rpms/openscap
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import openscap-1.3.4-5.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-11-27 18:10:46 +00:00 committed by Andrew Lukoshko
commit 9e46cbccf4
10 changed files with 1315 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/openscap-1.3.4.tar.gz

1
.openscap.metadata Normal file
View File

@ -0,0 +1 @@
3e303f06aa00e5c2616db606b980389ee0b73883 SOURCES/openscap-1.3.4.tar.gz

162
SOURCES/openscap-1.3.5-coverity1-PR_1617.patch Normal file
View File

@ -0,0 +1,162 @@
From 0311ac9d8368acd5baac8b7fc6f753bd895ea3fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Tue, 6 Oct 2020 13:32:19 +0200
Subject: [PATCH 1/2] Fix Coverity warnings
Addressing multiple Coverity defects similar to this one:
Defect type: CHECKED_RETURN
check_return: Calling "curl_easy_setopt(curl, _curl_opt, _curl_trace)"
without checking return value. This library function may fail and return
an error code.
---
src/common/oscap_acquire.c | 65 +++++++++++++++++++++++++++++++-------
1 file changed, 53 insertions(+), 12 deletions(-)
diff --git a/src/common/oscap_acquire.c b/src/common/oscap_acquire.c
index 666f4f5c9..34a92fa19 100644
--- a/src/common/oscap_acquire.c
+++ b/src/common/oscap_acquire.c
@@ -326,18 +326,59 @@ char* oscap_acquire_url_download(const char *url, size_t* memory_size)
return NULL;
}
- struct oscap_buffer* buffer = oscap_buffer_new();
-
- curl_easy_setopt(curl, CURLOPT_URL, url);
- curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_to_memory_callback);
- curl_easy_setopt(curl, CURLOPT_WRITEDATA, buffer);
- curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, "");
- curl_easy_setopt(curl, CURLOPT_TRANSFER_ENCODING, true);
- curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, true);
- curl_easy_setopt(curl, CURLOPT_VERBOSE, true);
- curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, _curl_trace);
-
- CURLcode res = curl_easy_perform(curl);
+ CURLcode res;
+
+ res = curl_easy_setopt(curl, CURLOPT_URL, url);
+ if (res != 0) {
+ oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_URL to '%s': %s", url, curl_easy_strerror(res));
+ return NULL;
+ }
+
+ res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_to_memory_callback);
+ if (res != 0) {
+ oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_WRITEFUNCTION to write_to_memory_callback: %s", curl_easy_strerror(res));
+ return NULL;
+ }
+
+ res = curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, "");
+ if (res != 0) {
+ oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_ACCEPT_ENCODING to an empty string: %s", curl_easy_strerror(res));
+ return NULL;
+ }
+
+ res = curl_easy_setopt(curl, CURLOPT_TRANSFER_ENCODING, true);
+ if (res != 0) {
+ oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_TRANSFER_ENCODING to true: %s", curl_easy_strerror(res));
+ return NULL;
+ }
+
+ res = curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, true);
+ if (res != 0) {
+ oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_FOLLOWLOCATION to true: %s", curl_easy_strerror(res));
+ return NULL;
+ }
+
+ res = curl_easy_setopt(curl, CURLOPT_VERBOSE, true);
+ if (res != 0) {
+ oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_VERBOSE to true: %s", curl_easy_strerror(res));
+ return NULL;
+ }
+
+ res = curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, _curl_trace);
+ if (res != 0) {
+ oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_DEBUGFUNCTION to _curl_trace: %s", curl_easy_strerror(res));
+ return NULL;
+ }
+
+ struct oscap_buffer *buffer = oscap_buffer_new();
+ res = curl_easy_setopt(curl, CURLOPT_WRITEDATA, buffer);
+ if (res != 0) {
+ oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_WRITEDATA as buffer: %s", curl_easy_strerror(res));
+ oscap_buffer_free(buffer);
+ return NULL;
+ }
+
+ res = curl_easy_perform(curl);
curl_easy_cleanup(curl);
if (res != 0) {
From 34af1348b6ff6e4710aeb6e383b1a50c4751c16e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Mon, 26 Oct 2020 11:12:04 +0100
Subject: [PATCH 2/2] Add curl_easy_cleanup everywhere
---
src/common/oscap_acquire.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/common/oscap_acquire.c b/src/common/oscap_acquire.c
index 34a92fa19..cd9bfc36f 100644
--- a/src/common/oscap_acquire.c
+++ b/src/common/oscap_acquire.c
@@ -330,42 +330,49 @@ char* oscap_acquire_url_download(const char *url, size_t* memory_size)
res = curl_easy_setopt(curl, CURLOPT_URL, url);
if (res != 0) {
+ curl_easy_cleanup(curl);
oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_URL to '%s': %s", url, curl_easy_strerror(res));
return NULL;
}
res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_to_memory_callback);
if (res != 0) {
+ curl_easy_cleanup(curl);
oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_WRITEFUNCTION to write_to_memory_callback: %s", curl_easy_strerror(res));
return NULL;
}
res = curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, "");
if (res != 0) {
+ curl_easy_cleanup(curl);
oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_ACCEPT_ENCODING to an empty string: %s", curl_easy_strerror(res));
return NULL;
}
res = curl_easy_setopt(curl, CURLOPT_TRANSFER_ENCODING, true);
if (res != 0) {
+ curl_easy_cleanup(curl);
oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_TRANSFER_ENCODING to true: %s", curl_easy_strerror(res));
return NULL;
}
res = curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, true);
if (res != 0) {
+ curl_easy_cleanup(curl);
oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_FOLLOWLOCATION to true: %s", curl_easy_strerror(res));
return NULL;
}
res = curl_easy_setopt(curl, CURLOPT_VERBOSE, true);
if (res != 0) {
+ curl_easy_cleanup(curl);
oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_VERBOSE to true: %s", curl_easy_strerror(res));
return NULL;
}
res = curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, _curl_trace);
if (res != 0) {
+ curl_easy_cleanup(curl);
oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_DEBUGFUNCTION to _curl_trace: %s", curl_easy_strerror(res));
return NULL;
}
@@ -373,6 +380,7 @@ char* oscap_acquire_url_download(const char *url, size_t* memory_size)
struct oscap_buffer *buffer = oscap_buffer_new();
res = curl_easy_setopt(curl, CURLOPT_WRITEDATA, buffer);
if (res != 0) {
+ curl_easy_cleanup(curl);
oscap_seterr(OSCAP_EFAMILY_NET, "Failed to set CURLOPT_WRITEDATA as buffer: %s", curl_easy_strerror(res));
oscap_buffer_free(buffer);
return NULL;

