22188277 upgrade openscap to 1.2.6
21051102 Need smfproperty probe to check smfproperty values in OVAL
21928864 oscap is limited to processing 32K records due to memory checks in the code
21636352 Fix the cpe OVAL checks
--- a/components/openscap/Makefile Tue Feb 23 15:51:24 2016 -0800
+++ b/components/openscap/Makefile Wed Feb 24 14:19:35 2016 -0800
@@ -19,7 +19,7 @@
# CDDL HEADER END
#
-# Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
#
COMPILER = gcc
@@ -27,16 +27,16 @@
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= openscap
-COMPONENT_VERSION= 1.2.3
+COMPONENT_VERSION= 1.2.6
COMPONENT_PROJECT_URL= http://www.open-scap.org
COMPONENT_DOWNLOAD_URL= https://fedorahosted.org/releases/o/p/openscap
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
-COMPONENT_ARCHIVE_HASH= sha256:c15d587e5cdfcef1316536e6ed8ad66fea3e083ac3d3b723b7e54208f63787c7
+COMPONENT_ARCHIVE_HASH= sha256:95f2345e041e9ba838ad8065b68ce0ec4b0971d7afc72d601489236bbfc0c652
COMPONENT_ARCHIVE_URL= $(COMPONENT_DOWNLOAD_URL)/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= utility/openscap
-TPNO = 22513
+TPNO = 25520
CFLAGS+= -std=c99
CFLAGS+= -DNDEBUG
@@ -101,7 +101,7 @@
install: $(INSTALL_32)
$(MKDIR) $(DOCS_DIR)
- $(CP) $(SOURCE_DIR)/docs/html/* $(DOCS_DIR)
+ $(CP) -r $(SOURCE_DIR)/docs/html/* $(DOCS_DIR)
test: $(TEST_32)
--- a/components/openscap/files/cpe/openscap-cpe-dict.xml Tue Feb 23 15:51:24 2016 -0800
+++ b/components/openscap/files/cpe/openscap-cpe-dict.xml Wed Feb 24 14:19:35 2016 -0800
@@ -1,10 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
-->
-<cpe-list xmlns="http://cpe.mitre.org/dictionary/2.0"
+ <cpe-list xmlns="http://cpe.mitre.org/dictionary/2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0 cpe-dictionary_2.0.xsd">
+ xsi:schemaLocation="http://scap.nist.gov/schema/cpe/2.3/ cpe-dictionary_2.3.xsd">
<cpe-item name="cpe:/o:oracle:solaris">
<title>Oracle Solaris</title>
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
--- a/components/openscap/files/cpe/openscap-cpe-oval.xml Tue Feb 23 15:51:24 2016 -0800
+++ b/components/openscap/files/cpe/openscap-cpe-oval.xml Wed Feb 24 14:19:35 2016 -0800
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
-->
<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -169,8 +169,8 @@
comment="Oracle Solaris">
<os_name datatype="string" operation="equals"
entity_check="all">SunOS</os_name>
- <os_version datatype="string" operation="pattern match"
- entity_check="all" >^5.*$</os_version>
+ <os_release datatype="string" operation="pattern match"
+ entity_check="all" >^5.*$</os_release>
</uname_state>
<uname_state
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
@@ -178,8 +178,8 @@
comment="Oracle Solaris 11">
<os_name datatype="string" operation="equals"
entity_check="all">SunOS</os_name>
- <os_version datatype="string" operation="equals"
- entity_check="all">5.11</os_version>
+ <os_release datatype="string" operation="equals"
+ entity_check="all">5.11</os_release>
</uname_state>
<uname_state
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
@@ -188,9 +188,9 @@
<os_name datatype="string" operation="equals"
entity_check="all">SunOS</os_name>
<os_release datatype="string" operation="equals"
- entity_check="all">11.1</os_release>
+ entity_check="all">5.11</os_release>
<os_version datatype="string" operation="equals"
- entity_check="all">5.11</os_version>
+ entity_check="all">11.1</os_version>
</uname_state>
<uname_state
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
@@ -199,9 +199,9 @@
<os_name datatype="string" operation="equals"
entity_check="all">SunOS</os_name>
<os_release datatype="string" operation="equals"
- entity_check="all">11.2</os_release>
+ entity_check="all">5.11</os_release>
<os_version datatype="string" operation="equals"
- entity_check="all">5.11</os_version>
+ entity_check="all">11.2</os_version>
</uname_state>
<uname_state
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
@@ -210,9 +210,9 @@
<os_name datatype="string" operation="equals"
entity_check="all">SunOS</os_name>
<os_release datatype="string" operation="equals"
- entity_check="all">11.3</os_release>
+ entity_check="all">5.11</os_release>
<os_version datatype="string" operation="equals"
- entity_check="all">5.11</os_version>
+ entity_check="all">11.3</os_version>
</uname_state>
<uname_state
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
--- a/components/openscap/openscap.p5m Tue Feb 23 15:51:24 2016 -0800
+++ b/components/openscap/openscap.p5m Wed Feb 24 14:19:35 2016 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
#
<transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -36,9 +36,7 @@
set name=org.opensolaris.arc-caseid value=PSARC/2012/152
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
-
file path=usr/bin/oscap
-file path=usr/etc/bash_completion.d/oscap
file path=usr/include/openscap/check_engine_plugin.h
file path=usr/include/openscap/cpe_dict.h
file path=usr/include/openscap/cpe_lang.h
@@ -61,6 +59,8 @@
file path=usr/include/openscap/oval_probe_handler.h
file path=usr/include/openscap/oval_probe_session.h
file path=usr/include/openscap/oval_results.h
+file path=usr/include/openscap/oval_schema_version.h
+file path=usr/include/openscap/oval_session.h
file path=usr/include/openscap/oval_system_characteristics.h
file path=usr/include/openscap/oval_types.h
file path=usr/include/openscap/oval_variables.h
@@ -70,12 +70,12 @@
file path=usr/include/openscap/xccdf_benchmark.h
file path=usr/include/openscap/xccdf_policy.h
file path=usr/include/openscap/xccdf_session.h
-link path=usr/lib/libopenscap.so target=libopenscap.so.8.4.3
-link path=usr/lib/libopenscap.so.8 target=libopenscap.so.8.4.3
-file path=usr/lib/libopenscap.so.8.4.3
-link path=usr/lib/libopenscap_sce.so target=libopenscap_sce.so.8.4.3
-link path=usr/lib/libopenscap_sce.so.8 target=libopenscap_sce.so.8.4.3
-file path=usr/lib/libopenscap_sce.so.8.4.3
+link path=usr/lib/libopenscap.so target=libopenscap.so.8.6.0
+link path=usr/lib/libopenscap.so.8 target=libopenscap.so.8.6.0
+file path=usr/lib/libopenscap.so.8.6.0
+link path=usr/lib/libopenscap_sce.so target=libopenscap_sce.so.8.6.0
+link path=usr/lib/libopenscap_sce.so.8 target=libopenscap_sce.so.8.6.0
+file path=usr/lib/libopenscap_sce.so.8.6.0
file path=usr/lib/openscap/probe_dnscache
file path=usr/lib/openscap/probe_environmentvariable
file path=usr/lib/openscap/probe_environmentvariable58
@@ -93,6 +93,8 @@
file path=usr/lib/openscap/probe_runlevel
file path=usr/lib/openscap/probe_shadow
file path=usr/lib/openscap/probe_smf
+file path=usr/lib/openscap/probe_smfproperty
+file path=usr/lib/openscap/probe_symlink
file path=usr/lib/openscap/probe_sysctl
file path=usr/lib/openscap/probe_system_info
file path=usr/lib/openscap/probe_textfilecontent
@@ -101,7 +103,6 @@
file path=usr/lib/openscap/probe_variable
file path=usr/lib/openscap/probe_xinetd
file path=usr/lib/openscap/probe_xmlfilecontent
-file path=usr/lib/pkgconfig/libopenscap.pc
file path=usr/share/docs/openscap/html/MurmurHash3_8h_source.html
file path=usr/share/docs/openscap/html/OVAL_2probes_2SEAP_2generic_2bfind_8h_source.html
file path=usr/share/docs/openscap/html/OVAL_2probes_2SEAP_2public_2helpers_8h_source.html
@@ -340,6 +341,7 @@
file path=usr/share/docs/openscap/html/group__OVALDEF.html
file path=usr/share/docs/openscap/html/group__OVALDIR.html
