.gitignore

@@ -1 +1 @@
-SOURCES/openscap-1.3.12.tar.gz
+SOURCES/openscap-1.3.7.tar.gz

.openscap.metadata

@@ -1 +1 @@
-0de19fd72129fd9d0e2a541918e199c321b08a34 SOURCES/openscap-1.3.12.tar.gz
+238acbe6e18162b54cbdd0083c52511c00faa268 SOURCES/openscap-1.3.7.tar.gz

SOURCES/2218.patch

@@ -1,30 +0,0 @@
-From a65dff2815eb10c3e420c61c81f1793a683630dc Mon Sep 17 00:00:00 2001
-From: Flos Lonicerae <lonicerae@gmail.com>
-Date: Sat, 19 Oct 2024 18:58:30 +0800
-Subject: [PATCH] Make a copy before spliting.
-
----
- src/OVAL/probes/probe/worker.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/OVAL/probes/probe/worker.c b/src/OVAL/probes/probe/worker.c
-index d667127d63..e0a07c31ec 100644
---- a/src/OVAL/probes/probe/worker.c
-+++ b/src/OVAL/probes/probe/worker.c
-@@ -985,7 +985,7 @@ static SEXP_t *probe_set_eval(probe_t *probe, SEXP_t *set, size_t depth)
- 
- static void _add_blocked_paths(struct oscap_list *bpaths)
- {
--	char *envar = getenv("OSCAP_PROBE_IGNORE_PATHS");
-+	char *envar = oscap_strdup(getenv("OSCAP_PROBE_IGNORE_PATHS"));
- 	if (envar == NULL) {
- 		return;
- 	}
-@@ -996,6 +996,7 @@ static void _add_blocked_paths(struct oscap_list *bpaths)
- 	for (int i = 0; paths[i]; ++i) {
- 		oscap_list_add(bpaths, strdup(paths[i]));
- 	}
-+	free(envar);
- 	free(paths);
- #endif
- }

SOURCES/2224.patch

@@ -1,47 +0,0 @@
-From d38914a4d62b2ad9d011a530bf39b4acf76e5b1b Mon Sep 17 00:00:00 2001
-From: Evgeny Kolesnikov <ekolesni@redhat.com>
-Date: Tue, 15 Apr 2025 15:05:07 +0200
-Subject: [PATCH] tests: OVAL/API/skip_paths
-
-Modify the test so it could catch the regression
-with environment variable modified during execution.
-See #2168.
----
- tests/API/OVAL/skip_paths/test_skip_paths.sh  | 4 ++--
- tests/API/OVAL/skip_paths/test_skip_paths.xml | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/tests/API/OVAL/skip_paths/test_skip_paths.sh b/tests/API/OVAL/skip_paths/test_skip_paths.sh
-index 4b69c9aa33..26dc5b395a 100755
---- a/tests/API/OVAL/skip_paths/test_skip_paths.sh
-+++ b/tests/API/OVAL/skip_paths/test_skip_paths.sh
-@@ -15,8 +15,8 @@ cp "$srcdir/test.xml" "$root/b/"
- mkdir -p "$root/c"
- touch "$root/c/z"
- cp "$srcdir/test.xml" "$root/c/"
--# oscap probes will skip directories "b" and "c"
--export OSCAP_PROBE_IGNORE_PATHS="$root/b:$root/c"
-+# oscap probes will skip directories "$root/n", "$root/b" and "$root/c"
-+export OSCAP_PROBE_IGNORE_PATHS="$root/n:$root/c:$root/b"
- $OSCAP oval eval --results $result "$srcdir/test_skip_paths.xml"
- assert_exists 1 '/oval_results/results/system/definitions/definition[@definition_id="oval:x:def:1" and @result="true"]'
- assert_exists 1 '/oval_results/results/system/oval_system_characteristics/collected_objects/object[@id="oval:x:obj:1" and @flag="complete"]'
-diff --git a/tests/API/OVAL/skip_paths/test_skip_paths.xml b/tests/API/OVAL/skip_paths/test_skip_paths.xml
-index a03196153b..57048f3ef7 100644
---- a/tests/API/OVAL/skip_paths/test_skip_paths.xml
-+++ b/tests/API/OVAL/skip_paths/test_skip_paths.xml
-@@ -90,12 +90,12 @@
-     <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" version="1" id="oval:x:obj:3">
-       <filepath>/tmp/oscap_test_skip_paths/a/x</filepath>
-       <pattern>^.*$</pattern>
--      <instance datatype="int" operation="greater than or equal">1</instance>
-+      <instance datatype="int">1</instance>
-     </textfilecontent54_object>
-     <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" version="1" id="oval:x:obj:4">
-       <filepath>/tmp/oscap_test_skip_paths/b/y</filepath>
-       <pattern>^.*$</pattern>
--      <instance datatype="int" operation="greater than or equal">1</instance>
-+      <instance datatype="int">1</instance>
-     </textfilecontent54_object>
-     <filehash58_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" version="1" id="oval:x:obj:5">
-       <filepath>/tmp/oscap_test_skip_paths/a/x</filepath>

