rpms/openscap
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import openscap-1.3.5-8.el9

Browse Source
This commit is contained in:
CentOS Sources 2021-11-03 08:45:49 -04:00 committed by Stepan Oksanichenko
commit 4feb9ec8b2
13 changed files with 3420 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/openscap-1.3.5.tar.gz

1
.openscap.metadata Normal file
View File

@ -0,0 +1 @@
77494383980082f8bc625a6e196a6760d30a5107 SOURCES/openscap-1.3.5.tar.gz

52
SOURCES/openscap-1.3.6-coverity-issues-pr-1748.patch Normal file
View File

@ -0,0 +1,52 @@
From 378ef5e438a2f5af7a50374d2bd23bdd3403201f Mon Sep 17 00:00:00 2001
From: Evgeny Kolesnikov <ekolesni@redhat.com>
Date: Tue, 4 May 2021 08:41:06 +0200
Subject: [PATCH] Fix covscan-reported issues in yamlfilecontent probe and
schematron
Error: FORWARD_NULL (CWE-476): [#def1]
/OVAL/probes/independent/yamlfilecontent_probe.c:392: var_compare_op: Comparing "yaml_file" to null implies that "yaml_file" might be null.
/OVAL/probes/independent/yamlfilecontent_probe.c:417: var_deref_model: Passing null pointer "yaml_file" to "fclose", which dereferences it.
# 416| cleanup:
# 417|-> fclose(yaml_file);
# 418| yaml_parser_delete(&parser);
Error: RESOURCE_LEAK (CWE-772): [#def2] [important]
/source/schematron.c:549: alloc_fn: Storage is returned from allocation function "xmlXPathNodeEval".
/source/schematron.c:549: var_assign: Assigning: "component_refs" = storage returned from "xmlXPathNodeEval(data_stream_node, (xmlChar *)"ds:checklists/ds:component-ref", context)".
/source/schematron.c:551: leaked_storage: Variable "component_refs" going out of scope leaks the storage it points to.
# 550| if (component_refs == NULL || component_refs->nodesetval == NULL) {
# 551|-> return res;
# 552| }
---
src/OVAL/probes/independent/yamlfilecontent_probe.c | 3 ++-
src/source/schematron.c | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/OVAL/probes/independent/yamlfilecontent_probe.c b/src/OVAL/probes/independent/yamlfilecontent_probe.c
index ed5ce0d68..62a8f4ff2 100644
--- a/src/OVAL/probes/independent/yamlfilecontent_probe.c
+++ b/src/OVAL/probes/independent/yamlfilecontent_probe.c
@@ -414,7 +414,8 @@ static int process_yaml_file(const char *prefix, const char *path, const char *f
}
cleanup:
- fclose(yaml_file);
+ if (yaml_file != NULL)
+ fclose(yaml_file);
yaml_parser_delete(&parser);
free(filepath_with_prefix);
free(filepath);
diff --git a/src/source/schematron.c b/src/source/schematron.c
index 6cb22658b..c32d5aed6 100644
--- a/src/source/schematron.c
+++ b/src/source/schematron.c
@@ -548,6 +548,8 @@ static bool _req_src_346_1_sub1(xmlNodePtr data_stream_node, xmlXPathContextPtr
/* every $m in ds:checklists/ds:component-ref satisfies ... */
xmlXPathObjectPtr component_refs = xmlXPathNodeEval(data_stream_node, BAD_CAST "ds:checklists/ds:component-ref", context);
if (component_refs == NULL || component_refs->nodesetval == NULL) {
+ if (component_refs != NULL)
+ xmlXPathFreeObject(component_refs);
return res;
}
for (int i = 0; i < component_refs->nodesetval->nodeNr; i++) {

