import openscap-1.3.3-6.el8_3

2020-12-15 11:06:24 -05:00 · 2020-12-15 11:06:24 -05:00 · 9459b72a12
commit 9459b72a12
parent f5190d61d5
7 changed files with 4773 additions and 4 deletions
--- a/SOURCES/openscap-1.3.4-bump-yamlfilter-fix-warnings-PR_1530.patch
+++ b/SOURCES/openscap-1.3.4-bump-yamlfilter-fix-warnings-PR_1530.patch
@ -0,0 +1,59 @@
+From 31f2aa5729f9d6e9c1d8c06e3b979e89ff4e8e9e Mon Sep 17 00:00:00 2001
+From: Evgeny Kolesnikov <ekolesni@redhat.com>
+Date: Tue, 19 May 2020 07:26:25 +0200
+Subject: [PATCH 1/3] Update yaml-filter to the latest version (fixes minor
+ warnings)
+
+yaml-path.c:342:61: warning: comparison of integer expressions of different signedness: 'int' and 'size_t' {aka 'long unsigned int'} [-Wsign-compare]
+yaml-path.c:251:27: warning: unused variable 'sec' [-Wunused-variable]
+---
+ CMakeLists.txt | 4 ++--
+ yaml-filter    | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 65d674140..8752d66c8 100644
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -545,7 +545,7 @@ include_directories(
+ 	"src/XCCDF/public/"
+ 	"src/XCCDF_POLICY/"
+ 	"src/XCCDF_POLICY/public/"
+-	"yaml-filter"
+	"yaml-filter/src/"
+ 	${CMAKE_BINARY_DIR} # config.h is generated to build directory
+ 	${LIBXML2_INCLUDE_DIR}
+ 	${PCRE_INCLUDE_DIRS}
+@@ -570,7 +570,7 @@ function(set_oscap_generic_properties TARGET_OBJECT)
+ endfunction()
+ 
+ if(OPENSCAP_PROBE_INDEPENDENT_YAMLFILECONTENT)
+-	add_library(yamlfilter_object OBJECT yaml-filter/yaml-path.c yaml-filter/yaml-path.h)
+	add_library(yamlfilter_object OBJECT yaml-filter/src/yaml-path.c yaml-filter/src/yaml-path.h)
+ 	set_oscap_generic_properties(yamlfilter_object)
+ endif()
+ 
+
+From 69111f40e24a44241609f485034420bac666e756 Mon Sep 17 00:00:00 2001
+From: Evgeny Kolesnikov <ekolesni@redhat.com>
+Date: Tue, 19 May 2020 07:28:53 +0200
+Subject: [PATCH 2/3] probes/yamlfilecontent: Properly destroy yaml_path before
+ bailing out
+
+yamlfilecontent_probe.c:163: leaked_storage: Variable "yaml_path" going out of scope leaks the storage it points to.
