pool/openscap
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 799976 from home:msmeissn:branches:security

Browse Source 
- openscap 1.3.3. Notable improvements in this release:
  - a Python script that can be used for CLI tailoring (autotailor) (thank you, Matěj Týč);
  - timezone for XCCDF TestResult start and end time (thank you, Jan Černý);
  - new yamlfilecontent independent probe (draft implementation),
    see the proposal https://github.com/OVAL-Community/OVAL/issues/91
    for additional information.
There are other changes as well, here is the list:
  - Introduced `urn:xccdf:fix:script:kubernetes` fix type in XCCDF;
  - Added ability to generate `machineconfig` fix;
  - Detect ambiguous scan target (utils/oscap-podman);
  - Fixed #170: The rpmverifyfile probe can't verify files from '/bin' directory;
  - The data system_info probe return for offline and online modes is consistent and actual;
  - Prevent crashes when complicated regexes are executed in textfilecontent58 probe;
  - Fixed #1512: Severity refinement lost in generated guide;
  - Fixed #1453: Pointer lost in Swig API;
  - Evaluation Characteristics of the XCCDF report are now consistent with OVAL entities;
    from system_info probe;
  - Fixed filepath pattern matching in offline mode in textfilecontent58 probe;
  - Fixed infinite recursion in systemdunitdependency probe;
  - Fixed the case when CMake couldn't find libacl or xattr.h.
- dropped 0001-Do-not-use-C-keyword-operator-as-a-function-paramete.patch: upstream

OBS-URL: https://build.opensuse.org/request/show/799976
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=248
This commit is contained in:
Marcus Meissner 2020-05-04 18:33:17 +00:00 committed by Git OBS Bridge
parent d3967e180d
commit 0cb0407eba
6 changed files with 59 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
0001-Do-not-use-C-keyword-operator-as-a-function-paramete.patch
View File

@ -1,41 +0,0 @@
From 0ba7c9423f64a88ceef50318f1a382059484f737 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Wed, 15 Jan 2020 13:54:45 +0100
Subject: [PATCH] Do not use C++ keyword operator as a function parameter name
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This fixes SCAP Workbench build.
Addressing:
[ 37%] Building CXX object CMakeFiles/scap-workbench.dir/scap-workbench_autogen/mocs_compilation.cpp.o
In file included from /usr/local/include/openscap/xccdf_policy.h:39,
from /home/jcerny/work/git/scap-workbench/include/TailoringDockWidgets.h:31,
from /home/jcerny/work/git/scap-workbench/build/scap-workbench_autogen/6YEA5652QU/moc_TailoringDockWidgets.cpp:10,
from /home/jcerny/work/git/scap-workbench/build/scap-workbench_autogen/mocs_compilation.cpp:18:
/usr/local/include/openscap/oval_definitions.h:1676:117: error: declaration of operator, as parameter
1676 | restriction *oval_variable_possible_restriction_new(oval_operator_t operator, const char *hint);
| ^
Fixes: #1462
---
src/OVAL/public/oval_definitions.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/OVAL/public/oval_definitions.h b/src/OVAL/public/oval_definitions.h
index ea9d3aaf8..b5fe77154 100644
--- a/src/OVAL/public/oval_definitions.h
+++ b/src/OVAL/public/oval_definitions.h
@@ -1669,7 +1669,7 @@ OSCAP_API void oval_variable_possible_value_iterator_free(struct oval_variable_p
* @param hint A short description of what the value means or represents.
* @memberof oval_variable_possible_restriction
*/
-OSCAP_API struct oval_variable_possible_restriction *oval_variable_possible_restriction_new(oval_operator_t operator, const char *hint);
+OSCAP_API struct oval_variable_possible_restriction *oval_variable_possible_restriction_new(oval_operator_t, const char *);
/**
--
2.25.1

3
1.3.2.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3ab3a8e9b4f1ec727fafe5d7325b34c6bc4b0ce87ac5ca42f5c965b6ee6c94bd
size 12360113

3
1.3.3.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b867cc6813a567b23083ea2041fd31985063111d1eae9b650cde88cd50031958
size 13000059

