Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openscap for openSUSE:Factory checked in at 2023-04-04 21:17:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openscap (Old) and /work/SRC/openSUSE:Factory/.openscap.new.19717 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openscap" Tue Apr 4 21:17:50 2023 rev:82 rq:1075297 version:1.3.7 Changes: -------- --- /work/SRC/openSUSE:Factory/openscap/openscap.changes 2023-01-23 18:32:38.356340733 +0100 +++ /work/SRC/openSUSE:Factory/.openscap.new.19717/openscap.changes 2023-04-04 21:18:09.848327288 +0200 @@ -1,0 +2,29 @@ +Wed Mar 29 15:22:55 UTC 2023 - Marcus Meissner <[email protected]> + +- remove _service confusion, we use final tarballs. + +------------------------------------------------------------------- +Tue Mar 28 09:59:10 UTC 2023 - [email protected] + +- Update to version 1.3.7: + * openscap-1.3.7 + * Bump soname from 25.5.0 to 25.5.1 + * Bump version to openscap-1.3.7 + * Fix typos in docs + * Remove a check for suspicious files + * Add debian_evr_string tests to CMakeLists + * Add a few unittests for debian_evr_string + * Remove To be done + * Move release guide to upstream + +- add 0005-rename-requires-reqs-for-C-20-compatibility.patch + +- rename patches + openscap-opensuse-cpe.patch to 0001-Add-openSUSE-cpe-links.patch + openscap-suse-cpe.patch to 0002-Add-SUSE-cpe-links.patch + openscap-docker-add-suse.patch to 0003-Use-openSUSE-SUSE-cpe-links.patch + oscap-remediate.service.in.patch to 0004-oscap-remediate-is-located-in-bindir.patch + +- drop 0001-Use-correct-includes.patch (upstream) + +------------------------------------------------------------------- Old: ---- 0001-Use-correct-includes.patch 1.3.6.tar.gz _service openscap-docker-add-suse.patch openscap-opensuse-cpe.patch openscap-suse-cpe.patch oscap-remediate.service.in.patch New: ---- 0001-Add-openSUSE-cpe-links.patch 0002-Add-SUSE-cpe-links.patch 0003-Use-openSUSE-SUSE-cpe-links.patch 0004-oscap-remediate-is-located-in-bindir.patch 0005-rename-requires-reqs-for-C-20-compatibility.patch openscap-1.3.7.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openscap.spec ++++++ --- /var/tmp/diff_new_pack.wMjGmb/_old 2023-04-04 21:18:10.788333282 +0200 +++ /var/tmp/diff_new_pack.wMjGmb/_new 2023-04-04 21:18:10.796333333 +0200 @@ -23,13 +23,13 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: openscap -Version: 1.3.6 +Version: 1.3.7 Release: 0 Summary: A Set of Libraries for Integration with SCAP License: LGPL-2.1-or-later Group: Development/Tools/Other URL: https://www.open-scap.org/ -Source: https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz +Source: https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz#/%name-%version.tar.gz Source1: openscap-rpmlintrc Source2: sysconfig.oscap-scan # SUSE specific profile, based on yast2-security checks. @@ -38,13 +38,14 @@ Source4: scap-yast2sec-oval.xml Source5: oscap-scan.service Source6: oscap-scan.sh -Patch1: openscap-opensuse-cpe.patch -Patch2: openscap-suse-cpe.patch -Patch3: openscap-docker-add-suse.patch +Patch1: 0001-Add-openSUSE-cpe-links.patch +Patch2: 0002-Add-SUSE-cpe-links.patch +Patch3: 0003-Use-openSUSE-SUSE-cpe-links.patch %if 0%{?suse_version} != 1599 -Patch4: oscap-remediate.service.in.patch +Patch4: 0004-oscap-remediate-is-located-in-bindir.patch %endif -Patch5: 0001-Use-correct-includes.patch +Patch5: 0005-rename-requires-reqs-for-C-20-compatibility.patch + BuildRequires: asciidoc # Use package name cause of "have choice for perl(XML::Parser): brp-check-suse perl-XML-Parser" BuildRequires: cmake ++++++ 0001-Add-openSUSE-cpe-links.patch ++++++ >From 48685f390b865f6edd7df8dba955c03dff6045e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <[email