SOURCES/2233.patch

@@ -1,97 +0,0 @@
-From 94934207b34978f92ab2f7b7cc0e8a73508c8266 Mon Sep 17 00:00:00 2001
-From: Evgeny Kolesnikov <ekolesni@redhat.com>
-Date: Thu, 17 Apr 2025 14:02:55 +0200
-Subject: [PATCH] Inherit opscap environment when executing Bash remediations
- with --remediate
-
-Make the Bash remediation environment consistent with other
-types of remediation.
----
- src/XCCDF_POLICY/xccdf_policy_remediate.c     |  8 ++-----
- tests/API/XCCDF/unittests/CMakeLists.txt      |  1 +
- .../unittests/test_remediation_environment.sh | 21 +++++++++++++++++++
- .../test_remediation_environment.xccdf.xml    | 16 ++++++++++++++
- 4 files changed, 40 insertions(+), 6 deletions(-)
- create mode 100755 tests/API/XCCDF/unittests/test_remediation_environment.sh
- create mode 100644 tests/API/XCCDF/unittests/test_remediation_environment.xccdf.xml
-
-diff --git a/src/XCCDF_POLICY/xccdf_policy_remediate.c b/src/XCCDF_POLICY/xccdf_policy_remediate.c
-index d99f6d49de..842ef2df9d 100644
---- a/src/XCCDF_POLICY/xccdf_policy_remediate.c
-+++ b/src/XCCDF_POLICY/xccdf_policy_remediate.c
-@@ -464,12 +464,8 @@ static inline int _xccdf_fix_execute(struct xccdf_rule_result *rr, struct xccdf_
- 				NULL
- 			};
- 
--			char *const envp[2] = {
--				"PATH=/bin:/sbin:/usr/bin:/usr/sbin",
--				NULL
--			};
--
--			execve(interpret, argvp, envp);
-+			// We are inheriting openscap environment
-+			execve(interpret, argvp, environ);
- 			/* Wow, execve returned. In this special case, we failed to execute the fix
- 			 * and we return 0 from function. At least the following error message will
- 			 * indicate the problem in xccdf:message. */
-diff --git a/tests/API/XCCDF/unittests/CMakeLists.txt b/tests/API/XCCDF/unittests/CMakeLists.txt
-index 164b795e0e..ef835e3506 100644
---- a/tests/API/XCCDF/unittests/CMakeLists.txt
-+++ b/tests/API/XCCDF/unittests/CMakeLists.txt
-@@ -92,6 +92,7 @@ add_oscap_test("test_remediation_cdata.sh")
- add_oscap_test("test_remediation_subs_unresolved.sh")
- add_oscap_test("test_remediation_fix_without_system.sh")
- add_oscap_test("test_remediation_invalid_characters.sh")
-+add_oscap_test("test_remediation_environment.sh")
- add_oscap_test("test_remediate_simple.sh")
- add_oscap_test("test_remediate_perl.sh")
- add_oscap_test("test_report_check_with_empty_selector.sh")
-diff --git a/tests/API/XCCDF/unittests/test_remediation_environment.sh b/tests/API/XCCDF/unittests/test_remediation_environment.sh
-new file mode 100755
-index 0000000000..1f5fd0afbf
---- /dev/null
-+++ b/tests/API/XCCDF/unittests/test_remediation_environment.sh
-@@ -0,0 +1,21 @@
-+#!/usr/bin/env bash
-+. $builddir/tests/test_common.sh
-+
-+set -e
-+set -o pipefail
-+
-+name=$(basename $0 .sh)
-+result=$(mktemp -t ${name}.out.XXXXXX)
-+
-+rm -f remediation.env
-+
-+CANARY_EXPORTED="CANARY_EXPORTED_VALUE"
-+export CANARY_EXPORTED
-+CANARY_PROCESS="CANARY_PROCESS_VALUE" $OSCAP xccdf eval --remediate $srcdir/${name}.xccdf.xml || true
-+
-+grep -q "${PATH}" remediation.env || die "PATH not found"
-+grep -q "CANARY_EXPORTED_VALUE" remediation.env || die "CANARY_EXPORTED_VALUE not found"
-+grep -q "CANARY_PROCESS_VALUE" remediation.env || die "CANARY_PROCESS_VALUE not found"
-+
-+rm -f remediation.env
-+rm $result
-diff --git a/tests/API/XCCDF/unittests/test_remediation_environment.xccdf.xml b/tests/API/XCCDF/unittests/test_remediation_environment.xccdf.xml
-new file mode 100644
-index 0000000000..0875b6c241
---- /dev/null
-+++ b/tests/API/XCCDF/unittests/test_remediation_environment.xccdf.xml
-@@ -0,0 +1,16 @@
-+<?xml version="1.0" encoding="UTF-8"?>
-+<Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" id="xccdf_moc.elpmaxe.www_benchmark_test">
-+  <status>accepted</status>
-+  <version>1.0</version>
-+  <Rule selected="true" id="xccdf_moc.elpmaxe.www_rule_1">
-+    <title>Write some environment variables</title>
-+    <fix system="urn:xccdf:fix:script:sh">
-+        echo "PATH=${PATH}" > remediation.env
-+        echo "CANARY_EXPORTED=${CANARY_EXPORTED}" >> remediation.env
-+        echo "CANARY_PROCESS=${CANARY_PROCESS}" >> remediation.env
-+    </fix>
-+    <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-+      <check-content-ref href="test_remediation_simple.oval.xml" name="oval:moc.elpmaxe.www:def:1"/>
-+    </check>
-+  </Rule>
-+</Benchmark>

