef ANONYMOUS_ID /** \copydoc Target::distributionFlavor() */ std::string distributionFlavor() const; /** \overload */ @@ -196,6 +199,7 @@ namespace zypp std::string anonymousUniqueId() const; /** \overload */ static std::string anonymousUniqueId( const Pathname & root_r ); +#endif /** \copydoc Target::vendorAttr() */ const VendorAttr & vendorAttr() const diff --git a/zypp/zyppng/media/network/request.cc b/zypp/zyppng/media/network/request.cc index 2bc1c1628..089ab2818 100644 --- a/zypp/zyppng/media/network/request.cc +++ b/zypp/zyppng/media/network/request.cc @@ -239,12 +239,15 @@ namespace zyppng { //make a local copy of the settings, so headers are not added multiple times TransferSettings locSet = _settings; +// Disable custom headers -- Arachnos +#ifdef ANONYMOUS_ID // add custom headers for download.opensuse.org (bsc#955801) if ( _url.getHost() == "download.opensuse.org" ) { locSet.addHeader( ::internal::anonymousIdHeader() ); locSet.addHeader( ::internal::distributionFlavorHeader() ); } +#endif locSet.addHeader("Pragma:"); -- 2.29.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor