starlingx/integ
Code Issues Proposed changes

Upgrade Openscap (1.3.5 -> 1.3.6)

Browse Source 
Upgrade Openscap tool to release 1.3.6, using the debianized version
1.3.6+dsfg-6 for the packaging files available at
https://salsa.debian.org/debian/openscap/-/blob/debian/1.3.6+dfsg-6/debian/changelog
Didn't change any files or patches.

Segmentation faults during Openscap usage seen in Starlingx were
fixed in this release of Openscap, and are the reason of this upgrade.

Test Plan:
PASS: Build iso.

PASS: Deploy AIO-SX.

PASS: Check version (oscap --version). Result should be 1.3.6.

PASS: Run openscap using one of default manifests. There should be no
segmentation fault issues. Command i.e.:
"oscap xccdf eval --profile \
xccdf_org.ssgproject.content_profile_anssi_np_nt28_high \
--report controller-0-report.html \
/usr/share/xml/scap/ssg/content/ssg-debian11-ds-1.2.xml".

Closes-Bug: 2006782

Signed-off-by: Marcelo de Castro Loebens <Marcelo.DeCastroLoebens@windriver.com>
Change-Id: I34ff193227ae51ec709b7d69b6a97abc074721f3
This commit is contained in:
Marcelo de Castro Loebens 2023-02-08 18:55:30 -04:00
parent 1d23617913
commit e17b830387
36 changed files with 3845 additions and 9450 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

146
security/openscap/debian/deb_folder/changelog
View File

@ -1,3 +1,123 @@
openscap (1.3.6+dfsg-6) unstable; urgency=medium
* Cherry-pick use-correct-includes.patch from upstream. Fixes build
with RPM >= 4.18.
* Update to Standards-Version 4.6.2, no changes needed.
* Add the year 2023 to my debian/* copyright notice.
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Tue, 10 Jan 2023 13:57:56 +0100
openscap (1.3.6+dfsg-5) unstable; urgency=medium
* Remove libprocps-dev as BD. Closes: #1024224
* Move BD related to documentation to BD-Indep
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Thu, 08 Dec 2022 22:01:54 +0100
openscap (1.3.6+dfsg-4) unstable; urgency=medium
* Delete files generated if systemd is found.
Thanks to Rene Engelhard for the suggestion (Closes: #1023041)
* Tag BD used only for tests with <!nocheck>
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Thu, 03 Nov 2022 21:24:45 +0100
openscap (1.3.6+dfsg-3) unstable; urgency=medium
* Depend on source, not binary version for arch all package.
* Remove old and unneeded break/conflict.
* Update d/watch to reflect changes toward GitHub.
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Sun, 30 Oct 2022 00:16:20 +0200
openscap (1.3.6+dfsg-2) unstable; urgency=medium
* Add OVAL-SEAP-Allocate-aligned-memory-in-SEXP_rawval_lblk_new.patch from
upstream. Closes: #1015205
* Add run-a-minor-testsuite.patch and start running some tests again.
- Add libxml-parser-perl and libxml-xpath-perl as build dependencies.
* Change -DCMAKE_SKIP_BUILD_RPATH=TRUE -> -DCMAKE_BUILD_RPATH_USE_ORIGIN=ON
* Don't install Doxygen files *.map and *.md5.
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Sat, 30 Jul 2022 11:26:47 +0200
openscap (1.3.6+dfsg-1) unstable; urgency=medium
* New upstream release.
* Patches:
- Rebase 010_perlpm_install_fix.patch and add DEP-3 compliant header.
- Drop 011_remove_custom_rpath.patch, no longer needed.
- Add update-whatis-entry.patch
- Add create-diagrams-when-generating-Doxygen-documen.patch
- Add create-Doxygen-diagrams-as-svg.patch
- Add add-missing-free.patch
- Add remove-superfluous-strdup.patch
* d/control:
- Apply Multi-Arch: foreign, to openscap-common.
- Add missing space in short package description.
* Drop d/dirs, not needed.
* Change downloaded release tarball, this includes yaml-filter
* Build documentation and place it in a new binary package.
* Use the CMake RPATH option, this also removes chrpath as BD.
* Update d/libopenscap25.symbols
* d/copyright:
- Include yaml-filter in source package.
- Bump copyright year in main paragraph.
- Include new file paragraphs.
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Wed, 20 Jul 2022 12:04:48 +0200
openscap (1.3.5+dfsg-3) unstable; urgency=medium
* Move from experimental to unstable.
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Fri, 15 Jul 2022 11:25:21 +0200
openscap (1.3.5+dfsg-2) experimental; urgency=medium
* Disable entire testsuite
This also removes 012-Disable-some-tests.patch and build-dependencies
libxml-parser-perl and libxml-xpath-perl.
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Wed, 13 Jul 2022 19:14:27 +0200
openscap (1.3.5+dfsg-1) experimental; urgency=medium
* New maintainer Closes: #1012868
* Repack source, remove yaml-filter and javascript files.
We also delete the related lintian-overrrides and
d/missing-sources directory.
* d/rules:
- Reformat CMake options. Closes: #1000279
- Build Python 3 library for all supported versions.
- Default build without verbose logging.
* d/control:
- Drop obsolete X-Python3-Version field.
- Update Standards-Version to 4.6.1
- Document Rules-Requires-Root.
- Add missing Break/Replace on openscap-common. Closes: #1001075
- Move package into Vcs repository.
- Remove ${python3-Depends} and libjs-jquery as dependencies for
libopenscap-dev, not needed.
- Remove libcurl-dev as build dependency, doesn't exist.
* Don't build documentation. We want this in a separate package.
* d/copyright:
- Convert to machine-readable format.
- Add myself under debian/* section.
* Patches:
- Drop 001_fix_kfreebsd_probe.patch, this is a 'linux-any' package.
- Add 012-Disable-some-tests.patch, disabled some test, the remaining
is kept for regression.
* Install upstream changelog in all binary packages.
* Set upstream metadata fields: Repository and Repository-Browse.
* Run wrap-and-sort -at
* Add symbols file.
* Add the missing changelog entry for version 1.2.17-0.1
* d/gbp.conf: Add pristine-tar, remove branch and tag entries, using
default values.
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Wed, 06 Jul 2022 07:35:05 +0200
openscap (1.3.5-0.1) experimental; urgency=medium
* Non-maintainer upload.
@ -42,6 +162,32 @@ openscap (1.3.4-1) unstable; urgency=medium
-- Philippe Thierry <philou@debian.org> Mon, 01 Feb 2021 16:22:30 +0100
openscap (1.2.17-0.1) unstable; urgency=medium
* Non-maintainer upload
* New upstream release
This is the first version with full python3 compatibility.
* Update package to python3 closes: #937211
* d/control
- Change to debhelper-compat
- Bump to debhelper 10
Being able to parallelize build
- Remove autotools-dev and dh_autotools from build dependencies
* Add apt-1.9.0.patch closes: #930673
* Add apt-1.9.11.patch use pkgCacheFile instead of mmap
Patches from Julian Andres Klode on Ubuntu
* Add use_sys-xattr.patch closes: #953916
also remove libattr1-dev as build-dependency
* Disable 010-install-cpe-oval.patch
* Add d/source/lintian-override for file with
very_long_line_lenghts_in_source_file
* Add d/libopenscap8.lintian-overrides for man page with long line length
* d/missing-sources
- Update jquery.js
- Add bootstrap.js
-- Håvard Flaget Aasen <haavard_aasen@yahoo.no> Fri, 10 Apr 2020 17:42:40 +0200
openscap (1.2.16-2) unstable; urgency=medium
* Add patch to install CPE OVAL files