147
SOURCES/openscap-1.3.5-coverity2-PR_1620.patch Normal file
View File

@ -0,0 +1,147 @@
From 538c70780b49a36a4d2420ef93b87b78817dc14c Mon Sep 17 00:00:00 2001
From: Evgeny Kolesnikov <ekolesni@redhat.com>
Date: Mon, 26 Oct 2020 08:31:53 +0100
Subject: [PATCH] Covscan fixes
---
src/OVAL/probes/fsdev.c | 2 +-
src/OVAL/probes/independent/yamlfilecontent_probe.c | 5 +++--
src/OVAL/probes/unix/fileextendedattribute_probe.c | 2 +-
src/OVAL/probes/unix/linux/partition_probe.c | 2 +-
src/OVAL/probes/unix/xinetd_probe.c | 7 ++++++-
src/XCCDF/xccdf_session.c | 4 ++--
utils/oscap-tool.c | 6 +++++-
utils/oscap-xccdf.c | 3 +--
8 files changed, 20 insertions(+), 11 deletions(-)
diff --git a/src/OVAL/probes/fsdev.c b/src/OVAL/probes/fsdev.c
index b2b984441..c82ab620b 100644
--- a/src/OVAL/probes/fsdev.c
+++ b/src/OVAL/probes/fsdev.c
@@ -219,7 +219,7 @@ static fsdev_t *__fsdev_init(fsdev_t *lfs)
endmntent(fp);
void *new_ids = realloc(lfs->ids, sizeof(dev_t) * i);
- if (new_ids == NULL) {
+ if (new_ids == NULL && i > 0) {
e = errno;
free(lfs->ids);
free(lfs);
diff --git a/src/OVAL/probes/independent/yamlfilecontent_probe.c b/src/OVAL/probes/independent/yamlfilecontent_probe.c
index 6f18abf83..e7e6cb3f5 100644
--- a/src/OVAL/probes/independent/yamlfilecontent_probe.c
+++ b/src/OVAL/probes/independent/yamlfilecontent_probe.c
@@ -216,12 +216,13 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
result_error("YAML parser error: %s", parser.problem);
goto cleanup;
}
+
+ event_type = event.type;
+
if (yaml_path_filter_event(yaml_path, &parser, &event) == YAML_PATH_FILTER_RESULT_OUT) {
goto next;
}
- event_type = event.type;
-
if (sequence) {
if (event_type == YAML_SEQUENCE_END_EVENT) {
sequence = false;
diff --git a/src/OVAL/probes/unix/fileextendedattribute_probe.c b/src/OVAL/probes/unix/fileextendedattribute_probe.c
index b442ea540..ee853886a 100644
--- a/src/OVAL/probes/unix/fileextendedattribute_probe.c
+++ b/src/OVAL/probes/unix/fileextendedattribute_probe.c
@@ -298,7 +298,7 @@ static int file_cb(const char *prefix, const char *p, const char *f, void *ptr,
// Allocate buffer, '+1' is for trailing '\0'
void *new_xattr_val = realloc(xattr_val, sizeof(char) * (xattr_vallen + 1));
- if (xattr_val == NULL) {
+ if (new_xattr_val == NULL) {
dE("Failed to allocate memory for xattr_val");
free(xattr_val);
goto exit;
diff --git a/src/OVAL/probes/unix/linux/partition_probe.c b/src/OVAL/probes/unix/linux/partition_probe.c
index a74c0323a..adb244b04 100644
--- a/src/OVAL/probes/unix/linux/partition_probe.c
+++ b/src/OVAL/probes/unix/linux/partition_probe.c
@@ -207,7 +207,7 @@ static int collect_item(probe_ctx *ctx, oval_schema_version_t over, struct mnten
mnt_ocnt = add_mnt_opt(&mnt_opts, mnt_ocnt, "move");
}
- dD("mnt_ocnt = %d, mnt_opts[mnt_ocnt]=%p", mnt_ocnt, mnt_opts[mnt_ocnt]);
+ dD("mnt_ocnt = %d, mnt_opts[mnt_ocnt]=%p", mnt_ocnt, mnt_opts == NULL ? NULL : mnt_opts[mnt_ocnt]);
/*
* "Correct" the type (this won't be (hopefully) needed in a later version
diff --git a/src/OVAL/probes/unix/xinetd_probe.c b/src/OVAL/probes/unix/xinetd_probe.c
index 75b12f95b..d61c7d547 100644
--- a/src/OVAL/probes/unix/xinetd_probe.c
+++ b/src/OVAL/probes/unix/xinetd_probe.c
@@ -566,7 +566,12 @@ static int xiconf_add_cfile(xiconf_t *xiconf, const char *path, int depth)
}
xifile->depth = depth;
- xiconf->cfile = realloc(xiconf->cfile, sizeof(xiconf_file_t *) * ++xiconf->count);
+ void *cfile = realloc(xiconf->cfile, sizeof(xiconf_file_t *) * ++xiconf->count);
+ if (cfile == NULL) {
+ dE("Failed re-allocate memory for cfile");
+ return (-1);
+ }
+ xiconf->cfile = cfile;
xiconf->cfile[xiconf->count - 1] = xifile;
dD("Added new file to the cfile queue: %s; fi=%zu", path, xiconf->count - 1);
diff --git a/src/XCCDF/xccdf_session.c b/src/XCCDF/xccdf_session.c
index 8bd394e2f..f1b837959 100644
--- a/src/XCCDF/xccdf_session.c
+++ b/src/XCCDF/xccdf_session.c
@@ -286,9 +286,9 @@ static struct oscap_source *xccdf_session_extract_arf_source(struct xccdf_sessio
}
struct tm *tm_mtime = malloc(sizeof(struct tm));
#ifdef OS_WINDOWS
- tm_mtime = localtime_s(tm_mtime, &file_stat.st_mtime);
+ localtime_s(tm_mtime, &file_stat.st_mtime);
#else
- tm_mtime = localtime_r(&file_stat.st_mtime, tm_mtime);
+ localtime_r(&file_stat.st_mtime, tm_mtime);
#endif
strftime(tailoring_doc_timestamp, max_timestamp_len,
"%Y-%m-%dT%H:%M:%S", tm_mtime);
diff --git a/utils/oscap-tool.c b/utils/oscap-tool.c
index 9bfe52697..660a19047 100644
--- a/utils/oscap-tool.c
+++ b/utils/oscap-tool.c
@@ -315,7 +315,10 @@ static void getopt_parse_env(struct oscap_module *module, int *argc, char ***arg
opt = oscap_strtok_r(opts, delim, &state);
while (opt != NULL) {
eargc++;
- eargv = realloc(eargv, eargc * sizeof(char *));
+ void *new_eargv = realloc(eargv, eargc * sizeof(char *));
+ if (new_eargv == NULL)
+ goto exit;
+ eargv = new_eargv;
eargv[eargc - 1] = strdup(opt);
opt = oscap_strtok_r(NULL, delim, &state);
}
@@ -334,6 +337,7 @@ static void getopt_parse_env(struct oscap_module *module, int *argc, char ***arg
*argc = nargc;
*argv = nargv;
+exit:
free(opts);
free(eargv);
}
diff --git a/utils/oscap-xccdf.c b/utils/oscap-xccdf.c
index af337b844..0a9ae5270 100644
--- a/utils/oscap-xccdf.c
+++ b/utils/oscap-xccdf.c
@@ -610,8 +610,7 @@ int app_evaluate_xccdf(const struct oscap_action *action)
/* syslog message */
#if defined(HAVE_SYSLOG_H)
- syslog(priority, "Evaluation finished. Return code: %d, Base score %f.", evaluation_result,
- session == NULL ? 0 : xccdf_session_get_base_score(session));
+ syslog(priority, "Evaluation finished. Return code: %d, Base score %f.", evaluation_result, xccdf_session_get_base_score(session));
#endif
xccdf_session_set_xccdf_export(session, action->f_results);

