** Patch added: "focal debdiff" https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1851682/+attachment/5342347/+files/openscap_1.2.16-2ubuntu4.debdiff
** Description changed: - I think this needs an SRU, as such I'm modifying the description based - on the SRU template. I'll update the title and attach debdiffs shortly. - [Impact] The bug causes oscap to fail to run with OVAL files produced by the Ubuntu Security team. This is the upstream issue: https://github.com/OpenSCAP/openscap/issues/1367 The fix is simple and I've tested in under bionic, eoan, and focal. The patch corrects an typo or copy/paste error in the original code. https://github.com/OpenSCAP/openscap/commit/5e5bc61c1fc6a6556665aa5689a62d6bc6487c74 [Test Case] This can be reproduced on eoan and focal by following the instructions for using ubuntu security oval data here: https://people.canonical.com /~ubuntu-security/oval/ The bug does not manifest directly in bionic but if you include libopenscap8 in a snap based on core18, the version of oscap in the snap will produce the same behavior when you run the snap on eoan or focal [Regression Potential] The potential for regression seems low in this case. I've built the deb locally for bionic, eoan, and focal and smoke tested in in VMs using the ubuntu security OVAL files and the test file from the comment below https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1851682/comments/2 If a regression were to exist, it would likely manifest itself with a runtime error much like the original problem. ############################################ ORIGINAL BUG REPORT BELOW ########################################### oscap segfaults while trying to check using ubuntu-security definitions: The command: oscap oval eval --report /tmp/oscap_report.html /var/tmp/com.ubuntu.eoan.cve.oval.xml Segfault: ... Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Probe with PID=26379 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=26379 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Unable to close probe sd [../../../src/OVAL/oval_probe_ext.c:424] Unable to receive a message from probe [../../../src/OVAL/oval_probe_ext.c:579] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] Probe with PID=26393 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=26393 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Unable to close probe sd [../../../src/OVAL/oval_probe_ext.c:424] Unable to receive a message from probe [../../../src/OVAL/oval_probe_ext.c:579] Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179] The OVAL definitions are taken directly from https://people.canonical.com/~ubuntu- security/oval/com.ubuntu.eoan.cve.oval.xml Version: oscap --version OpenSCAP command line tool (oscap) 1.2.16 Copyright 2009--2017 Red Hat Inc., Durham, North Carolina. ==== Supported specifications ==== XCCDF Version: 1.2 OVAL Version: 5.11.1 CPE Version: 2.3 CVSS Version: 2.0 CVE Version: 2.0 Asset Identification Version: 1.1 Asset Reporting Format Version: 1.1 CVRF Version: 1.1 ==== Capabilities added by auto-loaded plugins ==== SCE Version: 1.0 (from libopenscap_sce.so.8) ==== Paths ==== Schema files: /usr/share/openscap/schemas Default CPE files: /usr/share/openscap/cpe Probes: /usr/lib/x86_64-linux-gnu/openscap -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851682 Title: oscap is broken in ubuntu 19.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1851682/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