248
SOURCES/openscap-1.3.6-coverity-issues-pr-1778.patch Normal file
View File

@ -0,0 +1,248 @@
From 6885a1caaad68f0844715cca90fd0d913e19aba5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Thu, 1 Jul 2021 16:06:23 +0200
Subject: [PATCH 1/9] Plug a memory leak
Addressing:
1. openscap-1.3.5/src/OVAL/probes/independent/system_info_probe.c:738:6: warning[unix.Malloc]: Potential leak of memory pointed to by 'hname'
736| hname = strdup(unknown);
737|
738|-> if (__sysinfo_saneval(os_name) < 1 ||
739| __sysinfo_saneval(os_version) < 1 ||
740| __sysinfo_saneval(architecture) < 1 ||
---
src/OVAL/probes/independent/system_info_probe.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/OVAL/probes/independent/system_info_probe.c b/src/OVAL/probes/independent/system_info_probe.c
index 8251e655e..9f680e14d 100644
--- a/src/OVAL/probes/independent/system_info_probe.c
+++ b/src/OVAL/probes/independent/system_info_probe.c
@@ -732,8 +732,13 @@ int system_info_probe_main(probe_ctx *ctx, void *arg)
if (!architecture)
architecture = strdup(unknown);
- if (!hname || *hname == '\0')
+ if (hname && *hname == '\0') {
+ free(hname);
+ hname = NULL;
+ }
+ if (!hname) {
hname = strdup(unknown);
+ }
if (__sysinfo_saneval(os_name) < 1 ||
__sysinfo_saneval(os_version) < 1 ||
From a600fa5d034daa408d277f91ceefd29b5ab10213 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Thu, 1 Jul 2021 16:43:46 +0200
Subject: [PATCH 2/9] Fix a possible NULL dereference
Addressing:
openscap-1.3.5/utils/oscap-tool.c:78:11: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'to'
---
utils/oscap-tool.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/utils/oscap-tool.c b/utils/oscap-tool.c
index 62c4cde0e..d37fbb0e5 100644
--- a/utils/oscap-tool.c
+++ b/utils/oscap-tool.c
@@ -73,7 +73,8 @@ static size_t paramlist_size(const char **p) { size_t s = 0; if (!p) return s; w
static size_t paramlist_cpy(const char **to, const char **p) {
size_t s = 0;
- if (!p) return s;
+ if (!to || !p)
+ return s;
for (;p && p[s]; s += 2) to[s] = p[s], to[s+1] = p[s+1];
to[s] = p[s];
return s;
From d7bb7e755b262424e5970f2bcc2d2af670f8ac63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Thu, 1 Jul 2021 17:03:09 +0200
Subject: [PATCH 3/9] Fix a possible NULL dereference
Addressing:
openscap-1.3.5/src/source/xslt.c:124:21: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'strdup(xsltfile)' where non-null expected
---
src/source/xslt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/source/xslt.c b/src/source/xslt.c
index 0d01c535b..24c4c46e9 100644
--- a/src/source/xslt.c
+++ b/src/source/xslt.c
@@ -105,7 +105,7 @@ static inline int save_stylesheet_result_to_file(xmlDoc *resulting_doc, xsltStyl
static xmlDoc *apply_xslt_path_internal(struct oscap_source *source, const char *xsltfile, const char **params, const char *path_to_xslt, xsltStylesheet **stylesheet)
{
xmlDoc *doc = oscap_source_get_xmlDoc(source);
- if (doc == NULL || stylesheet == NULL) {
+ if (doc == NULL || stylesheet == NULL || xsltfile == NULL) {
return NULL;
}
From a51952f0bc66402c3b68783ee9deaf3b4ecd529e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Fri, 2 Jul 2021 10:12:31 +0200
Subject: [PATCH 4/9] Fix possible NULL dereference
Addressing:
openscap-1.3.5/src/XCCDF/xccdf_session.c:1349:15: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'to'
---
src/XCCDF/xccdf_session.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/XCCDF/xccdf_session.c b/src/XCCDF/xccdf_session.c
index 9d8f42c44..10735214c 100644
--- a/src/XCCDF/xccdf_session.c
+++ b/src/XCCDF/xccdf_session.c
@@ -1344,7 +1344,8 @@ static size_t _paramlist_size(const char **p) { size_t s = 0; if (!p) return s;
static size_t _paramlist_cpy(const char **to, const char **p) {
size_t s = 0;
- if (!p) return s;
+ if (!to || !p)
+ return s;
for (;p && p[s]; s += 2) to[s] = p[s], to[s+1] = p[s+1];
to[s] = p[s];
return s;
From 2f0ad2e9a7bbd69ecad14b28de6e12d237bcbf9b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Fri, 2 Jul 2021 10:15:39 +0200
Subject: [PATCH 5/9] Fix possible NULL dereference
Addressing:
openscap-1.3.5/src/OVAL/results/oval_cmp_evr_string.c:132:16: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
---
src/OVAL/results/oval_cmp_evr_string.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/OVAL/results/oval_cmp_evr_string.c b/src/OVAL/results/oval_cmp_evr_string.c
index 89e51729b..b195a73f7 100644
--- a/src/OVAL/results/oval_cmp_evr_string.c
+++ b/src/OVAL/results/oval_cmp_evr_string.c
@@ -128,6 +128,9 @@ static void parseEVR(char *evr, const char **ep, const char **vp, const char **r
const char *release;
char *s, *se;
+ if (!evr)
+ return;
+
s = evr;
while (*s && risdigit(*s)) s++; /* s points to epoch terminator */
se = strrchr(s, '-'); /* se points to version terminator */
From fe351d432d25d48116ec077671c97f0a2d996c82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Fri, 2 Jul 2021 10:26:03 +0200
Subject: [PATCH 6/9] Fix possible NULL dereference
openscap-1.3.5/src/OVAL/probes/unix/xinetd_probe.c:1492:56: warning[-Wanalyzer-null-dereference]: dereference of NULL 'valstr_array'
---
src/OVAL/probes/unix/xinetd_probe.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/OVAL/probes/unix/xinetd_probe.c b/src/OVAL/probes/unix/xinetd_probe.c
index 009fb4c4c..b3375500d 100644
--- a/src/OVAL/probes/unix/xinetd_probe.c
+++ b/src/OVAL/probes/unix/xinetd_probe.c
@@ -1483,6 +1483,10 @@ int op_remove_strl(void *var, char *val)
valstr_array[valstr_array_size-1] = tok;
valstr_array[valstr_array_size] = NULL;
}
+ if (valstr_array == NULL) {
+ free(newstr_array);
+ return -2;
+ }
// Remove the insersection from the string array
newstr_array_size = 0;
From 0ae47d335db49f049ba5bad5ba69c3bdbb0a55bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Fri, 2 Jul 2021 10:52:28 +0200
Subject: [PATCH 7/9] Fix possible NULL dereference
The function oval_criteria_node_new can return NULL in multiple situations.
Addressing:
openscap-1.3.5/src/OVAL/oval_criteriaNode.c:390:28: warning[-Wanalyzer-null-dereference]: dereference of NULL 'node'
---
src/OVAL/oval_criteriaNode.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/OVAL/oval_criteriaNode.c b/src/OVAL/oval_criteriaNode.c
index de9081f9d..975a480a4 100644
--- a/src/OVAL/oval_criteriaNode.c
+++ b/src/OVAL/oval_criteriaNode.c
@@ -387,6 +387,11 @@ int oval_criteria_parse_tag(xmlTextReaderPtr reader, struct oval_parser_context
assert(context != NULL); /* This is not asserted as attribute, because we
can pass NULL pointer in case of OVAL_NODETYPE_UNKNOWN */
struct oval_criteria_node *node = oval_criteria_node_new(context->definition_model, type);
+ if (node == NULL) {
+ free(tagname);
+ free(namespace);
+ return 1;
+ }
node->type = type;
char *comm = (char *)xmlTextReaderGetAttribute(reader, BAD_CAST "comment");
if (comm != NULL) {
From 832cba38133f59dc27b0e9f6d2d6eddb7604577a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Fri, 2 Jul 2021 11:02:51 +0200
Subject: [PATCH 8/9] Fix possible NULL dereference
Addressing:
openscap-1.3.5/src/OVAL/oval_component.c:2371:83: warning[-Wanalyzer-null-dereference]: dereference of NULL 'vcl_root
---
src/OVAL/oval_component.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/OVAL/oval_component.c b/src/OVAL/oval_component.c
index 96788a471..95004bd80 100644
--- a/src/OVAL/oval_component.c
+++ b/src/OVAL/oval_component.c
@@ -2368,6 +2368,9 @@ static oval_syschar_collection_flag_t _oval_component_evaluate_ARITHMETIC(oval_a
}
oval_component_iterator_free(subcomps);
+ if (vcl_root == NULL) {
+ return SYSCHAR_FLAG_ERROR;
+ }
val_itr = (struct oval_value_iterator *) oval_collection_iterator(vcl_root->val_col);
while (oval_value_iterator_has_more(val_itr)) {
struct oval_value *ov;
From 3fb63f51f45af8edf2b8044445bfc5cb7092b7a5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Fri, 2 Jul 2021 11:10:03 +0200
Subject: [PATCH 9/9] Fix possible NULL dereference
Addressing:
openscap-1.3.5/src/DS/rds_index.c:124:21: warning[-Wanalyzer-null-argument]: use of NULL 'id' where non-null expected
---
src/DS/rds_index.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/DS/rds_index.c b/src/DS/rds_index.c
index 374b55d64..cc0e2bbed 100644
--- a/src/DS/rds_index.c
+++ b/src/DS/rds_index.c
@@ -117,6 +117,9 @@ struct rds_asset_index* rds_index_get_asset(struct rds_index *rds, const char *i
{
struct rds_asset_index *ret = NULL;
+ if (id == NULL)
+ return ret;
+
struct rds_asset_index_iterator *it = rds_index_get_assets(rds);
while (rds_asset_index_iterator_has_more(it))
{

