From 0cb0407eba16e668005679c68c15a864eaa9f18ce0739b7cee811268b2af5456 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 4 May 2020 18:33:17 +0000 Subject: [PATCH] Accepting request 799976 from home:msmeissn:branches:security MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - openscap 1.3.3. Notable improvements in this release: - a Python script that can be used for CLI tailoring (autotailor) (thank you, Matěj Týč); - timezone for XCCDF TestResult start and end time (thank you, Jan Černý); - new yamlfilecontent independent probe (draft implementation), see the proposal https://github.com/OVAL-Community/OVAL/issues/91 for additional information. There are other changes as well, here is the list: - Introduced `urn:xccdf:fix:script:kubernetes` fix type in XCCDF; - Added ability to generate `machineconfig` fix; - Detect ambiguous scan target (utils/oscap-podman); - Fixed #170: The rpmverifyfile probe can't verify files from '/bin' directory; - The data system_info probe return for offline and online modes is consistent and actual; - Prevent crashes when complicated regexes are executed in textfilecontent58 probe; - Fixed #1512: Severity refinement lost in generated guide; - Fixed #1453: Pointer lost in Swig API; - Evaluation Characteristics of the XCCDF report are now consistent with OVAL entities; from system_info probe; - Fixed filepath pattern matching in offline mode in textfilecontent58 probe; - Fixed infinite recursion in systemdunitdependency probe; - Fixed the case when CMake couldn't find libacl or xattr.h. - dropped 0001-Do-not-use-C-keyword-operator-as-a-function-paramete.patch: upstream OBS-URL: https://build.opensuse.org/request/show/799976 OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=248 --- ...word-operator-as-a-function-paramete.patch | 41 ------------------- 1.3.2.tar.gz | 3 -- 1.3.3.tar.gz | 3 ++ openscap-operator-c++.patch | 26 ++++++++++++ openscap.changes | 26 ++++++++++++ openscap.spec | 10 ++--- 6 files changed, 59 insertions(+), 50 deletions(-) delete mode 100644 0001-Do-not-use-C-keyword-operator-as-a-function-paramete.patch delete mode 100644 1.3.2.tar.gz create mode 100644 1.3.3.tar.gz create mode 100644 openscap-operator-c++.patch diff --git a/0001-Do-not-use-C-keyword-operator-as-a-function-paramete.patch b/0001-Do-not-use-C-keyword-operator-as-a-function-paramete.patch deleted file mode 100644 index c278de5..0000000 --- a/0001-Do-not-use-C-keyword-operator-as-a-function-paramete.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0ba7c9423f64a88ceef50318f1a382059484f737 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= -Date: Wed, 15 Jan 2020 13:54:45 +0100 -Subject: [PATCH] Do not use C++ keyword operator as a function parameter name -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This fixes SCAP Workbench build. - -Addressing: -[ 37%] Building CXX object CMakeFiles/scap-workbench.dir/scap-workbench_autogen/mocs_compilation.cpp.o -In file included from /usr/local/include/openscap/xccdf_policy.h:39, - from /home/jcerny/work/git/scap-workbench/include/TailoringDockWidgets.h:31, - from /home/jcerny/work/git/scap-workbench/build/scap-workbench_autogen/6YEA5652QU/moc_TailoringDockWidgets.cpp:10, - from /home/jcerny/work/git/scap-workbench/build/scap-workbench_autogen/mocs_compilation.cpp:18: -/usr/local/include/openscap/oval_definitions.h:1676:117: error: declaration of ‘operator,’ as parameter - 1676 | restriction *oval_variable_possible_restriction_new(oval_operator_t operator, const char *hint); - | ^ - -Fixes: #1462 ---- - src/OVAL/public/oval_definitions.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/OVAL/public/oval_definitions.h b/src/OVAL/public/oval_definitions.h -index ea9d3aaf8..b5fe77154 100644 ---- a/src/OVAL/public/oval_definitions.h -+++ b/src/OVAL/public/oval_definitions.h -@@ -1669,7 +1669,7 @@ OSCAP_API void oval_variable_possible_value_iterator_free(struct oval_variable_p - * @param hint A short description of what the value means or represents. - * @memberof oval_variable_possible_restriction - */ --OSCAP_API struct oval_variable_possible_restriction *oval_variable_possible_restriction_new(oval_operator_t operator, const char *hint); -+OSCAP_API struct oval_variable_possible_restriction *oval_variable_possible_restriction_new(oval_operator_t, const char *); - - - /** --- -2.25.1 - diff --git a/1.3.2.tar.gz b/1.3.2.tar.gz deleted file mode 100644 index 64ea506..0000000 --- a/1.3.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3ab3a8e9b4f1ec727fafe5d7325b34c6bc4b0ce87ac5ca42f5c965b6ee6c94bd -size 12360113 diff --git a/1.3.3.tar.gz b/1.3.3.tar.gz new file mode 100644 index 0000000..352e944 --- /dev/null +++ b/1.3.