Linux ns8.secondary29.go.th 2.6.32-754.28.1.el6.x86_64 #1 SMP Wed Mar 11 18:38:45 UTC 2020 x86_64
Apache/2.2.15 (CentOS)
: 122.154.134.11 | : 122.154.134.9
Cant Read [ /etc/named.conf ]
5.6.40
apache
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
usr /
share /
doc /
openscap-1.2.13 /
[ HOME SHELL ]
Name
Size
Permission
Action
AUTHORS
391
B
-rw-r--r--
COPYING
25.82
KB
-rw-r--r--
ChangeLog
1.23
MB
-rw-r--r--
NEWS
30.62
KB
-rw-r--r--
README.md
3.93
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : ChangeLog
Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 6 17:26:38 2016 -0500 Use the correct directory for output in nist_test.sh Don't dump results in root builddir Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 6 17:16:40 2016 -0500 Remove the forgotten R700 datastream from Makefile.am Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 6 17:07:41 2016 -0500 Added --outputdir to test_worker.py and started using it Also removed an unused function in test_worker.py Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 6 16:57:58 2016 -0500 Check the oscap return code in test_worker.py Might catch some more issues. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 6 16:54:32 2016 -0500 Removed the set_up and tear_down code from test_worker.py We don't add tests that require it to upstream test suite anyway. We can't rely on externalities. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 6 16:49:18 2016 -0500 Removed the R700 test from nist tests It relies on file outside of build dir and needs to be changed before we can include it. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 6 16:45:55 2016 -0500 Removed the dry-run functionality from test_worker.py We don't plan to use it in upstream test-suite. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 6 16:44:30 2016 -0500 Remove SCAPVal functionality from test_worker.py We don't need it in upstream because we don't plan to ship the Java based SCAPVal in upstream git anyway. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 6 16:26:15 2016 -0500 Fixed a misleading comment in nist_test.sh Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 6 15:52:06 2016 -0500 Double quote variables to prevent word splitting in nist_test.sh Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 6 15:35:18 2016 -0500 Use absolute builddir and srcdir in nist_test.sh Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 14:18:14 2016 +0100 Add Makefiles for NIST tests and integrate them to build system Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 14:17:07 2016 +0100 Add test harness for NIST validation test suite Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 13:55:38 2016 +0100 Add R3300 test Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 13:54:37 2016 +0100 Add R3010 test Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 13:53:33 2016 +0100 Add R3005 test Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 13:52:31 2016 +0100 Add R2940 test Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 13:51:33 2016 +0100 Add R2920 test Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 13:50:12 2016 +0100 Add R1200 test Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 13:46:37 2016 +0100 Add R1100 test Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 13:43:21 2016 +0100 Add R700 test Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 13:40:24 2016 +0100 Add R600 test Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 13:39:20 2016 +0100 Add R500 test Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 13:37:45 2016 +0100 Add ind_variable_test Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 13:34:36 2016 +0100 Add ind_unknown_test Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 30 13:32:27 2016 +0100 Add ind_family_test Author: Jan Černý <jcerny@redhat.com> Date: Thu Dec 1 12:39:29 2016 +0100 Merge pull request #596 from rsprudencio/maint-1.2-ds-verbose Added --verbose and --verbose-log-file to 'oscap ds rds-validate'. Author: Raphael Sanchez Prudencio <rsprudencio@gmail.com> Date: Wed Nov 30 17:16:31 2016 +0100 Merge pull request #602 from mpreisler/remove_arf_workaround_with_no_applicable_checks Remove the ARF schematron workaround when there are no applicable checks Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 29 13:41:36 2016 -0500 Changed XCCDF unit tests to reflect removal of the notchecked workaround See the parent commit. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 29 12:59:30 2016 -0500 Remove the ARF schematron workaround when there are no applicable checks The workaround helps with old ARF schematron issues, see http://making-security-measurable.1364806.n2.nabble.com/Xccdf-dev-xccdf-rule-result-element-properties-td7582721.html However it also causes issues in SCAPVal which expects no check elements in rule-result if none are applicable. Resolves issues with SCAPVal requirements 370-1 and 370-2. Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Tue Nov 29 10:19:20 2016 +0100 Added '[options]' to usage string in rds-validate. Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Mon Nov 28 18:27:41 2016 +0100 Added --verbose and --verbose-log-file to 'oscap ds rds-validate'. Author: Martin Preisler <martin@preisler.me> Date: Wed Nov 23 13:43:01 2016 -0500 Merge pull request #593 from rsprudencio/maint-1.2-sysinfo-docker Fixed a corner case when /etc/hostname is empty, now it sets Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 23 15:29:40 2016 +0100 Merge pull request #588 from rsprudencio/maint-1.2-improve-generate-fix Maint 1.2 improve generate fix Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Wed Nov 23 14:39:19 2016 +0100 Removed unneeded '&& true' from XCCDF applicability test scripts. Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Wed Nov 23 14:28:41 2016 +0100 Fixed a corner case when /etc/hostname is empty, now it sets sysinfo hostname to 'Unknown' instead of an empty string. Author: Watson Yuuma Sato <wsato@redhat.com> Date: Mon Nov 21 13:43:13 2016 +0100 Merge pull request #592 from rsprudencio/maint-1.2-sysinfo-coverity Fixed some warnings reported by Coverity in #590. Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 21 11:17:38 2016 +0100 Bump version after release Next release from the maint-1.2 branch will be 1.2.13. Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Mon Nov 21 10:57:01 2016 +0100 Fixed some warnings reported by Coverity in #590. Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Wed Nov 16 11:40:18 2016 +0100 Template misleading name is actually related to fix-system, so we check for it everytime the user provide a template. Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Wed Nov 16 11:20:55 2016 +0100 Fix XCCDF applicability make check-TEST, there were some semantics errors in 2 anaconda tests. Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 16 11:07:14 2016 +0100 openscap-1.2.12 Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 16 10:46:44 2016 +0100 Bump soname from 8.9.0 to 8.10.0 Two new symbols were added, no symbols were removed. Author: Martin Preisler <martin@preisler.me> Date: Tue Nov 15 09:40:38 2016 -0500 Merge pull request #574 from vvinay2/maint-1.2 Skip assessment_check, scanner and discovered-datetime while parsing the CVE entry Author: Raphael Sanchez Prudencio <rsprudencio@gmail.com> Date: Tue Nov 15 15:25:22 2016 +0100 Merge pull request #585 from mpreisler/export_win_namespaces Export OVAL windows namespaces as well Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Tue Nov 15 15:12:13 2016 +0100 Added --verbose support in 'oscap xccdf generate fix' Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Tue Nov 15 15:10:55 2016 +0100 Removed fix filtering by applicability, which was filtering fixes matching CPE for the running machine that might be different from the scanned one. Author: Jan Černý <jcerny@redhat.com> Date: Tue Nov 15 14:57:02 2016 +0100 Merge pull request #586 from mpreisler/replace_old_arfrel_ns Replace old arfrel ns Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 15 08:13:30 2016 -0500 Fixed the rountrip OVAL results serialization test, it was missing the win NS Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 15 07:51:57 2016 -0500 Added a comment about arfrel deprecation to rds_index.c Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 15 07:49:43 2016 -0500 NIST SP800-126 errata unified namespaces for arf vocabulary, let's use the new variant Resolves: WARN : SCHEMATRON - [G2.R3010.results_arf.xml] NIST SP800-126 errata has updated the "arf-rel" namespace to http://scap.nist.gov/specifications/arf/vocabulary/relationships/1.0# The original namespace of http://scap.nist.gov/vocabulary/arf/relationships/1.0# has been detected. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 15 07:16:12 2016 -0500 Export OVAL windows namespaces as well This fixes validation issues with CPE OVALs that check for multiple platforms. Author: Jan Černý <jcerny@redhat.com> Date: Tue Nov 15 13:13:19 2016 +0100 Merge pull request #584 from mpreisler/segfault_fix_oval_ocil_mappings Create XCCDf session result maps even when no oval agents are set Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 15 05:39:23 2016 -0500 Create XCCDf session result maps even when no oval agents are set Resolves: Program received signal SIGSEGV, Segmentation fault. oscap_htable_lookup (htable=0x0, key=0x14c3470 "r3300-OCIL.xml") at list.c:441 0 oscap_htable_lookup (htable=0x0, key=0x14c3470 "r3300-OCIL.xml") at list.c:441 1 0x00007ffff7b285d9 in oscap_htable_get (htable=<optimized out>, key=<optimized out>) at list.c:495 2 0x00007ffff7b3206d in ds_rds_report_inject_check_content_ref (arf_report_mapping=0x0, check_content_ref=0x14c05a0) at rds.c:460 3 ds_rds_report_inject_rule_result_check_refs (doc=<optimized out>, rule_result=0x14bfbc0, arf_report_mapping=0x0) at rds.c:483 4 ds_rds_report_inject_rule_result_refs (doc=<optimized out>, test_result_node=<optimized out>, arf_report_mapping=0x0) at rds.c:499 5 ds_rds_report_inject_refs (report=report@entry=0x14bcb10, asset_id=asset_id@entry=0x14c2bc0 "asset0", arf_report_mapping=arf_report_mapping@entry=0x0, doc=<optimized out>) at rds.c:585 6 0x00007ffff7b32a35 in ds_rds_add_xccdf_test_results ( report_request_id=0x7ffff7b9830c "collection1", arf_report_mapping=0x0, assets=0x1498300, relationships=0x14980c0, xccdf_result_file_doc=0x1474db0, reports=0x14b8830, doc=0x1497d80) at rds.c:658 7 ds_rds_create_from_dom (arf_report_mapping=0x0, oval_result_mapping=0x0, oval_result_sources=0x0, xccdf_result_file_doc=0x1474db0, sds_doc=<optimized out>, ret=<synthetic pointer>) at rds.c:723 8 ds_rds_create_source (sds_source=<optimized out>, xccdf_result_source=<optimized out>, oval_result_sources=0x0, oval_result_mapping=0x0, arf_report_mapping=0x0, target_file=0x1473cb0 "benchmark1.results_arf.xml") at rds.c:757 9 0x00007ffff7b8b16c in xccdf_session_create_arf_source (session=0x61ca80) at xccdf_session.c:229 10 0x00007ffff7b8cf25 in xccdf_session_create_arf_source (session=0x61ca80) at xccdf_session.c:1446 11 xccdf_session_export_arf (session=session@entry=0x61ca80) at xccdf_session.c:1428 12 0x000000000040beb0 in app_evaluate_xccdf (action=0x7fffffffde90) at oscap-xccdf.c:523 13 0x0000000000408120 in oscap_module_call (action=0x7fffffffde90) at oscap-tool.c:261 14 oscap_module_process (module=0x6154e0 <XCCDF_EVAL>, module@entry=0x614a60 <OSCAP_ROOT_MODULE>, argc=argc@entry=8, argv=argv@entry=0x7fffffffe128) at oscap-tool.c:346 15 0x00000000004071bf in main (argc=8, argv=0x7fffffffe128) at oscap.c:80 Author: Martin Preisler <martin@preisler.me> Date: Mon Nov 14 14:26:04 2016 -0500 Merge pull request #583 from jan-cerny/fix_complex_check_in_arf_results Fix injecting references to check-content-ref@href Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 14 18:58:35 2016 +0100 Fix injecting references to check-content-ref@href This enables to reference OVAL results in arf:report if the XCCDF rule contains xccdf:complex-check. Previously xccdf:complex-check were ignored. Author: Martin Preisler <martin@preisler.me> Date: Mon Nov 14 04:35:20 2016 -0500 Merge pull request #582 from jan-cerny/fix_arf_scapval_errors Fix invalid ARF results Author: Watson Yuuma Sato <wsato@redhat.com> Date: Fri Nov 11 17:57:52 2016 +0100 Merge pull request #567 from mpreisler/sds_schematron_version Changed sds schematron-version attribute to the latest, 1.2 Author: Jan Černý <jcerny@redhat.com> Date: Fri Nov 11 13:03:33 2016 +0100 Add const modifiers on some variables Author: Jan Černý <jcerny@redhat.com> Date: Fri Nov 11 12:59:21 2016 +0100 Remove an outdated comment Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 10 22:57:06 2016 +0100 Fix invalid free function Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 10 22:00:02 2016 +0100 Inject references to arf:report in xccdf:check-content-ref We have to replace the check-content-ref@href attribute. Originally it contains refernce to OVAL definitions. Instead, we need to put there ID of arf:report element that conatins OVAl result document with evaluation results for the referenced OVAl check. Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 10 21:57:43 2016 +0100 Pass arf:report IDs into ds_rds_report_inject_refs Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 10 21:55:44 2016 +0100 Pass arf:report IDs to ds_rds_add_xccdf_test_results We will need soon arf:report IDs to use them in xccdf:check-content-ref@href attribute. Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 10 21:33:37 2016 +0100 Use ARF report ID while creating ARF report Instead of XCCDF Benchmark ID, we will put the real OVAL results ID as ARF report ID. This will allow us to reference the part of ARF report conataining OVAL results. We will use this ID in xccdf:rule-result/check-content-ref@href attribute. We need to figure out which OVAL results corresponds with which OVAL definitions document, so we use the mapping hash tables we created and passed in previous commits. Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 10 21:20:04 2016 +0100 Pass the mappings to ds_rds_create_source Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 10 16:48:31 2016 +0100 Populate results_mapping and arf_report_mapping with data Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 10 14:17:55 2016 +0100 Add mappings of OVAL filename into XCCDF session This commit adds two new hash tables that will contain mapping from OVAL definitions filename to ARF report ID and OVAL results filename. Author: Martin Preisler <martin@preisler.me> Date: Tue Nov 8 10:57:42 2016 -0500 Merge pull request #578 from OpenSCAP/revert-575-maint-1.2-add-rhel-computenode-cpe Revert "RHEL 6 ComputeNode CPE and RHEL 7 ComputeNode CPE" Author: Watson Yuuma Sato <wsato@redhat.com> Date: Tue Nov 8 15:41:33 2016 +0100 Revert "RHEL 6 ComputeNode CPE and RHEL 7 ComputeNode CPE" Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 8 05:18:03 2016 -0500 Merge branch 'maint-1.0' into maint-1.2 Author: Martin Preisler <martin@preisler.me> Date: Mon Nov 7 12:29:23 2016 -0500 Merge pull request #577 from rsprudencio/maint-1.0-spb_pick_refactor Small refactor in spb_pick() fix when size == 0, just return Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Mon Nov 7 17:51:30 2016 +0100 Small refactor in spb_pick() fix when size == 0, just return right away instead of getting inside of copy block. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Nov 7 10:24:45 2016 -0500 Merge branch 'maint-1.0' into maint-1.2 Author: Martin Preisler <martin@preisler.me> Date: Mon Nov 7 10:24:22 2016 -0500 Merge pull request #576 from rsprudencio/maint-1.0-sexp_parser_issue Fixed spb_pick() to add 0 sized S-Expression even if our Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Mon Nov 7 14:16:59 2016 +0100 Fixed spb_pick() to add 0 sized S-Expression even if our position index points to end of the string. Author: Raphael Sanchez Prudencio <rsprudencio@gmail.com> Date: Mon Nov 7 13:20:46 2016 +0100 Merge pull request #560 from radzy/20161019-osrelease-singoovi Update is_wrlinux to check /etc/os-release Author: Martin Preisler <martin@preisler.me> Date: Mon Nov 7 05:55:24 2016 -0500 Merge pull request #575 from yuumasato/maint-1.2-add-rhel-computenode-cpe RHEL 6 ComputeNode CPE and RHEL 7 ComputeNode CPE Author: Watson Sato <wsato@redhat.com> Date: Mon Nov 7 07:44:43 2016 +0100 RHEL 6 ComputeNode CPE and RHEL 7 ComputeNode CPE Adding definitions to openscap-shipped CPE dictionary. Related to rhbz#1311054. Author: V Vinay <vvinay@hpe.com> Date: Mon Nov 7 11:07:36 2016 +0530 Skip assessment_check, scanner and discovered-datetime while parsing the CVE entry Skip assessment_check, scanner and discovered-datetime while parsing the CVE entry Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Nov 4 12:51:18 2016 -0400 Merge branch 'maint-1.0' into maint-1.2 Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Nov 4 12:50:25 2016 -0400 Remove author and date info from manual.adoc It's very challenging to keep it up to date. Please use git to get the list of contributors and latest changed date. Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 2 17:03:06 2016 +0100 Fix shebangs /usr/bin/bash is not present on every system, eg. RHEL6. Let's replace these with a more universal /bin/bash. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 27 14:38:59 2016 -0400 Change @style from SCAP_1.1 to SCAP_1.2 when converting XCCDF from 1.1 to 1.2 Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 2 13:37:20 2016 +0100 Merge pull request #572 from OpenSCAP/html_guide_anchors Add [ref] links to HTML guide Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 1 19:59:49 2016 -0400 Provide [ref] links next to xccdf Rules as well. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 1 19:57:24 2016 -0400 Provide a [ref] link next to group titles in HTML guide This way users can right click and copy link. This link will go to that XCCDF group. This is a very practical way to reference XCCDF groups. Author: Martin Preisler <martin@preisler.me> Date: Tue Nov 1 12:16:48 2016 -0400 Merge pull request #569 from yuumasato/maint-1.2-fix-leak-tailoring_source Fixing a resource leak reported by coverity scan Author: T.O. Radzy Radzykewycz <radzy@windriver.com> Date: Wed Oct 19 16:54:38 2016 -0700 Update is_wrlinux to check /etc/os-release Instead of checking the presence of /etc/wrlinux-release, we open /etc/os-release and check for the CPE_NAME entry. Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com> Author: Martin Preisler <martin@preisler.me> Date: Tue Nov 1 10:28:41 2016 -0400 Merge pull request #559 from rsprudencio/maint-1.2-offline-sysinfo Temporary fix to remove the need of environment variables Author: Watson Sato <wsato@redhat.com> Date: Tue Nov 1 15:14:38 2016 +0100 Fixing a resource leak reported by coverity scan Memory allocated by oscap_source_new_from_xmlDoc() to tailoring_source was not freed. The fix relies on the fact that freeing an oscap_source also frees the xmlDoc used in its creation. Author: Martin Preisler <martin@preisler.me> Date: Tue Nov 1 09:43:14 2016 -0400 Merge pull request #561 from jan-cerny/issue475 Issue#475: RHBZ#1387248: Fix oscap-docker reporting incompliance Author: Jan Černý <jcerny@redhat.com> Date: Mon Oct 24 10:30:07 2016 +0200 Issue#475: RHBZ#1387248: Fix oscap-docker reporting incompliance Compliance scan of a Docker image/container using oscap-docker reported incorrectly that there had been an error even if scan had been successful but incompliance of the assessed system had been found. Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Tue Nov 1 10:09:20 2016 +0100 Fixed free logic making it more simple in system_info probe. Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Mon Oct 31 18:31:56 2016 +0100 Added support for POSIX Regex in system_info probe. Refactored the code to move regex compilation outside loops. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 27 15:24:30 2016 -0400 Changed sds schematron-version attribute to the latest, 1.2 Author: Jan Černý <jcerny@redhat.com> Date: Thu Oct 20 15:25:03 2016 +0200 RHBZ#1387166: Fix oscap-docker man page inconsistence Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Thu Oct 20 09:55:13 2016 +0200 Fixed file descriptors leak in offline system_info probe. Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Wed Oct 19 17:07:54 2016 +0200 Temporary fix to remove the need of environment variables to feed system_info for chroot/vm scans, it currently relies on the use of grub2. Small change in system_info probe logic, it doesn't fail if it was not possible to collect system_info, it reports as "Unknown" OS name/version/arch and hostname. Author: Zbyněk Moravec <moraveczbynek@gmail.com> Date: Wed Oct 19 15:08:01 2016 +0200 Merge pull request #555 from mpreisler/sce_separate_stderr Separate stderr from stdout in SCE Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 14 19:44:36 2016 +0200 Bump version after release Next version from the maint-1.2 branch will be 1.2.12. Author: Jan Černý <jcerny@redhat.com> Date: Thu Oct 13 16:24:40 2016 +0200 openscap-1.2.11 Author: Jan Černý <jcerny@redhat.com> Date: Thu Oct 13 16:15:21 2016 +0200 Bump soname from 8.8.1 to 8.9.0 6 symbols were added, no symbols were removed. Author: Martin Preisler <martin@preisler.me> Date: Thu Oct 13 15:27:03 2016 -0400 Merge pull request #556 from ybznek/maint-1.2 Print error message if oscap loads bz2 files and doesn't support them Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Oct 13 20:14:41 2016 +0200 Print error if oscap doesn't support bz2 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Oct 13 20:04:14 2016 +0200 benchmark.c: fix indentation (fix GCC hint) Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 13 14:00:25 2016 -0400 Fixed comment in SCE engine Indentation and mention that we now use 2 separate pipes Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 13 13:59:41 2016 -0400 Fix error checking when opening the SCE stderr pipe Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 13 13:58:15 2016 -0400 Add optional stderr element to SCE result schema It's optional so that SCE results generated in older versions of OpenSCAP validate with newer versions of OpenSCAP. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 13 12:09:29 2016 -0400 Use the separate stderr SCE result in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 13 12:04:12 2016 -0400 Don't interleave stdout and stderr, separate them in SCE Author: Jan Černý <jcerny@redhat.com> Date: Thu Oct 13 13:44:27 2016 +0200 Merge branch 'maint-1.0' into maint-1.2 Author: Zbyněk Moravec <moraveczbynek@gmail.com> Date: Mon Oct 10 14:24:37 2016 +0200 Merge pull request #552 from GautamSatish/update_suse11_cpe Update SUSE 11 CPE Author: Jan Černý <jcerny@redhat.com> Date: Mon Oct 10 13:41:58 2016 +0200 Merge pull request #553 from rsprudencio/maint-1.0-fix-arithmetic Fix a bug in Arithmetic complex function Author: Raphael Sanchez Prudencio <rsprudencio@redhat.com> Date: Thu Oct 6 18:25:48 2016 +0200 Fix a bug in Arithmetic complex function, it was not following specification, it should attempt to cast a value to correct type before reporting an error. Author: Gautam Satish <gautams@hpe.com> Date: Wed Oct 5 21:26:14 2016 -0700 Update SUSE 11 CPE Author: Zbyněk Moravec <moraveczbynek@gmail.com> Date: Wed Oct 5 15:54:07 2016 +0200 Merge pull request #551 from ybznek/maint-1.2-remediation-report xccdf-share.xsl: HTML report - fix empty table Author: Zbyněk Moravec <moraveczbynek@gmail.com> Date: Wed Oct 5 15:08:46 2016 +0200 Merge pull request #549 from jan-cerny/tailoring_external_datastream Add support for tailoring of external datastreams Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Oct 5 14:58:06 2016 +0200 xccdf-share.xsl: HTML report - fix empty table If these attributes are not provided we don't want to print empty table. Author: Jan Černý <jcerny@redhat.com> Date: Tue Oct 4 15:34:34 2016 +0200 Add support for tailoring of external datastreams Author: Martin Preisler <martin@preisler.me> Date: Mon Oct 3 13:54:04 2016 -0400 Merge pull request #547 from ybznek/maint-1.2-tailor2 enable oscap oval eval --fetch-remote-resources + cleanup Author: Martin Preisler <martin@preisler.me> Date: Mon Oct 3 13:52:30 2016 -0400 Merge pull request #548 from ybznek/maint-1.2-remediation-report xccdf report: Add fix attributes Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Oct 3 14:56:43 2016 +0200 xccdf report: Add fix attributes Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Oct 3 11:23:51 2016 +0200 ds_sds_session_set_remote_resources() set default callback instead of NULL Like nullobject design pattern Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Oct 3 11:15:31 2016 +0200 download_reporting_callback: Print always to stderr Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Oct 3 10:31:44 2016 +0200 move xccdf_download_cb.h => oscap_download_cb.h Download CB isn't related to XCCDF Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Oct 3 10:25:28 2016 +0200 Deduplicate reporting_callback Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Oct 3 10:01:55 2016 +0200 Enable oscap oval eval --fetch-remote-resources Author: Martin Preisler <martin@preisler.me> Date: Thu Sep 29 12:42:01 2016 -0400 Merge pull request #546 from redhatrises/add_puppet_report Add puppet to report generation Author: Gabe <redhatrises@gmail.com> Date: Thu Sep 29 09:19:10 2016 -0600 Add puppet to report generation Author: Jan Černý <jcerny@redhat.com> Date: Thu Sep 29 16:53:40 2016 +0200 Merge pull request #534 from ybznek/maint-1.2-tailor2 Add support for external (http) components Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Sep 29 15:13:49 2016 +0200 sds.c: Add Warning prefix Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Sep 29 15:12:41 2016 +0200 sds.c: Fix indentation Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Sep 29 14:39:09 2016 +0200 sds.c: Workaround for multiple components We weren't checking return values of caller functions, so we ignored return value & error state. In previous commits I started to check return values, but it broke some use cases. So rather then ignore all error states, we will ignore only error caused by adding already added component. https://github.com/OpenSCAP/openscap/issues/545 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Sep 29 13:18:27 2016 +0200 sds.c: fix return value Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 26 15:27:16 2016 +0200 oscap ds sds-split: enable --fetch-remote-resources Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 26 14:16:39 2016 +0200 man: Add --fetch-remote-resources to info Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 26 14:16:05 2016 +0200 bash completion: Add --fetch-remote-resources to info Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 26 13:38:21 2016 +0200 sds.c: Always exit oscap if cannot fetch remote resources Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 26 13:34:03 2016 +0200 sds.c: Reduce scope of variables Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 26 13:25:21 2016 +0200 Fix english Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 26 13:19:56 2016 +0200 sds.c: Fix output for workbench Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 26 13:19:05 2016 +0200 sds.c: Add "\n" after ok/error status Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Sep 21 10:10:46 2016 +0200 oscap_acquire_url_download: Enable redirect We need it for certification R2910 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Sep 21 09:50:39 2016 +0200 rename function ds_sds_dump_component -> ds_sds_dump_local_component Currently we have ...dump_remote_component, ...dump_file_component. Renaming should make name more explicit Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 19 15:08:12 2016 +0200 oscap-info: Add support for --fetch-remote-resources Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 19 14:33:54 2016 +0200 DS: improve downloading status Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 19 13:16:48 2016 +0200 Download callback: cleanup Use "null object" design pattern & merge two same types Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 19 09:24:15 2016 +0200 sds.c: Print warning if --fetch-remote-resources is not allowed Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 20:43:54 2016 +0200 sds.c: Allow to download external content (http) Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 20:20:51 2016 +0200 sds.c: Introduce ds_sds_dump_component_by_href Move part of function to this function Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 20:02:11 2016 +0200 sds.c: Remove "filename" parameter ds_sds_dump_component() Function doesn't need to support loading of files, yet. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 20:00:38 2016 +0200 sds.c: Refactoring: use ds_sds_dump_file_component Start to use function introduced in previous commit Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 19:58:56 2016 +0200 sds.c: Refactoring: create compose_target_filename_dirname Move part of function to another function Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 19:52:56 2016 +0200 sds.c: Refactoring: create ds_sds_dump_file_component Currently not used - similar to ds_sds_dump_component Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 19:42:13 2016 +0200 sds.c: Refactoring: create ds_sds_get_component_root_by_id move part of function to another function Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 19:36:52 2016 +0200 sds.c: Refactoring: ds_sds_register_component Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 19:27:17 2016 +0200 sds.c: Refactoring: create ds_sds_register_xmlDoc Move part of function to another function Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 19:22:13 2016 +0200 sds.c: Refactoring: create ds_sds_register_sce Move part of function to another function Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 17:23:40 2016 +0200 sds.c: Refactoring: create ds_sds_register_component Move part of function to separate function Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 26 16:00:29 2016 -0400 Merge branch 'maint-1.0' into maint-1.2 Author: Martin Preisler <martin@preisler.me> Date: Mon Sep 26 14:53:10 2016 -0400 Merge pull request #536 from jan-cerny/tailoring_fix Support tailoring of a checklist located in a different datastream Author: Jan Černý <jcerny@redhat.com> Date: Mon Sep 26 15:44:14 2016 +0200 Fix memory leaks Author: Jan Černý <jcerny@redhat.com> Date: Mon Sep 26 15:23:39 2016 +0200 add a simple test for tailoring in datastreams Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Mon Sep 26 11:57:38 2016 +0200 Merge pull request #538 from jan-cerny/issue529 Issue #529: Fix a segmentation fault Author: Jan Černý <jcerny@redhat.com> Date: Mon Sep 26 10:01:36 2016 +0200 Merge pull request #540 from yuumasato/maint-1.0-fetch-remote-resource-warning Consider suggestion to use "--fetch-remote-resources" a warning Author: Watson Sato <wsato@redhat.com> Date: Thu Sep 22 17:43:46 2016 +0200 Consider suggestion to use "--fetch-remote-resources" a warning SCAP Workbench is parsing this message as progress status and showing errors, while actually this message is a warning. Author: Jan Černý <jcerny@redhat.com> Date: Thu Sep 22 15:04:38 2016 +0200 Issue #529: Fix a segmentation fault Strings expected in format strings were not supplied. Compiler was OK with that because it is a function with variable count of parameters. Author: Jan Černý <jcerny@redhat.com> Date: Thu Sep 22 12:42:40 2016 +0200 Support tailoring of a checklist located in a different datstream This commit fixes processing of tailoring within datastreams. It is now possible to have a datastream collection with multiple datastreams, where XCCDF tailoring and XCCDF checklist are not both in the same datastream. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 21 14:16:55 2016 -0400 Merge branch 'maint-1.2-doc2' of https://github.com/ybznek/openscap into ybznek-maint-1.2-doc2 Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 21 12:41:18 2016 -0400 Merge branch 'maint-1.0' into maint-1.2 Author: Martin Preisler <martin@preisler.me> Date: Wed Sep 21 12:40:54 2016 -0400 Merge pull request #518 from ybznek/maint-1.0-doc Add missing manual sections Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 12 09:23:20 2016 +0200 manual.adoc: OVAL: add --without-syschar paragraph Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 12 15:53:30 2016 +0200 manual.adoc: Fix grammar Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 12 09:42:45 2016 +0200 manual.adoc: Evaluation of content use passive Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 12 09:37:14 2016 +0200 manual.adoc: Evaluation of content: can contains -> can contain Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 12 09:36:21 2016 +0200 manual.adoc: tailoring - use passive Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 12 09:32:34 2016 +0200 manual.adoc: Despite of -> Instead of Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 12 09:31:49 2016 +0200 manual.adoc: change fetch -> download Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 12 09:26:35 2016 +0200 manual.adoc: change is -> are Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 12 09:25:53 2016 +0200 manual.adoc: CCE,CVE identifiers - add explanation Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 12 09:22:25 2016 +0200 manual.adoc: OVAL rewrite to passive form Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Sep 1 14:39:46 2016 +0200 manual.adoc: directives file Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 5 13:26:42 2016 +0200 manual.adoc: Add tailoring Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Aug 31 13:15:19 2016 +0200 manual.adoc: Add example of evaluation without profile Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Aug 31 09:39:22 2016 +0200 manual.adoc: Add patches are up-to-date section Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 5 13:20:28 2016 +0200 manual.adoc: Add <rule-result> to identifiers Author: Jan Černý <jcerny@redhat.com> Date: Wed Sep 21 13:02:27 2016 +0200 Merge pull request #533 from yuumasato/maint-1.0 Fix results of XCCDF rules with @role="unscored". Author: Watson Sato <wsato@redhat.com> Date: Wed Sep 21 10:47:35 2016 +0200 Fix indentation Author: Jan Černý <jcerny@redhat.com> Date: Wed Sep 21 10:45:19 2016 +0200 Merge pull request #531 from ybznek/maint-1.2-tailor3 Loading of external components Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 16:01:08 2016 +0200 tests: Load external xccdf component Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 16:18:42 2016 +0200 sds.c: Add support to reference external WHOLE file Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 15:31:23 2016 +0200 sds.c: Fix error checking Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 16 15:24:06 2016 +0200 sds.c: Load file from right relative path Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Sep 13 19:06:41 2016 +0200 sds.c: Fix memory leaks Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Sep 13 17:12:57 2016 +0200 sds.c: Allow load components using xlink file: Author: Watson Sato <wsato@redhat.com> Date: Mon Sep 19 15:44:00 2016 +0200 Fix results of XCCDF rules with @role="unscored". When a XCCDF rule has @role="unscored", perform all the checks but mark the result as XCCDF_RESULT_INFORMATIONAL. https://github.com/OpenSCAP/openscap/issues/525 Author: Martin Preisler <martin@preisler.me> Date: Mon Sep 19 10:47:43 2016 -0400 Merge pull request #530 from ybznek/maint-1.2-wi bash_completion: add --without-syschar Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 19 15:15:29 2016 +0200 bash_completion: add --without-syschar Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Sep 16 10:14:21 2016 -0400 Merge branch 'maint-1.0' into maint-1.2 Author: Martin Preisler <martin@preisler.me> Date: Fri Sep 16 10:13:56 2016 -0400 Merge pull request #527 from yuumasato/maint-1.0-fix-export-override Fix export of overrided oscap_text Author: Watson Sato <wsato@redhat.com> Date: Fri Sep 16 11:47:38 2016 +0200 Only export override attribute when necessary Export override attribute of oscap_text only when the element can override parent value and it does override the value. The default value for override is false, there is no need to export it if it`s false. Author: Watson Sato <wsato@redhat.com> Date: Thu Sep 15 18:19:34 2016 +0200 Fix export of overrided oscap_text This change allows attributes marked as overriders by oscap_text_set_override() to be exported. Exportation of an overrider attribute is conditioned by override_given. But override_given is only set when an imported attribute has override capability set. So, when an oscap_text was marked as overrider by oscap_text_set_set_override() the attribute was never exported. Related to RHBZ#1320194. Author: Jan Černý <jcerny@redhat.com> Date: Tue Sep 13 11:20:40 2016 +0200 Merge pull request #523 from ybznek/without-syschar Added support to not to export system characteristics Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 12 15:48:50 2016 +0200 test_without_syschars.sh: Update --without-syschars -> --without-syschar Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 12 15:44:46 2016 +0200 utils/oscap.8: Add --without-syschar Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 12 15:41:05 2016 +0200 change --without-syschars => --without-syschar Author: Jan Černý <jcerny@redhat.com> Date: Mon Sep 12 12:43:21 2016 +0200 Merge pull request #521 from ybznek/maint-1.2-disable-ansible xccdf_policy_remediate.c: Disable run of ansible remediation Author: Zbynek Moravec <zmoravec@redhat.com> Date: Sun Sep 11 19:59:40 2016 +0200 Add test for --without-syschars Author: Zbynek Moravec <zmoravec@redhat.com> Date: Sun Sep 11 19:45:33 2016 +0200 Add --without-syschars option http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.7511r4.pdf req. SCAP.R.1900 What are system characteristics? http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-126r1.pdf page 27 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Sep 6 20:15:24 2016 +0200 xccdf_policy_remediate.c: Remove ansible support We cannot run ansible snippet easily, now - due to missing header Author: Martin Preisler <martin@preisler.me> Date: Fri Sep 9 09:52:58 2016 -0400 Merge pull request #522 from ybznek/maint-1.2-generate-fix ansible generate fix - add header & indentation Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 9 13:24:01 2016 +0200 xccdf_policy_remediate.c: Prevent unwanted run of ansible This force users to check output & add right host Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 6 14:14:58 2016 -0400 Show remediation as collapsed by default, add a button to HTML guide and report to expand Remediations can be quite long and this improves the UX of HTML guide and report. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Sep 6 18:09:32 2016 +0200 xccdf_policy_remediate.c: Add correct ansible indentation When we generate ansible playbook with header, we need to add indentation to ansible tasks Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 6 13:51:15 2016 -0400 Show the type of remediation script, shell script vs ansible snippet in HTML guide and report Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 6 13:42:40 2016 -0400 Moved the remediation description labels in report and guide to xccdf-share.xsl Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 6 13:40:34 2016 -0400 Moved the remediation script label in report and guide to xccdf-share.xsl Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Sep 6 17:40:01 2016 +0200 xccdf_policy_remediate.c: Add ansible header to fix output Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Sep 6 17:30:01 2016 +0200 xccdf_policy_remediate.c: Split _write_text_to_fd_and_free Author: Martin Preisler <martin@preisler.me> Date: Mon Sep 5 10:46:03 2016 -0400 Merge pull request #517 from ybznek/maint-1.2-tailoring-fix xccdf_session.c: Fix free of dirname Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 5 10:32:44 2016 +0200 xccdf_session.c: Fix free of dirname RHBZ: #1367896 According to man page, dirname can return pointer to original path. So we should not call free on returned value Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Mon Sep 5 09:40:38 2016 +0200 Merge pull request #516 from ybznek/maint-1.0-manual-fix update repository name Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Sep 1 10:42:40 2016 +0200 update repository name Author: Jan Černý <jcerny@redhat.com> Date: Thu Sep 1 10:58:06 2016 +0200 Merge pull request #515 from ybznek/maint-1.0-manual manual.adoc: Update repository path Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Sep 1 10:42:40 2016 +0200 update repository name Author: Ján Lieskovský <jlieskov@redhat.com> Date: Wed Aug 31 11:46:12 2016 +0200 Merge pull request #514 from ybznek/maint-1.0-doc manual.adoc: Updates/Fixes Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Aug 31 00:24:21 2016 +0200 manual.adoc: Change openscap -> OpenSCAP Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Aug 31 00:19:09 2016 +0200 manual.adoc: Fix SCE URL Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Aug 31 00:30:18 2016 +0200 manual.adoc: Fix XLS -> XSL Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Fri Aug 19 18:33:20 2016 +0200 Merge pull request #511 from radzy/2016-08-16-wrlinux-maint-iejah2ua Initial Wind River Linux support Author: T.O. Radzy Radzykewycz <radzy@windriver.com> Date: Fri Jul 29 08:14:02 2016 -0700 Initial Wind River Linux support Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com> Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 10 14:45:15 2016 -0400 Use the cached rule-result test-result lookup in both leaf and detail templates in HTML report new: 0m0.700s old: 0m0.848s Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 10 14:42:49 2016 -0400 Cache test result rule result lookup when generating HTML report This may only be worth it if the ARF has a limited amount of TestResult elements. In our typical cases it's one TestResult per ARF and very rarely more. new: 0m0.848s old: 0m0.994s Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 10 14:11:46 2016 -0400 Added a comment about correctness of the 'references' XSLT map Wanted to fix it but then realized it was correct from the beginning. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 10 14:06:40 2016 -0400 Very small optimization in get-all-references in HTML report XSLT <5% but it simplified the queries which makes it simpler for me to optimize further. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 10 13:58:27 2016 -0400 Don't lookup profile selects the brute force method Oh man, another 50+% saved... new: 0m0.219s old: 0m0.506s --Martin, the XSLT optimizer! Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 10 13:41:43 2016 -0400 Use a separator when mapping the benchmark @id and Value @id to Value elements To be on the safe side... Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 10 13:38:35 2016 -0400 Do not look up cdf:Value by ID brute-force in HTML reports and guides Instead, make a map that maps benchmark/@id and the value/@id to the element. This saves roughly 50% of the time generating guides... new: 0m0.506s old: 0m0.921s Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 8 17:21:33 2016 -0400 Merge branch 'maint-1.0' into maint-1.2 Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 8 17:20:53 2016 -0400 Allow NULL to be passed to xccdf_policy_model_set_tailoring This enables us to reset tailoring after it has previously been set to something. Not very useful for the oscap tool but very useful for SCAP Workbench. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 5 15:32:49 2016 -0400 Updated jQuery to 1.12.4 Bugfixes, improved browser compatibility, ... Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 5 15:29:14 2016 -0400 Updated bootstrap to 3.3.7 Bugfixes, improved browser compatibility. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 5 15:13:50 2016 -0400 Optimized xccdf_1.1_remove_dangling_sub.xsl, now it takes 25% of the time It's the same thing again, avoid looking up through huge nodesets repeatedly. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 4 17:35:54 2016 -0400 Show which profiles are abstract when doing `oscap info` We suggest `oscap info` when user selects the wrong profile ID. oscap info shows all profiles, including abstract profiles. But abstract profiles disappear after benchmark is resolved. So they can't be selected even though they are shown in `oscap info` This left me very confused when I just encountered it. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 1 14:46:19 2016 -0400 Merge branch 'maint-1.0' into maint-1.2 Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 1 14:44:33 2016 -0400 W/o optional deps openscap will be compiled without some features You don't have to turn off the features yourself, it will be done automatically. Thanks goes to Rongli Shi for notifying us about this confusion in the README. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jul 29 14:42:36 2016 -0400 Use build_opener() in get_cve_input.py, it's simpler and honors proxy settings See https://bugzilla.redhat.com/show_bug.cgi?id=1351952 Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 27 17:04:15 2016 -0400 More optimization in HTML report generation, only lookup rule-results once Not as dramatic of a speed-up as before but 15% is not too shabby. old: real 0m1.212s new: real 0m1.010s Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 27 16:57:43 2016 -0400 Optimization when generating HTML reports, lookup child rules once *facepalm* old: real 0m2.917s new: real 0m1.212s Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 26 17:53:14 2016 -0400 Slighly cut down the nodeset when figuring out the list of all references Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 26 17:06:41 2016 -0400 More optimization in xccdf_1.1_to_1.2.xsl We now only do 4 full nodeset lookups and that's it, for everything else we use keys. This saves another 50%. Overall the XSLT is now 100x faster now. This optimization was more for consistency than for performance, the 50% saved is roughly 170ms for SCAP Security Guide benchmarks. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 26 16:45:50 2016 -0400 Optimized xccdf_1.1_to_1.2.xsl by a factor of about 50 Using xsl:key instead of horrible full nodeset lookups is a good idea... old: real 0m17.295s new: real 0m0.296s Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 26 16:28:05 2016 -0400 Optimized xccdf_1.1_to_1.2.xsl @idref translation It's still pretty stupid and does subtree lookups but this shaves off a lot of processing time. This transformation is used for SSG builds of all the products so optimizing it greatly improves SSG build times. old: [0] 99.04 27.813 0.000 3526 @idref[parent::xccdf_11:*][not(parent::xccdf_11:platform)][not(parent::xccdf_11:requires)] [0] new: [0] 98.44 16.831 0.000 3526 @idref[parent::xccdf_11:*][not(parent::xccdf_11:platform)][not(parent::xccdf_11:requires)] [0] Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 26 14:38:09 2016 -0400 Optimized cdf:sub in xccdf-share.xsl Fairly basic stuff, let's not do lookups twice, let's not do them when we don't have to. old: [0] 61.03 0.557 0.000 95 cdf:sub[sub-testresult] [0] new: [0] 47.56 0.321 0.000 95 cdf:sub[sub-testresult] [0] Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 26 14:19:56 2016 -0400 Refactored the cdf:sub template in xccdf-share In preparation for optimization. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 26 11:29:32 2016 -0400 Count number of selected rules in HTML guide using string-length No idea wtf I was thinking counting the number of substrings there... This only saves 5% but still, why not... Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 26 11:20:43 2016 -0400 Minor optimization in xccdf-guide-impl.xsl, saves about 15% Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 19 13:38:50 2016 -0400 Merge branch 'maint-1.0' into maint-1.2 Author: Martin Preisler <martin@preisler.me> Date: Tue Jul 19 13:34:07 2016 -0400 Merge pull request #501 from ybznek/maint-1.0 Fix format string of debug message Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Jul 19 18:43:32 2016 +0200 Fix format string of debug message Author: Martin Preisler <martin@preisler.me> Date: Tue Jul 19 11:15:03 2016 -0400 Merge pull request #498 from ybznek/maint-1.0 Refactoring: Remove misleading indexing Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Jul 18 13:31:26 2016 +0200 Remove misleading indexing Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jul 15 14:20:32 2016 -0400 Use /bin/bash as the interpreter for sectool scripts There won't be much difference between /usr/bin/env bash and /bin/bash in practical use-cases but it triggers warnings with various automated QA tools. Author: Jan Černý <jcerny@redhat.com> Date: Fri Jul 15 15:04:59 2016 +0200 Merge pull request #497 from ybznek/maint-1.0-indent Fix some gcc warnings Author: Jan Černý <jcerny@redhat.com> Date: Fri Jul 15 15:00:48 2016 +0200 Merge pull request #496 from ybznek/maint-1.0-static oval_probe_session.c: Add missing 'static' Author: Jan Černý <jcerny@redhat.com> Date: Fri Jul 15 14:56:33 2016 +0200 Merge pull request #495 from ybznek/maint-1.0 tests/process58: some minor patches Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 15 13:58:44 2016 +0200 cpename.c: Delete CPE_SEP_CHAR This constant is unused and ':' is used in many places, including regexp etc. So usage of the constant will not improve readability Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 15 13:49:51 2016 +0200 xccdf_policy.c: Fix indentation Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 15 13:43:15 2016 +0200 oval_probe_session.c: Add missing 'static' Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 15 13:27:08 2016 +0200 tests/process58: Increase wait time for processess Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 15 13:21:59 2016 +0200 tests/process58: improve performance of test We wait for processes later, so they could be loaded during start of other processes Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 15 13:09:03 2016 +0200 tests/process58: fix some shellcheck warnings Author: Jan Černý <jcerny@redhat.com> Date: Thu Jul 14 12:12:35 2016 +0200 Merge branch 'maint-1.0' into maint-1.2 Conflicts: src/OVAL/probes/probe/icache.c tests/probes/file/Makefile.am Author: Martin Preisler <martin@preisler.me> Date: Wed Jul 13 20:22:11 2016 -0400 Merge pull request #494 from ybznek/maint-1.0 icache.c: refactoring Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jul 13 19:50:30 2016 +0200 probes/icache.c: Don't pass to function useless parameter Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jul 13 19:36:42 2016 +0200 probes/icache.c: introduce icache_add_to_tree Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jul 13 19:10:06 2016 +0200 probes/icache.c: Refactor icache_lookup Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jul 13 18:52:59 2016 +0200 probes/icache.c: introduce icache_lookup Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Wed Jul 13 19:10:59 2016 +0200 Merge pull request #492 from jan-cerny/icache_refactoring Unlock the mutex after signaling Author: Jan Černý <jcerny@redhat.com> Date: Wed Jul 13 19:09:00 2016 +0200 Merge pull request #491 from ybznek/maint-1.0 call signal in mutex Author: Jan Černý <jcerny@redhat.com> Date: Wed Jul 13 18:27:01 2016 +0200 Unlock the mutex after signaling Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jul 13 18:18:26 2016 +0200 probes/icache.c: Refactoring don't fix indentation, I expect more changes Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jul 13 17:59:25 2016 +0200 probes/icache.c: Refactoring Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jul 13 18:00:57 2016 +0200 probes/icache.c: Call pthread_cond_signal in locked mutex Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Wed Jul 13 15:11:07 2016 +0200 Merge pull request #489 from jan-cerny/null_check Add a NULL pointer check Author: Jan Černý <jcerny@redhat.com> Date: Wed Jul 13 13:51:56 2016 +0200 Add a NULL pointer check Author: Jan Černý <jcerny@redhat.com> Date: Wed Jul 13 12:42:39 2016 +0200 Merge pull request #468 from ybznek/maint-1.0-fileprobe-test test/file: Add test to strange filenames (missing fix) Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jun 29 14:36:08 2016 +0200 test/file: Add test to strange filenames Should check that we are correctly escape not printable characters and returns error when we cannot match filename by regex Author: Jan Černý <jcerny@redhat.com> Date: Tue Jul 12 13:45:11 2016 +0200 Merge branch 'maint-1.0' into maint-1.2 Conflicts: src/OVAL/probes/oval_fts.c Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Tue Jul 12 13:27:14 2016 +0200 Merge pull request #486 from jan-cerny/enhance_valgrind_test Adjust the valgrind test to detect all kinds of memory errors Author: Jan Černý <jcerny@redhat.com> Date: Tue Jul 12 10:46:02 2016 +0200 Adjust the valgrind test to detect all kinds of memory errors This commit enables us to detect also other memory errors, not only the memory leaks, but also invalid reads etc. We will use --error-code to detect that valgrind failed. This option is designed for usage in automated test suites (see man). Parsing the log is not necessary to detect the fail. Also valgrind has to generate a special logfile for each child process to avoid undefined results (see man). Author: Martin Preisler <martin@preisler.me> Date: Mon Jul 11 11:44:34 2016 -0400 Merge pull request #485 from ybznek/maint-1.0-fts probes/oval_fts: Return error if regex issue occurs Author: Jan Černý <jcerny@redhat.com> Date: Mon Jul 11 15:06:56 2016 +0200 Merge pull request #484 from ybznek/maint-1.0 probes/sysctl.c: Fix typo Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Jul 11 14:55:52 2016 +0200 probes/oval_fts: Return error if regex issue occurs Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Jul 11 13:53:37 2016 +0200 probes/sysctl.c: Fix typo Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Mon Jul 11 12:27:02 2016 +0200 Merge pull request #483 from jan-cerny/complete_readme Add a missing build dependency to README Author: Jan Černý <jcerny@redhat.com> Date: Mon Jul 11 10:40:02 2016 +0200 Add a missing build dependency to README The header file dbus.h provided by the dbus-devel package is required to build systemd probes, we should list the package in our build dependencies list. Author: Martin Preisler <martin@preisler.me> Date: Thu Jul 7 11:25:40 2016 -0400 Merge pull request #482 from ybznek/maint-1.0-fix-double-escape Fix double escape + test fix Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Jul 7 16:01:22 2016 +0200 oval_sysEnt.c: fix double escaping xmlEncodeEntitiesReentrant() + xmlNewTextChild() caused that characters like '<','>' were escaped twice Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Jul 7 15:59:45 2016 +0200 test/remediation results: Delete test_file before test If test failed, next time 'test_file' was already created with required right and fix wasn't applied Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Jul 7 15:57:41 2016 +0200 test/remediation results: Check double escaping Test now should test, that we don't escape <,> twice Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Jul 7 15:56:07 2016 +0200 Fix double escaping in remediation results xmlEncodeEntitiesReentrant() + xmlNewTextChild() caused that characters like '<','>' were escaped twice Author: Martin Preisler <martin@preisler.me> Date: Tue Jul 5 11:00:23 2016 -0400 Merge pull request #473 from ybznek/maint-1.0-oval-r oval_sysEnt.c: fix invalid characters in oval results Author: Martin Preisler <martin@preisler.me> Date: Tue Jul 5 10:57:52 2016 -0400 Merge pull request #481 from ybznek/maint-1.0-vg-fix-probe-session Fix usage of probe_session after free Author: Martin Preisler <martin@preisler.me> Date: Mon Jul 4 16:38:27 2016 -0400 Merge pull request #480 from ybznek/maint-1.0-vg-fix rds: Move free after usage Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Jul 4 16:30:03 2016 +0200 Fix usage of probe_session after free oval_agent_reset_session() was creating new probe_session, but the probe_session were rerefenced rom ag_sess->res_model, too. So when oscap used probe_session from res_model, it got old free'ed version. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Jul 4 13:34:26 2016 +0200 rds: Move free after usage We were using asset_id after its free Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 1 11:54:07 2016 +0200 oval_sysEnt.c: fix invalid characters in oval results Author: Jan Černý <jcerny@redhat.com> Date: Thu Jun 30 09:53:03 2016 +0200 Bump version after release Next version from the maint-1.2 branch will be 1.2.11. Author: Jan Černý <jcerny@redhat.com> Date: Wed Jun 29 15:53:42 2016 +0200 openscap-1.2.10 Author: Jan Černý <jcerny@redhat.com> Date: Wed Jun 29 15:52:36 2016 +0200 Bump soname from 8.8.0 to 8.8.1 No symbols have been added or removed Author: Jan Černý <jcerny@redhat.com> Date: Wed Jun 29 14:23:16 2016 +0200 Merge branch 'maint-1.0' into maint-1.2 Conflicts: src/OVAL/oval_probe.c tests/probes/process58/all.sh tests/test_common.sh.in Author: Jan Černý <jcerny@redhat.com> Date: Wed Jun 29 14:11:09 2016 +0200 Merge pull request #466 from ybznek/maint-1.0 tests/cpe: update for fedora24 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jun 29 11:01:09 2016 +0200 tests/cpe: update for fedora24 Author: Jan Černý <jcerny@redhat.com> Date: Wed Jun 29 13:09:50 2016 +0200 Merge pull request #465 from ybznek/maint-1.2-xslt Fix dotted remediation scripts Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jun 29 10:20:38 2016 +0200 guide/xslt: Fix dotted remediation scripts https://github.com/OpenSCAP/openscap/issues/460 Author: Jan Černý <jcerny@redhat.com> Date: Wed Jun 29 10:15:17 2016 +0200 Merge pull request #462 from ybznek/maint-1.0 tests/process58: Use specified xpath Author: Jan Černý <jcerny@redhat.com> Date: Wed Jun 29 10:13:24 2016 +0200 Merge pull request #463 from ybznek/maint-1.2-systemd Fix systemd test on fedora24 Author: Jan Černý <jcerny@redhat.com> Date: Wed Jun 29 08:49:17 2016 +0200 Merge pull request #464 from ybznek/maint-1.0-xpath-wrapper xpath wrapper Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Jun 28 23:04:24 2016 +0200 tests: Add xpath wrapper for newer version Newer version of xpath has different interface https://github.com/OpenSCAP/openscap/issues/461 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Jun 28 21:26:12 2016 +0200 test/systemdunitproperty: Separete to conditional part "-.mount Wants" isn't presented on Fedora24, so part of test was separated and now it should be started only on supported system Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Jun 28 19:55:09 2016 +0200 tests/process58: Use specified xpath Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jun 27 15:18:26 2016 -0400 Fixed a few one-byte buffer overflow bugs in intelisteningservers.c Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Mon Jun 27 18:43:54 2016 +0200 Merge pull request #459 from jan-cerny/issue281 Issue #281: Fix invalid characters in remediation results Author: Jan Černý <jcerny@redhat.com> Date: Mon Jun 27 15:22:25 2016 +0200 Add a simple test for issue #281 Author: Jan Černý <jcerny@redhat.com> Date: Mon Jun 27 13:23:08 2016 +0200 Issue #281: Fix invalid characters in remediation results We include stdout of a remediation script to the XCCDF results. But the output of the remediation script can contain characters that are forbidden in XML documents, eg. most of the non-printable characters. We need to escape or remove them from the string before we include it to the XML document. Libxml provides a function to get rid of those characters. Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Fri Jun 24 15:59:25 2016 +0200 Merge pull request #457 from jan-cerny/issue372 Issue #372: Add xccdf:TestResult@test-system attribute Author: Jan Černý <jcerny@redhat.com> Date: Fri Jun 24 13:47:23 2016 +0200 Add a simple test for xccdf:TestResult@test-system Author: Jan Černý <jcerny@redhat.com> Date: Fri Jun 24 12:26:15 2016 +0200 Merge pull request #454 from ybznek/maint-1.2-file-probe-test probes/file: Add debug output & modify test Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Fri Jun 24 12:08:38 2016 +0200 Merge pull request #456 from jan-cerny/fix_a_typo Fix a typo Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Fri Jun 24 12:08:00 2016 +0200 Merge pull request #452 from jan-cerny/maint-1.2-fix-rhel5 Issue #393: Fix rpmverifyfile compilation on RHEL5 Author: Jan Černý <jcerny@redhat.com> Date: Fri Jun 24 10:30:45 2016 +0200 Issue #372: Add xccdf:TestResult@test-system attribute The xccdf:TestResult element should contain a test-system attribute which is defined in specification as follows: Name of the benchmark consumer program that generated this <xccdf:TestResult> element; SHOULD be either a CPE name or a CPE applicability language expression. Author: Jan Černý <jcerny@redhat.com> Date: Fri Jun 24 09:48:12 2016 +0200 Fix a typo Author: Jan Černý <jcerny@redhat.com> Date: Fri Jun 24 09:42:17 2016 +0200 Fix a typo Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Jun 23 14:41:07 2016 +0200 probes/file: Add debug output & modify test We have often randomly failed file probe test, it should help us to find an issue Author: Jan Černý <jcerny@redhat.com> Date: Thu Jun 23 13:31:12 2016 +0200 Add a comment Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Thu Jun 23 13:14:50 2016 +0200 Merge pull request #451 from jan-cerny/small_typo_fix Fix a typo Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Thu Jun 23 11:05:17 2016 +0200 Merge pull request #450 from jan-cerny/remove_callback Remove callback on RPM < 4.6 Author: Jan Cerny <jcerny@redhat.com> Date: Thu Jun 23 09:50:15 2016 +0200 Issue #393: Fix rpmverifyfile compilation on RHEL5 One missing include and some fallback definition of macros will fix the issue. Author: Jan Černý <jcerny@redhat.com> Date: Thu Jun 23 09:05:24 2016 +0200 Fix a typo Author: Jan Černý <jcerny@redhat.com> Date: Wed Jun 22 15:15:58 2016 +0200 Remove callback on RPM < 4.6 Recently we have merged a fix to compile the rpm probes on maint-1.0 on systems with older versions of rpmlib. However, the reporting function is not present there, so it does not make any sense to set the logging callback, because it has no effect. This commit removes the callback on those systems. Author: Martin Preisler <martin@preisler.me> Date: Wed Jun 22 11:04:06 2016 -0400 Merge pull request #448 from jan-cerny/issue401-maint-1.0 Issue #401: OVAL tests can reference only objects of same type Author: Jan Černý <jcerny@redhat.com> Date: Wed Jun 22 14:11:44 2016 +0200 Merge pull request #449 from ybznek/maint-1.2-vg Valgrind_test: Add free-fill, malloc-fill Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jun 22 13:58:04 2016 +0200 Valgrind_test: Add free-fill, malloc-fill Author: Jan Černý <jcerny@redhat.com> Date: Wed Jun 22 13:47:18 2016 +0200 Merge pull request #440 from ybznek/maint-1.2-offline-scan-rpmdb Fix offline scan of rpmverifypackage Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 21 16:16:24 2016 +0200 Issue #401: OVAL tests can reference only objects of same type Tests referencing objects of different type should be rejected by OpenSCAP. For example, a textfilecontent54_object can be referenced only from textfilecontent54_test, but NOT from sysctl_test. Such referencing is wrong according to schematron validation. This commit adds a new runtime check to verify that a valid content is processed. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 21 16:03:21 2016 +0200 Fix invalid OVAL content in test suite This commit fixes the following warnings of schematron validation: oval:x:tst:8 - the object child element of a textfilecontent54_test must reference a textfilecontent54_object oval:x:obj:4 - operation attribute for the pattern entity of a textfilecontent54_object should be 'pattern match' Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jun 22 10:12:29 2016 +0200 probes/rpmverifypackage: fix comment Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jun 22 04:48:22 2016 +0200 probes/rpmverifypackage: move #include <config.h> to c file Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jun 22 00:46:58 2016 +0200 probes/rpmverifypackage: Don't use RPMTRANS_FLAG_NOPLUGINS ./configure on rhel7 is not able to detect right rpm version, so we will fallback solution everytime Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jun 17 14:56:16 2016 +0200 probes/rpmverifypackage: Use own offline mode & probe_chroot Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Jun 20 12:44:25 2016 +0200 rpmLibsPreload: Make preloading faster Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jun 17 14:27:19 2016 +0200 probes: introduce probe_chroot* Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jun 17 13:40:58 2016 +0200 Introduce OFFLINE_MODE_OWN Currently we support two offline modes - chroot, rpmdb This offline mode let decide probe how to implement offline mode. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 21 16:30:10 2016 +0200 Merge branch 'maint-1.0' into maint-1.2 Conflicts: ac_probes/configure.ac.tpl configure.ac src/OVAL/probes/unix/linux/rpmverify.c src/OVAL/probes/unix/linux/rpmverifyfile.c src/OVAL/probes/unix/linux/rpmverifypackage.c Author: Martin Preisler <martin@preisler.me> Date: Tue Jun 21 09:36:37 2016 -0400 Merge pull request #443 from jan-cerny/issue408 Issue #408: Fix compilation on older systems Author: Martin Preisler <martin@preisler.me> Date: Tue Jun 21 09:15:17 2016 -0400 Merge pull request #442 from jan-cerny/autoconf_fix Fix autoconf issues Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 21 10:52:31 2016 +0200 Issue #408: Fix compilation on older systems Function rpmLogSetCallback has changed its prototype in RPM 4.6 API. Before it had only one parameter, now it has two parameters. Older version (RPM 4.4.x) is shipped in RHEL5, therefore we must use conditional compilation to get the rpm probes compiled on RHEL5. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 21 14:06:30 2016 +0200 Fix autoconf issues Changes made recently in src/OVAL/probes/Makefile.am caused that ./confgen.sh removed check macros for header files that are needed for rpm probes from configure.ac. This commit fixes the syntax of respective Makefile.am and also includes freshly generated configure.ac. Author: Martin Preisler <martin@preisler.me> Date: Mon Jun 20 10:32:38 2016 -0400 Merge pull request #439 from ybznek/maint-1.0-offline-attr probes/fileextendedattribute.c: Fix offline-mode option position Author: Zbynek Moravec <zmoravec@redhat.com> Date: Sun Jun 19 23:36:46 2016 +0200 probes/fileextendedattribute.c: Fix offline-mode option position Author: Martin Preisler <martin@preisler.me> Date: Wed Jun 15 10:43:33 2016 -0400 Merge pull request #433 from ybznek/maint-1.0-extended-attribute probe extended attribute fix Author: Martin Preisler <martin@preisler.me> Date: Wed Jun 15 10:42:34 2016 -0400 Merge pull request #432 from ybznek/maint-1.0-off Offline scan option position Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Jun 13 15:03:46 2016 +0200 probes/fileextendedattribute.c: refactoring - remove goto Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Jun 13 16:43:38 2016 +0200 probes/fileextendedattribute.c: Fix possible buffer overflow Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Jun 13 15:50:37 2016 +0200 probes/fileextendedattribute.c: Fix missing '\0' From man page of lgetxattr() - there is no information, that returned string should be with trailing \0 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Jun 13 15:28:59 2016 +0200 probes/fileextendedattribute.c: Fix neverending loop When index stays on '\0', it cannot be increased any more Fixed loop condition, because after newly added '++i' index can point after our buffer Author: Zbynek Moravec <zmoravec@redhat.com> Date: Sun Jun 12 23:17:21 2016 +0200 probes/filehash: Fix offline mode support Author: Zbynek Moravec <zmoravec@redhat.com> Date: Sun Jun 12 22:25:47 2016 +0200 probes/filehash58: Fix offline support Author: Martin Preisler <martin@preisler.me> Date: Sat Jun 11 13:40:11 2016 -0400 Merge pull request #427 from ybznek/maint-1.2 oscap-docker: *-cve scan of non-rhel fix Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jun 10 16:48:40 2016 +0200 oscap-docker: remove deprecated comments Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jun 10 12:31:45 2016 +0200 oscap-docker: Print error message when target is not RHEL Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jun 10 12:22:59 2016 +0200 oscap-docker: Unmount container when cve-scan fail Author: Jason Newton <nevion@gmail.com> Date: Wed May 25 00:07:42 2016 -0400 add opensuse 42.1 Author: Martin Preisler <mpreisle@redhat.com> Date: Tue May 31 13:05:56 2016 -0400 oscap-docker fixed to be source compatible with py2 and py3 set_defaults is problematic on subparsers in argparse, it changed behavior in python2 and python3 upstream discussion: http://bugs.python.org/issue9351#msg244786 Author: Martin Preisler <mpreisle@redhat.com> Date: Tue May 24 13:51:46 2016 -0400 Merge branch 'maint-1.0' into maint-1.2 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 24 11:48:54 2016 +0200 rpminfo: fixed handling of probe_item_collect return value The probe_item_collect function uses its return value to signal several things. The previous usage was wrong by assuming that it could be coerced to a boolean value and interpreting 1/true as an error state. The function returns an integer value. Negative values can be interpreted as fatal errors, 0 as success, 1 as an indication of the collected item being filtered out from the result (which is normal behaviour when using filters) and the value 2 as an indication of not including the item because of memory shortage (at which point the probe might decide wheter to do something to release memory to be able to continue or short-circuit the collection process). Related: https://www.redhat.com/archives/open-scap-list/2016-May/msg00036.html Addresses: ``` OpenSCAP Error: Probe at sd=1 (rpminfo) reported an error: Invalid type, value or format [oval_probe_ext.c:393] Unable to receive a message from probe [oval_probe_ext.c:579] Invalid oval result type: -1. [oval_resultTest.c:179] ``` Author: Martin Preisler <martin@preisler.me> Date: Thu May 19 09:21:16 2016 -0400 Merge pull request #414 from jan-cerny/issue394 Fix Issue #394 (SCE results aren't embedded in XCCDF reports) + test Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu May 19 13:34:05 2016 +0200 Merge pull request #416 from jan-cerny/issue_345 Issue #345: Fix error message when <generator> is missing Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu May 19 13:12:00 2016 +0200 Merge pull request #415 from jan-cerny/issue_370 Issue #370: Fix a segmentation fault Author: Jan Černý <jcerny@redhat.com> Date: Thu May 19 10:11:56 2016 +0200 Issue #345: Fix error message when <generator> is missing When oscap reports that the document is invalid, it reports against which schema it is invalid. However if the generator element is missing the schema version is unknown. This commit handles a situation when schema version is missing. Author: Jan Černý <jcerny@redhat.com> Date: Thu May 19 09:08:43 2016 +0200 Fix shebangs Author: Martin Preisler <martin@preisler.me> Date: Wed May 18 10:11:54 2016 -0400 Merge pull request #412 from jan-cerny/add_dep Add GConf2-devel to build dependencies list Author: Jan Černý <jcerny@redhat.com> Date: Wed May 18 14:55:41 2016 +0200 Issue #370: Fix a segmentation fault Addressing: oscap_source_free (source=0x13313d90) at oscap_source.c:129 0x00007ffff7b8ac5e in xccdf_session_free (session=0x61cb30) at xccdf_session.c:249 0x000000000040ba1f in app_evaluate_xccdf (action=<optimized out>) at oscap-xccdf.c:548 0x0000000000407f8e in oscap_module_call (action=0x7fffffffd7b0) at oscap-tool.c:261 oscap_module_process (module=0x6154c0 <XCCDF_EVAL>, module@entry=0x614a40 <OSCAP_ROOT_MODULE>, argc=argc@entry=6, argv=argv@entry=0x7fffffffda48) at oscap-tool.c:346 0x000000000040702f in main (argc=6, argv=0x7fffffffda48) at oscap.c:80 Author: Jan Černý <jcerny@redhat.com> Date: Wed May 18 13:33:52 2016 +0200 Test for SCE results in HTML report Author: Jan Černý <jcerny@redhat.com> Date: Wed May 18 11:33:52 2016 +0200 Issue#394: Add missing default template for SCE results The oscap xccdf generate report module is able to embed SCE results into the HTML report. To do that, a template for results file name must be specified using the "--sce-template" option. However, users expect that if they omit "--sce-template" option, a default file name template will be used. It works like that for OVAL results, so it should work the same way also for SCE results. To fix this issue, this commit adds a default file name template for SCE into the xccdf module. Author: Jan Černý <jcerny@redhat.com> Date: Wed May 18 11:27:18 2016 +0200 Describe "--sce-template" option in man page The "--sce-template" option is available in oscap xccdf generate report module for a long time (since f88d6cee276ef56464e591629e484041864e0f68), but it was not documented in the manual page. The behavior of this option is very similar to "--oval-template", expect this one is for SCE results. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue May 17 16:19:44 2016 -0400 Fix compilation issues Martin should pay more attention to his commits in the evenings... Author: Martin Preisler <mpreisle@redhat.com> Date: Tue May 17 14:15:52 2016 -0400 Support --benchmark-id when running `oscap generate guide` This allows us to select a benchmark with source datastreams having more than one XCCDF benchmark in them. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu May 12 11:19:51 2016 +0200 Merge pull request #413 from jan-cerny/fix_double_free Fix a double free Author: Jan Černý <jcerny@redhat.com> Date: Thu May 12 09:50:19 2016 +0200 Fix a double free Addressing: Invalid free() / delete / delete[] / realloc() at 0x4C29CF0: free (vg_replace_malloc.c:530) by 0x4EC6DD5: xccdf_benchmark_import (benchmark.c:70) by 0x40CD38: app_info (oscap-info.c:151) by 0x4079BD: oscap_module_call (oscap-tool.c:261) by 0x4079BD: oscap_module_process (oscap-tool.c:346) by 0x4069BE: main (oscap.c:79) Address 0xc84a6a0 is 0 bytes inside a block of size 312 free'd at 0x4C29CF0: free (vg_replace_malloc.c:530) by 0x4EC6C97: xccdf_benchmark_parse (benchmark.c:145) by 0x4EC6D54: xccdf_benchmark_import (benchmark.c:65) by 0x40CD38: app_info (oscap-info.c:151) by 0x4079BD: oscap_module_call (oscap-tool.c:261) by 0x4079BD: oscap_module_process (oscap-tool.c:346) by 0x4069BE: main (oscap.c:79) Block was alloc'd at at 0x4C2A988: calloc (vg_replace_malloc.c:711) by 0x4E7E1C8: __oscap_calloc (alloc.c:68) by 0x4EC7B2D: xccdf_item_new (item.c:120) by 0x4EC5461: xccdf_benchmark_new (benchmark.c:96) by 0x4EC6D46: xccdf_benchmark_import (benchmark.c:64) by 0x40CD38: app_info (oscap-info.c:151) by 0x4079BD: oscap_module_call (oscap-tool.c:261) by 0x4079BD: oscap_module_process (oscap-tool.c:346) by 0x4069BE: main (oscap.c:79) Author: Jan Černý <jcerny@redhat.com> Date: Wed May 11 14:21:21 2016 +0200 Add GConf2-devel to build dependencies list This package is needed to build gconf probe. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue May 10 16:23:23 2016 +0200 Merge pull request #411 from dkopecek/dkopecek-patch-1 Update README.md Author: Martin Preisler <mpreisle@redhat.com> Date: Tue May 10 09:35:29 2016 -0400 Merge branch 'maint-1.0' into maint-1.2 Author: Martin Preisler <mpreisle@redhat.com> Date: Tue May 10 09:34:58 2016 -0400 Added libblkid-devel to the list of suggested dependencies Author: Daniel Kopeček <dnk1618@gmail.com> Date: Tue May 10 13:47:50 2016 +0200 Update README.md Added libblkid-devel to build dependencies list. Related: https://www.redhat.com/archives/open-scap-list/2016-May/msg00016.html Author: Martin Preisler <mpreisle@redhat.com> Date: Fri May 6 14:27:46 2016 -0400 Revert "enable subdir-objects in automake" subdir-objects breaks the build. This reverts commit a138dcc3adde1c1fbdeae6b5d0a509bda9d8c5ec. Author: Gabe <redhatrises@gmail.com> Date: Wed May 4 14:24:20 2016 -0600 enable subdir-objects in automake - Silences warnings and deprecation notice about subdir-objects Author: Martin Preisler <martin@preisler.me> Date: Mon May 2 20:37:19 2016 -0400 Merge pull request #405 from jan-cerny/fix_rhbz1250072 RHBZ#1250072: Fix regression in loading DS session Author: Jan Černý <jcerny@redhat.com> Date: Mon May 2 17:45:53 2016 +0200 RHBZ#1250072: Fix regression in loading DS session Loading session for a DS file multiple times with different XCCDF IDs didn't work. When a session for a data stream is created using Python API and then it is loaded twice with different XCCDF IDs being set, the session doesn't reflect the change of the XCCDF ID. This commit fixes the regression by resetting the DS session when a new XCCDF session is loaded. Therefore the IDs are resetted. Author: Jan Černý <jcerny@redhat.com> Date: Fri Apr 22 15:34:25 2016 +0200 Bump version after release Next version from the maint-1.2 branch will be 1.2.10. Author: Jan Černý <jcerny@redhat.com> Date: Fri Apr 22 10:05:59 2016 +0200 openscap-1.2.9 Author: Jan Černý <jcerny@redhat.com> Date: Thu Apr 21 15:33:10 2016 +0200 Bump soname from 8.7.1 to 8.8.0 1 symbol was added, no symbols were removed Author: Ján Lieskovský <jlieskov@redhat.com> Date: Fri Apr 22 14:15:56 2016 +0200 Merge pull request #398 from jan-cerny/issue364 Issue #364: Fix OCIL in data streams Author: Jan Černý <jcerny@redhat.com> Date: Fri Apr 22 11:56:11 2016 +0200 Issue #364: Fix OCIL in data streams Oscap ds sds-compose does not recognize OCIL file as SCAP-1.2 check system and places it into <ds:extended-components> element (intended for non-SCAP content) rather into <ds:checks> element (intended for SCAP-1.2 check systems) That caused build problems in SSG - error message displayed and invalid datastream created. This commit adds basic support for including OCILs in data streams. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Apr 20 14:48:31 2016 -0400 Merge branch 'maint-1.0' into maint-1.2 Author: Martin Preisler <martin@preisler.me> Date: Wed Apr 20 14:43:07 2016 -0400 Merge pull request #389 from ybznek/maint-1.0-preload-2 probes dynamic library preloading Author: Martin Preisler <martin@preisler.me> Date: Wed Apr 20 14:42:57 2016 -0400 Merge pull request #396 from ybznek/maint-1.0-manual-coverage Add code coverage info into manual Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Apr 20 15:52:15 2016 +0200 docs/manual: Add coverage generation info Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Apr 20 13:40:55 2016 +0200 probes/rpm: Fix erro cb return value We have to use RPMLOG_DEFAULT, because RPMLOG_EXIT cause exit of whole probe. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Apr 12 17:07:00 2016 +0200 probes/rpm: Add probe_preload function Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Apr 13 10:58:01 2016 +0200 probes/rpm-helper: Add rpmLibsPreload Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Apr 12 16:55:21 2016 +0200 probes: Use probe_preload before chroot Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Apr 12 16:55:05 2016 +0200 probes: Introduce probe_preload Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Apr 12 17:02:25 2016 +0200 probes: Preload libraries requiered for pthread_cancel Author: Martin Preisler <martin@preisler.me> Date: Wed Apr 13 12:04:14 2016 -0400 Merge pull request #388 from ybznek/maint-1.0-sysctl-local sysctl - test Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Apr 12 17:25:08 2016 +0200 probes/rpm-helper: fix #endif position Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Wed Apr 13 10:33:22 2016 +0200 Merge pull request #382 from jan-cerny/user_manual_fix Remove information about spec files from user manual Author: Zbynek Moravec <zmoravec@redhat.com> Date: Sun Apr 10 23:49:40 2016 +0200 tests/sysctl: Add test_sysctl_probe_all Compare all collected names with names of sysctl Author: Jan Černý <jcerny@redhat.com> Date: Mon Apr 11 18:01:44 2016 +0200 Merge pull request #387 from ybznek/maint-1.0-sysctl-local probes/sysctl: Enable scan 'files' through different devices Author: Jan Černý <jcerny@redhat.com> Date: Mon Apr 11 14:27:28 2016 +0200 Merge pull request #385 from ybznek/rpm-handler rpm error handler Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Apr 11 12:57:40 2016 +0200 probes/sysctl: Enable scan 'files' through different devices /proc/sys/fs/binfmt_misc is on different device than rest of /proc/sys (stat /proc/sys/fs/binfmt_misc). This commit enable to scan it too Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Apr 11 10:42:28 2016 +0200 Merge branch 'maint-1.0' into maint-1.2 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Apr 11 09:44:41 2016 +0200 probes/rpm: Use rpmErrorCb to handle rpm errors Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Apr 11 09:43:22 2016 +0200 probes/rpm: Introduce rpmErrorCb Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sat Apr 9 14:36:14 2016 +0200 Merge pull request #380 from NonerKao/maint-1.2 Reuse existing function during the check Author: Jan Černý <jcerny@redhat.com> Date: Fri Apr 8 11:38:48 2016 +0200 Merge pull request #381 from ybznek/maint-1.0-rpm-mods RPM probes - refactoring only Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Apr 7 11:27:40 2016 +0200 probes/rpm: merge struct to rpm-helper Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Apr 7 11:14:51 2016 +0200 probes/rpm: refactoring - change order of #include Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Apr 7 10:53:36 2016 +0200 probes/rpm: rpm_mutex_(un)lock Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Apr 7 10:47:19 2016 +0200 probes/rpm: merge common rpm-deps Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Apr 7 10:38:32 2016 +0200 probes/rpm: Move common macros to rpm-helper Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Apr 7 10:27:22 2016 +0200 probes/rpm: Introduce rpm-helper Author: Jan Černý <jcerny@redhat.com> Date: Thu Apr 7 17:01:11 2016 +0200 Remove information about spec files from user manual The spec files are not present in maint-1.2 anymore. They were removed in commits 3fe208f3caf1f3a46cd2ee2ea7baa88154600674 41fe1106a680885cd684313d306c12eb54d4353d Author: Quey-Liang Kao <s101062801@m101.nthu.edu.tw> Date: Thu Apr 7 00:36:46 2016 +0800 Improve readability for assert_exists calls Fix: remove the temp files after assert_exists calls Author: Quey-Liang Kao <s101062801@m101.nthu.edu.tw> Date: Wed Apr 6 22:02:22 2016 +0800 Reuse existing function during the check The two modified script files explicitly parse the formatted file by xpath command, which act the same as the assert_exists function in tests/test_common.sh. Author: Martin Preisler <martin@preisler.me> Date: Tue Apr 5 12:05:24 2016 -0400 Merge pull request #378 from jan-cerny/fix_compiler_warning Fix compiler warning: unused variable Author: Jan Černý <jcerny@redhat.com> Date: Tue Apr 5 17:46:06 2016 +0200 Fix compiler warning: unused variable Addressing: unix/runlevel.c: In function ‘get_runlevel_redhat’: unix/runlevel.c:227:13: warning: unused variable ‘runlevel_list’ [-Wunused-variable] const char runlevel_list[] = {'0', '1', '2', '3', '4', '5', '6'}; Author: Jan Černý <jcerny@redhat.com> Date: Tue Apr 5 17:35:01 2016 +0200 Merge pull request #369 from GautamSatish/add_suse_runlevel Adding implementation for runlevel probe on SUSE Author: Gautam Satish <gautams@hpe.com> Date: Thu Mar 31 00:08:43 2016 -0400 Adding implementation for runlevel probe on SUSE Updated the runlevel probe with some refactoring. Author: Martin Preisler <martin@preisler.me> Date: Mon Apr 4 11:29:20 2016 -0400 Merge pull request #374 from jan-cerny/deprecate_oval_probe_query_definition Deprecate function oval_probe_query_definition Author: Martin Preisler <martin@preisler.me> Date: Mon Apr 4 11:28:54 2016 -0400 Merge pull request #375 from jan-cerny/move_messages_to_results_model Move messages to results model Author: Martin Preisler <martin@preisler.me> Date: Mon Apr 4 11:27:31 2016 -0400 Merge pull request #334 from jan-cerny/indent Indent messages in verbose log Author: Martin Preisler <martin@preisler.me> Date: Mon Apr 4 11:22:03 2016 -0400 Merge pull request #373 from jan-cerny/move_message Move a message from unused code Author: Jan Černý <jcerny@redhat.com> Date: Mon Apr 4 17:07:51 2016 +0200 Merge pull request #377 from OpenSCAP/revert-376-maint-1.0-merge-oval-cpe Revert "openscap-cpe-*.xml: update from maint-1.2" Author: Martin Preisler <martin@preisler.me> Date: Mon Apr 4 09:52:55 2016 -0400 Revert "openscap-cpe-*.xml: update from maint-1.2" Author: Jan Černý <jcerny@redhat.com> Date: Mon Apr 4 13:45:22 2016 +0200 Merge pull request #376 from ybznek/maint-1.0-merge-oval-cpe openscap-cpe-*.xml: update from maint-1.2 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Apr 4 10:15:53 2016 +0200 openscap-cpe-*.xml: update from maint-1.2 Author: Jan Černý <jcerny@redhat.com> Date: Sun Apr 3 15:36:09 2016 +0200 Indent messages in verbose log This commit indents messages inside test or definition to better distiguish between individual tests or definitions and improve orientientation in log for user. Author: Jan Černý <jcerny@redhat.com> Date: Sun Feb 28 19:21:53 2016 +0100 Add possibility for indent of messages in verbose log This commit adds a macro that can either increase or decrease indent of messages in verbose log. Author: Jan Černý <jcerny@redhat.com> Date: Sun Apr 3 11:02:42 2016 +0200 Move message about test evaluating After refactoring done in #360, we can move this message to results model without affecting functionality. The new place is more logical, because the two corresponding messages are now near to each other in source code. Author: Jan Černý <jcerny@redhat.com> Date: Sun Apr 3 10:56:21 2016 +0200 Move message about definition evaluating After refactoring done in #360, we can move this message to results model without affecting functionality. The new place is more logical, because the two corresponding messages are now near to each other in source code. Author: Jan Černý <jcerny@redhat.com> Date: Sun Apr 3 09:47:27 2016 +0200 Deprecate function oval_probe_query_definition We have moved querying definitions into results model and removed call of oval_probe_query_definition in b8e8860fa362b37201f3f46cb6f3dc1da6863246 . The only case where this function is called now (oval_probe.c:433) is a recursive call. We can deprecate the function and remove it in next major release, because it is a dead code. Author: Jan Černý <jcerny@redhat.com> Date: Sun Apr 3 09:10:06 2016 +0200 Move a message from unused code Since we have merged PR #360, we miss a message reporting extended definition in our verbose mode. This commit moves a message from function which is not used now to the right place. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 1 12:17:31 2016 -0400 Merge branch 'maint-1.0' into maint-1.2 Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Wed Mar 16 12:27:46 2016 -0700 Fixed for solaris to use fts_ Author: Martin Preisler <martin@preisler.me> Date: Wed Mar 30 11:16:47 2016 -0400 Merge pull request #363 from ybznek/maint-1.2-mount-dir oscap-docker: Mount in safe temporary container Author: Jan Černý <jcerny@redhat.com> Date: Wed Mar 30 16:22:39 2016 +0200 Merge pull request #361 from ybznek/maint-1.0-rpm-not-applicable RPM probes: return "Not applicable" without valid db Author: Jan Černý <jcerny@redhat.com> Date: Wed Mar 30 15:38:12 2016 +0200 Merge pull request #362 from ybznek/maint-1.0-cpe-oval Fix openscap-cpe-oval.xml: Remove check to unix family Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Mar 30 14:56:23 2016 +0200 probes/rpm: fix whitespaces Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Mar 29 17:51:16 2016 +0200 oscap-docker: refactoring Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Mar 30 05:11:37 2016 +0200 openscap-cpe-oval: Remove unused test to unix family Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Mar 30 05:09:36 2016 +0200 openscap-cpe-oval: Don't check unix family Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Mar 29 11:08:33 2016 +0200 Merge pull request #360 from jan-cerny/merge_probing_to_results Query test and evaluate its results in one step Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sat Mar 26 19:05:36 2016 +0100 Merge pull request #365 from jan-cerny/verbose_on_stderr If verbose log file is not specified, write messages on stderr Author: Jan Černý <jcerny@redhat.com> Date: Sat Mar 26 16:29:30 2016 +0100 Fix verbose mode in XCCDF module If we will write verbose messages on stderr, we should not split printing result of XCCDF rule into two functions. Otherwise the messages would be mixed between "Result" and result. Author: Jan Černý <jcerny@redhat.com> Date: Sat Mar 26 16:29:18 2016 +0100 Update user manual - changes in verbose mode Author: Jan Černý <jcerny@redhat.com> Date: Sat Mar 26 16:26:53 2016 +0100 Allow stderr in probes If verbose mode is turned on and no file is specified for the log, stderr should be used. We need to allow this also for messages from probes. Author: Jan Černý <jcerny@redhat.com> Date: Sat Mar 26 16:26:20 2016 +0100 Do not require --verbose-log-file option Author: Jan Černý <jcerny@redhat.com> Date: Sat Mar 26 16:24:52 2016 +0100 Write messages on stderr if log file is not specified Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Mar 24 12:24:28 2016 +0100 oscap-docker: Mount in safe temporary container https://github.com/OpenSCAP/openscap/issues/329 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Mar 24 09:18:40 2016 +0100 probe/rpm*: Return "Not applicable" without valid db https://github.com/OpenSCAP/openscap/issues/348 Author: Jan Černý <jcerny@redhat.com> Date: Wed Mar 23 16:43:23 2016 +0100 Evaluate criteria only if criteria node is present If there is a definition without criteria chlid element, the result should be "not evaluated". This case used to be cached in oval_probe_query_definition. After we moved querying into results evalaution, we need to check it here. Otherwise it breaks test tests/API/OVAL/unittests/test_deprecated_def.sh. Author: Jan Černý <jcerny@redhat.com> Date: Wed Mar 23 14:34:56 2016 +0100 Do not call oval_probe_query_definition Since we merged probing for tests into test evaluation in previous commits, calling oval_probe_query_definition can be removed now as superfluous action. Author: Jan Černý <jcerny@redhat.com> Date: Wed Mar 23 14:28:35 2016 +0100 Query test and evaluate its results in one step If a probe session is started, we can query the test and collect the objects just when the result of a test is going to be evaluated. After applying this commit we will not need to browse the criteria tree twice as we do now. Author: Jan Černý <jcerny@redhat.com> Date: Wed Mar 23 14:25:11 2016 +0100 Create results model with probe session Other occurences of oval_result_model_new are not required to be replaced, because in other cases it doesn't need to probe the system. Author: Jan Černý <jcerny@redhat.com> Date: Wed Mar 23 13:46:54 2016 +0100 Add a getter of probe_session for results model Author: Jan Černý <jcerny@redhat.com> Date: Wed Mar 23 13:44:33 2016 +0100 Add probe_session into results model The probe_session will be added by a special constructor Author: Jan Černý <jcerny@redhat.com> Date: Wed Mar 23 12:58:34 2016 +0100 Expose function oval_probe_query_test This commit removes static modifier from function oval_probe_query_tests and adds protytype of this function to a private header file. Author: Jan Černý <jcerny@redhat.com> Date: Wed Mar 23 09:51:53 2016 +0100 Change oval_probe_query_criterion to oval_probe_query_test This function takes oval_criteria_node *cnode as its second paramater. But it assumes that cnode is a criterion and it only uses this paramater to get the oval_test referenced by the criterion. The function is static and it is called only in one place, where we are already sure that cnode is a criterion. So we can move some part of code to the caller in a way that we can change the type of second parameter to oval_test. This change is done because we would like to reuse the code in results_model. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Mar 22 15:58:20 2016 -0400 Merge branch 'maint-1.0' into maint-1.2 Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Mar 22 15:53:18 2016 -0400 Correctly parse and write-out version/@time and version/@update in XCCDF Benchmark Previously we were parsing this correctly but not writing it out when serializing. I have changed tests accordingly. Author: Jan Černý <jcerny@redhat.com> Date: Sat Mar 19 17:34:03 2016 +0100 Refactor: Extract function oval_probe_query_var_ref This commit extracts a part of code which handles references to variables and moves the code to a new separate static function. The purose of this commit is to make the function oval_probe_query_criterion more understandable. Author: Jan Černý <jcerny@redhat.com> Date: Sat Mar 19 16:53:55 2016 +0100 Evaluate extended definition directly We can use oval_probe_query_definition here because it will wuery its criteria the same way. Author: Jan Černý <jcerny@redhat.com> Date: Sat Mar 19 16:14:19 2016 +0100 Refactor: extract function oval_probe_query_extend_definition This commit only moves a block of code to a new separate static function. Author: Jan Černý <jcerny@redhat.com> Date: Sat Mar 19 16:06:06 2016 +0100 Refactor: Extract function oval_probe_query_criterion This commit only moves a block of code to a new separate static function. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Mar 21 10:27:42 2016 +0100 Add a test_sce_in_ds.sh back This test was skipped since 920d633e9b4c7fc006e6c8aa80fdd388240dac3f after it was added in 609ccc7cf64f63901d174c1f7295f33739065874. Author: Jan Černý <jcerny@redhat.com> Date: Mon Mar 21 08:47:15 2016 +0100 Merge branch 'maint-1.0' into maint-1.2 Conflicts: tests/sce/Makefile.am Author: Jan Černý <jcerny@redhat.com> Date: Mon Mar 21 08:41:38 2016 +0100 Merge pull request #349 from ybznek/maint-1.2-sds-sce-fix SDS SCE fix Author: Martin Preisler <martin@preisler.me> Date: Fri Mar 18 09:57:24 2016 -0400 Merge pull request #357 from jan-cerny/issue_342 Fix grouping in HTML report Author: Martin Preisler <martin@preisler.me> Date: Wed Mar 16 16:41:30 2016 -0400 Merge pull request #358 from ybznek/maint-1.0-fix-tests tests/sce-in-ds: Add to Makefile.am Author: Jan Černý <jcerny@redhat.com> Date: Wed Mar 16 10:09:44 2016 +0100 Do not expose oval_result_criteria_node_negate in public API Move the function to oval_results_impl.h Author: Jan Černý <jcerny@redhat.com> Date: Mon Feb 22 17:00:17 2016 +0100 Make public a function negating criteria In future we will need it in other modules. Author: Jan Černý <jcerny@redhat.com> Date: Mon Feb 22 20:33:27 2016 +0100 Refactor: Extract function oval_result_system_prepare_definition We will need a part of this code in oval_probe_query_definition. It wouldn't be good to just copy and paste, instead we can extract the code to a separate function. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Mar 15 22:25:41 2016 +0100 tests/sce-in-ds: Add to Makefile.am Append forgotten test Author: Martin Preisler <martin@preisler.me> Date: Tue Mar 15 22:07:39 2016 -0400 Merge pull request #359 from ybznek/maint-1.2-sce-errors tests/sce_parse_errors: Add test to Makefile.am Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Mar 15 22:33:20 2016 +0100 tests/sce_parse_errors: Add test to Makefile.am Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Mar 14 15:13:49 2016 +0100 xccdf_policy: refine detection of realpath We need to detect only relative path to subdir, not to parent dir Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Mar 11 10:09:47 2016 +0100 sds.c: Refactoring - add consts Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Mar 10 13:43:16 2016 +0100 sds.c: Refactoring Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Mar 10 13:40:08 2016 +0100 sds.c: Fix licence whitespace Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Mar 10 13:09:50 2016 +0100 sds: refactoring Create SCE path only when is needed - Don't create temp directory in all cases Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Mar 10 13:04:01 2016 +0100 sds: refactoring Doesn't make sense by itself. Should be part of group of commits to avoid of create temp directory if is not needed Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Mar 10 12:29:28 2016 +0100 xccdf_policy: Fix windows support Windows absolute path doesn't start with '/' Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Mar 10 11:10:41 2016 +0100 fix DS with SCE Author: Jan Černý <jcerny@redhat.com> Date: Tue Mar 15 13:37:53 2016 +0100 Regenerate xccdf-resources.xsl Author: Jan Černý <jcerny@redhat.com> Date: Tue Mar 15 13:34:48 2016 +0100 Support CIS recommendations in HTML report Author: Jan Černý <jcerny@redhat.com> Date: Mon Mar 14 16:10:09 2016 +0100 Do not rely on exact URLs to create groups When a new revision of a security guidance is released it breaks the groupping. This situation already happened for PCI DSS. This commit tries to fix it by matching only a common prefix, not the exact match of the whole URL. Author: Jan Černý <jcerny@redhat.com> Date: Mon Mar 14 16:05:51 2016 +0100 Issue #342: Fix sorting of groups in HTML report This commit introduces a more generic sorting algorithm to sort groups in HTML report. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Mar 9 17:39:37 2016 +0100 sds-session: Add debug output Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Mar 14 14:43:38 2016 +0100 Merge pull request #356 from ybznek/maint-1.2-test-minor-fix test: XCCDF/test_platform_element fix var Author: Jan Černý <jcerny@redhat.com> Date: Mon Mar 14 14:27:19 2016 +0100 Use names of known types in JSON instead of the URLs Author: Jan Černý <jcerny@redhat.com> Date: Mon Mar 14 14:25:59 2016 +0100 Refactor XSLT code to a new template This way we can reuse the code. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Mar 14 13:28:00 2016 +0100 test: XCCDF/test_platform_element fix print Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Mar 14 13:09:09 2016 +0100 test: XCCDF/test_platform_element fix var Fix : integer expression expected Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sun Mar 13 12:46:12 2016 +0100 Tests: Remove testing file after the test finishes. We do not need to .gitignore them. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sun Mar 13 12:38:27 2016 +0100 Tests: Fix validation The 13 & 16 numbers were copy pasted from another directory. The correct numbers are 8 & 8. This test has been failing since day 0. We haven't seen this test failing, because there was not `set -e`. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sun Mar 13 12:19:14 2016 +0100 Simplify control flow. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sun Mar 13 12:17:28 2016 +0100 Tests: Be strict and exit on failure. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sun Mar 13 11:46:53 2016 +0100 Remove oval details file once you are done. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sat Mar 12 20:57:22 2016 +0100 Ignore binaries build for testing Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sat Mar 12 20:36:02 2016 +0100 Merge branch 'maint-1.0' into maint-1.2 Conflicts: tests/sce/Makefile.am Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sat Mar 12 20:17:30 2016 +0100 Merge pull request #347 from ybznek/maint-1.0-sce-test tests/sce: Add test for SCE in DS Author: Martin Preisler <martin@preisler.me> Date: Fri Mar 11 16:03:38 2016 -0500 Merge pull request #354 from ybznek/maint-1.2-sce-errors Stop printing of XML errors during SCE loading Author: Martin Preisler <martin@preisler.me> Date: Fri Mar 11 16:01:45 2016 -0500 Merge pull request #355 from ybznek/maint-1.2-test-minor-fix test: XCCDF/test_platform_element fix var Author: Martin Preisler <martin@preisler.me> Date: Fri Mar 11 14:37:54 2016 -0500 Merge pull request #353 from ybznek/maint-1.2-rpm-probe-another-fix rpm* another probes fix Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Mar 11 20:30:18 2016 +0100 test: XCCDF/test_platform_element fix var When oscap finish successfully, $ret is not set and we will get 'line 15: [: -eq: unary operator expected' Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Mar 11 17:09:18 2016 +0100 tests/sce: Add test to check XML errors We tries to load every file as XML and if we get .sh file we should not to print error messages on stderr Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Mar 11 11:44:22 2016 +0100 oscap_source: Don't print parsing XML errors Don't print parsing xml error when we read script I can be easier to check executability before XML parsing, but SCE is only extension and we don't want open file once more everytime. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Mar 11 19:46:19 2016 +0100 Issue #348: Fix rpmverifypackage probe Similar to 91a5dd92512585b0c6b0fa2fcd2f8ef700fd9b6f Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Mar 11 19:38:30 2016 +0100 Issue #348: Fix rpmverify probe Similar to 1bf9b8bbb8bee732ea3e870d5510dcbf52f96705 Author: Zbyněk Moravec <ybznek@users.noreply.github.com> Date: Fri Mar 11 19:34:10 2016 +0100 Merge pull request #350 from jan-cerny/fix_rpmverifyfile_probe Issue #348: Fix offline mode in rpmverifyfile probe Author: Martin Preisler <martin@preisler.me> Date: Fri Mar 11 10:40:46 2016 -0500 Merge pull request #351 from jan-cerny/fix_file_probe Fix offline mode in file probe Author: Jan Černý <jcerny@redhat.com> Date: Fri Mar 11 14:08:09 2016 +0100 Fix offline mode in file probe I have found a logical error in file probe. The offline mode in file probe is enabled on only when a mutex cannot be initialized, which is not very likely and also it is definitely not what we want. This commit enables the offline mode in file probe. Author: Jan Černý <jcerny@redhat.com> Date: Fri Mar 11 11:42:51 2016 +0100 Issue #348: Fix rpminfo probe Similar to 91a5dd92512585b0c6b0fa2fcd2f8ef700fd9b6f Author: Jan Černý <jcerny@redhat.com> Date: Fri Mar 11 10:49:02 2016 +0100 Issue #348: Fix offline mode in rpmverifyfile probe If we chroot into filesystem where is not a RPM database, we should not fail to init the probe. Author: Zbynek Moravec <xmorav27@stud.fit.vutbr.cz> Date: Fri Mar 11 09:37:36 2016 +0100 tests/sce: refactoring Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Feb 24 11:57:35 2016 +0100 tests/sce: Add test for SCE in DS https://github.com/OpenSCAP/openscap/issues/295 Author: Martin Preisler <martin@preisler.me> Date: Wed Mar 9 13:23:27 2016 -0500 Merge pull request #327 from ybznek/maint-1.2-offline-scan-support Enable offline scan of some probes Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Feb 16 09:49:38 2016 +0100 probe/shadow: ofline scan Offline scan of the probe currently isn't possible without some hacking. More info: https://github.com/OpenSCAP/openscap/issues/344 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Feb 12 12:54:45 2016 +0100 probe/password: offline scan Offline scan of the probe currently isn't possible without some hacking. More info: https://github.com/OpenSCAP/openscap/issues/344 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Feb 12 12:51:59 2016 +0100 probe/partition: offline scan Current way of offline scan doesn't support this probe to be offline. More info here: https://github.com/OpenSCAP/openscap/issues/343 Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Mar 8 14:40:05 2016 -0500 Merge branch 'maint-1.0' into maint-1.2 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Mar 7 14:55:11 2016 +0100 Seap: Fix double free The free caused "double free or corruption (fasttop)" when I was using probe from commandline. Free is already in SEXP_list_free Author: Martin Preisler <martin@preisler.me> Date: Fri Mar 4 10:42:38 2016 -0500 Merge pull request #337 from jan-cerny/fix_old_glibc Fix compiler errors on older systems Author: Jan Černý <jcerny@redhat.com> Date: Fri Mar 4 13:08:07 2016 +0100 Fix compilation on RHEL5 The ARGV_const_t is not defined in RHEL5 rpm library. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Mar 3 15:59:46 2016 +0100 Ignore gnulib files that we do not include yet Author: Jan Černý <jcerny@redhat.com> Date: Thu Mar 3 14:35:00 2016 +0100 Fix compiler errors on older systems Functions pthread_getname_np and pthread_setname_np were introduced in glibc 2.12. With older versions of glibc used on RHEL5 or SLES11 OpenSCAP failed to compile. This commit adds an autoconf rule to detect the presence of these functions. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Mar 3 14:27:51 2016 +0100 Merge pull request #336 from jan-cerny/issue_317 Issue #317: Fix oscap-docker traceback Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Mar 3 14:09:15 2016 +0100 Other files worth hiding Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Mar 3 14:03:09 2016 +0100 Hide even less typical files that starts with 'tests_' Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Mar 3 14:00:39 2016 +0100 Use test_*.log glob to ignore files We have been adding new test directories while forgeting .gitigore recently. That is because it was inpractical. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Mar 3 12:42:54 2016 +0100 Ignore config/test-driver it should never be commited See 0802fb2326f6f189f8d31ad9cb84c9c4e8fd340f Author: Jan Černý <jcerny@redhat.com> Date: Thu Mar 3 11:36:22 2016 +0100 Issue #317: Fix oscap-docker traceback Oscap-docker gave a traceback when providing a wrong image ID or wrong container ID. This commit fixes the traceback by catching the exception and writes an error message on stderr. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Mar 1 16:09:48 2016 +0100 Merge pull request #332 from mpreisler/oscap_chroot Added the oscap-chroot tool - scan filesystems on arbitrary paths Author: Martin Preisler <martin@preisler.me> Date: Sun Feb 28 17:28:02 2016 -0500 Merge pull request #335 from jan-cerny/cleanup_devel Change messages category to DEVEL Author: Jan Černý <jcerny@redhat.com> Date: Sun Feb 28 20:36:29 2016 +0100 Change messages category to DEVEL While browsing verbose log produced on Fedora SSG, I have discovered several messages which disturb in INFO level. They should be in DEVEL category instead. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Feb 25 15:40:19 2016 -0500 Fixes in oscap-chroot manpage, replaced oscap-vm with oscap-chroot Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Feb 25 15:37:57 2016 -0500 Added the oscap-chroot tool - scan filesystems on arbitrary paths Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Feb 25 15:13:16 2016 +0100 Merge branch 'maint-1.0' into maint-1.2 Before 1.2.9 Conflicts: cpe/openscap-cpe-dict.xml cpe/openscap-cpe-oval.xml Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Feb 25 14:57:23 2016 +0100 Fedora 25 CPE Fedora 24 has been branched. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Feb 25 14:23:18 2016 +0100 Refactor: replace implementation by function call. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Feb 25 13:47:26 2016 +0100 Build policies that are useful. This supports: * Anaconda installer showing only useful profiles (rhbz#1256879) * Satellite 6 showing only useful profiles (rhbz#1302230) Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Feb 25 11:40:15 2016 +0100 Move xccdf_policy_model_create_policy_by_id to policy_model module. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Feb 25 11:06:05 2016 +0100 Refactor: Extract function: _xccdf_policy_model_create_policy_by_id Let's put it into a separate file. I have been playing with the idea of creating xccdf_policy_model module for ages. I never wanted to copy code from one file to another, however we can start levitating slowly by changes towards separate file for each. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Feb 24 23:55:48 2016 +0100 Remove OSCAP_DEPRECATED from .c file It does not work as intended. It only works in the header file. it makes following function deprecated as well. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Feb 24 23:53:45 2016 +0100 Refactor: Extract function: _xccdf_policy_model_create_policy_by_id Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Feb 24 21:55:45 2016 +0100 Update copyright notice. Author: Martin Preisler <martin@preisler.me> Date: Wed Feb 24 11:11:10 2016 -0500 Merge pull request #331 from ybznek/maint-1.2-offline-scan-tested-probes Maint 1.2 offline scan tested probes Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Feb 16 09:49:21 2016 +0100 probe/rpmverifypackage: enable ofline scan Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Feb 12 14:28:31 2016 +0100 probe/symlink: enable ofline scan Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Feb 12 13:44:46 2016 +0100 probes/rpmverify: enable offline scan Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Feb 12 12:53:42 2016 +0100 probe/rpmverifyfile: enable offline scan Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Feb 24 13:05:21 2016 +0100 Whitespace fix, remove tabulator. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Feb 16 10:51:26 2016 +0100 Merge pull request #325 from jan-cerny/open_file_message Improve a message about opening file Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Feb 15 16:40:07 2016 +0100 Merge pull request #314 from jan-cerny/test_results Provide basic information about evaluating test results in verbose log Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Feb 15 16:00:24 2016 +0100 Merge pull request #326 from jan-cerny/fix_man Fix manual page for oscap-docker Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Feb 15 15:57:38 2016 +0100 Merge pull request #324 from jan-cerny/type_of_test Show type of test and test comment in verbose log Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Feb 15 15:54:31 2016 +0100 Merge pull request #316 from jan-cerny/issue303 Issue #303: Fix oscap-docker traceback Author: Jan Černý <jcerny@redhat.com> Date: Mon Feb 15 10:37:31 2016 +0100 Fix manual page for oscap-docker The tool is called oscap-docker, not docker-oscap. Author: Jan Černý <jcerny@redhat.com> Date: Sun Feb 14 20:42:56 2016 +0100 Improve a message about opening file This should show a more understandable message when a probe opens some file (eg. configuration file) to collect data. Author: Jan Černý <jcerny@redhat.com> Date: Sun Feb 14 20:03:16 2016 +0100 Show type of test and test comment in verbose log Currently we show only test id in log message. However, if we show only id, user will need look to the OVAL file to figure out which test is which. We can easily improve it by adding object type and its comment into the message. Author: Jan Černý <jcerny@redhat.com> Date: Sun Feb 14 15:11:31 2016 +0100 Describe check_existence parameter in verbose log Every test in OVAL has a check_existence attribute, which describe how many objects must exist on the system to evaluate as true. This affects result of OVAL test. This commit adds messages for each possible value of the check_existence attribute. Author: Jan Černý <jcerny@redhat.com> Date: Sat Feb 13 15:17:35 2016 +0100 Inform about flags of items Collected objects in OVAL can have different flags. Those flags affect result of OVAL test. This commit adds some messages to verbose log that will report the flag and its meaning. Author: Jan Černý <jcerny@redhat.com> Date: Sat Feb 13 13:25:33 2016 +0100 Drop one of the messages about item-state comparison This commit also ensures that the remaining message will not be displayed when a test does not contain any state. Author: Jan Černý <jcerny@redhat.com> Date: Sat Feb 13 13:23:58 2016 +0100 Add a comment Author: Jan Černý <jcerny@redhat.com> Date: Sat Feb 13 13:05:19 2016 +0100 Do not expose oval_check_get_description() in public API Author: Jan Černý <jcerny@redhat.com> Date: Sat Feb 13 11:28:41 2016 +0100 Return NULL if a test contains no states Author: Jan Černý <jcerny@redhat.com> Date: Sat Feb 13 10:55:14 2016 +0100 Do not expose oval_test_get_state_names() in public API Author: Jan Černý <jcerny@redhat.com> Date: Tue Feb 9 17:59:53 2016 +0100 Inform about result of item-state comparison Author: Jan Černý <jcerny@redhat.com> Date: Tue Feb 9 14:09:29 2016 +0100 Improve format of a message Author: Jan Černý <jcerny@redhat.com> Date: Tue Feb 9 14:08:57 2016 +0100 Inform user about item-state comparison in verbose log Author: Jan Černý <jcerny@redhat.com> Date: Tue Feb 9 14:07:20 2016 +0100 Show some information about result evaluation Author: Jan Černý <jcerny@redhat.com> Date: Tue Feb 9 19:59:34 2016 +0100 Create another function to convert oval_check_t to string There already exists oval_check_get_text() function. However, the returned string cannot be easily used in a meaningful English sentence, because some of values contains a verb but some of them does not. This new function will be used in verbose debugging messages. Author: Jan Černý <jcerny@redhat.com> Date: Tue Feb 9 12:10:45 2016 +0100 Add function generating string with list of states Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Feb 12 15:11:43 2016 +0100 Merge pull request #323 from jan-cerny/extend_definition Add message about extend definition Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Feb 12 15:10:07 2016 +0100 Merge pull request #322 from jan-cerny/tests Inform user in verbose log that a test will be evaluated Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Feb 12 15:09:03 2016 +0100 Merge pull request #321 from jan-cerny/definition_result Show definition result in verbose log Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Feb 12 15:07:58 2016 +0100 Merge pull request #320 from jan-cerny/item_vs_state Add an info message Author: Jan Černý <jcerny@redhat.com> Date: Fri Feb 12 14:14:45 2016 +0100 Add message about extend definition In OVAL the definitions usually contain one or more tests, but they can also be extended by referencing to other definitions. The refrenced definitions are required to be evaluated to get final result of the definition under the evaluation. This construct is sometimes used in SSG. Currently we don't show the information about extending definition in verbose log. The log is very confusing for a reader if a extended definition is evaluated. This commit adds an info message when extend_definition is used. Author: Jan Černý <jcerny@redhat.com> Date: Fri Feb 12 14:07:05 2016 +0100 Inform user of verbose log that a test will be evaluated We currently inform user that a definition will be evaluated, but definition contains one or more tests, and we currently don't show it in log, which complicates the understanding of whole story. Author: Jan Černý <jcerny@redhat.com> Date: Fri Feb 12 10:39:59 2016 +0100 Show definition result in verbose log Verbose log is missing the most basic information - final result of a definition. Author: Jan Černý <jcerny@redhat.com> Date: Thu Feb 11 15:59:40 2016 +0100 Add an info message This message informs that some item of a collected object has matched a state. Author: Jan Černý <jcerny@redhat.com> Date: Thu Feb 11 11:22:44 2016 +0100 Merge pull request #319 from isimluk/maint-1.0 Desperate grave digger Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Feb 11 10:27:49 2016 +0100 Voodoo: Tell us where is zombie We think she left dead, but the priest (ps) conceals where it is. This is not a black magic really. We think the zombie process should be listed in cemetery, but sometimes it is missing. Good thing is to put more details into the log. Next time we need to record the moon phase. See github issue #315 for more details. Author: Jan Černý <jcerny@redhat.com> Date: Thu Feb 11 09:55:08 2016 +0100 Issue #303: Fix oscap-docker traceback The oscap-docker utility failed with a traceback with Python 3 whe invoked with no argument. It will print the help instead. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Feb 10 21:48:50 2016 +0100 Merge pull request #313 from jan-cerny/reply_message Change category of two messages to DEVEL Author: Jan Černý <jcerny@redhat.com> Date: Tue Feb 9 19:06:59 2016 +0100 Change category of two messages to DEVEL These messages informs about some details in communication protocol between library and probes. They are not interesting from point of view of OVAL content. Author: Martin Preisler <martin@preisler.me> Date: Mon Feb 8 09:20:05 2016 +0100 Merge pull request #308 from ybznek/maint-1.2-oscap-docker-http-fix oscap docker http header fix Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Feb 8 09:10:46 2016 +0100 oscap-docker: Fix oversight True was only for my debugging. Shoult not be commited. Author: Martin Preisler <martin@preisler.me> Date: Mon Feb 8 00:13:46 2016 +0100 Merge pull request #311 from jan-cerny/fix_suppression_file Adjust the valgrind suppression file Author: Jan Černý <jcerny@redhat.com> Date: Sun Feb 7 21:48:49 2016 +0100 Adjust the valgrind suppression file After merging c97417a328687ebf49f4da0ac54d6104d15297c7, we must suppress the memory leak in curl_global_init directly, not via curl_easy_init. Author: Jan Černý <jcerny@redhat.com> Date: Sun Feb 7 17:32:05 2016 +0100 Merge pull request #309 from moolitayer/readme_fix [doc] remove duplicate line from readme Author: Mooli Tayer <mtayer@redhat.com> Date: Sun Feb 7 15:24:15 2016 +0200 [doc] remove duplicate line from readme Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Feb 3 16:48:15 2016 +0100 oscap-docker: Fix last-modified error condition Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Feb 2 16:37:28 2016 +0100 oscap-docker: Fix HTTP last-modified issue Fix problem where server sends Last-modified and oscap-docker wants to read header with key last-modified Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Feb 2 14:20:33 2016 +0100 Oscap-docker fix no last-modified header message Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Feb 2 14:20:04 2016 +0100 Oscap-docker refactoring Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 28 13:58:56 2016 +0100 Update issue tracker url in our man pages. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 28 13:56:27 2016 +0100 Update issue tracker url in our man page. