Description of problem: A very verbose log is being saved at /tmp/rime.fcitx-rime.INFO which can become very large and contains everything the user has typed. Even worse, permission set on this file is 755 which means everyone can read this file and see exactly what the user has typed. Version-Release number of selected component (if applicable): 1.5.3 How reproducible: Always Steps to Reproduce: 1. add librime in fcitx 2. switch to it, and try to type something 3. read the file under /tmp/rime.fcitx-rime.INFO (which is a symlink to the actual log file) Actual results: Confidential data is saved to disk without user consent. Expected results: librime should not log anything that contains user input Additional info: I do not know where the cmake macro is from in the rpm spec but it should have the flag `DCMAKE_BUILD_TYPE=Release` set. Relevant issue: https://github.com/rime/librime/issues/254#issuecomment-625155952 Relevant bug reports: https://bugs.gentoo.org/695702
FEDORA-2020-a3347ff2f9 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-a3347ff2f9
FEDORA-2020-a3347ff2f9 has been pushed to the Fedora 32 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-a3347ff2f9` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-a3347ff2f9 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
This issue has been fixed with FEDORA-2020-032ae4123a. Thank you.
FEDORA-2020-a3347ff2f9 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.