1954
SOURCES/openscap-1.3.6-disable-sha1-md5-pr-1781.patch Normal file
View File

File diff suppressed because it is too large Load Diff

40
SOURCES/openscap-1.3.6-fix-failing-test-pr-1775.patch Normal file
View File

@ -0,0 +1,40 @@
From 11e5d42d279f39c13a9bdea7df6da7728b85a0b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Tue, 29 Jun 2021 09:12:34 +0200
Subject: [PATCH] Fix failing test
The test fails becuse the OVAL content in
`test_remediation_simple.oval.xml` used in rule
`xccdf_moc.elpmaxe.www_rule_1` in
`test_profile_selection_by_suffix.xccdf.xml` expects that a file named
`test_file` exists in the current working directory.
This test doesn't fail when executed as a part of complete test suite
run. I guess that it's because some other test creates the `test_file`
file and doesn't delete it. Unfortunately, I can't find which test
creates it. There are many test cases that use a file `test_file`
and it is also created often by remediation executed in some tests.
---
.../API/XCCDF/unittests/test_profile_selection_by_suffix.sh | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tests/API/XCCDF/unittests/test_profile_selection_by_suffix.sh b/tests/API/XCCDF/unittests/test_profile_selection_by_suffix.sh
index 910264626a..9b0852df37 100755
--- a/tests/API/XCCDF/unittests/test_profile_selection_by_suffix.sh
+++ b/tests/API/XCCDF/unittests/test_profile_selection_by_suffix.sh
@@ -13,6 +13,9 @@ echo "Stderr file = $stderr"
echo "Result file = $result"
ret=0
+touch test_file
+[ -f test_file ]
+
# Multiple matches should result in failure
$OSCAP xccdf eval --profile common $benchmark 2> $stderr || ret=$?
[ $ret -eq 1 ]
@@ -55,3 +58,5 @@ grep -Fq "No profile matching suffix \"another\" was found" $stderr
[ -f $stderr ]; rm $stderr
rm $result
+
+rm -f test_file

36
SOURCES/openscap-1.3.6-replace-getlogin-pr-1753.patch Normal file
View File

@ -0,0 +1,36 @@
From b31cff1bc3a298cfa36a10476f2d633c290b6741 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Tue, 11 May 2021 13:20:18 +0200
Subject: [PATCH] Replace getlogin by cuserid
The getlogin() is used here to fill in the xccdf:identity element which
shall contain information about the system identity or user employed
during application of the benchmark. But, the getlogin() can return NULL
when there is no controlling terminal. This happened when testing oscap
on a test system with no pty. As an alternative, the system provides
also cuserid() function which gets the effective user ID of the process.
However, these 2 values differ when the program is executed under sudo.
From the user experience point of view, it would be better to have
displayed there the user logged in on the controlling terminal. As a
compromise, we will first attempt to obtain the name using getlogin()
and if that fails we will run cuserid().
---
src/XCCDF/result.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/XCCDF/result.c b/src/XCCDF/result.c
index cd03e6bd8f..cbe016c44a 100644
--- a/src/XCCDF/result.c
+++ b/src/XCCDF/result.c
@@ -217,7 +217,10 @@ static inline void _xccdf_result_fill_identity(struct xccdf_result *result)
xccdf_identity_set_authenticated(id, 0);
xccdf_identity_set_privileged(id, 0);
#ifdef OSCAP_UNIX
- xccdf_identity_set_name(id, getlogin());
+ char *name = getlogin();
+ if (name == NULL)
+ name = cuserid(NULL);
+ xccdf_identity_set_name(id, name);
#elif defined(OS_WINDOWS)
GetUserName((TCHAR *) w32_username, &w32_usernamesize); /* XXX: Check the return value? */
xccdf_identity_set_name(id, w32_username);

42
SOURCES/openscap-1.3.6-rpath-pr-1765.patch Normal file
View File

@ -0,0 +1,42 @@
From 5f8879927fa34827f1b367eac311845e6ebec9a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Thu, 10 Jun 2021 13:41:25 +0200
Subject: [PATCH] Do not set Rpath
See: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_beware_of_rpath
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1967200
---
CMakeLists.txt | 18 ------------------
1 file changed, 18 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index c70ba29bf..cc7b5e005 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -482,25 +482,7 @@ else()
endif()
set(OSCAP_TEMP_DIR "/tmp" CACHE STRING "use different temporary directory to execute sce scripts (default=/tmp)")
-# ---------- RPATHS for linking
-# see https://cmake.org/Wiki/CMake_RPATH_handling
-
-# use, i.e. don't skip the full RPATH for the build tree
-set(CMAKE_SKIP_BUILD_RPATH FALSE)
-
-# when building, don't use the install RPATH already
-# (but later on when installing)
-set(CMAKE_BUILD_WITH_INSTALL_RPATH FALSE)
-
-set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR})
-
-# add the automatically determined parts of the RPATH
-# which point to directories outside the build tree to the install RPATH
-set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
-
-# Turn on RPATH for OSX for policy warning
-set(CMAKE_MACOSX_RPATH ON)
# ---------- CONFIGURATION
configure_file("config.h.in" "config.h")

