From 8143afc6978370ae081fb9ea07ac52f90b08129a Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Oct 24 2020 06:09:30 +0000
Subject: import openscap-1.3.4-1.el8


---

diff --git a/.gitignore b/.gitignore
index b759384..c00197a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/openscap-1.3.3.tar.gz
+SOURCES/openscap-1.3.4.tar.gz
diff --git a/.openscap.metadata b/.openscap.metadata
index 36498f3..e3596ca 100644
--- a/.openscap.metadata
+++ b/.openscap.metadata
@@ -1 +1 @@
-6988d1ea7b86669d410ab5defc1be394cba5b017 SOURCES/openscap-1.3.3.tar.gz
+3e303f06aa00e5c2616db606b980389ee0b73883 SOURCES/openscap-1.3.4.tar.gz
diff --git a/SOURCES/openscap-1.3.4-add_compression_support-PR_1557.patch b/SOURCES/openscap-1.3.4-add_compression_support-PR_1557.patch
deleted file mode 100644
index a80fe11..0000000
--- a/SOURCES/openscap-1.3.4-add_compression_support-PR_1557.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From d8518b70b912aa55fc47400173bf6229e40b71d0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?=C5=A0imon=20Luka=C5=A1=C3=ADk?= <isimluk@fedoraproject.org>
-Date: Wed, 8 Jul 2020 15:17:31 +0200
-Subject: [PATCH] Make a use of HTTP header content-encoding: gzip if available
-
-When fetching remote resources, some servers/CDNs may be able to serve us
-compressed http response even in cases when the original file is not compressed
-XML. libcurl is able to process encoded html for us with no added maintenance
-costs.
-
-Attached please find a CURL log of fetching plain XML file from Red Hat CDN:
-
-Downloading: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml
-...
-*   Trying 104.90.105.254:443...
-* Connected to www.redhat.com (104.90.105.254) port 443 (#0)
-* ALPN, offering h2
-* ALPN, offering http/1.1
-* successfully set certificate verify locations:
-*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
-  CApath: none
-* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
-* ALPN, server accepted to use h2
-* Server certificate:
-*  subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=Delaware; serialNumber=2945436; C=US; ST=North Carolina; L=Raleigh; O=Red Hat, Inc.; CN=www.redhat.com
-*  start date: Feb 24 00:00:00 2020 GMT
-*  expire date: May 24 12:00:00 2022 GMT
-*  subjectAltName: host "www.redhat.com" matched cert's "www.redhat.com"
-*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
-*  SSL certificate verify ok.
-* Using HTTP2, server supports multi-use
-* Connection state changed (HTTP/2 confirmed)
-* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
-* Using Stream ID: 1 (easy handle 0x776c3b0)
-> GET /security/data/oval/com.redhat.rhsa-RHEL7.xml HTTP/2
-Host: www.redhat.com
-accept: */*
-accept-encoding: gzip
-
-* old SSL session ID is stale, removing
-* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
-< HTTP/2 200
-< server: Apache
-< last-modified: Wed, 08 Jul 2020 12:41:28 GMT
-< etag: "7f694279-fca5e0-5a9ed6d376a08"
-< accept-ranges: bytes
-< content-type: text/xml
-< content-encoding: gzip
-< content-length: 1766376
-< date: Wed, 08 Jul 2020 13:15:29 GMT
-< vary: Accept-Encoding
-< strict-transport-security: max-age=31536000
-<
-* Connection #0 to host www.redhat.com left intact
----
- src/common/oscap_acquire.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/common/oscap_acquire.c b/src/common/oscap_acquire.c
-index 60ab62c05..551da43f0 100644
---- a/src/common/oscap_acquire.c
-+++ b/src/common/oscap_acquire.c
-@@ -302,6 +302,7 @@ char* oscap_acquire_url_download(const char *url, size_t* memory_size)
- 	curl_easy_setopt(curl, CURLOPT_URL, url);
- 	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_to_memory_callback);
- 	curl_easy_setopt(curl, CURLOPT_WRITEDATA, buffer);
-+	curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, "");
- 	curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, true);
- 
- 	CURLcode res = curl_easy_perform(curl);
diff --git a/SOURCES/openscap-1.3.4-add_compression_test-PR_1564.patch b/SOURCES/openscap-1.3.4-add_compression_test-PR_1564.patch
deleted file mode 100644
index e35e0f3..0000000
--- a/SOURCES/openscap-1.3.4-add_compression_test-PR_1564.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-From 12ccadd9f9cd30143b3af6feced58f8da636e9d2 Mon Sep 17 00:00:00 2001
-From: Evgeny Kolesnikov <ekolesni@redhat.com>
-Date: Mon, 20 Jul 2020 07:45:05 +0200
-Subject: [PATCH] Add test for cURL "Accept-Encoding" header
-
----
- tests/CMakeLists.txt             |  1 +
- tests/curl/CMakeLists.txt        |  1 +
- tests/curl/ds.xml                | 99 ++++++++++++++++++++++++++++++++
- tests/curl/test_curl_encoding.sh | 23 ++++++++
- 4 files changed, 124 insertions(+)
- create mode 100644 tests/curl/CMakeLists.txt
- create mode 100644 tests/curl/ds.xml
- create mode 100755 tests/curl/test_curl_encoding.sh
-
-diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
-index b7ca6cd79..6948cd260 100644
---- a/tests/CMakeLists.txt
-+++ b/tests/CMakeLists.txt
-@@ -26,6 +26,7 @@ add_subdirectory("API")
- add_subdirectory("bindings")
- add_subdirectory("bz2")
- add_subdirectory("codestyle")
-+add_subdirectory("curl")
- add_subdirectory("CPE")
- add_subdirectory("DS")
- add_subdirectory("mitre")
-diff --git a/tests/curl/CMakeLists.txt b/tests/curl/CMakeLists.txt
-new file mode 100644
-index 000000000..9c3d90d74
---- /dev/null
-+++ b/tests/curl/CMakeLists.txt
-@@ -0,0 +1 @@
-+add_oscap_test("test_curl_encoding.sh")
-diff --git a/tests/curl/ds.xml b/tests/curl/ds.xml
-new file mode 100644
-index 000000000..f33cb475d
---- /dev/null
-+++ b/tests/curl/ds.xml
-@@ -0,0 +1,99 @@
-+<?xml version="1.0" encoding="utf-8"?>
-+<ds:data-stream-collection xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog" id="scap_org.open-scap_collection_from_xccdf_test_single_rule.xccdf.xml" schematron-version="1.3">