84
SOURCES/openscap-1.3.5-memory-PR_1627.patch Normal file
View File

@ -0,0 +1,84 @@
From 5eea79eaf426ac3e51a09d3f3fe72c2b385abc89 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Tue, 10 Nov 2020 11:16:00 +0100
Subject: [PATCH] Fix memory allocation
We can't assume that size of a structure is a sum of sizes of its
members because padding and alignment can be involved. In fact,
we need to allocate more bytes for the structure than the
sum of sizes of its members.
The wrong assumption caused invalid writes and invalid reads
which can be discovered by valgrind. Moreover, when run with
MALLOC_CHECK_ environment variable set to non-zero value, the
program aborted.
The memory issue happened only when NDEBUG is defined, eg. when cmake
-DCMAKE_BUILD_TYPE=RelWithDebInfo or Release, it doesn't happen if cmake
-DCMAKE_BUILD_TYPE=Debug which we usually use in Jenkins CI. This is
most likely because in debug mode the struct SEXP contains 2 additional
members which are the magic canaries and therefore is bigger.
This commit wants to fix the problem by 2 step allocation in which
first the size of the struct SEXP_val_lblk is used and then the
array of SEXPs is allocated separately.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1891770
---
src/OVAL/probes/SEAP/_sexp-value.h | 2 +-
src/OVAL/probes/SEAP/sexp-value.c | 12 ++++++------
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/OVAL/probes/SEAP/_sexp-value.h b/src/OVAL/probes/SEAP/_sexp-value.h
index 426cd2c3d..e66777ef9 100644
--- a/src/OVAL/probes/SEAP/_sexp-value.h
+++ b/src/OVAL/probes/SEAP/_sexp-value.h
@@ -94,7 +94,7 @@ struct SEXP_val_lblk {
uintptr_t nxsz;
uint16_t real;
uint16_t refs;
- SEXP_t memb[];
+ SEXP_t *memb;
};
size_t SEXP_rawval_list_length (struct SEXP_val_list *list);
diff --git a/src/OVAL/probes/SEAP/sexp-value.c b/src/OVAL/probes/SEAP/sexp-value.c
index a11cbc70c..b8b3ed609 100644
--- a/src/OVAL/probes/SEAP/sexp-value.c
+++ b/src/OVAL/probes/SEAP/sexp-value.c
@@ -106,10 +106,8 @@ uintptr_t SEXP_rawval_lblk_new (uint8_t sz)
{
_A(sz < 16);
- struct SEXP_val_lblk *lblk = oscap_aligned_malloc(
- sizeof(uintptr_t) + (2 * sizeof(uint16_t)) + (sizeof(SEXP_t) * (1 << sz)),
- SEXP_LBLK_ALIGN
- );
+ struct SEXP_val_lblk *lblk = malloc(sizeof(struct SEXP_val_lblk));
+ lblk->memb = malloc(sizeof(SEXP_t) * (1 << sz));
lblk->nxsz = ((uintptr_t)(NULL) & SEXP_LBLKP_MASK) | ((uintptr_t)sz & SEXP_LBLKS_MASK);
lblk->refs = 1;
@@ -519,7 +517,8 @@ void SEXP_rawval_lblk_free (uintptr_t lblkp, void (*func) (SEXP_t *))
func (lblk->memb + lblk->real);
}
- oscap_aligned_free(lblk);
+ free(lblk->memb);
+ free(lblk);
if (next != NULL)
SEXP_rawval_lblk_free ((uintptr_t)next, func);
@@ -540,7 +539,8 @@ void SEXP_rawval_lblk_free1 (uintptr_t lblkp, void (*func) (SEXP_t *))
func (lblk->memb + lblk->real);
}
- oscap_aligned_free(lblk);
+ free(lblk->memb);
+ free(lblk);
}
return;
--
2.26.2

