diff --git a/.gitignore b/.gitignore index da07050..57e14bb 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/openscap-1.1.1.tar.gz +SOURCES/openscap-1.2.5.tar.gz diff --git a/.openscap.metadata b/.openscap.metadata index abacda5..d0e4e10 100644 --- a/.openscap.metadata +++ b/.openscap.metadata @@ -1 +1 @@ -f0658393740c21c100f8b7f325699c5de1c41225 SOURCES/openscap-1.1.1.tar.gz +16c8c27668d32831c7beddd4e1549dde75142695 SOURCES/openscap-1.2.5.tar.gz diff --git a/SOURCES/bz1159289-aebc254a-Export-var_check-in-OVAL-object.patch b/SOURCES/bz1159289-aebc254a-Export-var_check-in-OVAL-object.patch deleted file mode 100644 index a3d53ad..0000000 --- a/SOURCES/bz1159289-aebc254a-Export-var_check-in-OVAL-object.patch +++ /dev/null @@ -1,31 +0,0 @@ -From aebc254a4e6993ef79a549c2f71b5a6a4eb3ed01 Mon Sep 17 00:00:00 2001 -From: Martin Preisler -Date: Mon, 3 Nov 2014 19:49:06 +0100 -Subject: [PATCH] Export var_check in OVAL object when var_ref is present - -Fixes validation issues with schematron, such as: - -oval:mil.disa.fso.redhat.rhel6:obj:3184 - a var_ref has been supplied for the -ind-def:pattern entity so a var_check should also be provided ---- - src/OVAL/oval_objectContent.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/OVAL/oval_objectContent.c b/src/OVAL/oval_objectContent.c -index ee59e86..eb59c25 100644 ---- a/src/OVAL/oval_objectContent.c -+++ b/src/OVAL/oval_objectContent.c -@@ -403,7 +403,9 @@ xmlNode *oval_object_content_to_dom(struct oval_object_content *content, xmlDoc - struct oval_entity *entity = oval_object_content_get_entity(content); - content_node = oval_entity_to_dom(entity, doc, parent); - oval_check_t check = oval_object_content_get_varCheck(content); -- if (check != OVAL_CHECK_ALL) -+ oval_entity_varref_type_t vtype = oval_entity_get_varref_type(entity); -+ -+ if (check != OVAL_CHECK_ALL || vtype != OVAL_ENTITY_VARREF_NONE) - xmlNewProp(content_node, BAD_CAST "var_check", BAD_CAST oval_check_get_text(check)); - } - break; --- -1.9.3 - diff --git a/SOURCES/bz1165139-c51c17bc-Set-async-thread-cancelation.patch b/SOURCES/bz1165139-c51c17bc-Set-async-thread-cancelation.patch deleted file mode 100644 index 8389c77..0000000 --- a/SOURCES/bz1165139-c51c17bc-Set-async-thread-cancelation.patch +++ /dev/null @@ -1,38 +0,0 @@ -From c51c17bc6fd7373b07cad6156af0809f703a1db0 Mon Sep 17 00:00:00 2001 -From: Daniel Kopecek -Date: Tue, 6 Jan 2015 16:23:14 +0100 -Subject: [PATCH] Set async thread cancelation before entering probe_main - -Set thread cancelation type to PTHREAD_CANCEL_ASYNCHRONOUS to prevent -the code in probe_main to defer the cancelation for too long. - -Related: rhbz#1165139 ---- - src/OVAL/probes/probe/worker.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/src/OVAL/probes/probe/worker.c b/src/OVAL/probes/probe/worker.c -index 949d65f..f9c9f17 100644 ---- a/src/OVAL/probes/probe/worker.c -+++ b/src/OVAL/probes/probe/worker.c -@@ -939,10 +939,16 @@ SEXP_t *probe_worker(probe_t *probe, SEAP_msg_t *msg_in, int *ret) - - pctx.probe_in = probe_in; - pctx.probe_out = probe_out; -+ - /* -- * Run the main function of the probe implementation -+ * Run the main function of the probe implementation. Set thread -+ * cancelation type to ASYNC to prevent the code in probe_main to -+ * defer the cancelation for too long. - */ -+ int __unused_oldstate; -+ pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, &__unused_oldstate); - *ret = probe_main(&pctx, probe->probe_arg); -+ pthread_setcanceltype(PTHREAD_CANCEL_DEFERRED, &__unused_oldstate); - - /* - * Synchronize --- -1.9.3 - diff --git a/SOURCES/bz1182242-0e3c7e68-Export-var_check-together.patch b/SOURCES/bz1182242-0e3c7e68-Export-var_check-together.patch deleted file mode 100644 index 28f0c02..0000000 --- a/SOURCES/bz1182242-0e3c7e68-Export-var_check-together.