-+<ds:data-stream id="scap_org.open-scap_datastream_from_xccdf_test_single_rule.xccdf.xml" scap-version="1.3" use-case="OTHER">
-+  <ds:checklists>
-+    <ds:component-ref id="scap_org.open-scap_cref_test_single_rule.xccdf.xml" xlink:href="#scap_org.open-scap_comp_test_single_rule.xccdf.xml">
-+      <cat:catalog>
-+        <cat:uri name="test_single_rule.oval.xml" uri="#scap_org.open-scap_cref_test_single_rule.oval.xml"/>
-+        <cat:uri name="security-data-oval.xml.bz2" uri="#scap_org.open-scap_cref_security-data-oval.xml.bz2"/>
-+      </cat:catalog>
-+    </ds:component-ref>
-+  </ds:checklists>
-+  <ds:checks>
-+    <ds:component-ref id="scap_org.open-scap_cref_test_single_rule.oval.xml" xlink:href="#scap_org.open-scap_comp_test_single_rule.oval.xml"/>
-+<!--
-+    <ds:component-ref id="scap_org.open-scap_cref_security-data-oval.xml.bz2" xlink:href="https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml"/>
-+-->
-+    <ds:component-ref id="scap_org.open-scap_cref_security-data-oval.xml.bz2" xlink:href="https://github.com/"/>
-+  </ds:checks>
-+</ds:data-stream>
-+
-+<ds:component id="scap_org.open-scap_comp_test_single_rule.oval.xml" timestamp="2017-06-09T07:07:38">
-+<oval_definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd    http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd   http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd">
-+  <generator>
-+    <oval:schema_version>5.11</oval:schema_version>
-+    <oval:timestamp>2009-01-12T10:41:00-05:00</oval:timestamp>
-+  </generator>
-+
-+  <definitions>
-+    <definition class="compliance" id="oval:test-pass:def:1" version="1">
-+      <metadata>
-+        <title>PASS</title>
-+        <description>pass</description>
-+      </metadata>
-+      <criteria>
-+        <criterion comment="PASS test" test_ref="oval:x:tst:1"/>
-+      </criteria>
-+    </definition>
-+  </definitions>
-+
-+    <tests>
-+    <variable_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:tst:1" check="all" comment="always pass" version="1">
-+      <object object_ref="oval:x:obj:1"/>
-+    </variable_test>
-+    </tests>
-+
-+    <objects>
-+    <variable_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:obj:1" version="1" comment="x">
-+      <var_ref>oval:x:var:1</var_ref>
-+    </variable_object>
-+    </objects>
-+
-+    <variables>
-+      <constant_variable id="oval:x:var:1" version="1" comment="x" datatype="int">
-+        <value>100</value>
-+      </constant_variable>
-+    </variables>
-+
-+</oval_definitions>
-+</ds:component>
-+
-+<ds:component id="scap_org.open-scap_comp_test_single_rule.xccdf.xml" timestamp="2017-06-09T09:15:45">
-+<Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="xccdf_com.example.www_benchmark_dummy" xml:lang="en-US">
-+  <status>accepted</status>
-+  <version>1.0</version>
-+
-+  <Profile id="xccdf_com.example.www_profile_test_remote_res">
-+    <title>xccdf_test_profile</title>
-+    <description>This profile is for testing.</description>
-+    <select idref="xccdf_com.example.www_rule_test-pass" selected="true"/>
-+    <select idref="xccdf_com.example.www_rule_test-remote_res" selected="true"/>
-+  </Profile>
-+
-+  <Value id="xccdf_com.example.www_value_val1" type="number" operator="equals" interactive="0">
-+    <title>test value</title>
-+    <description>foo</description>
-+    <value selector="bar_1">50</value>
-+    <value selector="bar_2">100</value>
-+  </Value>
-+  <Rule selected="true" id="xccdf_com.example.www_rule_test-pass">
-+    <title>This rule always pass</title>
-+    <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-+      <check-content-ref href="test_single_rule.oval.xml" name="oval:test-pass:def:1"/>
-+    </check>
-+  </Rule>
-+  <Rule selected="true" id="xccdf_com.example.www_rule_test-remote_res">
-+    <title>This rule checks remote resource</title>
-+    <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" multi-check="true">
-+      <check-content-ref href="security-data-oval.xml.bz2"/>
-+    </check>
-+  </Rule>
-+  <Rule selected="true" id="xccdf_com.example.www_rule_test-pass2">
-+    <title>This rule always pass</title>
-+    <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-+      <check-content-ref href="test_single_rule.oval.xml" name="oval:test-pass:def:1"/>
-+    </check>
-+  </Rule>
-+</Benchmark>
-+</ds:component>
-+</ds:data-stream-collection>
-diff --git a/tests/curl/test_curl_encoding.sh b/tests/curl/test_curl_encoding.sh
-new file mode 100755
-index 000000000..6d82f9569
---- /dev/null
-+++ b/tests/curl/test_curl_encoding.sh
-@@ -0,0 +1,23 @@
-+#!/bin/bash
-+
-+set -e -o pipefail
-+
-+. $builddir/tests/test_common.sh
-+
-+function curl_accept_encoding {
-+	local DF="${srcdir}/ds.xml"
-+	local RF="results.xml"
-+	local LOG="verbose.log"
-+
-+	$OSCAP xccdf --verbose=DEVEL eval --fetch-remote-resources --results $RF $DF 2>$LOG || echo "OK"
-+
-+	grep -P "Accept-Encoding.*gzip" $LOG
-+
-+	return 0
-+}
-+
-+test_init
-+
-+test_run "cURL: Accept-Encoding" curl_accept_encoding
-+
-+test_exit
diff --git a/SOURCES/openscap-1.3.4-add_compression_tracing-PR_1561.patch b/SOURCES/openscap-1.3.4-add_compression_tracing-PR_1561.patch
deleted file mode 100644
index af4b663..0000000
--- a/SOURCES/openscap-1.3.4-add_compression_tracing-PR_1561.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From aab536acdd4b08e2e8c3d4ac43981dfcaf1cc9f8 Mon Sep 17 00:00:00 2001
-From: Evgeny Kolesnikov <ekolesni@redhat.com>
-Date: Mon, 13 Jul 2020 14:09:52 +0200
-Subject: [PATCH] Add CURLOPT_TRANSFER_ENCODING, enable CURLOPT_VERBOSE with
- CURLOPT_DEBUGFUNCTION
-
-Adds a request for compressed Transfer Encoding in the outgoing
-HTTP request. If the server supports this and so desires, it can
-respond with the HTTP response sent using a compressed
-Transfer-Encoding that will be automatically uncompressed by
-libcurl on reception.