file path=usr/share/docs/openscap/html/group__OVALRES.html
+file path=usr/share/docs/openscap/html/group__OVALSESSION.html
file path=usr/share/docs/openscap/html/group__OVALSYS.html
file path=usr/share/docs/openscap/html/group__OVALVAR.html
file path=usr/share/docs/openscap/html/group__PROBEAPI.html
@@ -384,6 +386,7 @@
file path=usr/share/docs/openscap/html/oscap_8h.html
file path=usr/share/docs/openscap/html/oscap_8h_source.html
file path=usr/share/docs/openscap/html/oscap__acquire_8h_source.html
+file path=usr/share/docs/openscap/html/oscap__buffer_8h_source.html
file path=usr/share/docs/openscap/html/oscap__error_8h.html
file path=usr/share/docs/openscap/html/oscap__error_8h_source.html
file path=usr/share/docs/openscap/html/oscap__reference_8h_source.html
@@ -460,6 +463,9 @@
file path=usr/share/docs/openscap/html/oval__results_8h_source.html
file path=usr/share/docs/openscap/html/oval__results__impl_8h.html
file path=usr/share/docs/openscap/html/oval__results__impl_8h_source.html
+file path=usr/share/docs/openscap/html/oval__schema__version_8h_source.html
+file path=usr/share/docs/openscap/html/oval__session_8h.html
+file path=usr/share/docs/openscap/html/oval__session_8h_source.html
file path=usr/share/docs/openscap/html/oval__set_8c.html
file path=usr/share/docs/openscap/html/oval__sexp_8c.html
file path=usr/share/docs/openscap/html/oval__sexp_8h.html
@@ -468,6 +474,7 @@
file path=usr/share/docs/openscap/html/oval__smc__iterator__impl_8h_source.html
file path=usr/share/docs/openscap/html/oval__stateContent_8c.html
file path=usr/share/docs/openscap/html/oval__state_8c.html
+file path=usr/share/docs/openscap/html/oval__status__counter_8h_source.html
file path=usr/share/docs/openscap/html/oval__string__map_8c.html
file path=usr/share/docs/openscap/html/oval__string__map__impl_8h.html
file path=usr/share/docs/openscap/html/oval__string__map__impl_8h_source.html
@@ -691,6 +698,7 @@
file path=usr/share/docs/openscap/html/structinterface__t.html
file path=usr/share/docs/openscap/html/structllist.html
file path=usr/share/docs/openscap/html/structoresults.html
+file path=usr/share/docs/openscap/html/structoscap__buffer.html
file path=usr/share/docs/openscap/html/structoscap__err__t.html
file path=usr/share/docs/openscap/html/structoscap__file__entry.html
file path=usr/share/docs/openscap/html/structoscap__file__entry__iterator.html
@@ -704,7 +712,6 @@
file path=usr/share/docs/openscap/html/structoscap__reference.html
file path=usr/share/docs/openscap/html/structoscap__schema__table__entry.html
file path=usr/share/docs/openscap/html/structoscap__source.html
-file path=usr/share/docs/openscap/html/structoscap__string.html
file path=usr/share/docs/openscap/html/structoscap__string__iterator.html
file path=usr/share/docs/openscap/html/structoscap__string__map.html
file path=usr/share/docs/openscap/html/structoscap__stringlist.html
@@ -790,6 +797,8 @@
file path=usr/share/docs/openscap/html/structoval__result__test__iterator.html
file path=usr/share/docs/openscap/html/structoval__result__to__xccdf__spec.html
file path=usr/share/docs/openscap/html/structoval__results__model.html
+file path=usr/share/docs/openscap/html/structoval__schema__version__t.html
+file path=usr/share/docs/openscap/html/structoval__session.html
file path=usr/share/docs/openscap/html/structoval__set__AGGREGATE.html
file path=usr/share/docs/openscap/html/structoval__set__COLLECTIVE.html
file path=usr/share/docs/openscap/html/structoval__set__context.html
@@ -800,6 +809,7 @@
file path=usr/share/docs/openscap/html/structoval__state__content.html
file path=usr/share/docs/openscap/html/structoval__state__content__iterator.html
file path=usr/share/docs/openscap/html/structoval__state__iterator.html
+file path=usr/share/docs/openscap/html/structoval__status__counter.html
file path=usr/share/docs/openscap/html/structoval__string__iterator.html
file path=usr/share/docs/openscap/html/structoval__subtypedsc__t.html
file path=usr/share/docs/openscap/html/structoval__syschar.html
@@ -828,6 +838,9 @@
file path=usr/share/docs/openscap/html/structoval__variable__iterator.html
file path=usr/share/docs/openscap/html/structoval__variable__model.html
file path=usr/share/docs/openscap/html/structoval__variable__model__iterator.html
+file path=usr/share/docs/openscap/html/structoval__variable__possible__restriction.html
+file path=usr/share/docs/openscap/html/structoval__variable__possible__value.html
+file path=usr/share/docs/openscap/html/structoval__variable__restriction.html
file path=usr/share/docs/openscap/html/structpfdata.html
file path=usr/share/docs/openscap/html/structprobe__citem__t.html
file path=usr/share/docs/openscap/html/structprobe__ctx.html
@@ -937,6 +950,7 @@
file path=usr/share/docs/openscap/html/structxccdf__profile__note.html
file path=usr/share/docs/openscap/html/structxccdf__profile__note__iterator.html
file path=usr/share/docs/openscap/html/structxccdf__refine__rule.html
+file path=usr/share/docs/openscap/html/structxccdf__refine__rule__internal.html
file path=usr/share/docs/openscap/html/structxccdf__refine__rule__iterator.html
file path=usr/share/docs/openscap/html/structxccdf__refine__value.html
file path=usr/share/docs/openscap/html/structxccdf__refine__value__iterator.html
@@ -975,6 +989,7 @@
file path=usr/share/docs/openscap/html/structxiconf__service.html
file path=usr/share/docs/openscap/html/structxiconf__strans__t.html
file path=usr/share/docs/openscap/html/structxiconf__t.html
+file path=usr/share/docs/openscap/html/symlink_8c.html
file path=usr/share/docs/openscap/html/sync_off.png
file path=usr/share/docs/openscap/html/sync_on.png
file path=usr/share/docs/openscap/html/sysctl_8c.html
@@ -1008,6 +1023,7 @@
file path=usr/share/docs/openscap/html/xccdf__policy__engine__priv_8h_source.html
file path=usr/share/docs/openscap/html/xccdf__policy__model__priv_8h_source.html
file path=usr/share/docs/openscap/html/xccdf__policy__priv_8h_source.html
+file path=usr/share/docs/openscap/html/xccdf__policy__resolve_8h_source.html
file path=usr/share/docs/openscap/html/xccdf__session_8h.html
file path=usr/share/docs/openscap/html/xccdf__session_8h_source.html
file path=usr/share/docs/openscap/html/xinetd_8c.html
@@ -1016,9 +1032,16 @@
file path=usr/share/docs/openscap/html/xmlns__priv_8h_source.html
file path=usr/share/docs/openscap/html/xmltext__priv_8h_source.html
file path=usr/share/docs/openscap/html/xslt__priv_8h_source.html
+file path=usr/share/man/man8/oscap-docker.8
+file path=usr/share/man/man8/oscap-ssh.8
file path=usr/share/man/man8/oscap.8
+file path=usr/share/man/man8/scap-as-rpm.8
file path=usr/share/openscap/cpe/openscap-cpe-dict.xml
file path=usr/share/openscap/cpe/openscap-cpe-oval.xml
+file path=usr/share/openscap/scap-fedora14-oval.xml
+file path=usr/share/openscap/scap-fedora14-xccdf.xml
+file path=usr/share/openscap/scap-rhel6-oval.xml
+file path=usr/share/openscap/scap-rhel6-xccdf.xml
file path=usr/share/openscap/schemas/arf/1.1/asset-identification_1.1.0.xsd
file path=usr/share/openscap/schemas/arf/1.1/asset-reporting-format_1.1.0.xsd
file path=usr/share/openscap/schemas/arf/1.1/reporting-core_1.1.0.xsd
@@ -1124,6 +1147,59 @@
file path=usr/share/openscap/schemas/oval/5.10/unix-system-characteristics-schema.xsd
file path=usr/share/openscap/schemas/oval/5.10/windows-definitions-schema.xsd