153
security/openscap/debian/deb_folder/control
View File

@ -1,48 +1,52 @@
Source: openscap
Priority: optional
Maintainer: Pierre Chifflier <pollux@debian.org>
Uploaders: Philippe Thierry <philou@debian.org>
Build-Depends: debhelper-compat (= 13),
cmake,
libpcre3-dev,
libxml2-dev,
libxslt1-dev,
swig,
python3-all-dev,
libperl-dev,
libcurl4-openssl-dev | libcurl4-gnutls-dev | libcurl-dev,
libgcrypt-dev,
libapt-pkg-dev,
libselinux1-dev [linux-any],
libcap-dev [linux-any],
libattr1-dev,
libldap2-dev,
libbz2-dev,
libacl1-dev,
libblkid-dev,
libglib2.0-dev,
libyaml-dev,
librpm-dev,
libpopt-dev,
libprocps-dev,
libopendbx1-dev,
libxmlsec1-dev,
doxygen, graphviz,
asciidoc,
pkg-config,
dh-python,
chrpath,
libdbus-1-dev
Section: admin
X-Python3-Version: >= 3.9
Standards-Version: 4.5.1
Priority: optional
Maintainer: Håvard F. Aasen <havard.f.aasen@pfft.no>
Build-Depends: cmake,
debhelper-compat (= 13),
dh-python,
libacl1-dev,
libapt-pkg-dev,
libattr1-dev,
libblkid-dev,
libbz2-dev,
libcap-dev [linux-any],
libcurl4-openssl-dev | libcurl4-gnutls-dev,
libdbus-1-dev,
libgcrypt-dev,
libglib2.0-dev,
libldap2-dev,
libopendbx1-dev,
libpcre3-dev,
libperl-dev,
libpopt-dev,
librpm-dev,
libselinux1-dev [linux-any],
libxml-parser-perl <!nocheck>,
libxml-xpath-perl <!nocheck>,
libxml2-dev,
libxmlsec1-dev,
libxslt1-dev,
libyaml-dev,
pkg-config,
python3-all-dev,
swig,
Build-Depends-Indep: asciidoc,
doxygen,
graphviz,
Standards-Version: 4.6.2
Rules-Requires-Root: no
Homepage: https://www.open-scap.org/
Vcs-Browser: https://salsa.debian.org/debian/openscap
Vcs-Git: https://salsa.debian.org/debian/openscap.git
Package: libopenscap-dev
Section: libdevel
Architecture: linux-any
Depends: libopenscap25 (= ${binary:Version}), ${misc:Depends}, ${python3:Depends}, libjs-jquery
Description: Set of libraries enabling integration of the SCAP line of standards
Depends: libopenscap25 (= ${binary:Version}),
${misc:Depends},
Suggests: openscap-doc,
Description: libraries enabling integration of the SCAP line of standards - Development files
OpenSCAP is a set of open source libraries providing an easier path
for integration of the SCAP line of standards. SCAP is a line of
standards managed by NIST with the goal of providing a standard language
@ -62,11 +66,12 @@ Description: Set of libraries enabling integration of the SCAP line of standards
Package: libopenscap25
Section: libs
Architecture: linux-any
Conflicts: libopenscap0, libopenscap1, libopenscap3, libopenscap8,
Replaces: libopenscap0, libopenscap1, libopenscap3, libopenscap8,
Pre-Depends: ${misc:Pre-Depends}
Depends: ${shlibs:Depends}, ${misc:Depends},
Description: Set of libraries enabling integration of the SCAP line of standards
Conflicts: libopenscap8,
Replaces: libopenscap8,
Pre-Depends: ${misc:Pre-Depends},
Depends: ${misc:Depends},
${shlibs:Depends},
Description: libraries enabling integration of the SCAP line of standards
OpenSCAP is a set of open source libraries providing an easier path
for integration of the SCAP line of standards. SCAP is a line of
standards managed by NIST with the goal of providing a standard language
@ -86,10 +91,13 @@ Description: Set of libraries enabling integration of the SCAP line of standards
Package: python3-openscap
Section: python
Architecture: linux-any
Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}, libopenscap25 (= ${binary:Version})
X-Python3-Version: ${python3:Versions}
Provides: ${python3:Provides}
Description: Set of libraries enabling integration of the SCAP line of standards
Depends: libopenscap25 (= ${binary:Version}),
${misc:Depends},
${python3:Depends},
${shlibs:Depends},
Suggests: openscap-doc,
Provides: ${python3:Provides},
Description: libraries enabling integration of the SCAP line of standards - Python 3 bindings
OpenSCAP is a set of open source libraries providing an easier path
for integration of the SCAP line of standards. SCAP is a line of
standards managed by NIST with the goal of providing a standard language
@ -109,8 +117,12 @@ Description: Set of libraries enabling integration of the SCAP line of standards
Package: libopenscap-perl
Section: perl
Architecture: linux-any
Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, libopenscap25 (= ${binary:Version})
Description: Set of libraries enabling integration of the SCAP line of standards
Depends: libopenscap25 (= ${binary:Version}),
${misc:Depends},
${perl:Depends},
${shlibs:Depends},
Suggests: openscap-doc,
Description: libraries enabling integration of the SCAP line of standards - Perl bindings
OpenSCAP is a set of open source libraries providing an easier path
for integration of the SCAP line of standards. SCAP is a line of
standards managed by NIST with the goal of providing a standard language
@ -130,8 +142,10 @@ Description: Set of libraries enabling integration of the SCAP line of standards
Package: openscap-scanner
Architecture: linux-any
Depends: libopenscap25 (= ${binary:Version}),
${shlibs:Depends}, ${misc:Depends},
Recommends: openscap-common (= ${binary:Version}),
${misc:Depends},
${shlibs:Depends},
Recommends: openscap-common (= ${source:Version}),
Suggests: openscap-doc,
Description: OpenScap Scanner Tool (oscap)
OpenSCAP is a set of open source libraries providing an easier path
for integration of the SCAP line of standards. SCAP is a line of
@ -152,10 +166,14 @@ Description: OpenScap Scanner Tool (oscap)
Package: openscap-utils
Architecture: linux-any
Depends: openscap-scanner (= ${binary:Version}), ${python3:Depends},
${shlibs:Depends}, ${misc:Depends}, rpm,
Recommends: openscap-common (= ${binary:Version}),
Description: OpenSCAP utilities
Depends: openscap-scanner (= ${binary:Version}),
rpm,
${misc:Depends},
${python3:Depends},
${shlibs:Depends},
Recommends: openscap-common (= ${source:Version}),
Suggests: openscap-doc,
Description: libraries enabling integration of the SCAP line of standards - Utility programs
OpenSCAP is a set of open source libraries providing an easier path
for integration of the SCAP line of standards. SCAP is a line of
standards managed by NIST with the goal of providing a standard language
@ -174,7 +192,10 @@ Description: OpenSCAP utilities
Package: openscap-common
Architecture: all
Multi-Arch: foreign
Depends: ${misc:Depends},
Breaks: libopenscap8 (<< 1.3.5),
Replaces: libopenscap8 (<< 1.3.5),
Description: OpenSCAP schema files
OpenSCAP is a set of open source libraries providing an easier path
for integration of the SCAP line of standards. SCAP is a line of
@ -191,3 +212,25 @@ Description: OpenSCAP schema files
* Open Vulnerability and Assessment Language (OVAL)
.
This package contains schema files.
Package: openscap-doc
Section: doc
Architecture: all
Multi-Arch: foreign
Depends: ${misc:Depends},
Description: libraries enabling integration of the SCAP line of standards - Documentation
OpenSCAP is a set of open source libraries providing an easier path
for integration of the SCAP line of standards. SCAP is a line of
standards managed by NIST with the goal of providing a standard language
for the expression of Computer Network Defense related information.
.
The intended scope of this project is to implement working interface
wrappers for parsing and querying SCAP content including:
* Common Vulnerabilities and Exposures (CVE)
* Common Configuration Enumeration (CCE)
* Common Platform Enumeration (CPE)
* Common Vulnerability Scoring System (CVSS)
* Extensible Configuration Checklist Description Format (XCCDF)
* Open Vulnerability and Assessment Language (OVAL)
.
This package contains documentation.

