Merge branch 'c9' into a9

This commit is contained in:
eabdullin 2024-04-29 14:04:14 +03:00
commit eaee2ff820
4 changed files with 18 additions and 57 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/openscap-1.3.8.tar.gz SOURCES/openscap-1.3.10.tar.gz

View File

@ -1 +1 @@
1d1370ea1c4ada69eb4cd591bd4f411bd7a19a1a SOURCES/openscap-1.3.8.tar.gz 35917d469c9f490a098958a9b70de12a212472f0 SOURCES/openscap-1.3.10.tar.gz

View File

@ -1,45 +0,0 @@
From 299e344b245e8d1b3a31a58275e0e8d0aa01ed77 Mon Sep 17 00:00:00 2001
From: Evgeny Kolesnikov <ekolesni@redhat.com>
Date: Sat, 8 Jul 2023 07:05:31 +0200
Subject: [PATCH] OVAL/sysctl: Fix offline mode
The initial implementation was buggy: after correctly traversing
prefixed PREFIX/proc/sys directory tree it would incorrectly read
the data from the non-prefixed directory tree.
---
src/OVAL/probes/unix/sysctl_probe.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/OVAL/probes/unix/sysctl_probe.c b/src/OVAL/probes/unix/sysctl_probe.c
index 65d4bd0609..b7c68a0378 100644
--- a/src/OVAL/probes/unix/sysctl_probe.c
+++ b/src/OVAL/probes/unix/sysctl_probe.c
@@ -150,10 +150,14 @@ int sysctl_probe_main(probe_ctx *ctx, void *probe_arg)
while ((ofts_ent = oval_fts_read(ofts)) != NULL) {
SEXP_t *se_mib;
char mibpath[PATH_MAX], *mib;
- size_t miblen;
+ size_t miblen, mibstart;
struct stat file_stat;
- snprintf(mibpath, sizeof mibpath, "%s/%s", ofts_ent->path, ofts_ent->file);
+ if (prefix != NULL) {
+ snprintf(mibpath, sizeof mibpath, "%s/%s/%s", prefix, ofts_ent->path, ofts_ent->file);
+ } else {
+ snprintf(mibpath, sizeof mibpath, "%s/%s", ofts_ent->path, ofts_ent->file);
+ }
/* Skip write-only files, eg. /proc/sys/net/ipv4/route/flush */
if (stat(mibpath, &file_stat) == -1) {
@@ -168,7 +172,10 @@ int sysctl_probe_main(probe_ctx *ctx, void *probe_arg)
continue;
}
- mib = strdup(mibpath + strlen(PROC_SYS_DIR) + 1);
+ mibstart = 0;
+ mibstart += prefix != NULL ? strlen(prefix)+1 : 0;
+ mibstart += strlen(PROC_SYS_DIR)+1;
+ mib = strdup(mibpath + mibstart);
miblen = strlen(mib);
while (miblen > 0) {

View File

@ -1,12 +1,11 @@
Name: openscap Name: openscap
Version: 1.3.8 Version: 1.3.10
Release: 1%{?dist}.alma.2 Release: 2%{?dist}.alma.1
Epoch: 1 Epoch: 1
Summary: Set of open source libraries enabling integration of the SCAP line of standards Summary: Set of open source libraries enabling integration of the SCAP line of standards
License: LGPLv2+ License: LGPLv2+
URL: http://www.open-scap.org/ URL: http://www.open-scap.org/
Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
Patch0: openscap-1.3.9-PR-1996-fix-sysctl-offline.patch
# Add AlmaLinux definitions # Add AlmaLinux definitions
Patch100: openscap-1.3.5-almalinux.patch Patch100: openscap-1.3.5-almalinux.patch
@ -128,6 +127,7 @@ for developing applications that use %{name}-engine-sce.
-DENABLE_PERL=OFF \ -DENABLE_PERL=OFF \
-DENABLE_OSCAP_UTIL_DOCKER=OFF \ -DENABLE_OSCAP_UTIL_DOCKER=OFF \
-DENABLE_OSCAP_REMEDIATE_SERVICE=OFF \ -DENABLE_OSCAP_REMEDIATE_SERVICE=OFF \
-DOPENSCAP_PROBE_LINUX_DPKGINFO=OFF \
-DOPENSCAP_PROBE_UNIX_GCONF=OFF \ -DOPENSCAP_PROBE_UNIX_GCONF=OFF \
-DOPENSCAP_ENABLE_SHA1=OFF \ -DOPENSCAP_ENABLE_SHA1=OFF \
-DOPENSCAP_ENABLE_MD5=OFF \ -DOPENSCAP_ENABLE_MD5=OFF \
@ -202,15 +202,22 @@ pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm
%{_bindir}/oscap-run-sce-script %{_bindir}/oscap-run-sce-script
%changelog %changelog
* Thu Sep 28 2023 Eduard Abdullin <eabdullin@almalinux.org> - 1.3.8-1.alma.2 * Mon Apr 29 2024 Eduard Abdullin <eabdullin@almalinux.org> - 1.3.10-1.alma
- Fix AlmaLinux patch
* Tue Sep 12 2023 Eduard Abdullin <eabdullin@almalinux.org> - 1.3.8-1.alma
- Add AlmaLinux definitions - Add AlmaLinux definitions
* Mon Apr 08 2024 Jan Černý <jcerny@redhat.com> - 1:1.3.10-2
- Explicitely disable dpkginfo probe
* Tue Apr 02 2024 Jan Černý <jcerny@redhat.com> - 1:1.3.10-1
- Rebase to the latest upstream version (RHEL-29172)
- Fix OVAL results file name (RHEL-7050)
- Add ability to define a limit of collected items (RHEL-4141)
- Add ability to refine rules in autotailor (RHEL-1477)
- Improve the formatting of Blueprint remediations (RHEL-1476)
* Fri Jul 14 2023 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.8-1 * Fri Jul 14 2023 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.8-1
- Upgrade to the latest upstream release (rhbz#2223356) - Upgrade to the latest upstream release (rhbz#2217442)
- Fix systemd* probes unit enumeration (rhbz#2223981) - Fix systemd* probes unit enumeration (rhbz#2219532)
* Fri Jan 27 2023 Jan Černý <jcerny@redhat.com> - 1:1.3.7-1 * Fri Jan 27 2023 Jan Černý <jcerny@redhat.com> - 1:1.3.7-1
- Upgrade to the latest upstream release (rhbz#2159286) - Upgrade to the latest upstream release (rhbz#2159286)
@ -776,4 +783,3 @@ pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm
* Thu Jan 15 2009 Tomas Heinrich <theinric@redhat.com> 0.1.1-1 * Thu Jan 15 2009 Tomas Heinrich <theinric@redhat.com> 0.1.1-1
- Initial rpm - Initial rpm