Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sca-patterns-sle15 for openSUSE:Factory checked in at 2021-03-28 11:55:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sca-patterns-sle15 (Old) and /work/SRC/openSUSE:Factory/.sca-patterns-sle15.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sca-patterns-sle15" Sun Mar 28 11:55:06 2021 rev:6 rq:881402 version:1.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/sca-patterns-sle15/sca-patterns-sle15.changes 2021-03-05 13:50:11.419890207 +0100 +++ /work/SRC/openSUSE:Factory/.sca-patterns-sle15.new.2401/sca-patterns-sle15.changes 2021-03-28 11:57:10.800267396 +0200 @@ -2 +2,22 @@ -Thu Mar 4 03:25:51 UTC 2021 - jason.rec...@gmail.com +Thu Mar 25 21:05:17 UTC 2021 - jason.rec...@suse.com + +- New regular patterns (5) for version 1.0.1 + + sle15sp2/kernel-000019739.py: BIOS update failure when an update is performed using the Linux .bin files + + sle15sp2/bleedingtooth_152-000019735.py: BleedingTooth aka CVE-2020-12351, CVE-2020-12352, and CVE-2020-24490 + + sle15sp1/bleedingtooth_151-000019735.py: BleedingTooth aka CVE-2020-12351, CVE-2020-12352, and CVE-2020-24490 + + sle15sp0/bleedingtooth_150-000019735.py: BleedingTooth aka CVE-2020-12351, CVE-2020-12352, and CVE-2020-24490 + + sle15all/amavis-000019709.py: amavis.service failed to start after upgrade + +------------------------------------------------------------------- +Wed Mar 24 22:39:50 UTC 2021 - jason.rec...@suse.com + +- New regular patterns (6) for version 1.0.1 + + sle15sp2/openwsman-000019729.py: owsmangencert.sh generates error + + sle15sp2/lscpu-000019784-15.py: lscpu segfaults on IBM Power8 - Assertion failed + + sle15sp1/x710-000019639.py: Intel X710 based NIC is not detected + + sle15sp1/plymouth-000019595.py: plymouth hang - login to console not possible + + sle15sp1/lscpu-000019784-15.py: lscpu segfaults on IBM Power8 - Assertion failed + + sle15sp0/plymouth-000019595.py: plymouth hang - login to console not possible + +------------------------------------------------------------------- +Thu Mar 4 03:25:51 UTC 2021 - jason.rec...@suse.com @@ -12 +33 @@ -Mon Mar 1 21:37:07 UTC 2021 - jason.rec...@gmail.com +Mon Mar 1 21:37:07 UTC 2021 - jason.rec...@suse.com @@ -18 +39 @@ -Tue Jan 26 18:47:03 UTC 2021 - jason.rec...@gmail.com +Tue Jan 26 18:47:03 UTC 2021 - jason.rec...@suse.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sca-patterns-sle15-1.0.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15all/amavis-000019709.py new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15all/amavis-000019709.py --- old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15all/amavis-000019709.py 1970-01-01 01:00:00.000000000 +0100 +++ new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15all/amavis-000019709.py 2021-03-25 21:57:52.429684271 +0100 @@ -0,0 +1,73 @@ +#!/usr/bin/python + +# Title: Amavis Virus Scanner failed start +# Description: amavis.service failed to start after upgrade +# Modified: 2021 Mar 25 +# +############################################################################## +# Copyright (C) 2021, SUSE LLC +############################################################################## +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +# Authors/Contributors: +# Jason Record <jason.rec...@suse.com> +# +############################################################################## + +############################################################################## +# Module Definition +############################################################################## + +import os +import Core +import SUSE + +############################################################################## +# Overriden (eventually or in part) from SDP::Core Module +############################################################################## + +META_CLASS = "SLE" +META_CATEGORY = "Services" +META_COMPONENT = "Amavis" +PATTERN_ID = os.path.basename(__file__) +PRIMARY_LINK = "META_LINK_TID" +OVERALL = Core.TEMP +OVERALL_INFO = "NOT SET" +OTHER_LINKS = "META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019709"; + +Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK, OVERALL, OVERALL_INFO, OTHER_LINKS) + +############################################################################## +# Main Program Execution +############################################################################## + +RPM_NAME = 'amavisd-new' +SERVICE_NAME = 'amavis.service' +SERVICE_INFO = SUSE.getServiceDInfo(SERVICE_NAME) + +if( SUSE.packageInstalled(RPM_NAME) ): + if( SERVICE_INFO['UnitFileState'] == 'enabled' ): + if( SERVICE_INFO['SubState'] == 'failed' ): + if 'sa-update' in SERVICE_INFO['StatusText']: + Core.updateStatus(Core.CRIT, "The " + str(SERVICE_NAME) + " has failed, run sa-update") + else: + Core.updateStatus(Core.WARN, "The " + str(SERVICE_NAME) + " has failed, consider running sa-update") + else: + Core.updateStatus(Core.ERROR, "Service did not fail: " + str(SERVICE_NAME)) + else: + Core.updateStatus(Core.ERROR, "Service is disabled: " + str(SERVICE_NAME)) +else: + Core.updateStatus(Core.ERROR, "ERROR: RPM package " + RPM_NAME + " not installed") + +Core.printPatternResults() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp0/bleedingtooth_150-000019735.py new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp0/bleedingtooth_150-000019735.py --- old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp0/bleedingtooth_150-000019735.py 1970-01-01 01:00:00.000000000 +0100 +++ new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp0/bleedingtooth_150-000019735.py 2021-03-25 17:15:40.875384256 +0100 @@ -0,0 +1,65 @@ +#!/usr/bin/python +# +# Title: Pattern for TID000019735 +# Description: Security Vulnerability: BleedingTooth aka CVE-2020-12351, CVE-2020-12352, and CVE-2020-24490 +# Source: Package Version Pattern Template v0.3.5 +# Options: SLE,Kernel,Bluetooth,000019735,0,bleedingtooth,kernel-default,4.4.121-92.146,0,1 +# Distro: SLES15 SP0 +# Modified: 2021 Mar 25 +# +############################################################################## +# Copyright (C) 2021 SUSE LLC +############################################################################## +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +# Authors/Contributors: +# Jason Record <jason.rec...@suse.com> +# +############################################################################## + +import os +import Core +import SUSE + +META_CLASS = "SLE" +META_CATEGORY = "Kernel" +META_COMPONENT = "Bluetooth" +PATTERN_ID = os.path.basename(__file__) +PRIMARY_LINK = "META_LINK_TID" +OVERALL = Core.TEMP +OVERALL_INFO = "NOT SET" +OTHER_LINKS = "META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019735|META_LINK_CVE1=https://www.suse.com/security/cve/CVE-2020-12351|META_LINK_CVE2=https://www.suse.com/security/cve/CVE-2020-12352|META_LINK_CVE3=https://www.suse.com/security/cve/CVE-2020-24490"; +Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK, OVERALL, OVERALL_INFO, OTHER_LINKS) + +############################################################################## +# Main Program Execution +############################################################################## + +RPM_BLUE = 'bluez' +RPM_NAME = 'kernel-default' +RPM_VERSION_FIXED = '4.12.14-150.63' +if( SUSE.packageInstalled(RPM_BLUE) ): + if( SUSE.packageInstalled(RPM_NAME) ): + INSTALLED_VERSION = SUSE.compareRPM(RPM_NAME, RPM_VERSION_FIXED) + if( INSTALLED_VERSION >= 0 ): + Core.updateStatus(Core.IGNORE, "Bug fixes applied for " + RPM_NAME + "") + else: + Core.updateStatus(Core.WARN, "Detected Security Vulnerability: BleedingTooth, update server to apply fixes") + else: + Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed") +else: + Core.updateStatus(Core.ERROR, "ERROR: " + RPM_BLUE + " not installed") + +Core.printPatternResults() + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp0/plymouth-000019595.py new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp0/plymouth-000019595.py --- old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp0/plymouth-000019595.py 1970-01-01 01:00:00.000000000 +0100 +++ new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp0/plymouth-000019595.py 2021-03-24 23:36:47.253367296 +0100 @@ -0,0 +1,106 @@ +#!/usr/bin/python + +# Title: Pattern for TID000019595 +# Description: plymouth hang - login to console not possible +# Modified: 2021 Mar 24 +# +############################################################################## +# Copyright (C) 2021, SUSE LLC +############################################################################## +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +# Authors/Contributors: +# Jason Record <jason.rec...