Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package scap-security-guide for
openSUSE:Factory checked in at 2022-06-28 15:22:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old)
and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1548 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "scap-security-guide"
Tue Jun 28 15:22:59 2022 rev:17 rq:985543 version:0.1.62
Changes:
--------
--- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes
2022-06-10 15:58:02.816857868 +0200
+++
/work/SRC/openSUSE:Factory/.scap-security-guide.new.1548/scap-security-guide.changes
2022-06-28 15:23:19.894028303 +0200
@@ -1,0 +2,6 @@
+Mon Jun 27 12:59:21 UTC 2022 - Marcus Meissner <[email protected]>
+
+- fix-bash-template.patch: convert one bash emitter to new jinja method.
+ (bsc#1200163)
+
+-------------------------------------------------------------------
New:
----
fix-bash-template.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ scap-security-guide.spec ++++++
--- /var/tmp/diff_new_pack.qCsvvS/_old 2022-06-28 15:23:20.902029807 +0200
+++ /var/tmp/diff_new_pack.qCsvvS/_new 2022-06-28 15:23:20.906029814 +0200
@@ -53,6 +53,8 @@
%endif
Source:
https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz
Patch0: scap-security-guide-UnicodeEncodeError-character-fix.patch
+# upstream d9aa7a49d135be60e1a6f9d2ce4e29560482b3d0 and
3485c8298957b24d97a563079fd648004a92822b
+Patch1: fix-bash-template.patch
BuildRequires: cmake
%if "%{_vendor}" == "debbuild"
@@ -178,6 +180,7 @@
%prep
%setup -n content-%version
%patch0 -p0
+%patch1 -p1
%build
cd build
++++++ fix-bash-template.patch ++++++
diff --git a/shared/templates/audit_rules_syscall_events/bash.template
b/shared/templates/audit_rules_syscall_events/bash.template
index 6532554875..bd5bb94cb9 100644
--- a/shared/templates/audit_rules_syscall_events/bash.template
+++ b/shared/templates/audit_rules_syscall_events/bash.template
@@ -1,19 +1,20 @@
# platform =
multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-# Include source function library.
-. /usr/share/scap-security-guide/remediation_functions
-
# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
[ "$(getconf LONG_BIT)" = "32" ] && RULE_ARCHS=("b32") || RULE_ARCHS=("b32"
"b64")
for ARCH in "${RULE_ARCHS[@]}"
do
- PATTERN="-a always,exit -F arch=$ARCH -S {{{ ATTR }}}.*"
- GROUP="perm_mod"
- FULL_RULE="-a always,exit -F arch=$ARCH -S {{{ ATTR }}} -F auid>={{{
auid }}} -F auid!=4294967295 -F key=perm_mod"
+ # FULL_RULE="-a always,exit -F arch=$ARCH -S {{{ ATTR }}} -F auid>={{{
auid }}} -F auid!=4294967295 -F key=perm_mod"
+ ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH"
+ SYSCALL="{{{ ATTR }}}"
+ SYSCALL_GROUPING="{{{ ATTR }}}"
+ AUID_FILTERS="-F auid>={{{ auid }}} -F auid!=4294967295"
+ KEY="perm_mod"
+ OTHER_FILTERS=""
# Perform the remediation for both possible tools: 'auditctl' and
'augenrules'
- fix_audit_syscall_rule "augenrules" "$PATTERN" "$GROUP" "$ARCH"
"$FULL_RULE"
- fix_audit_syscall_rule "auditctl" "$PATTERN" "$GROUP" "$ARCH"
"$FULL_RULE"
+ {{{ bash_fix_audit_syscall_rule("augenrules","$ACTION_ARCH_FILTERS",
"$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") }}}
+ {{{ bash_fix_audit_syscall_rule("auditctl", "$ACTION_ARCH_FILTERS",
"$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") }}}
done