220
security/openscap/debian/deb_folder/copyright
View File

@ -1,33 +1,211 @@
This package was debianized by Pierre Chifflier <pollux@debian.org> on
Thu, 02 Apr 2009 10:30:16 +0200.
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: openscap
Source: https://github.com/OpenSCAP/openscap
Files-Excluded: xsl/xccdf-resources
It was downloaded from http://www.open-scap.org/
Files: *
Copyright: 2008-2021 Red Hat Inc., Durham, North Carolina.
License:LGPL-2.1+
Upstream Authors:
Files: cmake/*
Copyright: 2000-2016 Kitware, Inc.
2000-2011 Insight Software Consortium
License: BSD-3-clause
Peter Vrabec <pvrabec@redhat.com>
Tomas Heinrich <theinric@redhat.com>
Brandon Dixon <Brandon.Dixon@g2-inc.com>
Brian Kolbay <Brian.Kolbay@g2-inc.com>
Lukas Kuklinek <lkuklinek@redhat.com>
Riley C. Porter <Riley.Porter@g2-inc.com>
Dan Kopecek <dkopecek@redhat.com>
Files: cmake/FindNSS.cmake
Copyright: 2010, Ambroz Bizjak, <ambrop7@gmail.com>
License: BSD-3-clause
Copyright:
Files: cmake/FindPCRE.cmake
Copyright: 2007-2009 LuaDist.
License: expat
Copyright 2008 Red Hat Inc., Durham, North Carolina.
Files: compat/dev_to_tty.c
Copyright: 1998-2002 by Albert Cahalan
License:LGPL-2.1+
License:
Files: compat/strptime.c
Copyright: 1996, 1997, 1998, 1999, 2000 Free Software Foundation, Inc.
License: LGPL-3.0+
OpenSCAP is licensed under the GNU Lesser General Public License
version 2.1 of the License, or (at your option) any later version.
Files: debian/*
Copyright: 2009 Pierre Chifflier <pollux@debian.org>
2020-2023 Håvard F. Aasen <havard.f.aasen@pfft.no>
License: GPL-3
See `/usr/share/common-licenses/LGPL-2.1'.
Files: schemas/common/xmldsig-core-schema.xsd
Copyright: 2001 The Internet Society and W3C (Massachusetts Institute of
Technology, Institut National de Recherche en Informatique
et en Automatique, Keio University)
License: W3C
The Debian packaging is:
Files: schemas/sce/1.0/*
Copyright: 2012-2017 Red Hat Inc., Durham, North Carolina.
License: LGPL-2.1+ and expat
Copyright (C) 2009 Pierre Chifflier <pollux@debian.org>
Files: utils/oscap_docker_python/get_cve_input.py
utils/oscap_docker_python/__init__.py
Copyright: 2015 Brent Baude <bbaude@redhat.com>
License: LGPL-2.0+
and is licensed under the GPL version 3,
see `/usr/share/common-licenses/GPL-3'.
Files: utils/oscap_docker_python/oscap_docker_common.py
utils/oscap_docker_python/oscap_docker_util_noatomic.py
utils/oscap_docker_python/oscap_docker_util.py
Copyright: 2015 Brent Baude <bbaude@redhat.com>
2019 Dominique Blaze <contact@d0m.tech>
License: LGPL-2.0+
Files: utils/oscap-remediate
utils/oscap-remediate-offline
Copyright: 2021 Red Hat Inc., Durham, North Carolina.
License: GPL-2+
Files: yaml-filter/*
Copyright: 2020 OpenSCAP
License: expat
Files: yaml-filter/cmake/*
Copyright: 2015-2017 RWTH Aachen University, Federal Republic of Germany
License: BSD-3-clause
Files: yaml-filter/tests/test-path-segments.c
Copyright: 2020 Red Hat Inc., Durham, North Carolina.
License: expat
License: BSD-3-clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
.
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
.
* Neither the name of Kitware, Inc. nor the names of Contributors
may be used to endorse or promote products derived from this
software without specific prior written permission.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
License: expat
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
.
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
License: LGPL-2.0+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301 USA
License: LGPL-2.1+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1301, USA.
.
See `/usr/share/common-licenses/LGPL-2.1'.
License: LGPL-3.0+
See `/usr/share/common-licenses/LGPL-3'
License: GPL-2+
See `/usr/share/common-licenses/GPL-2'
License: GPL-3
See `/usr/share/common-licenses/GPL-3'
License: W3C
By obtaining, using and/or copying this work, you (the licensee) agree
that you have read, understood, and will comply with the following terms
and conditions:
.
Permission to use, copy, modify, and distribute this software and its
documentation, with or without modification, for any purpose and
without fee or royalty is hereby granted, provided that you include the
following on ALL copies of the software and documentation or portions
thereof, including modifications, that you make:
1. The full text of this NOTICE in a location viewable to users of the
redistributed or derivative work.
2. Any pre-existing intellectual property disclaimers, notices, or terms
and conditions. If none exist, a short notice of the following form
(hypertext is preferred, text is permitted) should be used within the
body of any redistributed or derivative code: "Copyright C
[$date-of-software] World Wide Web Consortium, (Massachusetts Institute
of Technology, Institut National de Recherche en Informatique et en
Automatique, Keio University). All Rights Reserved.
http://www.w3.org/Consortium/Legal/"
3. Notice of any changes or modifications to the W3C files, including the
date changes were made. (We recommend you provide URIs to the location
from which the code is derived.)
.
THIS SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS," AND COPYRIGHT HOLDERS
MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR
PURPOSE OR THAT THE USE OF THE SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE
ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
.
COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE SOFTWARE OR
DOCUMENTATION.
.
The name and trademarks of copyright holders may NOT be used in advertising
or publicity pertaining to the software without specific, written prior
permission. Title to copyright in this software and any associated
documentation will at all times remain with copyright holders.
.
This formulation of W3C's notice and license became active on August 14 1998
so as to improve compatibility with GPL. This version ensures that W3C
software licensing terms are no more restrictive than GPL and consequently
W3C software may be distributed in GPL packages. See the older formulation
for the policy prior to this date. Please see our Copyright FAQ for common
questions about using materials from our site, including specific terms and
conditions for packages like libwww, Amaya, and Jigsaw. Other questions
about this notice can be directed to site-policy@w3.org.