+---
+ src/OVAL/probes/independent/yamlfilecontent_probe.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/OVAL/probes/independent/yamlfilecontent_probe.c b/src/OVAL/probes/independent/yamlfilecontent_probe.c
+index 8fc4b32b2..b8a379313 100644
+--- a/src/OVAL/probes/independent/yamlfilecontent_probe.c
+++ b/src/OVAL/probes/independent/yamlfilecontent_probe.c
+@@ -159,6 +159,7 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
+ 		probe_cobj_add_msg(probe_ctx_getresult(ctx), msg);
+ 		SEXP_free(msg);
+ 		probe_cobj_set_flag(probe_ctx_getresult(ctx), SYSCHAR_FLAG_ERROR);
+		yaml_path_destroy(yaml_path);
+ 		fclose(yaml_file);
+ 		return -1;
+ 	};
--- a/SOURCES/openscap-1.3.4-bump-yamlfilter-upgrade-probe-schemas-PR_1552.patch
+++ b/SOURCES/openscap-1.3.4-bump-yamlfilter-upgrade-probe-schemas-PR_1552.patch
--- a/SOURCES/openscap-1.3.4-bump-yamlfilter-upgrade-probe-schemas-submodule-PR_1552.patch
+++ b/SOURCES/openscap-1.3.4-bump-yamlfilter-upgrade-probe-schemas-submodule-PR_1552.patch
--- a/SOURCES/openscap-1.3.4-export-profile-platform-PR_1609.patch
+++ b/SOURCES/openscap-1.3.4-export-profile-platform-PR_1609.patch
@ -0,0 +1,107 @@
+From cca0af9f2260a34aa4c2e57a7a418ce2b4732e16 Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Mon, 28 Sep 2020 12:40:16 +0200
+Subject: [PATCH 1/2] Test resolving a Profile with platform
+
+---
+ tests/API/XCCDF/unittests/CMakeLists.txt      |  1 +
+ .../test_xccdf_resolve_profile_platform.sh    | 31 +++++++++++++++++++
+ ...t_xccdf_resolve_profile_platform.xccdf.xml | 13 ++++++++
+ 3 files changed, 45 insertions(+)
+ create mode 100755 tests/API/XCCDF/unittests/test_xccdf_resolve_profile_platform.sh
+ create mode 100644 tests/API/XCCDF/unittests/test_xccdf_resolve_profile_platform.xccdf.xml
+
+diff --git a/tests/API/XCCDF/unittests/CMakeLists.txt b/tests/API/XCCDF/unittests/CMakeLists.txt
+index 05ddea219..153a1c321 100644
+--- a/tests/API/XCCDF/unittests/CMakeLists.txt
+++ b/tests/API/XCCDF/unittests/CMakeLists.txt
+@@ -62,6 +62,7 @@ add_oscap_test("test_default_selector.sh")
+ add_oscap_test("test_inherit_selector.sh")
+ add_oscap_test("test_xccdf_refine_value_bad.sh")
+ add_oscap_test("test_xccdf_resolve.sh")
+add_oscap_test("test_xccdf_resolve_profile_platform.sh")
+ add_oscap_test("test_xccdf_results_arf_no_oval.sh")
+ add_oscap_test("test_xccdf_sub_title.sh")
+ add_oscap_test("test_xccdf_test_system.sh")
+diff --git a/tests/API/XCCDF/unittests/test_xccdf_resolve_profile_platform.sh b/tests/API/XCCDF/unittests/test_xccdf_resolve_profile_platform.sh
+new file mode 100755
+index 000000000..95f8ce4b4
+--- /dev/null
+++ b/tests/API/XCCDF/unittests/test_xccdf_resolve_profile_platform.sh
+@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+. $builddir/tests/test_common.sh
+
+########################################################################
+### Test "oscap xccdf resolve" command on a Profile with platform
+########################################################################
+
+set -e
+set -o pipefail
+
+name=$(basename $0 .sh)
+
+result=$(mktemp -t ${name}.res.XXXXXX)
+stderr=$(mktemp -t ${name}.out.XXXXXX)
+stdout=$(mktemp -t ${name}.out.XXXXXX)
+
+
+echo "Stderr file = $stderr"
+echo "Result file = $result"
+
+$OSCAP xccdf resolve --output $result $srcdir/${name}.xccdf.xml > $stdout
+$OSCAP xccdf validate $result >> $stdout
+
+assert_exists 1 '//Benchmark[@resolved="1"]'
+
+# Resolve Profile Platform
+assert_exists 2 '//Profile[@id="xccdf_resolve_profile_platform"]/select'
+assert_exists 1 '//Profile[@id="xccdf_resolve_profile_platform"]/platform[@idref="cpe:/a:open-scap:oscap"]'
+
+[ -f $stderr ]; [ ! -s $stderr ]; rm $stderr
+rm $result
+diff --git a/tests/API/XCCDF/unittests/test_xccdf_resolve_profile_platform.xccdf.xml b/tests/API/XCCDF/unittests/test_xccdf_resolve_profile_platform.xccdf.xml
+new file mode 100644
+index 000000000..f4773bef7
+--- /dev/null
+++ b/tests/API/XCCDF/unittests/test_xccdf_resolve_profile_platform.xccdf.xml
+@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" id="xccdf_resolve_benchmark_1" resolved="false">
+	<status>incomplete</status>
+	<version>1.0</version>
+
+	<Profile id="xccdf_resolve_profile_platform">
+		<title>Profile with platform</title>
+		<platform idref="cpe:/a:open-scap:oscap"/>
+		<select idref="xccdf_test_rule_inherited" selected="true" />
+		<select idref="xccdf_test_rule_overridden" selected="true" />
+	</Profile>
+</Benchmark>
+
+
+From 46b78146db6ba1fa57926068c4400d876423126b Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Mon, 28 Sep 2020 13:03:46 +0200
+Subject: [PATCH 2/2] Fix export of platform profile to DOM
+
+The xccdf:platform should reference the ID of a CPE name or a CPE
+applicability language expression.