@suse.com> +# +############################################################################## + +############################################################################## +# Module Definition +############################################################################## + +import os +import re +import Core +import SUSE + +############################################################################## +# Overriden (eventually or in part) from SDP::Core Module +############################################################################## + +META_CLASS = "SLE" +META_CATEGORY = "Login" +META_COMPONENT = "Plymouth" +PATTERN_ID = os.path.basename(__file__) +PRIMARY_LINK = "META_LINK_TID" +OVERALL = Core.TEMP +OVERALL_INFO = "NOT SET" +OTHER_LINKS = "META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019595|META_LINK_TID2=https://www.suse.com/support/kb/doc/?id=000019853"; + + +Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK, OVERALL, OVERALL_INFO, OTHER_LINKS) +############################################################################## +# Local Function Definitions +############################################################################## + +def workAroundApplied(): + fileOpen = "boot.txt" + section = "/proc/cmdline" + content = {} + CONFIRMED = re.compile("plymouth.enable=0", re.IGNORECASE) + if Core.getSection(fileOpen, section, content): + for line in content: + if CONFIRMED.search(content[line]): + return True + return False + +def graphicalTarget(): + fileOpen = "systemd.txt" + section = "/bin/ls -alR /etc/systemd/" + content = {} + CONFIRMED = re.compile("default\.target.*graphical\.target", re.IGNORECASE) + if Core.getSection(fileOpen, section, content): + for line in content: + if CONFIRMED.search(content[line]): + return True + return False + +def plymouthRunning(): + fileOpen = "systemd.txt" + section = "/bin/systemctl.*list-units" + content = {} + CONFIRMED = re.compile("plymouth-quit-wait.service.*start.*running", re.IGNORECASE) + if Core.getSection(fileOpen, section, content): + for line in content: + if CONFIRMED.search(content[line]): + return True + return False + +############################################################################## +# Main Program Execution +############################################################################## + +if( workAroundApplied() ): + Core.updateStatus(Core.IGNORE, "Workaround applied") +else: + if( graphicalTarget() ): + if( plymouthRunning() ): + Core.updateStatus(Core.WARN, "Plymouth hang may cause console login failure, consider disabling plymouth") + else: + Core.updateStatus(Core.WARN, "Console login issue may occur, disable plymouth if needed") + else: + Core.updateStatus(Core.ERROR, "Not using graphical.target as default") + +Core.printPatternResults() + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/bleedingtooth_151-000019735.py new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/bleedingtooth_151-000019735.py --- old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/bleedingtooth_151-000019735.py 1970-01-01 01:00:00.000000000 +0100 +++ new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/bleedingtooth_151-000019735.py 2021-03-25 17:15:11.144175015 +0100 @@ -0,0 +1,65 @@ +#!/usr/bin/python +# +# Title: Pattern for TID000019735 +# Description: Security Vulnerability: BleedingTooth aka CVE-2020-12351, CVE-2020-12352, and CVE-2020-24490 +# Source: Package Version Pattern Template v0.3.5 +# Options: SLE,Kernel,Bluetooth,000019735,0,bleedingtooth,kernel-default,4.4.121-92.146,0,1 +# Distro: SLES15 SP1 +# Modified: 2021 Mar 25 +# +############################################################################## +# Copyright (C) 2021 SUSE LLC +############################################################################## +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +# Authors/Contributors: +# Jason Record <jason.rec...