testing/openscap: upgrade to 1.3.2

author: Leo <thinkabit.ukim@gmail.com> 2020-01-22 01:12:53 +0100
committer: Leo <thinkabit.ukim@gmail.com> 2020-01-22 01:23:01 +0100
commit: b3ab1bd2e90b049fd26c9526cec0d888893d42fa (patch)
tree: e7de0aec502d9c6780ae1ffc3d27fc7447e64f50 /testing
parent: 73785f5456576a862f24518ebcaf21527ae85fbf (diff)
download: aports-b3ab1bd2e90b049fd26c9526cec0d888893d42fa.tar.bz2
aports-b3ab1bd2e90b049fd26c9526cec0d888893d42fa.tar.xz
4 files changed, 4 insertions, 232 deletions
diff --git a/testing/openscap/0001-Handle-rpmVerifyFile-removal-in-rpm-4.15.patch b/testing/openscap/0001-Handle-rpmVerifyFile-removal-in-rpm-4.15.patch
deleted file mode 100644
index aa78a80064..0000000000
--- a/testing/openscap/0001-Handle-rpmVerifyFile-removal-in-rpm-4.15.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From e09334091d5678b666ea4e92d1a4b55838aa1a41 Mon Sep 17 00:00:00 2001
-From: Panu Matilainen <pmatilai@redhat.com>
-Date: Tue, 11 Jun 2019 16:12:55 +0300
-Subject: [PATCH 1/3] Handle rpmVerifyFile() removal in rpm >= 4.15
-
-Using rpmfiVerify() directly would be simpler but if upstream wants
-to preserve compatibility with older rpms...
----
- CMakeLists.txt                          |  1 +
- src/OVAL/probes/unix/linux/rpm-helper.c | 12 ++++++++++++
- src/OVAL/probes/unix/linux/rpm-helper.h |  5 +++++
- 3 files changed, 18 insertions(+)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 720d8d8eb..058319599 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -132,6 +132,7 @@ if(RPM_FOUND)
- 	check_library_exists("${RPM_LIBRARY}" headerFormat "" HAVE_HEADERFORMAT)
- 	check_library_exists("${RPMIO_LIBRARY}" rpmFreeCrypto "" HAVE_RPMFREECRYPTO)
- 	check_library_exists("${RPM_LIBRARY}" rpmFreeFilesystems "" HAVE_RPMFREEFILESYSTEMS)
-+	check_library_exists("${RPM_LIBRARY}" rpmVerifyFile "" HAVE_RPMVERIFYFILE)
- 	set(HAVE_RPMVERCMP 1)
- endif()
- 
-diff --git a/src/OVAL/probes/unix/linux/rpm-helper.c b/src/OVAL/probes/unix/linux/rpm-helper.c
-index bfb95c363..4d23cf202 100644
---- a/src/OVAL/probes/unix/linux/rpm-helper.c
-+++ b/src/OVAL/probes/unix/linux/rpm-helper.c
-@@ -32,6 +32,18 @@ int rpmErrorCb (rpmlogRec rec, rpmlogCallbackData data)
- }
- #endif
- 
-+#ifndef HAVE_RPMVERIFYFILE
-+int rpmVerifyFile(const rpmts ts, const rpmfi fi,
-+		rpmVerifyAttrs * res, rpmVerifyAttrs omitMask)
-+{
-+    rpmVerifyAttrs vfy = rpmfiVerify(fi, omitMask);
-+    if (res)
-+	*res = vfy;
-+
-+    return (vfy & RPMVERIFY_LSTATFAIL) ? 1 : 0;
-+}
-+#endif
-+
- void rpmLibsPreload()
- {
- 	// Don't load rpmrc files. The are useless for us,
-diff --git a/src/OVAL/probes/unix/linux/rpm-helper.h b/src/OVAL/probes/unix/linux/rpm-helper.h
-index 4e9af8702..f879a5a5b 100644
---- a/src/OVAL/probes/unix/linux/rpm-helper.h
-+++ b/src/OVAL/probes/unix/linux/rpm-helper.h
-@@ -87,6 +87,11 @@ int rpmErrorCb (rpmlogRec rec, rpmlogCallbackData data);
- #define DISABLE_PLUGINS(ts) rpmDefineMacro(NULL,"__plugindir \"\"", 0);
- #endif
- 
-+#ifndef HAVE_RPMVERIFYFILE
-+int rpmVerifyFile(const rpmts ts, const rpmfi fi,
-+                rpmVerifyAttrs * res, rpmVerifyAttrs omitMask);
-+#endif
-+
- /**
-  * Preload libraries required by rpm
-  * It destroy error callback!