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b867cc6813a567b23083ea2041fd31985063111d1eae9b650cde88cd50031958 +size 13000059 diff --git a/openscap-operator-c++.patch b/openscap-operator-c++.patch new file mode 100644 index 0000000..82801a6 --- /dev/null +++ b/openscap-operator-c++.patch @@ -0,0 +1,26 @@ +Index: openscap-1.3.2/src/OVAL/probes/probe/entcmp.h +=================================================================== +--- openscap-1.3.2.orig/src/OVAL/probes/probe/entcmp.h ++++ openscap-1.3.2/src/OVAL/probes/probe/entcmp.h +@@ -49,7 +49,7 @@ oval_result_t probe_ent_result_bychk(SEX + * @param res_lst the results vector + * @param check the operator enumeration value + */ +-oval_result_t probe_ent_result_byopr(SEXP_t * res_lst, oval_operator_t operator); ++oval_result_t probe_ent_result_byopr(SEXP_t * res_lst, oval_operator_t xop); + + /** + * Compare object entity's content with a value. +Index: openscap-1.3.2/src/OVAL/public/oval_definitions.h +=================================================================== +--- openscap-1.3.2.orig/src/OVAL/public/oval_definitions.h ++++ openscap-1.3.2/src/OVAL/public/oval_definitions.h +@@ -1669,7 +1669,7 @@ OSCAP_API void oval_variable_possible_va + * @param hint A short description of what the value means or represents. + * @memberof oval_variable_possible_restriction + */ +-OSCAP_API struct oval_variable_possible_restriction *oval_variable_possible_restriction_new(oval_operator_t operator, const char *hint); ++OSCAP_API struct oval_variable_possible_restriction *oval_variable_possible_restriction_new(oval_operator_t xop, const char *hint); + + + /** diff --git a/openscap.changes b/openscap.changes index dbe90b2..b621078 100644 --- a/openscap.changes +++ b/openscap.changes @@ -1,3 +1,29 @@ +------------------------------------------------------------------- +Mon May 4 05:35:18 UTC 2020 - Marcus Meissner + +- openscap 1.3.3. Notable improvements in this release: + - a Python script that can be used for CLI tailoring (autotailor) (thank you, Matěj Týč); + - timezone for XCCDF TestResult start and end time (thank you, Jan Černý); + - new yamlfilecontent independent probe (draft implementation), + see the proposal https://github.com/OVAL-Community/OVAL/issues/91 + for additional information. + +There are other changes as well, here is the list: + - Introduced `urn:xccdf:fix:script:kubernetes` fix type in XCCDF; + - Added ability to generate `machineconfig` fix; + - Detect ambiguous scan target (utils/oscap-podman); + - Fixed #170: The rpmverifyfile probe can't verify files from '/bin' directory; + - The data system_info probe return for offline and online modes is consistent and actual; + - Prevent crashes when complicated regexes are executed in textfilecontent58 probe; + - Fixed #1512: Severity refinement lost in generated guide; + - Fixed #1453: Pointer lost in Swig API; + - Evaluation Characteristics of the XCCDF report are now consistent with OVAL entities; + from system_info probe; + - Fixed filepath pattern matching in offline mode in textfilecontent58 probe; + - Fixed infinite recursion in systemdunitdependency probe; + - Fixed the case when CMake couldn't find libacl or xattr.h. +- dropped 0001-Do-not-use-C-keyword-operator-as-a-function-paramete.patch: upstream + ------------------------------------------------------------------- Wed Mar 25 13:53:51 UTC 2020 - Christophe Giboudeaux diff --git a/openscap.spec b/openscap.spec index 3fec8c7..3b42890 100644 --- a/openscap.spec +++ b/openscap.spec @@ -1,7 +1,7 @@ # # spec file for package openscap # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,7 +25,7 @@ %define with_bindings 0 Name: openscap -Version: 1.3.2 +Version: 1.3.3 Release: 0 Source: https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz # temp snapshot to make it build with new RPM before 1.3.2 @@ -39,9 +39,7 @@ Source4: scap-yast2sec-oval.xml Source5: oscap-scan.service Source6: oscap-scan.sh Patch0: openscap-new-suse.patch -# PATCH-FIX-UPSTREAM -Patch1: 0001-Do-not-use-C-keyword-operator-as-a-function-paramete.patch -Url: https://www.open-scap.org/ +URL: https://www.open-scap.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: asciidoc BuildRequires: doxygen @@ -174,7 +172,6 @@ This package contains the Script Checking Engine Library (SCE) for OpenSCAP. %prep %setup -q %patch0 -p1 -%patch1 -p1 %build %if 0%{?with_bindings} @@ -288,6 +285,7 @@ ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml %{buildroot}/%{_datadir}/ope %doc docs/oscap-scan.cron %{_mandir}/man8/* %{_unitdir}/oscap-scan.service +%{_bindir}/autotailor %{_bindir}/oscap %{_bindir}/oscap-vm %{_bindir}/oscap-scan