26
openscap-operator-c++.patch Normal file
View File

@ -0,0 +1,26 @@
Index: openscap-1.3.2/src/OVAL/probes/probe/entcmp.h
===================================================================
--- openscap-1.3.2.orig/src/OVAL/probes/probe/entcmp.h
+++ openscap-1.3.2/src/OVAL/probes/probe/entcmp.h
@@ -49,7 +49,7 @@ oval_result_t probe_ent_result_bychk(SEX
* @param res_lst the results vector
* @param check the operator enumeration value
*/
-oval_result_t probe_ent_result_byopr(SEXP_t * res_lst, oval_operator_t operator);
+oval_result_t probe_ent_result_byopr(SEXP_t * res_lst, oval_operator_t xop);
/**
* Compare object entity's content with a value.
Index: openscap-1.3.2/src/OVAL/public/oval_definitions.h
===================================================================
--- openscap-1.3.2.orig/src/OVAL/public/oval_definitions.h
+++ openscap-1.3.2/src/OVAL/public/oval_definitions.h
@@ -1669,7 +1669,7 @@ OSCAP_API void oval_variable_possible_va
* @param hint A short description of what the value means or represents.
* @memberof oval_variable_possible_restriction
*/
-OSCAP_API struct oval_variable_possible_restriction *oval_variable_possible_restriction_new(oval_operator_t operator, const char *hint);
+OSCAP_API struct oval_variable_possible_restriction *oval_variable_possible_restriction_new(oval_operator_t xop, const char *hint);
/**

26
openscap.changes
View File

@ -1,3 +1,29 @@
-------------------------------------------------------------------
Mon May 4 05:35:18 UTC 2020 - Marcus Meissner <meissner@suse.com>
- openscap 1.3.3. Notable improvements in this release:
- a Python script that can be used for CLI tailoring (autotailor) (thank you, Matěj Týč);
- timezone for XCCDF TestResult start and end time (thank you, Jan Černý);
- new yamlfilecontent independent probe (draft implementation),
see the proposal https://github.com/OVAL-Community/OVAL/issues/91
for additional information.
There are other changes as well, here is the list:
- Introduced `urn:xccdf:fix:script:kubernetes` fix type in XCCDF;
- Added ability to generate `machineconfig` fix;
- Detect ambiguous scan target (utils/oscap-podman);
- Fixed #170: The rpmverifyfile probe can't verify files from '/bin' directory;
- The data system_info probe return for offline and online modes is consistent and actual;
- Prevent crashes when complicated regexes are executed in textfilecontent58 probe;
- Fixed #1512: Severity refinement lost in generated guide;
- Fixed #1453: Pointer lost in Swig API;
- Evaluation Characteristics of the XCCDF report are now consistent with OVAL entities;
from system_info probe;
- Fixed filepath pattern matching in offline mode in textfilecontent58 probe;
- Fixed infinite recursion in systemdunitdependency probe;
- Fixed the case when CMake couldn't find libacl or xattr.h.
- dropped 0001-Do-not-use-C-keyword-operator-as-a-function-paramete.patch: upstream
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 25 13:53:51 UTC 2020 - Christophe Giboudeaux <christophe@krop.fr> Wed Mar 25 13:53:51 UTC 2020 - Christophe Giboudeaux <christophe@krop.fr>

10
openscap.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package openscap # spec file for package openscap
# #
# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2020 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -25,7 +25,7 @@
%define with_bindings 0 %define with_bindings 0
Name: openscap Name: openscap
Version: 1.3.2 Version: 1.3.3
Release: 0 Release: 0
Source: https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz Source: https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz
# temp snapshot to make it build with new RPM before 1.3.2 # temp snapshot to make it build with new RPM before 1.3.2
@ -39,9 +39,7 @@ Source4: scap-yast2sec-oval.xml
Source5: oscap-scan.service Source5: oscap-scan.service
Source6: oscap-scan.sh Source6: oscap-scan.sh
Patch0: openscap-new-suse.patch Patch0: openscap-new-suse.patch
# PATCH-FIX-UPSTREAM URL: https://www.open-scap.org/
Patch1: 0001-Do-not-use-C-keyword-operator-as-a-function-paramete.patch
Url: https://www.open-scap.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: asciidoc BuildRequires: asciidoc
BuildRequires: doxygen BuildRequires: doxygen
@ -174,7 +172,6 @@ This package contains the Script Checking Engine Library (SCE) for OpenSCAP.
%prep %prep
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1
%build %build
%if 0%{?with_bindings} %if 0%{?with_bindings}
@ -288,6 +285,7 @@ ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml %{buildroot}/%{_datadir}/ope
%doc docs/oscap-scan.cron %doc docs/oscap-scan.cron
%{_mandir}/man8/* %{_mandir}/man8/*
%{_unitdir}/oscap-scan.service %{_unitdir}/oscap-scan.service
%{_bindir}/autotailor
%{_bindir}/oscap %{_bindir}/oscap
%{_bindir}/oscap-vm %{_bindir}/oscap-vm
%{_bindir}/oscap-scan %{_bindir}/oscap-scan