--- 
-2.22.0
-
diff --git a/testing/openscap/0002-Refer-to-the-RPMVERIFY_-constants-instead-of-VERIFY_.patch b/testing/openscap/0002-Refer-to-the-RPMVERIFY_-constants-instead-of-VERIFY_.patch
deleted file mode 100644
index 4294235348..0000000000
--- a/testing/openscap/0002-Refer-to-the-RPMVERIFY_-constants-instead-of-VERIFY_.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 9db9474dd092a67e37af54a2eb898cea625a98cd Mon Sep 17 00:00:00 2001
-From: Panu Matilainen <pmatilai@redhat.com>
-Date: Tue, 11 Jun 2019 16:12:56 +0300
-Subject: [PATCH 2/3] Refer to the RPMVERIFY_* constants instead of VERIFY_*
- counterparts
-
-The RPMVERIFY_* values always refer to corresponding file verification
-attributes, which is what we're dealing with here. The VERIFY_*
-constants do not exist in all versions, and include things that
-do not make any sense at all for files anyway, such as VERIFY_DEPS
-and VERIFY_SCRIPT which are package-level operations and VERIFY_SIGNATURE
-and VERIFY_DIGEST which are not verify operations at all.
----
- src/OVAL/probes/unix/linux/rpmverify_probe.c  | 21 ++++++----------
- .../probes/unix/linux/rpmverifyfile_probe.c   | 25 +++++++++----------
- 2 files changed, 20 insertions(+), 26 deletions(-)
-
-diff --git a/src/OVAL/probes/unix/linux/rpmverify_probe.c b/src/OVAL/probes/unix/linux/rpmverify_probe.c
-index 07bd09d84..dbc9523ba 100644
---- a/src/OVAL/probes/unix/linux/rpmverify_probe.c
-+++ b/src/OVAL/probes/unix/linux/rpmverify_probe.c
-@@ -303,19 +303,14 @@ typedef struct {
- } rpmverify_bhmap_t;
- 
- const rpmverify_bhmap_t rpmverify_bhmap[] = {
--        { "nodeps",        (uint64_t)VERIFY_DEPS      },
--        { "nodigest",      (uint64_t)VERIFY_DIGEST    },
--        { "nofiles",       (uint64_t)VERIFY_FILES     },
--        { "noscripts",     (uint64_t)VERIFY_SCRIPT    },
--        { "nosignature",   (uint64_t)VERIFY_SIGNATURE },
--        { "nolinkto",      (uint64_t)VERIFY_LINKTO    },
--        { "nomd5",         (uint64_t)VERIFY_MD5       },
--        { "nosize",        (uint64_t)VERIFY_SIZE      },
--        { "nouser",        (uint64_t)VERIFY_USER      },
--        { "nogroup",       (uint64_t)VERIFY_GROUP     },
--        { "nomtime",       (uint64_t)VERIFY_MTIME     },
--        { "nomode",        (uint64_t)VERIFY_MODE      },
--        { "nordev",        (uint64_t)VERIFY_RDEV      },
-+        { "nolinkto",      (uint64_t)RPMVERIFY_LINKTO    },
-+        { "nomd5",         (uint64_t)RPMVERIFY_MD5       },
-+        { "nosize",        (uint64_t)RPMVERIFY_FILESIZE  },
-+        { "nouser",        (uint64_t)RPMVERIFY_USER      },
-+        { "nogroup",       (uint64_t)RPMVERIFY_GROUP     },
-+        { "nomtime",       (uint64_t)RPMVERIFY_MTIME     },
-+        { "nomode",        (uint64_t)RPMVERIFY_MODE      },
-+        { "nordev",        (uint64_t)RPMVERIFY_RDEV      },
-         { "noconfigfiles", RPMVERIFY_SKIP_CONFIG      },
-         { "noghostfiles",  RPMVERIFY_SKIP_GHOST       }
- };
-diff --git a/src/OVAL/probes/unix/linux/rpmverifyfile_probe.c b/src/OVAL/probes/unix/linux/rpmverifyfile_probe.c
-index d81728ebe..10fcdf8df 100644
---- a/src/OVAL/probes/unix/linux/rpmverifyfile_probe.c
-+++ b/src/OVAL/probes/unix/linux/rpmverifyfile_probe.c
-@@ -83,11 +83,10 @@ struct rpmverify_res {
- 	 * They all have the same value (1) - see 'rpm/rpmvf.h'.