file path=usr/share/openscap/schemas/oval/5.10/windows-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/aix-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/aix-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/android-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/android-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/apache-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/apache-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/apple-ios-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/apple-ios-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/asa-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/asa-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/catos-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/catos-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/esx-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/esx-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/freebsd-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/freebsd-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/hpux-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/hpux-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/independent-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/independent-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/ios-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/ios-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/iosxe-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/iosxe-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/junos-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/junos-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/linux-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/linux-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/macos-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/macos-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/netconf-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/netconf-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/oval-common-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/oval-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/oval-definitions-schematron.xsl
+file path=usr/share/openscap/schemas/oval/5.11.1/oval-directives-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/oval-directives-schematron.xsl
+file path=usr/share/openscap/schemas/oval/5.11.1/oval-results-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/oval-results-schematron.xsl
+file path=usr/share/openscap/schemas/oval/5.11.1/oval-system-characteristic-schematron.xsl
+file path=usr/share/openscap/schemas/oval/5.11.1/oval-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/oval-variables-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/oval-variables-schematron.xsl
+file path=usr/share/openscap/schemas/oval/5.11.1/pixos-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/pixos-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/sharepoint-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/sharepoint-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/solaris-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/solaris-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/unix-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/unix-system-characteristics-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/windows-definitions-schema.xsd
+file path=usr/share/openscap/schemas/oval/5.11.1/windows-system-characteristics-schema.xsd
file path=usr/share/openscap/schemas/oval/5.11/aix-definitions-schema.xsd
file path=usr/share/openscap/schemas/oval/5.11/aix-system-characteristics-schema.xsd
file path=usr/share/openscap/schemas/oval/5.11/android-definitions-schema.xsd
@@ -1465,6 +1541,32 @@
file path=usr/share/openscap/schemas/xccdf/1.2/datatypes.dtd
file path=usr/share/openscap/schemas/xccdf/1.2/xccdf_1.2-schematron.xsl
file path=usr/share/openscap/schemas/xccdf/1.2/xccdf_1.2.xsd
+file path=usr/share/openscap/sectool-sce/00_integrity.sh
+file path=usr/share/openscap/sectool-sce/01_bootloader.sh
+file path=usr/share/openscap/sectool-sce/01_disk_usage.sh
+file path=usr/share/openscap/sectool-sce/01_group.sh
+file path=usr/share/openscap/sectool-sce/01_passwd.sh
+file path=usr/share/openscap/sectool-sce/01_shadow.sh
+file path=usr/share/openscap/sectool-sce/02_home_files.sh
+file path=usr/share/openscap/sectool-sce/02_root_dirs.sh
+file path=usr/share/openscap/sectool-sce/03_path.sh
+file path=usr/share/openscap/sectool-sce/04_firewall.sh
+file path=usr/share/openscap/sectool-sce/05_netserv.sh
+file path=usr/share/openscap/sectool-sce/05_openssh.sh
+file path=usr/share/openscap/sectool-sce/05_openvpn.sh
+file path=usr/share/openscap/sectool-sce/05_removed_libs.sh
+file path=usr/share/openscap/sectool-sce/05_xinetd.sh
+file path=usr/share/openscap/sectool-sce/07_log_files.sh
+file path=usr/share/openscap/sectool-sce/08_pam.sh
+file path=usr/share/openscap/sectool-sce/08_permissions.sh
+file path=usr/share/openscap/sectool-sce/09_exec_shield.sh
+file path=usr/share/openscap/sectool-sce/09_selinux.sh
+file path=usr/share/openscap/sectool-sce/09_va_randomization.sh
+file path=usr/share/openscap/sectool-sce/11_aliases.sh
+file path=usr/share/openscap/sectool-sce/12_cron.sh
+file path=usr/share/openscap/sectool-sce/14_nfs.sh
+file path=usr/share/openscap/sectool-sce/15_tcp_wrappers.sh
+file path=usr/share/openscap/sectool-sce/sectool-xccdf.xml
file path=usr/share/openscap/xsl/legacy-fix.xsl
file path=usr/share/openscap/xsl/legacy-fixtpl-bash.xml
file path=usr/share/openscap/xsl/legacy-xccdf-share.xsl
@@ -1486,7 +1588,7 @@
fmri=library/perl-5/openscap-512@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION) \
predicate=runtime/perl-512
depend type=conditional \
- fmri=library/python/openscap-26@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION) \
+ fmri=library/python/openscap-27@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION) \
predicate=runtime/python-26
depend type=conditional \
fmri=library/python/openscap-27@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION) \
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openscap/patches/icache.c.patch Wed Feb 24 14:19:35 2016 -0800
@@ -0,0 +1,25 @@
+This fix addresses an issue in openscap which is meant
+to handle systems with small memory configurations. But
+on solaris we are not choosing to limit the applications
+memory usage. This has not been contributed upstream,
+but is intended to by 2016-Mar-15.
+--- openscap-1.2.3/src/OVAL/probes/probe/icache.c.~1~ 2013-03-21 08:27:20.000000000 -0700
++++ openscap-1.2.3/src/OVAL/probes/probe/icache.c 2015-11-06 14:06:01.150096481 -0800
+@@ -506,7 +506,8 @@
+ cobj_itemcnt = SEXP_list_length(cobj_content);
+ SEXP_free(cobj_content);
+
+- if (probe_cobj_memcheck(cobj_itemcnt) != 0) {
++#if !defined (__sun) && !defined (__SVR4)
++ if (probe_cobj_memcheck(cobj_itemcnt) != 0) {
+
+ /*
+ * Don't set the message again if the collected object is
+@@ -532,6 +533,7 @@
+
+ return 2;
+ }
++#endif
+
+ if (ctx->filters != NULL && probe_item_filtered(item, ctx->filters)) {
+ SEXP_free(item);
--- a/components/openscap/patches/oval_probe.c.patch Tue Feb 23 15:51:24 2016 -0800
+++ b/components/openscap/patches/oval_probe.c.patch Wed Feb 24 14:19:35 2016 -0800
@@ -1,16 +1,16 @@
-This patch adds the smf probe to the list of supported probes.