2
security/openscap/debian/deb_folder/dirs
View File

@ -1,2 +0,0 @@
usr/bin
usr/sbin

4
security/openscap/debian/deb_folder/gbp.conf
View File

@ -1,5 +1,3 @@
[DEFAULT]
debian-branch = master
debian-tag = debian/%(version)s
upstream-tag = upstream/%(version)s
pristine-tar = True
submodules = True

2
security/openscap/debian/deb_folder/libopenscap-dev.dirs
View File

@ -1,2 +1,2 @@
usr/lib
usr/include
usr/lib

1
security/openscap/debian/deb_folder/libopenscap-dev.docs
View File

@ -1,4 +1,3 @@
docs/contribute
docs/examples
docs/manual
docs/umbrello

1
security/openscap/debian/deb_folder/libopenscap-dev.links
View File

@ -1 +0,0 @@
usr/share/javascript/jquery/jquery.js usr/share/doc/libopenscap-dev/html/jquery.js

2959
security/openscap/debian/deb_folder/libopenscap25.symbols Normal file
View File

File diff suppressed because it is too large Load Diff

15
security/openscap/debian/deb_folder/missing-sources/README
View File

@ -1,15 +0,0 @@
Missing source files
--------------------
OpenScap ships a minified jquery library for the documentation.
For Debian, all sources are required, so we grabbed the sources from the above
project(s) or from the various upstream projects, and put them in the
missin-sources directory.
Last synchronization was made with OpenScap version 1.2.3
Files: docs/html/jquery.js
Project: jQuery 1.7.1
URL http://code.jquery.com/jquery-1.7.1.js
Source: jquery-1.7.1.js

9266
security/openscap/debian/deb_folder/missing-sources/jquery.js vendored
View File

File diff suppressed because it is too large Load Diff

1
security/openscap/debian/deb_folder/openscap-common.docs
View File

@ -1 +0,0 @@
usr/share/doc/openscap/html

8
security/openscap/debian/deb_folder/openscap-doc.doc-base.api Normal file
View File

@ -0,0 +1,8 @@
Document: openscap-api
Title: OpenSCAP API documentation
Abstract: Leverage the OpenSCAP Base C API for your application.
Section: Programming/C
Format: HTML
Index: /usr/share/doc/openscap/html/index.html
Files: /usr/share/doc/openscap/html/*

11
security/openscap/debian/deb_folder/openscap-doc.doc-base.manual Normal file
View File

@ -0,0 +1,11 @@
Document: openscap-manual
Title: OpenSCAP user manual
Abstract: This documentation provides information about OpenSCAP and its most
common operations. With OpenSCAP, you can check security configuration
settings of a system, and examine the system for signs of a compromise by
using rules based on standards and specifications.
Section: System/Security
Format: HTML
Index: /usr/share/doc/openscap/manual/manual.html
Files: /usr/share/doc/openscap/manual/*

2
security/openscap/debian/deb_folder/openscap-doc.install Normal file
View File

@ -0,0 +1,2 @@
usr/share/doc/openscap/html
usr/share/doc/openscap/manual

2
security/openscap/debian/deb_folder/openscap-scanner.docs
View File

@ -1,3 +1 @@
NEWS
README*
usr/share/doc/openscap/manual

2
security/openscap/debian/deb_folder/openscap-scanner.install
View File

@ -1,2 +1,2 @@
usr/bin/oscap
etc/bash_completion.d/oscap usr/share/bash-completion/completions/
usr/bin/oscap

2
security/openscap/debian/deb_folder/openscap-utils.install
View File

@ -1,8 +1,8 @@
usr/bin/autotailor
usr/bin/oscap-chroot
usr/bin/oscap-docker
usr/bin/oscap-podman
usr/bin/oscap-run-sce-script
usr/bin/oscap-ssh
usr/bin/oscap-vm
usr/bin/autotailor
usr/bin/scap-as-rpm

2
security/openscap/debian/deb_folder/openscap-utils.manpages
View File

@ -1,7 +1,7 @@
usr/share/man/man8/autotailor.8
usr/share/man/man8/oscap-chroot.8
usr/share/man/man8/oscap-docker.8
usr/share/man/man8/oscap-podman.8
usr/share/man/man8/oscap-ssh.8
usr/share/man/man8/oscap-vm.8
usr/share/man/man8/autotailor.8
usr/share/man/man8/scap-as-rpm.8