- 	 */
- 	#define RPMVERIFY_FILEDIGEST RPMVERIFY_MD5
--	#define VERIFY_FILEDIGEST VERIFY_MD5
--	/* VERIFY_CAPS is not supported in older rpmlib.
-+	/* RPMVERIFY_CAPS is not supported in older rpmlib.
- 	 * We can set it to 0 because 0 is neutral to bit OR operation.
- 	 */
--	#define VERIFY_CAPS 0
-+	#define RPMVERIFY_CAPS 0
- #endif
- 
- #define RPMVERIFY_LOCK   RPM_MUTEX_LOCK(&g_rpm->mutex)
-@@ -423,18 +422,18 @@ typedef struct {
- } rpmverifyfile_bhmap_t;
- 
- const rpmverifyfile_bhmap_t rpmverifyfile_bhmap[] = {
--	{ "nolinkto",      (uint64_t)VERIFY_LINKTO    },
--	{ "nomd5",	 (uint64_t)VERIFY_MD5       }, // deprecated since OVAL 5.11.1
--	{ "nosize",	(uint64_t)VERIFY_SIZE      },
--	{ "nouser",	(uint64_t)VERIFY_USER      },
--	{ "nogroup",       (uint64_t)VERIFY_GROUP     },
--	{ "nomtime",       (uint64_t)VERIFY_MTIME     },
--	{ "nomode",	(uint64_t)VERIFY_MODE      },
--	{ "nordev",	(uint64_t)VERIFY_RDEV      },
-+	{ "nolinkto",      (uint64_t)RPMVERIFY_LINKTO    },
-+	{ "nomd5",	 (uint64_t)RPMVERIFY_MD5       }, // deprecated since OVAL 5.11.1
-+	{ "nosize",	(uint64_t)RPMVERIFY_FILESIZE      },
-+	{ "nouser",	(uint64_t)RPMVERIFY_USER      },
-+	{ "nogroup",       (uint64_t)RPMVERIFY_GROUP     },
-+	{ "nomtime",       (uint64_t)RPMVERIFY_MTIME     },
-+	{ "nomode",	(uint64_t)RPMVERIFY_MODE      },
-+	{ "nordev",	(uint64_t)RPMVERIFY_RDEV      },
- 	{ "noconfigfiles", RPMVERIFY_SKIP_CONFIG      },
- 	{ "noghostfiles",  RPMVERIFY_SKIP_GHOST       },
--	{ "nofiledigest", (uint64_t)VERIFY_FILEDIGEST },
--	{ "nocaps", (uint64_t)VERIFY_CAPS }
-+	{ "nofiledigest", (uint64_t)RPMVERIFY_FILEDIGEST },
-+	{ "nocaps", (uint64_t)RPMVERIFY_CAPS }
- };
- 
- int rpmverifyfile_probe_main(probe_ctx *ctx, void *arg)
--- 
-2.22.0
-
diff --git a/testing/openscap/0003-Drop-bogus-VERIFY_SIGNATURE-and-VERIFY_DIGEST-checks.patch b/testing/openscap/0003-Drop-bogus-VERIFY_SIGNATURE-and-VERIFY_DIGEST-checks.patch
deleted file mode 100644
index cc2be0ad3f..0000000000
--- a/testing/openscap/0003-Drop-bogus-VERIFY_SIGNATURE-and-VERIFY_DIGEST-checks.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From efd08dd9d8453583f1e801ddb5ac0af65cc86f69 Mon Sep 17 00:00:00 2001
-From: Panu Matilainen <pmatilai@redhat.com>
-Date: Tue, 11 Jun 2019 16:12:57 +0300
-Subject: [PATCH 3/3] Drop bogus VERIFY_SIGNATURE and VERIFY_DIGEST checks
-
-VERIFY_SIGNATURE and VERIFY_DIGEST are not independent verification
-checks, these checks are performed internally by rpm and failure in
-either will cause the entire header failing to load. These flags allow
-disabling that verification, but this doesn't make sense for openscap
-and doesn't work this way in rpm >= 4.15 anyway.
