Merge "Upgrade Openscap (1.3.5 -> 1.3.6)"
This commit is contained in:
commit
14d53c3566
@ -1,3 +1,123 @@
|
||||
openscap (1.3.6+dfsg-6) unstable; urgency=medium
|
||||
|
||||
* Cherry-pick use-correct-includes.patch from upstream. Fixes build
|
||||
with RPM >= 4.18.
|
||||
* Update to Standards-Version 4.6.2, no changes needed.
|
||||
* Add the year 2023 to my debian/* copyright notice.
|
||||
|
||||
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Tue, 10 Jan 2023 13:57:56 +0100
|
||||
|
||||
openscap (1.3.6+dfsg-5) unstable; urgency=medium
|
||||
|
||||
* Remove libprocps-dev as BD. Closes: #1024224
|
||||
* Move BD related to documentation to BD-Indep
|
||||
|
||||
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Thu, 08 Dec 2022 22:01:54 +0100
|
||||
|
||||
openscap (1.3.6+dfsg-4) unstable; urgency=medium
|
||||
|
||||
* Delete files generated if systemd is found.
|
||||
Thanks to Rene Engelhard for the suggestion (Closes: #1023041)
|
||||
* Tag BD used only for tests with <!nocheck>
|
||||
|
||||
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Thu, 03 Nov 2022 21:24:45 +0100
|
||||
|
||||
openscap (1.3.6+dfsg-3) unstable; urgency=medium
|
||||
|
||||
* Depend on source, not binary version for arch all package.
|
||||
* Remove old and unneeded break/conflict.
|
||||
* Update d/watch to reflect changes toward GitHub.
|
||||
|
||||
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Sun, 30 Oct 2022 00:16:20 +0200
|
||||
|
||||
openscap (1.3.6+dfsg-2) unstable; urgency=medium
|
||||
|
||||
* Add OVAL-SEAP-Allocate-aligned-memory-in-SEXP_rawval_lblk_new.patch from
|
||||
upstream. Closes: #1015205
|
||||
* Add run-a-minor-testsuite.patch and start running some tests again.
|
||||
- Add libxml-parser-perl and libxml-xpath-perl as build dependencies.
|
||||
* Change -DCMAKE_SKIP_BUILD_RPATH=TRUE -> -DCMAKE_BUILD_RPATH_USE_ORIGIN=ON
|
||||
* Don't install Doxygen files *.map and *.md5.
|
||||
|
||||
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Sat, 30 Jul 2022 11:26:47 +0200
|
||||
|
||||
openscap (1.3.6+dfsg-1) unstable; urgency=medium
|
||||
|
||||
* New upstream release.
|
||||
* Patches:
|
||||
- Rebase 010_perlpm_install_fix.patch and add DEP-3 compliant header.
|
||||
- Drop 011_remove_custom_rpath.patch, no longer needed.
|
||||
- Add update-whatis-entry.patch
|
||||
- Add create-diagrams-when-generating-Doxygen-documen.patch
|
||||
- Add create-Doxygen-diagrams-as-svg.patch
|
||||
- Add add-missing-free.patch
|
||||
- Add remove-superfluous-strdup.patch
|
||||
* d/control:
|
||||
- Apply Multi-Arch: foreign, to openscap-common.
|
||||
- Add missing space in short package description.
|
||||
* Drop d/dirs, not needed.
|
||||
* Change downloaded release tarball, this includes yaml-filter
|
||||
* Build documentation and place it in a new binary package.
|
||||
* Use the CMake RPATH option, this also removes chrpath as BD.
|
||||
* Update d/libopenscap25.symbols
|
||||
* d/copyright:
|
||||
- Include yaml-filter in source package.
|
||||
- Bump copyright year in main paragraph.
|
||||
- Include new file paragraphs.
|
||||
|
||||
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Wed, 20 Jul 2022 12:04:48 +0200
|
||||
|
||||
openscap (1.3.5+dfsg-3) unstable; urgency=medium
|
||||
|
||||
* Move from experimental to unstable.
|
||||
|
||||
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Fri, 15 Jul 2022 11:25:21 +0200
|
||||
|
||||
openscap (1.3.5+dfsg-2) experimental; urgency=medium
|
||||
|
||||
* Disable entire testsuite
|
||||
This also removes 012-Disable-some-tests.patch and build-dependencies
|
||||
libxml-parser-perl and libxml-xpath-perl.
|
||||
|
||||
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Wed, 13 Jul 2022 19:14:27 +0200
|
||||
|
||||
openscap (1.3.5+dfsg-1) experimental; urgency=medium
|
||||
|
||||
* New maintainer Closes: #1012868
|
||||
* Repack source, remove yaml-filter and javascript files.
|
||||
We also delete the related lintian-overrrides and
|
||||
d/missing-sources directory.
|
||||
* d/rules:
|
||||
- Reformat CMake options. Closes: #1000279
|
||||
- Build Python 3 library for all supported versions.
|
||||
- Default build without verbose logging.
|
||||
* d/control:
|
||||
- Drop obsolete X-Python3-Version field.
|
||||
- Update Standards-Version to 4.6.1
|
||||
- Document Rules-Requires-Root.
|
||||
- Add missing Break/Replace on openscap-common. Closes: #1001075
|
||||
- Move package into Vcs repository.
|
||||
- Remove ${python3-Depends} and libjs-jquery as dependencies for
|
||||
libopenscap-dev, not needed.
|
||||
- Remove libcurl-dev as build dependency, doesn't exist.
|
||||
* Don't build documentation. We want this in a separate package.
|
||||
* d/copyright:
|
||||
- Convert to machine-readable format.
|
||||
- Add myself under debian/* section.
|
||||
* Patches:
|
||||
- Drop 001_fix_kfreebsd_probe.patch, this is a 'linux-any' package.
|
||||
- Add 012-Disable-some-tests.patch, disabled some test, the remaining
|
||||
is kept for regression.
|
||||
* Install upstream changelog in all binary packages.
|
||||
* Set upstream metadata fields: Repository and Repository-Browse.
|
||||
* Run wrap-and-sort -at
|
||||
* Add symbols file.
|
||||
* Add the missing changelog entry for version 1.2.17-0.1
|
||||
* d/gbp.conf: Add pristine-tar, remove branch and tag entries, using
|
||||
default values.
|
||||
|
||||
-- Håvard F. Aasen <havard.f.aasen@pfft.no> Wed, 06 Jul 2022 07:35:05 +0200
|
||||
|
||||
openscap (1.3.5-0.1) experimental; urgency=medium
|
||||
|
||||
* Non-maintainer upload.
|
||||
@ -42,6 +162,32 @@ openscap (1.3.4-1) unstable; urgency=medium
|
||||
|
||||
-- Philippe Thierry <philou@debian.org> Mon, 01 Feb 2021 16:22:30 +0100
|
||||
|
||||
openscap (1.2.17-0.1) unstable; urgency=medium
|
||||
|
||||
* Non-maintainer upload
|
||||
* New upstream release
|
||||
This is the first version with full python3 compatibility.
