# HG changeset patch # User Jacob Varughese # Date 1432312861 25200 # Node ID df06342a3259acbb5dd165e7bfe11a662237e9d5 # Parent 729452029ab0b530b0de8f381576dc5b3b203fbe 20995313 Update to OpenSCAP 1.2.3 to pickup important bug fixes 20446640 CPE dictionary diff -r 729452029ab0 -r df06342a3259 components/openscap/Makefile --- a/components/openscap/Makefile Thu May 21 15:02:14 2015 -0700 +++ b/components/openscap/Makefile Fri May 22 09:41:01 2015 -0700 @@ -22,21 +22,21 @@ # Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. # -COMPILER= gcc +COMPILER = gcc include ../../make-rules/shared-macros.mk COMPONENT_NAME= openscap -COMPONENT_VERSION= 1.2.1 +COMPONENT_VERSION= 1.2.3 COMPONENT_PROJECT_URL= http://www.open-scap.org COMPONENT_DOWNLOAD_URL= https://fedorahosted.org/releases/o/p/openscap COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION) COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz -COMPONENT_ARCHIVE_HASH= sha256:6f7fdc579c4c27554cc3ec99a4f16381b719faa8c9b3ea09575d872a2c46eedb +COMPONENT_ARCHIVE_HASH= sha256:c15d587e5cdfcef1316536e6ed8ad66fea3e083ac3d3b723b7e54208f63787c7 COMPONENT_ARCHIVE_URL= $(COMPONENT_DOWNLOAD_URL)/$(COMPONENT_ARCHIVE) COMPONENT_BUGDB= utility/openscap -TPNO= 21175 +TPNO = 22513 CFLAGS+= -std=c99 CFLAGS+= -DNDEBUG @@ -70,7 +70,9 @@ -e 's|PYTHON_VERSION = 2.6|PYTHON_VERSION = 2.7|' swig2.7/Makefile swig2.7/python2/Makefile) COMPONENT_POST_INSTALL_ACTION = \ - (cd $(@D)/swig2.7 ; $(GMAKE) $(COMPONENT_INSTALL_ARGS) install) + (cd $(@D)/swig2.7 ; $(GMAKE) $(COMPONENT_INSTALL_ARGS) install) ; \ + $(RM) $(PROTO_DIR)/usr/share/openscap/cpe/* && \ + $(CP) files/cpe/* $(PROTO_DIR)/usr/share/openscap/cpe # Needed to make "gmake test" work. CPPFLAGS += -I$(SOURCE_DIR)/src/OVAL @@ -103,8 +105,8 @@ test: $(TEST_32) - REQUIRED_PACKAGES += compress/bzip2 +REQUIRED_PACKAGES += developer/swig REQUIRED_PACKAGES += gnome/config/gconf REQUIRED_PACKAGES += library/glib2 REQUIRED_PACKAGES += library/libxml2 diff -r 729452029ab0 -r df06342a3259 components/openscap/files/cpe/openscap-cpe-dict.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openscap/files/cpe/openscap-cpe-dict.xml Fri May 22 09:41:01 2015 -0700 @@ -0,0 +1,38 @@ + + + + + Oracle Solaris + oval:com.oracle.solaris.cpe:def:1 + + + Oracle Solaris 11 + oval:com.oracle.solaris.cpe:def:11 + + + Oracle Solaris 11.1 + oval:com.oracle.solaris.cpe:def:111 + + + Oracle Solaris 11.2 + oval:com.oracle.solaris.cpe:def:112 + + + Oracle Solaris 11.3 + oval:com.oracle.solaris.cpe:def:113 + + + Oracle Solaris 12 + oval:com.oracle.solaris.cpe:def:12 + + diff -r 729452029ab0 -r df06342a3259 components/openscap/files/cpe/openscap-cpe-oval.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openscap/files/cpe/openscap-cpe-oval.xml Fri May 22 09:41:01 2015 -0700 @@ -0,0 +1,227 @@ + + + + + Oracle Solaris + + 5.9 + 2015-01-28T13:10:39 + + + + + Oracle Solaris + + Oracle Solaris + + + Oracle Solaris + + + + + + + + + Oracle Solaris 11 + + Oracle Solaris + + + Oracle Solaris 11 + + + + + + + + + Oracle Solaris 11.1 + + Oracle Solaris + + + Oracle Solaris 11.1 + + + + + + + + + Oracle Solaris 11.2 + + Oracle Solaris + + + Oracle Solaris 11.2 + + + + + + + + + Oracle Solaris 11.3 + + Oracle Solaris + + + Oracle Solaris 11.3 + + + + + + + + + Oracle Solaris 12 + + Oracle Solaris + + + Oracle Solaris 12 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + SunOS + ^5.