18
security/openscap/debian/deb_folder/patches/001_fix_kfreebsd_probe.patch
View File

@ -1,18 +0,0 @@
--- a/src/OVAL/probes/probe/icache.c
+++ b/src/OVAL/probes/probe/icache.c
@@ -497,6 +497,7 @@
*/
static int probe_cobj_memcheck(size_t item_cnt)
{
+#if !(defined(__FreeBSD__) || defined(__FreeBSD_kernel__))
if (item_cnt > PROBE_RESULT_MEMCHECK_CTRESHOLD) {
struct proc_memusage mu_proc;
struct sys_memusage mu_sys;
@@ -524,6 +525,7 @@
return (1);
}
}
+#endif
return (0);
}

19
security/openscap/debian/deb_folder/patches/010_perlpm_install_fix.patch
View File

@ -1,8 +1,17 @@
Index: openscap/swig/perl/CMakeLists.txt
===================================================================
--- openscap.orig/swig/perl/CMakeLists.txt
+++ openscap/swig/perl/CMakeLists.txt
@@ -20,7 +20,7 @@ if (APPLE OR (${CMAKE_SYSTEM_NAME} STREQ
From: Philippe Thierry <philou@debian.org>
Date: Wed, 20 Jul 2022 09:38:12 +0200
Subject: _perlpm_install_fix
Forwarded: not-needed
---
swig/perl/CMakeLists.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/swig/perl/CMakeLists.txt b/swig/perl/CMakeLists.txt
index 057b365..59dc1fa 100644
--- a/swig/perl/CMakeLists.txt
+++ b/swig/perl/CMakeLists.txt
@@ -20,7 +20,7 @@ if (APPLE OR (${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD"))
DESTINATION ${CMAKE_INSTALL_DATADIR}/perl5/vendor_perl)
else()
install(TARGETS ${SWIG_MODULE_openscap_pm_REAL_NAME}

20
security/openscap/debian/deb_folder/patches/011_remove_custom_rpath.patch
View File

@ -1,20 +0,0 @@
Index: openscap/CMakeLists.txt
===================================================================
--- openscap.orig/CMakeLists.txt
+++ openscap/CMakeLists.txt
@@ -487,13 +487,13 @@ set(OSCAP_TEMP_DIR "/tmp" CACHE STRING "
# see https://cmake.org/Wiki/CMake_RPATH_handling
# use, i.e. don't skip the full RPATH for the build tree
-set(CMAKE_SKIP_BUILD_RPATH FALSE)
+set(CMAKE_SKIP_BUILD_RPATH TRUE)
# when building, don't use the install RPATH already
# (but later on when installing)
set(CMAKE_BUILD_WITH_INSTALL_RPATH FALSE)
-set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR})
+#set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR})
# add the automatically determined parts of the RPATH
# which point to directories outside the build tree to the install RPATH

52
security/openscap/debian/deb_folder/patches/OVAL-SEAP-Allocate-aligned-memory-in-SEXP_rawval_lblk_new.patch Normal file
View File

@ -0,0 +1,52 @@
From: Evgeny Kolesnikov <ekolesni@redhat.com>
Date: Thu, 28 Jul 2022 14:05:55 +0200
Subject: OVAL/SEAP: Allocate aligned memory in SEXP_rawval_lblk_new
The lblk pointer is affected by 2-bit LSB magic SEAP uses
for reference-counting. On 32-bit platforms it requires extra
alignment.
Origin: upstream, https://github.com/OpenSCAP/openscap/commit/13e04d95e1ddee11c5b76336df83aea26d9ff065
---
src/OVAL/probes/SEAP/sexp-value.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/OVAL/probes/SEAP/sexp-value.c b/src/OVAL/probes/SEAP/sexp-value.c
index b8b3ed6..baa2354 100644
--- a/src/OVAL/probes/SEAP/sexp-value.c
+++ b/src/OVAL/probes/SEAP/sexp-value.c
@@ -106,8 +106,10 @@ uintptr_t SEXP_rawval_lblk_new (uint8_t sz)
{
_A(sz < 16);
- struct SEXP_val_lblk *lblk = malloc(sizeof(struct SEXP_val_lblk));
- lblk->memb = malloc(sizeof(SEXP_t) * (1 << sz));
+ struct SEXP_val_lblk *lblk = oscap_aligned_malloc(
+ sizeof(struct SEXP_val_lblk),
+ SEXP_LBLK_ALIGN);
+ lblk->memb = malloc(sizeof(SEXP_t) * (1 << sz));
lblk->nxsz = ((uintptr_t)(NULL) & SEXP_LBLKP_MASK) | ((uintptr_t)sz & SEXP_LBLKS_MASK);
lblk->refs = 1;
@@ -517,8 +519,8 @@ void SEXP_rawval_lblk_free (uintptr_t lblkp, void (*func) (SEXP_t *))
func (lblk->memb + lblk->real);
}
- free(lblk->memb);
- free(lblk);
+ free(lblk->memb);
+ oscap_aligned_free(lblk);
if (next != NULL)
SEXP_rawval_lblk_free ((uintptr_t)next, func);
@@ -539,8 +541,8 @@ void SEXP_rawval_lblk_free1 (uintptr_t lblkp, void (*func) (SEXP_t *))
func (lblk->memb + lblk->real);
}
- free(lblk->memb);
- free(lblk);
+ free(lblk->memb);
+ oscap_aligned_free(lblk);
}
return;

34
security/openscap/debian/deb_folder/patches/add-missing-free.patch Normal file
View File