71
SOURCES/openscap-1.3.5-plug-memory-leak-PR_1616.patch Normal file
View File

@ -0,0 +1,71 @@
From d5518f3f4c32ac19fcf3427602d5b2978b7ef1b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Mon, 5 Oct 2020 16:02:29 +0200
Subject: [PATCH] Plug a memory leak
Addressing:
8 bytes in 1 blocks are indirectly lost in loss record 7 of 235
at 0x483A809: malloc (vg_replace_malloc.c:307)
by 0x48F15CA: oval_collection_new (oval_collection.c:64)
by 0x48F4FCC: oval_result_criteria_node_new (oval_resultCriteriaNode.c:106)
by 0x48F5580: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:249)
by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130)
by 0x48F7F41: oval_result_system_get_new_definition_with_check (oval_resultSystem.c:217)
by 0x48F5686: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:279)
by 0x48F55BD: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:260)
by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130)
by 0x48F8794: oval_result_system_prepare_definition (oval_resultSystem.c:395)
by 0x48F86A6: oval_result_system_eval_definition (oval_resultSystem.c:369)
by 0x48C23FD: oval_agent_eval_definition (oval_agent.c:181)
8 bytes in 1 blocks are definitely lost in loss record 8 of 235
at 0x483A809: malloc (vg_replace_malloc.c:307)
by 0x48F1799: oval_collection_iterator (oval_collection.c:120)
by 0x48CCE4C: oval_criteria_node_get_subnodes (oval_criteriaNode.c:161)
by 0x48F5590: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:255)
by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130)
by 0x48F7F41: oval_result_system_get_new_definition_with_check (oval_resultSystem.c:217)
by 0x48F5686: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:279)
by 0x48F55BD: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:260)
by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130)
by 0x48F8794: oval_result_system_prepare_definition (oval_resultSystem.c:395)
by 0x48F86A6: oval_result_system_eval_definition (oval_resultSystem.c:369)
by 0x48C23FD: oval_agent_eval_definition (oval_agent.c:181)
48 (40 direct, 8 indirect) bytes in 1 blocks are definitely lost in loss record 125 of 235
at 0x483A809: malloc (vg_replace_malloc.c:307)
by 0x48F4F50: oval_result_criteria_node_new (oval_resultCriteriaNode.c:98)
by 0x48F5580: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:249)
by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130)
by 0x48F7F41: oval_result_system_get_new_definition_with_check (oval_resultSystem.c:217)
by 0x48F5686: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:279)
by 0x48F55BD: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:260)
by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130)
by 0x48F8794: oval_result_system_prepare_definition (oval_resultSystem.c:395)
by 0x48F86A6: oval_result_system_eval_definition (oval_resultSystem.c:369)
by 0x48C23FD: oval_agent_eval_definition (oval_agent.c:181)
by 0x48C2671: oval_agent_eval_system (oval_agent.c:286)
This leak has been created by #1610.
---
src/OVAL/results/oval_resultCriteriaNode.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/OVAL/results/oval_resultCriteriaNode.c b/src/OVAL/results/oval_resultCriteriaNode.c
index 807283206..f6e980861 100644
--- a/src/OVAL/results/oval_resultCriteriaNode.c
+++ b/src/OVAL/results/oval_resultCriteriaNode.c
@@ -258,8 +258,11 @@ struct oval_result_criteria_node *make_result_criteria_node_from_oval_criteria_n
= oval_criteria_node_iterator_next(oval_subnodes);
struct oval_result_criteria_node *rslt_subnode
= make_result_criteria_node_from_oval_criteria_node(sys, oval_subnode, visited_definitions, variable_instance);
- if (rslt_subnode == NULL)
+ if (rslt_subnode == NULL) {
+ oval_criteria_node_iterator_free(oval_subnodes);
+ oval_result_criteria_node_free(rslt_node);
return NULL;
+ }
oval_result_criteria_node_add_subnode(rslt_node, rslt_subnode);
}
oval_criteria_node_iterator_free(oval_subnodes);

9
SOURCES/openscap-1.3.5-test-non-local-gpfs-PR_1653.patch Normal file
View File

@ -0,0 +1,9 @@
diff --git a/tests/API/probes/fake_mtab b/tests/API/probes/fake_mtab
index 94b1fe295..32c516b7d 100644
--- a/tests/API/probes/fake_mtab
+++ b/tests/API/probes/fake_mtab
@@ -5,3 +5,4 @@ tmpfs /tmp tmpfs rw,seclabel,nosuid,nodev 0 0
/dev/mapper/fedora-home /home ext4 rw,seclabel,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
//192.168.0.5/storage /media/movies cifs guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm 0 0
+/dev/gpfsdev /gpfs gpfs rw,relatime 0 0

13
SOURCES/openscap-1.3.5-use-MALLOC_CHECK-in-tests-PR_1635.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/tests/test_common.sh.in b/tests/test_common.sh.in
index 6b54ad015..5b6126dbf 100755
--- a/tests/test_common.sh.in
+++ b/tests/test_common.sh.in
@@ -17,6 +17,9 @@ PREFERRED_PYTHON=@PREFERRED_PYTHON_PATH@
LC_ALL=C
export LC_ALL
+MALLOC_CHECK_=3
+export MALLOC_CHECK_
+
OSCAP_FULL_VALIDATION=1
export OSCAP_FULL_VALIDATION

67
SOURCES/openscap-1.3.5-yamlfilecontent-fix-field-names-PR_1619.patch Normal file
View File

@ -0,0 +1,67 @@
diff --git a/src/OVAL/probes/independent/yamlfilecontent_probe.c b/src/OVAL/probes/independent/yamlfilecontent_probe.c
index 6f18abf83..17741a240 100644
--- a/src/OVAL/probes/independent/yamlfilecontent_probe.c
+++ b/src/OVAL/probes/independent/yamlfilecontent_probe.c
@@ -206,6 +206,7 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
yaml_event_type_t event_type;
bool sequence = false;
bool mapping = false;
+ bool fake_mapping = false;
int index = 0;
char *key = strdup("#");
@@ -224,21 +225,39 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
if (sequence) {
if (event_type == YAML_SEQUENCE_END_EVENT) {
- sequence = false;
+ if (fake_mapping) {
+ fake_mapping = false;
+ if (record && record->itemcount > 0) {
+ oscap_list_add(values, record);
+ } else {
+ // Do not collect empty records
+ oscap_htable_free0(record);
+ }
+ record = NULL;
+ } else {
+ sequence = false;
+ }
} else if (event_type == YAML_SEQUENCE_START_EVENT) {
- result_error("YAML path '%s' points to a multi-dimensional structure (sequence containing another sequence)", yaml_path_cstr);
- goto cleanup;
+ if (mapping || fake_mapping) {
+ result_error("YAML path '%s' points to a multi-dimensional structure (a map or a sequence containing other sequences)", yaml_path_cstr);
+ goto cleanup;
+ } else {
+ fake_mapping = true;
+ record = oscap_htable_new();
+ }
}
} else {
if (event_type == YAML_SEQUENCE_START_EVENT) {
sequence = true;
+ if (mapping)
+ index++;
}
}
if (mapping) {
if (event_type == YAML_MAPPING_END_EVENT) {
mapping = false;
- if (record->itemcount > 0) {
+ if (record && record->itemcount > 0) {
oscap_list_add(values, record);
} else {
// Do not collect empty records
@@ -255,6 +274,10 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
result_error("YAML path '%s' points to an invalid structure (map containing another map)", yaml_path_cstr);
goto cleanup;
}
+ if (fake_mapping) {
+ result_error("YAML path '%s' points to a multi-dimensional structure (two-dimensional sequence containing a map)", yaml_path_cstr);
+ goto cleanup;
+ }
mapping = true;
sequence = false;
index = 0;