SOURCES/openscap-1.3.5-almalinux.patch

@@ -0,0 +1,70 @@
+diff -Naur openscap-1.3.3.orig/cpe/openscap-cpe-oval.xml openscap-1.3.3.alma/cpe/openscap-cpe-oval.xml
+--- openscap-1.3.3.orig/cpe/openscap-cpe-oval.xml	2020-04-30 11:50:09.000000000 +0300
++++ openscap-1.3.3.alma/cpe/openscap-cpe-oval.xml	2021-03-22 13:12:12.069413537 +0300
+@@ -133,6 +133,19 @@
+                         <criterion comment="Oracle Linux 8 is installed" test_ref="oval:org.open-scap.cpe.ol:tst:8"/>
+                   </criteria>
+             </definition>
++            <definition class="inventory" id="oval:org.open-scap.cpe.almalinux:def:8" version="1">
++                  <metadata>
++                        <title>AlmaLinux 8</title>
++                        <affected family="unix">
++                              <platform>AlmaLinux 8</platform>
++                        </affected>
++                        <reference ref_id="cpe:/o:almalinux:almalinux:8" source="CPE"/>
++                        <description>The operating system installed on the system is AlmaLinux 8</description>
++                  </metadata>
++                  <criteria>
++                        <criterion comment="AlmaLinux 8 is installed" test_ref="oval:org.open-scap.cpe.almalinux:tst:8"/>
++                  </criteria>
++            </definition>
+             <definition class="inventory" id="oval:org.open-scap.cpe.rhel:def:1005" version="1">
+                   <metadata>
+                         <title>Community Enterprise Operating System 5</title>
+@@ -828,6 +841,11 @@
+                   <object object_ref="oval:org.open-scap.cpe.oraclelinux-release:obj:1"/>
+                   <state state_ref="oval:org.open-scap.cpe.ol:ste:8"/>
+             </rpminfo_test>
++            <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.almalinux:tst:8" version="1" check="at least one" comment="almalinux-release is version 8"
++                  xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
++                  <object object_ref="oval:org.open-scap.cpe.almalinux-release:obj:1"/>
++                  <state state_ref="oval:org.open-scap.cpe.almalinux:ste:8"/>
++            </rpminfo_test>
+             <rpmverifyfile_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.rhel:tst:1005" version="1" check="at least one" comment="centos-release is version 5"
+                   xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+                   <object object_ref="oval:org.open-scap.cpe.redhat-release:obj:3"/>
+@@ -1165,6 +1183,9 @@
+             <rpminfo_object id="oval:org.open-scap.cpe.oraclelinux-release:obj:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+                   <name>oraclelinux-release</name>
+             </rpminfo_object>
++            <rpminfo_object id="oval:org.open-scap.cpe.almalinux-release:obj:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
++                  <name>almalinux-release</name>
++            </rpminfo_object>
+             <registry_object id="oval:org.open-scap.cpe.windows:obj:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" >
+                   <hive>HKEY_LOCAL_MACHINE</hive>
+                   <key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key>
+@@ -1233,6 +1254,10 @@
+                   <name operation="pattern match">^oraclelinux-release</name>
+                   <version operation="pattern match">^8</version>
+             </rpminfo_state>
++            <rpminfo_state id="oval:org.open-scap.cpe.almalinux:ste:8" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
++                  <name operation="pattern match">^almalinux-release</name>
++                  <version operation="pattern match">^8</version>
++            </rpminfo_state>
+             <rpminfo_state id="oval:org.open-scap.cpe.fedora:ste:16" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+                   <version operation="pattern match">^16$</version>
+             </rpminfo_state>
+diff -Naur openscap-1.3.5/cpe/openscap-cpe-dict.xml openscap-1.3.5.alma/cpe/openscap-cpe-dict.xml
+--- openscap-1.3.5/cpe/openscap-cpe-dict.xml	2021-04-23 13:39:58.000000000 +0300
++++ openscap-1.3.5.alma/cpe/openscap-cpe-dict.xml	2021-10-10 10:02:27.000000000 +0300
+@@ -37,6 +37,10 @@
+             <title xml:lang="en-us">Community Enterprise Operating System 8</title>
+             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.centos:def:8</check>
+       </cpe-item>
++      <cpe-item name="cpe:/o:almalinux:almalinux:8">
++            <title xml:lang="en-us">AlmaLinux 8</title>
++            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.almalinux:def:8</check>
++      </cpe-item>
+       <cpe-item name="cpe:/o:fedoraproject:fedora:32">
+             <title xml:lang="en-us">Fedora 32</title>
+             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.fedora:def:32</check>