|
||||
* Update package to python3 closes: #937211
|
||||
* d/control
|
||||
- Change to debhelper-compat
|
||||
- Bump to debhelper 10
|
||||
Being able to parallelize build
|
||||
- Remove autotools-dev and dh_autotools from build dependencies
|
||||
* Add apt-1.9.0.patch closes: #930673
|
||||
* Add apt-1.9.11.patch use pkgCacheFile instead of mmap
|
||||
Patches from Julian Andres Klode on Ubuntu
|
||||
* Add use_sys-xattr.patch closes: #953916
|
||||
also remove libattr1-dev as build-dependency
|
||||
* Disable 010-install-cpe-oval.patch
|
||||
* Add d/source/lintian-override for file with
|
||||
very_long_line_lenghts_in_source_file
|
||||
* Add d/libopenscap8.lintian-overrides for man page with long line length
|
||||
* d/missing-sources
|
||||
- Update jquery.js
|
||||
- Add bootstrap.js
|
||||
|
||||
-- Håvard Flaget Aasen <haavard_aasen@yahoo.no> Fri, 10 Apr 2020 17:42:40 +0200
|
||||
|
||||
openscap (1.2.16-2) unstable; urgency=medium
|
||||
|
||||
* Add patch to install CPE OVAL files
|
||||
|
@ -1,48 +1,52 @@
|
||||
Source: openscap
|
||||
Priority: optional
|
||||
Maintainer: Pierre Chifflier <pollux@debian.org>
|
||||
Uploaders: Philippe Thierry <philou@debian.org>
|
||||
Build-Depends: debhelper-compat (= 13),
|
||||
cmake,
|
||||
libpcre3-dev,
|
||||
libxml2-dev,
|
||||
libxslt1-dev,
|
||||
swig,
|
||||
python3-all-dev,
|
||||
libperl-dev,
|
||||
libcurl4-openssl-dev | libcurl4-gnutls-dev | libcurl-dev,
|
||||
libgcrypt-dev,
|
||||
libapt-pkg-dev,
|
||||
libselinux1-dev [linux-any],
|
||||
libcap-dev [linux-any],
|
||||
libattr1-dev,
|
||||
libldap2-dev,
|
||||
libbz2-dev,
|
||||
libacl1-dev,
|
||||
libblkid-dev,
|
||||
libglib2.0-dev,
|
||||
libyaml-dev,
|
||||
librpm-dev,
|
||||
libpopt-dev,
|
||||
libprocps-dev,
|
||||
libopendbx1-dev,
|
||||
libxmlsec1-dev,
|
||||
doxygen, graphviz,
|
||||
asciidoc,
|
||||
pkg-config,
|
||||
dh-python,
|
||||
chrpath,
|
||||
libdbus-1-dev
|
||||
Section: admin
|
||||
X-Python3-Version: >= 3.9
|
||||
Standards-Version: 4.5.1
|
||||
Priority: optional
|
||||
Maintainer: Håvard F. Aasen <havard.f.aasen@pfft.no>
|
||||
Build-Depends: cmake,
|
||||
debhelper-compat (= 13),
|
||||
dh-python,
|
||||
libacl1-dev,
|
||||
libapt-pkg-dev,
|
||||
libattr1-dev,
|
||||
libblkid-dev,
|
||||
libbz2-dev,
|
||||
libcap-dev [linux-any],
|
||||
libcurl4-openssl-dev | libcurl4-gnutls-dev,
|
||||
libdbus-1-dev,
|
||||
libgcrypt-dev,
|
||||
libglib2.0-dev,
|
||||
libldap2-dev,
|
||||
libopendbx1-dev,
|
||||
libpcre3-dev,
|
||||
libperl-dev,
|
||||
libpopt-dev,
|
||||
librpm-dev,
|
||||
libselinux1-dev [linux-any],
|
||||
libxml-parser-perl <!nocheck>,
|
||||
libxml-xpath-perl <!nocheck>,
|
||||
libxml2-dev,
|
||||
libxmlsec1-dev,
|
||||
libxslt1-dev,
|
||||
libyaml-dev,
|
||||
pkg-config,
|
||||
python3-all-dev,
|
||||
swig,
|
||||
Build-Depends-Indep: asciidoc,
|
||||
doxygen,
|
||||
graphviz,
|
||||
Standards-Version: 4.6.2
|
||||
Rules-Requires-Root: no
|
||||
Homepage: https://www.open-scap.org/
|
||||
Vcs-Browser: https://salsa.debian.org/debian/openscap
|
||||
Vcs-Git: https://salsa.debian.org/debian/openscap.git
|
||||
|
||||
Package: libopenscap-dev
|
||||
Section: libdevel
|
||||
Architecture: linux-any
|
||||
Depends: libopenscap25 (= ${binary:Version}), ${misc:Depends}, ${python3:Depends}, libjs-jquery
|
||||
Description: Set of libraries enabling integration of the SCAP line of standards
|
||||
Depends: libopenscap25 (= ${binary:Version}),
|
||||
${misc:Depends},
|
||||
Suggests: openscap-doc,
|
||||
Description: libraries enabling integration of the SCAP line of standards - Development files
|
||||
OpenSCAP is a set of open source libraries providing an easier path
|
||||
for integration of the SCAP line of standards. SCAP is a line of
|
||||
standards managed by NIST with the goal of providing a standard language
|
||||
@ -62,11 +66,12 @@ Description: Set of libraries enabling integration of the SCAP line of standards
|
||||
Package: libopenscap25
|
||||
Section: libs
|
||||
Architecture: linux-any
|
||||
Conflicts: libopenscap0, libopenscap1, libopenscap3, libopenscap8,
|
||||
Replaces: libopenscap0, libopenscap1, libopenscap3, libopenscap8,
|
||||
Pre-Depends: ${misc:Pre-Depends}
|
||||
Depends: ${shlibs:Depends}, ${misc:Depends},
|
||||
Description: Set of libraries enabling integration of the SCAP line of standards
|
||||
Conflicts: libopenscap8,
|
||||
Replaces: libopenscap8,
|
||||
Pre-Depends: ${misc:Pre-Depends},
|
||||
Depends: ${misc:Depends},
|
||||
${shlibs:Depends},
|
||||
Description: libraries enabling integration of the SCAP line of standards
|
||||
OpenSCAP is a set of open source libraries providing an easier path
|
||||
for integration of the SCAP line of standards. SCAP is a line of
|
||||
standards managed by NIST with the goal of providing a standard language
|
||||
@ -86,10 +91,13 @@ Description: Set of libraries enabling integration of the SCAP line of standards
|
||||
Package: python3-openscap
|
||||
Section: python
|
||||
Architecture: linux-any
|
||||
Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}, libopenscap25 (= ${binary:Version})
|
||||
X-Python3-Version: ${python3:Versions}
|
||||
Provides: ${python3:Provides}
|
||||
Description: Set of libraries enabling integration of the SCAP line of standards
|
||||
Depends: libopenscap25 (= ${binary:Version}),
|
||||
${misc:Depends},
|
||||
${python3:Depends},
|
||||
${shlibs:Depends},
|
||||
Suggests: openscap-doc,
|
||||
Provides: ${python3:Provides},
|
||||
Description: libraries enabling integration of the SCAP line of standards - Python 3 bindings
|
||||
OpenSCAP is a set of open source libraries providing an easier path
|
||||
for integration of the SCAP line of standards. SCAP is a line of
|
||||
standards managed by NIST with the goal of providing a standard language
|
||||
@ -109,8 +117,12 @@ Description: Set of libraries enabling integration of the SCAP line of standards
|
||||
Package: libopenscap-perl
|
||||
Section: perl
|
||||
Architecture: linux-any
|
||||
Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, libopenscap25 (= ${binary:Version})
|
||||
Description: Set of libraries enabling integration of the SCAP line of standards
|
||||
Depends: libopenscap25 (= ${binary:Version}),
|
||||
${misc:Depends},
|
||||
${perl:Depends},
|
||||
${shlibs:Depends},
|
||||
Suggests: openscap-doc,
|
||||
Description: libraries enabling integration of the SCAP line of standards - Perl bindings
|
||||
OpenSCAP is a set of open source libraries providing an easier path
|
||||
for integration of the SCAP line of standards. SCAP is a line of
|
||||
standards managed by NIST with the goal of providing a standard language
|
||||
@ -130,8 +142,10 @@ Description: Set of libraries enabling integration of the SCAP line of standards
|
||||
Package: openscap-scanner
|
||||
Architecture: linux-any
|
||||
Depends: libopenscap25 (= ${binary:Version}),
|
||||
${shlibs:Depends}, ${misc:Depends},
|
||||
Recommends: openscap-common (= ${binary:Version}),
|
||||
${misc:Depends},
|
||||
${shlibs:Depends},
|
||||
Recommends: openscap-common (= ${source:Version}),
|
||||
Suggests: openscap-doc,
|
||||
Description: OpenScap Scanner Tool (oscap)
|
||||
OpenSCAP is a set of open source libraries providing an easier path
|
||||
for integration of the SCAP line of standards. SCAP is a line of
|
||||
@ -152,10 +166,14 @@ Description: OpenScap Scanner Tool (oscap)
|
||||
|
||||
Package: openscap-utils
|
||||
Architecture: linux-any
|
||||
Depends: openscap-scanner (= ${binary:Version}), ${python3:Depends},
|
||||
${shlibs:Depends}, ${misc:Depends}, rpm,
|
||||
Recommends: openscap-common (= ${binary:Version}),
|
||||
Description: OpenSCAP utilities
|
||||
Depends: openscap-scanner (= ${binary:Version}),
|
||||
rpm,
|
||||
${misc:Depends},
|
||||
${python3:Depends},
|
||||
${shlibs:Depends},
|
||||
Recommends: openscap-common (= ${source:Version}),
|
||||
Suggests: openscap-doc,
|
||||
Description: libraries enabling integration of the SCAP line of standards - Utility programs
|
||||
OpenSCAP is a set of open source libraries providing an easier path
|
||||
for integration of the SCAP line of standards. SCAP is a line of
|
||||
standards managed by NIST with the goal of providing a standard language
|
||||
@ -174,7 +192,10 @@ Description: OpenSCAP utilities
|
||||
|
||||
Package: openscap-common
|
||||
Architecture: all
|
||||
Multi-Arch: foreign
|
||||
Depends: ${misc:Depends},
|
||||
Breaks: libopenscap8 (<< 1.3.5),
|
||||
Replaces: libopenscap8 (<< 1.3.5),
|
||||
Description: OpenSCAP schema files
|
||||
OpenSCAP is a set of open source libraries providing an easier path
|
||||
for integration of the SCAP line of standards. SCAP is a line of
|
||||
@ -191,3 +212,25 @@ Description: OpenSCAP schema files
|
||||
* Open Vulnerability and Assessment Language (OVAL)
|
||||
.