@ -0,0 +1,34 @@
From: Jan Cerny <jcerny@redhat.com>
Date: Thu, 27 Jan 2022 15:16:02 +0100
Subject: [PATCH] Add a missing free
Addressing:
Error: RESOURCE_LEAK (CWE-772): [#def4] [important]
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2144: alloc_fn: Storage is returned from allocation function "oscap_htable_iterator_new".
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2144: var_assign: Assigning: "rit" = storage returned from "oscap_htable_iterator_new(policy->rules)".
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2145: noescape: Resource "rit" is not freed or pointed-to in "oscap_htable_iterator_has_more".
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2146: noescape: Resource "rit" is not freed or pointed-to in "oscap_htable_iterator_next_key".
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2150: leaked_storage: Variable "rit" going out of scope leaks the storage it points to.
2148| oscap_seterr(OSCAP_EFAMILY_XCCDF,
2149| "Rule '%s' not found in selected profile.", rule_id);
2150|-> return NULL;
2151| }
2152| }
Origin: upstream, https://github.com/OpenSCAP/openscap/commit/6ef54336a018566a32f6a95177635ada7f20794e
---
src/XCCDF_POLICY/xccdf_policy.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/XCCDF_POLICY/xccdf_policy.c b/src/XCCDF_POLICY/xccdf_policy.c
index b63853a38f..4d4b7ad0a1 100644
--- a/src/XCCDF_POLICY/xccdf_policy.c
+++ b/src/XCCDF_POLICY/xccdf_policy.c
@@ -2147,6 +2147,7 @@ struct xccdf_result * xccdf_policy_evaluate(struct xccdf_policy * policy)
if (oscap_htable_get(policy->rules_found, rule_id) == NULL) {
oscap_seterr(OSCAP_EFAMILY_XCCDF,
"Rule '%s' not found in selected profile.", rule_id);
+ oscap_htable_iterator_free(rit);
return NULL;
}
}

25
security/openscap/debian/deb_folder/patches/create-Doxygen-diagrams-as-svg.patch Normal file
View File

@ -0,0 +1,25 @@
From: Håvard F. Aasen <havard.f.aasen@pfft.no>
Date: Tue, 12 Jul 2022 08:18:04 +0200
Subject: [PATCH] docs: Create Doxygen diagrams as svg
Forwarded: https://github.com/OpenSCAP/openscap/pull/1872
---
docs/Doxyfile.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/Doxyfile.in b/docs/Doxyfile.in
index 7a2e88601..ea85b4a21 100644
--- a/docs/Doxyfile.in
+++ b/docs/Doxyfile.in
@@ -1316,7 +1316,7 @@ DIRECTORY_GRAPH = YES
# generated by dot. Possible values are png, jpg, or gif
# If left blank png will be used.
-DOT_IMAGE_FORMAT = png
+DOT_IMAGE_FORMAT = svg
# The tag DOT_PATH can be used to specify the path where the dot tool can be
# found. If left blank, it is assumed the dot tool can be found in the path.
--
2.35.1

63
security/openscap/debian/deb_folder/patches/create-diagrams-when-generating-Doxygen-documen.patch Normal file
View File

@ -0,0 +1,63 @@
From: Håvard F. Aasen <havard.f.aasen@pfft.no>
Date: Tue, 12 Jul 2022 07:29:02 +0200
Subject: [PATCH] docs: Create diagrams when generating Doxygen documentation
If we enable documentation and CMake finds Doxygen and 'dot' in path,
diagrams will be generated.
CMake searches for 'dot' at the same time as Doxygen.
'dot' is a tool found in graphviz.
Forwarded: https://github.com/OpenSCAP/openscap/pull/1872
---
CMakeLists.txt | 1 +
docs/CMakeLists.txt | 6 ++++++
docs/Doxyfile.in | 2 +-
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 61c57d7a3..45380539c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -469,6 +469,7 @@ message(STATUS " ")
message(STATUS "Documentation:")
message(STATUS "enabled: ${ENABLE_DOCS}")
message(STATUS "doxygen: ${DOXYGEN_EXECUTABLE}")
+message(STATUS "graphviz: ${DOXYGEN_DOT_EXECUTABLE}")
message(STATUS "asciidoc: ${ASCIIDOC_EXECUTABLE}")
# ---------- PATHS
diff --git a/docs/CMakeLists.txt b/docs/CMakeLists.txt
index b8c5bc5ba..0a5e627c2 100644
--- a/docs/CMakeLists.txt
+++ b/docs/CMakeLists.txt
@@ -8,6 +8,12 @@ if(ENABLE_DOCS)
set(DOXYGEN_IN ${CMAKE_CURRENT_SOURCE_DIR}/Doxyfile.in)
set(DOXYGEN_OUT ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile)
+ # configure for graphviz
+ set(DOXYGEN_DIAGRAM "NO")
+ if(DOXYGEN_DOT_FOUND)
+ set(DOXYGEN_DIAGRAM "YES")
+ endif()
+
# request to configure the file
configure_file(${DOXYGEN_IN} ${DOXYGEN_OUT} @ONLY)
diff --git a/docs/Doxyfile.in b/docs/Doxyfile.in
index f48a3e763..7a2e88601 100644
--- a/docs/Doxyfile.in
+++ b/docs/Doxyfile.in
@@ -1220,7 +1220,7 @@ HIDE_UNDOC_RELATIONS = YES
# toolkit from AT&T and Lucent Bell Labs. The other options in this section
# have no effect if this option is set to NO (the default)
-HAVE_DOT = NO
+HAVE_DOT = @DOXYGEN_DIAGRAM@
# By default doxygen will write a font called FreeSans.ttf to the output
# directory and reference it in all dot files that doxygen generates. This
--
2.35.1

40
security/openscap/debian/deb_folder/patches/remove-superfluous-strdup.patch Normal file
View File

@ -0,0 +1,40 @@
From: jan Cerny <jcerny@redhat.com>
Date: Thu, 27 Jan 2022 15:09:02 +0100
Subject: [PATCH] Remove superfluous strdup
We can do this because xccdf_session_set_rule calls strdup on the rule
parameter internally.
Addressing:
Error: RESOURCE_LEAK (CWE-772): [#def2] [important]
openscap-1.3.6/build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4148: alloc_fn: Storage is returned from allocation function "strdup".
openscap-1.3.6/build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4148: var_assign: Assigning: "n_rule" = storage returned from "strdup(rule)".
openscap-1.3.6/build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4149: noescape: Resource "n_rule" is not freed or pointed-to in "xccdf_session_set_rule".
openscap-1.3.6/build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4150: leaked_storage: Variable "n_rule" going out of scope leaks the storage it points to.
4148| char *n_rule = strdup(rule);
4149| xccdf_session_set_rule(sess, n_rule);
4150|-> }
4151|
4152| void xccdf_session_free_py(struct xccdf_session *sess){
Origin: upstream, https://github.com/OpenSCAP/openscap/commit/d3e7d5be1fcd55ef396de6070f877df0f2c2c58e
---
swig/openscap.i | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/swig/openscap.i b/swig/openscap.i
index 2fe1cce99e..158a226757 100644
--- a/swig/openscap.i
+++ b/swig/openscap.i
@@ -559,8 +559,7 @@ struct xccdf_session {
};
void xccdf_session_set_rule_py(struct xccdf_session *sess, char *rule) {
- char *n_rule = strdup(rule);
- xccdf_session_set_rule(sess, n_rule);
+ xccdf_session_set_rule(sess, rule);
}
void xccdf_session_free_py(struct xccdf_session *sess){