760
SPECS/openscap.spec Normal file
View File

@ -0,0 +1,760 @@
Name: openscap
Version: 1.3.4
Release: 5%{?dist}
Summary: Set of open source libraries enabling integration of the SCAP line of standards
Group: System Environment/Libraries
License: LGPLv2+
URL: http://www.open-scap.org/
Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
Patch1: openscap-1.3.5-plug-memory-leak-PR_1616.patch
Patch2: openscap-1.3.5-coverity1-PR_1617.patch
Patch3: openscap-1.3.5-coverity2-PR_1620.patch
Patch4: openscap-1.3.5-yamlfilecontent-fix-field-names-PR_1619.patch
Patch5: openscap-1.3.5-memory-PR_1627.patch
Patch6: openscap-1.3.5-use-MALLOC_CHECK-in-tests-PR_1635.patch
Patch7: openscap-1.3.5-test-non-local-gpfs-PR_1653.patch
BuildRequires: cmake >= 2.6
BuildRequires: swig libxml2-devel libxslt-devel perl-generators perl-XML-Parser
BuildRequires: rpm-devel
BuildRequires: libgcrypt-devel
BuildRequires: pcre-devel
BuildRequires: libacl-devel
BuildRequires: libselinux-devel
BuildRequires: libcap-devel
BuildRequires: libblkid-devel
BuildRequires: bzip2-devel
BuildRequires: asciidoc
BuildRequires: openldap-devel
BuildRequires: GConf2-devel
BuildRequires: glib2-devel
BuildRequires: dbus-devel
BuildRequires: libyaml-devel
%if %{?_with_check:1}%{!?_with_check:0}
BuildRequires: perl-XML-XPath
BuildRequires: bzip2
%endif
Requires: bash
Requires: bzip2-libs
Requires: dbus
Requires: libyaml
Requires: GConf2
Requires: glib2
Requires: libacl
Requires: libblkid
Requires: libcap
Requires: libselinux
Requires: openldap
Requires: popt
# RHEL8 has procps-ng, which provides procps
Requires: procps
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
Obsoletes: python2-openscap
Obsoletes: openscap-content-sectool
Obsoletes: openscap-extra-probes
Obsoletes: openscap-extra-probes-sql
%description
OpenSCAP is a set of open source libraries providing an easier path
for integration of the SCAP line of standards. SCAP is a line of standards
managed by NIST with the goal of providing a standard language
for the expression of Computer Network Defense related information.
%package devel
Summary: Development files for %{name}
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: libxml2-devel
Requires: pkgconfig
BuildRequires: doxygen
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%package python3
Summary: Python 3 bindings for %{name}
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
BuildRequires: python3-devel
%description python3
The %{name}-python3 package contains the bindings so that %{name}
libraries can be used by python3.
%package scanner
Summary: OpenSCAP Scanner Tool (oscap)
Group: Applications/System
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: libcurl >= 7.12.0
BuildRequires: libcurl-devel >= 7.12.0
Obsoletes: openscap-selinux
Obsoletes: openscap-selinux-compat
%description scanner
The %{name}-scanner package contains oscap command-line tool. The oscap
is configuration and vulnerability scanner, capable of performing
compliance checking using SCAP content.
%package utils
Summary: OpenSCAP Utilities
Group: Applications/System
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: rpmdevtools rpm-build
Requires: %{name}-scanner%{?_isa} = %{version}-%{release}
Requires: bash
%description utils
The %{name}-utils package contains command-line tools build on top
of OpenSCAP library. Historically, openscap-utils included oscap
tool which is now separated to %{name}-scanner sub-package.
%package engine-sce
Summary: Script Check Engine plug-in for OpenSCAP
Group: Applications/System
Requires: %{name}%{?_isa} = %{version}-%{release}
%description engine-sce
The Script Check Engine is non-standard extension to SCAP protocol. This
engine allows content authors to avoid OVAL language and write their assessment
commands using a scripting language (Bash, Perl, Python, Ruby, ...).
%package engine-sce-devel
Summary: Development files for %{name}-engine-sce
Group: Development/Libraries
Requires: %{name}-devel%{?_isa} = %{version}-%{release}
Requires: %{name}-engine-sce%{?_isa} = %{version}-%{release}
Requires: pkgconfig
%description engine-sce-devel
The %{name}-engine-sce-devel package contains libraries and header files
for developing applications that use %{name}-engine-sce.
%prep
%autosetup -p1
mkdir build
%build
cd build
%cmake -DENABLE_PERL=OFF \
-DENABLE_DOCS=ON \
-DENABLE_OSCAP_UTIL_DOCKER=OFF \
-DENABLE_OSCAP_UTIL_CHROOT=ON \
-DENABLE_OSCAP_UTIL_PODMAN=ON \
-DENABLE_OSCAP_UTIL_VM=ON \
..
make %{?_smp_mflags}
make docs
%check
%if %{?_with_check:1}%{!?_with_check:0}
ctest -V %{?_smp_mflags}
%endif
%install
cd build
%make_install
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
# fix python shebangs
pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm
%clean
rm -rf $RPM_BUILD_ROOT
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%doc AUTHORS NEWS README.md
%license COPYING
%doc %{_pkgdocdir}/manual/
%dir %{_datadir}/openscap
%dir %{_datadir}/openscap/schemas
%dir %{_datadir}/openscap/xsl
%dir %{_datadir}/openscap/cpe
%{_libdir}/libopenscap.so.*
%{_datadir}/openscap/schemas/*
%{_datadir}/openscap/xsl/*
%{_datadir}/openscap/cpe/*
%files python3
%{python3_sitearch}/*
%files devel
%doc %{_pkgdocdir}/html/
%{_libdir}/libopenscap.so
%{_libdir}/pkgconfig/*.pc
%{_includedir}/openscap
%exclude %{_includedir}/openscap/sce_engine_api.h
%files engine-sce-devel
%{_libdir}/libopenscap_sce.so
%{_includedir}/openscap/sce_engine_api.h
%files scanner
%{_mandir}/man8/oscap.8.gz
%{_bindir}/oscap
%{_mandir}/man8/oscap-chroot.8.gz
%{_bindir}/oscap-chroot
%{_sysconfdir}/bash_completion.d
%files utils
%doc docs/oscap-scan.cron
%{_mandir}/man8/oscap-ssh.8.gz
%{_bindir}/oscap-ssh
%{_mandir}/man8/oscap-podman.8.gz
%{_bindir}/oscap-podman
%{_mandir}/man8/oscap-vm.8.gz
%{_bindir}/oscap-vm
%{_mandir}/man8/scap-as-rpm.8.gz
%{_bindir}/scap-as-rpm
%{_mandir}/man8/autotailor.8.gz
%{_bindir}/autotailor
%files engine-sce
%{_libdir}/libopenscap_sce.so.*
%{_bindir}/oscap-run-sce-script
%changelog
* Wed Nov 25 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-5
- Add check for non-local GPFS file system into Test Suite (RHBZ#1840578)
* Fri Nov 13 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-4