|
||||
This package contains schema files.
|
||||
|
||||
Package: openscap-doc
|
||||
Section: doc
|
||||
Architecture: all
|
||||
Multi-Arch: foreign
|
||||
Depends: ${misc:Depends},
|
||||
Description: libraries enabling integration of the SCAP line of standards - Documentation
|
||||
OpenSCAP is a set of open source libraries providing an easier path
|
||||
for integration of the SCAP line of standards. SCAP is a line of
|
||||
standards managed by NIST with the goal of providing a standard language
|
||||
for the expression of Computer Network Defense related information.
|
||||
.
|
||||
The intended scope of this project is to implement working interface
|
||||
wrappers for parsing and querying SCAP content including:
|
||||
* Common Vulnerabilities and Exposures (CVE)
|
||||
* Common Configuration Enumeration (CCE)
|
||||
* Common Platform Enumeration (CPE)
|
||||
* Common Vulnerability Scoring System (CVSS)
|
||||
* Extensible Configuration Checklist Description Format (XCCDF)
|
||||
* Open Vulnerability and Assessment Language (OVAL)
|
||||
.
|
||||
This package contains documentation.
|
||||
|
@ -1,33 +1,211 @@
|
||||
This package was debianized by Pierre Chifflier <pollux@debian.org> on
|
||||
Thu, 02 Apr 2009 10:30:16 +0200.
|
||||
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
|
||||
Upstream-Name: openscap
|
||||
Source: https://github.com/OpenSCAP/openscap
|
||||
Files-Excluded: xsl/xccdf-resources
|
||||
|
||||
It was downloaded from http://www.open-scap.org/
|
||||
Files: *
|
||||
Copyright: 2008-2021 Red Hat Inc., Durham, North Carolina.
|
||||
License:LGPL-2.1+
|
||||
|
||||
Upstream Authors:
|
||||
Files: cmake/*
|
||||
Copyright: 2000-2016 Kitware, Inc.
|
||||
2000-2011 Insight Software Consortium
|
||||
License: BSD-3-clause
|
||||
|
||||
Peter Vrabec <pvrabec@redhat.com>
|
||||
Tomas Heinrich <theinric@redhat.com>
|
||||
Brandon Dixon <Brandon.Dixon@g2-inc.com>
|
||||
Brian Kolbay <Brian.Kolbay@g2-inc.com>
|
||||
Lukas Kuklinek <lkuklinek@redhat.com>
|
||||
Riley C. Porter <Riley.Porter@g2-inc.com>
|
||||
Dan Kopecek <dkopecek@redhat.com>
|
||||
Files: cmake/FindNSS.cmake
|
||||
Copyright: 2010, Ambroz Bizjak, <ambrop7@gmail.com>
|
||||
License: BSD-3-clause
|
||||
|
||||
Copyright:
|
||||
Files: cmake/FindPCRE.cmake
|
||||
Copyright: 2007-2009 LuaDist.
|
||||
License: expat
|
||||
|
||||
Copyright 2008 Red Hat Inc., Durham, North Carolina.
|
||||
Files: compat/dev_to_tty.c
|
||||
Copyright: 1998-2002 by Albert Cahalan
|
||||
License:LGPL-2.1+
|
||||
|
||||
License:
|
||||
Files: compat/strptime.c
|
||||
Copyright: 1996, 1997, 1998, 1999, 2000 Free Software Foundation, Inc.
|
||||
License: LGPL-3.0+
|
||||
|
||||
OpenSCAP is licensed under the GNU Lesser General Public License
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
Files: debian/*
|
||||
Copyright: 2009 Pierre Chifflier <pollux@debian.org>
|
||||
2020-2023 Håvard F. Aasen <havard.f.aasen@pfft.no>
|
||||
License: GPL-3
|
||||
|
||||
See `/usr/share/common-licenses/LGPL-2.1'.
|
||||
Files: schemas/common/xmldsig-core-schema.xsd
|
||||
Copyright: 2001 The Internet Society and W3C (Massachusetts Institute of
|
||||
Technology, Institut National de Recherche en Informatique
|
||||
et en Automatique, Keio University)
|
||||
License: W3C
|
||||
|
||||
The Debian packaging is:
|
||||
Files: schemas/sce/1.0/*
|
||||
Copyright: 2012-2017 Red Hat Inc., Durham, North Carolina.
|
||||
License: LGPL-2.1+ and expat
|
||||
|
||||
Copyright (C) 2009 Pierre Chifflier <pollux@debian.org>
|
||||
Files: utils/oscap_docker_python/get_cve_input.py
|
||||
utils/oscap_docker_python/__init__.py
|
||||
Copyright: 2015 Brent Baude <bbaude@redhat.com>
|
||||
License: LGPL-2.0+
|
||||
|
||||
and is licensed under the GPL version 3,
|
||||
see `/usr/share/common-licenses/GPL-3'.
|
||||
Files: utils/oscap_docker_python/oscap_docker_common.py
|
||||
utils/oscap_docker_python/oscap_docker_util_noatomic.py
|
||||
utils/oscap_docker_python/oscap_docker_util.py
|
||||
Copyright: 2015 Brent Baude <bbaude@redhat.com>
|
||||
2019 Dominique Blaze <contact@d0m.tech>
|
||||
License: LGPL-2.0+
|
||||
|
||||
Files: utils/oscap-remediate
|
||||
utils/oscap-remediate-offline
|
||||
Copyright: 2021 Red Hat Inc., Durham, North Carolina.
|
||||
License: GPL-2+
|
||||
|
||||
Files: yaml-filter/*
|
||||
Copyright: 2020 OpenSCAP
|
||||
License: expat
|
||||
|
||||
Files: yaml-filter/cmake/*
|
||||
Copyright: 2015-2017 RWTH Aachen University, Federal Republic of Germany
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: yaml-filter/tests/test-path-segments.c
|
||||
Copyright: 2020 Red Hat Inc., Durham, North Carolina.
|
||||
License: expat
|
||||
|
||||
License: BSD-3-clause
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
.
|
||||
* Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
.
|
||||
* Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
.
|
||||
* Neither the name of Kitware, Inc. nor the names of Contributors
|
||||
may be used to endorse or promote products derived from this
|
||||
software without specific prior written permission.
|
||||
.