42
security/openscap/debian/deb_folder/patches/run-a-minor-testsuite.patch Normal file
View File

@ -0,0 +1,42 @@
From: =?utf-8?b?IkjDpXZhcmQgRi4gQWFzZW4i?= <havard.f.aasen@pfft.no>
Date: Sat, 30 Jul 2022 07:57:36 +0200
Subject: run a minor testsuite
Forwarded: not-needed
---
tests/CMakeLists.txt | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index ae8c4f2..fa78bd5 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -22,20 +22,20 @@ endfunction()
configure_file("test_common.sh.in" "test_common.sh" @ONLY)
-add_subdirectory("API")
+#add_subdirectory("API")
add_subdirectory("bindings")
-add_subdirectory("bz2")
+#add_subdirectory("bz2")
add_subdirectory("codestyle")
-add_subdirectory("curl")
+#add_subdirectory("curl")
add_subdirectory("CPE")
-add_subdirectory("DS")
+#add_subdirectory("DS")
add_subdirectory("mitre")
-add_subdirectory("nist")
+#add_subdirectory("nist")
add_subdirectory("oscap_string")
add_subdirectory("oval_details")
-add_subdirectory("probes")
-add_subdirectory("report")
-add_subdirectory("sce")
+#add_subdirectory("probes")
+#add_subdirectory("report")
+#add_subdirectory("sce")
add_subdirectory("schemas")
add_subdirectory("sources")
add_subdirectory("utils")

10
security/openscap/debian/deb_folder/patches/series
View File

@ -1,3 +1,9 @@
011_remove_custom_rpath.patch
010_perlpm_install_fix.patch
001_fix_kfreebsd_probe.patch
create-diagrams-when-generating-Doxygen-documen.patch
create-Doxygen-diagrams-as-svg.patch
update-whatis-entry.patch
remove-superfluous-strdup.patch
add-missing-free.patch
OVAL-SEAP-Allocate-aligned-memory-in-SEXP_rawval_lblk_new.patch
run-a-minor-testsuite.patch
use-correct-includes.patch

21
security/openscap/debian/deb_folder/patches/update-whatis-entry.patch Normal file
View File

@ -0,0 +1,21 @@
From: Håvard F. Aasen <havard.f.aasen@pfft.no>
Date: Mon, 11 Jul 2022 08:40:52 +0200
Subject: [PATCH] Update whatis entry
Origin: upstream, https://github.com/OpenSCAP/openscap/commit/39663ed27e175677260936a4670d79f1e536f132
---
utils/scap-as-rpm.8 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/utils/scap-as-rpm.8 b/utils/scap-as-rpm.8
index 3a41331eea..b871594c69 100644
--- a/utils/scap-as-rpm.8
+++ b/utils/scap-as-rpm.8
@@ -1,6 +1,6 @@
.TH scap-as-rpm "8" "November 2013" "scap-as-rpm" "System Administration Utilities"
.SH NAME
-scap-as-rpm \- manual page for scap-as-rpm
+scap-as-rpm \- takes given SCAP input(s) and packs them in an RPM package
.SH DESCRIPTION
usage: scap\-as\-rpm [\-h] [\-\-pkg\-name PKG_NAME] [\-\-pkg\-version PKG_VERSION]
.IP

57
security/openscap/debian/deb_folder/patches/use-correct-includes.patch Normal file
View File

@ -0,0 +1,57 @@
From: =?utf-8?b?SmFuIMSMZXJuw70=?= <jcerny@redhat.com>
Date: Tue, 24 May 2022 12:15:44 +0200
Subject: Use correct includes
rpmvercmp is defined in rpm/rpmver.h
risdigit is defined in rpm/rpmstring.h
Resolves: rhbz#2080210
---
cmake/FindRPM.cmake | 3 +++
config.h.in | 1 +
src/OVAL/results/oval_cmp_evr_string.c | 5 +++++
3 files changed, 9 insertions(+)
diff --git a/cmake/FindRPM.cmake b/cmake/FindRPM.cmake
index a666942..369d153 100644
--- a/cmake/FindRPM.cmake
+++ b/cmake/FindRPM.cmake
@@ -30,6 +30,9 @@ set(RPM_VERSION ${RPM_PKGCONF_VERSION})
if(RPM_VERSION)
string(COMPARE GREATER "4.6" ${RPM_VERSION} RPM46_FOUND)
string(COMPARE GREATER "4.7" ${RPM_VERSION} RPM47_FOUND)
+ if(NOT (RPM_VERSION VERSION_LESS "4.18"))
+ set(RPM418_FOUND 1)
+ endif()
endif()
# Set the include dir variables and the libraries and let libfind_process do the rest.
diff --git a/config.h.in b/config.h.in
index 1b72855..bb1428a 100644
--- a/config.h.in
+++ b/config.h.in
@@ -44,6 +44,7 @@
#cmakedefine HAVE_RPMVERCMP
#cmakedefine RPM46_FOUND
#cmakedefine RPM47_FOUND
+#cmakedefine RPM418_FOUND
#cmakedefine BZIP2_FOUND
diff --git a/src/OVAL/results/oval_cmp_evr_string.c b/src/OVAL/results/oval_cmp_evr_string.c
index 3bfc8ce..3ba0fa0 100644
--- a/src/OVAL/results/oval_cmp_evr_string.c
+++ b/src/OVAL/results/oval_cmp_evr_string.c
@@ -37,7 +37,12 @@
#include "common/_error.h"
#ifdef HAVE_RPMVERCMP
+#ifdef RPM418_FOUND
+#include <rpm/rpmver.h>
+#include <rpm/rpmstring.h>
+#else
#include <rpm/rpmlib.h>
+#endif
#else
#ifdef OS_WINDOWS
#include <malloc.h>