- Use MALLOC_CHECK_=3 while executing Test Suite (RHBZ#1891770)
* Tue Nov 10 2020 Jan Černý <jcerny@redhat.com> - 1.3.4-3
- Fix memory allocation (RHBZ#1891770)
* Mon Oct 26 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-2
- Fix problems uncovered by the Coverity Scan (RHBZ#1887794)
* Wed Oct 14 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-1
- Upgrade to the latest upstream release (RHBZ#1887794)
- Treat GPFS as a remote file system (RHBZ#1840578, RHBZ#1840579)
- Fixed the most problematic memory issues that were causing OOM situations
for systems with large amount of files (RHBZ#1824152)
- Proper handling of OVALs with circular dependencies between definitions (RHBZ#1812476)
* Wed Aug 19 2020 Jan Černý <jcerny@redhat.com> - 1.3.3-5
- Detect remote file systems correctly (RHBZ#1870087)
* Mon Aug 03 2020 Jan Černý <jcerny@redhat.com> - 1.3.3-4
- Fix memory leaks in rpmverifyfile probe (RHBZ#1861301)
* Tue Jul 21 2020 Matěj Týč <matyc@redhat.com> - 1.3.3-3
- Added support for fetching remote content with compression (RHBZ#1855708)
* Thu Jun 25 2020 Matěj Týč <matyc@redhat.com> - 1.3.3-2
- Prevent unwanted recursion that could crash the scanner (RHBZ#1686370)
* Mon May 04 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.3-1
- Upgrade to the latest upstream release (rhbz#1829761)
- Added a Python script that can be used for CLI tailoring (autotailor)
- Added timezone to XCCDF TestResult start/end time
- Added yamlfilecontent independent probe (proposal/draft implementation)
- Added ability to generate `machineconfig` fix
- Introduced `urn:xccdf:fix:script:kubernetes` fix type in XCCDF
- Fixed filepath pattern matching in offline mode in textfilecontent58 probe
- Fixed #170: The rpmverifyfile probe can't verify files from '/bin' directory
- Fixed #1512: Severity refinement lost in generated guide
- Fixed #1453: Pointer lost in Swig API
- The data system_info probe return for offline and online modes is consistent and actual
- Evaluation Characteristics of the XCCDF report are now consistent with OVAL entities
from system_info probe
* Fri Mar 27 2020 Jan Černý <jcerny@redhat.com> - 1.3.2-9
- Generate HTML guides from tailored profiles (RHBZ#1743835)
* Wed Mar 18 2020 Jan Černý <jcerny@redhat.com> - 1.3.2-8
- Fix tests for rpmverifyfileprobe (RHBZ#1814726)
* Thu Mar 12 2020 Jan Černý <jcerny@redhat.com> - 1.3.2-7
- Fix segmentation fault in systemdunitdependency_probe (RHBZ#1793050)
- Fix crash in textfilecontent probe (RHBZ#1686467)
- Do not drop empty lines from Ansible remediations (RHBZ#1795563)
- Fix oscap-ssh --sudo (RHBZ#1803116)
- Remove useless warnings (RHBZ#1764139)
* Thu Jan 23 2020 Jan Černý <jcerny@redhat.com> - 1.3.2-6
- Fix FindACL.cmake
* Tue Jan 21 2020 Matěj Týč <matyc@redhat.com> - 1.3.2-5
- Added more exhaustive package dependencies.
- Added the covscan/UX patch.
* Mon Jan 20 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.2-4
- Added patch: utils/oscap-podman: Detect ambiguous scan target
* Mon Jan 20 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.2-3
- Refined requirements
* Sun Jan 19 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.2-2
- Added patch: Fix case where CMake couldn't find libacl or xattr.h
* Wed Jan 15 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.2-1
- Upgrade to the latest upstream release (rhbz#1778296)
- Offline mode support for environmentvariable58 probe (rhbz#1493614)
- The oscap-docker wrapper is available without Atomic
- Improved support of multi-check rules (report, remediations, console output) (rhbz#1771438)
- Improved HTML report look and feel, including printed version (rhbz#1640839)
- Less clutter in verbose mode output; some warnings and errors demoted to verbose mode levels
- Probe rpmverifyfile uses and returns canonical paths (rhbz#1776308)
- Improved a11y of HTML reports and guides (rhbz#1767382)
- Fixes and improvements for SWIG Python bindings (rhbz#1753603)
- #1403 fixed: Scanner would not apply remediation for multicheck rules (verbosity)
- Fixed URL link mechanism for Red Hat Errata
- New STIG Viewer URI: public.cyber.mil
- Probe selinuxsecuritycontext would not check if SELinux is enabled
- Scanner would provide information about unsupported OVAL objects
- Added more tests for offline mode (probes, remediation) (rhbz#1618489)
- #528 fixed: Eval SCE script when /tmp is in mode noexec
- #1173, RHBZ#1603347 fixed: Double chdir/chroot in probe rpmverifypackage (rhbz#1636431)
* Wed Dec 18 2019 Vojtech Polasek <vpolasek@redhat.com> - 1.3.1-3
- put back openscap-chroot, openscap-podman and openscap-vm files
* Fri Nov 01 2019 Vojtech Polasek <vpolasek@redhat.com> - 1.3.1-2
- Fixed XSLT template making rule details in reports accessible for screenreader users (#1767382)
* Fri Jun 14 2019 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.1-1
- Bumped the package release number
* Thu Jun 13 2019 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.1-0
- Upgrade to the latest upstream release (rhbz#1718826)
- Support for SCAP 1.3 Source Datastreams (evaluating, XML schemas, validation) (rhbz#1709429)
- Tailoring files are included in ARF result files
- Remote filesystems mounted using `autofs` direct maps are not recognized as local filesystems (rhbz#1655943)
- Offline scan utilizing rpmverifyfile probe fails in fchdir and aborts (rhbz#1636431)
* Wed Jan 16 2019 Gabriel Becker <ggasparb@redhat.com> - 1.3.0-7
- Removed oscap-vm binary and manpage files from build as they will not be supported by RHEL-8.0.0.
- Explicitly specify which files should be in openscap-utils subpackage.
* Mon Jan 14 2019 Gabriel Becker <ggasparb@redhat.com> - 1.3.0-6
- Removed containers package as RHEL-8.0.0 will not support it.
- Removed oscap-chroot binary and manpage from utils package as RHEL-8.0.0 will not support it.
* Mon Oct 15 2018 Jan Černý <jcerny@redhat.com> - 1.3.0-5
- Fixed unresolved symbols in SCE library
* Fri Oct 12 2018 Matěj Týč <matyc@redhat.com> - 1.3.0-4
- Fixed a sudo regression in oscap-ssh.
- Updated test to work with newer versions of procps.
- Updated the man page.
* Tue Oct 09 2018 Matěj Týč <matyc@redhat.com> - 1.3.0-3
- Fixed memory error in SWIG (RHBZ#1607014)