protected]> Date: Tue, 28 Mar 2023 12:02:43 +0200 Subject: [PATCH 1/5] Add openSUSE cpe links --- cpe/openscap-cpe-dict.xml | 24 +++++++ cpe/openscap-cpe-oval.xml | 127 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 151 insertions(+) diff --git a/cpe/openscap-cpe-dict.xml b/cpe/openscap-cpe-dict.xml index 02d5361..cf52bee 100644 --- a/cpe/openscap-cpe-dict.xml +++ b/cpe/openscap-cpe-dict.xml @@ -53,4 +53,28 @@ <title xml:lang="en-us">Fedora 35</title> <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.fedora:def:35</check> </cpe-item> + <cpe-item name="cpe:/o:opensuse:leap:15.1"> + <title xml:lang="en-us">openSUSE Leap 15.1</title> + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.opensuse:def:151</check> + </cpe-item> + <cpe-item name="cpe:/o:opensuse:leap:15.2"> + <title xml:lang="en-us">openSUSE Leap 15.2</title> + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.opensuse:def:152</check> + </cpe-item> + <cpe-item name="cpe:/o:opensuse:leap:15.3"> + <title xml:lang="en-us">openSUSE Leap 15.3</title> + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.opensuse:def:153</check> + </cpe-item> + <cpe-item name="cpe:/o:opensuse:leap:15.4"> + <title xml:lang="en-us">openSUSE Leap 15.4</title> + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.opensuse:def:154</check> + </cpe-item> + <cpe-item name="cpe:/o:opensuse:leap:15.5"> + <title xml:lang="en-us">openSUSE Leap 15.5</title> + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.opensuse:def:155</check> + </cpe-item> + <cpe-item name="cpe:/o:opensuse:tumbleweed"> + <title xml:lang="en-us">openSUSE Tumbleweed</title> + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.opensuse:def:9999</check> + </cpe-item> </cpe-list> diff --git a/cpe/openscap-cpe-oval.xml b/cpe/openscap-cpe-oval.xml index 6409940..a402c7f 100644 --- a/cpe/openscap-cpe-oval.xml +++ b/cpe/openscap-cpe-oval.xml @@ -690,6 +690,84 @@ <criterion comment="openSUSE Leap 15.0 is installed" test_ref="oval:org.open-scap.cpe.opensuse:tst:150"/> </criteria> </definition> + <definition class="inventory" id="oval:org.open-scap.cpe.opensuse:def:151" version="1"> + <metadata> + <title>openSUSE Leap 15.1</title> + <affected family="unix"> + <platform>openSUSE Leap 15.1</platform> + </affected> + <reference ref_id="cpe:/o:opensuse:leap:15.1" source="CPE"/> + <description>The operating system installed on the system is openSUSE Leap 15.1</description> + </metadata> + <criteria> + <criterion comment="openSUSE Leap 15.1 is installed" test_ref="oval:org.open-scap.cpe.opensuse:tst:151"/> + </criteria> + </definition> + <definition class="inventory" id="oval:org.open-scap.cpe.opensuse:def:152" version="1"> + <metadata> + <title>openSUSE Leap 15.2</title> + <affected family="unix"> + <platform>openSUSE Leap 15.2</platform> + </affected> + <reference ref_id="cpe:/o:opensuse:leap:15.2" source="CPE"/> + <description>The operating system installed on the system is openSUSE Leap 15.2</description> + </metadata> + <criteria> + <criterion comment="openSUSE Leap 15.2 is installed" test_ref="oval:org.open-scap.cpe.opensuse:tst:152"/> + </criteria> + </definition> + <definition class="inventory" id="oval:org.open-scap.cpe.opensuse:def:153" version="1"> + <metadata> + <title>openSUSE Leap 15.3</title> + <affected family="unix"> + <platform>openSUSE Leap 15.3</platform> + </affected> + <reference ref_id="cpe:/o:opensuse:leap:15.3" source="CPE"/> + <description>The operating system installed on the system is openSUSE Leap 15.3</description> + </metadata> + <criteria> + <criterion comment="openSUSE Leap 15.3 is installed" test_ref="oval:org.open-scap.cpe.opensuse:tst:153"/> + </criteria> + </definition> + <definition