73
security/openscap/debian/deb_folder/rules
View File

@ -2,39 +2,50 @@
# -*- makefile -*-
# Uncomment this to turn on verbose mode.
export DH_VERBOSE=1
#export DH_VERBOSE=1
export DEB_BUILD_MAINT_OPTIONS := hardening=+all
DEFAULTPY=$(shell py3versions -v -d)
PYVERSIONS=$(shell py3versions -v -r)
ALLPY=$(PYVERSIONS)
PYVERS=$(shell py3versions --supported --version)
PERL_VERSION:=$(shell perl -e 'my @ver=split /\./, sprintf("%vd", $$^V); print("$$ver[0].$$ver[1]");')
CMAKE_OPTS=-DENABLE_DOCS=ON =DOEPNSCAP_PROBE_UNIX_GCONF=OFF -DGCONF_LIBRARY=
CMAKE_OPTS = -DCMAKE_BUILD_RPATH_USE_ORIGIN=ON \
-DENABLE_DOCS=ON \
-DENABLE_PERL=ON \
-DOPENSCAP_PROBE_UNIX_GCONF=OFF \
-DGCONF_LIBRARY= \
-DPERL_VERSION=$(PERL_VERSION) \
-DPYTHON_EXECUTABLE=/usr/bin/python$$V
override_dh_auto_configure: $(ALLPY:%=override_dh_auto_configure-%)
override_dh_auto_clean:
for V in $(PYVERS); do \
dh_auto_clean --builddir=build-py$$V ; \
done
override_dh_auto_configure-%:
dh_auto_configure -Bbuild-python-$* -- --enable-sce --enable-perl -DPERL_VERSION=$(PERL_VERSION) PYTHON=/usr/bin/python$* $(CMAKE_OPTS)
override_dh_auto_configure:
for V in $(PYVERS); do \
dh_auto_configure --builddir=build-py$$V -- \
$(CMAKE_OPTS) ; \
done
override_dh_auto_build: $(ALLPY:%=override_dh_auto_build-%)
override_dh_auto_build:
for V in $(PYVERS); do \
dh_auto_build --builddir=build-py$$V ; \
done
override_dh_auto_build-%:
dh_auto_build -Bbuild-python-$*
override_dh_auto_install:
# Move Python files to separate folders so they don't overwrite
# each other at install time.
for V in $(PYVERS); do \
dh_auto_install --builddir=build-py$$V ; \
mv ${CURDIR}/debian/tmp/usr/lib/python3 ${CURDIR}/debian/tmp/usr/lib/python$$V ; \
chmod 0644 ${CURDIR}/debian/tmp/usr/lib/python$$V/dist-packages/openscap_py.py ; \
chmod 0644 ${CURDIR}/debian/tmp/usr/lib/python$$V/dist-packages/openscap_api.py ; \
done
override_dh_auto_install: $(ALLPY:%=override_dh_auto_install-%)
find debian/tmp -name "*.la" -delete
rm -f debian/libopenscap-dev/usr/share/doc/libopenscap-dev/html/jquery.js
mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/perl5/$(PERL_VERSION)* debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/perl5/$(PERL_VERSION)
chrpath -d debian/tmp/usr/bin/oscap
chrpath -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libopenscap.so.*
chrpath -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libopenscap_sce.so.*
chrpath -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/perl5/5.*/openscap_pm.so
chmod 0644 debian/tmp/usr/lib/python3/dist-packages/openscap_py.py
chmod 0644 debian/tmp/usr/lib/python3/dist-packages/openscap_api.py
override_dh_auto_install-%:
dh_auto_install -Bbuild-python-$* --destdir=debian/tmp
$(RM) $(CURDIR)/debian/tmp/usr/share/doc/openscap/html/*.md5 \
$(CURDIR)/debian/tmp/usr/share/doc/openscap/html/*.map
override_dh_strip:
dh_strip -popenscap-scanner --dbgsym-migration='libopenscap8-dbg (<< 1.3.4-1.1~)'
@ -42,8 +53,22 @@ override_dh_strip:
dh_strip -ppython3-openscap --dbgsym-migration='libopenscap8-dbg (<< 1.3.4-1.1~)'
dh_strip -plibopenscap-perl --dbgsym-migration='libopenscap8-dbg (<< 1.3.4-1.1~)'
override_dh_auto_clean:
rm -rf build-*
override_dh_python3:
dh_python3 -popenscap-utils -ppython3-openscap --shebang=/usr/bin/python3
override_dh_installchangelogs:
dh_installchangelogs NEWS
override_dh_auto_test:
for V in $(PYVERS); do \
dh_auto_test --builddir=build-py$$V ; \
done
execute_before_dh_missing:
$(RM) $(CURDIR)/debian/tmp/lib/systemd/system/oscap-remediate.service \
$(CURDIR)/debian/tmp/usr/bin/oscap-remediate-offline \
$(CURDIR)/debian/tmp/usr/libexec/oscap-remediate \
$(CURDIR)/debian/tmp/usr/share/man/man8/oscap-remediate-offline.8
%:
dh $@ --with python3

3
security/openscap/debian/deb_folder/source/lintian-overrides
View File

@ -1,3 +0,0 @@
# build from OpenSCAP xccdf ressources
openscap source: source-is-missing xsl/xccdf-resources/openscap.js line length is 263 characters (>256)
openscap source: source-is-missing xsl/xccdf-resources/bootstrap.min.js

3
security/openscap/debian/deb_folder/upstream/metadata
View File

@ -1,3 +1,4 @@
---
Bug-Database: https://github.com/OpenSCAP/openscap/issues
Bug-Submit: https://github.com/OpenSCAP/openscap/issues/new
Repository: https://github.com/OpenSCAP/openscap.git
Repository-Browse: https://github.com/OpenSCAP/openscap

7
security/openscap/debian/deb_folder/watch
View File

@ -1,2 +1,7 @@
version=4
opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/openscap-$1\.tar\.gz/ https://github.com/OpenSCAP/openscap/tags .*/v?(\d\S*)\.tar\.gz
opts="\
searchmode=plain, \
repacksuffix=+dfsg, \
dversionmangle=auto" \
https://api.github.com/repos/OpenSCAP/openscap/releases \
https://github.com/OpenSCAP/openscap/releases/download/\d[\.\d]*/openscap-@ANY_VERSION@.tar\.gz

9
security/openscap/debian/meta_data.yaml
View File

@ -1,11 +1,10 @@
---
debname: openscap
debver: 1.3.5-1
debver: 1.3.6+dfsg-6
dl_path:
name: openscap-1.3.5.tar.gz
url: https://github.com/OpenSCAP/openscap/releases/download/1.3.5/openscap-1.3.5.tar.gz
md5sum: 4725085cd876c952ca15de48b0bc340c
sha256sum: 7c3e540b757fe35de15f21a849f1afa4d3776ee3279276ada4ddd3506c3679c2
name: openscap-1.3.6.tar.gz
url: https://github.com/OpenSCAP/openscap/releases/download/1.3.6/openscap-1.3.6.tar.gz
sha256sum: 40634f2e27a542b112d2e3b374ebbef7e56af18a3d8ae78da2462ab0b1e4e6b7
revision:
dist: $STX_DIST
PKG_GITREVCOUNT: True