* Tue Oct 09 2018 Jan Černý <jcerny@redhat.com> - 1.3.0-2
- Drop openscap-perl subpackage (RHBZ#1624396)
* Mon Oct 08 2018 Jan Černý <jcerny@redhat.com> - 1.3.0-1
- upgrade to the latest upstream release
- list subpackages removed in 1.3.0_alpha1-1 as obsoleted
* Fri Aug 10 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha2-1
- upgrade to the latest upstream release
* Thu Aug 09 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-3
- Add RHEL8 CPE (until RHEL8 public beta downstream patch only)
* Fri Jul 27 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-2
- Use AsciiDoc instead of AsciiDoctor (RHBZ#1607541)
* Fri Jul 20 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-1
- upgrade to the latest upstream release
- change specfile to use CMake
- dropped commands in the spec file that are no longer relevant
- dropped subpackages in the spec file that are no longer relevant
* Fri May 18 2018 Jan Černý <jcerny@redhat.com> - 1.2.16-5
- Use pathfix.py instead of a downstream patch to fix shebang
* Thu May 17 2018 Jan Černý <jcerny@redhat.com> - 1.2.16-4
- Remove Python 2 dependencies
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Jan 12 2018 Iryna Shcherbina <ishcherb@redhat.com> - 1.2.16-2
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Tue Nov 14 2017 jcerny@redhat.com - 1.2.16-1
- upgrade to the latest upstream release
* Thu Oct 05 2017 Martin Preisler <mpreisle@redhat.com> - 1.2.15-2
- moved oscap-chroot to openscap-scanner because it's a thin wrapper script with no dependencies
* Fri Aug 25 2017 Jan Černý <jcerny@redhat.com> - 1.2.15-1
- upgrade to the latest upstream release
* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.2.14-9
- Add Provides for the old name without %%_isa
* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.2.14-8
- Python 2 binary package renamed to python2-openscap
See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
* Fri Aug 11 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.2.14-7
- Rebuilt after RPM update (№ 3)
* Thu Aug 10 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.2.14-6
- Rebuilt for RPM soname bump
* Thu Aug 10 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.2.14-5
- Rebuilt for RPM soname bump
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.14-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.14-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1.2.14-2
- Perl 5.26 rebuild
* Tue Mar 21 2017 Martin Preisler <mpreisle@redhat.com> - 1.2.14-1
- upgrade to the latest upstream release
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Jan 05 2017 Martin Preisler <mpreisle@redhat.com> - 1.2.13-1
- upgrade to the latest upstream release
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 1.2.12-2
- Rebuild for Python 3.6
* Tue Nov 22 2016 Martin Preisler <mpreisle@redhat.com> - 1.2.12-1
- upgrade to the latest upstream release
* Wed Oct 19 2016 Martin Preisler <mpreisle@redhat.com> - 1.2.11-1
- upgrade to the latest upstream release
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.10-2
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
* Tue Jul 12 2016 Martin Preisler <mpreisle@redhat.com> - 1.2.10-1
- upgrade to the latest upstream release
* Tue May 17 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1.2.9-2
- Perl 5.24 rebuild
* Fri Apr 22 2016 Martin Preisler <mpreisle@redhat.com> - 1.2.9-1
- upgrade to the latest upstream release
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Mon Jan 18 2016 Šimon Lukašík <slukasik@redhat.com> - 1.2.8-1
- upgrade to the latest upstream release
* Thu Dec 03 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.7-1
- upgrade to the latest upstream release
* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.6-4
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
* Tue Oct 13 2015 Zbyněk Moravec <zmoravec@redhat.com> - 1.2.6-3
- fix oscap-docker shebang
* Wed Oct 07 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.6-2
- put oscap-docker to openscap-containers subpackage
- do not require atomic at all
* Mon Oct 05 2015 Zbyněk Moravec <zmoravec@redhat.com> - 1.2.6-1
- upgrade to the latest upstream release
* Wed Jul 29 2015 Martin Preisler <mpreisle@redhat.com> - 1.2.5-2
- rebuilt because of librpm and librpmio ABI break
* Mon Jul 06 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.5-1
- upgrade to the latest upstream release
* Sat Jun 20 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.4-1
- upgrade to the latest upstream release.
- Content of selinux package has been purged.
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat Jun 06 2015 Jitka Plesnikova <jplesnik@redhat.com> - 1.2.3-2
- Perl 5.22 rebuild
* Fri May 01 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.3-1
- upgrade to the latest upstream release
* Thu Apr 02 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.2-1
- upgrade to the latest upstream release
* Sat Jan 10 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.1-1
- upgrade to the latest upstream release
* Tue Dec 02 2014 Šimon Lukašík <slukasik@redhat.com> - 1.2.0-1
- upgrade to the latest upstream release
* Fri Sep 26 2014 Šimon Lukašík <slukasik@redhat.com> - 1.1.1-1
- upgrade to the latest upstream release
* Fri Sep 05 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1.1.0-2
- Perl 5.20 rebuild
* Wed Sep 03 2014 Šimon Lukašík <slukasik@redhat.com> - 1.1.0-1
- upgrade
* Thu Aug 28 2014 Jitka Plesnikova <jplesnik@redhat.com> - 1.0.9-4
- Perl 5.20 rebuild
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Tue Jul 01 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.9-2
- Extract oscap tool to a separate package (rhbz#1115116)
* Wed Jun 25 2014 Martin Preisler <mpreisle@redhat.com> - 1.0.9-1
- upgrade
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Mar 26 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.8-1
- upgrade
* Thu Mar 20 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.7-1
- upgrade
* Wed Mar 19 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.6-1
- upgrade
* Fri Mar 14 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.5-1
- upgrade
* Thu Feb 13 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.4-1
- upgrade