@suse.com> +# +############################################################################## + +import os +import Core +import SUSE + +META_CLASS = "SLE" +META_CATEGORY = "Kernel" +META_COMPONENT = "Bluetooth" +PATTERN_ID = os.path.basename(__file__) +PRIMARY_LINK = "META_LINK_TID" +OVERALL = Core.TEMP +OVERALL_INFO = "NOT SET" +OTHER_LINKS = "META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019735|META_LINK_CVE1=https://www.suse.com/security/cve/CVE-2020-12351|META_LINK_CVE2=https://www.suse.com/security/cve/CVE-2020-12352|META_LINK_CVE3=https://www.suse.com/security/cve/CVE-2020-24490"; +Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK, OVERALL, OVERALL_INFO, OTHER_LINKS) + +############################################################################## +# Main Program Execution +############################################################################## + +RPM_BLUE = 'bluez' +RPM_NAME = 'kernel-default' +RPM_VERSION_FIXED = '4.12.14-197.64' +if( SUSE.packageInstalled(RPM_BLUE) ): + if( SUSE.packageInstalled(RPM_NAME) ): + INSTALLED_VERSION = SUSE.compareRPM(RPM_NAME, RPM_VERSION_FIXED) + if( INSTALLED_VERSION >= 0 ): + Core.updateStatus(Core.IGNORE, "Bug fixes applied for " + RPM_NAME + "") + else: + Core.updateStatus(Core.WARN, "Detected Security Vulnerability: BleedingTooth, update server to apply fixes") + else: + Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed") +else: + Core.updateStatus(Core.ERROR, "ERROR: " + RPM_BLUE + " not installed") + +Core.printPatternResults() + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/lscpu-000019784-15.py new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/lscpu-000019784-15.py --- old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/lscpu-000019784-15.py 1970-01-01 01:00:00.000000000 +0100 +++ new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/lscpu-000019784-15.py 2021-03-23 22:02:45.436879855 +0100 @@ -0,0 +1,87 @@ +#!/usr/bin/python +# +# Title: Pattern for TID000019784 +# Description: lscpu segfaults on IBM Power8 - Assertion failed +# Source: Package Version Pattern Template v0.3.5 +# Options: SLE,Utils,lscpu,000019784,1175623,lscpu,util-linux,2.33.2-4.6.1,0,1 +# Distro: SLES15 SP[1,2] +# Modified: 2021 Mar 23 +# +############################################################################## +# Copyright (C) 2021 SUSE LLC +############################################################################## +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +# Authors/Contributors: +# Jason Record <jason.rec...@suse.com> +# +############################################################################## + +import re +import os +import Core +import SUSE + +META_CLASS = "SLE" +META_CATEGORY = "Utils" +META_COMPONENT = "lscpu" +PATTERN_ID = os.path.basename(__file__) +PRIMARY_LINK = "META_LINK_TID" +OVERALL = Core.TEMP +OVERALL_INFO = "NOT SET" +OTHER_LINKS = "META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019784|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1175623"; +Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK, OVERALL, OVERALL_INFO, OTHER_LINKS) + +############################################################################## +# Local Function Definitions +############################################################################## + +def conditionConfirmed(): + fileOpen = "crash.txt" + section = "coredumpctl list" + content = {} + CONFIRMED = re.compile("/usr/bin/lscpu", re.IGNORECASE) + if Core.getSection(fileOpen, section, content): + for line in content: + if CONFIRMED.search(content[line]): + return True + return False + +############################################################################## +# Main Program Execution +############################################################################## + +RPM_NAME = 'util-linux' +RPM_VERSION_FIXED = '2.33.1-4.13.1' +SERVER = SUSE.getHostInfo() +POWER = re.compile("ppc64|s390", re.IGNORECASE) + +if POWER.search(SERVER['Architecture']): + if( SUSE.packageInstalled(RPM_NAME) ): + INSTALLED_VERSION = SUSE.compareRPM(RPM_NAME, RPM_VERSION_FIXED) + if( INSTALLED_VERSION >= 0 ): + Core.updateStatus(Core.IGNORE, "Bug fixes applied for " + RPM_NAME + "") + else: + if( conditionConfirmed() ): + Core.updateStatus(Core.CRIT, "Detected lscpu application crash, update server to apply fixes") + else: + Core.updateStatus(Core.WARN, "lscpu may crash, update server to apply fixes") + else: + Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed") +else: + Core.updateStatus(Core.ERROR, "Invalid Architecture for Test Case - " + SERVER['Architecture']) + + +Core.printPatternResults() + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/plymouth-000019595.py new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/plymouth-000019595.py --- old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/plymouth-000019595.py 1970-01-01 01:00:00.000000000 +0100 +++ new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/plymouth-000019595.py 2021-03-24 23:37:01.292998466 +0100 @@ -0,0 +1,106 @@ +#!