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 0e3c7e6833630d55d00ac3e91cdb2ae067fabcb6 Mon Sep 17 00:00:00 2001 -From: Martin Preisler -Date: Fri, 16 Jan 2015 15:57:31 +0100 -Subject: [PATCH] Export @var_check together with @var_ref for objects - -Addresses rhbz#1182242 and rhbz#1159289. ---- - src/OVAL/oval_objectContent.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/src/OVAL/oval_objectContent.c b/src/OVAL/oval_objectContent.c -index eb59c25..ad620d9 100644 ---- a/src/OVAL/oval_objectContent.c -+++ b/src/OVAL/oval_objectContent.c -@@ -403,9 +403,8 @@ xmlNode *oval_object_content_to_dom(struct oval_object_content *content, xmlDoc - struct oval_entity *entity = oval_object_content_get_entity(content); - content_node = oval_entity_to_dom(entity, doc, parent); - oval_check_t check = oval_object_content_get_varCheck(content); -- oval_entity_varref_type_t vtype = oval_entity_get_varref_type(entity); - -- if (check != OVAL_CHECK_ALL || vtype != OVAL_ENTITY_VARREF_NONE) -+ if (check != OVAL_CHECK_ALL || xmlHasProp(content_node, BAD_CAST "var_ref")) - xmlNewProp(content_node, BAD_CAST "var_check", BAD_CAST oval_check_get_text(check)); - } - break; --- -1.9.3 - diff --git a/SOURCES/openscap-1.2.5-rhsa-idents.patch b/SOURCES/openscap-1.2.5-rhsa-idents.patch new file mode 100644 index 0000000..921ee77 --- /dev/null +++ b/SOURCES/openscap-1.2.5-rhsa-idents.patch @@ -0,0 +1,26 @@ +From c1c1b92c319d978d3b05dc9a625c7f3bec9fe2d8 Mon Sep 17 00:00:00 2001 +From: Martin Preisler +Date: Thu, 16 Jul 2015 13:35:23 +0200 +Subject: [PATCH] Show RHSA identifiers as clickable links in HTML report and + guide + +This fixes a regression between openscap 1.0.x and 1.1.x. +See rhbz#1243808. +--- + xsl/xccdf-share.xsl | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/xsl/xccdf-share.xsl b/xsl/xccdf-share.xsl +index 8fdd862..700417d 100644 +--- a/xsl/xccdf-share.xsl ++++ b/xsl/xccdf-share.xsl +@@ -53,6 +53,9 @@ Authors: + + + ++ ++ ++ + + + diff --git a/SOURCES/openscap-1.2.5-scap-as-rpm-srpm.patch b/SOURCES/openscap-1.2.5-scap-as-rpm-srpm.patch new file mode 100644 index 0000000..a82394d --- /dev/null +++ b/SOURCES/openscap-1.2.5-scap-as-rpm-srpm.patch @@ -0,0 +1,84 @@ +From 98159abd6965d32805e17a859b2d08c6fa42ec8a Mon Sep 17 00:00:00 2001 +From: Zbynek Moravec +Date: Wed, 8 Jul 2015 15:10:18 +0200 +Subject: [PATCH] trac#469 Add Python3 support. Fix --srpm-destination + +--- + utils/scap-as-rpm | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/utils/scap-as-rpm b/utils/scap-as-rpm +index fee1f5b..4dae7d9 100755 +--- a/utils/scap-as-rpm ++++ b/utils/scap-as-rpm +@@ -1,4 +1,4 @@ +-#!/usr/bin/python2 ++#!