-This patch has not been contributed upstream, but is planned to be done by
- 2013-Jul-12.
-
---- openscap-0.8.1/src/OVAL/oval_probe.c.orig 2012-11-19 10:04:14.596320954 -0800
-+++ openscap-0.8.1/src/OVAL/oval_probe.c 2012-11-19 09:56:27.562728645 -0800
-@@ -84,7 +84,8 @@
- OVAL_PROBE_EXTERNAL(OVAL_UNIX_PROCESS58, "process58"),
+This patch adds the smf, smfproperty probes to the list of supported probes.
+This patch has been submitted upstream, but is being negotiated am hoping
+to have it accepted by 2016-Mar-15.
+--- openscap-1.2.6/src/OVAL/oval_probe.c.~1~ 2016-01-28 09:48:41.960984701 -0800
++++ openscap-1.2.6/src/OVAL/oval_probe.c 2016-01-28 09:51:02.504730673 -0800
+@@ -91,7 +91,9 @@
OVAL_PROBE_EXTERNAL(OVAL_UNIX_FILEEXTENDEDATTRIBUTE, "fileextendedattribute"),
OVAL_PROBE_EXTERNAL(OVAL_UNIX_GCONF, "gconf"),
-- OVAL_PROBE_EXTERNAL(OVAL_UNIX_ROUTINGTABLE, "routingtable")
-+ OVAL_PROBE_EXTERNAL(OVAL_UNIX_ROUTINGTABLE, "routingtable"),
-+ OVAL_PROBE_EXTERNAL(OVAL_SOLARIS_SMF, "smf")
+ OVAL_PROBE_EXTERNAL(OVAL_UNIX_ROUTINGTABLE, "routingtable"),
+- OVAL_PROBE_EXTERNAL(OVAL_UNIX_SYMLINK, "symlink")
++ OVAL_PROBE_EXTERNAL(OVAL_UNIX_SYMLINK, "symlink"),
++ OVAL_PROBE_EXTERNAL(OVAL_SOLARIS_SMF, "smf"),
++ OVAL_PROBE_EXTERNAL(OVAL_SOLARIS_SMFPROPERTY,"smfproperty")
};
#define __PROBE_META_COUNT (sizeof OSCAP_GSYM(__probe_meta)/sizeof OSCAP_GSYM(__probe_meta)[0])
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openscap/patches/smfproperty.patch Wed Feb 24 14:19:35 2016 -0800
@@ -0,0 +1,473 @@
+This patch provides the implementation of the smfproperty probe
+on solaris.
+This patch has not been contributed upstream but is planned to be contributed
+upstream. Hoping to have it accepted by 2016-Mar-15.
+--- openscap-1.2.1/configure.ac.~3~ 2015-04-22 16:20:53.433875799 -0700
++++ openscap-1.2.1/configure.ac 2015-04-22 16:25:56.053053597 -0700
+@@ -257,6 +257,10 @@
+ probe_systemdunitdependency_req_deps_missing=
+ probe_systemdunitdependency_opt_deps_ok=yes
+ probe_systemdunitdependency_opt_deps_missing=
++probe_smfproperty_req_deps_ok=yes
++probe_smfproperty_req_deps_missing=
++probe_smfproperty_opt_deps_ok=yes
++probe_smfproperty_opt_deps_missing=
+
+ #
+ # env
+@@ -1325,6 +1329,8 @@
+ probe_systemdunitproperty_enabled=$probe_systemdunitproperty_req_deps_ok
+ AM_CONDITIONAL([probe_systemdunitdependency_enabled], test "$probe_systemdunitdependency_req_deps_ok" = yes)
+ probe_systemdunitdependency_enabled=$probe_systemdunitdependency_req_deps_ok
++AM_CONDITIONAL([probe_smfproperty_enabled], test "$probe_smfproperty_req_deps_ok" = yes)
++probe_smfproperty_enabled=$probe_smfproperty_req_deps_ok
+
+ AM_CONDITIONAL([WANT_CCE], test "$cce" = yes)
+
+@@ -1736,6 +1742,12 @@
+ probe_systemdunitdependency_table_result="NO (missing: $probe_systemdunitdependency_req_deps_missing)"
+ fi
+ printf " %-28s %s\n" "systemdunitdependency:" "$probe_systemdunitdependency_table_result"
++if test "$probe_smfproperty_req_deps_ok" = "yes"; then
++ probe_smfproperty_table_result="yes"
++else
++ probe_smfproperty_table_result="NO (missing: $probe_smfproperty_req_deps_missing)"
++fi
++printf " %-28s %s\n" "smfproperty:" "$probe_smfproperty_table_result"
+ echo
+ echo " === configuration ==="
+ echo " probe directory set to: $probe_dir"
+--- openscap-1.2.1/src/OVAL/oval_enumerations.c.~1~ 2015-04-22 16:40:36.569105567 -0700
++++ openscap-1.2.1/src/OVAL/oval_enumerations.c 2015-04-22 16:41:10.935676772 -0700
+@@ -512,6 +512,7 @@
+ {OVAL_SOLARIS_SMF, "smf"},
+ {OVAL_SOLARIS_NDD, "ndd"},
+ {OVAL_SOLARIS_PACKAGECHECK, "packagecheck"},
++ {OVAL_SOLARIS_SMFPROPERTY, "smfproperty"},
+ {OVAL_SUBTYPE_UNKNOWN, NULL}
+ };
+
+--- openscap-1.2.1/src/OVAL/probes/Makefile.am.~1~ 2015-04-22 16:43:21.761989228 -0700
++++ openscap-1.2.1/src/OVAL/probes/Makefile.am 2015-04-22 16:44:11.722065041 -0700
+@@ -202,6 +202,11 @@
+ probe_smf_SOURCES= unix/solaris/smf.c
+ endif
+
++if probe_smfproperty_enabled
++pkglibexec_PROGRAMS += probe_smfproperty
++probe_smfproperty_SOURCES= unix/solaris/smfproperty.c
++endif
++
+ endif
+
+ #
+--- openscap-1.2.3/src/OVAL/probes/unix/solaris/smfproperty.c.~1~ 2015-06-02 21:28:41.068464123 -0700
++++ openscap-1.2.3/src/OVAL/probes/unix/solaris/smfproperty.c 2015-06-03 09:48:55.973035835 -0700
+@@ -0,0 +1,385 @@
++/**
++ * @file smfproperty.c
++ * @brief smfproperty probe
++ * @author "Jacob Varughese" <[email protected]>
++ *
++ * This probe processes retrieves the properties of smf services.