*$ + + + SunOS + 5.11 + + + SunOS + 11.1 + 5.11 + + + SunOS + 11.2 + 5.11 + + + SunOS + 11.3 + 5.11 + + + SunOS + 5.12 + + + diff -r 729452029ab0 -r df06342a3259 components/openscap/openscap.p5m --- a/components/openscap/openscap.p5m Thu May 21 15:02:14 2015 -0700 +++ b/components/openscap/openscap.p5m Fri May 22 09:41:01 2015 -0700 @@ -22,7 +22,7 @@ # default mangler.man.stability uncommitted> -default mode 0555> + default mode 0555> default facet.doc.html true> set name=pkg.fmri \ value=pkg:/security/compliance/openscap@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION) @@ -70,12 +70,12 @@ file path=usr/include/openscap/xccdf_benchmark.h file path=usr/include/openscap/xccdf_policy.h file path=usr/include/openscap/xccdf_session.h -link path=usr/lib/libopenscap.so target=libopenscap.so.8.4.1 -link path=usr/lib/libopenscap.so.8 target=libopenscap.so.8.4.1 -file path=usr/lib/libopenscap.so.8.4.1 -link path=usr/lib/libopenscap_sce.so target=libopenscap_sce.so.8.4.1 -link path=usr/lib/libopenscap_sce.so.8 target=libopenscap_sce.so.8.4.1 -file path=usr/lib/libopenscap_sce.so.8.4.1 +link path=usr/lib/libopenscap.so target=libopenscap.so.8.4.3 +link path=usr/lib/libopenscap.so.8 target=libopenscap.so.8.4.3 +file path=usr/lib/libopenscap.so.8.4.3 +link path=usr/lib/libopenscap_sce.so target=libopenscap_sce.so.8.4.3 +link path=usr/lib/libopenscap_sce.so.8 target=libopenscap_sce.so.8.4.3 +file path=usr/lib/libopenscap_sce.so.8.4.3 file path=usr/lib/openscap/probe_dnscache file path=usr/lib/openscap/probe_environmentvariable file path=usr/lib/openscap/probe_environmentvariable58 @@ -134,6 +134,8 @@ file path=usr/share/docs/openscap/html/alloc_8h.html file path=usr/share/docs/openscap/html/alloc_8h_source.html file path=usr/share/docs/openscap/html/annotated.html +file path=usr/share/docs/openscap/html/arrowdown.png +file path=usr/share/docs/openscap/html/arrowright.png file path=usr/share/docs/openscap/html/assume_8h_source.html file path=usr/share/docs/openscap/html/bc_s.png file path=usr/share/docs/openscap/html/bdwn.png @@ -222,6 +224,7 @@ file path=usr/share/docs/openscap/html/dir_e59844bb90898a84583aad04688e689a.html file path=usr/share/docs/openscap/html/dir_f2a93cdd3aad33ca5b82af4e93bb682f.html file path=usr/share/docs/openscap/html/dir_fdedb0aba14d44ce9d99bc100e026e6a.html +file path=usr/share/docs/openscap/html/doc.png file path=usr/share/docs/openscap/html/doc__type__priv_8h_source.html file path=usr/share/docs/openscap/html/doxygen.css file path=usr/share/docs/openscap/html/doxygen.png @@ -248,26 +251,12 @@ file path=usr/share/docs/openscap/html/findfile_8h.html file path=usr/share/docs/openscap/html/findfile_8h_source.html file path=usr/share/docs/openscap/html/fini_8c.html +file path=usr/share/docs/openscap/html/folderclosed.png +file path=usr/share/docs/openscap/html/folderopen.png file path=usr/share/docs/openscap/html/fsdev_8c.html file path=usr/share/docs/openscap/html/fsdev_8h.html file path=usr/share/docs/openscap/html/fsdev_8h_source.html file path=usr/share/docs/openscap/html/fts__sun_8h_source.html -file path=usr/share/docs/openscap/html/ftv2blank.png -file path=usr/share/docs/openscap/html/ftv2cl.png -file path=usr/share/docs/openscap/html/ftv2doc.png -file path=usr/share/docs/openscap/html/ftv2folderclosed.png -file path=usr/share/docs/openscap/html/ftv2folderopen.png -file path=usr/share/docs/openscap/html/ftv2lastnode.png -file path=usr/share/docs/openscap/html/ftv2link.png -file path=usr/share/docs/openscap/html/ftv2mlastnode.png -file path=usr/share/docs/openscap/html/ftv2mnode.png -file path=usr/share/docs/openscap/html/ftv2mo.png -file path=usr/share/docs/openscap/html/ftv2node.png -file path=usr/share/docs/openscap/html/ftv2ns.png -file path=usr/share/docs/openscap/html/ftv2plastnode.png -file path=usr/share/docs/openscap/html/ftv2pnode.png -file path=usr/share/docs/openscap/html/ftv2splitbar.png -file path=usr/share/docs/openscap/html/ftv2vertline.png file path=usr/share/docs/openscap/html/functions.html file path=usr/share/docs/openscap/html/functions_b.html file path=usr/share/docs/openscap/html/functions_c.html @@ -344,9 +333,7 @@ file path=usr/share/docs/openscap/html/group__CVSS.html file path=usr/share/docs/openscap/html/group__Check.html file path=usr/share/docs/openscap/html/group__DS.html -file path=usr/share/docs/openscap/html/group__Debug.html file path=usr/share/docs/openscap/html/group__ERRORS.html -file path=usr/share/docs/openscap/html/group__ITER.html file path=usr/share/docs/openscap/html/group__Memory.html file path=usr/share/docs/openscap/html/group__OVAL.html file path=usr/share/docs/openscap/html/group__OVALADT.html @@ -363,7 +350,6 @@ file path=usr/share/docs/openscap/html/group__PROBEOVALSEXP.html file path=usr/share/docs/openscap/html/group__PROBES.html file path=usr/share/docs/openscap/html/group__PROBESESSION.html -file path=usr/share/docs/openscap/html/group__Reporters.html file path=usr/share/docs/openscap/html/group__SEXPRESSIONS.html file path=usr/share/docs/openscap/html/group__STRINGS.html file path=usr/share/docs/openscap/html/group__Session.html @@ -404,6 +390,7 @@ file path=usr/share/docs/openscap/html/oscap__reference_8h_source.html file path=usr/share/docs/openscap/html/oscap__source_8h_source.html file path=usr/share/docs/openscap/html/oscap__source__priv_8h_source.html +file path=usr/share/docs/openscap/html/oscap__string_8h_source.html file path=usr/share/docs/openscap/html/oscap__text_8h.html file path=usr/share/docs/openscap/html/oscap__text_8h_source.html file path=usr/share/docs/openscap/html/oscapxml_8h_source.html @@ -445,6 +432,8 @@ file path=usr/share/docs/openscap/html/oval__filter_8c.html file path=usr/share/docs/openscap/html/oval__fts_8h_source.html file path=usr/share/docs/openscap/html/oval__generator_8c.html +file path=usr/share/docs/openscap/html/oval__glob__to__regex_8c.html +file path=usr/share/docs/openscap/html/oval__glob__to__regex_8h_source.html file path=usr/share/docs/openscap/html/oval__message_8c.html file path=usr/share/docs/openscap/html/oval__objectContent_8c.html file path=usr/share/docs/openscap/html/oval__object_8c.html @@ -578,6 +567,7 @@ file path=usr/share/docs/openscap/html/sm__alloc_8h_source.html file path=usr/share/docs/openscap/html/smf_8c.html file path=usr/share/docs/openscap/html/spb_8h_source.html +file path=usr/share/docs/openscap/html/splitbar.png file path=usr/share/docs/openscap/html/sql57_8c.html file path=usr/share/docs/openscap/html/sql_8c.html file path=usr/share/docs/openscap/html/strbuf_8h_source.html @@ -715,6 +705,7 @@ file path=usr/share/docs/openscap/html/structoscap__reference.html file path=usr/share/docs/openscap/html/structoscap__schema__table__entry.html file path=usr/share/docs/openscap/html/structoscap__source.html +file path=usr/share/docs/openscap/html/structoscap__string.html file path=usr/share/docs/openscap/html/structoscap__string__iterator.html file path=usr/share/docs/openscap/html/structoscap__string__map.html file path=usr/share/docs/openscap/html/structoscap__stringlist.html @@ -734,6 +725,7 @@ file path=usr/share/docs/openscap/html/structoval__component__ARITHMETIC.html file path=usr/share/docs/openscap/html/structoval__component__BEGEND.html file