+---
+ src/XCCDF/profile.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/XCCDF/profile.c b/src/XCCDF/profile.c
+index 776ef616a..b8a3f4749 100644
+--- a/src/XCCDF/profile.c
+++ b/src/XCCDF/profile.c
+@@ -319,7 +319,8 @@ void xccdf_profile_to_dom(struct xccdf_profile *profile, xmlNode *profile_node,
+         struct oscap_string_iterator *platforms = xccdf_profile_get_platforms(profile);
+         while (oscap_string_iterator_has_more(platforms)) {
+                 const char *platform = oscap_string_iterator_next(platforms);
+-                xmlNewTextChild(profile_node, ns_xccdf, BAD_CAST "platform", BAD_CAST platform);
+                xmlNode *platform_node = xmlNewTextChild(profile_node, ns_xccdf, BAD_CAST "platform", NULL);
+                xmlNewProp(platform_node, BAD_CAST "idref", BAD_CAST platform);
+         }   
+         oscap_string_iterator_free(platforms);
+ 
--- a/SOURCES/openscap-1.3.5-bump-yamlfilter-covscan-fix-PR_1620.patch
+++ b/SOURCES/openscap-1.3.5-bump-yamlfilter-covscan-fix-PR_1620.patch
@ -0,0 +1,20 @@
+diff --git a/src/OVAL/probes/independent/yamlfilecontent_probe.c b/src/OVAL/probes/independent/yamlfilecontent_probe.c
+index 6f18abf83..e7e6cb3f5 100644
+--- a/src/OVAL/probes/independent/yamlfilecontent_probe.c
+++ b/src/OVAL/probes/independent/yamlfilecontent_probe.c
+@@ -216,12 +216,13 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
+ 			result_error("YAML parser error: %s", parser.problem);
+ 			goto cleanup;
+ 		}
+
+		event_type = event.type;
+
+ 		if (yaml_path_filter_event(yaml_path, &parser, &event) == YAML_PATH_FILTER_RESULT_OUT) {
+ 			goto next;
+ 		}
+ 
+-		event_type = event.type;
+-
+ 		if (sequence) {
+ 			if (event_type == YAML_SEQUENCE_END_EVENT) {
+ 				sequence = false;
--- a/SOURCES/openscap-1.3.5-bump-yamlfilter-fix-field-names-PR_1619.patch
+++ b/SOURCES/openscap-1.3.5-bump-yamlfilter-fix-field-names-PR_1619.patch
@ -0,0 +1,315 @@
+From 81ab472c579072229a61df32969cc027b0fa4b7f Mon Sep 17 00:00:00 2001
+From: Evgeny Kolesnikov <ekolesni@redhat.com>
+Date: Tue, 20 Oct 2020 08:55:32 +0200
+Subject: [PATCH] probes/yamfilecontent: Fix field names for cases where key
+ selection section is followed by a set section
+
+$.foo[:].bar[:], $.foo[:][:] and alike.