++ */
++
++
++#include "probe-api.h"
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#if defined(__SVR4) && defined(__sun)
++#include <stdlib.h>
++#include <string.h>
++#include <stdio.h>
++#include <errno.h>
++#include <sys/stat.h>
++#include <ctype.h>
++#include <sys/types.h>
++#include <limits.h>
++#include <unistd.h>
++#include <libscf.h>
++#include <libscf_priv.h>
++#include "seap.h"
++#include "probe/entcmp.h"
++#include "alloc.h"
++#include "common/debug_priv.h"
++
++#ifndef SCF_PG_START
++#define SCF_PG_START "start"
++#endif
++
++#ifndef SCF_SNAPSHOT_RUNNING
++#define SCF_SNAPSHOT_RUNNING "running"
++#endif
++
++#define MAX_SCF_VALUE_LENGTH 1024
++/* Convenience structure for the results being reported */
++
++/*
++ * smfproperty probe:
++ *
++ *
++ * fmri
++ * service
++ * instance
++ * property
++ * value
++ */
++
++
++/* Convenience structure for the results being reported */
++struct result_info {
++ char *fmri;
++ char *service;
++ char *instance;
++ char *property;
++ char *value;
++};
++
++
++static char *
++strdup_check(char *p)
++{
++ char *ret;
++
++ if ((ret = strdup(p)) == NULL) {
++ dE("Error: Out of Memory error.\n");
++ exit(PROBE_ENOMEM);
++ }
++ return ret;
++}
++
++
++
++static void
++report_smfproperty(struct result_info *res, probe_ctx *ctx)
++{
++ SEXP_t *item;
++
++ item = probe_item_create(OVAL_SOLARIS_SMFPROPERTY, NULL,
++ "fmri", OVAL_DATATYPE_STRING, res->fmri,
++ "service", OVAL_DATATYPE_STRING, res->service,
++ "instance", OVAL_DATATYPE_STRING, res->instance,
++ "property", OVAL_DATATYPE_STRING, res->property,
++ "value", OVAL_DATATYPE_STRING,
++ res->value,
++ NULL);
++ probe_item_collect(ctx, item);
++}
++
++
++static int
++convert_prop(scf_handle_t *hdl, const scf_property_t *prop,
++ struct result_info *res, probe_ctx *ctx)
++{
++ char propname[256];
++ scf_iter_t *iter = NULL;
++ scf_value_t *value = NULL;
++ ssize_t size = 0, len = 0, i = 0;
++ char *buffer;
++ int cur_size;
++
++ if (prop == NULL)
++ return 0;
++
++ if (scf_property_get_name(prop, propname,
++ sizeof(propname)) < 0) {
++ dE("Cannot get name of property\n");
++ dE("Error: %s\n", scf_strerror(scf_error()));
++ return 1;
++ }
++ if ((value = scf_value_create(hdl)) == NULL) {
++ dE("Cannot create value from handle for prop:%s\n",
++ propname);
++ dE("Error: %s\n", scf_strerror(scf_error()));
++ return 1;
++ }
++ if ((iter = scf_iter_create(hdl)) == NULL) {
++ dE("Cannot create value iterator for prop:%s\n",
++ propname);
++ dE("Error: %s\n", scf_strerror(scf_error()));
++ return 1;
++ }
++ if (scf_iter_property_values(iter, prop) != 0) {
++ dE("Cannot iterate values for prop:%s\n",
++ propname);
++ dE("Error: %s\n", scf_strerror(scf_error()));
++ return 1;
++ }
++ buffer = malloc(MAX_SCF_VALUE_LENGTH);
++ if (buffer == NULL) {
++ dE("Out of Memory Error.\n");
++ exit(PROBE_ENOMEM);
++ }
++ buffer[0] = '\0';
++ cur_size = MAX_SCF_VALUE_LENGTH;
++ while ((scf_iter_next_value(iter, value)) > 0) {
++ char *tmp;
++ i++;
++ size = scf_value_get_as_string(value, NULL, 0) + 1;
++ if (size < 0) {
++ dE("Cannot get value for prop:%s size is"
++ " invalid\n", propname);
++ dE("Error: %s\n", scf_strerror(scf_error()));
++ return 1;
++ }
++ if ((size + len + 2) > cur_size) {
++ cur_size = cur_size * 2 + size;
++ buffer = realloc(buffer, cur_size);
++ if (buffer == NULL) {
++ dE("Out of Memory Error.\n");
++ exit(PROBE_ENOMEM);
++ }
++ }
++ if (i > 1) {
++ buffer[len -1] = ' ';
++ buffer[len] = '\0';
++ tmp = &buffer[len];
++ } else {
++ tmp = &buffer[0];
++ }
++ scf_value_get_as_string(value, tmp, size);
++ len += size;
++ }
++ res->value = buffer;
++ report_smfproperty(res, ctx);
++ dI("fmri=% service=%s instance=%s property=%s value=%s\n",
++ res->fmri, res->service, res->instance, res->property, res->value);
++ free(buffer);
++ return 0;
++}
++
++static int
++get_smf_prop(scf_handle_t *h, const scf_service_t *service,
++ const scf_instance_t *instance, const char *prop_grp_name,
++ const char *prop_name, struct result_info *res, probe_ctx *ctx)
++{
++ scf_propertygroup_t *pg = scf_pg_create(h);
++ scf_property_t *prop = scf_property_create(h);
++ int rc;
++
++ if (pg == NULL) {
++ dE("Unable to create property group from handle.\n");
++ dE("prop_grp_name=%s prop_name=%s.\n",
++ prop_grp_name, prop_name);
++ dE("Error: %s.\n", scf_strerror(scf_error()));
++ rc = 1;
++ goto cleanup;
++ }
++ if (prop == NULL) {
++ dE("Unable to create property from handle.\n");
++ dE("prop_grp_name=%s prop_name=%s.\n",
++ prop_grp_name, prop_name);
++ dE("Error: %s.\n", scf_strerror(scf_error()));
++ rc = 1;
++ goto cleanup;
++ }
++
++ if (instance == NULL) {
++ if (scf_service_get_pg(service, prop_grp_name, pg) == -1 ||
++ scf_pg_get_property(pg, prop_name, prop) == -1) {
++ dE("Error: Could not read %s/%s from service.\n",
++ prop_grp_name, prop_name);
++ rc = 1;
++ goto cleanup;
++ }
++ } else {
++ scf_snapshot_t *snap;
++ if ((snap = scf_snapshot_create(h)) == NULL) {
++ dE("Unable to create snapshot from handle.\n");
++ dE("fmri=%s \n", res->fmri);
++ dE("Error: %s.\n", scf_strerror(scf_error()));
++ rc = 1;
++ goto cleanup;
++ }
++ if (scf_instance_get_snapshot(instance, SCF_SNAPSHOT_RUNNING,
++ snap) == -1) {
++ dE("Unable to get running snapshot.\n");
++ dE("for fmri=%s \n", res->fmri);
++ dE("Error: %s.\n", scf_strerror(scf_error()));
++ rc = 1;
++ goto cleanup;
++ }
++ if (scf_instance_get_pg_composed(instance, snap,
++ prop_grp_name, pg) == -1) {
++ dE("Error: Could not read "
++ " %s/%s property from snapshot for %s\n",