class="inventory" id="oval:org.open-scap.cpe.opensuse:def:154" version="1"> + <metadata> + <title>openSUSE Leap 15.4</title> + <affected family="unix"> + <platform>openSUSE Leap 15.4</platform> + </affected> + <reference ref_id="cpe:/o:opensuse:leap:15.4" source="CPE"/> + <description>The operating system installed on the system is openSUSE Leap 15.4</description> + </metadata> + <criteria> + <criterion comment="openSUSE Leap 15.4 is installed" test_ref="oval:org.open-scap.cpe.opensuse:tst:154"/> + </criteria> + </definition> + <definition class="inventory" id="oval:org.open-scap.cpe.opensuse:def:155" version="1"> + <metadata> + <title>openSUSE Leap 15.5</title> + <affected family="unix"> + <platform>openSUSE Leap 15.5</platform> + </affected> + <reference ref_id="cpe:/o:opensuse:leap:15.5" source="CPE"/> + <description>The operating system installed on the system is openSUSE Leap 15.5</description> + </metadata> + <criteria> + <criterion comment="openSUSE Leap 15.5 is installed" test_ref="oval:org.open-scap.cpe.opensuse:tst:155"/> + </criteria> + </definition> + <definition class="inventory" id="oval:org.open-scap.cpe.opensuse:def:9999" version="1"> + <metadata> + <title>openSUSE Tumbleweed</title> + <affected family="unix"> + <platform>openSUSE Tumbleweed</platform> + </affected> + <reference ref_id="cpe:/o:opensuse:tumbleweed" source="CPE"/> + <description>The operating system installed on the system is openSUSE Tumbleweed</description> + </metadata> + <criteria> + <criterion comment="openSUSE Tumbleweed is installed" test_ref="oval:org.open-scap.cpe.opensuse:tst:9999"/> + </criteria> + </definition> <definition class="inventory" id="oval:org.open-scap.cpe.wrlinux:def:1" version="1" > <metadata> <title>Wind River Linux</title> @@ -1087,6 +1165,36 @@ <object object_ref="oval:org.open-scap.cpe.openSUSE-release:obj:1"/> <state state_ref="oval:org.open-scap.cpe.opensuse:ste:150"/> </rpminfo_test> + <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.opensuse:tst:151" version="2" check="at least one" comment="openSUSE-release is version 15.1" + xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <object object_ref="oval:org.open-scap.cpe.openSUSE-release:obj:1"/> + <state state_ref="oval:org.open-scap.cpe.opensuse:ste:151"/> + </rpminfo_test> + <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.opensuse:tst:152" version="2" check="at least one" comment="openSUSE-release is version 15.2" + xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <object object_ref="oval:org.open-scap.cpe.openSUSE-release:obj:1"/> + <state state_ref="oval:org.open-scap.cpe.opensuse:ste:152"/> + </rpminfo_test> + <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.opensuse:tst:153" version="2" check="at least one" comment="openSUSE-release is version 15.3" + xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <object object_ref="oval:org.open-scap.cpe.openSUSE-release:obj:1"/> + <state state_ref="oval:org.open-scap.cpe.opensuse:ste:153"/> + </rpminfo_test> + <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.opensuse:tst:154" version="2" check="at least one" comment="openSUSE-release is version 15.4" + xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <object object_ref="oval:org.open-scap.cpe.openSUSE-release:obj:1"/> + <state state_ref="oval:org.open-scap.cpe.opensuse:ste:154"/> + </rpminfo_test> + <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.opensuse:tst:155" version="2" check="at least one" comment="openSUSE-release is version 15.5" + xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <object object_ref="oval:org.open-scap.cpe.openSUSE-release:obj:1"/> + <state state_ref="oval:org.open-scap.cpe.opensuse:ste:155"/> + </rpminfo_test> + <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.opensuse:tst:9999" version="2" check="at