/usr/bin/python + +# Title: Pattern for TID000019595 +# Description: plymouth hang - login to console not possible +# Modified: 2021 Mar 24 +# +############################################################################## +# Copyright (C) 2021, SUSE LLC +############################################################################## +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +# Authors/Contributors: +# Jason Record <jason.rec...@suse.com> +# +############################################################################## + +############################################################################## +# Module Definition +############################################################################## + +import os +import re +import Core +import SUSE + +############################################################################## +# Overriden (eventually or in part) from SDP::Core Module +############################################################################## + +META_CLASS = "SLE" +META_CATEGORY = "Login" +META_COMPONENT = "Plymouth" +PATTERN_ID = os.path.basename(__file__) +PRIMARY_LINK = "META_LINK_TID" +OVERALL = Core.TEMP +OVERALL_INFO = "NOT SET" +OTHER_LINKS = "META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019595|META_LINK_TID2=https://www.suse.com/support/kb/doc/?id=000019853"; + + +Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK, OVERALL, OVERALL_INFO, OTHER_LINKS) +############################################################################## +# Local Function Definitions +############################################################################## + +def workAroundApplied(): + fileOpen = "boot.txt" + section = "/proc/cmdline" + content = {} + CONFIRMED = re.compile("plymouth.enable=0", re.IGNORECASE) + if Core.getSection(fileOpen, section, content): + for line in content: + if CONFIRMED.search(content[line]): + return True + return False + +def graphicalTarget(): + fileOpen = "systemd.txt" + section = "/bin/ls -alR /etc/systemd/" + content = {} + CONFIRMED = re.compile("default\.target.*graphical\.target", re.IGNORECASE) + if Core.getSection(fileOpen, section, content): + for line in content: + if CONFIRMED.search(content[line]): + return True + return False + +def plymouthRunning(): + fileOpen = "systemd.txt" + section = "/bin/systemctl.*list-units" + content = {} + CONFIRMED = re.compile("plymouth-quit-wait.service.*start.*running", re.IGNORECASE) + if Core.getSection(fileOpen, section, content): + for line in content: + if CONFIRMED.search(content[line]): + return True + return False + +############################################################################## +# Main Program Execution +############################################################################## + +if( workAroundApplied() ): + Core.updateStatus(Core.IGNORE, "Workaround applied") +else: + if( graphicalTarget() ): + if( plymouthRunning() ): + Core.updateStatus(Core.WARN, "Plymouth hang may cause console login failure, consider disabling plymouth") + else: + Core.updateStatus(Core.WARN, "Console login issue may occur, disable plymouth if needed") + else: + Core.updateStatus(Core.ERROR, "Not using graphical.target as default") + +Core.printPatternResults() + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/x710-000019639.py new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/x710-000019639.py --- old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/x710-000019639.py 1970-01-01 01:00:00.000000000 +0100 +++ new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp1/x710-000019639.py 2021-03-24 17:54:21.407659547 +0100 @@ -0,0 +1,93 @@ +#!/usr/bin/python +# +# Title: Pattern for TID000019639 +# Description: Intel X710 based NIC is not detected +# Source: Package Version Pattern Template v0.3.5 +# Options: SLE,Kernel,Drivers,000019639,1151067,x710,kernel-default,4.12.14-197.29,0,1 +# Modified: 2021 Mar 24 +# +############################################################################## +# Copyright (C) 2021 SUSE LLC +############################################################################## +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +# Authors/Contributors: +# Jason Record <jason.rec...