+---
+ .../independent/yamlfilecontent_probe.c       | 31 ++++++++--
+ .../yamlfilecontent/openshift-logging.yaml    | 12 ++++
+ .../test_probes_yamlfilecontent_array.sh      |  2 +-
+ .../test_probes_yamlfilecontent_array.xml     | 45 ++++++++++++++
+ .../test_probes_yamlfilecontent_key.sh        |  2 +-
+ .../test_probes_yamlfilecontent_key.xml       | 59 ++++++++++++++++++-
+ 6 files changed, 143 insertions(+), 8 deletions(-)
+
+diff --git a/src/OVAL/probes/independent/yamlfilecontent_probe.c b/src/OVAL/probes/independent/yamlfilecontent_probe.c
+index 6f18abf83..17741a240 100644
+--- a/src/OVAL/probes/independent/yamlfilecontent_probe.c
+++ b/src/OVAL/probes/independent/yamlfilecontent_probe.c
+@@ -206,6 +206,7 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
+ 	yaml_event_type_t event_type;
+ 	bool sequence = false;
+ 	bool mapping = false;
+	bool fake_mapping = false;
+ 	int index = 0;
+ 	char *key = strdup("#");
+ 
+@@ -224,21 +225,39 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
+ 
+ 		if (sequence) {
+ 			if (event_type == YAML_SEQUENCE_END_EVENT) {
+-				sequence = false;
+				if (fake_mapping) {
+					fake_mapping = false;
+					if (record && record->itemcount > 0) {
+						oscap_list_add(values, record);
+					} else {
+						// Do not collect empty records
+						oscap_htable_free0(record);
+					}
+					record = NULL;
+				} else {
+					sequence = false;
+				}
+ 			} else if (event_type == YAML_SEQUENCE_START_EVENT) {
+-				result_error("YAML path '%s' points to a multi-dimensional structure (sequence containing another sequence)", yaml_path_cstr);
+-				goto cleanup;
+				if (mapping || fake_mapping) {
+					result_error("YAML path '%s' points to a multi-dimensional structure (a map or a sequence containing other sequences)", yaml_path_cstr);
+					goto cleanup;
+				} else {
+					fake_mapping = true;
+					record = oscap_htable_new();
+				}
+ 			}
+ 		} else {
+ 			if (event_type == YAML_SEQUENCE_START_EVENT) {
+ 				sequence = true;
+				if (mapping)
+					index++;
+ 			}
+ 		}
+ 
+ 		if (mapping) {
+ 			if (event_type == YAML_MAPPING_END_EVENT) {
+ 				mapping = false;
+-				if (record->itemcount > 0) {
+				if (record && record->itemcount > 0) {
+ 					oscap_list_add(values, record);
+ 				} else {
+ 					// Do not collect empty records
+@@ -255,6 +274,10 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
+ 					result_error("YAML path '%s' points to an invalid structure (map containing another map)", yaml_path_cstr);
+ 					goto cleanup;
+ 				}
+				if (fake_mapping) {
+					result_error("YAML path '%s' points to a multi-dimensional structure (two-dimensional sequence containing a map)", yaml_path_cstr);
+					goto cleanup;
+				}
+ 				mapping = true;
+ 				sequence = false;
+ 				index = 0;
+diff --git a/tests/probes/yamlfilecontent/openshift-logging.yaml b/tests/probes/yamlfilecontent/openshift-logging.yaml
+index fb6a9d8b6..581a700a3 100644
+--- a/tests/probes/yamlfilecontent/openshift-logging.yaml
+++ b/tests/probes/yamlfilecontent/openshift-logging.yaml
+@@ -3,6 +3,18 @@ kind: "LogForwarding"
+ metadata:
+   name: instance
+   namespace: openshift-logging
+arrs:
+- [1, 2, 3]
+- [4, 5, 6]
+items:
+- allowHostDirVolumePlugin: false
+  defaultAddCapabilities: null
+  requiredDropCapabilities: ['KILL', 'ALL']
+  name: ['Name', 'Oth']
+- allowHostDirVolumePlugin: false
+  defaultAddCapabilities: null
+  requiredDropCapabilities: ['OPS', 'KILL', 'ALL']
+  name: ['2 Name', '2 Oth']
+ spec:
+   disableDefaultForwarding: true
+   outputs:
+diff --git a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.sh b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.sh
+index fd5e47538..695a247b3 100755
+--- a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.sh
+++ b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.sh
+@@ -19,7 +19,7 @@ function test_probes_yamlfilecontent_array {
+     $OSCAP oval eval --results $RF $DF
+ 
+     if [ -f $RF ]; then
+-        verify_results "def" $DF $RF 2 && verify_results "tst" $DF $RF 3
+        verify_results "def" $DF $RF 3 && verify_results "tst" $DF $RF 5
+         ret_val=$?