least one" comment="openSUSE-release is openSUSE Tumbleweed" + xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <object object_ref="oval:org.open-scap.cpe.openSUSE-release:obj:1"/> + <state state_ref="oval:org.open-scap.cpe.opensuse:ste:9999"/> + </rpminfo_test> <family_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.wrlinux:tst:1" version="1" check="only one" comment="Installed operating system is part of the Unix family." xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent";> @@ -1415,6 +1523,25 @@ <rpminfo_state id="oval:org.open-scap.cpe.opensuse:ste:150" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> <version operation="pattern match">^15.0$</version> </rpminfo_state> + <rpminfo_state id="oval:org.open-scap.cpe.opensuse:ste:151" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <version operation="pattern match">^15.1$</version> + </rpminfo_state> + <rpminfo_state id="oval:org.open-scap.cpe.opensuse:ste:152" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <version operation="pattern match">^15.2$</version> + </rpminfo_state> + <rpminfo_state id="oval:org.open-scap.cpe.opensuse:ste:153" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <version operation="pattern match">^15.3$</version> + </rpminfo_state> + <rpminfo_state id="oval:org.open-scap.cpe.opensuse:ste:154" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <version operation="pattern match">^15.4$</version> + </rpminfo_state> + <rpminfo_state id="oval:org.open-scap.cpe.opensuse:ste:155" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <version operation="pattern match">^15.5$</version> + </rpminfo_state> + <rpminfo_state id="oval:org.open-scap.cpe.opensuse:ste:9999" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <!-- matching for timestamp --> + <version operation="pattern match">^\d{8}$</version> + </rpminfo_state> <textfilecontent54_state id="oval:org.open-scap.cpe.wrlinux-release:ste:8" comment="Check the /etc/wrlinux-release file for VERSION 8 specification." -- 2.40.0 ++++++ 0002-Add-SUSE-cpe-links.patch ++++++ >From 8ef63951ad8e87a65cb252601a03bd958631f94c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <[email protected]> Date: Tue, 28 Mar 2023 12:04:28 +0200 Subject: [PATCH 2/5] Add SUSE cpe links --- cpe/openscap-cpe-dict.xml | 16 +++++++++++++++ cpe/openscap-cpe-oval.xml | 42 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/cpe/openscap-cpe-dict.xml b/cpe/openscap-cpe-dict.xml index cf52bee..85917a8 100644 --- a/cpe/openscap-cpe-dict.xml +++ b/cpe/openscap-cpe-dict.xml @@ -77,4 +77,20 @@ <title xml:lang="en-us">openSUSE Tumbleweed</title> <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.opensuse:def:9999</check> </cpe-item> + <cpe-item name="cpe:/o:suse:sles:12"> + <title xml:lang="en-us">SUSE Linux Enterprise Server 12</title> + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.sles:def:12</check> + </cpe-item> + <cpe-item name="cpe:/o:suse:sled:12"> + <title xml:lang="en-us">SUSE Linux Enterprise Desktop 12</title> + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.sled:def:12</check> + </cpe-item> + <cpe-item name="cpe:/o:suse:sles:15"> + <title xml:lang="en-us">SUSE Linux Enterprise Server 15</title> + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.sles:def:15</check> + </cpe-item> + <cpe-item name="cpe:/o:suse:sled:15"> + <title xml:lang="en-us">SUSE Linux Enterprise Desktop 15</title> + <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.sled:def:15</check> + </cpe-item> </cpe-list> diff --git a/cpe/openscap-cpe-oval.xml b/cpe/openscap-cpe-oval.xml index a402c7f..531297b 100644 --- a/cpe/openscap-cpe-oval.xml +++ b/cpe/openscap-cpe-oval.xml @@ -768,6 +768,32 @@ <criterion comment="openSUSE Tumbleweed is installed" test_ref="oval:org.open-scap.cpe.opensuse:tst:9999"/> </criteria> </definition> + <definition class="inventory" id="oval:org.open-scap.cpe.sles:def:15" version="1"> + <metadata> + <title>SUSE Linux Enterprise Server 15</title> + <affected family="unix"> + <platform>SUSE Linux Enterprise Server 15</platform> + </affected> + <reference ref_id="cpe:/o:suse:sles:15" source="CPE"/> + <description>The operating system installed on the system is SUSE Linux Enterprise Server 15</description> + </metadata> + <criteria> + <criterion comment="SLES 15 is installed" test_ref="oval:org.open-scap.cpe.sles:tst:15"/> + </criteria> + </definition> + <definition class="inventory" id="oval:org.open-scap.cpe.sled:def:15" version="1"> + <metadata> + <title>SUSE Linux Enterprise Desktop 15</title> + <affected family="unix"> + <platform>SUSE Linux Enterprise Desktop 15</platform> + </affected> + <reference ref_id="cpe:/o:suse:sled:15" source="CPE"/> + <description>The operating system installed on the system is SUSE Linux Enterprise Desktop 15</description> + </metadata> + <criteria> + <criterion comment="SLED 15 is installed" test_ref="oval:org.open-scap.cpe.sled:tst:15"/> + </criteria> + </definition> <definition class="inventory" id="oval:org.open-scap.cpe.wrlinux:def:1" version="1" > <metadata> <title>Wind River Linux</title> @@ -1110,6 +1136,11 @@ <object object_ref="oval:org.open-scap.cpe.sles-release:obj:1"/> <state state_ref="oval:org.open-scap.cpe.sles:ste:12"/> </rpminfo_test> + <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.sles:tst:15" version="1" check="at least one" comment="sles-release is version 15" + xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <object object_ref="oval:org.open-scap.cpe.sles-release:obj:1"/> + <state state_ref="oval:org.open-scap.cpe.sles:ste:15"/> + </rpminfo_test> <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.sled:tst:10" version="1" check="at least one" comment="sled-release is version 10" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> <object object_ref="oval:org.open-scap.cpe.sled-release:obj:1"/> @@ -1125,6 +1156,11 @@ <object object_ref="oval:org.open-scap.cpe.sled-release:obj:1"/> <state state_ref="oval:org.open-scap.cpe.sled:ste:12"/> </rpminfo_test> + <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.sled:tst:15" version="1" check="at least one" comment="sled-release is version 15" + xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <object object_ref="oval:org.open-scap.cpe.sled-release:obj:1"/> + <state state_ref="oval:org.open-scap.cpe.sled:ste:15"/> + </rpminfo_test> <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.opensuse:tst:1" version="1" check="at least one" comment="openSUSE-release is version 11.4" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> <object object_ref="oval:org.open-scap.cpe.openSUSE-release:obj:1"/> @@ -1490,6 +1526,9 @@ <rpminfo_state id="oval:org.open-scap.cpe.sles:ste:12" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> <version operation="pattern match">^12($|[^\d])</version> </rpminfo_state> + <rpminfo_state id="oval:org.open-scap.cpe.sles:ste:15" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <version operation="pattern match">^15($|[^\d])</version> + </rpminfo_state> <rpminfo_state id="oval:org.open-scap.cpe.sled:ste:10" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> <version operation="pattern match">^10($|[^\d])</version> </rpminfo_state> @@ -1499,6 +1538,9 @@ <rpminfo_state id="oval:org.open-scap.cpe.sled:ste:12" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> <version operation="pattern match">^12($|[^\d])</version> </rpminfo_state> + <rpminfo_state