@suse.com> +# +############################################################################## + +import re +import os +import Core +import SUSE + +META_CLASS = "SLE" +META_CATEGORY = "Kernel" +META_COMPONENT = "Drivers" +PATTERN_ID = os.path.basename(__file__) +PRIMARY_LINK = "META_LINK_TID" +OVERALL = Core.TEMP +OVERALL_INFO = "NOT SET" +OTHER_LINKS = "META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019639|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1151067"; +Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK, OVERALL, OVERALL_INFO, OTHER_LINKS) + +############################################################################## +# Local Function Definitions +############################################################################## + +def x710Controller(): + fileOpen = "hardware.txt" + section = "lspci" + content = {} + CONFIRMED = re.compile("Intel Corporation Ethernet Controller x710", re.IGNORECASE) + if Core.getSection(fileOpen, section, content): + for line in content: + if CONFIRMED.search(content[line]): + return True + return False + +def conditionConfirmed(): + fileOpen = "boot.txt" + section = "/dmesg" + content = {} + CONFIRMED = re.compile("i40e.*probe of.*failed with error -11", re.IGNORECASE) + if Core.getSection(fileOpen, section, content): + for line in content: + if CONFIRMED.search(content[line]): + return True + return False + +############################################################################## +# Main Program Execution +############################################################################## + +RPM_NAME = 'kernel-default' +RPM_VERSION_FIXED = '4.12.14-197.29' +if( SUSE.packageInstalled(RPM_NAME) ): + INSTALLED_VERSION = SUSE.compareRPM(RPM_NAME, RPM_VERSION_FIXED) + if( INSTALLED_VERSION >= 0 ): + Core.updateStatus(Core.IGNORE, "Bug fixes applied for " + RPM_NAME + "") + else: + if( x710Controller() ): + if( conditionConfirmed() ): + Core.updateStatus(Core.CRIT, "The x710 network controller cannot be recognized, update system for fixes") + else: + Core.updateStatus(Core.WARN, "The x710 network controller may not be recognized, update system for fixes") + else: + Core.updateStatus(Core.ERROR, "ERROR: Missing Intel x710 controller") +else: + Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed") + +Core.printPatternResults() + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/bleedingtooth_152-000019735.py new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/bleedingtooth_152-000019735.py --- old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/bleedingtooth_152-000019735.py 1970-01-01 01:00:00.000000000 +0100 +++ new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/bleedingtooth_152-000019735.py 2021-03-25 17:14:42.392938728 +0100 @@ -0,0 +1,65 @@ +#!/usr/bin/python +# +# Title: Pattern for TID000019735 +# Description: Security Vulnerability: BleedingTooth aka CVE-2020-12351, CVE-2020-12352, and CVE-2020-24490 +# Source: Package Version Pattern Template v0.3.5 +# Options: SLE,Kernel,Bluetooth,000019735,0,bleedingtooth,kernel-default,4.4.121-92.146,0,1 +# Distro: SLES15 SP2 +# Modified: 2021 Mar 25 +# +############################################################################## +# Copyright (C) 2021 SUSE LLC +############################################################################## +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +# Authors/Contributors: +# Jason Record <jason.rec...@suse.com> +# +############################################################################## + +import os +import Core +import SUSE + +META_CLASS = "SLE" +META_CATEGORY = "Kernel" +META_COMPONENT = "Bluetooth" +PATTERN_ID = os.path.basename(__file__) +PRIMARY_LINK = "META_LINK_TID" +OVERALL = Core.TEMP +OVERALL_INFO = "NOT SET" +OTHER_LINKS = "META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019735|META_LINK_CVE1=https://www.suse.com/security/cve/CVE-2020-12351|META_LINK_CVE2=https://www.suse.com/security/cve/CVE-2020-12352|META_LINK_CVE3=https://www.suse.com/security/cve/CVE-2020-24490"; +Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK, OVERALL, OVERALL_INFO, OTHER_LINKS) + +############################################################################## +# Main Program Execution +############################################################################## + +RPM_BLUE = 'bluez' +RPM_NAME = 'kernel-default' +RPM_VERSION_FIXED = '5.3.18-24.29' +if( SUSE.packageInstalled(RPM_BLUE) ): + if( SUSE.packageInstalled(RPM_NAME) ): + INSTALLED_VERSION = SUSE.compareRPM(RPM_NAME, RPM_VERSION_FIXED) + if( INSTALLED_VERSION >= 0 ): + Core.updateStatus(Core.IGNORE, "Bug fixes applied for " + RPM_NAME + "") + else: + Core.updateStatus(Core.WARN, "Detected Security Vulnerability: BleedingTooth, update server to apply fixes") + else: + Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed") +else: + Core.updateStatus(Core.ERROR, "ERROR: " + RPM_BLUE + " not installed") + +Core.printPatternResults() + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/kernel-000019739.py new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/kernel-000019739.py --- old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/kernel-000019739.py 1970-01-01 01:00:00.000000000 +0100 +++ new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/kernel-000019739.py 2021-03-25 16:24:03.910857319 +0100 @@ -0,0 +1,80 @@ +#!/usr/bin/python +# +# Title: Pattern for TID000019739 +# Description: BIOS update failure when an update is performed using the Linux .bin files +# Source: Package Version Pattern Template v0.3.5 +# Options: SLE,Kernel,Update,000019739,1175952,kernel,kernel-default,5.3.18-24.24,0,1 +# Distro: SLES15 SP2 +# Modified: 2021 Mar 25 +# +############################################################################## +# Copyright (C) 2021 SUSE LLC +############################################################################## +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +# Authors/Contributors: +# Jason Record <jason.rec...@suse.com> +# +############################################################################## + +import re +import os +import Core +import SUSE + +META_CLASS = "SLE" +META_CATEGORY = "Kernel" +META_COMPONENT = "Update" +PATTERN_ID = os.path.basename(__file__) +PRIMARY_LINK = "META_LINK_TID" +OVERALL = Core.TEMP +OVERALL_INFO = "NOT SET" +OTHER_LINKS = "META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019739|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1175952"; +Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK, OVERALL, OVERALL_INFO, OTHER_LINKS) + +############################################################################## +# Local Function Definitions +############################################################################## + +def conditionConfirmed(): + fileOpen = "basic-environment.txt" + section = "Virtualization" + content = {} + CONFIRMED = re.compile("PowerEdge.*R240|PowerEdge.*R340|PowerEdge.*T140|PowerEdge.*T340", re.IGNORECASE) + if Core.getSection(fileOpen, section, content): + for line in content: + if CONFIRMED.search(content[line]): + return True + return False + +############################################################################## +# Main Program Execution +############################################################################## + +RPM_NAME = 'kernel-default' +RPM_VERSION_FIXED = '5.3.18-24.24' +if( SUSE.packageInstalled(RPM_NAME) ): + INSTALLED_VERSION = SUSE.compareRPM(RPM_NAME, RPM_VERSION_FIXED) + if( INSTALLED_VERSION >= 0 ): + Core.updateStatus(Core.IGNORE, "Bug fixes applied for " + RPM_NAME + "") + else: + if( conditionConfirmed() ): + Core.updateStatus(Core.WARN, "BIOS update with .bin files may fail, install updated kernel first") + else: + Core.updateStatus(Core.ERROR, "Issue does not apply to this hardware") +else: + Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed") + +Core.printPatternResults() + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/lscpu-000019784-15.py new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/lscpu-000019784-15.py --- old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/lscpu-000019784-15.py 1970-01-01 01:00:00.000000000 +0100 +++ new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/lscpu-000019784-15.py 2021-03-23 22:02:38.353065113 +0100 @@ -0,0 +1,87 @@ +#!/usr/bin/python +# +# Title: Pattern for TID000019784 +# Description: lscpu segfaults on IBM Power8 - Assertion failed +# Source: Package Version Pattern Template v0.3.5 +# Options: SLE,Utils,lscpu,000019784,1175623,lscpu,util-linux,2.33.2-4.6.1,0,1 +# Distro: SLES15 SP[1,2] +# Modified: 2021 Mar 23 +# +############################################################################## +# Copyright (C) 2021 SUSE LLC +############################################################################## +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +# Authors/Contributors: +# Jason Record <jason.rec...