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
License: expat
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
.
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
.
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
License: LGPL-2.0+
|
||||
This library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2 of the License, or (at your option) any later version.
|
||||
.
|
||||
This library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
.
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with this library; if not, write to the
|
||||
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
Boston, MA 02110-1301 USA
|
||||
|
||||
License: LGPL-2.1+
|
||||
This library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
.
|
||||
This library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
.
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with this library; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
|
||||
MA 02110-1301, USA.
|
||||
.
|
||||
See `/usr/share/common-licenses/LGPL-2.1'.
|
||||
|
||||
License: LGPL-3.0+
|
||||
See `/usr/share/common-licenses/LGPL-3'
|
||||
|
||||
License: GPL-2+
|
||||
See `/usr/share/common-licenses/GPL-2'
|
||||
|
||||
License: GPL-3
|
||||
See `/usr/share/common-licenses/GPL-3'
|
||||
|
||||
License: W3C
|
||||
By obtaining, using and/or copying this work, you (the licensee) agree
|
||||
that you have read, understood, and will comply with the following terms
|
||||
and conditions:
|
||||
.
|
||||
Permission to use, copy, modify, and distribute this software and its
|
||||
documentation, with or without modification, for any purpose and
|
||||
without fee or royalty is hereby granted, provided that you include the
|
||||
following on ALL copies of the software and documentation or portions
|
||||
thereof, including modifications, that you make:
|
||||
1. The full text of this NOTICE in a location viewable to users of the
|
||||
redistributed or derivative work.
|
||||
2. Any pre-existing intellectual property disclaimers, notices, or terms
|
||||
and conditions. If none exist, a short notice of the following form
|
||||
(hypertext is preferred, text is permitted) should be used within the
|
||||
body of any redistributed or derivative code: "Copyright C
|
||||
[$date-of-software] World Wide Web Consortium, (Massachusetts Institute
|
||||
of Technology, Institut National de Recherche en Informatique et en
|
||||
Automatique, Keio University). All Rights Reserved.
|
||||
http://www.w3.org/Consortium/Legal/"
|
||||
3. Notice of any changes or modifications to the W3C files, including the
|
||||
date changes were made. (We recommend you provide URIs to the location
|
||||
from which the code is derived.)
|
||||
.
|
||||
THIS SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS," AND COPYRIGHT HOLDERS
|
||||
MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
||||
LIMITED TO, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR
|
||||
PURPOSE OR THAT THE USE OF THE SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE
|
||||
ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
|
||||
.
|
||||
COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL OR
|
||||
CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE SOFTWARE OR
|
||||
DOCUMENTATION.
|
||||
.
|
||||
The name and trademarks of copyright holders may NOT be used in advertising
|
||||
or publicity pertaining to the software without specific, written prior
|
||||
permission. Title to copyright in this software and any associated
|
||||
documentation will at all times remain with copyright holders.
|
||||
.
|
||||
This formulation of W3C's notice and license became active on August 14 1998
|
||||
so as to improve compatibility with GPL. This version ensures that W3C
|
||||
software licensing terms are no more restrictive than GPL and consequently
|
||||
W3C software may be distributed in GPL packages. See the older formulation
|
||||
for the policy prior to this date. Please see our Copyright FAQ for common
|
||||
questions about using materials from our site, including specific terms and
|
||||
conditions for packages like libwww, Amaya, and Jigsaw. Other questions
|
||||
about this notice can be directed to site-policy@w3.org.
|
||||
|
@ -1,2 +0,0 @@
|
||||
usr/bin
|
||||
usr/sbin
|
@ -1,5 +1,3 @@
|
||||
[DEFAULT]
|
||||
debian-branch = master
|
||||
debian-tag = debian/%(version)s
|
||||
upstream-tag = upstream/%(version)s
|
||||
pristine-tar = True
|
||||
submodules = True
|
||||
|
@ -1,2 +1,2 @@
|
||||
usr/lib
|
||||
usr/include
|
||||
usr/lib
|
||||
|
@ -1,4 +1,3 @@
|
||||
docs/contribute
|
||||
docs/examples
|
||||
docs/manual
|
||||
docs/umbrello
|
||||
|
@ -1 +0,0 @@
|
||||
usr/share/javascript/jquery/jquery.js usr/share/doc/libopenscap-dev/html/jquery.js
|
2959
security/openscap/debian/deb_folder/libopenscap25.symbols
Normal file
2959
security/openscap/debian/deb_folder/libopenscap25.symbols
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,15 +0,0 @@
|
||||
Missing source files
|
||||
--------------------
|
||||
|
||||
OpenScap ships a minified jquery library for the documentation.
|
||||
|
||||
For Debian, all sources are required, so we grabbed the sources from the above
|
||||
project(s) or from the various upstream projects, and put them in the
|
||||
missin-sources directory.
|
||||
|
||||
Last synchronization was made with OpenScap version 1.2.3
|
||||
|
||||
Files: docs/html/jquery.js
|
||||
Project: jQuery 1.7.1
|
||||
URL http://code.jquery.com/jquery-1.7.1.js
|
||||
Source: jquery-1.7.1.js
|
File diff suppressed because it is too large
Load Diff
@ -1 +0,0 @@
|
||||
usr/share/doc/openscap/html
|
@ -0,0 +1,8 @@
|
||||
Document: openscap-api
|
||||
Title: OpenSCAP API documentation
|
||||
Abstract: Leverage the OpenSCAP Base C API for your application.
|
||||
Section: Programming/C
|
||||
|
||||
Format: HTML
|
||||
Index: /usr/share/doc/openscap/html/index.html
|
||||
Files: /usr/share/doc/openscap/html/*
|
@ -0,0 +1,11 @@
|
||||
Document: openscap-manual
|
||||
Title: OpenSCAP user manual
|
||||
Abstract: This documentation provides information about OpenSCAP and its most
|
||||
common operations. With OpenSCAP, you can check security configuration
|
||||
settings of a system, and examine the system for signs of a compromise by
|
||||
using rules based on standards and specifications.