++ prop_grp_name, prop_name, res->fmri);
++ rc = 1;
++ scf_snapshot_destroy(snap);
++ goto cleanup;
++ }
++ scf_snapshot_destroy(snap);
++ }
++ if (scf_pg_get_property(pg, prop_name, prop) == -1) {
++ dE("Error: Could not read %s/%s property %s\n",
++ prop_grp_name, prop_name, res->fmri);
++ rc = 1;
++ goto cleanup;
++ }
++ rc = convert_prop(h, prop, res, ctx);
++cleanup:
++ scf_property_destroy(prop);
++ scf_pg_destroy(pg);
++ return rc;
++}
++
++static int
++collect_smfprop_info(char *asvc, char *ainst, char *aprop,
++ probe_ctx *ctx)
++{
++ struct result_info r;
++ int rc = 0;
++ char *propgrp = NULL, *prop = NULL;
++ char *tmp = NULL;
++ scf_handle_t *scf_hdl;
++ scf_instance_t *inst = NULL;
++ scf_service_t *svc = NULL;
++ char *p = NULL;
++
++ memset(&r, 0, sizeof(r));
++ r.service = asvc;
++
++ if (ainst == NULL) {
++ r.fmri = strdup_check(asvc);
++ } else { /* service name is service:instance */
++ asprintf(&r.fmri, "%s:%s", asvc, ainst);
++ }
++ if (r.fmri == NULL)
++ _exit(1);
++ if ((scf_hdl = scf_handle_create(SCF_VERSION)) == NULL ||
++ scf_handle_bind(scf_hdl) != 0 ||
++ (svc = scf_service_create(scf_hdl)) == NULL ||
++ (ainst != NULL &&
++ (inst = scf_instance_create(scf_hdl)) == NULL)) {
++ rc = PROBE_EFATAL;
++ goto cleanup;
++ }
++ if (scf_handle_decode_fmri(scf_hdl, r.fmri, NULL, svc,
++ (ainst == NULL ? NULL : inst), NULL, NULL,
++ SCF_DECODE_FMRI_EXACT) != 0 ||
++ scf_error() == SCF_ERROR_NOT_FOUND) {
++ dE("scf_handle_decode_fmri failed.\n");
++ goto cleanup;
++ }
++
++ tmp = strdup_check(aprop);
++ if ((p = strstr(tmp, SCF_FMRI_PROPERTY_PREFIX)) != NULL) {
++ *p = '\0';
++ p++;
++ prop = p;
++ }
++ propgrp = tmp;
++ dI("r.service_name=%s\n", r.service);
++ dI("service:%s instance:%s propgrp:%s prop:%s\n",
++ STR(asvc), STR(ainst), STR(propgrp), STR(prop));
++ r.instance = ainst;
++ r.property = aprop;
++ if (get_smf_prop(scf_hdl, svc, inst, propgrp, prop, &r, ctx) > 0) {
++ r.fmri = NULL;
++ dE("get_smf_prop failed.\n");
++ }
++ dI("Service exists:%s\n", r.service);
++cleanup:
++ free(tmp);
++ free(r.fmri);
++ scf_handle_destroy(scf_hdl);
++ scf_handle_unbind(scf_hdl);
++ scf_service_destroy(svc);
++ scf_instance_destroy(inst);
++ return rc;
++}
++
++int
++probe_main(probe_ctx *ctx, void *arg)
++{
++ SEXP_t *probe_in, *service = NULL, *instance = NULL, *property = NULL;
++ SEXP_t *service_val = NULL, *instance_val = NULL, *property_val = NULL;
++ char *service_str = NULL, *instance_str = NULL, *property_str = NULL;
++ int rc;
++
++ probe_in = probe_ctx_getobject(ctx);
++ if (probe_in == NULL) {
++ return PROBE_ENOOBJ;
++ }
++ service = probe_obj_getent(probe_in, "service", 1);
++ if (service == NULL) {
++ dE("No service in context.\n");
++ return PROBE_ENOENT;
++ }
++ instance = probe_obj_getent(probe_in, "instance", 1);
++ property = probe_obj_getent(probe_in, "property", 1);
++ if (property == NULL) {
++ dE("No property in context.\n");
++ rc = PROBE_ENOENT;
++ goto error;
++ }
++ service_val = probe_ent_getval(service);
++ if (service_val == NULL) {
++ dE("Get service value failed.\n");
++ rc = PROBE_ENOVAL;
++ goto error;
++ }
++ service_str = SEXP_string_cstr(service_val);
++ dI("service in context: %s.\n", service_str);
++ if (instance != NULL) {
++ instance_val = probe_ent_getval(instance);
++ instance_str = SEXP_string_cstr(instance_val);
++ }
++ if (instance_str != NULL && strcmp(instance_str, "") == 0)
++ instance_str = NULL;
++ dI("instance in context: %s.\n", instance_str);
++ property_val = probe_ent_getval(property);
++ if (property_val == NULL) {
++ dE("Get property value failed.\n");
++ rc = PROBE_ENOVAL;
++ goto error;
++ }
++ property_str = SEXP_string_cstr(property_val);
++ dI("property in context: %s.\n", property_str);
++ rc = collect_smfprop_info(service_str, instance_str, property_str, ctx);
++error:
++ free(service_str);
++ free(instance_str);
++ free(property_str);
++ SEXP_free(service);
++ SEXP_free(instance);
++ SEXP_free(property);
++ SEXP_free(service_val);
++ SEXP_free(instance_val);
++ SEXP_free(property_val);
++ return rc;
++}
++#else
++
++int
++probe_main(probe_ctx *ctx, void *probe_arg)
++{
++ return PROBE_EOPNOTSUPP;
++}
++#endif
+--- openscap-1.2.3/src/OVAL/probes/unix/solaris/smfproperty.c.~2~ 2015-11-10 10:00:28.564892744 -0800
++++ openscap-1.2.3/src/OVAL/probes/unix/solaris/smfproperty.c 2015-11-10 10:03:34.496610180 -0800
+@@ -38,6 +38,7 @@
+ #endif
+
+ #define MAX_SCF_VALUE_LENGTH 1024
++#define STR(x) ((x == NULL) ? "" : x)
+ /* Convenience structure for the results being reported */
+
+ /*
+--- openscap-1.2.6/src/OVAL/public/oval_types.h.~1~ 2016-01-28 10:36:10.169093685 -0800
++++ openscap-1.2.6/src/OVAL/public/oval_types.h 2016-01-28 10:36:55.766025827 -0800
+@@ -238,7 +238,8 @@
+ OVAL_SOLARIS_SMF = OVAL_FAMILY_SOLARIS + 4,
+ OVAL_SOLARIS_PATCH54 = OVAL_FAMILY_SOLARIS + 5,
+ OVAL_SOLARIS_NDD = OVAL_FAMILY_SOLARIS + 6,
+- OVAL_SOLARIS_PACKAGECHECK = OVAL_FAMILY_SOLARIS + 7
++ OVAL_SOLARIS_PACKAGECHECK = OVAL_FAMILY_SOLARIS + 7,
++ OVAL_SOLARIS_SMFPROPERTY = OVAL_FAMILY_SOLARIS + 8
+ } oval_solaris_subtype_t;
+
+ /// Unix subtypes
--- a/components/openscap/patches/system_info.c.patch Tue Feb 23 15:51:24 2016 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,97 +0,0 @@
-This patch provides the system info probe functionality for solaris. It
-detects the ethernet network interfaces and MAC and IP addresses associated
-with them.
-This patch has not been contributed upstream, but is planned to be done by
- 2013-Jul-12.