81
SOURCES/openscap-1.3.6-rpminspect-xml-pr-1773.patch Normal file
View File

@ -0,0 +1,81 @@
From e515fc9694efb8703f6c55782094e0273c0dec9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Fri, 25 Jun 2021 13:59:59 +0200
Subject: [PATCH] Workaround rpminspect problem
rpminspect produces this problem:
xml-files:
----------
1) File /usr/share/openscap/xsl/oval-results-report.xsl is a malformed XML file on x86_64
Result: VERIFY
Waiver Authorization: Anyone
Details:
No declaration for element stylesheet
Suggested Remedy: Correct the reported errors in the XML document
I assume that it's caused by mixing the DTD and schema - it probably
expects that the DTD will contain a declaration of the root element
as well. The workaround simply expands both entities by substituting
them by their contents.
---
xsl/oval-results-report.xsl | 18 ++++++------------
1 file changed, 6 insertions(+), 12 deletions(-)
diff --git a/xsl/oval-results-report.xsl b/xsl/oval-results-report.xsl
index fe50717795..744540c8f8 100644
--- a/xsl/oval-results-report.xsl
+++ b/xsl/oval-results-report.xsl
@@ -1,10 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE xsl:stylesheet [
-<!-- check symbol -->
-<!ENTITY resultgood "&#x2713;">
-<!-- x symbol -->
-<!ENTITY resultbad "&#x2715;">
-]>
<!--
****************************************************************************************
@@ -129,7 +123,7 @@
<tr class="LightRow">
<td class="resultbadA ColorBox"/>
<td class="resultbadB ColorBox"/>
- <td class="Text" title="Non-Compliant/Vulnerable/Unpatched">&resultbad;</td>
+ <td class="Text" title="Non-Compliant/Vulnerable/Unpatched">&#x2715;</td>
</tr>
</table>
</td>
@@ -138,7 +132,7 @@
<tr class="LightRow">
<td class="resultgoodA ColorBox"/>
<td class="resultgoodB ColorBox"/>
- <td class="Text" title="Compliant/Non-Vulnerable/Patched">&resultgood;</td>
+ <td class="Text" title="Compliant/Non-Vulnerable/Patched">&#x2713;</td>
</tr>
</table>
</td>
@@ -227,8 +221,8 @@
<table border="1">
<tr class="Title">
<td class="TitleLabel" align="center">Systems Analyzed</td>
- <td class="TitleLabel" align="center" title="Non-Compliant/Vulnerable/Unpatched">&resultbad;</td>
- <td class="TitleLabel" align="center" title="Compliant/Non-Vulnerable/Patched">&resultgood;</td>
+ <td class="TitleLabel" align="center" title="Non-Compliant/Vulnerable/Unpatched">&#x2715;</td>
+ <td class="TitleLabel" align="center" title="Compliant/Non-Vulnerable/Patched">&#x2713;</td>
<td class="TitleLabel" align="center">Errors</td>
<td class="TitleLabel" align="center">Unknown</td>
<td class="TitleLabel" align="center" title="Inventory/Miscellaneous class, or Not Applicable/Not Evaluated result">Other</td>
@@ -497,8 +491,8 @@
<xsl:template name="GeneratorResTotals">
<xsl:param name="resultsElm"/>
<tr class="DarkRow Center">
- <td class="SmallLabel" style="width: 20%;" title="Non-Compliant/Vulnerable/Unpatched">#&resultbad;</td>
- <td class="SmallLabel" style="width: 20%;" title="Compliant/Non-Vulnerable/Patched">#&resultgood;</td>
+ <td class="SmallLabel" style="width: 20%;" title="Non-Compliant/Vulnerable/Unpatched">#&#x2715;</td>
+ <td class="SmallLabel" style="width: 20%;" title="Compliant/Non-Vulnerable/Patched">#&#x2713;</td>
<td class="SmallLabel" style="width: 20%;" title="Error">#Error</td>
<td class="SmallLabel" style="width: 20%;" title="Unknown">#Unknown</td>
<td class="SmallLabel" style="width: 20%;" title="Inventory/Miscellaneous class, or Not Applicable/Not Evaluated result">#Other</td>

38
SOURCES/openscap-1.3.6-ubi9-pr-1772.patch Normal file
View File

@ -0,0 +1,38 @@
From 80543bc666d648d0251e4c7b675489b8011a548a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Fri, 25 Jun 2021 10:19:43 +0200
Subject: [PATCH] Fix UBI 9 scan
In offline mode when scanning a cointainer based on UBI 9 the
system_info probe failed because the function `_offline_get_hname` which
reads from `/etc/hostname` returns an empty string which causes
`__sysinfo_saneval(hname)` check to return zero which in turn causes the
probe returns an error. We can prevent this situation by replacing the
empty string by `"Unknown"`, which we already do when the `hname` is
`NULL`.
Addressing:
W: oscap: Can't receive message: 125, Operation canceled.
E: oscap: Recv: retry limit (0) reached.
OpenSCAP Error: Probe at sd=32 (system_info) reported an error: Invalid type, value or format [/home/jcerny/work/git/openscap/src/OVAL/oval_probe_ext.c:383]
Unable to receive a message from probe [/home/jcerny/work/git/openscap/src/OVAL/oval_probe_ext.c:572]
Resolves: rhbz#1953610
---
src/OVAL/probes/independent/system_info_probe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/OVAL/probes/independent/system_info_probe.c b/src/OVAL/probes/independent/system_info_probe.c
index 9bdd73556d..8251e655ed 100644
--- a/src/OVAL/probes/independent/system_info_probe.c
+++ b/src/OVAL/probes/independent/system_info_probe.c
@@ -732,7 +732,7 @@ int system_info_probe_main(probe_ctx *ctx, void *arg)
if (!architecture)
architecture = strdup(unknown);
- if (!hname)
+ if (!hname || *hname == '\0')
hname = strdup(unknown);
if (__sysinfo_saneval(os_name) < 1 ||

43
SOURCES/openscap-1.3.6-waive-hugetables-pr-1745.patch Normal file
View File

@ -0,0 +1,43 @@
From 192f908562779fe4c9b7e5cc7605840976a06c85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Mon, 26 Apr 2021 13:13:26 +0200
Subject: [PATCH] Waive the known issue with hugepages on ppc64/ppc64le
The known issue has been reported in
https://bugzilla.redhat.com/show_bug.cgi?id=1642995
This modification is currently applied as a patch applied during setup
phase of Sanity/smoke-test in Fedora CI gating.
https://src.fedoraproject.org/tests/openscap/blob/main/f/Sanity/smoke-test
The patched file got changed recetly so the patch doesn't apply anymore
which causes the Rawhide gating to fail.
We have decided to propose the change to upstream to avoid the need
for modifying the patch in the tests and to prevent similar problems
in the future.
---
tests/probes/sysctl/test_sysctl_probe_all.sh | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tests/probes/sysctl/test_sysctl_probe_all.sh b/tests/probes/sysctl/test_sysctl_probe_all.sh
index 2280ff7ae..c79d7ed18 100755
--- a/tests/probes/sysctl/test_sysctl_probe_all.sh
+++ b/tests/probes/sysctl/test_sysctl_probe_all.sh
@@ -73,6 +73,10 @@ if [ "$procps_ver" != "$lowest_ver" ]; then
sed -i '/.*vm.stat_refresh/d' "$sysctlNames"
fi
+if ! grep -q "hugepages" "$ourNames"; then
+ sed -i "/^.*hugepages.*$/d" "$sysctlNames"
+fi
+
echo "Diff (sysctlNames / ourNames): ------"
diff "$sysctlNames" "$ourNames"
echo "-------------------------------------"
@@ -84,6 +88,7 @@ sed -i -E "/^E: oscap: +Can't read sysctl value from /d" "$stderr"
# that can't fit into 8K buffer and result in errno 14
# (for example /proc/sys/kernel/spl/hostid could be the case)
sed -i -E "/^E: oscap: +An error.*14, Bad address/d" "$stderr"
+sed -i "/^.*hugepages.*$/d" "$stderr"
echo "Errors (without messages related to permissions):"
cat "$stderr"