-
-The CURLOPT_DEBUGFUNCTION callback is used for printing headers and
-connection information on VERBOSE level (dD).
----
- src/common/oscap_acquire.c | 32 ++++++++++++++++++++++++++++++++
- 1 file changed, 32 insertions(+)
-
-diff --git a/src/common/oscap_acquire.c b/src/common/oscap_acquire.c
-index 551da43f0..666f4f5c9 100644
---- a/src/common/oscap_acquire.c
-+++ b/src/common/oscap_acquire.c
-@@ -49,6 +49,7 @@
- #include "common/_error.h"
- #include "oscap_string.h"
- #include "oscap_helpers.h"
-+#include "debug_priv.h"
- 
- #ifndef OSCAP_TEMP_DIR
- #define OSCAP_TEMP_DIR "/tmp"
-@@ -288,6 +289,34 @@ oscap_acquire_url_to_filename(const char *url)
- 	return filename;
- }
- 
-+static int _curl_trace(CURL *handle, curl_infotype type, char *data, size_t size, void *userp)
-+{
-+	const char *title;
-+
-+	switch (type) {
-+	case CURLINFO_TEXT:
-+		title = "== cURL info";
-+		break;
-+	case CURLINFO_HEADER_OUT:
-+		title = "=> cURL header (out)";
-+		break;
-+	case CURLINFO_HEADER_IN:
-+		title = "<= cURL header (in)";
-+		break;
-+	case CURLINFO_DATA_OUT:
-+	case CURLINFO_SSL_DATA_OUT:
-+	case CURLINFO_DATA_IN:
-+	case CURLINFO_SSL_DATA_IN:
-+	default:
-+		return 0;
-+		break;
-+	}
-+
-+	dD("%s: %s", title, data);
-+
-+	return 0;
-+}
-+
- char* oscap_acquire_url_download(const char *url, size_t* memory_size)
- {
- 	CURL *curl;
-@@ -303,7 +332,10 @@ char* oscap_acquire_url_download(const char *url, size_t* memory_size)
- 	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_to_memory_callback);
- 	curl_easy_setopt(curl, CURLOPT_WRITEDATA, buffer);
- 	curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, "");
-+	curl_easy_setopt(curl, CURLOPT_TRANSFER_ENCODING, true);
- 	curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, true);
-+	curl_easy_setopt(curl, CURLOPT_VERBOSE, true);
-+	curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, _curl_trace);
- 
- 	CURLcode res = curl_easy_perform(curl);
- 	curl_easy_cleanup(curl);
diff --git a/SOURCES/openscap-1.3.4-detect_remote_file_systems-PR_1573.patch b/SOURCES/openscap-1.3.4-detect_remote_file_systems-PR_1573.patch
deleted file mode 100644
index 77d8b01..0000000
--- a/SOURCES/openscap-1.3.4-detect_remote_file_systems-PR_1573.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-diff --git a/src/OVAL/probes/fsdev.c b/src/OVAL/probes/fsdev.c
-index 82356d5e0..983675098 100644
---- a/src/OVAL/probes/fsdev.c
-+++ b/src/OVAL/probes/fsdev.c
-@@ -62,6 +62,7 @@
- #endif
- 
- #include "fsdev.h"
-+#include "common/util.h"
- 
- /**
-  * Compare two dev_t variables.
-@@ -79,10 +80,6 @@ static int fsdev_cmp(const void *a, const void *b)
- #if defined(OS_LINUX)
- static int is_local_fs(struct mntent *ment)
- {
--// todo: would it be usefull to provide the choice during build-time?
--#if 1
--	char *s;
--
- 	/*
- 	 * When type of the filesystem is autofs, it means the mtab entry
- 	 * describes the autofs configuration, which means ment->mnt_fsname
-@@ -97,37 +94,42 @@ static int is_local_fs(struct mntent *ment)
- 		return 0;
- 	}
- 
--	if (ment->mnt_fsname == NULL) {
--		return 0;
--	}
--
--	s = ment->mnt_fsname;
--	/* If the fsname begins with "//", it is probably CIFS. */
--	if (s[0] == '/' && s[1] == '/')
--		return 0;
--
--	/* If there's a ':' in the fsname and it occurs before any
--	 * '/', then this is probably NFS and the file system is
--	 * considered "remote".