----
- .../probes/unix/linux/rpmverifypackage_probe.c     | 14 --------------
- 1 file changed, 14 deletions(-)
-
-diff --git a/src/OVAL/probes/unix/linux/rpmverifypackage_probe.c b/src/OVAL/probes/unix/linux/rpmverifypackage_probe.c
-index ed6c714d8..06059ae47 100644
---- a/src/OVAL/probes/unix/linux/rpmverifypackage_probe.c
-+++ b/src/OVAL/probes/unix/linux/rpmverifypackage_probe.c
-@@ -69,9 +69,7 @@ typedef struct {
- 
- const rpmverifypackage_bhmap_t rpmverifypackage_bhmap[] = {
- 	{ "nodeps",        (uint64_t)VERIFY_DEPS      , "--nodeps"},
--	{ "nodigest",      (uint64_t)VERIFY_DIGEST    , "--nodigest"},
- 	{ "noscripts",     (uint64_t)VERIFY_SCRIPT    , "--noscript"},
--	{ "nosignature",   (uint64_t)VERIFY_SIGNATURE , "--nosignature"}
- };
- 
- struct rpmverify_res {
-@@ -409,24 +407,12 @@ static int rpmverifypackage_additem(probe_ctx *ctx, struct rpmverify_res *res)
- 		probe_item_ent_add(item, "dependency_check_passed", NULL, value);
- 		SEXP_free(value);
- 	}
--	if (res->vflags & VERIFY_DIGEST) {
--		dI("VERIFY_DIGEST %d", res->vresults & VERIFY_DIGEST);
--		value = probe_entval_from_cstr(OVAL_DATATYPE_BOOLEAN, (res->vresults & VERIFY_DIGEST ? "1" : "0"), 1);
--		probe_item_ent_add(item, "digest_check_passed", NULL, value);
--		SEXP_free(value);
--	}
- 	if (res->vflags & VERIFY_SCRIPT) {
- 		dI("VERIFY_SCRIPT %d", res->vresults & VERIFY_SCRIPT);
- 		value = probe_entval_from_cstr(OVAL_DATATYPE_BOOLEAN, (res->vresults & VERIFY_SCRIPT ? "1" : "0"), 1);
- 		probe_item_ent_add(item, "verification_script_successful", NULL, value);
- 		SEXP_free(value);
- 	}
--	if (res->vflags & VERIFY_SIGNATURE) {
--		dI("VERIFY_SIGNATURE %d", res->vresults & VERIFY_SIGNATURE);
--		value = probe_entval_from_cstr(OVAL_DATATYPE_BOOLEAN, (res->vresults & VERIFY_SIGNATURE ? "1" : "0"), 1);
--		probe_item_ent_add(item, "signature_check_passed", NULL, value);
--		SEXP_free(value);
--	}
- 
- 	return probe_item_collect(ctx, item) == 2 ? 1 : 0;
- }
--- 
-2.22.0
-
diff --git a/testing/openscap/APKBUILD b/testing/openscap/APKBUILD
index 69352dd396..46735ddb28 100644
--- a/testing/openscap/APKBUILD
+++ b/testing/openscap/APKBUILD
@@ -1,8 +1,8 @@
 # Contributor: Francesco Colista <fcolista@alpinelinux.org>
 # Maintainer: Francesco Colista <fcolista@alpinelinux.org>
 pkgname=openscap
-pkgver=1.3.1
-pkgrel=7
+pkgver=1.3.2
+pkgrel=0
 pkgdesc="NIST Certified SCAP 1.2 toolkit"