+     else
+         ret_val=1
+diff --git a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.xml b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.xml
+index c05c5fbb9..77f57cd47 100644
+--- a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.xml
+++ b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.xml
+@@ -31,6 +31,17 @@
+       </criteria>
+     </definition>
+ 
+    <definition class="compliance" version="1" id="oval:0:def:3"> <!-- comment="true" -->
+      <metadata>
+        <title></title>
+        <description></description>
+      </metadata>
+      <criteria operator="AND">
+        <criterion comment="get_2_dim_array" test_ref="oval:0:tst:4"/>
+        <criterion comment="get_2_dim_array_set" test_ref="oval:0:tst:5"/>
+      </criteria>
+    </definition>
+
+   </definitions>
+ 
+   <tests>
+@@ -49,6 +60,16 @@
+       <ind-def:object object_ref="oval:0:obj:3"/>
+     </ind-def:yamlfilecontent_test>
+ 
+    <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:4" check="all" comment="true">
+      <ind-def:object object_ref="oval:0:obj:4"/>
+      <ind-def:state state_ref="oval:0:ste:3"/>
+    </ind-def:yamlfilecontent_test>
+
+    <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:5" check="all" comment="true">
+      <ind-def:object object_ref="oval:0:obj:5"/>
+      <ind-def:state state_ref="oval:0:ste:3"/>
+    </ind-def:yamlfilecontent_test>
+
+   </tests>
+ 
+   <objects>
+@@ -71,6 +92,18 @@
+       <ind-def:yamlpath>.spec.outputs[0]</ind-def:yamlpath>
+     </ind-def:yamlfilecontent_object>
+ 
+    <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:4">
+      <ind-def:path>/tmp</ind-def:path>
+      <ind-def:filename>openshift-logging.yaml</ind-def:filename>
+      <ind-def:yamlpath>.arrs[:][:]</ind-def:yamlpath>
+    </ind-def:yamlfilecontent_object>
+
+    <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:5">
+      <ind-def:path>/tmp</ind-def:path>
+      <ind-def:filename>openshift-logging.yaml</ind-def:filename>
+      <ind-def:yamlpath>.arrs</ind-def:yamlpath>
+    </ind-def:yamlfilecontent_object>
+
+   </objects>
+ 
+   <states>
+@@ -87,6 +120,12 @@
+       </ind-def:value>
+     </ind-def:yamlfilecontent_state>
+ 
+    <ind-def:yamlfilecontent_state version="1" id="oval:0:ste:3">
+      <ind-def:value datatype="record">
+        <field name="#" datatype="int" var_ref="oval:0:var:3" var_check="at least one" entity_check="at least one"/>
+      </ind-def:value>
+    </ind-def:yamlfilecontent_state>
+
+   </states>
+ 
+   <variables>
+@@ -99,5 +138,11 @@
+       </split>
+     </local_variable>
+ 
+    <local_variable comment="variable with three values" datatype="int" version="1" id="oval:0:var:3">
+      <split delimiter="|">
+        <literal_component>1|2|3|4|5|6</literal_component>
+      </split>
+    </local_variable>
+
+   </variables>
+ </oval_definitions>
+diff --git a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.sh b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.sh
+index fc1e0ae7e..a942552e9 100755
+--- a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.sh
+++ b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.sh
+@@ -19,7 +19,7 @@ function test_probes_yamlfilecontent_key {
+     $OSCAP oval eval --results $RF $DF
+ 
+     if [ -f $RF ]; then
+-        verify_results "def" $DF $RF 6 && verify_results "tst" $DF $RF 7
+        verify_results "def" $DF $RF 9 && verify_results "tst" $DF $RF 10
+         ret_val=$?