-
---- openscap-0.9.5/src/OVAL/probes/independent/system_info.c.~1~ 2012-11-06 05:51:30.048128639 -0800
-+++ openscap-0.9.5/src/OVAL/probes/independent/system_info.c 2013-04-03 15:04:36.221945232 -0700
-@@ -92,7 +92,73 @@
-
- return mac_buf;
- }
-+#else if defined(__SVR4) && defined(__sun)
-+#include <sys/socket.h>
-+#include <ifaddrs.h>
-+#include <netdb.h>
-+#include <sys/ioctl.h>
-+#include <string.h>
-+#include <net/if.h>
-+#include <arpa/inet.h>
-+#include <sys/sockio.h>
-+#include <net/if_types.h>
-+#include <libdlpi.h>
-
-+static int fd=-1;
-+
-+static char *get_mac(const struct ifaddrs *ifa)
-+{
-+ struct lifreq lifr;
-+ uint_t physaddrlen = DLPI_PHYSADDR_MAX;
-+ uchar_t physaddr[DLPI_PHYSADDR_MAX];
-+ static char mac_buf[DLPI_PHYSADDR_MAX];
-+ char *str;
-+ int retv;
-+ dlpi_handle_t dh;
-+ dlpi_info_t dlinfo;
-+
-+ memset(mac_buf, 0, sizeof(mac_buf));
-+ memset(&lifr, 0, sizeof(struct lifreq));
-+ strlcpy(lifr.lifr_name, ifa->ifa_name, sizeof (lifr.lifr_name));
-+ if (ioctl(fd, SIOCGLIFFLAGS, &lifr) >= 0) {
-+
-+ if (lifr.lifr_flags & (IFF_VIRTUAL| IFF_IPMP))
-+ return (mac_buf);
-+
-+ if (dlpi_open(lifr.lifr_name, &dh, 0) != DLPI_SUCCESS)
-+ return (NULL);
-+
-+ retv = dlpi_get_physaddr(dh, DL_CURR_PHYS_ADDR, physaddr,
-+ &physaddrlen);
-+ if (retv != DLPI_SUCCESS) {
-+ dlpi_close(dh);
-+ return (NULL);
-+ }
-+
-+ retv = dlpi_info(dh, &dlinfo, DLPI_INFO_VERSION);
-+ if (retv != DLPI_SUCCESS) {
-+ dlpi_close(dh);
-+ return (NULL);
-+ }
-+ dlpi_close(dh);
-+ str = _link_ntoa(physaddr, NULL, physaddrlen, IFT_OTHER);
-+
-+ if (str != NULL && physaddrlen != 0) {
-+ switch(dlinfo.di_mactype) {
-+ case DL_IB:
-+ break;
-+ default:
-+ strlcpy(mac_buf, str, sizeof(mac_buf));
-+ break;
-+ }
-+ free(str);
-+ }
-+ }
-+ return mac_buf;
-+}
-+#endif
-+
-+#if defined(__linux__) || (defined(__SVR4) && defined(__sun))
- static int get_ifs(SEXP_t *item)
- {
- struct ifaddrs *ifaddr, *ifa;
-@@ -119,6 +185,14 @@
- continue;
-
- mac = get_mac(ifa);
-+#if defined(__SVR4) && defined(__sun)
-+ if (mac == NULL) {
-+ rc = 1;
-+ goto leave2;
-+ }
-+ if (mac[0] == '\0')
-+ continue;
-+#endif
- if (family == AF_INET) {
- rc = getnameinfo(ifa->ifa_addr, sizeof(struct sockaddr_in),
- host, NI_MAXHOST, NULL, 0, NI_NUMERICHOST);
--- a/components/openscap/patches/system_info3.c.patch Tue Feb 23 15:51:24 2016 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,50 +0,0 @@
-This patch fixes the issue, where the system_info probe crashes on solaris,
- when the network interfaces cannot be detected. Fix provides the default
- loop back interface as default.
-
-This patch has not been contributed upstream, but is planned to be done by
- 2014-Aug-15.
-
-
---- openscap-1.0.0/src/OVAL/probes/independent/system_info.c.~2~ 2014-07-24 11:02:52.698291479 -0700
-+++ openscap-1.0.0/src/OVAL/probes/independent/system_info.c 2014-07-25 11:20:07.096049635 -0700
-@@ -170,6 +170,7 @@
- char host[NI_MAXHOST], *mac;
- SEXP_t *attrs;
- SEXP_t *r0, *r1, *r2;
-+ int item_added = 0;
-
- if (getifaddrs(&ifaddr) == -1)
- return rc;
-@@ -213,8 +214,6 @@
- goto leave2;
- }
- }
--
--
- attrs = probe_attr_creat("name",
- r0 = SEXP_string_newf("%s", ifa->ifa_name),
- "ip_address",
-@@ -223,10 +222,22 @@
- r2 = SEXP_string_newf("%s", mac),
- NULL);
- probe_item_ent_add(item, "interface", attrs, NULL);
-+ item_added = 1;
- SEXP_vfree(attrs, r0, r1, r2, NULL);
- }
- leave2:
- close(fd);
-+ if (item_added == 0) {
-+ attrs = probe_attr_creat("name",
-+ r0 = SEXP_string_newf("dummy0"),
-+ "ip_address",
-+ r1 = SEXP_string_newf("127.0.0.1"),
-+ "mac_address",
-+ r2 = SEXP_string_newf("aa:bb:cc:dd:ee:ff"),
-+ NULL);
-+ probe_item_ent_add(item, "interface", attrs, NULL);
-+ SEXP_vfree(attrs, r0, r1, r2, NULL);
-+ }
- leave1:
- freeifaddrs(ifaddr);
- return rc;
--- a/components/openscap/patches/system_info4.c.patch Tue Feb 23 15:51:24 2016 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,55 +0,0 @@
-This patch fixes the issue, where the system_info probe fails on solaris,
- when the network interfaces cannot be detected. Fix provides the default
- loop back interface as default. The earlier patch was not a complete fix.
-
-This patch has not been contributed upstream, but is planned to be done by
- 2014-Oct-15.
-
-
---- openscap-1.0.0/src/OVAL/probes/independent/system_info.c.~3~ 2014-09-18 11:08:42.983747329 -0700
-+++ openscap-1.0.0/src/OVAL/probes/independent/system_info.c 2014-09-18 12:41:13.266535881 -0700
-@@ -166,14 +166,16 @@
- static int get_ifs(SEXP_t *item)
- {
- struct ifaddrs *ifaddr, *ifa;
-- int family, rc=1;
-+ int family, rc=0;
- char host[NI_MAXHOST], *mac;
- SEXP_t *attrs;
- SEXP_t *r0, *r1, *r2;
-- int item_added = 0;
-+#if defined(__SVR4) && defined(__sun)
-+ int item_added = 0;
-+#endif
-
- if (getifaddrs(&ifaddr) == -1)
-- return rc;
-+ return 1;
-
- fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
- if (fd < 0)
-@@ -222,12 +224,15 @@
- r2 = SEXP_string_newf("%s", mac),
- NULL);
- probe_item_ent_add(item, "interface", attrs, NULL);
-+#if defined(__SVR4) && defined(__sun)
- item_added = 1;
-+#endif
- SEXP_vfree(attrs, r0, r1, r2, NULL);
- }
- leave2:
- close(fd);
-- if (item_added == 0) {
-+#if defined(__SVR4) && defined(__sun)
-+ if (item_added == 0 && rc == 0) {
- attrs = probe_attr_creat("name",
- r0 = SEXP_string_newf("dummy0"),
- "ip_address",
-@@ -238,6 +243,7 @@
- probe_item_ent_add(item, "interface", attrs, NULL);
- SEXP_vfree(attrs, r0, r1, r2, NULL);
- }
-+#endif
- leave1:
- freeifaddrs(ifaddr);
- return rc;
--- a/components/openscap/patches/system_info5.c.patch Tue Feb 23 15:51:24 2016 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,26 +0,0 @@
-This fix prevents the probe from reporting failure when it is not able
- to probe network interfaces, for e.g. on cluster machines with failover.
