Commit Graph

28 Commits

Author SHA1 Message Date
Jan Černý
77b5330e9f Update OpenSCAP for RHEL 9.1
- Fix potential invalid scan results in OpenSCAP (rhbz#2109485)
- Remove oscap-remediate service (rhbz#2111358)

Resolves: rhbz#2109485
Resolves: rhbz#2111358
2022-07-27 12:59:07 +02:00
Jan Černý
09534972e5 Prevent file permissions errors
The sysctl setting fs.protected_regular doesn't allow O_CREAT open
on regular files that we don't own in world writable sticky directories
(think /tmp). This causes permission denied error when writing HTML
report to a temporary files created by the mktemp command executed as
a normal user and then executing sudo oscap.

If OpenSCAP fails to open the file because of permissions, it will retry
to open the file without O_CREAT flag.

Resolves: rhbz#2048571
2022-02-07 09:16:56 +01:00
Jan Černý
543039ae7b Fix coverity & test
- Fix coverity issues
- Prevent fails of test_ds_misc.sh

Resolves: rhbz#2041782
2022-02-02 08:50:21 +01:00
Jan Černý
f07ad354e3 Rebase to the latest upstream version
openscap-1.3.6

Resolves: rhbz#2041782
2022-01-21 09:00:41 +01:00
Jan Černý
471bdb6705 Print warning for local files
Resolves: rhbz#2015518
2021-11-19 13:47:46 +01:00
Jan Černý
40f1e840f2 Lower memory limits and improve their checking
Resolves: rhbz#2022362
2021-11-11 14:31:24 +01:00
Jan Černý
1cc6bf10ba Add an alternative source of hostname
Resolves: rhbz#2021509
2021-11-09 14:50:05 +01:00
Jan Černý
57cd5b3b4c Allow using local files instead of remote resources
Resolves: rhbz#2015518
2021-11-09 11:07:55 +01:00
Jan Černý
5ad69e624b Add support for Blueprint remediations
Resolves: rhbz#2020052
2021-11-04 09:08:21 +01:00
Jan Černý
522d98f271 Initialize crypto API only once
Resolves: rhbz#2020044
2021-11-04 08:35:15 +01:00
Evgeny Kolesnikov
2e3c457351 Fix process58 probe errors when scanning minimalist filesystem in offline mode
Resolves: rhbz#2019054
2021-11-02 09:35:29 +01:00
Matej Tyc
058a36bb6d Fix bad handling of HTTP error code
Resolves: rhbz#2002733
2021-11-01 11:30:59 +01:00
Jan Černý
2e6b0b2576 Revert Epoch removal
We can't remove Epoch, because the new build (without Epoch) was recognized
as older build and it could not be added to the erratum and it could
not be upgraded to the new build.

Resolves: RHBZ#1997829
2021-08-27 15:59:53 +02:00
Evgeny Kolesnikov
31a6dd97cb Update spec file
Get rid of epoch
Add libyaml dependency
Add make build dependency

Resolves: RHBZ#1997829
2021-08-25 23:10:36 +02:00
Mohan Boddu
3eabeb8264 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 22:43:43 +00:00
Jan Černý
286e29fdb1 Remove SHA-1 and MD5, fix coverity issues
Resolves: rhbz#1936619
Resolves: rhbz#1938830
2021-07-22 09:19:54 +02:00
Jan Černý
71d8346d4a Fix failing tests
- fix test tests/API/XCCDF/unittests/test_profile_selection_by_suffix.sh
  from upstream test suite (runs as a part of smoke test)
- oval/yamlfilecontent: Add 'null' values handling

Resolves: RHBZ#1952789
2021-06-30 11:21:12 +02:00
Jan Černý
96f558718c Fix test fails
- Do not set RPATH on built binaries
- Fix UBI9 scan (rhbz#1953610)
- Fix failing rpminspect xml test

Resolves: RHBZ#1952789
2021-06-28 15:05:21 +02:00
Jan Černý
83f314aa21 Remove containers subpackage
It removes the oscap-docker completely because it depends on Docker
which has been superseded in RHEL by Podman. This aligns packaging with
RHEL 8, where we also don't have oscap-docker and oscap-podman is
shipped in openscap-utils subpackage.

The patch also moves the man page of oscap-chroot to the same subpackage
where oscap-chroot is shipped.

Resolves: RHBZ#1952789
2021-05-20 15:55:05 +02:00
Jan Černý
4df8036f41 Rebase to the latest upstream release 1.3.5
Resolves: RHBZ#1952789
2021-05-19 12:15:20 +00:00
Matus Marhefka
fefe485980 gating.yaml: update for RHEL9 2021-05-13 11:48:11 +02:00
Mohan Boddu
30e450cc20 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 02:41:57 +00:00
DistroBaker
62c6ce2232 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openscap.git#733bd2da70696622461654690e5b1fbddc67359c
2021-04-04 23:25:15 +00:00
DistroBaker
87fd13d73e Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openscap.git#efa27b23b221c1ab82d2cc134844b94e85ce3455
2021-02-03 01:41:58 +00:00
DistroBaker
1353b06138 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openscap.git#733bd2da70696622461654690e5b1fbddc67359c
2020-12-18 12:56:28 +00:00
DistroBaker
baa91c8f26 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openscap.git#f0faee859d27637e70a3e0111e35febd9fb772dd
2020-11-30 20:38:03 +00:00
Petr Šabata
bed54b8945 RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/openscap#ba6a3ab7a4de65153eb09e250ceb253fb1a21dfe
2020-10-15 22:24:07 +02:00
Release Configuration Management
a15e604109 New branch setup 2020-10-08 18:56:00 +00:00