+     else
+         ret_val=1
+diff --git a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.xml b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.xml
+index 05757d0c8..1697b54fd 100644
+--- a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.xml
+++ b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.xml
+@@ -71,7 +71,7 @@
+       </criteria>
+     </definition>
+ 
+-    <definition class="compliance" version="1" id="oval:0:def:7"> <!-- comment="true" -->
+    <definition class="compliance" version="1" id="oval:0:def:7"> <!-- comment="error" -->
+       <metadata>
+         <title></title>
+         <description></description>
+@@ -80,6 +80,26 @@
+         <criterion comment="array_of_maps" test_ref="oval:0:tst:8"/>
+       </criteria>
+     </definition>
+
+    <definition class="compliance" version="1" id="oval:0:def:8"> <!-- comment="true" -->
+      <metadata>
+        <title></title>
+        <description></description>
+      </metadata>
+      <criteria operator="AND">
+        <criterion comment="array_of_maps_of_array" test_ref="oval:0:tst:9"/>
+      </criteria>
+    </definition>
+
+    <definition class="compliance" version="1" id="oval:0:def:9"> <!-- comment="true" -->
+      <metadata>
+        <title></title>
+        <description></description>
+      </metadata>
+      <criteria operator="AND">
+        <criterion comment="array_of_maps_of_array_2" test_ref="oval:0:tst:10"/>
+      </criteria>
+    </definition>
+   </definitions>
+ 
+   <tests>
+@@ -116,9 +136,19 @@
+       <ind-def:object object_ref="oval:0:obj:7"/>
+     </ind-def:yamlfilecontent_test>
+ 
+-    <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:8" check="all" comment="true">
+    <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:8" check="all" comment="error">
+       <ind-def:object object_ref="oval:0:obj:8"/>
+     </ind-def:yamlfilecontent_test>
+
+    <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:9" check="all" comment="true">
+      <ind-def:object object_ref="oval:0:obj:9"/>
+      <ind-def:state state_ref="oval:0:ste:9"/>
+    </ind-def:yamlfilecontent_test>
+
+    <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:10" check="all" comment="true">
+      <ind-def:object object_ref="oval:0:obj:10"/>
+      <ind-def:state state_ref="oval:0:ste:10"/>
+    </ind-def:yamlfilecontent_test>
+   </tests>
+ 
+   <objects>
+@@ -170,6 +200,18 @@
+       <ind-def:filename>openshift-logging.yaml</ind-def:filename>
+       <ind-def:yamlpath>.spec.outputs</ind-def:yamlpath>
+     </ind-def:yamlfilecontent_object>
+
+    <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:9">
+      <ind-def:path>/tmp</ind-def:path>
+      <ind-def:filename>openshift-logging.yaml</ind-def:filename>
+      <ind-def:yamlpath>.items[:]['requiredDropCapabilities','name','q','z'][:]</ind-def:yamlpath>
+    </ind-def:yamlfilecontent_object>
+
+    <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:10">
+      <ind-def:path>/tmp</ind-def:path>
+      <ind-def:filename>openshift-logging.yaml</ind-def:filename>
+      <ind-def:yamlpath>.items[:].requiredDropCapabilities[:]</ind-def:yamlpath>
+    </ind-def:yamlfilecontent_object>
+   </objects>
