Merge branch 'c8' into a8
This commit is contained in:
commit
ccf5276ca8
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/openscap-1.3.8.tar.gz
|
SOURCES/openscap-1.3.10.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
1d1370ea1c4ada69eb4cd591bd4f411bd7a19a1a SOURCES/openscap-1.3.8.tar.gz
|
35917d469c9f490a098958a9b70de12a212472f0 SOURCES/openscap-1.3.10.tar.gz
|
||||||
|
@ -1,45 +0,0 @@
|
|||||||
From 299e344b245e8d1b3a31a58275e0e8d0aa01ed77 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Evgeny Kolesnikov <ekolesni@redhat.com>
|
|
||||||
Date: Sat, 8 Jul 2023 07:05:31 +0200
|
|
||||||
Subject: [PATCH] OVAL/sysctl: Fix offline mode
|
|
||||||
|
|
||||||
The initial implementation was buggy: after correctly traversing
|
|
||||||
prefixed PREFIX/proc/sys directory tree it would incorrectly read
|
|
||||||
the data from the non-prefixed directory tree.
|
|
||||||
---
|
|
||||||
src/OVAL/probes/unix/sysctl_probe.c | 13 ++++++++++---
|
|
||||||
1 file changed, 10 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/OVAL/probes/unix/sysctl_probe.c b/src/OVAL/probes/unix/sysctl_probe.c
|
|
||||||
index 65d4bd0609..b7c68a0378 100644
|
|
||||||
--- a/src/OVAL/probes/unix/sysctl_probe.c
|
|
||||||
+++ b/src/OVAL/probes/unix/sysctl_probe.c
|
|
||||||
@@ -150,10 +150,14 @@ int sysctl_probe_main(probe_ctx *ctx, void *probe_arg)
|
|
||||||
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
|
|
||||||
SEXP_t *se_mib;
|
|
||||||
char mibpath[PATH_MAX], *mib;
|
|
||||||
- size_t miblen;
|
|
||||||
+ size_t miblen, mibstart;
|
|
||||||
struct stat file_stat;
|
|
||||||
|
|
||||||
- snprintf(mibpath, sizeof mibpath, "%s/%s", ofts_ent->path, ofts_ent->file);
|
|
||||||
+ if (prefix != NULL) {
|
|
||||||
+ snprintf(mibpath, sizeof mibpath, "%s/%s/%s", prefix, ofts_ent->path, ofts_ent->file);
|
|
||||||
+ } else {
|
|
||||||
+ snprintf(mibpath, sizeof mibpath, "%s/%s", ofts_ent->path, ofts_ent->file);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/* Skip write-only files, eg. /proc/sys/net/ipv4/route/flush */
|
|
||||||
if (stat(mibpath, &file_stat) == -1) {
|
|
||||||
@@ -168,7 +172,10 @@ int sysctl_probe_main(probe_ctx *ctx, void *probe_arg)
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
- mib = strdup(mibpath + strlen(PROC_SYS_DIR) + 1);
|
|
||||||
+ mibstart = 0;
|
|
||||||
+ mibstart += prefix != NULL ? strlen(prefix)+1 : 0;
|
|
||||||
+ mibstart += strlen(PROC_SYS_DIR)+1;
|
|
||||||
+ mib = strdup(mibpath + mibstart);
|
|
||||||
miblen = strlen(mib);
|
|
||||||
|
|
||||||
while (miblen > 0) {
|
|
@ -1,12 +1,11 @@
|
|||||||
Name: openscap
|
Name: openscap
|
||||||
Version: 1.3.8
|
Version: 1.3.10
|
||||||
Release: 1%{?dist}.alma.1
|
Release: 2%{?dist}.alma.1
|
||||||
Summary: Set of open source libraries enabling integration of the SCAP line of standards
|
Summary: Set of open source libraries enabling integration of the SCAP line of standards
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: http://www.open-scap.org/
|
URL: http://www.open-scap.org/
|
||||||
Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
|
Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
|
||||||
Patch0: openscap-1.3.9-PR-1996-fix-sysctl-offline.patch
|
|
||||||
|
|
||||||
# Add AlmaLinux definitions
|
# Add AlmaLinux definitions
|
||||||
Patch100: openscap-1.3.5-almalinux.patch
|
Patch100: openscap-1.3.5-almalinux.patch
|
||||||
@ -143,6 +142,7 @@ cd build
|
|||||||
-DENABLE_OSCAP_UTIL_PODMAN=ON \
|
-DENABLE_OSCAP_UTIL_PODMAN=ON \
|
||||||
-DENABLE_OSCAP_UTIL_VM=ON \
|
-DENABLE_OSCAP_UTIL_VM=ON \
|
||||||
-DENABLE_OSCAP_REMEDIATE_SERVICE=OFF \
|
-DENABLE_OSCAP_REMEDIATE_SERVICE=OFF \
|
||||||
|
-DOPENSCAP_PROBE_LINUX_DPKGINFO=OFF \
|
||||||
..
|
..
|
||||||
make %{?_smp_mflags}
|
make %{?_smp_mflags}
|
||||||
make docs
|
make docs
|
||||||
@ -220,12 +220,21 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_bindir}/oscap-run-sce-script
|
%{_bindir}/oscap-run-sce-script
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Sep 28 2023 Eduard Abdullin <eabdullin@almalinux.org> - 1.3.8-1.alma.1
|
* Mon Apr 29 2024 Eduard Abdullin <eabdullin@almalinux.org> - 1.3.10-1.alma.1
|
||||||
- Add AlmaLinux definitions
|
- Add AlmaLinux definitions
|
||||||
|
|
||||||
|
* Mon Apr 08 2024 Jan Černý <jcerny@redhat.com> - 1.3.10-2
|
||||||
|
- Explicitely disable dpkginfo probe
|
||||||
|
|
||||||
|
* Tue Apr 02 2024 Jan Černý <jcerny@redhat.com> - 1.3.10-1
|
||||||
|
- Rebase to the latest upstream version (RHEL-31221)
|
||||||
|
- Add ability to define a limit of collected items (RHEL-11925)
|
||||||
|
- Add option --references that can select rules based on their reference (RHEL-1479)
|
||||||
|
|
||||||
* Fri Jul 14 2023 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.8-1
|
* Fri Jul 14 2023 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.8-1
|
||||||
- Upgrade to the latest upstream release (rhbz#2222864)
|
- Upgrade to the latest upstream release (rhbz#2217441)
|
||||||
- Fix systemd* probes unit enumeration (rhbz#2223547)
|
- Add offline support for sysctl probe (rhbz#2185791)
|
||||||
|
- Fix systemd* probes unit enumeration (rhbz#2219533)
|
||||||
|
|
||||||
* Fri Jan 27 2023 Jan Černý <jcerny@redhat.com> - 1.3.7-1
|
* Fri Jan 27 2023 Jan Černý <jcerny@redhat.com> - 1.3.7-1
|
||||||
- Upgrade to the latest upstream release (rhbz#2159290)
|
- Upgrade to the latest upstream release (rhbz#2159290)
|
||||||
|
Loading…
Reference in New Issue
Block a user