|
||||
Section: System/Security
|
||||
|
||||
Format: HTML
|
||||
Index: /usr/share/doc/openscap/manual/manual.html
|
||||
Files: /usr/share/doc/openscap/manual/*
|
2
security/openscap/debian/deb_folder/openscap-doc.install
Normal file
2
security/openscap/debian/deb_folder/openscap-doc.install
Normal file
@ -0,0 +1,2 @@
|
||||
usr/share/doc/openscap/html
|
||||
usr/share/doc/openscap/manual
|
@ -1,3 +1 @@
|
||||
NEWS
|
||||
README*
|
||||
usr/share/doc/openscap/manual
|
||||
|
@ -1,2 +1,2 @@
|
||||
usr/bin/oscap
|
||||
etc/bash_completion.d/oscap usr/share/bash-completion/completions/
|
||||
usr/bin/oscap
|
||||
|
@ -1,8 +1,8 @@
|
||||
usr/bin/autotailor
|
||||
usr/bin/oscap-chroot
|
||||
usr/bin/oscap-docker
|
||||
usr/bin/oscap-podman
|
||||
usr/bin/oscap-run-sce-script
|
||||
usr/bin/oscap-ssh
|
||||
usr/bin/oscap-vm
|
||||
usr/bin/autotailor
|
||||
usr/bin/scap-as-rpm
|
||||
|
@ -1,7 +1,7 @@
|
||||
usr/share/man/man8/autotailor.8
|
||||
usr/share/man/man8/oscap-chroot.8
|
||||
usr/share/man/man8/oscap-docker.8
|
||||
usr/share/man/man8/oscap-podman.8
|
||||
usr/share/man/man8/oscap-ssh.8
|
||||
usr/share/man/man8/oscap-vm.8
|
||||
usr/share/man/man8/autotailor.8
|
||||
usr/share/man/man8/scap-as-rpm.8
|
||||
|
@ -1,18 +0,0 @@
|
||||
--- a/src/OVAL/probes/probe/icache.c
|
||||
+++ b/src/OVAL/probes/probe/icache.c
|
||||
@@ -497,6 +497,7 @@
|
||||
*/
|
||||
static int probe_cobj_memcheck(size_t item_cnt)
|
||||
{
|
||||
+#if !(defined(__FreeBSD__) || defined(__FreeBSD_kernel__))
|
||||
if (item_cnt > PROBE_RESULT_MEMCHECK_CTRESHOLD) {
|
||||
struct proc_memusage mu_proc;
|
||||
struct sys_memusage mu_sys;
|
||||
@@ -524,6 +525,7 @@
|
||||
return (1);
|
||||
}
|
||||
}
|
||||
+#endif
|
||||
|
||||
return (0);
|
||||
}
|
@ -1,8 +1,17 @@
|
||||
Index: openscap/swig/perl/CMakeLists.txt
|
||||
===================================================================
|
||||
--- openscap.orig/swig/perl/CMakeLists.txt
|
||||
+++ openscap/swig/perl/CMakeLists.txt
|
||||
@@ -20,7 +20,7 @@ if (APPLE OR (${CMAKE_SYSTEM_NAME} STREQ
|
||||
From: Philippe Thierry <philou@debian.org>
|
||||
Date: Wed, 20 Jul 2022 09:38:12 +0200
|
||||
Subject: _perlpm_install_fix
|
||||
|
||||
Forwarded: not-needed
|
||||
---
|
||||
swig/perl/CMakeLists.txt | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/swig/perl/CMakeLists.txt b/swig/perl/CMakeLists.txt
|
||||
index 057b365..59dc1fa 100644
|
||||
--- a/swig/perl/CMakeLists.txt
|
||||
+++ b/swig/perl/CMakeLists.txt
|
||||
@@ -20,7 +20,7 @@ if (APPLE OR (${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD"))
|
||||
DESTINATION ${CMAKE_INSTALL_DATADIR}/perl5/vendor_perl)
|
||||
else()
|
||||
install(TARGETS ${SWIG_MODULE_openscap_pm_REAL_NAME}
|
||||
|
@ -1,20 +0,0 @@
|
||||
Index: openscap/CMakeLists.txt
|
||||
===================================================================
|
||||
--- openscap.orig/CMakeLists.txt
|
||||
+++ openscap/CMakeLists.txt
|
||||
@@ -487,13 +487,13 @@ set(OSCAP_TEMP_DIR "/tmp" CACHE STRING "
|
||||
# see https://cmake.org/Wiki/CMake_RPATH_handling
|
||||
|
||||
# use, i.e. don't skip the full RPATH for the build tree
|
||||
-set(CMAKE_SKIP_BUILD_RPATH FALSE)
|
||||
+set(CMAKE_SKIP_BUILD_RPATH TRUE)
|
||||
|
||||
# when building, don't use the install RPATH already
|
||||
# (but later on when installing)
|
||||
set(CMAKE_BUILD_WITH_INSTALL_RPATH FALSE)
|
||||
|
||||
-set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR})
|
||||
+#set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR})
|
||||
|
||||
# add the automatically determined parts of the RPATH
|
||||
# which point to directories outside the build tree to the install RPATH
|
@ -0,0 +1,52 @@
|
||||
From: Evgeny Kolesnikov <ekolesni@redhat.com>
|
||||
Date: Thu, 28 Jul 2022 14:05:55 +0200
|
||||
Subject: OVAL/SEAP: Allocate aligned memory in SEXP_rawval_lblk_new
|
||||
|
||||
The lblk pointer is affected by 2-bit LSB magic SEAP uses
|
||||
for reference-counting. On 32-bit platforms it requires extra
|
||||
alignment.
|
||||
|
||||
Origin: upstream, https://github.com/OpenSCAP/openscap/commit/13e04d95e1ddee11c5b76336df83aea26d9ff065
|
||||
---
|
||||
src/OVAL/probes/SEAP/sexp-value.c | 14 ++++++++------
|
||||
1 file changed, 8 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/OVAL/probes/SEAP/sexp-value.c b/src/OVAL/probes/SEAP/sexp-value.c
|
||||
index b8b3ed6..baa2354 100644
|
||||
--- a/src/OVAL/probes/SEAP/sexp-value.c
|
||||
+++ b/src/OVAL/probes/SEAP/sexp-value.c
|
||||
@@ -106,8 +106,10 @@ uintptr_t SEXP_rawval_lblk_new (uint8_t sz)
|
||||
{
|
||||
_A(sz < 16);
|
||||
|
||||
- struct SEXP_val_lblk *lblk = malloc(sizeof(struct SEXP_val_lblk));
|
||||
- lblk->memb = malloc(sizeof(SEXP_t) * (1 << sz));
|
||||
+ struct SEXP_val_lblk *lblk = oscap_aligned_malloc(
|
||||
+ sizeof(struct SEXP_val_lblk),
|
||||
+ SEXP_LBLK_ALIGN);
|
||||
+ lblk->memb = malloc(sizeof(SEXP_t) * (1 << sz));
|
||||
|
||||
lblk->nxsz = ((uintptr_t)(NULL) & SEXP_LBLKP_MASK) | ((uintptr_t)sz & SEXP_LBLKS_MASK);
|
||||
lblk->refs = 1;
|
||||
@@ -517,8 +519,8 @@ void SEXP_rawval_lblk_free (uintptr_t lblkp, void (*func) (SEXP_t *))
|
||||
func (lblk->memb + lblk->real);
|
||||
}
|
||||
|
||||
- free(lblk->memb);
|
||||
- free(lblk);
|
||||
+ free(lblk->memb);
|
||||
+ oscap_aligned_free(lblk);
|
||||
|
||||
if (next != NULL)
|
||||
SEXP_rawval_lblk_free ((uintptr_t)next, func);
|
||||
@@ -539,8 +541,8 @@ void SEXP_rawval_lblk_free1 (uintptr_t lblkp, void (*func) (SEXP_t *))
|
||||
func (lblk->memb + lblk->real);
|
||||
}
|
||||
|
||||
- free(lblk->memb);
|
||||
- free(lblk);
|
||||
+ free(lblk->memb);
|
||||
+ oscap_aligned_free(lblk);
|
||||
}
|
||||
|
||||
return;
|
@ -0,0 +1,34 @@
|
||||
From: Jan Cerny <jcerny@redhat.com>
|
||||
Date: Thu, 27 Jan 2022 15:16:02 +0100
|
||||
Subject: [PATCH] Add a missing free
|
||||
|
||||
Addressing:
|
||||
Error: RESOURCE_LEAK (CWE-772): [#def4] [important]
|
||||
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2144: alloc_fn: Storage is returned from allocation function "oscap_htable_iterator_new".
|
||||
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2144: var_assign: Assigning: "rit" = storage returned from "oscap_htable_iterator_new(policy->rules)".
|
||||
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2145: noescape: Resource "rit" is not freed or pointed-to in "oscap_htable_iterator_has_more".
|
||||
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2146: noescape: Resource "rit" is not freed or pointed-to in "oscap_htable_iterator_next_key".
|
||||
openscap-1.3.6/src/XCCDF_POLICY/xccdf_policy.c:2150: leaked_storage: Variable "rit" going out of scope leaks the storage it points to.