* Tue Jan 14 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.3-1
- upgrade
- This upstream release addresses: #1052142
* Fri Jan 10 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.2-1
- upgrade
- This upstream release addresses: #1018291, #1029879, #1026833
* Thu Nov 28 2013 Šimon Lukašík <slukasik@redhat.com> - 1.0.1-1
- upgrade
* Tue Nov 26 2013 Šimon Lukašík <slukasik@redhat.com> - 1.0.0-3
- expand LT_CURRENT_MINUS_AGE correctly
* Thu Nov 21 2013 Šimon Lukašík <slukasik@redhat.com> - 1.0.0-2
- dlopen libopenscap_sce.so.{current-age} explicitly
That allows for SCE to work without openscap-engine-sce-devel
* Tue Nov 19 2013 Šimon Lukašík <slukasik@redhat.com> - 1.0.0-1
- upgrade
- package openscap-engine-sce-devel separately
* Fri Nov 15 2013 Šimon Lukašík <slukasik@redhat.com> - 0.9.13-7
- do not obsolete openscap-conten just drop it (#1028706)
scap-security-guide will bring the Obsoletes tag
* Thu Nov 14 2013 Šimon Lukašík <slukasik@redhat.com> - 0.9.13-6
- only non-noarch packages should be requiring specific architecture
* Sat Nov 09 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-5
- specify architecture when requiring base package
* Fri Nov 08 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-4
- specify dependency between engine and devel sub-package
* Fri Nov 08 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-3
- correct openscap-utils dependencies
* Fri Nov 08 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-2
- drop openscap-content package (use scap-security-guide instead)
* Fri Nov 08 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-1
- upgrade
* Thu Sep 26 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.12-2
- Start building SQL probes for Fedora
* Wed Sep 11 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.12-1
- upgrade
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Jul 18 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.11-1
- upgrade
* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 0.9.10-2
- Perl 5.18 rebuild
* Mon Jul 15 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.10-1
- upgrade
* Mon Jun 17 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.8-1
- upgrade
* Fri Apr 26 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.7-1
- upgrade
- add openscap-selinux sub-package
* Wed Apr 24 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.6-1
- upgrade
* Wed Mar 20 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.5-1
- upgrade
* Mon Mar 04 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.4.1-1
- upgrade
* Tue Feb 26 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.4-1
- upgrade
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Dec 17 2012 Petr Lautrbach <plautrba@redhat.com> 0.9.3-1
- upgrade
* Wed Nov 21 2012 Petr Lautrbach <plautrba@redhat.com> 0.9.2-1
- upgrade
* Mon Oct 22 2012 Petr Lautrbach <plautrba@redhat.com> 0.9.1-1
- upgrade
* Tue Sep 25 2012 Peter Vrabec <pvrabec@redhat.com> 0.9.0-1
- upgrade
* Mon Aug 27 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.5-1
- upgrade
* Tue Aug 07 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.4-1
- upgrade
* Tue Jul 31 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.3-2
- fix Profile and @hidden issue
* Mon Jul 30 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.3-1
- upgrade
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jun 08 2012 Petr Pisar <ppisar@redhat.com> - 0.8.2-2
- Perl 5.16 rebuild
* Fri Mar 30 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.2-1
- upgrade
* Tue Feb 21 2012 Peter Vrabec <pvrabec@redhat.com> 0.8.1-1
- upgrade
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 0.8.0-3
- Rebuild against PCRE 8.30
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Oct 11 2011 Peter Vrabec <pvrabec@redhat.com> 0.8.0-1
- upgrade
* Mon Jul 25 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.4-1
- upgrade
* Thu Jul 21 2011 Petr Sabata <contyk@redhat.com> - 0.7.3-3
- Perl mass rebuild
* Wed Jul 20 2011 Petr Sabata <contyk@redhat.com> - 0.7.3-2
- Perl mass rebuild
* Fri Jun 24 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.3-1
- upgrade
* Fri Jun 17 2011 Marcela Mašláňová <mmaslano@redhat.com> - 0.7.2-3
- Perl mass rebuild
* Fri Jun 10 2011 Marcela Mašláňová <mmaslano@redhat.com> - 0.7.2-2
- Perl 5.14 mass rebuild
* Wed Apr 20 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.2-1
- upgrade
* Fri Mar 11 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.1-1
- upgrade
* Thu Feb 10 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.0-1
- upgrade
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Jan 31 2011 Peter Vrabec <pvrabec@redhat.com> 0.6.8-1
- upgrade
* Fri Jan 14 2011 Peter Vrabec <pvrabec@redhat.com> 0.6.7-1
- upgrade
* Wed Oct 20 2010 Peter Vrabec <pvrabec@redhat.com> 0.6.4-1
- upgrade
* Tue Sep 14 2010 Peter Vrabec <pvrabec@redhat.com> 0.6.3-1
- upgrade
* Fri Aug 27 2010 Peter Vrabec <pvrabec@redhat.com> 0.6.2-1
- upgrade
* Wed Jul 14 2010 Peter Vrabec <pvrabec@redhat.com> 0.6.0-1
- upgrade
* Wed May 26 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.11-1
- upgrade
* Fri May 07 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.10-1
- upgrade
* Fri Apr 16 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.9-1
- upgrade
* Fri Feb 26 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.7-1
- upgrade
- new utils package
* Mon Jan 04 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.6-1
- upgrade
* Tue Sep 29 2009 Peter Vrabec <pvrabec@redhat.com> 0.5.3-1
- upgrade
* Wed Aug 19 2009 Peter Vrabec <pvrabec@redhat.com> 0.5.2-1
- upgrade
* Mon Aug 03 2009 Peter Vrabec <pvrabec@redhat.com> 0.5.1-2
- add rpm-devel requirement
* Mon Aug 03 2009 Peter Vrabec <pvrabec@redhat.com> 0.5.1-1
- upgrade
* Thu Apr 30 2009 Peter Vrabec <pvrabec@redhat.com> 0.3.3-1
- upgrade
* Thu Apr 23 2009 Peter Vrabec <pvrabec@redhat.com> 0.3.2-1
- upgrade
* Sun Mar 29 2009 Peter Vrabec <pvrabec@redhat.com> 0.1.4-1
- upgrade
* Fri Mar 27 2009 Peter Vrabec <pvrabec@redhat.com> 0.1.3-2
- spec file fixes (#491892)
* Tue Mar 24 2009 Peter Vrabec <pvrabec@redhat.com> 0.1.3-1
- upgrade
* Thu Jan 15 2009 Tomas Heinrich <theinric@redhat.com> 0.1.1-1
- Initial rpm