/usr/bin/python + # Copyright 2013 Red Hat Inc., Durham, North Carolina. + # All Rights Reserved. + # +@@ -70,7 +70,7 @@ except ImportError: + opts, args = optparse.OptionParser.parse_args(self, args, values) + if self._args_spec: + if not args: +- print "Missing arguments: %s" % self._args_spec ++ print("Missing arguments: %s" % self._args_spec) + self.print_help() + + setattr(opts, self._args_name, args) +@@ -87,7 +87,7 @@ except ImportError: + if fobj: + fobj.write("%s\n" % self._args_description) + else: +- print self._args_description ++ print(self._args_description) + + ParserClass = ArgOptParserShim + +@@ -136,7 +136,7 @@ if subprocess.call(["rpmbuild", "--version"], stdout = sys.stdout, stderr = sys. + sys.exit(1) + + def get_rpmbuild_paths(): +- sources = subprocess_check_output(["rpm", "--eval", "%{_sourcedir}"]).strip() ++ sources = subprocess_check_output(["rpm", "--eval", "%{_sourcedir}"]).strip().decode('utf-8') + + if not os.path.exists(sources): + if subprocess.call(["rpmdev-setuptree"], stdout = sys.stdout, stderr = sys.stderr) != 0: +@@ -145,8 +145,8 @@ def get_rpmbuild_paths(): + "'%s'\n" % (sources)) + raise CannotContinueError() + +- rpm = subprocess_check_output(["rpm", "--eval", "%{_rpmdir}"]).strip() +- srpm = subprocess_check_output(["rpm", "--eval", "%{_srcrpmdir}"]).strip() ++ rpm = subprocess_check_output(["rpm", "--eval", "%{_rpmdir}"]).strip().decode('utf-8') ++ srpm = subprocess_check_output(["rpm", "--eval", "%{_srcrpmdir}"]).strip().decode('utf-8') + + if not os.path.exists(rpm) or not os.path.exists(srpm): + sys.stderr.write("The SOURCES rpmbuild directory exists but RPM or SRPM do not. Please make " +@@ -201,7 +201,7 @@ BuildArch: noarch + #Requires: openscap-utils >= ${__package_openscap_version} + + %description +-asdf ++This package was generated by scap-as-rpm. + + %prep + ${__package_prepper} +@@ -272,7 +272,7 @@ def main(): + help = "The folder (absolute or relative to CWD) where the result RPM shall be saved.") + parser.add_argument("--srpm-destination", dest = "srpm_destination", default = None, + help = "The folder (absolute or relative to CWD) where the result SRPM shall be saved.") +- parser.add_argument("files", metavar="FILE", nargs="+", ++ parser.add_argument("files", metavar = "FILE", nargs = "+", + help = "List of files that should be put into the result package. " + "These should be SCAP XML files but such requirement is not enforced.") + +@@ -332,7 +332,7 @@ def main(): + + shutil.copy(os.path.join(rpmbuild_rpm_path, "noarch", rpm_basename), os.path.join(args.rpm_destination, rpm_basename)) + if args.srpm_destination is not None: +- shutil.copy(os.path.join(rpmbuild_srpm_path, srpm_basename), os.path.join(args.srpm_destination, rpm_basename)) ++ shutil.copy(os.path.join(rpmbuild_srpm_path, srpm_basename), os.path.join(args.srpm_destination, srpm_basename)) + + print("") + print("Resulting RPM:\t'%s'" % (os.path.join(args.rpm_destination, rpm_basename))) diff --git a/SPECS/openscap.spec b/SPECS/openscap.spec index 3ba2768..62e4b9f 100644 --- a/SPECS/openscap.spec +++ b/SPECS/openscap.spec @@ -5,16 +5,15 @@ restorecon -R /usr/bin/oscap /usr/libexec/openscap; \ Name: openscap -Version: 1.1.1 +Version: 1.2.5 Release: 3%{?dist} Summary: Set of open source libraries enabling integration of the SCAP line of standards Group: System Environment/Libraries License: LGPLv2+ URL: http://www.open-scap.org/ Source0: http://fedorahosted.org/releases/o/p/openscap/%{name}-%{version}.tar.gz -Patch0: bz1159289-aebc254a-Export-var_check-in-OVAL-object.patch -Patch1: bz1165139-c51c17bc-Set-async-thread-cancelation.patch -Patch2: bz1182242-0e3c7e68-Export-var_check-together.patch +Patch0: openscap-1.2.5-rhsa-idents.patch +Patch1: openscap-1.2.5-scap-as-rpm-srpm.