path=usr/share/docs/openscap/html/structoval__component__FUNCTION.html +file path=usr/share/docs/openscap/html/structoval__component__GLOB.html file path=usr/share/docs/openscap/html/structoval__component__LITERAL.html file path=usr/share/docs/openscap/html/structoval__component__OBJECTREF.html file path=usr/share/docs/openscap/html/structoval__component__REGEX__CAPTURE.html @@ -1026,13 +1018,8 @@ file path=usr/share/docs/openscap/html/xmltext__priv_8h_source.html file path=usr/share/docs/openscap/html/xslt__priv_8h_source.html file path=usr/share/man/man8/oscap.8 -file path=usr/share/openscap/cpe/README file path=usr/share/openscap/cpe/openscap-cpe-dict.xml file path=usr/share/openscap/cpe/openscap-cpe-oval.xml -file path=usr/share/openscap/scap-fedora14-oval.xml -file path=usr/share/openscap/scap-fedora14-xccdf.xml -file path=usr/share/openscap/scap-rhel6-oval.xml -file path=usr/share/openscap/scap-rhel6-xccdf.xml file path=usr/share/openscap/schemas/arf/1.1/asset-identification_1.1.0.xsd file path=usr/share/openscap/schemas/arf/1.1/asset-reporting-format_1.1.0.xsd file path=usr/share/openscap/schemas/arf/1.1/reporting-core_1.1.0.xsd @@ -1172,10 +1159,15 @@ file path=usr/share/openscap/schemas/oval/5.11/netconf-system-characteristics-schema.xsd file path=usr/share/openscap/schemas/oval/5.11/oval-common-schema.xsd file path=usr/share/openscap/schemas/oval/5.11/oval-definitions-schema.xsd +file path=usr/share/openscap/schemas/oval/5.11/oval-definitions-schematron.xsl file path=usr/share/openscap/schemas/oval/5.11/oval-directives-schema.xsd +file path=usr/share/openscap/schemas/oval/5.11/oval-directives-schematron.xsl file path=usr/share/openscap/schemas/oval/5.11/oval-results-schema.xsd +file path=usr/share/openscap/schemas/oval/5.11/oval-results-schematron.xsl +file path=usr/share/openscap/schemas/oval/5.11/oval-system-characteristic-schematron.xsl file path=usr/share/openscap/schemas/oval/5.11/oval-system-characteristics-schema.xsd file path=usr/share/openscap/schemas/oval/5.11/oval-variables-schema.xsd +file path=usr/share/openscap/schemas/oval/5.11/oval-variables-schematron.xsl file path=usr/share/openscap/schemas/oval/5.11/pixos-definitions-schema.xsd file path=usr/share/openscap/schemas/oval/5.11/pixos-system-characteristics-schema.xsd file path=usr/share/openscap/schemas/oval/5.11/sharepoint-definitions-schema.xsd @@ -1474,32 +1466,6 @@ file path=usr/share/openscap/schemas/xccdf/1.2/datatypes.dtd file path=usr/share/openscap/schemas/xccdf/1.2/xccdf_1.2-schematron.xsl file path=usr/share/openscap/schemas/xccdf/1.2/xccdf_1.2.xsd -file path=usr/share/openscap/sectool-sce/00_integrity.sh -file path=usr/share/openscap/sectool-sce/01_bootloader.sh -file path=usr/share/openscap/sectool-sce/01_disk_usage.sh -file path=usr/share/openscap/sectool-sce/01_group.sh -file path=usr/share/openscap/sectool-sce/01_passwd.sh -file path=usr/share/openscap/sectool-sce/01_shadow.sh -file path=usr/share/openscap/sectool-sce/02_home_files.sh -file path=usr/share/openscap/sectool-sce/02_root_dirs.sh -file path=usr/share/openscap/sectool-sce/03_path.sh -file path=usr/share/openscap/sectool-sce/04_firewall.sh -file path=usr/share/openscap/sectool-sce/05_netserv.sh -file path=usr/share/openscap/sectool-sce/05_openssh.sh -file path=usr/share/openscap/sectool-sce/05_openvpn.sh -file path=usr/share/openscap/sectool-sce/05_removed_libs.sh -file path=usr/share/openscap/sectool-sce/05_xinetd.sh -file path=usr/share/openscap/sectool-sce/07_log_files.sh -file path=usr/share/openscap/sectool-sce/08_pam.sh -file path=usr/share/openscap/sectool-sce/08_permissions.sh -file path=usr/share/openscap/sectool-sce/09_exec_shield.sh -file path=usr/share/openscap/sectool-sce/09_selinux.sh -file path=usr/share/openscap/sectool-sce/09_va_randomization.sh -file path=usr/share/openscap/sectool-sce/11_aliases.sh -file path=usr/share/openscap/sectool-sce/12_cron.sh -file path=usr/share/openscap/sectool-sce/14_nfs.sh -file path=usr/share/openscap/sectool-sce/15_tcp_wrappers.sh -file path=usr/share/openscap/sectool-sce/sectool-xccdf.xml file path=usr/share/openscap/xsl/legacy-fix.xsl file path=usr/share/openscap/xsl/legacy-fixtpl-bash.xml file path=usr/share/openscap/xsl/legacy-xccdf-share.xsl diff -r 729452029ab0 -r df06342a3259 components/openscap/patches/file.c.patch --- a/components/openscap/patches/file.c.patch Thu May 21 15:02:14 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,16 +0,0 @@ -This patch is required to fix file probe to support the has_extended_acl -attribute in OVAL. -This patch has not been contributed to upstream, but is planned to be -completed by 2015-Jan-31. - ---- openscap-1.1.1/src/OVAL/probes/unix/file.c~1~ 2014-10-27 12:41:33.138555312 -0700 -+++ openscap-1.1.1/src/OVAL/probes/unix/file.c 2014-10-27 12:40:05.815261373 -0700 -@@ -261,7 +261,7 @@ - } - return (has_acl == 1) ? gr_true : gr_false; - #elif defined(OS_SOLARIS) -- return acl_trivial(st_path) ? gr_true : gr_false; -+ return acl_trivial(path) ? gr_true : gr_false; - #else - return NULL; - #endif diff -r 729452029ab0 -r df06342a3259 components/openscap/patches/oval_variable_fix.patch --- a/components/openscap/patches/oval_variable_fix.patch Thu May 21 15:02:14 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,24 +0,0 @@ -This patch fixes the issue when variables are used in XCCDF -and the selector value is outside the specified list of values -for the variable, prevents oscap from dumping core. -This patch does not need to be contributed upstream, as it is -from the upstream community. -This patch is based on https://github.com/OpenSCAP/openscap/commit/dd94c23cfafbd1ad0d316ccf4fa9489af4c68c74 -This patch will not be needed once we upgrade to 1.2.2 or higher. ---- openscap-1.2.1/src/XCCDF_POLICY/xccdf_policy.c.~1~ 2015-03-13 10:26:12.158240726 -0700 -+++ openscap-1.2.1/src/XCCDF_POLICY/xccdf_policy.c 2015-03-13 10:28:36.287476734 -0700 -@@ -2166,7 +2166,13 @@ - } - - struct xccdf_value_instance *instance = xccdf_value_get_instance_by_selector((struct xccdf_value *) item, selector); -- return xccdf_value_instance_get_value(instance); -+ if (instance == NULL) { -+ oscap_seterr(OSCAP_EFAMILY_XCCDF, "Invalid selector '%s' for xccdf:value/@id='%s'. Using null value instead.", -+ selector, xccdf_value_get_id((struct xccdf_value *) item)); -+ return NULL; -+ } else { -+ return xccdf_value_instance_get_value(instance); -+ } - } - - static int xccdf_policy_get_refine_value_oper(struct xccdf_policy * policy, struct xccdf_item * item) diff -r 729452029ab0 -r df06342a3259 components/openscap/patches/sce_engine.c.patch --- a/components/openscap/patches/sce_engine.c.patch Thu May 21 15:02:14 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,15 +0,0 @@ -This patch fix is required to port this file to solaris. -This patch has not been submitted upstream, but is intended to by -2015-Jan-31. ---- openscap-1.1.1/src/SCE/sce_engine.c.~1~ 2014-10-27 14:47:43.904868342 -0700 -+++ openscap-1.1.1/src/SCE/sce_engine.c 2014-10-27 14:49:29.343125585 -0700 -@@ -45,7 +45,9 @@ - #include - #include - #include -+#if defined(__linux__) - #include -+#endif - #include - #include -