-+	/*
-+	 * The following code is inspired by systemd, function fstype_is_network:
-+	 * https://github.com/systemd/systemd/blob/21fd6bc263f49b57867d90d2e1f9f255e5509134/src/basic/mountpoint-util.c#L290
- 	 */
--	s = strpbrk(s, "/:");
--	if (s && *s == ':')
--		return 0;
- 
-+	const char *fstype = ment->mnt_type;
-+	if (oscap_str_startswith(fstype, "fuse.")) {
-+		fstype += strlen("fuse.");
-+	}
-+	const char *network_fs[] = {
-+		"afs",
-+		"ceph",
-+		"cifs",
-+		"smb3",
-+		"smbfs",
-+		"sshfs",
-+		"ncpfs",
-+		"ncp",
-+		"nfs",
-+		"nfs4",
-+		"gfs",
-+		"gfs2",
-+		"glusterfs",
-+		"gpfs",
-+		"pvfs2", /* OrangeFS */
-+		"ocfs2",
-+		"lustre",
-+		"davfs",
-+		NULL
-+	};
-+	for (int i = 0; network_fs[i]; i++) {
-+		if (!strcmp(network_fs[i], fstype)) {
-+			return 0;
-+		}
-+	}
- 	return 1;
--#else
--	struct stat st;
--
--	/* If the file system is not backed-up by a real file, it is
--	   considered remote. A notable exception is "tmpfs" to allow
--	   traversal of /tmp et al. */
--	if (strcmp(ment->mnt_fsname, "tmpfs") != 0
--	    && (stat(ment->mnt_fsname, &st) != 0
--		|| !(S_ISBLK(st.st_mode))))
--		return 0;
--	else
--		return 1;
--#endif
- }
- 
- #elif defined(OS_AIX)
diff --git a/SOURCES/openscap-1.3.4-fix-environmentvariable58-regression.patch b/SOURCES/openscap-1.3.4-fix-environmentvariable58-regression.patch
deleted file mode 100644
index 2c1b2db..0000000
--- a/SOURCES/openscap-1.3.4-fix-environmentvariable58-regression.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-diff --git a/src/OVAL/probes/independent/environmentvariable58_probe.c b/src/OVAL/probes/independent/environmentvariable58_probe.c
-index 552ce6700..77233aeeb 100644
---- a/src/OVAL/probes/independent/environmentvariable58_probe.c
-+++ b/src/OVAL/probes/independent/environmentvariable58_probe.c
-@@ -96,32 +96,32 @@ static int read_environment(SEXP_t *pid_ent, SEXP_t *name_ent, probe_ctx *ctx)
- 	ssize_t buffer_used;
- 	size_t buffer_size;
- 
-+	const char *extra_vars = getenv("OSCAP_CONTAINER_VARS");
-+	if (extra_vars && *extra_vars) {
-+		char *vars = strdup(extra_vars);
-+		char *tok, *eq_chr, *str, *strp;
-+
-+		for (str = vars; ; str = NULL) {
-+			tok = strtok_r(str, "\n", &strp);
-+			if (tok == NULL)
-+				break;
-+			eq_chr = strchr(tok, '=');
-+			if (eq_chr == NULL)
-+				continue;
-+			PROBE_ENT_I32VAL(pid_ent, pid, pid = -1;, pid = 0;);
-+			collect_variable(tok, eq_chr - tok, pid, name_ent, ctx);
-+		}
-+
-+		free(vars);
-+		return 0;
-+	}
-+
- 	const char *prefix = getenv("OSCAP_PROBE_ROOT");
- 	snprintf(path, PATH_MAX, "%s/proc", prefix ? prefix : "");
- 	d = opendir(path);
- 	if (d == NULL) {
--		const char *extra_vars = getenv("OSCAP_CONTAINER_VARS");
--		if (!extra_vars) {
--			dE("Can't read %s/proc: errno=%d, %s.", prefix ? prefix : "", errno, strerror(errno));
--			return PROBE_EACCESS;
--		} else {
--			char *vars = strdup(extra_vars);
--			char *tok, *eq_chr, *str, *strp;
--
--			for (str = vars; ; str = NULL) {
--				tok = strtok_r(str, "\n", &strp);
--				if (tok == NULL)
--					break;
--				eq_chr = strchr(tok, '=');
--				if (eq_chr == NULL)
--					continue;
--				PROBE_ENT_I32VAL(pid_ent, pid, pid = -1;, pid = 0;);
--				collect_variable(tok, eq_chr - tok, pid, name_ent, ctx);
--			}
--
--			free(vars);
--			return 0;
--		}
-+		dE("Can't read %s/proc: errno=%d, %s.", prefix ? prefix : "", errno, strerror(errno));
-+		return PROBE_EACCESS;
- 	}
- 
- 	if ((buffer = realloc(NULL, BUFFER_SIZE)) == NULL) {
diff --git a/SOURCES/openscap-1.3.4-fix-no-more-recursion.patch b/SOURCES/openscap-1.3.4-fix-no-more-recursion.patch
deleted file mode 100644
index ebc20ca..0000000
--- a/SOURCES/openscap-1.3.4-fix-no-more-recursion.patch
+++ /dev/null
@@ -1,177 +0,0 @@
-From c8fc880a672afbfdbd384dc6afa4b7fbdd666b73 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
-Date: Wed, 27 May 2020 10:38:56 +0200
-Subject: [PATCH 1/3] Add a regression test for RHBZ#1686370
-
-There is a non-optimal behavior of file probe. It happens when file path
-is specified using a variable with 2 values with `operation="equals"`
-and `var_check="all"`. The probe recurses into a file system tree even
-if it's obvious that it won't find any match. If one of values is a big
-tree (for example `/`) it eventually runs out of memory and crashes. The
-OVAL doesn't make sense because it's impossible that a single file would
-have 2 different paths. But despite that it's a valid OVAL document.