SPECS/openscap.spec

@@ -1,14 +1,15 @@
 Name:           openscap
-Version:        1.3.12
-Release:        2%{?dist}
+Version:        1.3.7
+Release:        1%{?dist}.alma
 Summary:        Set of open source libraries enabling integration of the SCAP line of standards
 Group:          System Environment/Libraries
 License:        LGPLv2+
 URL:            http://www.open-scap.org/
 Source0:        https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
-Patch0:         2218.patch
-Patch1:         2224.patch
-Patch2:         2233.patch
+
+# Add AlmaLinux definitions
+Patch100:       openscap-1.3.5-almalinux.patch
+
 BuildRequires:  cmake >= 2.6
 BuildRequires:  swig libxml2-devel libxslt-devel perl-generators perl-XML-Parser
 BuildRequires:  rpm-devel
@@ -137,12 +138,10 @@ cd build
 %cmake -DENABLE_PERL=OFF \
         -DENABLE_DOCS=ON \
         -DENABLE_OSCAP_UTIL_DOCKER=OFF \
-        -DENABLE_OSCAP_UTIL_IM=OFF \
         -DENABLE_OSCAP_UTIL_CHROOT=ON \
         -DENABLE_OSCAP_UTIL_PODMAN=ON \
         -DENABLE_OSCAP_UTIL_VM=ON \
         -DENABLE_OSCAP_REMEDIATE_SERVICE=OFF \
-        -DOPENSCAP_PROBE_LINUX_DPKGINFO=OFF \
         ..
 make %{?_smp_mflags}
 make docs
@@ -220,29 +219,8 @@ rm -rf $RPM_BUILD_ROOT
 %{_bindir}/oscap-run-sce-script
 
 %changelog
-* Mon May 05 2025 Evgenii Kolesnikov <ekolesni@redhat.com> - 1:1.3.12-2
-- Initialize tmt (RHEL-43240)
-
-* Fri Apr 25 2025 Evgenii Kolesnikov <ekolesni@redhat.com> - 1:1.3.12-1
-- Upgrade to the latest upstream release (RHEL-88842)
-- Fix error when tailoring DISA content (RHEL-34104)
-- Fix OSCAP_PROBE_IGNORE_PATHS handling (RHEL-67297)
-
-* Wed Aug 07 2024 Milan Lysonek <mlysonek@redhat.com> - 1.3.10-3
-- Switch gating to tmt plan (RHEL-43240)
-
-* Mon Apr 08 2024 Jan Černý <jcerny@redhat.com> - 1.3.10-2
-- Explicitely disable dpkginfo probe
-
-* Tue Apr 02 2024 Jan Černý <jcerny@redhat.com> - 1.3.10-1
-- Rebase to the latest upstream version (RHEL-31221)
-- Add ability to define a limit of collected items (RHEL-11925)
-- Add option --references that can select rules based on their reference (RHEL-1479)
-
-* Fri Jul 14 2023 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.8-1
-- Upgrade to the latest upstream release (rhbz#2217441)
-- Add offline support for sysctl probe (rhbz#2185791)
-- Fix systemd* probes unit enumeration (rhbz#2219533)
+* Wed Mar 29 2023 Eduard Abdullin <eabdullin@almalinux.org> - 1.3.7-1.alma
+- AlmaLinux changes
 
 * Fri Jan 27 2023 Jan Černý <jcerny@redhat.com> - 1.3.7-1
 - Upgrade to the latest upstream release (rhbz#2159290)
@@ -252,7 +230,6 @@ rm -rf $RPM_BUILD_ROOT
 * Thu Jul 21 2022 Jan Černý <jcerny@redhat.com> - 1.3.6-4
 - Fix potential invalid scan results in OpenSCAP (rhbz#2111040)
 - Remove oscap-remediate service (rhbz#2111360)
-
 * Wed Feb 02 2022 Jan Černý <jcerny@redhat.com> - 1.3.6-3
 - Prevent fails of test_ds_misc.sh