|
||||
2148| oscap_seterr(OSCAP_EFAMILY_XCCDF,
|
||||
2149| "Rule '%s' not found in selected profile.", rule_id);
|
||||
2150|-> return NULL;
|
||||
2151| }
|
||||
2152| }
|
||||
|
||||
Origin: upstream, https://github.com/OpenSCAP/openscap/commit/6ef54336a018566a32f6a95177635ada7f20794e
|
||||
---
|
||||
src/XCCDF_POLICY/xccdf_policy.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/XCCDF_POLICY/xccdf_policy.c b/src/XCCDF_POLICY/xccdf_policy.c
|
||||
index b63853a38f..4d4b7ad0a1 100644
|
||||
--- a/src/XCCDF_POLICY/xccdf_policy.c
|
||||
+++ b/src/XCCDF_POLICY/xccdf_policy.c
|
||||
@@ -2147,6 +2147,7 @@ struct xccdf_result * xccdf_policy_evaluate(struct xccdf_policy * policy)
|
||||
if (oscap_htable_get(policy->rules_found, rule_id) == NULL) {
|
||||
oscap_seterr(OSCAP_EFAMILY_XCCDF,
|
||||
"Rule '%s' not found in selected profile.", rule_id);
|
||||
+ oscap_htable_iterator_free(rit);
|
||||
return NULL;
|
||||
}
|
||||
}
|
@ -0,0 +1,25 @@
|
||||
From: Håvard F. Aasen <havard.f.aasen@pfft.no>
|
||||
Date: Tue, 12 Jul 2022 08:18:04 +0200
|
||||
Subject: [PATCH] docs: Create Doxygen diagrams as svg
|
||||
|
||||
Forwarded: https://github.com/OpenSCAP/openscap/pull/1872
|
||||
---
|
||||
docs/Doxyfile.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/docs/Doxyfile.in b/docs/Doxyfile.in
|
||||
index 7a2e88601..ea85b4a21 100644
|
||||
--- a/docs/Doxyfile.in
|
||||
+++ b/docs/Doxyfile.in
|
||||
@@ -1316,7 +1316,7 @@ DIRECTORY_GRAPH = YES
|
||||
# generated by dot. Possible values are png, jpg, or gif
|
||||
# If left blank png will be used.
|
||||
|
||||
-DOT_IMAGE_FORMAT = png
|
||||
+DOT_IMAGE_FORMAT = svg
|
||||
|
||||
# The tag DOT_PATH can be used to specify the path where the dot tool can be
|
||||
# found. If left blank, it is assumed the dot tool can be found in the path.
|
||||
--
|
||||
2.35.1
|
||||
|
@ -0,0 +1,63 @@
|
||||
From: Håvard F. Aasen <havard.f.aasen@pfft.no>
|
||||
Date: Tue, 12 Jul 2022 07:29:02 +0200
|
||||
Subject: [PATCH] docs: Create diagrams when generating Doxygen documentation
|
||||
|
||||
If we enable documentation and CMake finds Doxygen and 'dot' in path,
|
||||
diagrams will be generated.
|
||||
|
||||
CMake searches for 'dot' at the same time as Doxygen.
|
||||
|
||||
'dot' is a tool found in graphviz.
|
||||
|
||||
Forwarded: https://github.com/OpenSCAP/openscap/pull/1872
|
||||
---
|
||||
CMakeLists.txt | 1 +
|
||||
docs/CMakeLists.txt | 6 ++++++
|
||||
docs/Doxyfile.in | 2 +-
|
||||
3 files changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||
index 61c57d7a3..45380539c 100644
|
||||
--- a/CMakeLists.txt
|
||||
+++ b/CMakeLists.txt
|
||||
@@ -469,6 +469,7 @@ message(STATUS " ")
|
||||
message(STATUS "Documentation:")
|
||||
message(STATUS "enabled: ${ENABLE_DOCS}")
|
||||
message(STATUS "doxygen: ${DOXYGEN_EXECUTABLE}")
|
||||
+message(STATUS "graphviz: ${DOXYGEN_DOT_EXECUTABLE}")
|
||||
message(STATUS "asciidoc: ${ASCIIDOC_EXECUTABLE}")
|
||||
|
||||
# ---------- PATHS
|
||||
diff --git a/docs/CMakeLists.txt b/docs/CMakeLists.txt
|
||||
index b8c5bc5ba..0a5e627c2 100644
|
||||
--- a/docs/CMakeLists.txt
|
||||
+++ b/docs/CMakeLists.txt
|
||||
@@ -8,6 +8,12 @@ if(ENABLE_DOCS)
|
||||
set(DOXYGEN_IN ${CMAKE_CURRENT_SOURCE_DIR}/Doxyfile.in)
|
||||
set(DOXYGEN_OUT ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile)
|
||||
|
||||
+ # configure for graphviz
|
||||
+ set(DOXYGEN_DIAGRAM "NO")
|
||||
+ if(DOXYGEN_DOT_FOUND)
|
||||
+ set(DOXYGEN_DIAGRAM "YES")
|
||||
+ endif()
|
||||
+
|
||||
# request to configure the file
|
||||
configure_file(${DOXYGEN_IN} ${DOXYGEN_OUT} @ONLY)
|
||||
|
||||
diff --git a/docs/Doxyfile.in b/docs/Doxyfile.in
|
||||
index f48a3e763..7a2e88601 100644
|
||||
--- a/docs/Doxyfile.in
|
||||
+++ b/docs/Doxyfile.in
|
||||
@@ -1220,7 +1220,7 @@ HIDE_UNDOC_RELATIONS = YES
|
||||
# toolkit from AT&T and Lucent Bell Labs. The other options in this section
|
||||
# have no effect if this option is set to NO (the default)
|
||||
|
||||
-HAVE_DOT = NO
|
||||
+HAVE_DOT = @DOXYGEN_DIAGRAM@
|
||||
|
||||
# By default doxygen will write a font called FreeSans.ttf to the output
|
||||
# directory and reference it in all dot files that doxygen generates. This
|
||||
--
|
||||
2.35.1
|
||||
|
@ -0,0 +1,40 @@
|
||||
From: jan Cerny <jcerny@redhat.com>
|
||||
Date: Thu, 27 Jan 2022 15:09:02 +0100
|
||||
Subject: [PATCH] Remove superfluous strdup
|
||||
|
||||
We can do this because xccdf_session_set_rule calls strdup on the rule
|
||||
parameter internally.
|
||||
|
||||
Addressing:
|
||||
|
||||
Error: RESOURCE_LEAK (CWE-772): [#def2] [important]
|
||||
openscap-1.3.6/build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4148: alloc_fn: Storage is returned from allocation function "strdup".
|
||||
openscap-1.3.6/build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4148: var_assign: Assigning: "n_rule" = storage returned from "strdup(rule)".
|
||||
openscap-1.3.6/build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4149: noescape: Resource "n_rule" is not freed or pointed-to in "xccdf_session_set_rule".
|
||||
openscap-1.3.6/build/swig/python3/CMakeFiles/_openscap_py.dir/openscapPYTHON_wrap.c:4150: leaked_storage: Variable "n_rule" going out of scope leaks the storage it points to.