-The test is expected to fail because the bug hasn't been fixed.
----
- tests/probes/file/CMakeLists.txt              |  1 +
- .../test_probes_file_multiple_file_paths.sh   | 39 +++++++++++++++++
- .../test_probes_file_multiple_file_paths.xml  | 42 +++++++++++++++++++
- 3 files changed, 82 insertions(+)
- create mode 100755 tests/probes/file/test_probes_file_multiple_file_paths.sh
- create mode 100644 tests/probes/file/test_probes_file_multiple_file_paths.xml
-
-diff --git a/tests/probes/file/CMakeLists.txt b/tests/probes/file/CMakeLists.txt
-index 12718603f..35b4c1169 100644
---- a/tests/probes/file/CMakeLists.txt
-+++ b/tests/probes/file/CMakeLists.txt
-@@ -1,3 +1,4 @@
- if(ENABLE_PROBES_UNIX)
- 	add_oscap_test("test_probes_file.sh")
-+	add_oscap_test("test_probes_file_multiple_file_paths.sh")
- endif()
-diff --git a/tests/probes/file/test_probes_file_multiple_file_paths.sh b/tests/probes/file/test_probes_file_multiple_file_paths.sh
-new file mode 100755
-index 000000000..1cececbb0
---- /dev/null
-+++ b/tests/probes/file/test_probes_file_multiple_file_paths.sh
-@@ -0,0 +1,39 @@
-+#!/bin/bash
-+
-+set -e -o pipefail
-+
-+. $builddir/tests/test_common.sh
-+
-+probecheck "file" || exit 255
-+which strace || exit 255
-+
-+function check_strace_output {
-+	strace_log="$1"
-+	grep -q "/tmp/numbers/1" $strace_log && return 1
-+	grep -q "/tmp/numbers/1/2" $strace_log && return 1
-+	grep -q "/tmp/numbers/1/2/3" $strace_log && return 1
-+	grep -q "/tmp/numbers/1/2/3/4" $strace_log && return 1
-+	grep -q "/tmp/numbers/1/2/3/4/5" $strace_log && return 1
-+	grep -q "/tmp/numbers/1/2/3/4/5/6" $strace_log && return 1
-+	grep -q "/tmp/letters/a" $strace_log && return 1
-+	grep -q "/tmp/letters/a/b" $strace_log && return 1
-+	grep -q "/tmp/letters/a/b/c" $strace_log && return 1
-+	grep -q "/tmp/letters/a/b/c/d" $strace_log && return 1
-+	grep -q "/tmp/letters/a/b/c/d/e" $strace_log && return 1
-+	grep -q "/tmp/letters/a/b/c/d/e/f" $strace_log && return 1
-+	return 0
-+}
-+
-+rm -rf /tmp/numbers
-+mkdir -p /tmp/numbers/1/2/3/4/5/6
-+rm -rf /tmp/letters
-+mkdir -p /tmp/letters/a/b/c/d/e/f
-+strace_log=$(mktemp)
-+strace -f -e openat -o $strace_log $OSCAP oval eval --results results.xml "$srcdir/test_probes_file_multiple_file_paths.xml"
-+ret=0
-+check_strace_output $strace_log || ret=$?
-+rm -f $strace_log
-+rm -f results.xml
-+rm -rf /tmp/numbers
-+rm -rf /tmp/letters
-+exit $ret
-diff --git a/tests/probes/file/test_probes_file_multiple_file_paths.xml b/tests/probes/file/test_probes_file_multiple_file_paths.xml
-new file mode 100644
-index 000000000..893a3fe97
---- /dev/null
-+++ b/tests/probes/file/test_probes_file_multiple_file_paths.xml
-@@ -0,0 +1,42 @@
-+<?xml version="1.0"?>
-+<oval_definitions xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:ind="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:lin-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd">
-+  <generator>
-+    <oval:schema_version>5.10</oval:schema_version>
-+    <oval:timestamp>0001-01-01T00:00:00+00:00</oval:timestamp>
-+  </generator>
-+
-+  <definitions>
-+    <definition class="compliance" version="1" id="oval:x:def:1">
-+      <metadata>
-+        <title>Specify a file path using variable with two values</title>
-+        <description>x</description>
-+        <affected family="unix">
-+          <platform>multi_platform_all</platform>
-+        </affected>
-+      </metadata>
-+          <criteria operator="AND">
-+            <criterion comment="Check multiple paths" test_ref="oval:x:tst:1"/>
-+          </criteria>
-+    </definition>
-+  </definitions>
-+
-+  <tests>
-+        <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:x:tst:1" version="1" comment="Verify all paths exist" check_existence="all_exist" check="all">
-+          <object object_ref="oval:x:obj:1"/>
-+        </file_test>
-+  </tests>
-+
-+  <objects>
-+        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:x:obj:1" version="1" comment="uses var_check=all together with operation=equals">
-+          <path datatype="string" var_ref="oval:x:var:1" var_check="all" operation="equals"/>
-+          <filename xsi:nil="true" datatype="string"/>
-+        </file_object>
-+  </objects>
-+
-+  <variables>
-+        <constant_variable datatype="string" comment="2 file paths" version="1" id="oval:x:var:1">
-+            <value>/tmp/numbers</value>
-+            <value>/tmp/letters</value>
-+        </constant_variable>
-+  </variables>
-+</oval_definitions>
-
-From 569e0013ca83adef233ddecc78a052db9b3ccc5c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