150
SOURCES/openscap-1.3.6-yamlfile-null-pr-1756.patch Normal file
View File

@ -0,0 +1,150 @@
From 89f99834ba183284a7d75835932a0c0ea4eb9007 Mon Sep 17 00:00:00 2001
From: Evgeny Kolesnikov <ekolesni@redhat.com>
Date: Mon, 17 May 2021 08:40:17 +0200
Subject: [PATCH] oval/yamlfilecontent: Add 'null' values handling
For now null values would be represented as string '(null)' as
record's field could not be attributed as nil="true" yet.
---
.../independent/yamlfilecontent_probe.c | 9 ++++
.../test_probes_yamlfilecontent_types.sh | 5 ++
.../test_probes_yamlfilecontent_types.xml | 52 +++++++++++++++++++
tests/probes/yamlfilecontent/types.yaml | 4 ++
4 files changed, 70 insertions(+)
diff --git a/src/OVAL/probes/independent/yamlfilecontent_probe.c b/src/OVAL/probes/independent/yamlfilecontent_probe.c
index 62a8f4ff29..2d0cac6991 100644
--- a/src/OVAL/probes/independent/yamlfilecontent_probe.c
+++ b/src/OVAL/probes/independent/yamlfilecontent_probe.c
@@ -41,6 +41,7 @@
#define OSCAP_YAML_BOOL_TAG "tag:yaml.org,2002:bool"
#define OSCAP_YAML_FLOAT_TAG "tag:yaml.org,2002:float"
#define OSCAP_YAML_INT_TAG "tag:yaml.org,2002:int"
+#define OSCAP_YAML_NULL_TAG "tag:yaml.org,2002:null"
#define OVECCOUNT 30 /* should be a multiple of 3 */
@@ -135,6 +136,14 @@ static SEXP_t *yaml_scalar_event_to_sexp(yaml_event_t *event)
return NULL;
}
}
+ if (question || !strcmp(tag, OSCAP_YAML_NULL_TAG)) {
+ if (match_regex("^(null|Null|NULL|~|)$", value)) {
+ // TODO: Return real NULL when record's field will support nil="true"
+ return SEXP_string_new("(null)", strlen("(null)"));
+ } else if (!question) {
+ return NULL;
+ }
+ }
return SEXP_string_new(value, strlen(value));
}
diff --git a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_types.sh b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_types.sh
index 4f110f6eb7..e445771d03 100755
--- a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_types.sh
+++ b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_types.sh
@@ -60,6 +60,11 @@ function test_probes_yamlfilecontent_types {
assert_exists 1 $sd'/ind-sys:yamlfilecontent_item/ind-sys:value/field[@name="#" and @datatype!="boolean" and text()="true"]'
# string_number
assert_exists 1 $sd'/ind-sys:yamlfilecontent_item/ind-sys:value/field[@name="#" and @datatype!="int" and text()="81"]'
+ # string_null
+ assert_exists 1 $sd'/ind-sys:yamlfilecontent_item/ind-sys:value/field[@name="#" and text()="null"]'
+
+ # null_1_2_3
+ assert_exists 3 $sd'/ind-sys:yamlfilecontent_item/ind-sys:value/field[@name="#" and text()="(null)"]'
# bool_error_cast, int_error_cast, float_error_cast
co='/oval_results/results/system/oval_system_characteristics/collected_objects'
diff --git a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_types.xml b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_types.xml
index adf96571b8..503ec2d4a4 100644
--- a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_types.xml
+++ b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_types.xml
@@ -262,6 +262,19 @@
</criteria>
</definition>
+ <definition class="compliance" version="1" id="oval:0:def:26">
+ <metadata>
+ <title></title>
+ <description></description>
+ </metadata>
+ <criteria operator="AND">
+ <criterion comment="comment" test_ref="oval:0:tst:26"/>
+ <criterion comment="comment" test_ref="oval:0:tst:27"/>
+ <criterion comment="comment" test_ref="oval:0:tst:28"/>
+ <criterion comment="comment" test_ref="oval:0:tst:29"/>
+ </criteria>
+ </definition>
+
</definitions>
<tests>
@@ -364,6 +377,21 @@
<ind-def:object object_ref="oval:0:obj:25"/>
</ind-def:yamlfilecontent_test>
+ <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:26" check="all" comment="true">
+ <ind-def:object object_ref="oval:0:obj:26"/>
+ </ind-def:yamlfilecontent_test>
+
+ <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:27" check="all" comment="true">
+ <ind-def:object object_ref="oval:0:obj:27"/>
+ </ind-def:yamlfilecontent_test>
+
+ <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:28" check="all" comment="true">
+ <ind-def:object object_ref="oval:0:obj:28"/>
+ </ind-def:yamlfilecontent_test>
+
+ <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:29" check="all" comment="true">
+ <ind-def:object object_ref="oval:0:obj:29"/>
+ </ind-def:yamlfilecontent_test>
</tests>
<objects>
@@ -517,6 +545,30 @@
<ind-def:filename>types.yaml</ind-def:filename>
<ind-def:yamlpath>.float_error_cast</ind-def:yamlpath>
</ind-def:yamlfilecontent_object>
+
+ <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:26">
+ <ind-def:path>/tmp</ind-def:path>
+ <ind-def:filename>types.yaml</ind-def:filename>
+ <ind-def:yamlpath>.null_1</ind-def:yamlpath>
+ </ind-def:yamlfilecontent_object>
+
+ <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:27">
+ <ind-def:path>/tmp</ind-def:path>
+ <ind-def:filename>types.yaml</ind-def:filename>
+ <ind-def:yamlpath>.null_2</ind-def:yamlpath>
+ </ind-def:yamlfilecontent_object>
+
+ <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:28">
+ <ind-def:path>/tmp</ind-def:path>
+ <ind-def:filename>types.yaml</ind-def:filename>
+ <ind-def:yamlpath>.null_3</ind-def:yamlpath>
+ </ind-def:yamlfilecontent_object>
+
+ <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:29">
+ <ind-def:path>/tmp</ind-def:path>
+ <ind-def:filename>types.yaml</ind-def:filename>
+ <ind-def:yamlpath>.string_null</ind-def:yamlpath>
+ </ind-def:yamlfilecontent_object>
</objects>
</oval_definitions>
diff --git a/tests/probes/yamlfilecontent/types.yaml b/tests/probes/yamlfilecontent/types.yaml
index f05fa3a967..fb26eab5f0 100644
--- a/tests/probes/yamlfilecontent/types.yaml
+++ b/tests/probes/yamlfilecontent/types.yaml
@@ -19,7 +19,11 @@ bool_false_cast: !!bool "false"
int_cast: !!int "369"
float_cast: !!float "978.65"
string_true: "true"
+string_null: "null"
string_number: "81"
bool_error_cast: !!bool "falsee"
int_error_cast: !!int "50%"
float_error_cast: !!float "58.41$"
+null_1: null
+null_2:
+null_3: !!null "null"