|
||||
4148| char *n_rule = strdup(rule);
|
||||
4149| xccdf_session_set_rule(sess, n_rule);
|
||||
4150|-> }
|
||||
4151|
|
||||
4152| void xccdf_session_free_py(struct xccdf_session *sess){
|
||||
|
||||
Origin: upstream, https://github.com/OpenSCAP/openscap/commit/d3e7d5be1fcd55ef396de6070f877df0f2c2c58e
|
||||
---
|
||||
swig/openscap.i | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/swig/openscap.i b/swig/openscap.i
|
||||
index 2fe1cce99e..158a226757 100644
|
||||
--- a/swig/openscap.i
|
||||
+++ b/swig/openscap.i
|
||||
@@ -559,8 +559,7 @@ struct xccdf_session {
|
||||
};
|
||||
|
||||
void xccdf_session_set_rule_py(struct xccdf_session *sess, char *rule) {
|
||||
- char *n_rule = strdup(rule);
|
||||
- xccdf_session_set_rule(sess, n_rule);
|
||||
+ xccdf_session_set_rule(sess, rule);
|
||||
}
|
||||
|
||||
void xccdf_session_free_py(struct xccdf_session *sess){
|
||||
|
@ -0,0 +1,42 @@
|
||||
From: =?utf-8?b?IkjDpXZhcmQgRi4gQWFzZW4i?= <havard.f.aasen@pfft.no>
|
||||
Date: Sat, 30 Jul 2022 07:57:36 +0200
|
||||
Subject: run a minor testsuite
|
||||
|
||||
Forwarded: not-needed
|
||||
---
|
||||
tests/CMakeLists.txt | 16 ++++++++--------
|
||||
1 file changed, 8 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
|
||||
index ae8c4f2..fa78bd5 100644
|
||||
--- a/tests/CMakeLists.txt
|
||||
+++ b/tests/CMakeLists.txt
|
||||
@@ -22,20 +22,20 @@ endfunction()
|
||||
|
||||
configure_file("test_common.sh.in" "test_common.sh" @ONLY)
|
||||
|
||||
-add_subdirectory("API")
|
||||
+#add_subdirectory("API")
|
||||
add_subdirectory("bindings")
|
||||
-add_subdirectory("bz2")
|
||||
+#add_subdirectory("bz2")
|
||||
add_subdirectory("codestyle")
|
||||
-add_subdirectory("curl")
|
||||
+#add_subdirectory("curl")
|
||||
add_subdirectory("CPE")
|
||||
-add_subdirectory("DS")
|
||||
+#add_subdirectory("DS")
|
||||
add_subdirectory("mitre")
|
||||
-add_subdirectory("nist")
|
||||
+#add_subdirectory("nist")
|
||||
add_subdirectory("oscap_string")
|
||||
add_subdirectory("oval_details")
|
||||
-add_subdirectory("probes")
|
||||
-add_subdirectory("report")
|
||||
-add_subdirectory("sce")
|
||||
+#add_subdirectory("probes")
|
||||
+#add_subdirectory("report")
|
||||
+#add_subdirectory("sce")
|
||||
add_subdirectory("schemas")
|
||||
add_subdirectory("sources")
|
||||
add_subdirectory("utils")
|
@ -1,3 +1,9 @@
|
||||
011_remove_custom_rpath.patch
|
||||
010_perlpm_install_fix.patch
|
||||
001_fix_kfreebsd_probe.patch
|
||||
create-diagrams-when-generating-Doxygen-documen.patch
|
||||
create-Doxygen-diagrams-as-svg.patch
|
||||
update-whatis-entry.patch
|
||||
remove-superfluous-strdup.patch
|
||||
add-missing-free.patch
|
||||
OVAL-SEAP-Allocate-aligned-memory-in-SEXP_rawval_lblk_new.patch
|
||||
run-a-minor-testsuite.patch
|
||||
use-correct-includes.patch
|
||||
|
@ -0,0 +1,21 @@
|
||||
From: Håvard F. Aasen <havard.f.aasen@pfft.no>
|
||||
Date: Mon, 11 Jul 2022 08:40:52 +0200
|
||||
Subject: [PATCH] Update whatis entry
|
||||
|
||||
Origin: upstream, https://github.com/OpenSCAP/openscap/commit/39663ed27e175677260936a4670d79f1e536f132
|
||||
---
|
||||
utils/scap-as-rpm.8 | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/utils/scap-as-rpm.8 b/utils/scap-as-rpm.8
|
||||
index 3a41331eea..b871594c69 100644
|
||||
--- a/utils/scap-as-rpm.8
|
||||
+++ b/utils/scap-as-rpm.8
|
||||
@@ -1,6 +1,6 @@
|
||||
.TH scap-as-rpm "8" "November 2013" "scap-as-rpm" "System Administration Utilities"
|
||||
.SH NAME
|
||||
-scap-as-rpm \- manual page for scap-as-rpm
|
||||
+scap-as-rpm \- takes given SCAP input(s) and packs them in an RPM package
|
||||
.SH DESCRIPTION
|
||||
usage: scap\-as\-rpm [\-h] [\-\-pkg\-name PKG_NAME] [\-\-pkg\-version PKG_VERSION]
|
||||
.IP
|
@ -0,0 +1,57 @@
|
||||
From: =?utf-8?b?SmFuIMSMZXJuw70=?= <jcerny@redhat.com>
|
||||
Date: Tue, 24 May 2022 12:15:44 +0200
|
||||
Subject: Use correct includes
|
||||
|
||||
rpmvercmp is defined in rpm/rpmver.h
|
||||
risdigit is defined in rpm/rpmstring.h
|
||||
|
||||
Resolves: rhbz#2080210
|
||||
---
|
||||
cmake/FindRPM.cmake | 3 +++
|
||||
config.h.in | 1 +
|
||||
src/OVAL/results/oval_cmp_evr_string.c | 5 +++++
|
||||
3 files changed, 9 insertions(+)
|
||||
|
||||
diff --git a/cmake/FindRPM.cmake b/cmake/FindRPM.cmake
|
||||
index a666942..369d153 100644
|
||||
--- a/cmake/FindRPM.cmake
|
||||
+++ b/cmake/FindRPM.cmake
|
||||
@@ -30,6 +30,9 @@ set(RPM_VERSION ${RPM_PKGCONF_VERSION})
|
||||
if(RPM_VERSION)
|
||||
string(COMPARE GREATER "4.6" ${RPM_VERSION} RPM46_FOUND)
|
||||
string(COMPARE GREATER "4.7" ${RPM_VERSION} RPM47_FOUND)
|
||||
+ if(NOT (RPM_VERSION VERSION_LESS "4.18"))
|
||||
+ set(RPM418_FOUND 1)
|
||||
+ endif()
|
||||
endif()
|
||||
|
||||
# Set the include dir variables and the libraries and let libfind_process do the rest.
|
||||
diff --git a/config.h.in b/config.h.in
|
||||
index 1b72855..bb1428a 100644
|
||||
--- a/config.h.in
|
||||
+++ b/config.h.in
|
||||
@@ -44,6 +44,7 @@
|
||||
#cmakedefine HAVE_RPMVERCMP
|
||||
#cmakedefine RPM46_FOUND
|
||||
#cmakedefine RPM47_FOUND
|
||||
+#cmakedefine RPM418_FOUND
|
||||
|
||||
#cmakedefine BZIP2_FOUND
|
||||
|
||||
diff --git a/src/OVAL/results/oval_cmp_evr_string.c b/src/OVAL/results/oval_cmp_evr_string.c
|
||||
index 3bfc8ce..3ba0fa0 100644
|
||||
--- a/src/OVAL/results/oval_cmp_evr_string.c
|
||||
+++ b/src/OVAL/results/oval_cmp_evr_string.c
|
||||
@@ -37,7 +37,12 @@
|
||||
#include "common/_error.h"