-Date: Tue, 2 Jun 2020 15:11:37 +0200
-Subject: [PATCH 2/3] Add strace to the list of test dependencies
-
----
- docs/developer/developer.adoc | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/docs/developer/developer.adoc b/docs/developer/developer.adoc
-index 823a1504e..0f01ace74 100644
---- a/docs/developer/developer.adoc
-+++ b/docs/developer/developer.adoc
-@@ -152,7 +152,7 @@ After building the library you might want to run library self-checks. To do
- that you need to have these additional packages installed:
- 
- ----
--wget lua which procps-ng initscripts chkconfig sendmail bzip2 rpm-build
-+wget lua which procps-ng initscripts chkconfig sendmail bzip2 rpm-build strace
- ----
- 
- On Ubuntu 18.04, also install:
-
-From a47604bf30c6574e570abde4fd01488ba120f82d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
-Date: Wed, 17 Jun 2020 11:00:02 +0200
-Subject: [PATCH 3/3] Terminate matching to prevent recursion
-
-Fixes: RHBZ#1686370
----
- src/OVAL/probes/oval_fts.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/OVAL/probes/oval_fts.c b/src/OVAL/probes/oval_fts.c
-index 696997942..2b7314c38 100644
---- a/src/OVAL/probes/oval_fts.c
-+++ b/src/OVAL/probes/oval_fts.c
-@@ -1029,6 +1029,15 @@ static FTSENT *oval_fts_read_match_path(OVAL_FTS *ofts)
- 
- 		if (ores == OVAL_RESULT_TRUE)
- 			break;
-+		if (ofts->ofts_path_op == OVAL_OPERATION_EQUALS) {
-+			/* At this point the comparison result isn't OVAL_RESULT_TRUE. Since
-+			we passed the exact path (from filepath or path elements) to
-+			fts_open() we surely know that we can't find other items that would
-+			be equal. Therefore we can terminate the matching. This can happen
-+			if the filepath or path element references a variable that has
-+			multiple different values. */
-+			return NULL;
-+		}
- 	} /* for (;;) */
- 
- 	/*
diff --git a/SOURCES/openscap-1.3.4-rpmverifyfile_leak-PR_1565.patch b/SOURCES/openscap-1.3.4-rpmverifyfile_leak-PR_1565.patch
deleted file mode 100644
index 1cb6e65..0000000
--- a/SOURCES/openscap-1.3.4-rpmverifyfile_leak-PR_1565.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From 4ef60df7edfdd7a49a565494142f86d93f9268b3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
-Date: Fri, 31 Jul 2020 10:38:17 +0200
-Subject: [PATCH] Plug a memory leak
-
-==12029==    at 0x483A809: malloc (vg_replace_malloc.c:307)
-==12029==    by 0x51F1386: realpath@@GLIBC_2.3 (in /usr/lib64/libc-2.31.so)
-==12029==    by 0x489F8CA: oscap_realpath (util.c:251)
-==12029==    by 0x495E6EF: rpmverify_collect (rpmverifyfile_probe.c:248)
-==12029==    by 0x495F461: rpmverifyfile_probe_main (rpmverifyfile_probe.c:543)
-==12029==    by 0x4935598: probe_worker (worker.c:1090)
-==12029==    by 0x4932F10: probe_worker_runfn (worker.c:81)
-==12029==    by 0x4CDA431: start_thread (in /usr/lib64/libpthread-2.31.so)
-==12029==    by 0x52A8912: clone (in /usr/lib64/libc-2.31.so)
-
-==12029==    at 0x483CCE8: realloc (vg_replace_malloc.c:834)
-==12029==    by 0x4D9DCD8: rrealloc (in /usr/lib64/librpmio.so.9.0.1)
-==12029==    by 0x4D25B88: headerFormat (in /usr/lib64/librpm.so.9.0.1)
-==12029==    by 0x495E467: rpmverify_collect (rpmverifyfile_probe.c:230)
-==12029==    by 0x495F461: rpmverifyfile_probe_main
-(rpmverifyfile_probe.c:543)
-==12029==    by 0x4935598: probe_worker (worker.c:1090)
-==12029==    by 0x4932F10: probe_worker_runfn (worker.c:81)
-==12029==    by 0x4CDA431: start_thread (in
-/usr/lib64/libpthread-2.31.so)
-==12029==    by 0x52A8912: clone (in /usr/lib64/libc-2.31.so)
-
-Resolves: RHBZ#1861301
----
- .../probes/unix/linux/rpmverifyfile_probe.c   | 24 ++++++++++++++-----
- 1 file changed, 18 insertions(+), 6 deletions(-)
-
-diff --git a/src/OVAL/probes/unix/linux/rpmverifyfile_probe.c b/src/OVAL/probes/unix/linux/rpmverifyfile_probe.c
-index c86818e72..57d69f552 100644
---- a/src/OVAL/probes/unix/linux/rpmverifyfile_probe.c
-+++ b/src/OVAL/probes/unix/linux/rpmverifyfile_probe.c
-@@ -61,10 +61,10 @@
- 
- struct rpmverify_res {
- 	char *name;  /**< package name */
--	const char *epoch;
--	const char *version;
--	const char *release;
--	const char *arch;
-+	char *epoch;
-+	char *version;
-+	char *release;
-+	char *arch;
- 	char *file;  /**< filepath */
- 	char extended_name[1024];
- 	rpmVerifyAttrs vflags; /**< rpm verify flags */
-@@ -272,14 +272,14 @@ static int rpmverify_collect(probe_ctx *ctx,
- 						free(current_file_realpath);
- 						continue;
- 					}
--					res.file = current_file_realpath ? current_file_realpath : strdup(current_file);