734
SPECS/openscap.spec Normal file
View File

@ -0,0 +1,734 @@
Name: openscap
Version: 1.3.5
Release: 8%{?dist}
Epoch: 1
Summary: Set of open source libraries enabling integration of the SCAP line of standards
License: LGPLv2+
URL: http://www.open-scap.org/
Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
Patch1: openscap-1.3.6-waive-hugetables-pr-1745.patch
Patch2: openscap-1.3.6-replace-getlogin-pr-1753.patch
Patch3: openscap-1.3.6-rpath-pr-1765.patch
Patch4: openscap-1.3.6-ubi9-pr-1772.patch
Patch5: openscap-1.3.6-rpminspect-xml-pr-1773.patch
Patch6: openscap-1.3.6-fix-failing-test-pr-1775.patch
Patch7: openscap-1.3.6-yamlfile-null-pr-1756.patch
Patch8: openscap-1.3.6-coverity-issues-pr-1748.patch
Patch9: openscap-1.3.6-coverity-issues-pr-1778.patch
Patch10: openscap-1.3.6-disable-sha1-md5-pr-1781.patch
BuildRequires: make
BuildRequires: cmake >= 2.6
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: swig libxml2-devel libxslt-devel perl-generators perl-XML-Parser
BuildRequires: rpm-devel
BuildRequires: libgcrypt-devel
BuildRequires: pcre-devel
BuildRequires: libacl-devel
BuildRequires: libselinux-devel
BuildRequires: libcap-devel
BuildRequires: libblkid-devel
BuildRequires: bzip2-devel
BuildRequires: asciidoc
BuildRequires: openldap-devel
BuildRequires: glib2-devel
BuildRequires: dbus-devel
BuildRequires: libyaml-devel
BuildRequires: xmlsec1-devel xmlsec1-openssl-devel
%if %{?_with_check:1}%{!?_with_check:0}
BuildRequires: perl-XML-XPath
BuildRequires: bzip2
%endif
Requires: bash
Requires: bzip2-libs
Requires: dbus
Requires: libyaml
Requires: glib2
Requires: libacl
Requires: libblkid
Requires: libcap
Requires: libselinux
Requires: openldap
Requires: popt
# We have procps-ng, which provides procps
Requires: procps
Requires: xmlsec1 xmlsec1-openssl
%description
OpenSCAP is a set of open source libraries providing an easier path
for integration of the SCAP line of standards. SCAP is a line of standards
managed by NIST with the goal of providing a standard language
for the expression of Computer Network Defense related information.
%package devel
Summary: Development files for %{name}
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
Requires: libxml2-devel
Requires: pkgconfig
BuildRequires: doxygen
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%package python3
Summary: Python 3 bindings for %{name}
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
BuildRequires: python3-devel
%description python3
The %{name}-python3 package contains the bindings so that %{name}
libraries can be used by python3.
%package scanner
Summary: OpenSCAP Scanner Tool (oscap)
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
Requires: libcurl >= 7.12.0
BuildRequires: libcurl-devel >= 7.12.0
%description scanner
The %{name}-scanner package contains oscap command-line tool. The oscap
is configuration and vulnerability scanner, capable of performing
compliance checking using SCAP content.
%package utils
Summary: OpenSCAP Utilities
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
Requires: rpmdevtools rpm-build
Requires: %{name}-scanner%{?_isa} = %{epoch}:%{version}-%{release}
Requires: bash
%description utils
The %{name}-utils package contains command-line tools build on top
of OpenSCAP library. Historically, openscap-utils included oscap
tool which is now separated to %{name}-scanner sub-package.
%package engine-sce
Summary: Script Check Engine plug-in for OpenSCAP
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%description engine-sce
The Script Check Engine is non-standard extension to SCAP protocol. This
engine allows content authors to avoid OVAL language and write their assessment
commands using a scripting language (Bash, Perl, Python, Ruby, ...).
%package engine-sce-devel
Summary: Development files for %{name}-engine-sce
Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-engine-sce%{?_isa} = %{epoch}:%{version}-%{release}
Requires: pkgconfig
%description engine-sce-devel
The %{name}-engine-sce-devel package contains libraries and header files
for developing applications that use %{name}-engine-sce.
%prep
%autosetup -p1
%build
# gconf is a legacy system not used any more, and it blocks testing of oscap-anaconda-addon
# as gconf is no longer part of the installation medium
%cmake \
-DENABLE_DOCS=ON \
-DENABLE_PERL=OFF \
-DENABLE_OSCAP_UTIL_DOCKER=OFF \
-DOPENSCAP_PROBE_UNIX_GCONF=OFF \
-DOPENSCAP_ENABLE_SHA1=OFF \
-DOPENSCAP_ENABLE_MD5=OFF \
-DGCONF_LIBRARY=
%cmake_build
make docs
%check
%if %{?_with_check:1}%{!?_with_check:0}
ctest -V %{?_smp_mflags}
%endif
%install
%cmake_install
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
# fix python shebangs
pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm
%ldconfig_scriptlets
%files
%doc AUTHORS NEWS README.md
%license COPYING
%doc %{_pkgdocdir}/manual/
%dir %{_datadir}/openscap
%dir %{_datadir}/openscap/schemas
%dir %{_datadir}/openscap/xsl
%dir %{_datadir}/openscap/cpe
%{_libdir}/libopenscap.so.*
%{_datadir}/openscap/schemas/*
%{_datadir}/openscap/xsl/*
%{_datadir}/openscap/cpe/*
%files python3
%{python3_sitearch}/*
%files devel
%doc %{_pkgdocdir}/html/
%{_libdir}/libopenscap.so
%{_libdir}/pkgconfig/*.pc
%{_includedir}/openscap
%exclude %{_includedir}/openscap/sce_engine_api.h
%files engine-sce-devel
%{_libdir}/libopenscap_sce.so
%{_includedir}/openscap/sce_engine_api.h
%files scanner
%{_mandir}/man8/oscap.8.gz
%{_bindir}/oscap
%{_mandir}/man8/oscap-chroot.8.gz
%{_bindir}/oscap-chroot
%{_sysconfdir}/bash_completion.d
%files utils
%doc docs/oscap-scan.cron
%{_mandir}/man8/oscap-ssh.8.gz
%{_bindir}/oscap-ssh
%{_mandir}/man8/oscap-podman.8.gz
%{_bindir}/oscap-podman
%{_mandir}/man8/oscap-vm.8.gz
%{_bindir}/oscap-vm
%{_mandir}/man8/scap-as-rpm.8.gz
%{_bindir}/scap-as-rpm
%{_mandir}/man8/autotailor.8.gz
%{_bindir}/autotailor
%files engine-sce
%{_libdir}/libopenscap_sce.so.*
%{_bindir}/oscap-run-sce-script
%changelog
* Fri Aug 27 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-8
- Revert Epoch removal
* Tue Aug 24 2021 Evgenii Kolesnikov <ekolesni@redhat.com> - 1:1.3.5-7
- Update package spec file
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.3.5-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Jul 22 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-5
- Remove support for SHA-1 and MD5 (rhbz#1936619)
- Fix coverity findings (rhbz#1938830)
* Tue Jun 29 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-4
- Fix failing test tests/API/XCCDF/unittests/test_profile_selection_by_suffix.sh
- Add 'null' yamlfilecontent values handling
* Mon Jun 28 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-3
- Do not set RPATH on built binaries
- Fix UBI9 scan (rhbz#1953610)
- Fix failing rpminspect xml test
* Thu May 20 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-2
- Remove containers subpackage
* Fri Apr 23 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-1
- Update to the latest upstream release
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.3.4-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Dec 09 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.4-3
- Remove dependency on GConf2
- Update cmake command
* Tue Nov 03 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-2
- Fix problems uncovered by the Coverity Scan
- Fix field names handling in yamlfilecontent probe
* Wed Oct 07 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1:1.3.4-1