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: swig libxml2-devel libxslt-devel perl-XML-Parser BuildRequires: rpm-devel @@ -23,6 +22,7 @@ BuildRequires: pcre-devel BuildRequires: libacl-devel BuildRequires: libselinux-devel libcap-devel BuildRequires: libblkid-devel +BuildRequires: bzip2-devel %if %{?_with_check:1}%{!?_with_check:0} BuildRequires: perl-XML-XPath %endif @@ -62,6 +62,7 @@ Group: Applications/System Requires: %{name}%{?_isa} = %{version}-%{release} Requires: libcurl >= 7.12.0 BuildRequires: libcurl-devel >= 7.12.0 +Obsoletes: openscap-selinux %description scanner The %{name}-scanner package contains oscap command-line tool. The oscap @@ -114,24 +115,10 @@ Requires: pkgconfig The %{name}-engine-sce-devel package contains libraries and header files for developing applications that use %{name}-engine-sce. -%package selinux -Summary: SELinux policy module for openscap -Group: System Environment/Base -Requires: %{name}-utils = %{version}-%{release} -Requires: policycoreutils, libselinux-utils -Requires(post): selinux-policy-base, policycoreutils -Requires(postun): policycoreutils -BuildRequires: selinux-policy-devel -BuildArch: noarch - -%description selinux -This package installs and sets up the SELinux policy security module for openscap. - %prep %setup -q -%patch0 -p1 -b .bz1159289 -%patch1 -p1 -b .bz1165139 -%patch2 -p1 -b .bz1182242 +%patch0 -p1 +%patch1 -p1 %build %ifarch sparc64 @@ -143,7 +130,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpie" export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" %endif -%configure --enable-sce --enable-selinux_policy +%configure --enable-sce make %{?_smp_mflags} # Remove shebang from bash-completion script @@ -182,29 +169,11 @@ rm -rf $RPM_BUILD_ROOT %post -p /sbin/ldconfig -%post selinux -semodule -n -i %{_datadir}/selinux/packages/oscap.pp -if /usr/sbin/selinuxenabled ; then - /usr/sbin/load_policy - %relabel_files -fi; -exit 0 - %postun -p /sbin/ldconfig -%postun selinux -if [ $1 -eq 0 ]; then - semodule -n -r oscap - if /usr/sbin/selinuxenabled ; then - /usr/sbin/load_policy - %relabel_files - fi; -fi; -exit 0 - %files %defattr(-,root,root,-) -%doc AUTHORS COPYING ChangeLog NEWS README +%doc AUTHORS COPYING ChangeLog NEWS README.md %{_libdir}/libopenscap.so.* %{_libexecdir}/openscap/probe_dnscache %{_libexecdir}/openscap/probe_environmentvariable @@ -230,6 +199,7 @@ exit 0 %{_libexecdir}/openscap/probe_selinuxboolean %{_libexecdir}/openscap/probe_selinuxsecuritycontext %{_libexecdir}/openscap/probe_shadow +%{_libexecdir}/openscap/probe_symlink %{_libexecdir}/openscap/probe_sysctl %{_libexecdir}/openscap/probe_system_info %{_libexecdir}/openscap/probe_systemdunitdependency @@ -286,12 +256,20 @@ exit 0 %files engine-sce %{_libdir}/libopenscap_sce.so.* -%files selinux -%attr(0600,root,root) %{_datadir}/selinux/packages/oscap.pp -%{_datadir}/selinux/devel/include/contrib/oscap.if -# %{_mandir}/man8/openscap_selinux.8.* - %changelog +* Fri Jul 24 2015 Martin Preisler - 1.2.5-3 +- add a patch for scap-as-rpm to generate SRPM correctly (#1242893) + +* Fri Jul 24 2015 Martin Preisler - 1.2.5-2 +- add a patch to support RHSA identifiers in HTML report and guide (#1243808) + +* Mon Jul 06 2015 Šimon Lukašík - 1.2.5-1 +- upgrade to the latest upstream release + +* Mon Jun 22 2015 Šimon Lukašík - 1.2.4-1 +- upgrade to the latest upstream release +- drop openscap-selinux sub-package + * Tue Jan 20 2015 Šimon Lukašík - 1.1.1-3 - USGCB, schematron: var_ref missing when var_check exported (#1182242)