@suse.com> +# +############################################################################## + +import re +import os +import Core +import SUSE + +META_CLASS = "SLE" +META_CATEGORY = "Utils" +META_COMPONENT = "lscpu" +PATTERN_ID = os.path.basename(__file__) +PRIMARY_LINK = "META_LINK_TID" +OVERALL = Core.TEMP +OVERALL_INFO = "NOT SET" +OTHER_LINKS = "META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019784|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1175623"; +Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK, OVERALL, OVERALL_INFO, OTHER_LINKS) + +############################################################################## +# Local Function Definitions +############################################################################## + +def conditionConfirmed(): + fileOpen = "crash.txt" + section = "coredumpctl list" + content = {} + CONFIRMED = re.compile("/usr/bin/lscpu", re.IGNORECASE) + if Core.getSection(fileOpen, section, content): + for line in content: + if CONFIRMED.search(content[line]): + return True + return False + +############################################################################## +# Main Program Execution +############################################################################## + +RPM_NAME = 'util-linux' +RPM_VERSION_FIXED = '2.33.1-4.13.1' +SERVER = SUSE.getHostInfo() +POWER = re.compile("ppc64|s390", re.IGNORECASE) + +if POWER.search(SERVER['Architecture']): + if( SUSE.packageInstalled(RPM_NAME) ): + INSTALLED_VERSION = SUSE.compareRPM(RPM_NAME, RPM_VERSION_FIXED) + if( INSTALLED_VERSION >= 0 ): + Core.updateStatus(Core.IGNORE, "Bug fixes applied for " + RPM_NAME + "") + else: + if( conditionConfirmed() ): + Core.updateStatus(Core.CRIT, "Detected lscpu application crash, update server to apply fixes") + else: + Core.updateStatus(Core.WARN, "lscpu may crash, update server to apply fixes") + else: + Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed") +else: + Core.updateStatus(Core.ERROR, "Invalid Architecture for Test Case - " + SERVER['Architecture']) + + +Core.printPatternResults() + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/openwsman-000019729.py new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/openwsman-000019729.py --- old/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/openwsman-000019729.py 1970-01-01 01:00:00.000000000 +0100 +++ new/sca-patterns-sle15-1.0.1/patterns/SLE/sle15sp2/openwsman-000019729.py 2021-03-24 15:22:11.191517563 +0100 @@ -0,0 +1,60 @@ +#!/usr/bin/python +# +# Title: Pattern for TID000019729 +# Description: openwsman: owsmangencert.sh generates error +# Source: Package Version Pattern Template v0.3.5 +# Options: SLE,Certificates,openwsman,000019729,1174541,openwsman,openwsman-server,2.6.7-3.9.1,0,0 +# Modified: 2021 Mar 24 +# +############################################################################## +# Copyright (C) 2021 SUSE LLC +############################################################################## +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +# Authors/Contributors: +# Jason Record <jason.rec...@suse.com> +# +############################################################################## + +import os +import Core +import SUSE + +META_CLASS = "SLE" +META_CATEGORY = "Certificates" +META_COMPONENT = "openwsman" +PATTERN_ID = os.path.basename(__file__) +PRIMARY_LINK = "META_LINK_TID" +OVERALL = Core.TEMP +OVERALL_INFO = "NOT SET" +OTHER_LINKS = "META_LINK_TID=https://www.suse.com/support/kb/doc/?id=000019729|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1174541"; +Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK, OVERALL, OVERALL_INFO, OTHER_LINKS) + +############################################################################## +# Main Program Execution +############################################################################## + +RPM_NAME = 'openwsman-server' +RPM_VERSION_FIXED = '2.6.7-3.9.1' +if( SUSE.packageInstalled(RPM_NAME) ): + INSTALLED_VERSION = SUSE.compareRPM(RPM_NAME, RPM_VERSION_FIXED) + if( INSTALLED_VERSION >= 0 ): + Core.updateStatus(Core.IGNORE, "Bug fixes applied for " + RPM_NAME + "") + else: + Core.updateStatus(Core.WARN, "Creating self-signed certs for openwsman may fail without a workaround or update") +else: + Core.updateStatus(Core.ERROR, "ERROR: " + RPM_NAME + " not installed") + +Core.printPatternResults() +