- Upgrade to the latest upstream release
* Thu Aug 27 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.3-6
- Disabled the gconf probe, and removed the gconf dependency.
gconf is a legacy system not used any more, and it blocks testing of oscap-anaconda-addon
as gconf is no longer part of the installation medium for Fedora 32
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 1:1.3.3-4
- Update spec file to use new cmake macros
- https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1:1.3.3-3
- Rebuilt for Python 3.9
* Mon May 04 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.3-2
- Add libyaml-devel as a dependency to enable yamlfilecontent probe
* Thu Apr 30 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.3-1
- Upgrade to the latest upstream release
* Thu Apr 09 2020 Matěj Týč <matyc@redhat.com> - 1:1.3.2-5
- Made the spec file requirements section copy-paste of the RHEL8 section.
- Cleaned the spec file up from ancient obsoletes.
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 27 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.2-3
- Fix duplicate global variables (RHBZ#1793914)
* Wed Jan 15 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.2-2
- Do not use C++ keyword operator as a function parameter name
* Tue Jan 14 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.2-1
- Upgrade to the latest upstream release
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1:1.3.1-4
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1:1.3.1-3
- Rebuilt for Python 3.8
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jun 13 2019 Jan Černý <jcerny@redhat.com> - 1:1.3.1-1
- upgrade to the latest upstream release
* Mon Jun 10 22:13:21 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:1.3.0-7
- Rebuild for RPM 4.15
* Mon Jun 10 15:42:04 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:1.3.0-6
- Rebuild for RPM 4.15
* Sat Jun 01 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.3.0-5
- Perl 5.30 rebuild
* Mon May 20 2019 Jan Černý <jcerny@redhat.com> - 1.3.0-4
- Upgrade the Epoch to align with F30
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Oct 19 2018 Matěj Týč <matyc@redhat.com> - 1.3.0-2
- Removed the openscap-perl package to be on par with RHEL.
* Tue Oct 09 2018 Jan Černý <jcerny@redhat.com> - 1.3.0-1
- upgrade to the latest upstream release
* Mon Sep 10 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha2-2
- List subpackages removed in 1.3.0_alpha1-1 as obsoleted (RHBZ#1626801)
* Mon Aug 13 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha2-1
- upgrade to the latest upstream release
* Wed Jul 25 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-2
- removed python2-openscap subpackage
* Wed Jul 18 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-1
- upgrade to the latest upstream release
- change specfile to use CMake
- dropped commands in the spec file that are no longer relevant
- dropped subpackages in the spec file that are no longer relevant
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.17-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 03 2018 Petr Pisar <ppisar@redhat.com> - 1.2.17-4
- Perl 5.28 rebuild
* Fri Jun 29 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1.2.17-3
- Perl 5.28 rebuild
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1.2.17-2
- Rebuilt for Python 3.7
* Tue May 29 2018 Jan Černý <jcerny@redhat.com> - 1.2.17-1
- upgrade to the latest upstream release
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Jan 12 2018 Iryna Shcherbina <ishcherb@redhat.com> - 1.2.16-2
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Tue Nov 14 2017 jcerny@redhat.com - 1.2.16-1
- upgrade to the latest upstream release
* Thu Oct 05 2017 Martin Preisler <mpreisle@redhat.com> - 1.2.15-2
- moved oscap-chroot to openscap-scanner because it's a thin wrapper script with no dependencies
* Fri Aug 25 2017 Jan Černý <jcerny@redhat.com> - 1.2.15-1
- upgrade to the latest upstream release
* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.2.14-9
- Add Provides for the old name without %%_isa
* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.2.14-8
- Python 2 binary package renamed to python2-openscap
See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
* Fri Aug 11 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.2.14-7
- Rebuilt after RPM update (№ 3)
* Thu Aug 10 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.2.14-6
- Rebuilt for RPM soname bump
* Thu Aug 10 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.2.14-5
- Rebuilt for RPM soname bump
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.14-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.14-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1.2.14-2
- Perl 5.26 rebuild
* Tue Mar 21 2017 Martin Preisler <mpreisle@redhat.com> - 1.2.14-1
- upgrade to the latest upstream release
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Jan 05 2017 Martin Preisler <mpreisle@redhat.com> - 1.2.13-1
- upgrade to the latest upstream release
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 1.2.12-2
- Rebuild for Python 3.6
* Tue Nov 22 2016 Martin Preisler <mpreisle@redhat.com> - 1.2.12-1
- upgrade to the latest upstream release
* Wed Oct 19 2016 Martin Preisler <mpreisle@redhat.com> - 1.2.11-1
- upgrade to the latest upstream release
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.10-2
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
* Tue Jul 12 2016 Martin Preisler <mpreisle@redhat.com> - 1.2.10-1
- upgrade to the latest upstream release
* Tue May 17 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1.2.9-2
- Perl 5.24 rebuild
* Fri Apr 22 2016 Martin Preisler <mpreisle@redhat.com> - 1.2.9-1
- upgrade to the latest upstream release
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Mon Jan 18 2016 Šimon Lukašík <slukasik@redhat.com> - 1.2.8-1
- upgrade to the latest upstream release
* Thu Dec 03 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.7-1
- upgrade to the latest upstream release
* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.6-4
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
* Tue Oct 13 2015 Zbyněk Moravec <zmoravec@redhat.com> - 1.2.6-3
- fix oscap-docker shebang
* Wed Oct 07 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.6-2
- put oscap-docker to openscap-containers subpackage
- do not require atomic at all
* Mon Oct 05 2015 Zbyněk Moravec <zmoravec@redhat.com> - 1.2.6-1
- upgrade to the latest upstream release
* Wed Jul 29 2015 Martin Preisler <mpreisle@redhat.com> - 1.2.5-2
- rebuilt because of librpm and librpmio ABI break
* Mon Jul 06 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.5-1
- upgrade to the latest upstream release
* Sat Jun 20 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.4-1
- upgrade to the latest upstream release.
- Content of selinux package has been purged.
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat Jun 06 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1.2.3-2
- Perl 5.22 rebuild
* Fri May 01 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.3-1
- upgrade to the latest upstream release
* Thu Apr 02 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.2-1
- upgrade to the latest upstream release
* Sat Jan 10 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.1-1
- upgrade to the latest upstream release