 url="https://www.open-scap.org/tools/openscap-base/"
 arch="all"
@@ -17,9 +17,6 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-bash-completion:bashcomp:noarch"
 source="https://github.com/OpenSCAP/openscap/releases/download/$pkgver/openscap-$pkgver.tar.gz
 	fix-ppc64le-path_max.patch
 	path_mounted.patch
-	0001-Handle-rpmVerifyFile-removal-in-rpm-4.15.patch
-	0002-Refer-to-the-RPMVERIFY_-constants-instead-of-VERIFY_.patch
-	0003-Drop-bogus-VERIFY_SIGNATURE-and-VERIFY_DIGEST-checks.patch
 	"
 
 prepare() {
@@ -54,9 +51,6 @@ bashcomp() {
 		"$subpkgdir"/usr/share/bash-completion/completions/$pkgname
 }
 
-sha512sums="c42c59a19e3f71a4ef55daa82be7a2b66514dfe4a98b8e897a03d4785b25395a3508ff2457072d3ae123328a104cab054e64dcb52209ae77060542484439d859  openscap-1.3.1.tar.gz
+sha512sums="7f41c223d9ca1228a03cc4d16c4ee57279ec55954aa0c5b9d8fc602e267ab1fbd31bbb102fd556563a37091c3307e09487f0a85992eaf01d70b5812455ab0235  openscap-1.3.2.tar.gz
 70bcc718e473862ecac22752ad553c5a520e42207688960403e3d7b9caefc7868fc4d81379a07d3c50fdd9373caab5ac91f758f306d1e3d2bbf355618674b611  fix-ppc64le-path_max.patch
-f2157d6b1d31affe16edb184a287b69d28808123f1cc26a5a4238040d935517b307772b1f2d66271b8ee99b59a4d204930f9147b78478c83c36c7fc8718ec1d9  path_mounted.patch
-b95065c7bcb808fe85c971b1fc311f800a26a77391e7a652a3659ce0d5cb6bc89ea50d054d47a459078a9e6101ac44fb1fedc1e3cc84e101915b81f9b625cee5  0001-Handle-rpmVerifyFile-removal-in-rpm-4.15.patch
-dffa0244a20df1f7935ebbbf16f38a1d4e0db5ec770a47cd353d923abee8b9472cb6f380c5d022b27f50b59a9702bfd7ae943f17b9bfdd3634c921a939b7c76d  0002-Refer-to-the-RPMVERIFY_-constants-instead-of-VERIFY_.patch
-539d4e6bbed1a16724a103e6d72e9e468ef3babdd55e1aa13e8fdf3202982dd1a3c8e17a41f1656051d826dc125539b6dec89885a44bf90980b500b2f7d1143b  0003-Drop-bogus-VERIFY_SIGNATURE-and-VERIFY_DIGEST-checks.patch"
+f2157d6b1d31affe16edb184a287b69d28808123f1cc26a5a4238040d935517b307772b1f2d66271b8ee99b59a4d204930f9147b78478c83c36c7fc8718ec1d9  path_mounted.patch"
author	Leo <thinkabit.ukim@gmail.com>	2020-01-22 01:12:53 +0100
committer	Leo <thinkabit.ukim@gmail.com>	2020-01-22 01:23:01 +0100
commit	b3ab1bd2e90b049fd26c9526cec0d888893d42fa (patch)
tree	e7de0aec502d9c6780ae1ffc3d27fc7447e64f50 /testing
parent	73785f5456576a862f24518ebcaf21527ae85fbf (diff)
download	aports-b3ab1bd2e90b049fd26c9526cec0d888893d42fa.tar.bz2 aports-b3ab1bd2e90b049fd26c9526cec0d888893d42fa.tar.xz