-
-The s12 version (which also contains infrastructure fixes) is going upstream.
-
---- openscap-1.2.0/src/OVAL/probes/independent/system_info.c.~5~ 2015-01-12 09:34:43.204367626 -0800
-+++ openscap-1.2.0/src/OVAL/probes/independent/system_info.c 2015-01-12 09:30:40.087375833 -0800
-@@ -232,7 +232,7 @@
- leave2:
- close(fd);
- #if defined(__SVR4) && defined(__sun)
-- if (item_added == 0 && rc == 0) {
-+ if (item_added == 0) {
- attrs = probe_attr_creat("name",
- r0 = SEXP_string_newf("dummy0"),
- "ip_address",
-@@ -243,6 +243,9 @@
- probe_item_ent_add(item, "interface", attrs, NULL);
- SEXP_vfree(attrs, r0, r1, r2, NULL);
- }
-+ /* if not able to get info on interfaces, do not fail. */
-+ if (rc > 0)
-+ rc = 0;
- #endif
- leave1:
- freeifaddrs(ifaddr);
--- a/components/openscap/patches/zone_file_fix_opt.c.patch Tue Feb 23 15:51:24 2016 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,169 +0,0 @@
-This patch fixes an issue with file probe on solaris. The file probe currently
- is not zone aware and so descends into non-global zones from the global-zone.
-Fix prevents file probe traversal into non-global zones from the global zone,
- when local is specified for recursion.
-
-This patch has not been contributed upstream, but is planned to be submitted by
- 2014-Oct-15.
---- openscap-1.0.0/src/OVAL/probes/oval_fts.c.~2~ 2014-07-24 10:53:15.269589073 -0700
-+++ openscap-1.0.0/src/OVAL/probes/oval_fts.c 2014-07-24 11:02:30.267608422 -0700
-@@ -45,6 +45,8 @@
- #if defined(__SVR4) && defined(__sun)
- #include "fts_sun.h"
- #include <sys/mntent.h>
-+#include <libzonecfg.h>
-+#include <sys/avl.h>
- #else
- #include <fts.h>
- #endif
-@@ -138,6 +140,13 @@
- #define MNTTYPE_PROC "proc"
- #endif
-
-+typedef struct zone_path {
-+ avl_node_t avl_link_next;
-+ char zpath[MAXPATHLEN];
-+} zone_path_t;
-+static avl_tree_t avl_tree_list;
-+
-+
- static bool valid_remote_fs(char *fstype)
- {
- if (strcmp(fstype, MNTTYPE_NFS) == 0 ||
-@@ -160,6 +169,85 @@
- return (false);
- return (true);
- }
-+
-+/* function to compare two avl nodes in the avl tree */
-+static int compare_zoneroot(const void *entry1, const void *entry2)
-+{
-+ zone_path_t *t1, *t2;
-+ int comp;
-+
-+ t1 = (zone_path_t *)entry1;
-+ t2 = (zone_path_t *)entry2;
-+ if ((comp = strcmp(t1->zpath, t2->zpath)) == 0) {
-+ return (0);
-+ }
-+ return (comp > 0 ? 1 : -1);
-+}
-+
-+int load_zones_path_list()
-+{
-+ FILE *cookie;
-+ char *name;
-+ zone_state_t state_num;
-+ zone_path_t *temp = NULL;
-+ avl_index_t where;
-+ char rpath[MAXPATHLEN];
-+
-+ cookie = setzoneent();
-+ if (getzoneid() != GLOBAL_ZONEID)
-+ return (0);
-+ avl_create(&avl_tree_list, compare_zoneroot,
-+ sizeof(zone_path_t), offsetof(zone_path_t, avl_link_next));
-+ while ((name = getzoneent(cookie)) != NULL) {
-+ if (strcmp(name, "global") == 0)
-+ continue;
-+ if (zone_get_state(name, &state_num) != Z_OK) {
-+ dE("Could not get zone state for %s\n", name);
-+ continue;
-+ } else if (state_num > ZONE_STATE_CONFIGURED) {
-+ temp = malloc(sizeof(zone_path_t));
-+ if (temp == NULL) {
-+ dE("Memory alloc failed\n");
-+ return(1);
-+ }
-+ if (zone_get_zonepath(name, rpath,
-+ sizeof(rpath)) != Z_OK) {
-+ dE("Could not get zone path for %s\n",
-+ name);
-+ continue;
-+ }
-+ if (realpath(rpath, temp->zpath) != NULL)
-+ avl_add(&avl_tree_list, temp);
-+ }
-+ }
-+ endzoneent(cookie);
-+ return (0);
-+}
-+
-+static void free_zones_path_list()
-+{
-+ zone_path_t *temp;
-+ void* cookie = NULL;
-+
-+ while ((temp = avl_destroy_nodes(&avl_tree_list, &cookie)) != NULL) {
-+ free(temp);
-+ }
-+ avl_destroy(&avl_tree_list);
-+}
-+
-+static bool valid_local_zone(char *path)
-+{
-+ zone_path_t temp;
-+ avl_index_t where;
-+
-+ strlcpy(temp.zpath, path, sizeof(temp.zpath));
-+ if (avl_find(&avl_tree_list, &temp, &where) != NULL)
-+ return (true);
-+
-+ return (false);
-+}
-+
-+
- #endif
-
- static bool OVAL_FTS_localp(OVAL_FTS *ofts, const char *path, void *id)
-@@ -168,9 +256,11 @@
- if (id != NULL && (*(char*)id) != '\0') {
- /* if not a valid local fs skip */
- if (valid_local_fs((char*)id)) {
-- /* if recurse is local , skip remote fs */
-+ /* if recurse is local , skip remote fs
-+ and non-global zones */
- if (ofts->filesystem == OVAL_RECURSE_FS_LOCAL) {
-- return (!valid_remote_fs((char*)id));
-+ return (!(valid_remote_fs((char*)id) ||
-+ valid_local_zone(path)));
- }
- return (true);
- }
-@@ -179,9 +269,11 @@
- /* id was not set, because fts_read failed to stat the node */
- struct stat sb;
- if ((stat(path, &sb) == 0) && (valid_local_fs(sb.st_fstype))) {
-- /* if recurse is local , skip remote fs */
-+ /* if recurse is local , skip remote fs
-+ and non-global zones */
- if (ofts->filesystem == OVAL_RECURSE_FS_LOCAL) {
-- return (!valid_remote_fs(sb.st_fstype));
-+ return (!(valid_remote_fs(sb.st_fstype) ||
-+ valid_local_zone(path)));
- }
- return (true);
- }
-@@ -793,6 +884,12 @@
- ofts->ofts_sfilepath = SEXP_ref(filepath);
- }
-
-+#if defined(__SVR4) && defined(__sun)
-+ if (load_zones_path_list() != 0) {
-+ dE("Failed to load zones path info. Recursing non-global zones.");
-+ free_zones_path_list();
-+ }
-+#endif
- return (ofts);
- }
-
-@@ -1249,6 +1346,9 @@
- fsdev_free(ofts->localdevs);
-
- OVAL_FTS_free(ofts);
-+#if defined(__SVR4) && defined(__sun)
-+ free_zones_path_list();
-+#endif
-
- return (0);
- }