anonymize ESSIDs and AP MAC addresses

  Indeed, the repports using "apport-bug" the ESSID is included.
  Even worse, the network key is included also, which is VERY BAD !

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 746900

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

/home paths etc. are already anonymized. If you find a case where it isn't, can you please file a new bug with a concrete example?

I'll filter out ESSIDs and access point MAC addresses, they indeed shouldn't be there.

> they are furthermore submitted without showing the user what is being submitted, even if you click on "details"

The output of "iwconfig" is shown in details expander for me.

Where does the password get shown? it's not in iwconfig, and in syslog I just get

   Oct 13 09:26:51 donald NetworkManager[1204]: <info> Config: added 'psk' value '<omitted>'

I did "ubuntu-bug --save /tmp/bug linux" and grepped /tmp/bug for my wifi password, no hit. If you still get this, can you please file a new report with some more precise instructions how to replicate this, or with a .crash file which exposes this? You can exchange the password with something like "MYWIFIPASSWORD", just knowing where it appears exactly will be enough for me.

I'll devote this bug to the ESSIDs and AP MAC addresses.

Thanks!

Note, the encryption key hiding was done in bug 446299 and fixed in lucid already.

Why has this been marked as "invalid" as opposed to "fixed"?

It's only invalid in the linux task, the apport task is "fix committed".

This bug was fixed in the package apport - 1.24-0ubuntu1

---------------
apport (1.24-0ubuntu1) precise; urgency=low

  * New upstream release 1.23.1:
    - apport/crashdb.py: Ensure that duplicate table only has one entry per
      report ID.
    - apport-retrace: Pass correct executable path to gdb in --gdb with
      --sandbox mode.
    - apport-retrace: Do not leave behind temporary directories on errors.
    - apport-retrace: Drop assertion failure for existance of "Stacktrace".
      This isn't present in the case of gdb crashing, and there is not much we
      can do about it. This should not break the retracer.
    - apport/report.py: Unwind XError() from stack traces for the
      "StacktraceTop" field, as they take a significant part of the trace.
      This causes bugs to be duplicated which really have different causes.
  * New upstream release 1.24:
   - apport-retrace: Add --timestamp option to prepend a timestamp to log
     messages. This is useful for batch operations.
   - crash-digger: Call apport-retrace with --timestamps, to get consistent
     timestamps in log output.
   - hookutils.py: Add two new functions attach_gsettings_package() and
     attach_gsettings_schema() for adding user-modified gsettings keys to a
     report. (LP: #836489)
   - hookutils.py: Add new function in_session_of_problem() which returns
     whether the given report happened in the currently running XDG session.
     This can be used to determine if e. g. ~/.xsession-errors is relevant and
     should be attached.
   - backends/packaging-apt-dpkg.py, install_packages(): Also copy
     apt/sources.list.d/ into sandbox.
   - backends/packaging-apt-dpkg.py, install_packages(): Install apt keyrings
     from config dir or from system into sandbox. (LP: #856216)
   - packaging.py, backends/packaging-apt-dpkg.py: Define that
     install_packages() should return a SystemError for broken
     configs/unreachable servers etc., and fix the apt/dpkg implementation
     accordingly.
   - apport-retrace: Don't crash, just give a proper error message if servers
     are unreachable, or configuration files are broken. (LP: #859248)
   - backends/packaging-apt-dpkg.py: Fix crash when
     /etc/apport/native-origins.d contains any files. (LP: #865199)
   - hookutils, recent_logfile(): Fix invalid return value if log file is not
     readable. (LP: #819357)
   - test/crash: Fix race condition in the "second instance terminates
     immediately" check.
   - hookutils.py: Replace attach_gconf() with a no-op stub. It used static
     python modules like "gconf" which broke the PyGI GTK user interface, and
     gconf is rather obsolete these days.
   - ui.py, open_url(): Greatly simply and robustify by just using xdg-open.
     This already does the right thing wrt. reading the default browser from
     GNOME, KDE, XCE, and other desktops. (LP: #198449)
   - data/general-hooks/generic.py: Only attach ~/.xsession_errors if the bug
     is reported in the same XDG session as the crash happened. (LP: #869974)
   - Ignore crashes for programs which got updated in between the crash and
     reporting. (LP: #132904)
   - Special-case crashes of 'twistd': Try to determin...

Hello Mats, or anyone else affected,

Accepted apport into oneiric-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

This bug was fixed in the package apport - 1.23-0ubuntu4

---------------
apport (1.23-0ubuntu4) oneiric-proposed; urgency=low

  * apport-gtk: In bug update mode, make details dialog resizable and fix
    default size. Patch cherry-picked from trunk r1991. (LP: #865754)
  * backends/packaging-apt-dpkg.py: Fix crash when
    /etc/apport/native-origins.d contains any files. Patch cherry-picked from
    trunk r1973. (LP: #865199)
  * apport/report.py: Special-case crashes of 'twistd': Try to determine the
    client program and assign the report to that, or fail with an
    UnreportableReason. Patch cherry-picked from trunk r1989. (LP: #755025)
  * hookutils.py, attach_wifi(): Anonymize ESSID and AP MAC from "iwconfig"
    output. Patch cherry-picked from trunk 1993. (LP: #746900)
 -- Martin Pitt <email address hidden> Thu, 20 Oct 2011 12:08:11 +0200