|
||||
|
||||
#ifdef HAVE_RPMVERCMP
|
||||
+#ifdef RPM418_FOUND
|
||||
+#include <rpm/rpmver.h>
|
||||
+#include <rpm/rpmstring.h>
|
||||
+#else
|
||||
#include <rpm/rpmlib.h>
|
||||
+#endif
|
||||
#else
|
||||
#ifdef OS_WINDOWS
|
||||
#include <malloc.h>
|
@ -2,39 +2,50 @@
|
||||
# -*- makefile -*-
|
||||
|
||||
# Uncomment this to turn on verbose mode.
|
||||
export DH_VERBOSE=1
|
||||
#export DH_VERBOSE=1
|
||||
|
||||
export DEB_BUILD_MAINT_OPTIONS := hardening=+all
|
||||
|
||||
DEFAULTPY=$(shell py3versions -v -d)
|
||||
PYVERSIONS=$(shell py3versions -v -r)
|
||||
ALLPY=$(PYVERSIONS)
|
||||
PYVERS=$(shell py3versions --supported --version)
|
||||
PERL_VERSION:=$(shell perl -e 'my @ver=split /\./, sprintf("%vd", $$^V); print("$$ver[0].$$ver[1]");')
|
||||
CMAKE_OPTS=-DENABLE_DOCS=ON =DOEPNSCAP_PROBE_UNIX_GCONF=OFF -DGCONF_LIBRARY=
|
||||
CMAKE_OPTS = -DCMAKE_BUILD_RPATH_USE_ORIGIN=ON \
|
||||
-DENABLE_DOCS=ON \
|
||||
-DENABLE_PERL=ON \
|
||||
-DOPENSCAP_PROBE_UNIX_GCONF=OFF \
|
||||
-DGCONF_LIBRARY= \
|
||||
-DPERL_VERSION=$(PERL_VERSION) \
|
||||
-DPYTHON_EXECUTABLE=/usr/bin/python$$V
|
||||
|
||||
override_dh_auto_configure: $(ALLPY:%=override_dh_auto_configure-%)
|
||||
override_dh_auto_clean:
|
||||
for V in $(PYVERS); do \
|
||||
dh_auto_clean --builddir=build-py$$V ; \
|
||||
done
|
||||
|
||||
override_dh_auto_configure-%:
|
||||
dh_auto_configure -Bbuild-python-$* -- --enable-sce --enable-perl -DPERL_VERSION=$(PERL_VERSION) PYTHON=/usr/bin/python$* $(CMAKE_OPTS)
|
||||
override_dh_auto_configure:
|
||||
for V in $(PYVERS); do \
|
||||
dh_auto_configure --builddir=build-py$$V -- \
|
||||
$(CMAKE_OPTS) ; \
|
||||
done
|
||||
|
||||
override_dh_auto_build: $(ALLPY:%=override_dh_auto_build-%)
|
||||
override_dh_auto_build:
|
||||
for V in $(PYVERS); do \
|
||||
dh_auto_build --builddir=build-py$$V ; \
|
||||
done
|
||||
|
||||
override_dh_auto_build-%:
|
||||
dh_auto_build -Bbuild-python-$*
|
||||
override_dh_auto_install:
|
||||
# Move Python files to separate folders so they don't overwrite
|
||||
# each other at install time.
|
||||
for V in $(PYVERS); do \
|
||||
dh_auto_install --builddir=build-py$$V ; \
|
||||
mv ${CURDIR}/debian/tmp/usr/lib/python3 ${CURDIR}/debian/tmp/usr/lib/python$$V ; \
|
||||
chmod 0644 ${CURDIR}/debian/tmp/usr/lib/python$$V/dist-packages/openscap_py.py ; \
|
||||
chmod 0644 ${CURDIR}/debian/tmp/usr/lib/python$$V/dist-packages/openscap_api.py ; \
|
||||
done
|
||||
|
||||
override_dh_auto_install: $(ALLPY:%=override_dh_auto_install-%)
|
||||
find debian/tmp -name "*.la" -delete
|
||||
rm -f debian/libopenscap-dev/usr/share/doc/libopenscap-dev/html/jquery.js
|
||||
mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/perl5/$(PERL_VERSION)* debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/perl5/$(PERL_VERSION)
|
||||
chrpath -d debian/tmp/usr/bin/oscap
|
||||
chrpath -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libopenscap.so.*
|
||||
chrpath -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libopenscap_sce.so.*
|
||||
chrpath -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/perl5/5.*/openscap_pm.so
|
||||
chmod 0644 debian/tmp/usr/lib/python3/dist-packages/openscap_py.py
|
||||
chmod 0644 debian/tmp/usr/lib/python3/dist-packages/openscap_api.py
|
||||
|
||||
override_dh_auto_install-%:
|
||||
dh_auto_install -Bbuild-python-$* --destdir=debian/tmp
|
||||
$(RM) $(CURDIR)/debian/tmp/usr/share/doc/openscap/html/*.md5 \
|
||||
$(CURDIR)/debian/tmp/usr/share/doc/openscap/html/*.map
|
||||
|
||||
override_dh_strip:
|
||||
dh_strip -popenscap-scanner --dbgsym-migration='libopenscap8-dbg (<< 1.3.4-1.1~)'
|
||||
@ -42,8 +53,22 @@ override_dh_strip:
|
||||
dh_strip -ppython3-openscap --dbgsym-migration='libopenscap8-dbg (<< 1.3.4-1.1~)'
|
||||
dh_strip -plibopenscap-perl --dbgsym-migration='libopenscap8-dbg (<< 1.3.4-1.1~)'
|
||||
|
||||
override_dh_auto_clean:
|
||||
rm -rf build-*
|
||||
override_dh_python3:
|
||||
dh_python3 -popenscap-utils -ppython3-openscap --shebang=/usr/bin/python3
|
||||
|
||||
override_dh_installchangelogs:
|
||||
dh_installchangelogs NEWS
|
||||
|
||||
override_dh_auto_test:
|
||||
for V in $(PYVERS); do \
|
||||
dh_auto_test --builddir=build-py$$V ; \
|
||||
done
|
||||
|
||||
execute_before_dh_missing:
|
||||
$(RM) $(CURDIR)/debian/tmp/lib/systemd/system/oscap-remediate.service \
|
||||
$(CURDIR)/debian/tmp/usr/bin/oscap-remediate-offline \
|
||||
$(CURDIR)/debian/tmp/usr/libexec/oscap-remediate \
|
||||
$(CURDIR)/debian/tmp/usr/share/man/man8/oscap-remediate-offline.8
|
||||
|
||||
%:
|
||||
dh $@ --with python3
|
||||
|
@ -1,3 +0,0 @@
|
||||
# build from OpenSCAP xccdf ressources
|
||||
openscap source: source-is-missing xsl/xccdf-resources/openscap.js line length is 263 characters (>256)
|
||||
openscap source: source-is-missing xsl/xccdf-resources/bootstrap.min.js
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
Bug-Database: https://github.com/OpenSCAP/openscap/issues
|
||||
Bug-Submit: https://github.com/OpenSCAP/openscap/issues/new
|
||||
Repository: https://github.com/OpenSCAP/openscap.git
|
||||
Repository-Browse: https://github.com/OpenSCAP/openscap
|
||||
|
@ -1,2 +1,7 @@
|
||||
version=4
|
||||
opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/openscap-$1\.tar\.gz/ https://github.com/OpenSCAP/openscap/tags .*/v?(\d\S*)\.tar\.gz
|
||||
opts="\
|
||||
searchmode=plain, \
|
||||
repacksuffix=+dfsg, \
|
||||
dversionmangle=auto" \
|
||||
https://api.github.com/repos/OpenSCAP/openscap/releases \
|
||||
https://github.com/OpenSCAP/openscap/releases/download/\d[\.\d]*/openscap-@ANY_VERSION@.tar\.gz
|
||||
|
@ -1,11 +1,10 @@
|
||||
---
|
||||
debname: openscap
|
||||
debver: 1.3.5-1
|
||||
debver: 1.3.6+dfsg-6
|
||||
dl_path:
|
||||
name: openscap-1.3.5.tar.gz
|
||||
url: https://github.com/OpenSCAP/openscap/releases/download/1.3.5/openscap-1.3.5.tar.gz
|
||||
md5sum: 4725085cd876c952ca15de48b0bc340c
|
||||
sha256sum: 7c3e540b757fe35de15f21a849f1afa4d3776ee3279276ada4ddd3506c3679c2
|
||||
name: openscap-1.3.6.tar.gz
|
||||
url: https://github.com/OpenSCAP/openscap/releases/download/1.3.6/openscap-1.3.6.tar.gz
|
||||
sha256sum: 40634f2e27a542b112d2e3b374ebbef7e56af18a3d8ae78da2462ab0b1e4e6b7
|
||||
revision:
|
||||
dist: $STX_DIST
|
||||
PKG_GITREVCOUNT: True
|
||||
|
Loading…
Reference in New Issue
Block a user