-+					res.file = current_file_realpath ? oscap_strdup(current_file_realpath) : oscap_strdup(current_file);
- 		      break;
- 		    case OVAL_OPERATION_PATTERN_MATCH:
- 					ret = pcre_exec(re, NULL, current_file, strlen(current_file), 0, 0, NULL, 0);
- 
- 		      switch(ret) {
- 		      case 0: /* match */
--						res.file = strdup(current_file);
-+						res.file = oscap_strdup(current_file);
- 			break;
- 		      case -1:
- 			/* mismatch */
-@@ -299,12 +299,18 @@ static int rpmverify_collect(probe_ctx *ctx,
- 						free(current_file_realpath);
- 		      goto ret;
- 		    }
-+		    free(current_file_realpath);
- 
- 			if (rpmVerifyFile(g_rpm->rpmts, fi, &res.vflags, omit) != 0)
- 		      res.vflags = RPMVERIFY_FAILURES;
- 
- 		    if (callback(ctx, &res) != 0) {
- 			    ret = 0;
-+					free(res.name);
-+					free(res.epoch);
-+					free(res.version);
-+					free(res.release);
-+					free(res.arch);
- 					free(res.file);
- 			    goto ret;
- 		    }
-@@ -313,6 +319,12 @@ static int rpmverify_collect(probe_ctx *ctx,
- 
- 		  rpmfiFree(fi);
- 		}
-+
-+		free(res.name);
-+		free(res.epoch);
-+		free(res.version);
-+		free(res.release);
-+		free(res.arch);
- 	}
- 
- 	match = rpmdbFreeIterator (match);
--- 
-2.26.2
-
diff --git a/SOURCES/openscap-1.3.5-plug-memory-leak.patch b/SOURCES/openscap-1.3.5-plug-memory-leak.patch
new file mode 100644
index 0000000..8c8f4cf
--- /dev/null
+++ b/SOURCES/openscap-1.3.5-plug-memory-leak.patch
@@ -0,0 +1,71 @@
+From d5518f3f4c32ac19fcf3427602d5b2978b7ef1b4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
+Date: Mon, 5 Oct 2020 16:02:29 +0200
+Subject: [PATCH] Plug a memory leak
+
+Addressing:
+
+8 bytes in 1 blocks are indirectly lost in loss record 7 of 235
+   at 0x483A809: malloc (vg_replace_malloc.c:307)
+   by 0x48F15CA: oval_collection_new (oval_collection.c:64)
+   by 0x48F4FCC: oval_result_criteria_node_new (oval_resultCriteriaNode.c:106)
+   by 0x48F5580: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:249)
+   by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130)
+   by 0x48F7F41: oval_result_system_get_new_definition_with_check (oval_resultSystem.c:217)
+   by 0x48F5686: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:279)
+   by 0x48F55BD: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:260)
+   by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130)
+   by 0x48F8794: oval_result_system_prepare_definition (oval_resultSystem.c:395)
+   by 0x48F86A6: oval_result_system_eval_definition (oval_resultSystem.c:369)
+   by 0x48C23FD: oval_agent_eval_definition (oval_agent.c:181)
+
+8 bytes in 1 blocks are definitely lost in loss record 8 of 235
+   at 0x483A809: malloc (vg_replace_malloc.c:307)
+   by 0x48F1799: oval_collection_iterator (oval_collection.c:120)
+   by 0x48CCE4C: oval_criteria_node_get_subnodes (oval_criteriaNode.c:161)
+   by 0x48F5590: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:255)
+   by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130)
+   by 0x48F7F41: oval_result_system_get_new_definition_with_check (oval_resultSystem.c:217)
+   by 0x48F5686: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:279)
+   by 0x48F55BD: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:260)
+   by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130)
+   by 0x48F8794: oval_result_system_prepare_definition (oval_resultSystem.c:395)
+   by 0x48F86A6: oval_result_system_eval_definition (oval_resultSystem.c:369)
+   by 0x48C23FD: oval_agent_eval_definition (oval_agent.c:181)
+
+48 (40 direct, 8 indirect) bytes in 1 blocks are definitely lost in loss record 125 of 235
+   at 0x483A809: malloc (vg_replace_malloc.c:307)
+   by 0x48F4F50: oval_result_criteria_node_new (oval_resultCriteriaNode.c:98)
+   by 0x48F5580: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:249)
+   by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130)
+   by 0x48F7F41: oval_result_system_get_new_definition_with_check (oval_resultSystem.c:217)
+   by 0x48F5686: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:279)
+   by 0x48F55BD: make_result_criteria_node_from_oval_criteria_node (oval_resultCriteriaNode.c:260)
+   by 0x48F6B51: make_result_definition_from_oval_definition (oval_resultDefinition.c:130)
+   by 0x48F8794: oval_result_system_prepare_definition (oval_resultSystem.c:395)
+   by 0x48F86A6: oval_result_system_eval_definition (oval_resultSystem.c:369)
+   by 0x48C23FD: oval_agent_eval_definition (oval_agent.c:181)
+   by 0x48C2671: oval_agent_eval_system (oval_agent.c:286)
+
+This leak has been created by #1610.