* Tue Dec 02 2014 Šimon Lukašík <slukasik@redhat.com> - 1.2.0-1
- upgrade to the latest upstream release
* Fri Sep 26 2014 Šimon Lukašík <slukasik@redhat.com> - 1.1.1-1
- upgrade to the latest upstream release
* Fri Sep 05 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1.1.0-2
- Perl 5.20 rebuild
* Wed Sep 03 2014 Šimon Lukašík <slukasik@redhat.com> - 1.1.0-1
- upgrade
* Thu Aug 28 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1.0.9-4
- Perl 5.20 rebuild
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Tue Jul 01 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.9-2
- Extract oscap tool to a separate package (rhbz#1115116)
* Wed Jun 25 2014 Martin Preisler <mpreisle@redhat.com> - 1.0.9-1
- upgrade
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Mar 26 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.8-1
- upgrade
* Thu Mar 20 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.7-1
- upgrade
* Wed Mar 19 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.6-1
- upgrade
* Fri Mar 14 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.5-1
- upgrade
* Thu Feb 13 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.4-1
- upgrade
* Tue Jan 14 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.3-1
- upgrade
- This upstream release addresses: #1052142
* Fri Jan 10 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.2-1
- upgrade
- This upstream release addresses: #1018291, #1029879, #1026833
* Thu Nov 28 2013 Šimon Lukašík <slukasik@redhat.com> - 1.0.1-1
- upgrade
* Tue Nov 26 2013 Šimon Lukašík <slukasik@redhat.com> - 1.0.0-3
- expand LT_CURRENT_MINUS_AGE correctly
* Thu Nov 21 2013 Šimon Lukašík <slukasik@redhat.com> - 1.0.0-2
- dlopen libopenscap_sce.so.{current-age} explicitly
That allows for SCE to work without openscap-engine-sce-devel
* Tue Nov 19 2013 Šimon Lukašík <slukasik@redhat.com> - 1.0.0-1
- upgrade
- package openscap-engine-sce-devel separately
* Fri Nov 15 2013 Šimon Lukašík <slukasik@redhat.com> - 0.9.13-7
- do not obsolete openscap-conten just drop it (#1028706)
scap-security-guide will bring the Obsoletes tag
* Thu Nov 14 2013 Šimon Lukašík <slukasik@redhat.com> - 0.9.13-6
- only non-noarch packages should be requiring specific architecture
* Sat Nov 09 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-5
- specify architecture when requiring base package
* Fri Nov 08 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-4
- specify dependency between engine and devel sub-package
* Fri Nov 08 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-3
- correct openscap-utils dependencies
* Fri Nov 08 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-2
- drop openscap-content package (use scap-security-guide instead)
* Fri Nov 08 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-1
- upgrade
* Thu Sep 26 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.12-2
- Start building SQL probes for Fedora
* Wed Sep 11 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.12-1
- upgrade
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Jul 18 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.11-1
- upgrade
* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 0.9.10-2
- Perl 5.18 rebuild
* Mon Jul 15 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.10-1
- upgrade
* Mon Jun 17 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.8-1
- upgrade
* Fri Apr 26 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.7-1
- upgrade
- add openscap-selinux sub-package
* Wed Apr 24 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.6-1
- upgrade
* Wed Mar 20 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.5-1
- upgrade
* Mon Mar 04 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.4.1-1
- upgrade
* Tue Feb 26 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.4-1
- upgrade
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Dec 17 2012 Petr Lautrbach <plautrba@redhat.com> 0.9.3-1
- upgrade
* Wed Nov 21 2012 Petr Lautrbach <plautrba@redhat.com> 0.9.2-1
- upgrade
* Mon Oct 22 2012 Petr Lautrbach <plautrba@redhat.com> 0.9.1-1
- upgrade
* Tue Sep 25 2012 Peter Vrabec <pvrabec@redhat.com> 0.9.0-1
- upgrade
* Mon Aug 27 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.5-1
- upgrade
* Tue Aug 07 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.4-1
- upgrade
* Tue Jul 31 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.3-2
- fix Profile and @hidden issue
* Mon Jul 30 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.3-1
- upgrade
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jun 08 2012 Petr Pisar <ppisar@redhat.com> - 0.8.2-2
- Perl 5.16 rebuild
* Fri Mar 30 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.2-1
- upgrade
* Tue Feb 21 2012 Peter Vrabec <pvrabec@redhat.com> 0.8.1-1
- upgrade
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 0.8.0-3
- Rebuild against PCRE 8.30
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Oct 11 2011 Peter Vrabec <pvrabec@redhat.com> 0.8.0-1
- upgrade
* Mon Jul 25 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.4-1
- upgrade
* Thu Jul 21 2011 Petr Sabata <contyk@redhat.com> - 0.7.3-3
- Perl mass rebuild
* Wed Jul 20 2011 Petr Sabata <contyk@redhat.com> - 0.7.3-2
- Perl mass rebuild
* Fri Jun 24 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.3-1
- upgrade
* Fri Jun 17 2011 Marcela Mašláňová <mmaslano@redhat.com> - 0.7.2-3
- Perl mass rebuild
* Fri Jun 10 2011 Marcela Mašláňová <mmaslano@redhat.com> - 0.7.2-2
- Perl 5.14 mass rebuild
* Wed Apr 20 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.2-1
- upgrade
* Fri Mar 11 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.1-1
- upgrade
* Thu Feb 10 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.0-1
- upgrade
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Jan 31 2011 Peter Vrabec <pvrabec@redhat.com> 0.6.8-1
- upgrade
* Fri Jan 14 2011 Peter Vrabec <pvrabec@redhat.com> 0.6.7-1
- upgrade
* Wed Oct 20 2010 Peter Vrabec <pvrabec@redhat.com> 0.6.4-1
- upgrade
* Tue Sep 14 2010 Peter Vrabec <pvrabec@redhat.com> 0.6.3-1
- upgrade
* Fri Aug 27 2010 Peter Vrabec <pvrabec@redhat.com> 0.6.2-1
- upgrade
* Wed Jul 14 2010 Peter Vrabec <pvrabec@redhat.com> 0.6.0-1
- upgrade
* Wed May 26 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.11-1
- upgrade
* Fri May 07 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.10-1
- upgrade
* Fri Apr 16 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.9-1
- upgrade
* Fri Feb 26 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.7-1
- upgrade
- new utils package
* Mon Jan 04 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.6-1
- upgrade
* Tue Sep 29 2009 Peter Vrabec <pvrabec@redhat.com> 0.5.3-1
- upgrade
* Wed Aug 19 2009 Peter Vrabec <pvrabec@redhat.com> 0.5.2-1
- upgrade
* Mon Aug 03 2009 Peter Vrabec <pvrabec@redhat.com> 0.5.1-2
- add rpm-devel requirement
* Mon Aug 03 2009 Peter Vrabec <pvrabec@redhat.com> 0.5.1-1
- upgrade
* Thu Apr 30 2009 Peter Vrabec <pvrabec@redhat.com> 0.3.3-1
- upgrade
* Thu Apr 23 2009 Peter Vrabec <pvrabec@redhat.com> 0.3.2-1
- upgrade
* Sun Mar 29 2009 Peter Vrabec <pvrabec@redhat.com> 0.1.4-1
- upgrade
* Fri Mar 27 2009 Peter Vrabec <pvrabec@redhat.com> 0.1.3-2
- spec file fixes (#491892)
* Tue Mar 24 2009 Peter Vrabec <pvrabec@redhat.com> 0.1.3-1
- upgrade
* Thu Jan 15 2009 Tomas Heinrich <theinric@redhat.com> 0.1.1-1
- Initial rpm