rpms/openscap
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase to new upstream version 1.3.10

Browse Source 
Resolves: RHEL-29172
Resolves: RHEL-7050
Resolves: RHEL-4141
Resolves: RHEL-1477
Resolves: RHEL-1476
This commit is contained in:
Jan Černý 2024-04-02 14:57:09 +02:00
parent 1af1734d32
commit 1270162466
3 changed files with 9 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
openscap-1.3.9-PR-1996-fix-sysctl-offline.patch
View File

@ -1,45 +0,0 @@
From 299e344b245e8d1b3a31a58275e0e8d0aa01ed77 Mon Sep 17 00:00:00 2001
From: Evgeny Kolesnikov <ekolesni@redhat.com>
Date: Sat, 8 Jul 2023 07:05:31 +0200
Subject: [PATCH] OVAL/sysctl: Fix offline mode
The initial implementation was buggy: after correctly traversing
prefixed PREFIX/proc/sys directory tree it would incorrectly read
the data from the non-prefixed directory tree.
---
src/OVAL/probes/unix/sysctl_probe.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/OVAL/probes/unix/sysctl_probe.c b/src/OVAL/probes/unix/sysctl_probe.c
index 65d4bd0609..b7c68a0378 100644
--- a/src/OVAL/probes/unix/sysctl_probe.c
+++ b/src/OVAL/probes/unix/sysctl_probe.c
@@ -150,10 +150,14 @@ int sysctl_probe_main(probe_ctx *ctx, void *probe_arg)
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
SEXP_t *se_mib;
char mibpath[PATH_MAX], *mib;
- size_t miblen;
+ size_t miblen, mibstart;
struct stat file_stat;
- snprintf(mibpath, sizeof mibpath, "%s/%s", ofts_ent->path, ofts_ent->file);
+ if (prefix != NULL) {
+ snprintf(mibpath, sizeof mibpath, "%s/%s/%s", prefix, ofts_ent->path, ofts_ent->file);
+ } else {
+ snprintf(mibpath, sizeof mibpath, "%s/%s", ofts_ent->path, ofts_ent->file);
+ }
/* Skip write-only files, eg. /proc/sys/net/ipv4/route/flush */
if (stat(mibpath, &file_stat) == -1) {
@@ -168,7 +172,10 @@ int sysctl_probe_main(probe_ctx *ctx, void *probe_arg)
continue;
}
- mib = strdup(mibpath + strlen(PROC_SYS_DIR) + 1);
+ mibstart = 0;
+ mibstart += prefix != NULL ? strlen(prefix)+1 : 0;
+ mibstart += strlen(PROC_SYS_DIR)+1;
+ mib = strdup(mibpath + mibstart);
miblen = strlen(mib);
while (miblen > 0) {

10
openscap.spec
View File

@ -1,12 +1,11 @@
Name: openscap
Version: 1.3.8
Version: 1.3.10
Release: 1%{?dist}
Epoch: 1
Summary: Set of open source libraries enabling integration of the SCAP line of standards
License: LGPLv2+
URL: http://www.open-scap.org/
Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
Patch0: openscap-1.3.9-PR-1996-fix-sysctl-offline.patch
BuildRequires: make
BuildRequires: cmake >= 2.6
BuildRequires: gcc
@ -198,6 +197,13 @@ pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm
%{_bindir}/oscap-run-sce-script
%changelog
* Tue Apr 02 2024 Jan Černý <jcerny@redhat.com> - 1:1.3.10-1
- Rebase to the latest upstream version (RHEL-29172)
- Fix OVAL results file name (RHEL-7050)
- Add ability to define a limit of collected items (RHEL-4141)
- Add ability to refine rules in autotailor (RHEL-1477)
- Improve the formatting of Blueprint remediations (RHEL-1476)
* Fri Jul 14 2023 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.8-1
- Upgrade to the latest upstream release (rhbz#2217442)
- Fix systemd* probes unit enumeration (rhbz#2219532)

2
sources
View File

@ -1 +1 @@
SHA512 (openscap-1.3.8.tar.gz) = 4a05f6467ea88f92cc74d7470ed97de10be4ae3de9b16ab065adcedc403adfae667b1b787b65ba6d9c85d38bf7ef47dbd10c90b2dd2b2a48056655a451103ae9
SHA512 (openscap-1.3.10.tar.gz) = 007556b8f020636f6613c2b1192a8b96dfb21b62994a3e257619d48021ad962f95b724c3ac9709a60dbbf7dba8f2499ff8b9b56a7f2d293ca3a8d6ec8107f595