id="oval:org.open-scap.cpe.sled:ste:15" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> + <version operation="pattern match">^15($|[^\d])</version> + </rpminfo_state> <rpminfo_state id="oval:org.open-scap.cpe.opensuse:ste:2" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";> <name operation="pattern match">^openSUSE-release</name> </rpminfo_state> -- 2.40.0 ++++++ 0003-Use-openSUSE-SUSE-cpe-links.patch ++++++ >From 815356039b16d5abba9cdebc07c23aa967947ef3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <[email protected]> Date: Tue, 28 Mar 2023 12:05:37 +0200 Subject: [PATCH 3/5] Use openSUSE/SUSE cpe links --- utils/oscap_docker_python/get_cve_input.py | 21 ++++++++++--- .../oscap_docker_common.py | 31 ++++++++++++++++++- 2 files changed, 46 insertions(+), 6 deletions(-) diff --git a/utils/oscap_docker_python/get_cve_input.py b/utils/oscap_docker_python/get_cve_input.py index 6d77bdb..bb38e77 100644 --- a/utils/oscap_docker_python/get_cve_input.py +++ b/utils/oscap_docker_python/get_cve_input.py @@ -31,9 +31,12 @@ class getInputCVE(object): hdr = {'User-agent': 'Mozilla/5.0'} hdr2 = [('User-agent', 'Mozilla/5.0')] - url = "https://www.redhat.com/security/data/oval/"; - dist_cve_name = "com.redhat.rhsa-RHEL{0}.xml.bz2" - dists = [5, 6, 7] + rhel_url = "https://www.redhat.com/security/data/oval/"; + rhel_dist_cve_name = "com.redhat.rhsa-RHEL{0}.xml.bz2" + rhel_dists = [5, 6, 7] + suse_url = "https://ftp.suse.com/pub/projects/security/oval/"; + suse_dist_cve_name = "suse.linux.enterprise.{0}.xml" + suse_dists = [12, 15] remote_pattern = '%a, %d %b %Y %H:%M:%S %Z' def __init__(self, fs_dest, DEBUG=False): @@ -46,10 +49,18 @@ class getInputCVE(object): Given a distribution number (i.e. 7), it will fetch the distribution specific data file if upstream has a newer input file. Returns the path of file. + We just hack that SUSE has versions above 10 to mean SUSE ''' - cve_file = self.dist_cve_name.format(dist) + if dist == "12" or dist == "15": + cve_file = self.suse_dist_cve_name.format(dist) + dist_url = urllib.parse.urljoin(self.suse_url, cve_file) + else: + cve_file = self.rhel_dist_cve_name.format(dist) + dist_url = urllib.parse.urljoin(self.rhel_url, cve_file) + + # stderr.write("URL {0} cve_file {1}\n".format(dist_url,cve_file)) dest_file = join(self.dest, cve_file) - dist_url = urllib.parse.urljoin(self.url, cve_file) + if self._is_cache_same(dest_file, dist_url): return dest_file diff --git a/utils/oscap_docker_python/oscap_docker_common.py b/utils/oscap_docker_python/oscap_docker_common.py index c9afd6b..30289fd 100644 --- a/utils/oscap_docker_python/oscap_docker_common.py +++ b/utils/oscap_docker_python/oscap_docker_common.py @@ -55,7 +55,7 @@ def get_dist(mountpoint, oscap_binary, local_env): ''' Test the chroot and determine what RHEL dist it is; returns - an integer representing the dist + an integer representing the dist (5 - 8 for RHEL, 12 and 15 for SLES) ''' cpe_dict = '/usr/share/openscap/cpe/openscap-cpe-oval.xml' @@ -77,3 +77,32 @@ def get_dist(mountpoint, oscap_binary, local_env): if "{0}{1}: true".format(CPE_RHEL, dist) in result.stdout: print("This system seems based on RHEL{0}.".format(dist)) return dist + + CPE_SLES = 'oval:org.open-scap.cpe.sles:def:' + DISTS = ["12", "15"] + + ''' + Test the chroot and determine what SUSE dist it is; returns + an integer representing the dist (12 and 15 for SUSE) + ''' + + cpe_dict = '/usr/share/openscap/cpe/openscap-cpe-oval.xml' + if not os.path.exists(cpe_dict): + # sometime it's installed into /usr/local/share instead of /usr/local + cpe_dict = '/usr/local/share/openscap/cpe/openscap-cpe-oval.xml' + if not os.path.exists(cpe_dict): + raise OscapError() + + for dist in DISTS: + result = oscap_chroot( + mountpoint, oscap_binary, + ("oval", "eval", "--id", CPE_SLES + dist, cpe_dict, + mountpoint, "2>&1", ">", "/dev/null"), + '*', + local_env + ) + + if "{0}{1}: true".format(CPE_SLES, dist) in result.stdout: + print("This system seems based on SLES {0}.".format(dist)) + return dist + print("System version not detected.") -- 2.40.0 ++++++ 0004-oscap-remediate-is-located-in-bindir.patch ++++++ >From 290186ec99dedf00477447d53b2c0c01c764eaa5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <[email protected]> Date: Tue, 28 Mar 2023 12:06:36 +0200 Subject: [PATCH 4/5] oscap-remediate is located in bindir --- oscap-remediate.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oscap-remediate.service.in b/oscap-remediate.service.in index 2b48398..b6d07b7 100644 --- a/oscap-remediate.service.in +++ b/oscap-remediate.service.in @@ -8,6 +8,6 @@ Before=shutdown.target system-update.target [Service] Type=oneshot -ExecStart=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBEXECDIR@/oscap-remediate +ExecStart=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_BINDIR@/oscap-remediate FailureAction=reboot -- 2.40.0 ++++++ 0005-rename-requires-reqs-for-C-20-compatibility.patch ++++++ >From f276794e7395cf3805e32ab3b86508f933471537 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <[email protected]> Date: Tue, 28 Mar 2023 13:09:59 +0200 Subject: [PATCH 5/5] rename requires -> reqs for C++20 compatibility MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Klaus Kämpf <[email protected]> --- src/XCCDF/public/xccdf_benchmark.h | 6 +++--- src/XCCDF/rule.c | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/XCCDF/public/xccdf_benchmark.h b/src/XCCDF/public/xccdf_benchmark.h index db65873..74e3920 100644 --- a/src/XCCDF/public/xccdf_benchmark.h +++ b/src/XCCDF/public/xccdf_benchmark.h @@ -3343,11 +3343,11 @@ OSCAP_API bool xccdf_item_add_warning(struct xccdf_item *item, struct xccdf_warn OSCAP_API bool xccdf_refine_rule_add_remark(struct xccdf_refine_rule *obj, struct oscap_text *item); /// @memberof xccdf_rule -OSCAP_API bool xccdf_rule_add_requires(struct xccdf_rule *rule, struct oscap_stringlist *requires); +OSCAP_API bool xccdf_rule_add_requires(struct xccdf_rule *rule, struct oscap_stringlist *reqs); /// @memberof xccdf_group -OSCAP_API bool xccdf_group_add_requires(struct xccdf_group *group, struct oscap_stringlist *requires); +OSCAP_API bool xccdf_group_add_requires(struct xccdf_group *group, struct oscap_stringlist *reqs); /// @memberof xccdf_item -OSCAP_API bool xccdf_item_add_requires(struct xccdf_item *item, struct oscap_stringlist *requires); +OSCAP_API bool xccdf_item_add_requires(struct xccdf_item *item, struct oscap_stringlist *reqs); /// @memberof xccdf_rule OSCAP_API bool xccdf_rule_add_conflicts(struct xccdf_rule *rule, const char *conflicts); /// @memberof xccdf_group diff --git a/src/XCCDF/rule.c b/src/XCCDF/rule.c index b16b69e..0ec1643 100644 --- a/src/XCCDF/rule.c +++ b/src/XCCDF/rule.c @@ -76,20 +76,20 @@ bool xccdf_content_parse(xmlTextReaderPtr reader, struct xccdf_item *parent) return false; } -static void xccdf_deps_get(struct xccdf_item *item, struct oscap_list **conflicts, struct oscap_list **requires) +static void xccdf_deps_get(struct xccdf_item *item, struct oscap_list **conflicts, struct oscap_list **reqs) { switch (item->type) { case XCCDF_RULE: if (conflicts) *conflicts = item->sub.rule.conflicts; - if (requires) - *requires = item->sub.rule.requires; + if (reqs) + *reqs = item->sub.rule.requires; break; case XCCDF_GROUP: if (conflicts) *conflicts = item->sub.group.conflicts; - if (requires) - *requires = item->sub.group.requires; + if (reqs) + *reqs = item->sub.group.requires; break; default: assert(false); -- 2.40.0