+---
+ src/OVAL/results/oval_resultCriteriaNode.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/OVAL/results/oval_resultCriteriaNode.c b/src/OVAL/results/oval_resultCriteriaNode.c
+index 807283206..f6e980861 100644
+--- a/src/OVAL/results/oval_resultCriteriaNode.c
++++ b/src/OVAL/results/oval_resultCriteriaNode.c
+@@ -258,8 +258,11 @@ struct oval_result_criteria_node *make_result_criteria_node_from_oval_criteria_n
+ 					    = oval_criteria_node_iterator_next(oval_subnodes);
+ 					struct oval_result_criteria_node *rslt_subnode
+ 						= make_result_criteria_node_from_oval_criteria_node(sys, oval_subnode, visited_definitions, variable_instance);
+-					if (rslt_subnode == NULL)
++					if (rslt_subnode == NULL) {
++						oval_criteria_node_iterator_free(oval_subnodes);
++						oval_result_criteria_node_free(rslt_node);
+ 						return NULL;
++					}
+ 					oval_result_criteria_node_add_subnode(rslt_node, rslt_subnode);
+ 				}
+ 				oval_criteria_node_iterator_free(oval_subnodes);
diff --git a/SOURCES/openscap-1.3.5-yamlfilecontent-fix-field-names.patch b/SOURCES/openscap-1.3.5-yamlfilecontent-fix-field-names.patch
new file mode 100644
index 0000000..7d39e31
--- /dev/null
+++ b/SOURCES/openscap-1.3.5-yamlfilecontent-fix-field-names.patch
@@ -0,0 +1,67 @@
+diff --git a/src/OVAL/probes/independent/yamlfilecontent_probe.c b/src/OVAL/probes/independent/yamlfilecontent_probe.c
+index 6f18abf83..17741a240 100644
+--- a/src/OVAL/probes/independent/yamlfilecontent_probe.c
++++ b/src/OVAL/probes/independent/yamlfilecontent_probe.c
+@@ -206,6 +206,7 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
+ 	yaml_event_type_t event_type;
+ 	bool sequence = false;
+ 	bool mapping = false;
++	bool fake_mapping = false;
+ 	int index = 0;
+ 	char *key = strdup("#");
+ 
+@@ -224,21 +225,39 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
+ 
+ 		if (sequence) {
+ 			if (event_type == YAML_SEQUENCE_END_EVENT) {
+-				sequence = false;
++				if (fake_mapping) {
++					fake_mapping = false;
++					if (record && record->itemcount > 0) {
++						oscap_list_add(values, record);
++					} else {
++						// Do not collect empty records
++						oscap_htable_free0(record);
++					}
++					record = NULL;
++				} else {
++					sequence = false;
++				}
+ 			} else if (event_type == YAML_SEQUENCE_START_EVENT) {
+-				result_error("YAML path '%s' points to a multi-dimensional structure (sequence containing another sequence)", yaml_path_cstr);
+-				goto cleanup;
++				if (mapping || fake_mapping) {
++					result_error("YAML path '%s' points to a multi-dimensional structure (a map or a sequence containing other sequences)", yaml_path_cstr);
++					goto cleanup;
++				} else {
++					fake_mapping = true;
++					record = oscap_htable_new();
++				}
+ 			}
+ 		} else {
+ 			if (event_type == YAML_SEQUENCE_START_EVENT) {
+ 				sequence = true;
++				if (mapping)
++					index++;
+ 			}
+ 		}
+ 
+ 		if (mapping) {
+ 			if (event_type == YAML_MAPPING_END_EVENT) {
+ 				mapping = false;
+-				if (record->itemcount > 0) {
++				if (record && record->itemcount > 0) {
+ 					oscap_list_add(values, record);
+ 				} else {
+ 					// Do not collect empty records
+@@ -255,6 +274,10 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
+ 					result_error("YAML path '%s' points to an invalid structure (map containing another map)", yaml_path_cstr);
+ 					goto cleanup;
+ 				}
++				if (fake_mapping) {
++					result_error("YAML path '%s' points to a multi-dimensional structure (two-dimensional sequence containing a map)", yaml_path_cstr);
++					goto cleanup;
++				}
+ 				mapping = true;
+ 				sequence = false;
+ 				index = 0;
diff --git a/SPECS/openscap.spec b/SPECS/openscap.spec
index 2536e77..3fa8e93 100644
--- a/SPECS/openscap.spec
+++ b/SPECS/openscap.spec
@@ -1,19 +1,13 @@
 Name:           openscap
-Version:        1.3.3
-Release:        5%{?dist}
+Version:        1.3.4
+Release:        1%{?dist}
 Summary:        Set of open source libraries enabling integration of the SCAP line of standards
 Group:          System Environment/Libraries
 License:        LGPLv2+
 URL:            http://www.open-scap.org/
 Source0:        https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
-Patch1:         openscap-1.3.4-fix-environmentvariable58-regression.patch
-Patch2:         openscap-1.3.4-fix-no-more-recursion.patch
-Patch3:	        openscap-1.3.4-add_compression_support-PR_1557.patch
-Patch4:	        openscap-1.3.4-add_compression_test-PR_1564.patch
-Patch5:	        openscap-1.3.4-add_compression_tracing-PR_1561.patch
-Patch6:         openscap-1.3.4-rpmverifyfile_leak-PR_1565.patch
-Patch7:         openscap-1.3.4-detect_remote_file_systems-PR_1573.patch
-
+Patch1:         openscap-1.3.5-plug-memory-leak.patch
+Patch2:         openscap-1.3.5-yamlfilecontent-fix-field-names.patch
 BuildRequires:  cmake >= 2.6
 BuildRequires:  swig libxml2-devel libxslt-devel perl-generators perl-XML-Parser
 BuildRequires:  rpm-devel
@@ -135,11 +129,6 @@ for developing applications that use %{name}-engine-sce.
 %setup -q
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
 mkdir build
 
 %build
@@ -227,6 +216,13 @@ rm -rf $RPM_BUILD_ROOT
 %{_bindir}/oscap-run-sce-script
 
 %changelog
+* Wed Oct 14 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-1
+- Upgrade to the latest upstream release (RHBZ#1887794)
+- Treat GPFS as a remote file system (RHBZ#1840578, RHBZ#1840579)
+- Fixed the most problematic memory issues that were causing OOM situations
+  for systems with large amount of files (RHBZ#1824152)
+- Proper handling of OVALs with circular dependencies between definitions (RHBZ#1812476)
+
 * Wed Aug 19 2020 Jan Černý <jcerny@redhat.com> - 1.3.3-5
 - Detect remote file systems correctly (RHBZ#1870087)