diff --git a/.gitignore b/.gitignore index 3c06325..066a625 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/openscap-1.3.7.tar.gz +SOURCES/openscap-1.3.8.tar.gz diff --git a/.openscap.metadata b/.openscap.metadata index 00c5f43..dd6e942 100644 --- a/.openscap.metadata +++ b/.openscap.metadata @@ -1 +1 @@ -238acbe6e18162b54cbdd0083c52511c00faa268 SOURCES/openscap-1.3.7.tar.gz +1d1370ea1c4ada69eb4cd591bd4f411bd7a19a1a SOURCES/openscap-1.3.8.tar.gz diff --git a/SOURCES/openscap-1.3.9-PR-1996-fix-sysctl-offline.patch b/SOURCES/openscap-1.3.9-PR-1996-fix-sysctl-offline.patch new file mode 100644 index 0000000..6ff64a5 --- /dev/null +++ b/SOURCES/openscap-1.3.9-PR-1996-fix-sysctl-offline.patch @@ -0,0 +1,45 @@ +From 299e344b245e8d1b3a31a58275e0e8d0aa01ed77 Mon Sep 17 00:00:00 2001 +From: Evgeny Kolesnikov +Date: Sat, 8 Jul 2023 07:05:31 +0200 +Subject: [PATCH] OVAL/sysctl: Fix offline mode + +The initial implementation was buggy: after correctly traversing +prefixed PREFIX/proc/sys directory tree it would incorrectly read +the data from the non-prefixed directory tree. +--- + src/OVAL/probes/unix/sysctl_probe.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/src/OVAL/probes/unix/sysctl_probe.c b/src/OVAL/probes/unix/sysctl_probe.c +index 65d4bd0609..b7c68a0378 100644 +--- a/src/OVAL/probes/unix/sysctl_probe.c ++++ b/src/OVAL/probes/unix/sysctl_probe.c +@@ -150,10 +150,14 @@ int sysctl_probe_main(probe_ctx *ctx, void *probe_arg) + while ((ofts_ent = oval_fts_read(ofts)) != NULL) { + SEXP_t *se_mib; + char mibpath[PATH_MAX], *mib; +- size_t miblen; ++ size_t miblen, mibstart; + struct stat file_stat; + +- snprintf(mibpath, sizeof mibpath, "%s/%s", ofts_ent->path, ofts_ent->file); ++ if (prefix != NULL) { ++ snprintf(mibpath, sizeof mibpath, "%s/%s/%s", prefix, ofts_ent->path, ofts_ent->file); ++ } else { ++ snprintf(mibpath, sizeof mibpath, "%s/%s", ofts_ent->path, ofts_ent->file); ++ } + + /* Skip write-only files, eg. /proc/sys/net/ipv4/route/flush */ + if (stat(mibpath, &file_stat) == -1) { +@@ -168,7 +172,10 @@ int sysctl_probe_main(probe_ctx *ctx, void *probe_arg) + continue; + } + +- mib = strdup(mibpath + strlen(PROC_SYS_DIR) + 1); ++ mibstart = 0; ++ mibstart += prefix != NULL ? strlen(prefix)+1 : 0; ++ mibstart += strlen(PROC_SYS_DIR)+1; ++ mib = strdup(mibpath + mibstart); + miblen = strlen(mib); + + while (miblen > 0) { diff --git a/SPECS/openscap.spec b/SPECS/openscap.spec index dba90eb..9b33f18 100644 --- a/SPECS/openscap.spec +++ b/SPECS/openscap.spec @@ -1,11 +1,12 @@ Name: openscap -Version: 1.3.7 +Version: 1.3.8 Release: 1%{?dist} Epoch: 1 Summary: Set of open source libraries enabling integration of the SCAP line of standards License: LGPLv2+ URL: http://www.open-scap.org/ Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz +Patch0: openscap-1.3.9-PR-1996-fix-sysctl-offline.patch BuildRequires: make BuildRequires: cmake >= 2.6 BuildRequires: gcc @@ -197,6 +198,10 @@ pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm %{_bindir}/oscap-run-sce-script %changelog +* Fri Jul 14 2023 Evgenii Kolesnikov - 1.3.8-1 +- Upgrade to the latest upstream release (rhbz#2217442) +- Fix systemd* probes unit enumeration (rhbz#2219532) + * Fri Jan 27 2023 Jan Černý - 1:1.3.7-1 - Upgrade to the latest upstream release (rhbz#2159286) - Fix error when processing OVAL filters (rhbz#2126883)