+ 
+   <states>
+@@ -202,6 +244,19 @@
+       </ind-def:value>
+     </ind-def:yamlfilecontent_state>
+ 
+    <ind-def:yamlfilecontent_state version="1" id="oval:0:ste:9">
+      <ind-def:value datatype="record" entity_check="at least one">
+        <field name="required^drop^capabilities" operation="pattern match" entity_check="at least one">^KILL$</field>
+        <field name="name" entity_check="at least one">Name</field>
+      </ind-def:value>
+    </ind-def:yamlfilecontent_state>
+
+    <ind-def:yamlfilecontent_state version="1" id="oval:0:ste:10">
+      <ind-def:value datatype="record" entity_check="at least one">
+        <field name="#" operation="pattern match" entity_check="at least one">^KILL$</field>
+      </ind-def:value>
+    </ind-def:yamlfilecontent_state>
+
+   </states>
+ 
+ </oval_definitions>
--- a/SPECS/openscap.spec
+++ b/SPECS/openscap.spec
@ -1,6 +1,6 @@
 Name:           openscap
 Version:        1.3.3
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        Set of open source libraries enabling integration of the SCAP line of standards
 Group:          System Environment/Libraries
 License:        LGPLv2+
@ -8,11 +8,17 @@ URL:            http://www.open-scap.org/
 Source0:        https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
 Patch1:         openscap-1.3.4-fix-environmentvariable58-regression.patch
 Patch2:         openscap-1.3.4-fix-no-more-recursion.patch
-Patch3:	        openscap-1.3.4-add_compression_support-PR_1557.patch
-Patch4:	        openscap-1.3.4-add_compression_test-PR_1564.patch
-Patch5:	        openscap-1.3.4-add_compression_tracing-PR_1561.patch
+Patch3:         openscap-1.3.4-add_compression_support-PR_1557.patch
+Patch4:         openscap-1.3.4-add_compression_test-PR_1564.patch
+Patch5:         openscap-1.3.4-add_compression_tracing-PR_1561.patch
 Patch6:         openscap-1.3.4-rpmverifyfile_leak-PR_1565.patch
 Patch7:         openscap-1.3.4-detect_remote_file_systems-PR_1573.patch
+Patch8:         openscap-1.3.4-export-profile-platform-PR_1609.patch
+Patch9:         openscap-1.3.4-bump-yamlfilter-fix-warnings-PR_1530.patch
+Patch10:        openscap-1.3.4-bump-yamlfilter-upgrade-probe-schemas-PR_1552.patch
+Patch11:        openscap-1.3.4-bump-yamlfilter-upgrade-probe-schemas-submodule-PR_1552.patch
+Patch12:        openscap-1.3.5-bump-yamlfilter-covscan-fix-PR_1620.patch
+Patch13:        openscap-1.3.5-bump-yamlfilter-fix-field-names-PR_1619.patch

 BuildRequires:  cmake >= 2.6
 BuildRequires:  swig libxml2-devel libxslt-devel perl-generators perl-XML-Parser
@ -140,6 +146,12 @@ for developing applications that use %{name}-engine-sce.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1 -d yaml-filter
+%patch12 -p1
+%patch13 -p1
 mkdir build

 %build
@ -227,6 +239,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_bindir}/oscap-run-sce-script

 %changelog
+* Thu Oct 29 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.3-6
+- Enable profile composition with a specific platform (RHBZ#1896676)
+- Enable YAML probe to work with sets of values (RHBZ#1895715)
+
 * Wed Aug 19 2020 Jan Černý <jcerny@redhat.com> - 1.3.3-5
 - Detect remote file systems correctly (RHBZ#1870087)