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 28 13:53:35 2016 +0100 Update scap-workbench url in the user manual Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 28 13:43:44 2016 +0100 rhbz#1299969: The /bin/oscap does not exists everywhere while the /usr/bin/oscap does. Author: Martin Preisler <martin@preisler.me> Date: Thu Jan 28 13:18:35 2016 +0100 Merge pull request #301 from dahaic/oscap-vm oscap-vm cosmetic changes Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Jan 17 23:13:23 2016 +0100 Remove the code that has been commented out. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Jan 17 22:11:49 2016 +0100 Make the SCE test a little bit stricter And remove some unnecessary characters along the way. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Jan 17 22:00:44 2016 +0100 Refactor: Rename variable to reflect the purpose better Currently, the oscap_source is used for non-SCE files, therefore, the full path is now used only for SCE files. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 16 17:24:31 2016 +0100 tests: arf processing: Assert for bits in oscap info Author: Marek Haicman <dahaic@gmail.com> Date: Wed Jan 27 22:27:49 2016 +0100 Updated oscap-vm to fallback to fusermount only if guestunmount is not present on the system Author: Marek Haicman <dahaic@gmail.com> Date: Tue Jan 26 23:02:30 2016 +0100 Update oscap-vm to require only fuse for unmounting (to enable older versions of libguestfs) Author: Marek Haicman <dahaic@gmail.com> Date: Tue Jan 26 21:15:27 2016 +0100 Update oscap-vm to print --help even if dependencies are not met Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Jan 26 09:51:22 2016 +0100 Merge pull request #293 from jan-cerny/fix_debug Fix scope of a global variable Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Jan 26 09:35:20 2016 +0100 Merge pull request #299 from jan-cerny/maint-1.0 Fix SCE tests Author: Jan Černý <jcerny@redhat.com> Date: Mon Jan 25 12:49:04 2016 +0100 Fix SCE tests This commit adds missing files to the EXTRA_DIST section of makefile. Author: Jan Černý <jcerny@redhat.com> Date: Sat Jan 23 09:09:42 2016 +0100 Merge pull request #298 from mpreisler/envp_fix_maint12 Use canonical PATH when executing remediations Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jan 21 14:44:50 2016 +0100 Use canonical PATH when executing remediations This makes content author's life a little bit easier. The change doesn't break any existing remediations but new remediations relying on these PATHs won't work with old openscap! Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jan 21 11:55:00 2016 +0100 Merge branch 'maint-1.0' into maint-1.2 Author: Jan Černý <jcerny@redhat.com> Date: Thu Jan 21 09:06:56 2016 +0100 Merge pull request #297 from mpreisler/remediation_envp Use { NULL } instead of NULL as envp when executing remediations Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jan 20 16:31:05 2016 +0100 Use { NULL } instead of NULL as envp when executing remediations Using just NULL is discouraged and nonportable, see `man 2 execve`. This commit doesn't change behavior, just improves portability. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Jan 20 14:17:45 2016 +0100 Merge pull request #294 from jan-cerny/change_category Change messages category to DEVEL Author: Jan Černý <jcerny@redhat.com> Date: Tue Jan 19 17:23:29 2016 +0100 Change messages category to DEVEL These messages has not value from the OVAL evaluation point of view. They may be interesting for OpenSCAP developers, so they should have DEVEL category. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jan 19 15:56:25 2016 +0100 Fix scope of a global variable Static modifier made the pointer to log file unreachable from other modules. It caused that some debug messages from some functions (eg. SEXP_list_sort()) could not be printed into log. This commit fixes the bug by removing the 'static' modifier. Author: Jan Černý <jcerny@redhat.com> Date: Mon Jan 18 17:33:20 2016 +0100 Bump version after release Next release from the maint-1.2 branch will be 1.2.9 Author: Jan Černý <jcerny@redhat.com> Date: Mon Jan 18 16:42:59 2016 +0100 OpenSCAP 1.2.8 Author: Jan Černý <jcerny@redhat.com> Date: Mon Jan 18 15:24:10 2016 +0100 Bump soname from 8.7.0 to 8.7.1 No symbols have been added or removed Author: Jan Černý <jcerny@redhat.com> Date: Mon Jan 18 10:45:45 2016 +0100 Merge branch 'maint-1.0' into maint-1.2 Conflicts: src/OVAL/oval_component.c src/XCCDF_POLICY/xccdf_policy.c src/common/oscap_acquire.c tests/API/OVAL/unittests/Makefile.am tests/API/XCCDF/unittests/Makefile.am Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Jan 18 09:35:44 2016 +0100 Merge pull request #291 from jan-cerny/filter_msg Add a message about filter used within an object Author: Jan Černý <jcerny@redhat.com> Date: Sat Jan 16 20:43:09 2016 +0100 Add a message about filter used within an object OVAL objects can contain optional filter element. The filter references a state. The filter can exclude or include items conforming to the state from the set of collected objects. Since the filter can significantly affect the result of object evaluation it would be nice to inform user about processing the filter. This commit adds a short message to the verbose log. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jan 15 10:06:43 2016 +0100 Let's make a warning when unsupported relationship is processed. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jan 15 09:54:52 2016 +0100 Allow both arfvocab and arfrel in core:relationship To my understanding of NISTIR-7694 is not very clear on the topic. Reading the prose, the 'isAbout' is supposed to be a part of arfrel, however in the example, the isAbout is prefixed by arfvocab. I guess it is better to suppose both. Afterall, so far, we are exporting arfrel:isAbout, while we are supporting only arfvocab:isAbout when reading it. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 14 17:29:05 2016 +0100 Refactor: Let's break existing condition into prefix/suffix parts This is needed because in a next commit I want to introduce various other prefixes. This slightly changes behaviour for cases like "ardvocab::blah::isAbout. I tend to think this is acceptable since any such case would render RDS invalid. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 14 17:11:56 2016 +0100 Introduce oscap_str_endswith Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 14 16:59:11 2016 +0100 Refactor: Promote oscap_str_startswith function. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 14 16:54:03 2016 +0100 Notify user when a DataStream without a relationship element is encoutered. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 14 16:48:36 2016 +0100 Refactor: Extract function: _parse_relationships_node Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 14 15:50:26 2016 +0100 Refactor functions related to rds_report_request_index to a module. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 14 15:19:48 2016 +0100 Refactor functions related to rds_report_index to a module. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 14 15:11:32 2016 +0100 Comment the rds_asset_index structure's item. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 14 14:56:06 2016 +0100 Refactor function related to rds_asset_index to a module. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Jan 14 14:04:24 2016 +0100 Merge pull request #290 from jan-cerny/improve_format Improve format of verbose log Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 14 13:58:16 2016 +0100 Update 'ds *' bash completion with recently introduced --skip-valid option. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 14 13:54:12 2016 +0100 Add missing bash completion for rds-split command. Author: Jan Černý <jcerny@redhat.com> Date: Wed Jan 13 12:22:57 2016 +0100 Change message category to DEVEL These messages encapsulate the SEXP object dump, which is already in DEVEL level, so it seems to be a good idea to have corresponding messages also in devel level. Author: Jan Černý <jcerny@redhat.com> Date: Fri Jan 8 14:19:53 2016 +0100 Change format of verbose log To improve readibility of the log, this commit: * begins each line with category of message * then shows name of the process * next after that displays the message itself * displays additional info (pid, thread id, function names) at the end of line and only in DEVEL level to not disturb non-develepers * displays SEXP dumps only in devel level Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 21:01:35 2016 +0100 Refactor: Extract function: _xccdf_session_load_xccdf_benchmark This is one of the classy refactoring commits that decreases complexity a lot. Enjoy the silence. Author: Martin Preisler <martin@preisler.me> Date: Tue Jan 12 16:54:51 2016 +0100 Merge pull request #274 from jan-cerny/soup Add libcurl leak to valgrind suppression file Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Jan 11 16:09:56 2016 +0100 Merge pull request #280 from jan-cerny/object_component_report_todos Report errors on evaluation of object component of a variable + TEST Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Jan 11 15:44:51 2016 +0100 Merge pull request #287 from jan-cerny/add_curl_global_init Use global functions to initialize libcurl Author: Jan Černý <jcerny@redhat.com> Date: Thu Dec 31 19:39:05 2015 +0100 Test reporting errors on evaluation of object component of an variable This test tests whether The ObjectComponentType complex type is processed as defined in OVAL specification. It contains one correct case and two cases which should lead to report an error. For details see comments in supplied OVAL content. However the test does not test fields of the record data type, because the record data type is used only within ldap_item and sql57_item which we don't test in upstream. Author: Jan Černý <jcerny@redhat.com> Date: Thu Dec 31 19:33:00 2015 +0100 Report errors on evaluation of object component of an variable This commit removes TODOs in _oval_component_evaluate_OBJECTREF() function by implementing error reporting as required by OVAL specification: If an entity is not found with a name that matches the value of the item_field an error is be reported when determining the value of an variable. Similar statement applies also for entities of the record data type. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Jan 11 14:15:12 2016 +0100 Merge pull request #276 from jan-cerny/issue272 Issue #272: XCCDF rule unscored role is not working Author: Jan Černý <jcerny@redhat.com> Date: Mon Jan 11 13:42:17 2016 +0100 Use global functions to initialize libcurl As from the libcurl API documentation, http://curl.haxx.se/libcurl/c/curl_easy_init.html we should call curl_global_init to initialize the libcurl library and curl_global_cleanup to clean the memory. We should not rely on the fact that it would be called automatically. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Jan 11 12:59:40 2016 +0100 Merge pull request #286 from jan-cerny/remove_line_maint-1.2 Remove linebreaks from debug messages in maint-1.2 Author: Jan Černý <jcerny@redhat.com> Date: Mon Jan 11 11:52:26 2016 +0100 Print end of line explicetely at the end of each message Author: Jan Černý <jcerny@redhat.com> Date: Mon Jan 11 10:43:40 2016 +0100 Remove linebreaks from debug messages in maint-1.2 To allow to change or redesign the format of verbose log we have to remove line breaks at the end of some messages. Then it will be possible to move the message to the begining or middle of a line without any hacks. The commit also enforces usage of dI, dE, dW macros instead of ocassionaly appearing oscap_dlprintf macro. This change makes codebase more consistent regarding the debugging. This is a continuing of work done in PR#282, which has already removed the line breaks from maint-1.0 branch. Author: Jan Černý <jcerny@redhat.com> Date: Sun Jan 10 17:14:18 2016 +0100 Merge branch 'maint-1.0' into maint-1.2 Conflicts: src/OVAL/oval_defModel.c src/OVAL/oval_probe.c src/OVAL/oval_probe_ext.c src/OVAL/oval_probe_session.c src/OVAL/oval_sexp.c src/OVAL/probes/SEAP/generic/strbuf.c src/OVAL/probes/SEAP/seap-command.c src/OVAL/probes/SEAP/seap-message.c src/OVAL/probes/SEAP/seap-packet.c src/OVAL/probes/oval_fts.c src/OVAL/probes/probe/entcmp.c src/OVAL/probes/probe/icache.c src/OVAL/probes/probe/input_handler.c src/OVAL/probes/probe/worker.c src/OVAL/probes/unix/linux/partition.c src/XCCDF_POLICY/xccdf_policy.c src/common/debug.c src/common/elements.c src/common/oscapxml.c Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 20:29:49 2016 +0100 Refactor: Extract function: _print_xccdf_status Also, print status when presenting a Benchmark within a DataStream Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 20:25:48 2016 +0100 Print-out 'resolved' info even for Benchmarks within a DataStream. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 20:19:30 2016 +0100 Refactor: Expand function: _print_sds_component_xccdf_benchmark It turned out that this indirection is no longer needed. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 19:59:41 2016 +0100 oscap info should handle tailoring file. No matter how non trivial this is. It is useful info for the user. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 19:53:33 2016 +0100 Refactor: pass profile profile to the function instead of the benchmark That will allow us to re-use the function for profiles in Tailoring file. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 19:02:58 2016 +0100 Refactor: Extract function: _print_xccdf_benchmark Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 18:56:38 2016 +0100 Remove unneeded workaround This workaround has been introduced by move of oscap_acquire module to the public api (6cf83d89). Nowdays, the directories are no longer used when parsing datastream. Thus, the workaround for should not. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 18:51:40 2016 +0100 Refactor: Extract function: _print_xccdf_testresults Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 18:45:55 2016 +0100 Refactor: Extract function: _print_xccdf_referenced_files Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 18:38:36 2016 +0100 Parse Tailoring/profiles even when the Benchmark is not present Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 18:09:38 2016 +0100 Refactor: Extract function: _print_xccdf_profiles Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 17:34:00 2016 +0100 Tests: Ensure that unselected&unchecked rule results in unselected Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 16:56:36 2016 +0100 Check Rule's role after checking the selection. We need to obey the Item Processing Algorithm that requires the @selected attribute to be processed *before* the @role attribute. See Table 35: Item Processing Algorithm Sub-Steps in NISTIR-7275r4 for further info. The issue has been introduced by 90128e9f37bdaa796496a67c2600c37794562698. Addressing broken output of the oscap scanner such as: Title Test something Rule xccdf_gov.nist_rule_validation.r3005_rule_5 Result fail notchecked notchecked notchecked Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 9 16:32:50 2016 +0100 Extend existing test to cover DataStream split Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jan 8 16:54:21 2016 +0100 Extend existing test to cover DataStream evaluation of XCCDF with multiple OVAL files that each have the same basename. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jan 8 16:03:25 2016 +0100 Fix broken 'ds sds-split' The sds-split has been broken since 159dc7a8. Now, The sessions know the components by theirs relative name. That is mainly because of trac#434. Since oscap_source, we only need real path for XMLs when dumping on disk and for SCE (any operation). Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jan 8 15:54:34 2016 +0100 Pass target_dir downto ds_dump_component_sources The variable is unused atm. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Jan 8 16:12:02 2016 +0100 Merge pull request #285 from jan-cerny/review_multiline Reviewed linebreaks in multiline calls of debugging macros Author: Jan Černý <jcerny@redhat.com> Date: Fri Jan 8 15:18:28 2016 +0100 Reviewed linebreaks in multiline calls of debugging macros All messages should not finish with '\n'. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Jan 8 11:53:19 2016 +0100 Merge pull request #284 from jan-cerny/remove_pathstrip Always strip the source file path Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Jan 8 11:40:01 2016 +0100 Merge pull request #282 from jan-cerny/remove_linebreaks Remove EOLs from messages and use macros everywhere Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Jan 8 11:15:54 2016 +0100 Merge pull request #283 from jan-cerny/textfilecontent_bug RHBZ#1285757: OpenSCAP pattern match test wrongly results with pass Author: Jan Černý <jcerny@redhat.com> Date: Fri Jan 8 10:50:17 2016 +0100 Always strip the source file path Do not depend on an environment variable. Now we will use behavior which used to be default. Showing the full filepath is not as helpful to slow down the program by reading an environment variable. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jan 8 10:45:52 2016 +0100 Improve error message when user selects tailoring instead of benchmark Previously: OpenSCAP Error: Find element 'Tailoring' while expecting element: 'Benchmark' [benchmark.c:140] Failed to import XCCDF content from 'xccdf.xml'. [benchmark.c:73] Now: OpenSCAP Error: The selected checklist document is not 'XCCDF Checklist', but 'XCCDF Tailoring'. [xccdf_session.c:485] Author: Jan Černý <jcerny@redhat.com> Date: Fri Jan 8 09:54:37 2016 +0100 RHBZ#1285757: OpenSCAP pattern match test wrongly results with pass The textfilecontent54 probe currrently works only with UTF8 strings. It is unable to assess files in different encodings (eg. ISO 8859-1), because pcre_exec returns an error code. However, the probe reports that assessed file does not exist. This commit fixes this wrong behavior in a way that the probe will report an error message in OVAL results and set the object flag to error when regular expression matching failed and pcre_exec() returned an error code. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jan 8 09:53:19 2016 +0100 Improve the error message when asserting for element. Previously: OpenSCAP Error: Failed to import XCCDF content from 'xccdf.xml'. [benchmark.c:73] Now: OpenSCAP Error: Find element 'Tailoring' while expecting element: 'Benchmark' [benchmark.c:140] Failed to import XCCDF content from 'xccdf.xml'. [benchmark.c:73] Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jan 8 09:48:43 2016 +0100 Introduce xccdf_element_to_str function This can be useful in many places. I am wondering why we don't have it already. Author: Jan Černý <jcerny@redhat.com> Date: Thu Jan 7 17:28:54 2016 +0100 Add a end of line Author: Jan Černý <jcerny@redhat.com> Date: Thu Jan 7 17:01:01 2016 +0100 Remove EOL from messages and use macros everywhere To allow to change or redesign the format of verbose log we have to remove line breaks at the end of some messages. Then it will be possible to move the message to the begining or middle of a line without any hacks. The commit also enforces usage of dI, dE, dW macros instead of ocassionaly appearing oscap_dlprintf macro. This change makes codebase more consistent regarding the debugging. To avoid possible wrong usage of debugging macros or wrong formating by developers in future, first part of this change has to be done in the maint-1.0 branch. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jan 7 15:04:46 2016 +0100 Introduce the concept of frozen branches in the versioning document Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 7 14:44:16 2016 +0100 Do not try to read Tailoring file by Benchmark parser Addressing: Ref-Id: scap_gov.nist_cref_r3005-xccdf_tailored_01 OpenSCAP Error: Failed to import XCCDF content from 'xccdf.xml'. [benchmark.c:73] Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 7 14:22:41 2016 +0100 Refactor: Extract function: _print_sds_component_xccdf_benchmark Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 7 13:00:12 2016 +0100 Merge branch 'maint-1.0' into maint-1.2 Conflicts: src/common/oscap_acquire.c tests/API/OVAL/unittests/Makefile.am tests/API/OVAL/unittests/all.sh tests/probes/Makefile.am Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 7 09:45:58 2016 +0100 Add missing scap document name for tailoring Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jan 1 19:29:54 2016 +0100 Bump the date. We wish happy new year to all our users. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jan 1 17:48:17 2016 +0100 A man page typo correction. Author: Jan Černý <jcerny@redhat.com> Date: Fri Jan 1 13:01:51 2016 +0100 Merge pull request #275 from msrubar/create_dir_model Create dir model Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Dec 16 11:48:39 2015 +0100 Add test for basic usage of OVAL Directives This test tests a case when the user decides to use OVAL Directires to remove the <definitions> element from OVAL Results. Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Dec 16 10:24:49 2015 +0100 Create directives model before importing OVAL Directives into it. I forgot to add the line which creates a directives model when I introduced the OVAL Session. The line was forgotten during the refactoring and wasn't caught yet because we don't have and UNIT tests using OVAL Directives. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Dec 22 14:08:34 2015 +0100 Improve verbose logging experience when var/ent comparison fails Addressing scenarios with error message like: OpenSCAP Error: Conversion of the string "" to an integer (64 bits) failed: Invalid argument [oval_cmp.c:110] Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Dec 21 15:03:34 2015 +0100 Merge pull request #278 from jan-cerny/issue277 Issue #277: Fix a segmentation fault Author: Jan Černý <jcerny@redhat.com> Date: Mon Dec 21 13:26:01 2015 +0100 Issue #277: Fix a segmentation fault When a variable is not found in OVAL document, the OpenSCAP should write an error message and finish correctly. Author: Jan Černý <jcerny@redhat.com> Date: Wed Dec 16 18:51:46 2015 +0100 Add a test for issue #272 This test tests counting scores of rules with role attribute set to "unscored" on all 4 scoring models. Author: Jan Černý <jcerny@redhat.com> Date: Wed Dec 16 18:16:32 2015 +0100 Issue #272: XCCDF rule unscored role is not working A rule with unscored role should not be counted in score. XCCDF sepcification says about xccdf:Rule/@role="unscored": if the rule is selected, then check it and include the results in any report, but do not include the result in score computations. This commit fixes counting scores to be in line with specification. Author: Jan Černý <jcerny@redhat.com> Date: Wed Dec 16 13:15:19 2015 +0100 Add libcurl leak to valgrind suppression file Valgrind reports memory leaks when using curl_easy_init(), but we clean the memory correctly. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Dec 16 08:27:16 2015 +0100 Merge pull request #271 from jan-cerny/fix_shellcheck Fix shellcheck warning Author: Jan Černý <jcerny@redhat.com> Date: Tue Dec 15 14:22:53 2015 +0100 Fix Shellcheck warnings Fixed two warnings of SC2155: Declare and assign separately to avoid masking return values. Author: Jan Černý <jcerny@redhat.com> Date: Tue Dec 15 14:02:01 2015 +0100 Fix shellcheck warning SC2155: Declare and assign separately to avoid masking return values Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Dec 15 10:42:01 2015 +0100 Merge pull request #268 from jan-cerny/fixleak2 Plug a memory leak Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Dec 15 10:01:57 2015 +0100 Merge pull request #269 from jan-cerny/fix_missing_initialisation Fix using uninitialized value Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Dec 15 10:00:22 2015 +0100 Merge pull request #267 from jan-cerny/fixleak1 Fix a resource leak reported by coverity scan Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Dec 15 09:54:44 2015 +0100 Merge pull request #266 from jan-cerny/fix_negative_returns Fix wrong check of return value Author: Jan Černý <jcerny@redhat.com> Date: Mon Dec 14 14:18:51 2015 +0100 Fix using uninitialized value Coverity scan has reported this function may return unitialized value. Although it is not likely to happen, it is easily to fix it. Author: Jan Černý <jcerny@redhat.com> Date: Mon Dec 14 13:46:58 2015 +0100 Plug a memory leak Fixing a resource leak reported by coverity scan. SEXP_string_cstr allocates memory which was not freed. Pay attention that SEXP_string_cstr is a confusing name, because it returns "char *", not "const char *". Therefore the return value must be freed after use. Author: Jan Černý <jcerny@redhat.com> Date: Mon Dec 14 13:28:28 2015 +0100 Fix a resource leak reported by coverity scan Variable "fp" going out of scope leaks the storage it points to. We should close the file. Author: Jan Černý <jcerny@redhat.com> Date: Mon Dec 14 12:58:03 2015 +0100 Fix wrong check of return value Coverity scan has reported NEGATIVE_RETURNS defect. The "dup(fd)" was passed to a parameter that cannot be negative. This commit fixes the issue by checking the value for possible -1. Author: Jan Černý <jcerny@redhat.com> Date: Mon Dec 14 11:53:57 2015 +0100 Merge pull request #265 from mzaoui/fix_264 Fix issue #264: Path to 'oscap_source.h' header file is missing Author: Jan Černý <jcerny@redhat.com> Date: Mon Dec 14 11:50:37 2015 +0100 Merge pull request #263 from mzaoui/fix_262 Fix issue #262: Docs: Missing build dependency in README.md Author: Michaël Zaoui <mzaoui@localhost.localdomain> Date: Sun Dec 13 19:09:49 2015 +0100 Fix issue #264: Path to 'oscap_source.h' header file is missing When configuring OpenSCAP with the --enable-cce flag and building OpenSCAP, the following error message is produced: "cce.c:40:26: fatal error: oscap_source.h: No such file or directory". Solution to this problem consists in adding the '-I$(top_srcdir)/src/source/public' to the 'libcce_la_CPPFLAGS' directive of the "src/CCE/Makefile.am" file. Author: Michaël Zaoui <mzaoui@localhost.localdomain> Date: Sun Dec 13 18:20:24 2015 +0100 Fix issue #262: Docs: Missing build dependency in README.md Add bzip2-devel build dependency to the 'README.md' file. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sat Dec 12 07:05:41 2015 +0100 Merge pull request #261 from msrubar/add_xpath_package Package perl-XML-XPath in needed for 'make check' Author: Michal Šrubař <msrubar@redhat.com> Date: Fri Dec 11 20:43:30 2015 +0100 Package perl-XML-XPath in needed for 'make check' Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Dec 11 09:34:11 2015 +0100 Merge pull request #260 from jan-cerny/sysctl_test Add a test for sysctl probe Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Dec 11 09:33:05 2015 +0100 Merge pull request #259 from jan-cerny/test_segfault Test behavior of OVAL module with invalid OVAL content Author: Jan Černý <jcerny@redhat.com> Date: Wed Dec 9 14:16:39 2015 +0100 Add a test for sysctl probe This is a very simple test for sysctl probe. We haven't had test the probe yet. Author: Jan Černý <jcerny@redhat.com> Date: Thu Dec 10 15:03:51 2015 +0100 Add more assertions to a test This commit adds an assert to invalid state in result file and that a error message happens to stderr. Author: Jan Černý <jcerny@redhat.com> Date: Wed Dec 9 16:27:36 2015 +0100 Test behavior of OVAL module with invalid OVAL content This test tests "oscap oval eval" with "--skip-valid" option on invalid OVAL content. The tested content references a not existent state. This situation was one of two reasons of a segmentation fault, described in issue #191. The issue #191 has been fixed already. This commit wants to test it to avoid regressions in future. Author: Jan Černý <jcerny@redhat.com> Date: Thu Dec 10 14:48:20 2015 +0100 Improve error message Author: Martin Preisler <martin@preisler.me> Date: Tue Dec 8 13:49:35 2015 +0100 Merge pull request #257 from ybznek/maint-1.2-oscap-docker-fix oscap-docker: fix CVE path Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Dec 8 12:59:02 2015 +0100 oscap-docker: fix CVE path Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Dec 7 14:16:09 2015 +0100 Merge pull request #254 from jan-cerny/new_sce_test Add a new test for SCE module Author: Jan Černý <jcerny@redhat.com> Date: Mon Dec 7 10:55:32 2015 +0100 Add a new test for SCE module Test "--check-engine-results" together with "--report" options on SCE content. Tests for issue #231 and RHBZ #1275369. Author: Jan Černý <jcerny@redhat.com> Date: Mon Dec 7 11:02:07 2015 +0100 Merge pull request #253 from ybznek/maint-1.2-oscap-docker-fix Oscap-docker: python3 fix Author: Jan Černý <jcerny@redhat.com> Date: Mon Dec 7 07:58:59 2015 +0100 Merge pull request #252 from msrubar/fix_typo The package is called libtool not libtools Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Dec 4 20:03:34 2015 +0100 oscap-docker: fix debug messages format Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Dec 4 18:43:02 2015 +0100 oscap-docker: Python3 fix: convert bytes to string Author: Michal Šrubař <msrubar@redhat.com> Date: Sun Dec 6 20:52:25 2015 +0100 The package is called libtool not libtools Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Dec 4 17:31:52 2015 +0100 Allow use of https:// method within check-content-ref/@href. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Dec 4 17:31:13 2015 +0100 Refactor: Extract function: _str_startswith Author: Jan Černý <jcerny@redhat.com> Date: Thu Dec 3 10:56:44 2015 +0100 Bump version after release Next release from the maint-1.2 branch will be 1.2.8 Author: Jan Černý <jcerny@redhat.com> Date: Tue Dec 1 18:56:04 2015 +0100 openscap-1.2.7 Author: Jan Černý <jcerny@redhat.com> Date: Tue Dec 1 17:28:11 2015 +0100 Bump soname from 8.6.0 to 8.7.0 Two new symbols has been added, one enum has changed. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Dec 1 12:36:01 2015 +0100 Merge pull request #246 from jan-cerny/object_var_ref Inform about referencing variable in a object component Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Dec 1 12:31:41 2015 +0100 Merge pull request #245 from jan-cerny/variables Write values of referenced variables to log Author: Jan Černý <jcerny@redhat.com> Date: Tue Dec 1 10:46:17 2015 +0100 Merge branch 'maint-1.0' into maint-1.2 Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Nov 30 12:58:35 2015 +0100 Merge pull request #244 from jan-cerny/improve_warning Improve a warning Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 30 12:46:30 2015 +0100 Inform about referencing variable in a object component In OVAL objects, object components can have var_ref attribute, using him it is possible to reference a variable. This variable affects the final content of a collected object. This is one of tricky things in OVAL, so it may be useful to report it in log. Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 30 08:26:28 2015 +0100 Write values of referenced variables to log If an OVAL definition contains objects indirectly referenced by a local variable, it is useful to see the values of this variable after the referenced object has been evaluated. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Nov 30 10:41:26 2015 +0100 Merge pull request #243 from jan-cerny/objects_via_variables Inform users about indirect references of objects Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 30 08:23:52 2015 +0100 Improve a warning Adding a missing end of line and change wording of this message. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sun Nov 29 12:21:49 2015 +0100 Merge pull request #242 from jan-cerny/fix_typo Fix a typo Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sun Nov 29 12:21:30 2015 +0100 Merge pull request #241 from jan-cerny/oval_sexp Change category of a message to devel Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sun Nov 29 12:21:01 2015 +0100 Merge pull request #240 from jan-cerny/xccdf_policy_messages Add info messages to xccdf_policy.c Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Sun Nov 29 12:19:24 2015 +0100 Merge pull request #239 from jan-cerny/manual Issue #238: Mention verbose mode in user manual Author: Jan Černý <jcerny@redhat.com> Date: Sat Nov 28 19:31:25 2015 +0100 Add a info message when a variable is querying Author: Jan Černý <jcerny@redhat.com> Date: Sat Nov 28 19:24:18 2015 +0100 Inform user about referencing an object from a variable In an OVAL definitions document, a local variable can contain an object_component subelement which references an OVAL object identified by its href arrtibute. This object must be evaluated in order to complete evaluating a state that variable belongs to. This commit adds info message about processing this speciality. Author: Jan Černý <jcerny@redhat.com> Date: Sat Nov 28 19:16:15 2015 +0100 Inform user when a state references a variable A state can reference a variable. This information is important when that variable references an object which needs to be evaluated first. This commit adds a info message which prints state id, variable id and type of variable (local/static/external). Author: Jan Černý <jcerny@redhat.com> Date: Sat Nov 28 19:01:05 2015 +0100 Fix a typo Author: Jan Černý <jcerny@redhat.com> Date: Sat Nov 28 16:56:17 2015 +0100 Change category of a message to devel For the evaluation process it is not useful to know that an object was decoded from SEXP successfully. It seems to be a message for a developer. Author: Jan Černý <jcerny@redhat.com> Date: Sat Nov 28 10:13:37 2015 +0100 Add info messages to xccdf_policy.c This commit gives user basic understanding of XCCDF evaluation process. Author: Jan Černý <jcerny@redhat.com> Date: Fri Nov 27 17:47:58 2015 +0100 Issue #238: Mention verbose mode in user manual Describe new verbose mode and update the manual. Also typo fixes. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Nov 26 13:00:55 2015 +0100 Merge pull request #237 from jan-cerny/seap_packet Change category of messages Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Nov 26 13:00:39 2015 +0100 Merge pull request #236 from jan-cerny/seap_command Change category of messges in SEAP command function Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Nov 26 10:40:37 2015 +0100 Merge pull request #235 from jan-cerny/seap_message_free Change category of a message Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Nov 26 10:40:20 2015 +0100 Merge pull request #234 from jan-cerny/worker Change category of messages in worker routine to devel Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 26 10:30:06 2015 +0100 Change category of messages These messages were not suitable be in info category. Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 26 10:10:24 2015 +0100 Change category of messges in SEAP command function Hexa values of some variables are interesting only for a developer. Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 26 09:53:24 2015 +0100 Change category of a message Information about freeing memory is interesting only for a C developer. Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 26 09:45:29 2015 +0100 Change category of messages in worker routine to devel These messages are not important from OVAL content point of view. We should put them to devel level to improve readability of log. Author: Martin Preisler <martin@preisler.me> Date: Wed Nov 25 11:34:43 2015 +0100 Merge pull request #233 from jan-cerny/issue231 Issue #231: Fix a segmentation fault Author: Martin Preisler <martin@preisler.me> Date: Wed Nov 25 11:33:10 2015 +0100 Merge pull request #232 from jan-cerny/fix_sce RHBZ#1275369: Fix retrieving SCE results from external results file Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 25 10:25:04 2015 +0100 Issue #231: Fix a segmentation fault We should use here xmlSetGenericErrorFunc instead of initGenericErrorDefaultFunc because initGenericErrorDefaultFunc resets only error handler, but we must also reset the error context, which is possible only by xmlSetGenericErrorFunc. Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 25 09:56:41 2015 +0100 RHBZ#1275369: Fix retrieving SCE results from external results file OpenSCAP was not able to show SCE results from external SCE results file in the HTML report, because incorrect XPath expression was in our XSLT template which is used to genarate the HTML report. According to the XCCDF specification, the path to the external SCE results file should be found in a "href" attribute of a "check-content-ref" element. But we were trying to get it from a "check" element, where it shouldn't be. This caused I/O warnings. In my opinion there must be some cases when some information would be missing in a HTML report. Author: Martin Preisler <martin@preisler.me> Date: Mon Nov 23 19:57:19 2015 +0100 Merge pull request #228 from jan-cerny/xccdf_session_new Add an info message + refactor Author: Martin Preisler <martin@preisler.me> Date: Mon Nov 23 19:55:03 2015 +0100 Merge pull request #229 from jan-cerny/fix_invalid_read Fix valgrind warning in rpmverifyfile probe Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 23 16:49:46 2015 +0100 Merge pull request #227 from isimluk/maint-1.0 Prefer to pass message up to the caller over stderr print-out Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 23 16:19:46 2015 +0100 Fix valgrind warning in rpmverifyfile probe When we were invetigating issue #212, we found that there are some invalid reads from memory in the rpmverifyfile_probe. This commit fixes the valgrind warning, however it does not fix the issue. Addressing: Invalid read of size 1 at 0x4C2BC22: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4E9D9E5: probe_item_create (probe-api.c:1431) by 0x405BAB: rpmverify_additem (rpmverifyfile.c:352) by 0x405BAB: rpmverify_collect (rpmverifyfile.c:297) by 0x405BAB: probe_main (rpmverifyfile.c:472) by 0x40761F: probe_worker (worker.c:951) by 0x407242: probe_worker_runfn (worker.c:54) by 0x715F554: start_thread (pthread_create.c:333) by 0x767EB9C: clone (clone.S:109) Address 0xc933bc0 is 0 bytes inside a block of size 37 free'd at 0x4C29D6A: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x5441DA1: rpmfiFN (rpmfi.c:1640) by 0x544F84D: rpmVerifyFile (verify.c:62) by 0x40595E: rpmverify_collect (rpmverifyfile.c:294) by 0x40595E: probe_main (rpmverifyfile.c:472) by 0x40761F: probe_worker (worker.c:951) by 0x407242: probe_worker_runfn (worker.c:54) by 0x715F554: start_thread (pthread_create.c:333) by 0x767EB9C: clone (clone.S:109) Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 23 11:52:21 2015 +0100 Add an info message Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 23 11:46:00 2015 +0100 Refactor - avoid repeated calls to a function We call oscap_source_get_scap_type 5 times here. It would be better to call it only once, store the return value to a variable and use that variable. Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 23 10:31:05 2015 +0100 Merge pull request #226 from jan-cerny/msg_input_handler Change category of messages to DEVEL Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Nov 23 10:03:18 2015 +0100 Prefer to pass message up to the caller over stderr print-out Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Nov 23 10:01:10 2015 +0100 Make sure to report text of CannotContinueError exception Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Nov 23 09:51:09 2015 +0100 Merge pull request #219 from jan-cerny/small_message_improvements Small message improvements Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Nov 23 09:50:06 2015 +0100 Merge pull request #218 from jan-cerny/msg_oval_session Add new messages to OVAL session Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 23 09:26:25 2015 +0100 Change category of messages to DEVEL Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Nov 22 21:49:21 2015 +0100 Avoid traceback on rpmbuild errors Chances are that the rpmbuild failure is not a problem in our source, but in the inputs given to the tool. Otherwise, we receive unneeded Abrt reports like https://retrace.fedoraproject.org/faf/reports/723484/ Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Nov 20 17:02:32 2015 +0100 Show profile description in HTML report and guide Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Nov 20 14:55:27 2015 +0100 Merge pull request #224 from jan-cerny/fix_named_threads Move setting thread names to a right place Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 18 09:08:43 2015 +0100 Add new messages to OVAL session With those few messages we would slowly start to see the "story of OVAL evaluation" in the log file. Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 18 09:22:45 2015 +0100 Add a message which says that validation will be started Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Nov 20 11:54:19 2015 +0100 Merge pull request #217 from jan-cerny/msg_oval_agent Add new debugging messages to OVAL agent. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Nov 19 12:11:52 2015 +0100 Preliminary support for Ansible Playbooks within xccdf:fix How to test: 1) Put appropriate fix element into your content: <fix system="urn:xccdf:fix:script:ansible"> - name: testing xccdf fix file: path=/etc/passwd mode=0644 </fix> 2) Run the remediation either: # oscap xccdf eval --remediate ... or # oscap xccdf eval --results /tmp/x.xml # oscap xccdf remediate /tmp/x.xml Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 18 08:59:11 2015 +0100 Add new debugging messages to OVAL agent. This will make the log file more understandable. Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 19 11:19:19 2015 +0100 Move setting thread names to a right place Thread names should be set inside the thread routine. This fixes a segfault which might happen when a thread termitates sooner than its name could be set. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Nov 19 10:06:29 2015 +0100 Merge pull request #220 from jan-cerny/msg_oval_probe Add debugging messages to oval_probe.c Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Nov 19 09:54:05 2015 +0100 Merge pull request #215 from jan-cerny/fix_logfile Fix opening a log file Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Nov 19 09:50:33 2015 +0100 Merge pull request #211 from jan-cerny/improve_verbose Improve verbose mode Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 19 09:47:26 2015 +0100 Merge pull request #223 from jan-cerny/maint-1.0 Add set -x to a test Author: Jan Černý <jcerny@redhat.com> Date: Thu Nov 19 09:43:48 2015 +0100 Add set -x to a test This test sometimes randomly fails. I would like to know more when it will happen next time. Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 18 09:54:20 2015 +0100 Add information about querying system information Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 18 09:51:44 2015 +0100 Add messages about creating or querying the system characteristics model Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 18 09:49:47 2015 +0100 Add a message about querying an object Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 18 09:18:28 2015 +0100 Tell user what "URI" means Also use a macro instead of a function for better readability Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 16 18:19:42 2015 +0100 Fix opening a log file There was a serious issue in verbosing feature. Some messages were missing in log file. It is fixed by opening log file in append mode in both library and probes. The commit also improves error messages which are displayed when an error happens while opening file by adding message representing the error code (errno). Author: Martin Preisler <martin@preisler.me> Date: Mon Nov 16 12:53:50 2015 +0100 Merge pull request #213 from jan-cerny/issue206 Issue #206: Improve error messages for verbose feature Author: Martin Preisler <martin@preisler.me> Date: Mon Nov 16 12:51:41 2015 +0100 Merge pull request #214 from jan-cerny/issue205 Issue #205: Fix header dependencies Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 16 11:08:05 2015 +0100 Issue #205: Fix header dependencies The util.h doesn't depend on public/oscap_debug.h, so we should remove the include from there. On the other hand, debug_priv.h depends on public/oscap_debug.h, so we should add include there. Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 16 10:36:40 2015 +0100 Issue #206: Improve error messages for verbose feature This helps users who used incorrectly --verbose and --verbose-log-file how to use those features right. Author: Jan Černý <jcerny@redhat.com> Date: Tue Nov 10 10:05:18 2015 +0100 Add missing end of line after SEXP dump in verbose log Author: Jan Černý <jcerny@redhat.com> Date: Tue Nov 10 09:59:19 2015 +0100 Change verbosity level of some messages to DEVEL These messages are interesting only from a developer point of view. They can be ignored by users interested only in OVAL evaluation. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Nov 9 16:32:09 2015 +0100 Merge pull request #210 from jan-cerny/change_level Change category of some debug messages to DEVEL verbosity level Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 9 14:18:48 2015 +0100 Change category of some messages to DEVEL These messages describe implementation details and can be ignored by users who are interested in OVAL evaluation. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Nov 9 10:15:06 2015 +0100 Merge branch 'maint-1.0' into maint-1.2 Promoting recent fixes to maint-1.2. Conflicts: cpe/openscap-cpe-oval.xml tests/Makefile.am Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Nov 9 09:27:45 2015 +0100 Merge pull request #209 from jan-cerny/fix_cpe_schematron Fix and test openscap-cpe-oval.xml Author: Jan Černý <jcerny@redhat.com> Date: Fri Nov 6 11:19:23 2015 +0100 Merge pull request #208 from jan-cerny/refactor Refactor + fix a segfault Author: Jan Černý <jcerny@redhat.com> Date: Fri Nov 6 10:20:25 2015 +0100 Use $top_srcdir for better readability Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Nov 5 18:02:33 2015 +0100 Merge pull request #201 from jan-cerny/dpkg Support OVAL 5.11.1 in dpkginfo probe Author: Martin Preisler <martin@preisler.me> Date: Thu Nov 5 17:55:03 2015 +0100 Merge pull request #207 from jan-cerny/fix_cpe Fix invalid CPE content Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 4 17:49:42 2015 +0100 Issue #191: Fix a segfault Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 30 20:39:49 2015 +0100 Move an item to the bottom of oval_datatype_t enum Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 30 20:38:27 2015 +0100 Add a warning message Author: Jan Černý <jcerny@redhat.com> Date: Thu Oct 29 10:14:48 2015 +0100 Support OVAL 5.11.1 in dpkginfo probe This adds new data type "debian_evr_string" and uses it in dpkginfo probe to process OVAL content of version 5.11.1 and newer. Author: Jan Černý <jcerny@redhat.com> Date: Thu Oct 29 10:12:56 2015 +0100 Fix build system to build the dpkginfo probe Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 4 15:46:55 2015 +0100 Add a test checking validity of CPE OVAL content Author: Jan Černý <jcerny@redhat.com> Date: Tue Nov 3 11:32:12 2015 +0100 Fix schematron warnings in openscap-cpe-oval.xml This OVAL file did not pass validation by schematron. A rpminfo_test should not reference a rpmverifyfile_object, it can be referenced only from a rpmverifyfile_test. We must change tests to rpmverifyfile_test and also change respective states. Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 2 17:55:23 2015 +0100 Refactor: Extract function oval_family_to_namespace This code repeats 4 times in OpenSCAP. This commit refactors it out to a single function. This functions converts oval family to a XML namespace. Author: Jan Černý <jcerny@redhat.com> Date: Tue Nov 3 09:10:47 2015 +0100 Fix invalid CPE content This OVAL file was invalid. There were missing objects and states. It was one of causes of issue #191 (segfault on oscap xccdf eval). Author: Jan Černý <jcerny@redhat.com> Date: Tue Nov 3 08:33:31 2015 +0100 Merge pull request #190 from isimluk/gcc-warn Fix some gcc warnings Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Oct 24 13:39:33 2015 +0200 Be explicit when casting type. Addressing: unix/linux/rpmverifypackage.c: In function ‘rpmverify_collect’: unix/linux/rpmverifypackage.c:286:32: error: passing argument 3 of ‘rpmcliVerify’ from incompatible pointer type [-Werror=incompatible-pointer-types] ret = rpmcliVerify(ts, qva, poptGetArgs(rpmcli_context)); ^ In file included from unix/linux/rpmverifypackage.c:54:0: /usr/include/rpm/rpmcli.h:269:5: note: expected ‘ARGV_const_t {aka char * const*}’ but argument is of type ‘const char **’ int rpmcliVerify(rpmts ts, QVA_t qva, ARGV_const_t argv); ^ Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Nov 2 19:21:09 2015 +0100 Merge pull request #169 from jan-cerny/verbose Add `--verbose` option to OpenSCAP Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Nov 2 17:04:22 2015 +0100 Revert "Make oval-testdef key less consuming." This reverts commit 6b278aad5943249dbc871ccca710306be4b76db2. See github issue #202 Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Nov 2 16:57:54 2015 +0100 Merge pull request #204 from jan-cerny/issue203 Issue #203: oscap oval eval --skip-valid doesn't skip validating Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 2 16:11:20 2015 +0100 Issue #203: oscap oval eval --skip-valid doesn't skip validating When refactoring the code into the "OVAL session", we have probably forgotten about the --skip-valid option. Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 30 20:16:47 2015 +0100 Move string conversion up in code and check for operation result Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 30 16:58:49 2015 +0100 Terminate program if an error ocurred while turning verbose mode on Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 30 16:58:32 2015 +0100 Change meaning of return value of oscap_set_verbose Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 30 16:55:08 2015 +0100 Use more convenient variable type Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 30 16:51:10 2015 +0100 Change function return type from int to oscap_verbosity_levels Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 30 16:48:15 2015 +0100 Move an enumeration of levels to a public header file This commit moves oscap_verbosity_levels enum to public/oscap_debug.h which will allow us to use it in whole codebase. Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 30 16:03:14 2015 +0100 Use " *" instead of "* " in definition of a function Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 30 15:59:50 2015 +0100 Move debug.h to public/oscap_debug.h Also update includes and Makefile appropriately. Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 23 18:17:21 2015 +0200 Add "static" modifier for __debuglog_level variable We don't need to declare __debuglog_level variable as extern anymore, because macro debug(l) that used it has been already removed. This commit declares this variable as static, because it is used only inside this module, and also removes it from header file from hidden API. Author: Jan Černý <jcerny@redhat.com> Date: Wed Oct 21 17:46:15 2015 +0200 New macro name in a header file Author: Jan Černý <jcerny@redhat.com> Date: Wed Oct 21 14:17:40 2015 +0200 Add debug.h to Makefile.am Author: Jan Černý <jcerny@redhat.com> Date: Wed Oct 21 14:13:01 2015 +0200 Remove unused macros Author: Jan Černý <jcerny@redhat.com> Date: Wed Oct 21 13:43:48 2015 +0200 Update bash automatic completion function Adding verbosity options Author: Jan Černý <jcerny@redhat.com> Date: Wed Oct 21 13:42:43 2015 +0200 Add verbose option to the manual page Author: Jan Černý <jcerny@redhat.com> Date: Wed Oct 21 13:35:57 2015 +0200 Add a function checking correct usage of "verbose*" options This function checks that both --verbose and --verbose-log-file are used, and not only one of them. Also checks that only specified level names are used. If an user uses the options incorrectly, then appropriate error message will help him. Author: Jan Černý <jcerny@redhat.com> Date: Wed Oct 21 13:28:16 2015 +0200 Enable debbugging messages in probes A probe retreives verbosity level and log file name from 2 environmental variables. When some of these environmental variables is not set, debugging messages remain turned off. Author: Jan Černý <jcerny@redhat.com> Date: Wed Oct 21 13:25:51 2015 +0200 Introduce verbosity options to oscap XCCDF module The "oscap xccdf eval" module will have two new options --verbose and --verbose-log-file. Author: Jan Černý <jcerny@redhat.com> Date: Wed Oct 21 13:22:14 2015 +0200 Introduce verbosity options to oscap oval module Two new options --verbose and --verbose-log-file will be added to oscap oval eval, oscap oval collect and oscap oval analyse. Author: Jan Černý <jcerny@redhat.com> Date: Wed Oct 21 13:16:46 2015 +0200 Add new fields to oscap_action structure This commit adds "verbosity level" and "verbose log file" into the oscap_action structure. These will be used later to store values of new options that will be introduced to the oscap command line tool: --verbose and --verbose-log-file. Author: Jan Černý <jcerny@redhat.com> Date: Wed Oct 21 13:08:48 2015 +0200 Make debugging functions possibly working in standard mode Debugging functions of OpenSCAP can be now turned on by calling the oscap_set_verbose() function. Also refactors and removes code duplicities in debug.c. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Oct 26 13:46:21 2015 +0100 Merge branch 'maint-1.0' into maint-1.2 Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Oct 24 11:32:31 2015 +0200 new glibc forces us to use _DEFAULT_SOURCE but we keep _BSD_SOURCE here for compatibility with older libc. Addressing: In file included from /usr/include/string.h:25:0, from cpename.c:37: /usr/include/features.h:148:3: error: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" [-Werror=cpp] # warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use # _DEFAULT_SOURCE" Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Oct 23 17:48:59 2015 +0200 Avoid variable that is present only in debug mode Addressing: probes/probe-api.c: In function 'probe_obj_attrexists': probes/probe-api.c:552:9: error: variable 'name_len' set but not used [-Werror=unused-but-set-variable] size_t name_len; ^ Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Oct 23 16:57:38 2015 +0200 Avoid variable that is present only in debug mode Addressing: probes/probe-api.c: In function 'probe_obj_getattrval': probes/probe-api.c:507:9: error: variable 'name_len' set but not used [-Werror=unused-but-set-variable] size_t name_len; ^ Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Oct 23 16:53:25 2015 +0200 Fix a typo. This is where I lost my dignity. By fixing a warning I broke the build! Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Oct 23 16:35:37 2015 +0200 Fix freshly introduced warnings. Addressing: oscap_acquire.c: In function 'oscap_acquire_url_download': oscap_acquire.c:146:32: warning: implicit declaration of function 'oscap_buffer_new' [-Wimplicit-function-declaration] struct oscap_buffer* buffer = oscap_buffer_new(); ^ oscap_acquire.c:146:32: warning: initialization makes pointer from integer without a cast [-Wint-conversion] oscap_acquire.c:157:3: warning: implicit declaration of function 'oscap_buffer_free' [-Wimplicit-function-declaration] oscap_buffer_free(buffer); ^ oscap_acquire.c:161:17: warning: implicit declaration of function 'oscap_buffer_get_length' [-Wimplicit-function-declaration] *memory_size = oscap_buffer_get_length(buffer); ^ oscap_acquire.c:162:15: warning: implicit declaration of function 'oscap_buffer_bequeath' [-Wimplicit-function-declaration] char* data = oscap_buffer_bequeath(buffer); // get data and free buffer struct ^ oscap_acquire.c:162:15: warning: initialization makes pointer from integer without a cast [-Wint-conversion] oscap_acquire.c: In function 'write_to_memory_callback': oscap_acquire.c:169:2: warning: implicit declaration of function 'oscap_buffer_append_binary_data' [-Wimplicit-function-declaration] oscap_buffer_append_binary_data((struct oscap_buffer*)userdata, ptr, new_received_size); Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Oct 9 13:18:40 2015 +0200 Make oval-testdef key less consuming. Author: Martin Preisler <martin@preisler.me> Date: Wed Oct 21 20:16:23 2015 +0200 Merge pull request #188 from jan-cerny/pci_dss_group_in_report Group rules by PCI DSS requirement in HTML report Author: Jan Černý <jcerny@redhat.com> Date: Wed Oct 21 17:39:41 2015 +0200 Regenerate xccdf-resources.xsl Author: Jan Černý <jcerny@redhat.com> Date: Wed Oct 21 17:26:31 2015 +0200 Group rules by PCI DSS requirement in HTML report References to PCI DSS have been added recently for rules in SCAP Security Guide. Although it is possible now to group these rules by their PCI DSS identifiers in HTML report, it is not user-friendly. An URL is displayed in combobox and the groups are in random order. This commit improves the usability of report. First, "PCI DSS Requirement" is displayed in combobox instead of an URL. Second, groups are sorted by the requirement number. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Oct 20 20:22:11 2015 +0200 typo in test comment Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Oct 20 16:21:32 2015 +0200 Merge pull request #185 from ybznek/maint-1.0-versioning Add versioning document Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Oct 20 10:52:31 2015 +0200 Add versioning document Author: Zbynek <ybznek@users.noreply.github.com> Date: Tue Oct 20 10:29:07 2015 +0200 Merge pull request #179 from mpreisler/bzip_in_oscap_docker Download bzipped variants of RHSA OVAL data in oscap-docker Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Oct 19 10:04:34 2015 +0200 Merge pull request #183 from msrubar/add_how_to_contribute Add how to contribute Author: Michal Šrubař <msrubar@redhat.com> Date: Fri Oct 16 11:27:54 2015 +0200 Enhance README and Convert it into Markdown. The markdown version of the README document is already in the maint-1.2 but we also want it in the the maint-1.0 branch so we can have all the contribute documents and manuals in the maint-1.0. The commit also adds links to the new "How to contribute to the openscap" and versioning and will replace the old link to documentation to our new oscap user manual. Author: Michal Šrubař <msrubar@redhat.com> Date: Fri Oct 16 11:07:44 2015 +0200 Add "How to contribute to OpenSCAP" document This little how-to can help new Red Hat interns and contributors with basic questions that I have in the beginnings. Author: Martin Preisler <martin@preisler.me> Date: Fri Oct 16 16:45:00 2015 +0200 Merge pull request #184 from ybznek/maint-1.0-xccdf-resolve-test tests: add test to oscap xccdf resolve Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Oct 16 12:15:01 2015 +0200 tests: add test for oscap xccdf resolve Author: Marcus Meissner <meissner@suse.de> Date: Wed Oct 14 14:47:38 2015 +0200 this patch autodetects the SUSE Linux Enterprise versions (without SP) and openSUSE versions Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Oct 14 14:37:04 2015 +0200 Added /utils/oscap-docker to .gitignore It is auto-generated as part of ./configure Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 13 16:10:32 2015 +0200 Don't check for `umount` in oscap-vm, it's not used in the script Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Oct 14 14:33:50 2015 +0200 Fail at configure if oscap-docker is enable but bzip2 wasn't found This prevents surprises later when oscap-docker downloads bzipped RHSA OVAL and oscap fails to load it. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Oct 14 11:07:42 2015 +0200 Download bzipped variants of RHSA OVAL data in oscap-docker Saves bandwidth and (at least in most cases) time. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Oct 13 18:18:58 2015 +0200 Merge pull request #178 from mpreisler/https_in_oscap_docker Use HTTPS for fetching the CVE OVALs in oscap-docker Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 13 15:54:36 2015 +0200 Use HTTPS for fetching the CVE OVALs in oscap-docker Added HTTPSHandler in case other people want to use https for fetching and they want to change the URL. Author: Zbynek <ybznek@users.noreply.github.com> Date: Mon Oct 12 20:58:52 2015 +0200 Merge pull request #173 from ybznek/maint-1.2-oval-results-relative-path Fix loading oval results from relative path Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Oct 12 11:56:28 2015 +0200 Merge pull request #175 from mpreisler/oscap_vm oscap-vm - scan virtual machines and their images Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Oct 12 11:17:53 2015 +0200 tests: Replace realpath by readlink Realpath doesn't exists on rhel6 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Sep 17 20:55:07 2015 +0200 tests: Add test for loading OVAL/OVAL results using relative path Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Oct 6 07:48:46 2015 +0200 Remove oval_template parameter from oval_results Data from arf are now used, so we don't need to load OVAL results files Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Oct 6 07:33:23 2015 +0200 Store generated arf report When you need generate ARF report and HTML report the arf is generated only once now. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Sep 29 12:49:27 2015 +0200 Refactoring: Skip ARF creation when report was not requested. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 28 20:03:00 2015 +0200 Use arf to export oval_results to report This commit solve problem with escaped oval_results path which wasn't loadable from xslt Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 28 18:36:14 2015 +0200 Move create_arf_source to extra function Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 18 11:27:27 2015 +0200 Escape relative path of oval results. as well as we did with absolute path. Author: Martin Preisler <martin@preisler.me> Date: Fri Oct 9 17:44:24 2015 +0200 Merge pull request #177 from jan-cerny/fix_sysctl Fix errors of sysctl probe Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 9 16:53:39 2015 +0200 Improve comments Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 9 14:18:37 2015 +0200 Skip "stable_secret" files in sysctl probe Files /proc/sys/net/ipv6/conf/*/stable_secret cannot be read until they are not set. It caused read error when collecting data in sysctl probe. In case of error while reading from some of these files, the probe will skip it. Author: Jan Černý <jcerny@redhat.com> Date: Fri Oct 9 14:08:44 2015 +0200 Fix errors of sysctl probe caused by reading write-only files While collecting data from the /proc/sys filesystem, the sysctl probe tried to read from some files that are write-only, for example /proc/sys/net/ipv4/route/flush. The "sysctl" utility skips those files. This commit introduce skipping them to OpenSCAP. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Oct 9 13:19:56 2015 +0200 Merge pull request #176 from ybznek/maint-1.0-env-variable environmentvariable58 refactoring Author: Martin Preisler <martin@preisler.me> Date: Fri Oct 9 13:12:21 2015 +0200 Removed --remediate from supported options in oscap-vm Remediation doesn't work in offline mode, oscap will tell that to the user if it's attempted. Author: Martin Preisler <martin@preisler.me> Date: Fri Oct 9 11:56:06 2015 +0200 Use guestunmount instead of just umount in oscap-vm Author: Martin Preisler <martin@preisler.me> Date: Fri Oct 9 11:54:27 2015 +0200 Removed a comment in oscap-vm that is no longer true, any storage can be root now Author: Martin Preisler <martin@preisler.me> Date: Fri Oct 9 11:47:47 2015 +0200 shellcheck related fixes in utils/oscap-vm Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Oct 9 11:17:25 2015 +0200 environmentvariable58 refactoring int->bool Author: Martin Preisler <martin@preisler.me> Date: Thu Oct 8 19:28:39 2015 +0200 Let guestmount guess the mountpoints for us Author: Martin Preisler <martin@preisler.me> Date: Thu Oct 8 19:26:12 2015 +0200 Minor doc fixes for oscap-vm, added a manpage Author: Martin Preisler <martin@preisler.me> Date: Thu Oct 8 19:20:36 2015 +0200 rmdir the mountpoint after oscap-vm unmounts Author: Martin Preisler <martin@preisler.me> Date: Thu Oct 8 19:19:24 2015 +0200 Added oscap-vm to the autotools machinery Author: Martin Preisler <martin@preisler.me> Date: Thu Oct 8 19:13:22 2015 +0200 Initial version of oscap-vm, supports both image and domain scanning Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Oct 7 15:47:11 2015 +0200 Ensure position of fd is always set correctly. With newer glibc, rewind is enough. However, with older glibc (rhel6) rewind does not affect underlying fd. Let's use lseek directly to ensure the position is correct everywhere. http://projects.theforeman.org/issues/12073 Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Oct 7 14:05:55 2015 +0200 whitespace fix Author: Martin Preisler <martin@preisler.me> Date: Mon Oct 5 14:40:46 2015 +0200 Merge pull request #160 from jan-cerny/rpmverifyfile Support OVAL 5.11.1 in rpmverifyfile probe + test Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Oct 5 01:35:15 2015 +0200 Bump version after release Next release from maint-1.2 branch will be 1.2.7. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Oct 2 18:20:53 2015 +0200 openscap-1.2.6 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Oct 2 18:34:43 2015 +0200 Fix distibution of oscap-docker oscap-docker should not be in archive generated by make dist It should be generated from oscap-docker.id Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Oct 2 17:18:25 2015 +0200 Merge pull request #172 from ybznek/maint-1-2-release oscap-docker changes before release Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Oct 2 11:14:53 2015 +0200 oscap-docker: fix some pylint hints Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Oct 2 10:56:12 2015 +0200 oscap-docker: improve python3 compatibility Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Oct 2 10:42:45 2015 +0200 oscap-docker: fix issue with HTTP HEAD unavailable When oscap-docker cannot determine last-modified of remote file because HTTP HEAD request cannot be performed, don't use local copy Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Oct 2 08:53:25 2015 +0200 dynamically determine oscap-docker python dir Use default python version to determine in which folder should be oscap-docker installed. Author: Jan Černý <jcerny@redhat.com> Date: Thu Oct 1 21:19:09 2015 +0200 Use /etc/passwd instead of /etc/redhat-release in rpmverifyfile tests Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Oct 1 13:13:53 2015 +0200 Merge pull request #154 from jan-cerny/check_existence Support check_existence attribute in state entities + test Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Sep 29 19:16:29 2015 +0200 openscap-1.2.6 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Sep 29 18:18:08 2015 +0200 Bump soname from 8.5.1 to 8.6.0 23 new symbol has beed added, one enum has been changed Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Sep 29 15:26:49 2015 +0200 Merge branch 'maint-1.1' into maint-1.2 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Sep 29 15:06:17 2015 +0200 Merge branch 'maint-1.0' into maint-1.1 Author: Jan Černý <jcerny@redhat.com> Date: Thu Sep 17 14:12:28 2015 +0200 Rename to oval_status_counter Author: Martin Preisler <martin@preisler.me> Date: Sun Sep 27 15:21:52 2015 +0200 Merge pull request #168 from ybznek/maint-1.0-fix-oscap-string-test Maint 1.0 fix oscap string test Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 25 18:57:18 2015 +0200 tests: test_oscap_string add #include <config.h> Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 25 18:56:20 2015 +0200 tests: test_oscap_string add licence Author: Martin Preisler <martin@preisler.me> Date: Fri Sep 25 18:35:55 2015 +0200 Merge pull request #167 from ybznek/maint-1.2-glob-to-regex test: glob-to-regex fix #include <config.h> Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 25 17:51:44 2015 +0200 test: glob-to-regex fix #include <config.h> Author: Michal Šrubař <msrubar@redhat.com> Date: Fri Sep 25 13:53:06 2015 +0200 Distribute the html version of the oscap user manual Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 25 16:35:02 2015 +0200 Merge branch 'baude-improve_fetch' into maint-1.2 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 25 10:34:21 2015 +0200 Fix getting of non-mandatory HTTP header field When HTTP server doen't provide last-modified header, it can cause error state. https://tools.ietf.org/html/rfc7232#section-2.2 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 25 09:34:19 2015 +0200 oscap_docker print debug messages to stderr instead of stdout Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 25 09:31:54 2015 +0200 oscap_docker fix return value Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 25 09:30:04 2015 +0200 Merge branch 'improve_fetch' of git://github.com/baude/openscap into baude-improve_fetch Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 24 15:28:38 2015 +0200 Merge branch 'maint-1.1' into maint-1.2 Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 24 15:27:27 2015 +0200 Merge branch 'maint-1.0' into maint-1.1 Author: Martin Preisler <martin@preisler.me> Date: Thu Sep 24 15:26:45 2015 +0200 Merge pull request #164 from ybznek/maint-1.1-oval-details tests: oval_details fix issue with make distclean Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Sep 22 17:07:42 2015 +0200 tests: oval_details fix issue with make distclean make distclean was deleting important test files (countries.xml, foo.txt) Author: Jan Černý <jcerny@redhat.com> Date: Tue Sep 22 16:19:53 2015 +0200 Basic test for rpmverifyfile probe with OVAL 5.11 content Author: Jan Černý <jcerny@redhat.com> Date: Wed Sep 16 17:05:41 2015 +0200 Test rpmverifyfile probe, with focus on OVAL 5.11.1 support Author: Jan Černý <jcerny@redhat.com> Date: Wed Sep 16 16:58:09 2015 +0200 Support OVAL 5.11.1 in rpmverifyfile probe New attributes "nocaps" and "nodigest" in rpmverifyfile_object/behaviors were introduced and attribute "nomd5" was deprecated in OVAL 5.11.1. Also a new child element "filedigest_differs" within rpmverifyfile_item deprecates element "md5_differs" in OVAL 5.11.1. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 22 16:53:54 2015 +0200 Fixed a logical error in strto_uint64_bin sanity check Author: Brent Baude <bbaude@redhat.com> Date: Fri Sep 18 10:35:26 2015 -0500 Improve caching and fetching of CVE input data Previously, we determined if new CVE data should be fetched by specificying the max age of the files in units of hours. The new implementation uses the following to determine if it should fetch the new file: * If the file isn't in the local cache dir, fetch it * If the file is local, check the mtime of the remote file and compare it to the local file. If they differ by more than two seconds, fetch a new one. * Else, do not fetch a new one. We also now return the fully qualified file name in question from _fetch_single. And in the case of fetch_dist_data, we return a list of all the filenames. This is in preparation of the files being compressed upstream as we will want to know which file(s) we are dealing with. And finally, debug was added to the time related functions so they are easier to debug. This will also come in handy when we contemplate handling of compressed and/or uncompressed files. Author: Jan Černý <jcerny@redhat.com> Date: Tue Sep 15 10:41:01 2015 +0200 Add documentation Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 14 17:48:31 2015 +0200 Added version numbers to oscap-docker error messages Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 14 16:39:54 2015 +0200 Removed oscap-docker from shell script check It is no longer a bash script. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 14 13:23:58 2015 +0200 Check that '_clean_temp_container_by_path' method is available in DockerMount The code relies on it but this method is not in upstream yet, only in a pull request. Author: Jan Černý <jcerny@redhat.com> Date: Mon Sep 14 12:43:54 2015 +0200 Move item statuses to a separate file Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Sep 14 12:45:03 2015 +0200 Add reference to 'man oscap' to --help Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 11 20:10:31 2015 +0200 Do not print None to stdout Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 11 20:11:42 2015 +0200 Do not print newline after returned string wih newline print creates empy line after output and cause tests dont pass Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Sep 14 10:33:21 2015 +0200 Merge pull request #159 from jan-cerny/named_threads Show process name and thread name in debug logs Author: Jan Černý <jcerny@redhat.com> Date: Mon Sep 14 09:51:16 2015 +0200 Use correct error family Author: Jan Černý <jcerny@redhat.com> Date: Sun Sep 13 09:22:08 2015 +0200 Show process name and current thread name in debug logs Author: Jan Černý <jcerny@redhat.com> Date: Sun Sep 13 09:21:15 2015 +0200 Name threads Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Sep 11 17:07:14 2015 +0200 Fail with nicer messages when user has old Atomic or no Atomic at all Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Sep 11 16:39:42 2015 +0200 Added license headers, renamed classes to shut up PEP8, minor refactoring Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Sep 11 16:23:44 2015 +0200 oscap_docker_python .pyc files added to gitignore Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Sep 11 16:22:54 2015 +0200 Install the oscap_docker_python helper package as part of `make install` Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Sep 11 16:16:57 2015 +0200 Merge pull request #149 from msrubar/oscap_user_manual Add user manual for oscap Author: Lenka Horáková <lhorakov@redhat.com> Date: Tue Sep 1 16:02:22 2015 +0200 Add user manual for oscap Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Sep 11 11:13:48 2015 +0200 Replaced old oscap-docker with oscap-docker.py Fixed up shebang, executable bit Author: Brent Baude <bbaude@redhat.com> Date: Wed Aug 19 15:25:18 2015 -0500 Port oscap-docker from bash to python This supports two key changes in scanning docker images and containers where now both atomic and openscap-daemon are capable of scanning. The port to python should allow more utilities to leverage the existing openscap-docker function and create less diversion. Author: Martin Preisler <martin@preisler.me> Date: Thu Sep 10 21:38:20 2015 +0200 Merge pull request #158 from msrubar/remove_unused_func Remove unused oval_gen_report function Author: Michal Šrubař <msrubar@redhat.com> Date: Thu Sep 10 16:25:51 2015 +0200 Remove unused oval_gen_report function Functionality of this function was moved into the OVAL Sesssion during the refactoring of app_evaluate_oval (see 42895cc157905036b0c7e11772fa9e9cbabb3f30) and it's not used anymore. The function wasn't remove during the refactoring because the warning complaining about it got lost among other warnings. Author: Jan Černý <jcerny@redhat.com> Date: Wed Sep 9 16:37:33 2015 +0200 Fix bad variable name Author: Jan Černý <jcerny@redhat.com> Date: Wed Sep 9 16:09:32 2015 +0200 Serialize check_existence attribute only if OVAL core schema version >= 5.11.1 Author: Jan Černý <jcerny@redhat.com> Date: Wed Sep 2 15:49:02 2015 +0200 Test support of check_existence attribute in state entities Author: Jan Černý <jcerny@redhat.com> Date: Wed Jul 29 14:55:18 2015 +0200 Support check_existence attribute in state entities Author: Martin Preisler <martin@preisler.me> Date: Wed Sep 9 15:31:51 2015 +0200 Merge pull request #107 from jan-cerny/schv Parsing and populating multiple platform-specific schema_version elements Author: Jan Černý <jcerny@redhat.com> Date: Wed Sep 9 13:07:46 2015 +0200 Move components enumeration to a header file, add count into enum Author: Jan Černý <jcerny@redhat.com> Date: Wed Sep 9 13:06:29 2015 +0200 Allocate memory directly on heap, do not use strdup. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Sep 8 14:11:10 2015 +0200 Merge pull request #156 from jan-cerny/trac505_leak trac#505: Plug memory leaks Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 8 13:13:40 2015 +0200 Added a specific advice how to resolve XCCDF document into the XSLT warning Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 8 13:11:40 2015 +0200 Warn if XCCDF Benchmark is unresolved while HTML guide is being generated Author: Jan Černý <jcerny@redhat.com> Date: Tue Sep 8 12:19:02 2015 +0200 trac#505: Plug memory leaks Addressing: 11 bytes in 1 blocks are indirectly lost in loss record 1 of 5 at 0x4C29BFD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x757E529: strdup (in /usr/lib64/libc-2.17.so) by 0x4E84D9A: oscap_strdup (util.c:65) by 0x4ED3DDF: xccdf_refine_rule_clone (profile.c:107) by 0x4EE1780: xccdf_policy_add_profile_refine_rules (xccdf_policy_resolve.c:190) by 0x4EE4676: xccdf_policy_new (xccdf_policy.c:1773) by 0x4EE42AD: xccdf_policy_model_get_policy_by_id (xccdf_policy.c:1880) by 0x4EDF7B4: xccdf_session_set_profile_id (xccdf_session.c:363) by 0x40B91B: app_evaluate_xccdf (oscap-xccdf.c:482) by 0x407E37: oscap_module_call (oscap-tool.c:260) by 0x407E37: oscap_module_process (oscap-tool.c:345) by 0x406D5E: main (oscap.c:80) 24 bytes in 1 blocks are indirectly lost in loss record 2 of 5 at 0x4C2B974: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4E80488: __oscap_calloc (alloc.c:68) by 0x4E81883: oscap_list_clone (list.c:130) by 0x4ED3E09: xccdf_refine_rule_clone (profile.c:111) by 0x4EE1780: xccdf_policy_add_profile_refine_rules (xccdf_policy_resolve.c:190) by 0x4EE4676: xccdf_policy_new (xccdf_policy.c:1773) by 0x4EE42AD: xccdf_policy_model_get_policy_by_id (xccdf_policy.c:1880) by 0x4EDF7B4: xccdf_session_set_profile_id (xccdf_session.c:363) by 0x40B91B: app_evaluate_xccdf (oscap-xccdf.c:482) by 0x407E37: oscap_module_call (oscap-tool.c:260) by 0x407E37: oscap_module_process (oscap-tool.c:345) by 0x406D5E: main (oscap.c:80) 29 bytes in 1 blocks are indirectly lost in loss record 3 of 5 at 0x4C29BFD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x757E529: strdup (in /usr/lib64/libc-2.17.so) by 0x4E84D9A: oscap_strdup (util.c:65) by 0x4ED3DD3: xccdf_refine_rule_clone (profile.c:106) by 0x4EE1780: xccdf_policy_add_profile_refine_rules (xccdf_policy_resolve.c:190) by 0x4EE4676: xccdf_policy_new (xccdf_policy.c:1773) by 0x4EE42AD: xccdf_policy_model_get_policy_by_id (xccdf_policy.c:1880) by 0x4EDF7B4: xccdf_session_set_profile_id (xccdf_session.c:363) by 0x40B91B: app_evaluate_xccdf (oscap-xccdf.c:482) by 0x407E37: oscap_module_call (oscap-tool.c:260) by 0x407E37: oscap_module_process (oscap-tool.c:345) by 0x406D5E: main (oscap.c:80) 104 (40 direct, 64 indirect) bytes in 1 blocks are definitely lost in loss record 5 of 5 at 0x4C2B974: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4E80488: __oscap_calloc (alloc.c:68) by 0x4ED3DC7: xccdf_refine_rule_clone (profile.c:105) by 0x4EE1780: xccdf_policy_add_profile_refine_rules (xccdf_policy_resolve.c:190) by 0x4EE4676: xccdf_policy_new (xccdf_policy.c:1773) by 0x4EE42AD: xccdf_policy_model_get_policy_by_id (xccdf_policy.c:1880) by 0x4EDF7B4: xccdf_session_set_profile_id (xccdf_session.c:363) by 0x40B91B: app_evaluate_xccdf (oscap-xccdf.c:482) by 0x407E37: oscap_module_call (oscap-tool.c:260) by 0x407E37: oscap_module_process (oscap-tool.c:345) by 0x406D5E: main (oscap.c:80) Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Sep 8 08:08:51 2015 +0200 Merge pull request #155 from ybznek/maint-1.0-fix-include Fix bad #include in oscap_acquire Author: z <moraveczbynek@gmail.com> Date: Mon Sep 7 19:06:43 2015 +0200 Fix bad #include in oscap_acquire Author: Martin Preisler <martin@preisler.me> Date: Fri Sep 4 14:32:47 2015 +0200 Merge pull request #153 from ybznek/maint-1.2-oscap_string_visibility_fix oscap_string fix visibility Author: Martin Preisler <martin@preisler.me> Date: Fri Sep 4 14:32:04 2015 +0200 Merge pull request #151 from ybznek/maint-1.2-error-libxml Push libxml parsing to oscap_seterr Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 4 11:34:33 2015 +0200 Fix test for libxml errors Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 31 17:36:58 2015 +0200 Push libxml parsing to oscap_seterr Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Sep 4 10:29:26 2015 +0200 oscap_string fix visibility oscap_string_bequeath and oscap_string_clear Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 3 18:29:43 2015 +0200 Merge branch 'maint-1.1' into maint-1.2 Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 3 18:25:32 2015 +0200 Merge branch 'maint-1.0' into maint-1.1 Author: Martin Preisler <martin@preisler.me> Date: Thu Sep 3 18:23:14 2015 +0200 Merge pull request #152 from ybznek/maint-1.0-string-func Maint 1.0 string func Author: Martin Preisler <martin@preisler.me> Date: Thu Sep 3 18:22:05 2015 +0200 Merge pull request #150 from ybznek/maint-1.2-error-m Don't print the same error messages multiple times Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 3 12:59:13 2015 +0200 Changed HTML guide so that the newly added print rules apply to it div with class="identifiers" is now wrapping idents and references in HTML guide. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 3 12:58:47 2015 +0200 Hide identifier URL as well in HTML report Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Sep 3 11:24:51 2015 +0200 Add oscap_string_clear Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 31 17:34:12 2015 +0200 Add oscap_string_empty Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 3 11:42:33 2015 +0200 Hide interactive HTML report elements when printing Tapping on them on paper doesn't do anything :-) Author: Martin Preisler <martin@preisler.me> Date: Thu Sep 3 11:37:08 2015 +0200 Merge pull request #148 from jan-cerny/print_report trac#501: Do not print tooltips in printed form of HTML report Author: Jan Černý <jcerny@redhat.com> Date: Thu Sep 3 10:07:58 2015 +0200 Generate updated xccdf-resources.xsl Author: Jan Černý <jcerny@redhat.com> Date: Mon Aug 31 10:37:04 2015 +0200 trac#501: Do not print tooltips in printed form of HTML report Tooltips will not be printed because it was repeating redundant information. It caused lines to span to a half of page. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Sep 2 18:08:52 2015 +0200 Fix multiple printing of same error message See previous two commits. Why can I do the change? Before this commit: When oscap_source_get_scap_type returns OSCAP_DOCUMENT_UNKNOWN, It is passed to oscap_source_get_schema_version. oscap_source_get_schema_version can return only NULL for OSCAP_DOCUMENT_UNKNOWN. oscap_source_validate_priv returns -1 for NULL version. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Sep 2 17:54:58 2015 +0200 Get schema_version in oscap_source_validate only once Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Sep 2 14:52:47 2015 +0200 Get scap_type in oscap_source_validate only once Multiple calls cause that oscap tries to parse non-valid xml again and again And stderr contains the same error messages many times Author: Jan Černý <jcerny@redhat.com> Date: Mon Aug 31 09:45:55 2015 +0200 Name an enum Author: Jan Černý <jcerny@redhat.com> Date: Mon Aug 31 09:03:37 2015 +0200 Small improvements Move declarations closer to their use. Add a comment explaining discarding "const" type. Declare core_schema_version as "char *" instead of "const char *" because it needs to be taken with a free. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Aug 27 15:50:06 2015 +0200 Merge pull request #147 from msrubar/xccdf_set-value_fix Use a value specified by <set-value> element Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 26 11:05:10 2015 +0200 Test that values specified in a profile are passed to a SCE script correctly Author: Michal Šrubař <msrubar@redhat.com> Date: Tue Aug 25 11:46:25 2015 +0200 Use a value specified by <set-value> element In case where a value of a Value object is changed by <set-value> element in a profile we have to work with that value and the default one. See: https://fedorahosted.org/openscap/ticket/498 Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Aug 25 12:19:04 2015 +0200 Merge pull request #146 from ybznek/maint-1.0-arf-export-segfault Maint 1.0 arf export segfault - add check oscap_htable_iterator_has_more Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Aug 25 10:23:26 2015 +0200 oscap_htable_iterator_has_more add check for htable == NULL Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 24 00:12:23 2015 +0200 tests: regression test for arf result of xccdf without reference to oval Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Aug 24 19:13:34 2015 +0200 Allow session to re-try oval_results export Recently, we are getting weird reports from ABRT retrace server such: 1: oscap_htable_iterator_has_more 2: ds_rds_create_from_dom (inlined) src/DS/rds.c +724 3: ds_rds_create_source src/DS/rds.c +752 4: xccdf_session_export_arf src/XCCDF/xccdf_session.c +1291 5: app_evaluate_xccdf utils/oscap-xccdf.c +524 This commit may not fix it. However, I cannot reproduce original segfault. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Aug 24 13:31:16 2015 +0200 Fixup the container hostname. In future, we may perhaps want to query docker for real hostname. Author: Martin Preisler <martin@preisler.me> Date: Thu Aug 20 14:07:39 2015 +0200 Merge pull request #142 from ybznek/maint-1.0-config-3 Test: Checking .c sources for #include config.h Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 17 12:05:41 2015 +0200 Add test for checking of including config_h Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Aug 14 13:33:27 2015 +0200 add #include <config.h> to xccdf_policy_resolve.c Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Aug 14 13:38:08 2015 +0200 add #include <config.h> to option.c Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Aug 14 13:40:35 2015 +0200 add #include <config.h> to oval_version.c Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Aug 14 13:32:29 2015 +0200 add #include <config.h> to err_queue.c Author: Jan Černý <jcerny@redhat.com> Date: Thu Aug 20 11:01:04 2015 +0200 Rename a variable Author: Jan Černý <jcerny@redhat.com> Date: Thu Aug 20 08:44:52 2015 +0200 Test comparing OVAL schema versions Author: Jan Černý <jcerny@redhat.com> Date: Wed Aug 19 14:22:30 2015 +0200 Remove debug info Author: Jan Černý <jcerny@redhat.com> Date: Tue Aug 18 15:05:25 2015 +0200 Do not use deprecated functions + refactor Here it is not needed to compare OVAL version in every round of cycle, beacuse here OVAL version can be compared only once, before while(). Author: Jan Černý <jcerny@redhat.com> Date: Tue Aug 18 15:03:40 2015 +0200 Convert OVAL schema version from SEXP Author: Jan Černý <jcerny@redhat.com> Date: Tue Aug 18 14:58:16 2015 +0200 Convert OVAL schema version to SEXP This pass to the probe schema version of specific platform extension. This commit changes communication protocol between oscap and probes. Before, the version was encoded as an 32 bit integer, now, it is a string. Author: Jan Černý <jcerny@redhat.com> Date: Tue Aug 18 14:52:09 2015 +0200 Do not use deprecated symbols from oval_version.h This commit replaces usage of deprecated symbols. New functions from oval_schema_version.h are used instead. That enables support of platform extension schema versions in probes. Author: Jan Černý <jcerny@redhat.com> Date: Tue Aug 18 14:31:46 2015 +0200 Add functions to get platform and core schema versions Replaces functions in OVAL definition model, OVAL object and OVAL state. These new functions return new type "oval_schema_version_t" This commit also deprecates old functions returning oval_version_t. Author: Jan Černý <jcerny@redhat.com> Date: Tue Aug 18 13:28:32 2015 +0200 Add a new module for parsing and comparing OVAL versions Author: Jan Černý <jcerny@redhat.com> Date: Wed Aug 12 17:19:35 2015 +0200 Store only platform name, not the whole URI Author: Jan Černý <jcerny@redhat.com> Date: Wed Aug 12 14:16:00 2015 +0200 Deprecate oval_version_* functions These functions don't comply with the new OVAL versioning policy. The public API type oval_version_t can't store the platform extension schema version. Comparing of versions will be implemeted in a new module. Author: Jan Černý <jcerny@redhat.com> Date: Wed Aug 5 12:41:15 2015 +0200 Do not use deprecated function Author: Jan Černý <jcerny@redhat.com> Date: Wed Aug 5 12:32:54 2015 +0200 New getter and setter for the core schema version This deprecates oval_generator_get_schema_version() and oval_generator_set_schema_version(), because their names became confusing after introducing platform-specific versions. This commit introduces new functions with more understandable names, but very same functionality. Author: Jan Černý <jcerny@redhat.com> Date: Wed Aug 5 09:02:31 2015 +0200 Move oscap_free to a better place Author: Jan Černý <jcerny@redhat.com> Date: Wed Aug 5 08:54:29 2015 +0200 Unify variable types Author: Jan Černý <jcerny@redhat.com> Date: Wed Aug 5 08:45:00 2015 +0200 Use already existing code Author: Jan Černý <jcerny@redhat.com> Date: Tue Jul 21 09:41:47 2015 +0200 Move generating timestamp to a separate function Author: Jan Černý <jcerny@redhat.com> Date: Mon Jul 13 11:35:36 2015 +0200 test multiple schema versions for different platform extensions in OVAL Author: Jan Černý <jcerny@redhat.com> Date: Wed Jun 10 10:59:30 2015 +0200 Have multiple schema_version elements Author: Martin Preisler <martin@preisler.me> Date: Tue Aug 18 13:15:05 2015 +0200 Merge pull request #139 from ybznek/maint-1.0-oscap-buffer-oscap_acquire_pipe_to_string oscap_acquire use oscap_buffer Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Aug 13 18:13:01 2015 +0200 oscap_acquire use oscap_string Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Aug 14 14:33:39 2015 +0200 oscap_string add oscap_string_bequeath Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 13 15:21:28 2015 +0200 Force pseudo-tty allocation when sudo is used with oscap-ssh This enables users to potentially type their passwords if their configuration requires it. Author: Fen Labalme <fen@civicactions.com> Date: Mon Aug 10 21:55:42 2015 -0400 oscap-ssh - enable remote sudo operation by non-privileged users updated to use --sudo arg and fixed missing brackets Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 13 14:16:46 2015 +0200 Merge branch 'maint-1.1' into maint-1.2 Author: Martin Preisler <martin@preisler.me> Date: Thu Aug 13 14:09:18 2015 +0200 Merge pull request #138 from jan-cerny/groupby2 Groupby2 Author: Jan Černý <jcerny@redhat.com> Date: Thu Aug 13 14:01:54 2015 +0200 Minify new version of script to xccdf-resources.xsl Author: Jan Černý <jcerny@redhat.com> Date: Thu Aug 13 10:14:37 2015 +0200 Replace tabs by spaces Author: Jan Černý <jcerny@redhat.com> Date: Mon Aug 10 15:33:27 2015 +0200 Populate the combobox dynamically Some values are harcoded, but just for better user experience. Author: Jan Černý <jcerny@redhat.com> Date: Mon Aug 10 14:39:49 2015 +0200 Improve sorting groups of rules Author: Jan Černý <jcerny@redhat.com> Date: Mon Aug 10 14:37:51 2015 +0200 Use more robust way to get severity Author: Jan Černý <jcerny@redhat.com> Date: Thu Aug 6 15:54:47 2015 +0200 Stripe the treetable Special thanks to Zbyněk Moravec who invented this solution. Author: Jan Černý <jcerny@redhat.com> Date: Thu Aug 6 14:53:49 2015 +0200 Polish the code, stick to conventions, improve comments Author: Jan Černý <jcerny@redhat.com> Date: Tue Jul 28 09:37:34 2015 +0200 Define constants in an enum Author: Jan Černý <jcerny@redhat.com> Date: Mon Jul 27 16:00:20 2015 +0200 Fix "Group By" feature in Google Chrome We can't use "onclick" attribute in "option" element, because it works only in Firefox. We must use "onchange" on "select" element to make it portable to other web browsers. This also requires to invoke Reset() using GroupBy(); Author: Jan Černý <jcerny@redhat.com> Date: Mon Jul 27 15:58:20 2015 +0200 Change table header from Title to Group Author: Jan Černý <jcerny@redhat.com> Date: Mon Jul 27 13:36:33 2015 +0200 Sort the rule groups Author: Jan Černý <jcerny@redhat.com> Date: Fri Jul 24 13:36:12 2015 +0200 Add grouping by result + change implementation of grouping by severity Author: Jan Černý <jcerny@redhat.com> Date: Fri Jul 24 11:41:09 2015 +0200 Refactor: Extract function to create new table row for a group Author: Jan Černý <jcerny@redhat.com> Date: Fri Jul 24 08:48:09 2015 +0200 trac#484: Add the "group by" criteria rules capability in HTML report This adds the "group by" functionality to the HTML report. It is possible to group XCCDF rules results by rule severity, DISA ID and NIST ID. Author: Jan Černý <jcerny@redhat.com> Date: Fri Jul 24 08:44:03 2015 +0200 Add attributes containing severity, DISA and NIST IDs The table rows elements in the Rule overview table in HTML report will hold inforamtion with severity, DISA and NIST IDs. This will be useful for implementing "group by" feature in HTML report. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 13 13:21:00 2015 +0200 Merge branch 'maint-1.0' into maint-1.1 Author: Martin Preisler <martin@preisler.me> Date: Thu Aug 13 13:02:02 2015 +0200 Merge pull request #102 from ybznek/maint-1.0process58 trac#449 Fix process58 collect command_line not just command Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Aug 11 17:07:43 2015 +0200 process58 fix terminating of function if read error occurs Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 10 15:54:42 2015 +0200 process58 fix memory leak if opendir() fail Author: Zbynek Moravec <zmoravec@redhat.com> Date: Sun Aug 9 20:41:27 2015 +0200 tests: process58 fix typo Author: Zbynek Moravec <zmoravec@redhat.com> Date: Sun Aug 9 19:14:07 2015 +0200 tests: process58 fix killing of not running processes Author: Zbynek Moravec <zmoravec@redhat.com> Date: Sun Aug 9 19:13:19 2015 +0200 tests: process58 fix function return value Fix return value if something fails. Prevent to test unnecessary exit Author: Zbynek Moravec <zmoravec@redhat.com> Date: Sun Aug 9 17:41:47 2015 +0200 tests: change order of files in Makefile.am Author: Zbynek Moravec <zmoravec@redhat.com> Date: Sun Aug 9 02:49:56 2015 +0200 tests: process58 increased waiting time for processes start Author: Zbynek Moravec <zmoravec@redhat.com> Date: Sun Aug 9 00:05:30 2015 +0200 tests: process58 removed unused xml file Author: Zbynek Moravec <zmoravec@redhat.com> Date: Sun Aug 9 00:03:08 2015 +0200 tests: process58 command_line oval xml: cleanup Author: Zbynek Moravec <zmoravec@redhat.com> Date: Sun Aug 9 00:02:25 2015 +0200 tests: Fix process58 makefile.am Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Aug 7 10:28:45 2015 +0200 tests: process58 do not compare command-line with output of ps ps's versions have different behaviour and it is causing problems with testing on different systems I have recorded output of ps on my fedora(should has some new version of ps) and test will compare recorded output with output from probe. There is some xpath bug that sometimes convert entities back and sometimes not. I've fixed it with sed Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Aug 6 13:29:20 2015 +0200 tests: process58 - fix cleaning of processes in case of test failure Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Aug 4 17:01:45 2015 +0200 tests: Fix process58 tests on jenkins Tests compare output of ps with output of oscap. This commit fix issue, when ps read command_line of forked bash(before exec). Now, get_child_cmdline waits for execution of stopped_process Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Aug 4 10:15:23 2015 +0200 refactoring: swap lines in Makefile.am Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 31 19:26:00 2015 +0200 Refactoring: process58 now use oscap_buffer Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 13:33:33 2015 +0200 tests: process58 add file to Makefile.am Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 31 14:25:22 2015 +0200 Process58 replaced character for printing non-printable characters ps use '.' for LC_ALL=C Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 31 14:22:16 2015 +0200 tests: Add process58 tests Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Jul 16 13:46:28 2015 +0200 trac#449 Fix \n replacing in order to ps behaviour Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Jul 13 13:22:45 2015 +0200 trac#449 Refactoring, bug fixing with not null terminated strings in cmdline Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 10 11:43:14 2015 +0200 trac#449 Fix process58 collect command_line not just command Modify only part of code for Linux Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Aug 12 11:03:10 2015 +0200 Merge pull request #115 from msrubar/os OVAL Session Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:48:53 2015 +0200 Refactor oscap's evaluation into OVAL Session Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:45:02 2015 +0200 Refactor exporting of results into OVAL Session The fucntion handles export of OVAL Results into a file. It also handles the convertion of OVAL Results into the HTML format. Author: Martin Preisler <martin@preisler.me> Date: Fri Aug 7 13:28:29 2015 +0200 Merge pull request #134 from jan-cerny/report_improvemnets Report improvements Author: Jan Černý <jcerny@redhat.com> Date: Mon Jul 27 15:07:58 2015 +0200 trac#444: Make group titles in HTML report clickable This allows user to click the title of group to expand or collapse the group. The titles are a bigger click target than the small triangle arrows on the left. Author: Jan Černý <jcerny@redhat.com> Date: Mon Jul 27 14:57:53 2015 +0200 trac#427: Improve searching in HTML report This allows searching also in severity of rules. Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:43:18 2015 +0200 Refactor evaluation of OVAL Definitions into OVAL Session Author: Martin Preisler <martin@preisler.me> Date: Thu Aug 6 18:47:17 2015 +0200 Merge pull request #130 from ybznek/maint-1.0-dead-probe-msg Add PID to error message when probe has been killed Author: Martin Preisler <martin@preisler.me> Date: Thu Aug 6 18:11:40 2015 +0200 Merge pull request #132 from msrubar/seg_fault_fix Use oscap_strcmp() instead of strcmp() Author: Michal Šrubař <msrubar@redhat.com> Date: Thu Aug 6 17:21:48 2015 +0200 Use oscap_strcmp() instead of strcmp() It will prevent calling strcmp with NULL arguments. See: https://fedorahosted.org/openscap/ticket/492 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Aug 6 15:57:24 2015 +0200 Add PID to error message when probe has terminated Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Aug 6 15:52:37 2015 +0200 Fix __oscap_vdlprintf PID printing Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Aug 6 15:22:04 2015 +0200 Fix __oscap_debuglog_object PID printing printing PID as signed long is safer Fix __oscap_debuglog_object PID printing Author: Michal Šrubař <msrubar@redhat.com> Date: Thu Aug 6 14:35:26 2015 +0200 Turn the search engine on in Doxygen documentation This will enable us to easily search through the Doxygen documentation. See: https://fedorahosted.org/openscap/ticket/493 Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:41:48 2015 +0200 Refactor evaluation of a specific OVAL Defition into OVAL Session Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:37:52 2015 +0200 Refactor of setting up the OVAL Agent This funciton will set up the OVAL Agent Session which will be used in both oval_session_evaluate() and oval_session_evaluate_id(). Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:25:28 2015 +0200 Refactor loading of OVAL sources This function handles loading of all OVAL Definitions and OVAL Variables if any. It also performs validation and variable binding. Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:22:40 2015 +0200 Refactor loading of OVAL Variables This function loads and creates OVAL Variables model and binds the variables to existing definition model. Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:19:30 2015 +0200 Refactor loading of OVAL Definitions Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:12:46 2015 +0200 Refactor validation of OVAL or SDS into OVAL Session Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:10:21 2015 +0200 Introduce a new setter for XML reporter fucntion Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:07:33 2015 +0200 Introduce a new setter for an export of OVAL Results converted to HTML Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:06:07 2015 +0200 Introduce a new setter for an export of OVAL Results Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:04:32 2015 +0200 Introduce a new datastream's component-id setter Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:02:54 2015 +0200 Introduce a new datastream id setter Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 09:01:28 2015 +0200 Introduce a new OVAL Session's validation level setter Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 08:54:52 2015 +0200 Introduce a new OVAL Directives setter Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 08:53:30 2015 +0200 Introduce a new OVAL Variables setter Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Aug 5 08:51:44 2015 +0200 Introduce a new OVAL Session structure and module Author: Martin Preisler <martin@preisler.me> Date: Thu Aug 6 11:43:07 2015 +0200 Merge pull request #128 from ybznek/maint-1.2-remote-resources-oscap_string --fetch-remote-resources oscap_acquire_url_download use oscap_buffer now Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Aug 5 13:24:08 2015 +0200 Fix oscap_buffer deallocation if curl is not initialized properly Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 00:14:57 2015 +0200 oscap_acquire_url_download use oscap_buffer now Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Aug 4 16:37:29 2015 +0200 Merge branch 'maint-1.1' into maint-1.2 This is needed to get oscap_buffer to maint-1.2 for further work. Conflicts: ac_probes/configure.ac.tpl configure.ac src/XCCDF_POLICY/xccdf_policy_priv.h src/XCCDF_POLICY/xccdf_policy.c src/common/Makefile.am src/common/oscap_string.c src/common/oscap_string.h tests/API/XCCDF/unittests/Makefile.am tests/Makefile.am tests/oscap_string/Makefile.am tests/oscap_string/test_oscap_string.c tests/oscap_string/test_oscap_string.sh Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Aug 4 12:47:14 2015 +0200 Merge branch 'maint-1.0' into maint-1.1 This is needed to get oscap_buffer to maint-1.2 for a further work. Conflicts: tests/Makefile.am Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Aug 4 12:45:11 2015 +0200 Fix whitespace errors. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Aug 4 12:26:05 2015 +0200 Merge pull request #127 from ybznek/maint-1.0-oscapStringPridatTesty Maint-1.0 oscap_buffer tests Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Aug 4 12:17:59 2015 +0200 tests: oscap_string_test Fix Makefile.am for oscap_buffer Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 31 18:58:03 2015 +0200 tests: add test for oscap_string_clear Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 16:28:32 2015 +0200 tests: oscap_string add test for NULL parameter Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 31 16:51:33 2015 +0200 tests: oscap_string - add test for oscap_buffer_append_binary_data() Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 31 16:49:25 2015 +0200 tests: oscap_string fix test return value When first test failed and second test passed, return value was 0 Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Aug 4 11:35:31 2015 +0200 Merge pull request #126 from jan-cerny/maint-1.2-sds_schema Maint 1.2 sds schema Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Aug 4 11:33:56 2015 +0200 Merge pull request #125 from jan-cerny/maint-1.2_makefile_fix Added OVAL 5.11.1 schemas to Makefile.am Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Aug 4 11:31:29 2015 +0200 Merge pull request #117 from jan-cerny/maint-1.0 Test oscap_string Author: Jan Černý <jcerny@redhat.com> Date: Tue Aug 4 10:56:42 2015 +0200 Fix make distcheck using srcdir variable Author: Jan Černý <jcerny@redhat.com> Date: Fri Jul 24 09:13:40 2015 +0200 trac#495: Remove oscap_string from public API and fix test (cherry picked from commit 43cb8a556354886081cf7dc90430e94407b4007b) Author: Jan Černý <jcerny@redhat.com> Date: Wed May 13 17:47:57 2015 +0200 Test oscap_string (cherry picked from commit 7907e1c69ec3db99b7d0d557f671916cec1f6350) Conflicts: ac_probes/configure.ac.tpl configure.ac tests/Makefile.am Author: Jan Černý <jcerny@redhat.com> Date: Fri Jul 24 10:55:12 2015 +0200 Added OVAL 5.11.1 schemas to Makefile.am Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Aug 4 09:55:32 2015 +0200 Merge pull request #124 from ybznek/maint-1.0-cista oscap_string & oscap_buffer Author: Jan Černý <jcerny@redhat.com> Date: Mon Aug 3 14:05:51 2015 +0200 Test composing datastream with an OVAL 5.11.1 source Tests possibility to create a datastream from OVAL 5.11.1 whith changed datastream schema. See Issue #118 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 19:37:31 2015 +0200 Add OSCAP_HIDDEN macros to oscap_buffer.h Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 19:29:43 2015 +0200 Refactoring: rename struct oscap_buffer.str -> struct oscap_buffer.data Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 16:27:30 2015 +0200 Fix oscap_buffer_free for NULL parameter Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 16:12:19 2015 +0200 add oscap_buffer_bequeath Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 16:09:10 2015 +0200 Add oscap_buffer_get_length Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 16:06:51 2015 +0200 Add oscap_buffer_clear Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 16:04:37 2015 +0200 Remove oscap_buffer_append_char Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 15:58:59 2015 +0200 Separate oscap_buffer_append_binary_data from oscap_buffer_append_string Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 15:51:01 2015 +0200 rename const char* oscap_buffer_get_cstr to char* oscap_buffer_get_raw Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 18:00:37 2015 +0200 Move body of oscap_string to oscap_buffer Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 14:21:11 2015 +0200 Add oscap_buffer files Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Aug 3 16:19:03 2015 +0200 Merge pull request #122 from msrubar/comp_ref_err_fix Let the sds session set the error when there is no component ref found Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Aug 3 15:10:13 2015 +0200 Introduce CPE name for upcomming Fedora 24 Author: Michal Šrubař <msrubar@redhat.com> Date: Mon Aug 3 14:41:53 2015 +0200 Let the sds session set the error when there is no component ref found Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Aug 3 14:31:08 2015 +0200 Merge pull request #119 from ybznek/maint-1.0-refine-pull Refine-rule Author: Jan Černý <jcerny@redhat.com> Date: Mon Aug 3 12:04:51 2015 +0200 Support OVAL 5.11.1 for datastreams Similar to 0aa1a0d02046f26935aa0f3833e7edf531662237 See Issue #118 Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Aug 3 12:12:17 2015 +0200 Deprecate xccdf_policy_tailor_item It has been used by vintage scap-workbench releases (the pythonic). The newer scap-workbench does not need this function. Hence, I conclude that it is not really that useful. I would like to drop this function from future releases of OpenSCAP as its usefulness and quality is not known. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 11:21:51 2015 +0200 tests: Add xccdf_refine_rule_refine to Makefile.am Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 11:14:14 2015 +0200 Refactoring: use XCCDF_LEVEL_NOT_DEFINED instead 0 Author: Zbynek Moravec <zmoravec@redhat.com> Date: Mon Aug 3 11:10:39 2015 +0200 hide xccdf_refine_rule_internal and make getters Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Aug 3 10:53:55 2015 +0200 Merge pull request #120 from ybznek/maint-1.0-oscap_string-free oscap_string fix oscap_string_free() Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 31 17:30:22 2015 +0200 oscap_string fix oscap_string_free() Every oscap_string_* function check if ptr is NULL, except oscap_string_free() Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jul 31 16:13:00 2015 +0200 Let oval_syschar_model_free accept NULL pointer. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jul 31 15:53:09 2015 +0200 Let oval_definition_model_free accept NULL pointer. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jul 31 14:36:48 2015 +0200 Make oval_agent_destroy_session accept NULL pointer. And also drop two useless lines from it. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jul 31 14:33:26 2015 +0200 Hide test-suite.log from git. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jul 31 14:25:51 2015 +0200 Hide cscope files from git. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 31 11:40:51 2015 +0200 Move refine-rule resolution from xccdf_policy.c to xccdf_policy_resolve.c Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Jul 30 16:37:45 2015 +0200 Fix memory leak in xccdf_policy_free() Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jul 30 14:48:46 2015 +0200 Useless code removal. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Jul 30 14:48:09 2015 +0200 tests: Add tests for refine-rule Author: Zbynek Moravec <zmoravec@redhat.com> Date: Thu Jul 30 13:01:11 2015 +0200 Add refine-rule resolution Add support for refine-rule role/weight/selector, BUT refined group weight is not propagated to score. There is also problem with with partially overriding of refine rules, because refine-rules is loaded during profile creating and some attributes are lost there Author: Martin Preisler <martin@preisler.me> Date: Thu Jul 30 10:43:32 2015 +0200 Merge pull request #116 from ybznek/maint-1.2-oprava-segfault_ Fix segfault after error during tailoring file loading Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jul 29 15:24:55 2015 +0200 Fix segfault after error during tailoring file loading Second free() in cleanup section was causing segfault Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Jul 29 13:55:43 2015 +0200 Merge pull request #114 from ybznek/maint-1.0-oprava-parametru Fix missing parameter in calling oscap_seterr() Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jul 29 13:43:27 2015 +0200 Fix missing parameter in calling oscap_seterr() Author: Martin Preisler <martin@preisler.me> Date: Fri Jul 24 21:09:37 2015 +0200 Merge pull request #111 from jan-cerny/new_schematrons Add OVAL 5.11.1 schematrons Author: Michal Šrubař <msrubar@redhat.com> Date: Wed Jul 15 17:32:05 2015 +0200 Remove oval_probe_int module The oval_proble_ext_handler() was replaced in the commit 13207612ef6dfe10745843be4f6ef58a9cfab2be. Both files are dead code and they are not used by any other code. See https://fedorahosted.org/openscap/ticket/455 Author: Jan Černý <jcerny@redhat.com> Date: Thu Jul 23 08:43:47 2015 +0200 Add OVAL 5.11.1 schematrons Author: Jan Černý <jcerny@redhat.com> Date: Wed May 13 17:44:10 2015 +0200 Minor improvements. Included config.h, changed datatype of length and capacity, aligning memory. (cherry picked from commit 5b87e0d09f6dc03b6f4c1ae9b71404b699c5583d) Author: Jan Černý <jcerny@redhat.com> Date: Wed May 6 17:43:56 2015 +0200 Small improvements of string module. Using oscap_alloc, oscap_free and oscap_realloc. Make code more human-readable. (cherry picked from commit defae489fff955a7c673b2f38fb2abb243c6bf81) Author: Jan Černý <jcerny@redhat.com> Date: Mon May 4 11:10:25 2015 +0200 Improved oscap string module. Hidden definition of a structure to not be accessible from outside. New function to access the data. (cherry picked from commit 8a293e8608b0604e76d53bd47321e4edca6090dd) Author: Jan Černý <jcerny@redhat.com> Date: Thu Apr 16 08:47:26 2015 +0200 Implemented oscap_string_free (cherry picked from commit 126d05bf81238613b9b1998ce4f40176dc36c76d) Author: Jan Černý <jcerny@redhat.com> Date: Tue Apr 14 15:14:11 2015 +0200 A module implementing dynamic strings Taking down to maint-1.0. (cherry picked from commit bb3c3dcab1064e926c5fed70be96915c44b48f92) Conflicts: src/common/Makefile.am Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 16 13:35:23 2015 +0200 Show RHSA identifiers as clickable links in HTML report and guide This fixes a regression between openscap 1.0.x and 1.1.x. See rhbz#1243808. Author: Martin Preisler <martin@preisler.me> Date: Wed Jul 15 13:14:36 2015 +0200 Merge pull request #106 from jan-cerny/new_schemas New schemas Author: Jan Černý <jcerny@redhat.com> Date: Wed Jul 15 09:36:14 2015 +0200 rhbz#1220262: Modify OVAL-5.11 schema files to be backward compatible Similar to ebc82944e9c3f436a57539ff118b78c04eb2b238. Author: Martin Preisler <martin@preisler.me> Date: Tue Jul 14 16:08:53 2015 +0200 Merge pull request #109 from jan-cerny/masking Changed masking behaviour Author: Jan Černý <jcerny@redhat.com> Date: Tue Jul 14 13:03:56 2015 +0200 Fix a missing $srcdir in path Missing $srcdir caused that test_common.sh could not be found when running `make distcheck`. Author: Jan Černý <jcerny@redhat.com> Date: Thu Jul 9 15:04:48 2015 +0200 Test behaviour of the mask attribute Author: Jan Černý <jcerny@redhat.com> Date: Wed Jul 1 10:55:50 2015 +0200 Changed masking behaviour. According to the clarified specification, the "mask" attribute should not affect oval_definitions section in oval_results. It says: ... the"oval_definitions" section must not be altered and must be an exact copy of the definitions evaluated. The behaviour has changed since OVAL 5.10, we must keep the old behaviour for OVAL 5.9 and older. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jul 8 15:10:18 2015 +0200 trac#469 Add Python3 support. Fix --srpm-destination Author: Zbynek Moravec <zmoravec@redhat.com> Date: Wed Jul 8 15:10:18 2015 +0200 trac#469 Add Python3 support. Fix --srpm-destination Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 13 16:18:49 2015 +0200 Merge branch 'maint-1.1' into maint-1.2 Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 13 16:17:21 2015 +0200 Merge branch 'maint-1.0' into maint-1.1 Author: Jan Černý <jcerny@redhat.com> Date: Mon Jul 13 14:45:34 2015 +0200 added missing config.h Author: Zbynek Moravec <zmoravec@redhat.com> Date: Fri Jul 3 11:47:19 2015 +0200 436 Downloading OVAL file only into memory not to temp file 472 --fetch-remote-resources support bz2 now Author: Jan Černý <jcerny@redhat.com> Date: Mon Jul 13 13:05:42 2015 +0200 Remove unused schema file. The schemas/common/xmldsig-core-schema.xsd is used instead. similar to de6d7d727be9100e4d22060912f4490553e5f1c7 Author: Jan Černý <jcerny@redhat.com> Date: Mon Jul 13 13:03:06 2015 +0200 Use a single (OpenSCAP wide) XSD schema for XML signatures similar to 5b2c5f8c8d6665ffb84223f962ae20ec577bd7c8 Author: Martin Preisler <martin@preisler.me> Date: Mon Jul 13 11:16:37 2015 +0200 Merge pull request #99 from jan-cerny/guide_bug trac#482: Fixed table of contents in HTML guide. Author: Zbynek Moravec <zmoravec@redhat.com> Date: Tue Jul 7 00:53:57 2015 +0200 Bash autocompletion support .xml.bz2 files, not only .xml trac#433 Author: Jan Černý <jcerny@redhat.com> Date: Fri Jul 10 14:04:22 2015 +0200 Resolve parsing issues with OVAL 5.11.1 schemas and fixed wrong OVAL version in schemas. Author: Jan Černý <jcerny@redhat.com> Date: Wed Jul 8 16:53:45 2015 +0200 Add OVAL 5.11.1 schemas Author: Jan Černý <jcerny@redhat.com> Date: Thu Jul 9 16:20:14 2015 +0200 trac#482: Fixed table of contents in HTML guide. The table of contents now contains only selected groups. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 9 14:08:24 2015 +0200 Removed outdated TODO items from xccdf-guide-impl.xsl Author: Martin Preisler <martin@preisler.me> Date: Thu Jul 9 13:55:09 2015 +0200 Merge pull request #96 from jan-cerny/cim_datetime CIM_DATETIME format + test Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 9 13:23:17 2015 +0200 Merge branch 'maint-1.1' into maint-1.2 Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 9 13:22:54 2015 +0200 Merge branch 'maint-1.0' into maint-1.1 Author: Jan Černý <jcerny@redhat.com> Date: Wed Jul 8 14:15:48 2015 +0200 Refactoring the parse_fmt_cim() function. - extract the regex matching into a new function - moved formating strings nex to regular expressions - check for sscanf return value - do not repeat the code Author: Jan Černý <jcerny@redhat.com> Date: Tue Jul 7 13:06:58 2015 +0200 Test for the CIM_DATETIME format. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jul 7 13:05:57 2015 +0200 Implemented the CIM_DATETIME format. Author: Martin Preisler <martin@preisler.me> Date: Tue Jul 7 17:58:55 2015 +0200 Merge pull request #98 from jan-cerny/maint-1.0 Fixed missing referencing operator and wrong variable name Author: Jan Černý <jcerny@redhat.com> Date: Tue Jul 7 10:31:36 2015 +0200 Fixed missing referencing operator and wrong variable name Author: Martin Preisler <martin@preisler.me> Date: Tue Jul 7 14:46:45 2015 +0200 Merge pull request #97 from jan-cerny/ml2 trac#480: plug a memory leak Author: Jan Černý <jcerny@redhat.com> Date: Tue Jul 7 14:30:41 2015 +0200 trac#480: plug a memory leak Addressing: at 0x4C2B946: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4E7F818: __oscap_calloc (alloc.c:68) by 0x4E80DC2: oscap_iterator_new (list.c:242) by 0x4EE1D2D: _xccdf_text_substitution_cb (xccdf_policy_substitute.c:174) by 0x4E84727: xml_element_dfs_callback (xml_iterate.c:31) by 0x4E84775: xml_element_dfs_callback (xml_iterate.c:36) by 0x4E8481E: xml_iterate_dfs (xml_iterate.c:70) by 0x4EE2124: xccdf_policy_resolve_fix_substitution (xccdf_policy_substitute.c:201) by 0x4EE1528: xccdf_policy_rule_result_remediate (xccdf_policy_remediate.c:387) by 0x4EE1B44: xccdf_policy_remediate (xccdf_policy_remediate.c:439) by 0x40B7B9: app_evaluate_xccdf (oscap-xccdf.c:513) by 0x407BFC: oscap_module_call (oscap-tool.c:260) by 0x407BFC: oscap_module_process (oscap-tool.c:345) Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Jul 6 13:40:28 2015 +0200 Bump version after release Next release from maint-1.2 branch will be 1.2.6. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Jul 6 13:16:25 2015 +0200 openscap-1.2.5 Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Jul 6 13:08:16 2015 +0200 Bump soname from 8.5.0 to 8.5.1 No symbol has been added, removed, or modified. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Jul 6 12:39:15 2015 +0200 Merge branch 'maint-1.1' into maint-1.2 Before OpenSCAP 1.2.5 release. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Jul 6 12:18:51 2015 +0200 Merge branch 'maint-1.0' into maint-1.1 Before OpenSCAP 1.2.5 release Author: Michal Šrubař <xsruba03@stud.fit.vutbr.cz> Date: Fri Jul 3 17:51:51 2015 +0200 The original regex skiped all the files before */source/oscap_source.c. See https://fedorahosted.org/openscap/ticket/470 Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jul 3 16:57:32 2015 +0200 Download bzip2ed RHSA OVAL. It is much quicker to download. Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Wed Jul 1 11:42:28 2015 -0700 Added libgen.h which includes basename(char*) Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jul 2 10:10:38 2015 +0200 trac#472: Use no-verbose instead of non-verbose As adviced in OpenSCAP/container-compliance#3. Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Thu Jun 25 15:28:39 2015 -0700 Fixed patch for system_info on solaris. Author: zemb <zember@gmail.com> Date: Thu Jun 25 14:53:29 2015 +0200 README.md typos Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 23 10:28:44 2015 +0200 Fix a warning. warning: variable 'left_bracket' set but not used This variable was used only to print a error message if debug informations are enabled. Changed error message to not use this variable. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 23 09:07:16 2015 +0200 Fix warning: extra tokens at end of #else directive. Author: Jan Černý <jcerny@redhat.com> Date: Wed Jun 24 08:37:45 2015 +0200 Fix invalid dereference. (coverity) Null-checking "session" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. Author: Jan Černý <jcerny@redhat.com> Date: Wed Jun 24 08:05:05 2015 +0200 Fix shellcheck warnings. Use * instead of @ for arrays expansion. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 23 08:47:51 2015 +0200 Plug a memory leak (coverity scan). Variable "pathname" going out of scope leaks the storage it points to. Function SEXP_string_cstr(ent_val) allocates memory that must be freed. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 23 08:15:32 2015 +0200 trac#471: Fix boolean parsing in glob_noescape Using oval_parser_boolean_attribute() to boolean parsing. Author: Jan Černý <jcerny@redhat.com> Date: Mon Jun 22 14:09:00 2015 +0200 Test the "does not exist" flag at collected objects. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Jun 21 11:29:25 2015 +0200 Bump version after release Next release from maint-1.2 branch will be 1.2.5 Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jun 20 23:12:20 2015 +0200 openscap-1.2.4 Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jun 20 23:14:01 2015 +0200 Bump soname from 8.4.3 to 8.5.0 13 new symbols have been added. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jun 20 18:46:37 2015 +0200 Manual page for oscap-ssh Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jun 20 18:16:23 2015 +0200 Change oscap-docker license to LGPLv2+ Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jun 20 18:12:54 2015 +0200 Die on incorrect arguments Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jun 20 18:12:41 2015 +0200 Manual page for oscap-docker Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jun 20 16:57:18 2015 +0200 Tests: check codestyle of distributed shell scripts Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jun 20 16:38:52 2015 +0200 Unify usage printout for oscap-ssh and oscap-docker Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jun 20 16:25:46 2015 +0200 Refactor: Extract function: usage Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jun 20 16:15:42 2015 +0200 Install oscap-docker when running `make install`. Author: Jan Černý <jcerny@redhat.com> Date: Fri Jun 19 16:19:58 2015 +0200 Removed overabundant break, evaluate conditions in better order Author: Jan Černý <jcerny@redhat.com> Date: Fri Jun 19 16:16:19 2015 +0200 Extended test of external variables. Testing possible_restrictions Author: Jan Černý <jcerny@redhat.com> Date: Fri Jun 19 16:12:41 2015 +0200 Handling possible_restrictions Author: Jan Černý <jcerny@redhat.com> Date: Fri Jun 19 16:07:30 2015 +0200 new getter oval_variable_possible_restriction_get_operator Author: Jan Černý <jcerny@redhat.com> Date: Thu Jun 18 12:37:16 2015 +0200 test handling possible_value elements in external_variable Author: Jan Černý <jcerny@redhat.com> Date: Thu Jun 18 12:33:23 2015 +0200 Handle possible_value elements Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jun 19 20:15:18 2015 +0200 Merge branch 'maint-1.1' into maint-1.2 Just before 1.2.4 release. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jun 19 18:13:55 2015 +0200 Merge branch 'maint-1.0' into maint-1.1 To pick last time patches to maint-1.0 before 1.2.4 release. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jun 19 18:12:34 2015 +0200 Regenerate configure.ac after system_info solaris patch. Author: Jan Černý <jcerny@redhat.com> Date: Fri Jun 19 16:09:44 2015 +0200 Refectoring: Extract function: oval_str_cmp_str I need this function for checking that an external variable satisfies its possible_restriction element. Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Fri Jun 19 07:31:43 2015 -0700 Fixed systeminfo probe to return defaults on solaris. Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Wed Jun 17 12:01:26 2015 -0700 Fixed file probe to be zone aware on solaris. This fix prevents the file probe from descending into non-global-zones from the global-zone when local is specified on solaris. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Jun 19 15:59:22 2015 +0200 Merge branch 'maint-1.0' into maint-1.1 Before OpenSCAP-1.2.4 release. Conflicts: Makefile.am ac_probes/configure.ac.tpl configure.ac src/XCCDF_POLICY/xccdf_policy.c Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jun 18 18:56:11 2015 +0200 Move variable declaration closer to its use. Author: Jan Černý <jcerny@redhat.com> Date: Thu Jun 18 12:35:25 2015 +0200 Handle flag SYSCHAR_FLAG_DOES_NOT_EXIST, add a message to collected object Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jun 18 17:56:51 2015 +0200 rhbz#1220944: Fix crash on invalid value selectors Addressing: #0 xccdf_value_instance_get_value (item=0x0) at value.c:437 #1 0x00007f6835881eac in xccdf_policy_get_value_of_item (policy=policy@entry=0x7f68371a1b10, item=<optimized out>) at xccdf_policy.c:2426 #2 0x00007f6835881f01 in xccdf_policy_add_final_setvalue (policy=policy@entry=0x7f68371a1b10, value=0x7f6836f8bbb0, result=result@entry=0x7f6837850d80) at xccdf_policy.c:2193 #3 0x00007f6835881fa3 in xccdf_policy_add_final_setvalues (policy=policy@entry=0x7f68371a1b10, item=0x7f6836f8a040, result=result@entry=0x7f6837850d80) at xccdf_policy.c:2213 #4 0x00007f6835881fe3 in xccdf_policy_add_final_setvalues (policy=policy@entry=0x7f68371a1b10, item=0x7f6836f1f280, result=result@entry=0x7f6837850d80) at xccdf_policy.c:2220 #5 0x00007f6835881fe3 in xccdf_policy_add_final_setvalues (policy=policy@entry=0x7f68371a1b10, item=0x7f6836e57630, result=result@entry=0x7f6837850d80) at xccdf_policy.c:2220 #6 0x00007f6835882083 in xccdf_policy_add_final_setvalues (policy=policy@entry=0x7f68371a1b10, item=0x7f6836e186c0, result=result@entry=0x7f6837850d80) at xccdf_policy.c:2235 #7 0x00007f683588220d in xccdf_policy_evaluate (policy=policy@entry=0x7f68371a1b10) at xccdf_policy.c:2318 #8 0x00007f683587ddea in xccdf_session_evaluate (session=session@entry=0x7f6836d00b60) at xccdf_session.c:906 #9 0x00007f6835cf4210 in app_evaluate_xccdf (action=0x7fff67b1c800) at oscap-xccdf.c:490 #10 0x00007f6835cefc69 in oscap_module_call (action=0x7fff67b1c800) at oscap-tool.c:261 #11 oscap_module_process (module=0x7f6835efdb60 <XCCDF_EVAL>, module@entry=0x7f6835efd0e0 <OSCAP_ROOT_MODULE>, argc=argc@entry=8, argv=argv@entry=0x7fff67b1ca88) at oscap-tool.c:346 #12 0x00007f6835cee9b1 in main (argc=8, argv=0x7fff67b1ca88) at oscap.c:79 Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jun 18 17:15:33 2015 +0200 Use 'does not exist' flag when value does not validate Based on the OVAL specification the 'does not exist' seem to be more appropriate in such scenario. This is based patch from Jan Černý. Author: Jan Černý <jcerny@redhat.com> Date: Thu Jun 18 10:22:03 2015 +0200 New function oval_collection_is_empty Author: Charles Bushong <bushong1@gmail.com> Date: Wed Jun 17 15:48:34 2015 -0400 Fix heading elements to include spaces after hash This is to comply with markdown standards found here: https://help.github.com/articles/markdown-basics/ Other markdown viewers will improperly display the headers. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jun 18 10:42:12 2015 +0200 Document schemes a little bit. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Jun 17 17:22:37 2015 +0200 trac#466: What happened to our children? Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jun 18 10:38:58 2015 +0200 Reformat CPPFLAGS in SEAP. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Jun 17 14:14:08 2015 +0200 rhbz#1209969: Amend configure.ac as well. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Jun 17 13:33:11 2015 +0200 rhbz#1209969: drop selinux policy from OpenSCAP upstream Alas, SELinux team identified some problems with confining oscap process itself. Probes could be confined. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Jun 17 13:22:53 2015 +0200 trac#466 Always show 'Unable...' message. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Jun 17 13:12:06 2015 +0200 trac#466 Use protect_errno instead of saving the state Note that errno is used later on. This change will give user a little more useful error message when probe dies. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 16 17:25:54 2015 +0200 Show XCCDF rule-result/message elements in HTML report These contain useful info, especially about remediation results. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 16 16:35:31 2015 +0200 Show profile title or ID under benchmark title heading in HTML guide and report Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Jun 16 09:36:45 2015 +0200 Get a rid of unneeded case statement Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Jun 15 19:46:52 2015 +0200 Refactor: Extract error handling to function. This is not pure refactoring -- there slight side effects. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jun 11 17:19:04 2015 +0200 More verbose message when probe dies. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jun 11 12:51:06 2015 +0200 Merge branch 'maint-1.1' into maint-1.2 Conflicts: tests/API/OVAL/unittests/all.sh Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jun 11 12:23:18 2015 +0200 Merge branch 'maint-1.0' into maint-1.1 To pick-up the distcheck fix for Fedora 22. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Jun 11 12:18:39 2015 +0200 Merge pull request #84 from jan-cerny/ip Improve IP address comparison + test Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jun 11 11:47:04 2015 +0200 Do not use $srcdir/$srcdir/$1 to refer file This started to backfire on Fedora 22, where the newest autotools create one more directory (_build/sub/ instead of _build/) during `make distcheck`. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jun 11 11:06:05 2015 +0200 Refactor: Extract function: oval_variable_validate_ext_var This change also introduces SYSCHAR_FLAG_ERROR when the values are empty. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jun 11 10:45:02 2015 +0200 Remove a todo comment. This comment may have been applicable when designing variable & variable_model. Now it seems that design decisions are all in place and there is not need to point out to the variable_model from each external variable. Author: Jan Černý <jcerny@redhat.com> Date: Thu Jun 11 09:35:41 2015 +0200 Improve IP address comparison + test Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Jun 10 15:46:07 2015 +0200 re-run confgen This misorder was perhaps caused by moving stuff around in src/OVAL/probes/Makefile.am before merge. Author: Martin Preisler <martin@preisler.me> Date: Tue Jun 9 15:02:15 2015 +0200 Merge pull request #81 from jan-cerny/ext_var trac#461: We should populate child elements of OVAL external_variable. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 9 13:59:42 2015 +0200 Test result and stderr meaningfully Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 9 13:56:29 2015 +0200 Removed excess external variable file Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 9 10:31:27 2015 +0200 Test populating possible_restriction and possible_values element. OVAL checks borrowed from tests/mitre. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 9 09:28:21 2015 +0200 New functions manipulating oval_variable. Added oval_variable_add_possible_value and oval_variable_add_possible_restriction use them in the code where suitable. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 9 08:30:38 2015 +0200 Avoid possibly memory leak. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 9 08:19:30 2015 +0200 Rename oval_variable_get_restrictions to oval_variable_possible_restriction_get_restrictions. Author: Jan Černý <jcerny@redhat.com> Date: Fri Jun 5 14:56:16 2015 +0200 Move the function oval_variable_possible_restriction_add_restriction next to the functions of same type. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 2 15:17:35 2015 +0200 Improved header file, corrected documentation comments. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 2 14:36:26 2015 +0200 Fixed serializing external_variable. We shoud not allow to use API to create invalid output. Create "possible_restriction" node only if there will be some "restriction" children, because each "possible_restriction" node must have at least one "restriction" child. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 2 14:19:01 2015 +0200 Use correct forms of remedied and remediation Thanks goes to Martin Zember for reporting this. Author: Jan Černý <jcerny@redhat.com> Date: Tue Jun 2 13:13:14 2015 +0200 Removed redundant condition. Restrictions will never be NULL, because we allocate it in constructor. Author: Jan Černý <jcerny@redhat.com> Date: Mon Jun 1 16:49:45 2015 +0200 Simplify functions returning iterators. Author: Jan Černý <jcerny@redhat.com> Date: Mon Jun 1 14:16:58 2015 +0200 Allocate collections for possible_values and possible_restrictions every time when we are creating external variable, not only when we need them. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jun 1 15:08:40 2015 +0200 Changed scap-as-rpm to work with Python 2.6 Thanks goes to Tilo Mey for the report and initial patch. I couldn't use the initial patch as is because it would silently pass when `rpm` is not available. Or in other cases where `rpm` returns a non-zero exit code. The function I ended up using instead is by Peter Astrand and Eduardo Felipe, taken from Python 2.7. Author: Jan Černý <jcerny@redhat.com> Date: Mon Jun 1 13:11:48 2015 +0200 Moved destructors just under constructors. Author: Martin Preisler <martin@preisler.me> Date: Sun May 31 19:03:02 2015 +0200 Merge pull request #83 from redhatrises/maint-1.2 [Enhancement] add Scientific Linux CPEs Author: Gabe <redhatrises@gmail.com> Date: Fri May 29 09:35:23 2015 -0600 [bugfix][enhancement] use scientific as identifier for scientific linux Author: Gabe <redhatrises@gmail.com> Date: Fri May 29 07:47:14 2015 -0600 [Enhancement] add Scientific Linux CPEs - Add Scientific Linux CPEs to inbuilt OpenSCAP CPE - Part of https://github.com/openscap/scap-security-guide/pull/571 Author: Jan Černý <jcerny@redhat.com> Date: Thu May 28 13:18:03 2015 +0200 trac#461: We should populate child elements of OVAL external_variable. Collect elements possible_value and possible_restriction and propagate them to OVAL results. Author: Martin Preisler <martin@preisler.me> Date: Wed May 27 11:44:59 2015 +0200 Merge pull request #80 from jan-cerny/proc_test Test properly if stderr is empty and result is not empty Author: Martin Preisler <martin@preisler.me> Date: Wed May 27 11:33:55 2015 +0200 Merge pull request #78 from jan-cerny/capability Updated enumerations for posix_capability item Author: Jan Černý <jcerny@redhat.com> Date: Tue May 26 15:09:02 2015 +0200 Test properly if stderr is empty and result is not empty Author: Jan Černý <jcerny@redhat.com> Date: Tue May 26 14:57:24 2015 +0200 Test properly empty content of stderr and nonempty result. Author: Martin Preisler <martin@preisler.me> Date: Mon May 25 13:33:22 2015 +0200 Merge pull request #77 from jan-cerny/symlink Symlink Author: Jan Černý <jcerny@redhat.com> Date: Mon May 25 12:32:58 2015 +0200 Correctly specify version of OVAL where process capabilities were introduced. Author: Jan Černý <jcerny@redhat.com> Date: Mon May 25 12:28:04 2015 +0200 Add a comment Author: Jan Černý <jcerny@redhat.com> Date: Thu May 21 14:44:16 2015 +0200 Test process58 probe with OVAL 5.11 Author: Jan Černý <jcerny@redhat.com> Date: Mon May 18 14:31:05 2015 +0200 Updated enumerations for posix_capability item Author: Jan Černý <jcerny@redhat.com> Date: Thu May 21 10:38:46 2015 +0200 Improved test fro symlink probe Author: Jan Černý <jcerny@redhat.com> Date: Thu May 21 10:35:47 2015 +0200 Using realpath() to resolve the symlink Author: Jan Černý <jcerny@redhat.com> Date: Mon May 18 15:04:18 2015 +0200 Use probe_msg_creat instead of probe_msg_creatf where possible Author: Jan Černý <jcerny@redhat.com> Date: Mon May 18 13:14:37 2015 +0200 Fixed buffer size for readlink() and added an explaining comment. Author: Jan Černý <jcerny@redhat.com> Date: Fri May 15 17:01:03 2015 +0200 symlink probe test Author: Jan Černý <jcerny@redhat.com> Date: Fri May 15 15:08:12 2015 +0200 symlink probe Author: Martin Preisler <martin@preisler.me> Date: Fri May 15 10:33:25 2015 +0200 Merge pull request #73 from jan-cerny/string_improved String improved Author: Jan Černý <jcerny@redhat.com> Date: Thu May 14 11:11:46 2015 +0200 Added a license Author: Jan Černý <jcerny@redhat.com> Date: Wed May 13 17:47:57 2015 +0200 Test oscap_string Author: Jan Černý <jcerny@redhat.com> Date: Wed May 13 17:44:10 2015 +0200 Minor improvements. Included config.h, changed datatype of length and capacity, aligning memory. Author: Martin Preisler <martin@preisler.me> Date: Tue May 12 11:40:08 2015 +0200 Merge pull request #76 from isimluk/maint-1.2 rhbz#1220262: Modify OVAL-5.11 schema files to be backward compatible Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue May 12 10:22:13 2015 +0200 rhbz#1220262: Modify OVAL-5.11 schema files to be backward compatible Previously, OVAL-5.10 allowed for missing epoch/version/release/arch. The upstream OVAL-5.11 schema is now more strict and not backward compatible. We need to make OVAL-5.11 schema backward compatible to support DataStream content that includes such OVAL-5.10 content. Note that DataStream 1.2 schema imports fixed version of OVAL schemas. Addressing: File '/tmp/ssg-rhel6-ds.xml' line 8755: Element '{http://oval.mitre.org/XMLSchema/oval-definitions-5#linux}filepath': This element is not expected. Expected is ( {http://oval.mitre.org/XMLSchema/oval-definitions-5#linux}epoch ). Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue May 12 09:58:27 2015 +0200 Rebuild configure.ac after a change in partition probe Requirement on linux/fs.h has been added. Author: Jan Černý <jcerny@redhat.com> Date: Wed May 6 17:43:56 2015 +0200 Small improvements of string module. Using oscap_alloc, oscap_free and oscap_realloc. Make code more human-readable. Author: Jan Černý <jcerny@redhat.com> Date: Mon May 4 11:12:52 2015 +0200 Using oscap_string_free and oscap_string_get_string in glob_to_regex. Author: Jan Černý <jcerny@redhat.com> Date: Mon May 4 11:10:25 2015 +0200 Improved oscap string module. Hidden definition of a structure to not be accessible from outside. New function to access the data. Author: Jan Černý <jcerny@redhat.com> Date: Tue May 5 09:01:59 2015 +0200 Checking for remount, bind and move mount options Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue May 5 10:56:39 2015 +0200 rhbz#1215220: Fix tests for ppc64 little endian arch Author: Jan Černý <jcerny@redhat.com> Date: Tue Apr 28 16:48:01 2015 +0200 Test - evaluating invalid regex in pattern match operations We had to verify that an invalid regex leads to error in pattern mattern match operations. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri May 1 16:40:26 2015 +0200 Bump version after release Next release from maint-1.2 branch will be 1.2.4. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri May 1 15:25:57 2015 +0200 openscap-1.2.3 Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri May 1 15:01:36 2015 +0200 Bump soname from 8.4.2 to 8.4.3 No new symbols have been added. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri May 1 12:39:50 2015 +0200 Hint user to install missing packages before generating incomplete file. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri May 1 11:59:45 2015 +0200 Merge branch 'maint-1.1' into maint-1.2 Before 1.2.3 release. Conflicts: xsl/xccdf-resources.xsl Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri May 1 11:24:52 2015 +0200 Merge branch 'maint-1.0' into maint-1.1 Before 1.2.3 release. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 30 16:43:41 2015 +0200 Removed code duplication in HTML guide and report, removed unnecessary ifs The report indeed does require benchmark, so we need to check that it is available. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 30 16:21:12 2015 +0200 Unified how HTML guide and report show title, desc and front-matter In an ideal world this would be refactored into a template in xccdf-share, however there are conflicting requirements and different assumptions in report and guide. Maybe one day we can roll it into one template. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 30 16:06:37 2015 +0200 Removed leftover dead code from HTML guide Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 30 16:04:14 2015 +0200 Insert 10px before rear-matter and notices element in HTML report and guide Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 30 15:57:30 2015 +0200 Moved rear-matter template from HTML guide to shared, used it in report Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 30 15:55:24 2015 +0200 Show benchmark front-matter, description and notices in HTML report Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Apr 30 12:29:14 2015 +0200 Merge pull request #69 from mpreisler/oscap_ssh oscap-ssh - remote oval and xccdf evaluation Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 30 00:37:00 2015 +0200 Support remote -h and --help in oscap-ssh Yes, it's useless but the docs say -h and --help is supported and it's too confusing to explain that it's only supported locally. Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 30 00:34:58 2015 +0200 Use -O exit instead of just exit when closing the ssh master socket Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 30 00:33:27 2015 +0200 Support --version as well as --v in oscap-ssh Author: Martin Preisler <martin@preisler.me> Date: Mon Apr 27 14:20:00 2015 +0200 Merge pull request #70 from jan-cerny/maint-1.2 Fixed bad namespace in unix definitions schema and schematron Author: Jan Černý <jcerny@redhat.com> Date: Mon Apr 20 15:39:46 2015 +0200 Fixed bad object names in unix definitions schema and schematron Author: Martin Preisler <martin@preisler.me> Date: Fri Apr 24 10:34:57 2015 +0200 Merge pull request #67 from jan-cerny/glob2regex Glob2regex Author: Jan Černý <jcerny@redhat.com> Date: Fri Apr 24 10:13:44 2015 +0200 Changed datatype of attribute glob_noescape from char* to bool. We need only boolean value here, no need to store a string. Author: Jan Černý <jcerny@redhat.com> Date: Thu Apr 23 17:22:41 2015 +0200 Better error message. Author: Jan Černý <jcerny@redhat.com> Date: Thu Apr 23 17:21:29 2015 +0200 Fix bad indentation Author: Jan Černý <jcerny@redhat.com> Date: Thu Apr 23 17:20:33 2015 +0200 Correctly name header file according to conventions Author: Jan Černý <jcerny@redhat.com> Date: Tue Apr 21 17:36:17 2015 +0200 Test - glob_to_regex function Needs to unhide the symbol form a header file. Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 23 15:03:42 2015 +0200 Merge pull request #71 from jan-cerny/validate_test Test oscap oval validate on OVAL 5.11 content. Author: Jan Černý <jcerny@redhat.com> Date: Wed Apr 22 10:12:39 2015 +0200 Test oscap oval validate on OVAL 5.11 content. We need to test `oscap oval validate` and `oscap oval validate --schematron` on OVAL 5.11 content to avoid mistakes in OVAL 5.11 schematron. Author: Jan Černý <jcerny@redhat.com> Date: Tue Apr 21 15:48:10 2015 +0200 Removed overabundant "exit 1" - replaced by assert_exist. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 20 16:48:53 2015 +0200 Refactored <fix/> and <fixtext/> rendering into 2 templates in report and guide This will prevent code duplication in very near future. Author: Martin Preisler <martin@preisler.me> Date: Sat Apr 18 15:48:34 2015 +0200 Install oscap-ssh when running `make install` Author: Martin Preisler <martin@preisler.me> Date: Sat Apr 18 15:39:11 2015 +0200 Moved oscap-ssh to utils, next to scap-as-rpm Author: Martin Preisler <martin@preisler.me> Date: Sat Apr 18 15:33:22 2015 +0200 Support -h and --help arguments in the oscap-ssh script Author: Martin Preisler <martin@preisler.me> Date: Sat Apr 18 13:10:47 2015 +0200 Check all file paths before any copying takes place Author: Martin Preisler <martin@preisler.me> Date: Sat Apr 18 12:40:22 2015 +0200 Check whether local file path is a valid and existing file path Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 9 22:53:54 2015 +0200 Support `oval eval --directives` option Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 9 22:50:28 2015 +0200 `oscap-ssh user@host 22 --v` is supported now Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 9 22:45:06 2015 +0200 Added support for `oval {eval,collect} --variables option` Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 9 22:42:17 2015 +0200 Added support for `oval collect --syschar` option Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 9 22:38:15 2015 +0200 Basic --cpe support for xccdf eval, external OVAL files not supported yet! Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 9 22:33:09 2015 +0200 Added basic support for `oval collect`, fixed docs Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 9 22:28:26 2015 +0200 Added `oscap info` to usage docs Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 9 22:27:04 2015 +0200 Added basic support for `oval eval`, improved documentation Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 9 22:13:39 2015 +0200 Renamed TARGET_RESULTS_XCCDF to just TARGET_RESULTS It will be used for more modes than just xccdf eval. Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 9 22:10:33 2015 +0200 Added support for `info` command line options $ oscap-ssh user@host 22 info local-file.xml Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 9 22:07:10 2015 +0200 Simpler check for `xccdf eval` This is in preparation for more supported command line options. Author: Martin Preisler <martin@preisler.me> Date: Thu Apr 9 22:05:40 2015 +0200 Check for dependencies with which, fail as early as possible Author: Martin Preisler <martin@preisler.me> Date: Mon Apr 6 17:49:49 2015 +0200 Initial prototype Error handling and the arguments rewriting is a little shoddy but it works! Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 17 15:25:34 2015 +0200 Merge branch 'maint-1.1' into maint-1.2 Conflicts: xsl/xccdf-report-impl.xsl xsl/xccdf-resources.xsl Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 17 15:09:57 2015 +0200 Scroll the HTML report CPE platforms and Addresses as well This fixes an overflow when user's browser is set to very large font. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 17 15:01:02 2015 +0200 Scroll evaluation characteristics table if it overflows in HTML report We can't predict values of target hostname and/or benchmark URL. They can be very large in practice and the words may not be splittable. This change causes the table to show horizontal scrollbar instead of overflowing right. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Apr 17 13:53:34 2015 +0200 trac#457: Skip transient files when traversing /proc Addressing: lstat failed when processing /proc/27762/task/27762/fd/7: errno=2, No such file or directory. (Where fd=7 was directory openned by openat during fts_read) Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Apr 16 15:26:59 2015 +0200 Make the error message actually useful While leaving this commit message sarcasm free. Author: Jan Černý <jcerny@redhat.com> Date: Thu Apr 16 08:47:26 2015 +0200 Implemented oscap_string_free Author: Jan Černý <jcerny@redhat.com> Date: Thu Apr 16 08:27:28 2015 +0200 Using OSCAP_HIDDEN_START/END to not export the symbol Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Apr 15 10:43:26 2015 +0200 trac#458: Avoid double free These hunks are missing from 41ef893e. Addressing segmentation fault: #0 0x00007ffff561108d in xmlHashFree () from /lib64/libxml2.so.2 #1 0x00007ffff560865c in xmlFreeDoc () from /lib64/libxml2.so.2 #2 0x00007ffff7ad39f8 in oscap_source_free (source=0xf45e90) at oscap_source.c:109 #3 0x00007ffff7ace116 in oscap_htable_free (htable=0xd7dd90, destructor=0x7ffff7ad3968 <oscap_source_free>) at list.c:532 #4 0x00007ffff7b6f79f in _xccdf_session_free_oval_result_sources (session=0x61fb40) at xccdf_session.c:1023 #5 0x00007ffff7b6cf73 in xccdf_session_free (session=0x61fb40) at xccdf_session.c:205 #6 0x000000000040bfe4 in app_evaluate_xccdf (action=0x7fffffffd430) at oscap-xccdf.c:540 #7 0x0000000000407f8b in oscap_module_call (action=0x7fffffffd430) at oscap-tool.c:260 #8 0x0000000000408408 in oscap_module_process (module=0x617700 <XCCDF_EVAL>, argc=12, argv=0x7fffffffd6a8) at oscap-tool.c:345 #9 0x0000000000406e1d in main (argc=12, argv=0x7fffffffd6a8) at oscap.c:80 Author: Jan Černý <jcerny@redhat.com> Date: Tue Apr 14 15:42:10 2015 +0200 Move the glob_to_regex function to a separate file Author: Jan Černý <jcerny@redhat.com> Date: Tue Apr 14 15:14:11 2015 +0200 A module implementing dynamic strings Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 13 15:17:39 2015 +0200 Display <fixtext> elements in HTML guide Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 13 15:10:38 2015 +0200 Better support for <Rule> with multiple <fix> elements in HTML guide Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 13 15:08:27 2015 +0200 Display <fixtext> elements in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 13 14:59:03 2015 +0200 Better support for <Rule> with multiple <fix> elements in HTML report Author: Jan Černý <jcerny@redhat.com> Date: Mon Apr 13 14:26:44 2015 +0200 Provided a different example of invalid glob Author: Martin Preisler <martin@preisler.me> Date: Mon Apr 13 14:09:24 2015 +0200 Merge pull request #68 from jan-cerny/doublefree Fix possible double free Author: Jan Černý <jcerny@redhat.com> Date: Mon Apr 13 14:01:26 2015 +0200 Improve a comment Author: Jan Černý <jcerny@redhat.com> Date: Mon Apr 13 13:40:09 2015 +0200 Fixed evaluating af backslash at the end of glob expression. If a backslash is at the end of glob, it should be evaluated as a literal. Author: Jan Černý <jcerny@redhat.com> Date: Mon Apr 13 11:43:24 2015 +0200 Handle error of glob_to_regex function. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Apr 13 11:06:56 2015 +0200 Make sure to initialize epoch string before a use Addressing (CWE-457): src/OVAL/probes/unix/linux/rpmverifypackage.c:151: uninit_use_in_call: Using uninitialized element of array "ent_str" when calling "strcmp". Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Apr 13 10:46:30 2015 +0200 Plug a memory leak Addressing (CWE-772): utils/oscap-xccdf.c:1048: leaked_storage: Variable "source" going out of scope leaks the storage it points to. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Apr 13 10:35:14 2015 +0200 Give up on error Addressing (CWE-476): src/DS/ds_sds_session.c:299: var_deref_model: Passing null pointer "xccdf" to "oscap_source_apply_xslt_path_mem", which dereferences it. Author: Jan Černý <jcerny@redhat.com> Date: Mon Apr 13 10:01:36 2015 +0200 Fix possible double free Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Apr 13 10:10:15 2015 +0200 Do not dereference NULL pointer Addressing (CWE-476): src/source/bz2.c:63: var_deref_op: Dereferencing null pointer "b". Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Apr 13 10:02:41 2015 +0200 Fix double free and deprecate function use Addressing: src/XCCDF/xccdf_session.c:498:3: warning: 'xccdf_policy_model_add_cpe_autodetect' is deprecated (declared at src/XCCDF_POLICY/public/xccdf_policy.h:234) Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Apr 13 09:54:17 2015 +0200 Do not free a structure that is not owned Addressing (CWE-825): src/XCCDF/tailoring.c:229: double_free: Calling "oscap_source_free" frees pointer "source" which has already been freed. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Apr 13 09:46:35 2015 +0200 Do not pass NULL to xccdf_benchmark_get_schema_version Addressing (CWE-476): src/XCCDF/item.c:834: var_deref_model: Passing null pointer "top_benchmark" to "xccdf_benchmark_get_schema_version", which dereferences it. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Apr 10 19:41:34 2015 +0200 Do not free a structure that is not owned Addressing (CWE-825): src/OVAL/oval_varModel.c:327: double_free: Calling "oscap_source_free" frees pointer "source" which has already been freed. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Apr 10 19:20:12 2015 +0200 Make sure to always initialize varref_type. Addressing (CWE-457): src/OVAL/oval_entity.c:365: uninit_use_in_call: Using uninitialized value "varref_type" when calling "oval_entity_set_varref_type". Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Apr 10 18:53:20 2015 +0200 Do not pass NULL to ds_doc_from_foreign_node Addressing CWE-476: src/DS/ds_common.c:43:3: deref_parm: Directly dereferencing parameter "node". Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Apr 10 18:35:39 2015 +0200 Plug a memory leak. Author: Jan Černý <jcerny@redhat.com> Date: Fri Apr 10 15:44:57 2015 +0200 Added invalid globs to test cases for the glob_to_regex function Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 10 15:44:36 2015 +0200 Prevent every <br/> showing up as two <br> in HTML report and guide Ah, the endless joy of trying to make XSLT, XHTML and HTML5 work together. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 10 15:31:17 2015 +0200 Show warnings for Rules in HTML report There is no opportunity in HTML report to show warnings of Groups. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 10 15:30:58 2015 +0200 Show warnings for Groups and Rules in HTML guide Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 10 14:41:09 2015 +0200 Fixed XHTML to HTML5 transformation in report and guide substitution code Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 10 13:35:18 2015 +0200 Show cdf:rationale in HTML guide Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 10 11:27:48 2015 +0200 Show cdf:rationale in HTML report Fixes a regression - the old report did show rationale. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 9 15:33:45 2015 +0200 Disambiguate ./autogen.sh in README.md, only run when cloning from repo See https://fedorahosted.org/openscap/ticket/451 Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Mar 26 13:34:10 2015 +0100 Use substitutionGroup change to the OVAL 5.11 schema from David Solin With a very small change by me to be compatible with both OVAL 5.10 and 5.11. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Mar 24 18:28:15 2015 +0100 Revert "Changed OVAL 5.11 XSD, allow oval:note and oval-def:note inside notes" This reverts commit 8e1f69c0bacb974f604f56a12da5386e1bfa8c8f. David Solin provided a better fix for this issue that is compatible with more XML parsers than just libxml2. Author: Jan Černý <jcerny@redhat.com> Date: Thu Apr 9 14:49:03 2015 +0200 Added comment in _glob_to_regex() Author: Jan Černý <jcerny@redhat.com> Date: Thu Apr 9 09:54:40 2015 +0200 Test update - correction of converting glob * and ? to regex Author: Jan Černý <jcerny@redhat.com> Date: Thu Apr 9 09:32:07 2015 +0200 Improved glob_to_regex function. This make the glob_to_regex more compatible with unix globs. See man 7 glob. The * and ? should never match /. Deal with dots at begining. Fixes possible buffer overrun. Author: Jan Černý <jcerny@redhat.com> Date: Thu Apr 2 16:59:25 2015 +0200 Test glob_to_regex function Author: Jan Černý <jcerny@redhat.com> Date: Thu Apr 2 16:52:44 2015 +0200 New OVAL function glob_to_regex. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Apr 2 16:26:33 2015 +0200 Bump version after release Next release from maint-1.2 branch will be 1.2.3 (yax!) Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Apr 2 15:06:41 2015 +0200 openscap-1.2.2 Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Apr 2 14:46:05 2015 +0200 Bump soname from 8.4.1 to 8.4.2 No new symbols have been added. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Apr 1 22:52:31 2015 +0200 tests: Test suite shall not create fixed path files. Author: Jan Černý <jcerny@redhat.com> Date: Mon Mar 30 14:09:03 2015 +0200 Test for rpmverifypackage probe. Tests proper evaluating of the rpmverifypackage_object. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Apr 1 22:27:59 2015 +0200 Merge branch 'maint-1.1' into maint-1.2 Before OpenSCAP 1.2.2 release. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Apr 1 22:06:28 2015 +0200 Merge branch 'maint-1.0' into maint-1.1 Before OpenSCAP 1.2.2 release. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Apr 1 20:58:40 2015 +0200 tests: Assert Fedora 23 CPE implementation Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Apr 1 20:23:03 2015 +0200 Introduce CPE name for upcomming Fedora 23 Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Apr 1 17:20:37 2015 +0200 Advise users not to use var_ref/@var_ref OVAL 5.6+ schematron rules tell the same. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Apr 1 16:47:18 2015 +0200 Refactor: Extract function: oval_definition_model_get_schema_version Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Apr 1 15:35:27 2015 +0200 trac#450: Make sure variable is found during parsing of input document. Author: Jan Černý <jcerny@redhat.com> Date: Thu Mar 26 09:53:23 2015 +0100 Fixed bug in rpm epoch. The epoch "(none)" has caused that object can't be found. The fix skips modifying RPM iterator with regular expression for the epoch tag. Author: Jan Černý <jcerny@redhat.com> Date: Mon Mar 23 15:48:26 2015 +0100 New error message for environmentvariable58 objects. When process with requested PID does not exist, a message will be added to OVAL results. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Mar 19 17:33:18 2015 +0100 Update Copyright notice. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Mar 19 17:10:32 2015 +0100 Merge branch 'maint-1.1' into maint-1.2 Conflicts: utils/oscap-ds.c Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Mar 19 17:07:42 2015 +0100 Merge branch 'maint-1.0' into maint-1.1 Conflicts: ac_probes/configure.ac.tpl configure.ac Author: Martin Preisler <martin@preisler.me> Date: Thu Mar 19 16:50:21 2015 +0100 Merge pull request #59 from jan-cerny/skip-valid Added misssing parametr --skip-valid for oscap ds sds-compose Author: Jan Černý <jcerny@redhat.com> Date: Thu Mar 19 15:49:08 2015 +0100 Add --skip-valid to DS actions in manual page Author: Jan Černý <jcerny@redhat.com> Date: Thu Mar 19 15:26:48 2015 +0100 Fixed NULL pointer dereferencing. Author: Jan Černý <jcerny@redhat.com> Date: Wed Mar 18 17:51:55 2015 +0100 Option --skip-valid for actions in ds module Author: Martin Preisler <martin@preisler.me> Date: Thu Mar 19 14:23:00 2015 +0100 Merge pull request #60 from jan-cerny/oval5.11 Added schematron files for OVAL 5.11 Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 18 19:51:16 2015 +0100 Changed OVAL 5.11 XSD, allow oval:note and oval-def:note inside notes Fixes backward compatibility issues with OVAL 5.10, see: https://github.com/OVALProject/Language/issues/237 Author: Jan Černý <jcerny@redhat.com> Date: Mon Mar 16 17:08:09 2015 +0100 add oscap ds sds-compose --skip-valid to the manual page Author: Jan Černý <jcerny@redhat.com> Date: Mon Mar 16 17:00:15 2015 +0100 Add --skip-valid to the help text of oscap ds sds-compose Author: Martin Preisler <martin@preisler.me> Date: Mon Mar 16 16:35:18 2015 +0100 Merge pull request #57 from jan-cerny/oval_details OVAL details in HTML report for passed rules. Author: Jan Černý <jcerny@redhat.com> Date: Mon Mar 16 16:22:05 2015 +0100 Limit of displayed items in OVAL details changed from 50 to 100. Author: Jan Černý <jcerny@redhat.com> Date: Mon Mar 16 13:37:02 2015 +0100 Added schematron files for OVAL 5.11 Author: Jan Černý <jcerny@redhat.com> Date: Thu Mar 12 10:31:59 2015 +0100 Added misssing parametr --skip-valid for oscap ds sds-compose Author: Jan Černý <jcerny@redhat.com> Date: Thu Mar 12 09:40:13 2015 +0100 OVAL details items heading more self-documenting Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Mar 16 10:45:37 2015 +0100 Tests: Ensure that bad selector does not produce segfault Author: Martin Preisler <martin@preisler.me> Date: Thu Mar 12 14:05:00 2015 +0100 Merge pull request #58 from jan-cerny/oval5.11 Support for OVAL 5.11 for generating datastreams Author: Jan Černý <jcerny@redhat.com> Date: Thu Mar 12 09:04:36 2015 +0100 add a comment in xsd schema Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Mar 11 11:20:33 2015 +0100 Fix segfault on invalid xccdf:refine-value selector. Addressing: #0 in xccdf_value_instance_get_value (item=0x0) at value.c:437 #1 in xccdf_policy_get_value_of_item (policy=0x630a00, item=0x63ad80) at xccdf_policy.c:2426 #2 in xccdf_policy_add_final_setvalue (policy=0x630a00, value=0x63ad80, result=0x630870) at xccdf_policy.c:2193 #3 in xccdf_policy_add_final_setvalues (policy=0x630a00, item=0x631d90, result=0x630870) at xccdf_policy.c:2228 #4 in xccdf_policy_evaluate (policy=0x630a00) at xccdf_policy.c:2318 #5 in xccdf_session_evaluate (session=0x61fb00) at xccdf_session.c:907 #6 in app_evaluate_xccdf (action=0x7fffffffd4a0) at oscap-xccdf.c:490 #7 in oscap_module_call (action=0x7fffffffd4a0) at oscap-tool.c:261 #8 in oscap_module_process (module=0x6176c0 <XCCDF_EVAL>, argc=8, argv=0x7fffffffd718) at oscap-tool.c:346 #9 in main (argc=8, argv=0x7fffffffd718) at oscap.c:79 Author: Jan Černý <jcerny@redhat.com> Date: Mon Mar 9 17:53:57 2015 +0100 Support for OVAL 5.11 for generating datastreams Author: Jan Černý <jcerny@redhat.com> Date: Tue Mar 10 16:12:29 2015 +0100 Enhancement of visualisation of not found objects in HTML report. Author: Jan Černý <jcerny@redhat.com> Date: Thu Mar 5 17:39:50 2015 +0100 Tests that fixes containing unresolved elements can't be executed. Author: Jan Černý <jcerny@redhat.com> Date: Tue Mar 3 16:23:09 2015 +0100 trac#265: substituing xccdf:fix/xccdf:instance elements + test Author: Jan Černý <jcerny@redhat.com> Date: Thu Mar 5 16:18:12 2015 +0100 OVAL details in HTML report for passed rules. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Mar 6 09:17:42 2015 +0100 Return not_applicable item if offline mode is not suported Previously, we have been returning random snack from the stack. Addressing: ------ ("seap.msg" ":id" 0 ":reply-id" 0 (21351608 () () () ) ) ------ OpenSCAP Error: Unknown syschar flag: 21351608. [oval_resultTest.c:837] Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Mar 5 14:09:57 2015 +0100 Improve handling of unsupported offline mode Make it clear in the debug log what happened. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Feb 25 13:32:46 2015 +0100 Merge pull request #49 from jan-cerny/maly_test trac#282: small test that checks possibility of placing comment before r... Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Feb 25 13:31:13 2015 +0100 Merge pull request #53 from jan-cerny/maint-1.1 trac#269: Test checking the xccdf:platform element within xccdf:TestResu... Author: Jan Černý <jcerny@redhat.com> Date: Mon Feb 23 14:09:22 2015 +0100 trac#269: Test checking the xccdf:platform element within xccdf:TestResult Author: Jan Černý <jcerny@redhat.com> Date: Tue Feb 17 15:45:18 2015 +0100 trac#282: small test that checks possibility of placing comment before root element in OVAL files Author: Martin Preisler <martin@preisler.me> Date: Fri Feb 20 15:23:12 2015 +0100 Merge pull request #51 from jan-cerny/asdf Avoids possible dereferencing a null pointer. Author: Jan Černý <jcerny@redhat.com> Date: Tue Feb 17 17:03:01 2015 +0100 Avoids possible dereferencing a null pointer. Author: Martin Preisler <martin@preisler.me> Date: Fri Feb 20 14:54:04 2015 +0100 Merge pull request #48 from jan-cerny/maint-1.1 trac#447: Table of Contents added to generated HTML guide. Author: Jan Černý <jcerny@redhat.com> Date: Fri Feb 20 12:46:59 2015 +0100 trac#447: Small improvements in table of contents. Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Fri Feb 20 11:21:44 2015 +0100 Fixed a Solaris build issue in src/OVAL/probes/unix/file.c Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Fri Feb 20 11:07:27 2015 +0100 Only include <sys/prctl.h> on Linux in SCE Fixes build issues on Solaris. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Feb 18 13:13:15 2015 +0100 Merge pull request #50 from jan-cerny/maint-1.0 Eliminated warning: initialization discards qualifiers from pointer targ... Author: Jan Černý <jcerny@redhat.com> Date: Tue Feb 17 16:56:06 2015 +0100 Eliminated warning: initialization discards qualifiers from pointer target type Author: Jan Černý <jcerny@redhat.com> Date: Mon Feb 16 14:39:29 2015 +0100 trac#447: Table of Contents added to generated HTML guide. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Feb 16 21:45:17 2015 +0100 Merge branch 'maint-1.1' into maint-1.2 Conflicts: ac_probes/configure.ac.tpl configure.ac tests/Makefile.am Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Feb 16 21:12:40 2015 +0100 Merge maint-1.0 into maint-1.1 After OpenSCAP 1.0.10 release. Conflicts: NEWS ac_probes/configure.ac.tpl configure.ac Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Feb 16 17:56:07 2015 +0100 Bump version after release. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Feb 16 16:06:41 2015 +0100 openscap-1.0.10 Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Feb 16 14:39:30 2015 +0100 Bump soname from 8.3.0 to 8.3.1 No new symbols have been added. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Feb 16 12:26:48 2015 +0100 Bump version after release Next release from maint-1.2 branch will be 1.2.2. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Feb 16 11:00:14 2015 +0100 declaration of ‘time’ shadows a global declaration Fixes #42. Addressing: result.c: In function ‘xccdf_rule_result_override’: result.c:1157: warning: declaration of ‘time’ shadows a global declaration /usr/include/time.h:186: warning: shadowed declaration is here Author: Martin Preisler <martin@preisler.me> Date: Tue Feb 10 17:39:30 2015 +0100 Merge pull request #47 from jan-cerny/oprava3 Fix a double free. Author: Martin Preisler <martin@preisler.me> Date: Tue Feb 10 17:37:57 2015 +0100 Merge pull request #46 from jan-cerny/maint-1.0 trca#352: <connection_string> should be exported before <sql> within <sq... Author: Jan Černý <jcerny@redhat.com> Date: Tue Feb 10 17:17:39 2015 +0100 Fix a double free. Author: Jan Černý <jcerny@redhat.com> Date: Tue Feb 10 16:45:19 2015 +0100 trca#352: <connection_string> should be exported before <sql> within <sql57_item> Author: Martin Preisler <martin@preisler.me> Date: Tue Feb 10 13:31:27 2015 +0100 Merge pull request #44 from jan-cerny/oprava1 Plug a memory leak. Author: Martin Preisler <martin@preisler.me> Date: Tue Feb 10 13:30:12 2015 +0100 Merge pull request #40 from jan-cerny/maint-1.1 Show info about objects and states in OVAL details in HTML report when o... Author: Jan Černý <jcerny@redhat.com> Date: Mon Feb 9 16:28:27 2015 +0100 Plug a memory leak. 18. openscap-1.1.1/src/OVAL/probes/unix/linux/systemdunitproperty.c:107: alloc_fn: Storage is returned from allocation function "oscap_strdup". 21. openscap-1.1.1/src/common/util.c:65:2: alloc_fn: Storage is returned from allocation function "strdup". 22. openscap-1.1.1/src/common/util.c:65:2: var_assign: Assigning: "m" = "strdup(str)". 25. openscap-1.1.1/src/common/util.c:70:2: return_alloc: Returning allocated memory "m". 26. openscap-1.1.1/src/OVAL/probes/unix/linux/systemdunitproperty.c:107: var_assign: Assigning: "property_name" = storage returned from "oscap_strdup(value.str)". 33. openscap-1.1.1/src/OVAL/probes/unix/linux/systemdunitproperty.c:116: leaked_storage: Variable "property_name" going out of scope leaks the storage it points to. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Feb 8 13:56:59 2015 +0100 Revert "trac#390: fixing build on my shinny little fedora 21" This reverts commit 6c93bbfb6c2db0bdce501c6aa471c45e7bc7d2cc. Not really works. It was in hurry. Author: Shawn Wells <shawn@redhat.com> Date: Fri Feb 6 14:18:31 2015 -0500 [issue 41] added AC_CHECK_HEADER for pcre.h Every time I meet Simon, I break OpenSCAP :) Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Feb 8 01:01:53 2015 +0100 trac#390: fixing build on my shinny little fedora 21 Author: Jan Černý <jcerny@redhat.com> Date: Thu Feb 5 10:09:38 2015 +0100 Used @mode in applying templates, changed idendation. Author: Jan Černý <jcerny@redhat.com> Date: Wed Feb 4 14:52:59 2015 +0100 Show info about objects and states in OVAL details in HTML report when object could not be found Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Feb 2 17:09:15 2015 +0100 Merge pull request #37 from jan-cerny/xsl trac#426: Labels in OVAL details in HTML report should start with capita... Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Feb 2 17:06:27 2015 +0100 Merge pull request #38 from jan-cerny/details Show a message in HTML report when OVAL object could not be found. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Feb 2 17:05:32 2015 +0100 Merge pull request #39 from jan-cerny/maint-1.1 Fix test_oval_details partition test to be able to run on RHEL 7. Author: Jan Černý <jcerny@redhat.com> Date: Mon Feb 2 15:36:18 2015 +0100 Fix test_oval_details partition test to be able to run on RHEL 7. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Fri Jan 30 13:45:54 2015 +0100 Merge pull request #36 from jan-cerny/maint-1.1 Test OVAL details in HTML reports Author: Jan Černý <jcerny@redhat.com> Date: Fri Jan 30 11:57:56 2015 +0100 Show a message in HTML report when OVAL object could not be found. Author: Jan Černý <jcerny@redhat.com> Date: Wed Jan 28 15:58:44 2015 +0100 Tests check presence of OVAL details in HTML report. Author: Jan Černý <jcerny@redhat.com> Date: Thu Jan 29 15:42:20 2015 +0100 trac#426: Labels in OVAL details in HTML report should start with capital letters. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jan 16 15:57:31 2015 +0100 Export @var_check together with @var_ref for objects Addresses rhbz#1182242 and rhbz#1159289. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 10 12:43:07 2015 +0100 openscap-1.2.1 Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jan 10 12:42:13 2015 +0100 Bump soname from 8.4.0 to 8.4.1 No interface changes. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jan 9 19:10:54 2015 +0100 Provide tooltips for identifiers and references in HTML report and guide Both aren't self documenting and we can't expect users to read the entire XCCDF specification. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jan 9 18:11:46 2015 +0100 Merge branch 'maint-1.1' into maint-1.2 Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jan 9 18:02:15 2015 +0100 Use XCCDF item IDs as CSS classes in HTML report Integrations can use this to jump to the right Rule or Group. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jan 9 17:59:24 2015 +0100 Use XCCDF item IDs as CSS classes in HTML guide Integrations can use this to jump to the right Rule or Group. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 8 22:51:13 2015 +0100 Merge branch 'maint-1.1' into maint-1.2 Conflicts: xsl/xccdf-resources.xsl What a painful merge conflict. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 8 16:30:58 2015 +0100 Merge branch 'maint-1.0' into maint-1.1 Just before OpenSCAP 1.2.1 release. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 8 16:14:57 2015 +0100 Add missing files to makefile. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jan 6 16:23:14 2015 +0100 Set async thread cancelation before entering probe_main Set thread cancelation type to PTHREAD_CANCEL_ASYNCHRONOUS to prevent the code in probe_main to defer the cancelation for too long. Related: rhbz#1165139 Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 8 14:59:27 2015 +0100 Make sure that DS eval have blank stderr Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jan 8 14:27:28 2015 +0100 tests: trac#434: Ensure that CPE in DataStream is used correctly Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Jan 6 17:45:37 2015 +0100 trac#434: Keep the relative path canonical Do not create things like: "./oval.xml" Addressing: Unable to parse XML at: './ssg-fedora-cpe-oval.xml' [oscap_source.c:187] Can't import OVAL definition model './ssg-fedora-cpe-oval.xml' for CPE applicability checking [cpe_session.c:108] Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Jan 6 17:40:23 2015 +0100 Refactor: Extract function: _cpe_get_oval_href Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Jan 6 17:18:32 2015 +0100 trac#434: oscap_source(s) of ds_sds_session should only have relative href This change concurs with 187bfd11d0a85f5101e9a5816444bcca2e546d3d Addressing: Unable to parse XML at: '/tmp/oscap.XUC2eE/./ssg-fedora-cpe-oval.xml' [oscap_source.c:187] Can't import OVAL definition model '/tmp/oscap.XUC2eE/./ssg-fedora-cpe-oval.xml' for CPE applicability checking [cpe_session.c:107] Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jan 5 16:20:08 2015 +0100 Visual tweak to close button, modal dialog backdrop click fix in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jan 5 15:59:54 2015 +0100 Use a larger times / X sign in close button for modal dialogs in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jan 5 15:37:31 2015 +0100 Label OVAL details coming from ARF as so in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jan 5 13:57:07 2015 +0100 Move OpenSCAP text from SVG logo to <h1/> element in HTML report and guide Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jan 5 13:10:54 2015 +0100 Merge commit '313650810d5727e1a259d13e9c454a1c3abbd73f' into maint-1.2 Conflicts: schemas/oval/5.11/oval-definitions-schema.xsd schemas/oval/5.11/oval-directives-schema.xsd schemas/oval/5.11/oval-results-schema.xsd schemas/oval/5.11/oval-system-characteristics-schema.xsd schemas/oval/5.11/oval-variables-schema.xsd schemas/oval/5.11/xmldsig-core-schema.xsd Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jan 5 11:52:35 2015 +0100 Updated OVAL 5.11 schemas to the officially released schemas Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Dec 27 16:06:29 2014 +0100 Refactor: Rename functions to structure bz2 module Bz2 module contains two structures bz2_file and bz2_mem and functions working with either structure. Let's rename older functions to include the bz2_file prefix. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Dec 26 15:43:42 2014 +0100 tests: trac#429: check bzip2 support for oscap_source_new_from_memory Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Dec 25 10:35:08 2014 +0100 trac#429: bzip2 support for oscap_source_new_from_memory Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Dec 18 16:57:08 2014 +0100 Always show score percentage, even if it can't fit to the green part of the bar Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Dec 18 16:16:43 2014 +0100 Slight heading and string changes in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Dec 18 16:10:15 2014 +0100 Use "Percent" instead of "%" for scoring column header in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Dec 18 15:42:04 2014 +0100 Show high severity on the right in severity breakdown in HTML report This is consistent with showing failed rules on the right. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Dec 18 10:04:59 2014 +0100 Merge pull request #33 from jan-cerny/maint-1.0 Fixed a segfault when working with empty xccdf variable. Author: Jan Černý <jcerny@redhat.com> Date: Thu Dec 18 09:43:32 2014 +0100 New unit test, which tests possibility of segmentation fault when working with empty XCCDF element "<variable/>". Author: Jan Černý <jcerny@redhat.com> Date: Wed Dec 17 14:01:42 2014 +0100 Fixed a segfault when working with empty xccdf variable. Put an empty string instead of NULL if xccdf_value_binding_get_value returns NULL. First, we do that before resolving variables conflict. Second, we do that when adding variables to variable model. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Dec 10 14:31:18 2014 +0100 Do not use a/@name in HTML5 report and guide, @name is deprecated The @id attribute is used instead. It seems libxml2 2.9.2 treats @name as if it shared namespace with @id. This causes issues because there are duplicates. This commit fixes that. element a: validity error : ID characteristics already defined element a: validity error : ID compliance-and-scoring already defined element a: validity error : ID rule-overview already defined element a: validity error : ID result-details already defined element a: validity error : ID rule-detail-idp172343684 already defined element a: validity error : ID rule-detail-idp172345764 already defined element a: validity error : ID rule-detail-idp172348060 already defined element a: validity error : ID rule-detail-idp172350140 already defined element a: validity error : ID rule-detail-idp172353252 already defined element a: validity error : ID rule-detail-idp172355332 already defined element a: validity error : ID rule-detail-idp172357412 already defined element a: validity error : ID rule-detail-idp172359500 already defined element a: validity error : ID rule-detail-idp172362620 already defined Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Dec 2 11:13:56 2014 +0100 Bump version after release Next release from main-1.2 branch will be 1.2.1 Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Dec 2 10:17:58 2014 +0100 openscap-1.2.0 Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Dec 2 10:11:19 2014 +0100 Bump soname from 8.3.2 to 8.4.0 50 new symbols has been added. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Dec 1 15:51:01 2014 +0100 Merge branch 'maint-1.1' into master Shortly before 1.2.0 release. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Dec 1 14:38:20 2014 +0100 Merge branch 'maint-1.0' into maint-1.1 Shortly before 1.2.0 release. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Dec 1 14:36:54 2014 +0100 Merge pull request #32 from jan-cerny/maint-1.1 trac#421: initialization discards 'const' qualifier from pointer target ... Author: Marcus Meissner <meissner@suse.de> Date: Mon Dec 1 13:36:22 2014 +0100 cron snippet: removed bashisms Contributed by Led <ledest@gmail.com> - fix bashism in oscap-scan.cron script Author: Jan Černý <jcerny@redhat.com> Date: Mon Dec 1 14:26:02 2014 +0100 trac#421: initialization discards 'const' qualifier from pointer target type Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Nov 27 10:49:36 2014 +0100 Use calloc to allocate new rds_index The functions in the module like (rds_report_index_get_request) assume zeroed memory. Addressing SEGFAULT. (Stacktraces are from master, but segfault is present in maint-1.0 branch as well). in rds_report_request_index_get_id (s=0x8282828282828282) at rds_index.c:62 in ds_rds_session_select_report_request (session=0x73d7f0, report_request_id=0x0) at ds_rds_session.c:153 in app_ds_rds_split (action=0x7fffffffd950) at oscap-ds.c:402 in oscap_module_call (action=0x7fffffffd950) at oscap-tool.c:260 in oscap_module_process (module=0x615ca0 <DS_RDS_SPLIT_MODULE>, argc=5, argv=0x7fffffffdbc8) at oscap-tool.c:345 in main (argc=5, argv=0x7fffffffdbc8) at oscap.c:80 Conditional jump or move depends on uninitialised value(s) at 0x4C67564: ds_rds_session_select_report_request (ds_rds_session.c:150) by 0x409151: app_ds_rds_split (oscap-ds.c:402) by 0x407F88: oscap_module_call (oscap-tool.c:260) by 0x408405: oscap_module_process (oscap-tool.c:345) by 0x406E16: main (oscap.c:80) Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Nov 26 17:33:10 2014 +0100 trac#422: Split Source DataStream to the correct directory. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 26 15:46:16 2014 +0100 Use the shared xmldsig-core-schema.xsd even in OVAL 5.11 schemas Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 26 15:27:05 2014 +0100 Added OVAL 5.11 schemas to Makefile.am Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 26 15:08:14 2014 +0100 Enabled validation for systemd tests, fixed them to pass the validation Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 26 15:07:07 2014 +0100 Resolve parsing issues with OVAL 5.11 schemas Similar to e64ba09361ab2e62125abc38b96b8918f78b1fac but for OVAL 5.11 schemas Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 26 14:57:16 2014 +0100 Added OVAL 5.11 Release Candidate schemas Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Nov 26 11:27:41 2014 +0100 Introduce function for recalculation of TestResult scores. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Nov 26 12:08:20 2014 +0100 Merge pull request #30 from jan-cerny/master trac#421: warning: initialization discards 'const' qualifier from Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Nov 26 10:28:52 2014 +0100 Refactor: Extract scoring functionalityu to separate module. Generaly, we prefer not to move code around like this. However, there are multiple reasons for this move: * Scoring code has characteristics of module * Scoring is independent of XCCDF Policy * XCCDF Policy module is big and hairy * We need to introduce functions like xccdf_result_recalculate_scores, it would be unfortunate to have these functions in XCCDF Policy module. Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 26 10:15:20 2014 +0100 trac#421: warning: initialization discards 'const' qualifier from pointer target type Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Nov 26 10:07:48 2014 +0100 Refactor: Extract function: xccdf_result_calculate_score Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Nov 25 20:05:02 2014 +0100 Implementation may refer to the specification I was tempted to rewrite this code to be independent of xccdf:Benchmark. However, I have found that the code must depend on xccdf:Benchamark as Group's score needs to be considered during the calculation. The comment shall help future generations to determine this quicker. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Nov 21 14:53:34 2014 +0100 Include README.md in tarball Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Nov 18 11:16:48 2014 +0100 Merge pull request #29 from jan-cerny/master Change parameter of oscap_generator_set functions on const char *. Author: Jan Černý <jcerny@redhat.com> Date: Tue Nov 18 08:54:50 2014 +0100 Change parameter of oscap_generator_set functions on const char *. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Nov 17 09:52:05 2014 +0100 Introduce: ds_sds_session_get_html_guide. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Nov 12 14:27:26 2014 +0100 Merge pull request #28 from jan-cerny/master edit README Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 5 13:31:18 2014 +0100 edit README Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Nov 11 18:43:22 2014 +0100 Merge pull request #27 from jan-cerny/oprava trac#419: passing argument 2 of 'oval_generator_set_product_version' dis... Author: Jan Černý <jcerny@redhat.com> Date: Mon Nov 10 13:33:03 2014 +0100 trac#419: passing argument 2 of 'oval_generator_set_product_version' discards qualifiers from pointer target type Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 6 16:27:33 2014 +0100 Initial support for cdf:override / waivers in HTML report Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Nov 6 13:47:12 2014 +0100 Merge branch 'maint-1.1' We need to merge the test/remediate fix to master to avoid nightly test failures with --enable-valgrind option. The test has assumed that the run would take just a few second, while with valgrind it takes a few more seconsds and we see failures. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Nov 6 10:17:56 2014 +0100 Merge branch 'maint-1.0' into maint-1.1 We need to merge the test/remediate fix to master to avoid nightly test failures with --enable-valgrind option. The test has assumed that the run would take just a few second, while with valgrind it takes a few more seconsds and we see failures. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 5 16:25:02 2014 +0100 Added oscap_source_get_raw_memory Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 5 15:54:01 2014 +0100 filepath in oscap_source.origin should be char*, not const char* We own it, we free it in the destructor. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 5 15:13:36 2014 +0100 Allow creation of oscap_source from raw memory Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 5 11:18:27 2014 +0100 Expose oscap_textlist_get_preferred_text in public API This function is needed to get XHTML descriptions for scap-workbench. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Nov 5 09:49:20 2014 +0100 Merge pull request #26 from jan-cerny/format trac#411: Remove references to docbook feature Author: Jan Černý <jcerny@redhat.com> Date: Wed Nov 5 09:22:33 2014 +0100 trac#411: Remove references to docbook feature Removed --format feature. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Nov 4 17:35:11 2014 +0100 Merge pull request #25 from isimluk/overrides Overrides Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Nov 4 16:47:57 2014 +0100 New line shall not be sent to oscap_seterr The message get appended '[file_name:line]\n' Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Nov 4 16:36:30 2014 +0100 tests: Make sure that TestResult is exported to correct namespace. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Nov 4 16:31:40 2014 +0100 Make sure to export TestResult to correct namespace. Addressing export like: <TestResult xmlns="unknown" ... Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Nov 4 15:46:52 2014 +0100 Introduce xccdf_version_info property of TestResult. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Nov 3 23:51:56 2014 +0100 Assert for the content of the ARF with overriden results Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Nov 3 18:43:23 2014 +0100 tests: API for waivers within ARF Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Nov 4 16:30:22 2014 +0100 Merge pull request #24 from jan-cerny/master Send xpath stderr to /dev/null. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Nov 4 16:30:03 2014 +0100 Merge pull request #23 from jan-cerny/maint-1.0 trac#406: tests/API/XCCDF/unittests/test_remediate_simple.sh is not dete... Author: Jan Černý <jcerny@redhat.com> Date: Tue Nov 4 09:36:36 2014 +0100 Send xpath stderr to /dev/null. I could not come up with a scenario under which the stderr would be usefull. Author: Jan Černý <jcerny@redhat.com> Date: Thu Oct 30 17:46:28 2014 +0100 trac#406: tests/API/XCCDF/unittests/test_remediate_simple.sh is not deterministic New way to test start-time and end-time. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Nov 4 16:04:06 2014 +0100 Merge pull request #22 from jan-cerny/version trac#358: OVAL generator element exported by OpenSCAP shall include <ova... Author: Jan Černý <jcerny@redhat.com> Date: Tue Nov 4 15:51:10 2014 +0100 trac#358: OVAL generator element exported by OpenSCAP shall include <oval:product_version> element. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Nov 3 19:49:06 2014 +0100 Export var_check in OVAL object when var_ref is present Fixes validation issues with schematron, such as: oval:mil.disa.fso.redhat.rhel6:obj:3184 - a var_ref has been supplied for the ind-def:pattern entity so a var_check should also be provided Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Nov 3 18:54:20 2014 +0100 Promote oscap_source_save_as to public API. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Nov 3 18:48:58 2014 +0100 Introduce: xccdf_rule_result_override. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Nov 2 11:01:06 2014 +0100 Introduce: ds_rds_session_replace_report_with_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Nov 2 10:50:44 2014 +0100 Allow ds_rds_session_select_report to be re-entrant with the same id. Author: Martin Preisler <mpreisle@redhat.com> Date: Sat Nov 1 19:24:39 2014 +0100 Fixed a regression in search functionality in HTML report Now it filters both rule overview and rule result details. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Nov 1 10:45:01 2014 +0100 Promote ds_rds_lookup_component to privileged and change parameter sorting to better make sense. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Nov 1 10:37:49 2014 +0100 Promote ds_rds_lookup_container from static to privileged. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Nov 1 10:07:27 2014 +0100 Promote ds_rds_create_report from static to privileged. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Nov 1 09:20:44 2014 +0100 Deprecate function: xccdf_result_export. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Nov 1 09:18:46 2014 +0100 Refactor: Extract function: xccdf_result_export_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Nov 1 09:11:08 2014 +0100 Use oscap_source to export TestResult. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Oct 30 18:04:32 2014 +0100 Merge pull request #21 from jan-cerny/maint-1.0 Maint 1.0 Author: Jan Černý <jcerny@redhat.com> Date: Thu Oct 30 16:23:36 2014 +0100 trac#308: export TestResult[@version] Author: Jan Černý <jcerny@redhat.com> Date: Thu Oct 30 16:20:44 2014 +0100 trac#308: Never export element version to TestResult Addressing: OpenSCAP Error: File '/tmp/test_xccdf_multiple_testresults.out.t0OrWR' line 0: Element '{http://checklists.nist.gov/xccdf/1.2}version': This element is not expected. Expected is one of ( {http://checklists.nist.gov/xccdf/1.2}benchmark, {http://checklists.nist.gov/xccdf/1.2}tailoring-file, {http://checklists.nist.gov/xccdf/1.2}title, {http://checklists.nist.gov/xccdf/1.2}remark, {http://checklists.nist.gov/xccdf/1.2}organization, {http://checklists.nist.gov/xccdf/1.2}identity, {http://checklists.nist.gov/xccdf/1.2}profile, {http://checklists.nist.gov/xccdf/1.2}target ). Author: Jan Černý <jcerny@redhat.com> Date: Thu Oct 30 16:13:01 2014 +0100 trac#308: Fill in TestResult[@version] every time new TestResult gets created. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Oct 30 14:01:45 2014 +0100 Merge branch 'maint-1.1' Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 30 13:37:58 2014 +0100 Avoid freeing uninitialized pointer when error handling in app_cpe_match Author: Martin Preisler <martin@preisler.me> Date: Thu Oct 30 13:24:52 2014 +0100 Merge pull request #17 from isimluk/ds_rds_session ds_rds_session Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Oct 30 12:56:08 2014 +0100 Merge pull request #20 from jan-cerny/maint-1.1 trac#411: Remove references to docbook feature Author: Jan Černý <jcerny@redhat.com> Date: Thu Oct 30 10:27:12 2014 +0100 trac#411: Remove references to docbook feature Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Oct 30 10:41:25 2014 +0100 Merge branch 'maint-1.0' into maint-1.1 Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Thu Oct 30 10:16:38 2014 +0100 Merge pull request #18 from jan-cerny/maint-1.0 trac#377: oscap xccdf resolve: invalid option -- 'f' Author: Jan Černý <jcerny@redhat.com> Date: Thu Oct 30 10:13:10 2014 +0100 trac#377: oscap xccdf resolve: invalid option -- 'f' Removed "or -f" from help text. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Oct 28 16:23:30 2014 +0100 Deprecate: ds_rds_decompose. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Oct 28 12:46:29 2014 +0100 oscap-ds should leverage ds_rds_session for split. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Oct 28 12:38:32 2014 +0100 Introduce: ds_rds_session_select_report_request Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Oct 28 12:21:46 2014 +0100 Introduce: ds_rds_session_select_report Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Oct 28 12:05:27 2014 +0100 Refactore: Promote: ds_rds_dump_arf_content Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 15:39:47 2014 +0100 Lookup parent of arf:content within the dump procedure. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 15:12:09 2014 +0100 Drop specific error message for report_id=NULL It was a dead code from day 1, the report_id=NULL would bring this to the segfault anyway. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 14:48:44 2014 +0100 Refactor: target_file can be responsibility of ds_rds_dump_arf_content Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 13:50:05 2014 +0100 Add target_dir property to ds_rds_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 11:48:09 2014 +0100 Register source with rds_session immediately after creation. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 11:39:31 2014 +0100 Refactor: Pass rds_session downto ds_rds_dump_arf_content. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 11:33:01 2014 +0100 Introduce ds_rds_session_get_xmlDoc This follows the very same patter as ds_sds_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 11:20:30 2014 +0100 Use ds_rds_session to save ARF components. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 10:56:07 2014 +0100 Introduce: ds_rds_session_dump_component_files This follows the very same patter as ds_sds_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 10:38:42 2014 +0100 Refactor: promote oscap_acquire_ensure_parent_dir Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 10:17:16 2014 +0100 Promote mkdir_p() to oscap_acquire module. It is good fit there. Then it is already used outside of DS module and we can get a rid of MAX_PATHLEN this way. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 09:57:17 2014 +0100 Introduce internal cache to ds_rds_session. This follows the very same patter as ds_sds_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 09:21:23 2014 +0100 Refactor: Make ds_rds_dump_arf_content return oscap_source This actually grows the size of code a little bit. That's because we are adding error handling that has been previously missing. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 09:07:58 2014 +0100 Refactor: Extract function: _lookup_in_arf Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 08:47:20 2014 +0100 Do not guess request_id when splitting ARF. This is fishy. If there is no report-request in relationship with the report we will try to find the very first one. This seems incorrect, because we were requested to dump a couple of specific IDs. (compare code of utils/oscap-ds.c with rds.c). Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 08:40:58 2014 +0100 tests: The oscap_source capitalized encoding. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 08:21:06 2014 +0100 Use oscap_source to save arf components (arf:content) Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Oct 24 12:43:04 2014 +0200 Drop rds_index_import_source. Introducing was not a good move. It will be better to keep rds_index initialized (parsed) only by ds_rds_session. That approach has following two benefits: (1) ds_rds_session operations will mimic the ds_sds_session, (2) callers will not be tempted to parse the thing twice. The initialization of ds_rds_session in oscap-info only for sake of getting index is cost I prefer to undertake. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Oct 24 12:36:03 2014 +0200 Make a use of ds_rds_session_get_rds_idx Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Oct 24 12:17:44 2014 +0200 Make a use of ds_rds_session_get_rds_idx Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Oct 24 12:10:23 2014 +0200 Introduce: ds_rds_session_get_rds_idx Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Oct 24 12:04:19 2014 +0200 Promote rds_index_parse from static to privileged. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Oct 24 11:52:08 2014 +0200 Deprecate function: rds_index_import Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Oct 24 11:49:25 2014 +0200 Make a use of rds_index_import_source Each of the changes avoids an extra file open/parse. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Oct 24 11:43:35 2014 +0200 Refactor: Extract function: rds_index_import_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Oct 29 15:19:53 2014 +0100 trac#415: Fix parsing of TestResult/profile. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Oct 29 10:04:35 2014 +0100 Send error message when TestResult could not be parsed. (cherry picked from commit dbe3d5f05526e97728d42cf88bce7c8e9ff94ed0) Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Oct 28 16:32:35 2014 +0100 Introduce: xccdf_result_import_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Oct 28 13:52:13 2014 +0100 tests: Do not wipe out testing directory on error. Addressing testers wondering like: Only in /tmp/tmp.QMXpY8mvdu: (null) Only in ./rds_split_simple: report-request.xml Only in ./rds_split_simple: report.xml The files are different after going through result data stream! $ ls /tmp/tmp.QMXpY8mvdu/ ls: cannot access /tmp/tmp.QMXpY8mvdu/: No such file or directory Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Oct 28 13:11:31 2014 +0100 Remove overabundant line This is needed to keep ac_probes/configure.ac.tpl and configure.ac in sync. The disparity has been brought in by a827774ff5a3aa631c694af8a091493f6ecd10c1. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Oct 28 11:55:38 2014 +0100 rds_index*free procedures shall be able to handle NULL The very most of the OpenSCAP _free routines can take NULL pointer so the caller does not need to care. rds_index*free procedures should not be an exception. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 27 13:41:31 2014 +0100 Fixup the the error message. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 23 17:20:24 2014 +0200 Added error checking when adding CPEs in xccdf_session_load_cpe, use oscap_source Also added tests testing the above. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 23 17:18:55 2014 +0200 Allow adding CPE dict, lang_model or autodetect via oscap_source And deprecated the old way via filenames. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Oct 22 17:40:24 2014 +0200 Introduce: ds_rds_session_get_html_report. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Oct 22 17:02:39 2014 +0200 Introduce ds_rds_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Oct 22 14:02:24 2014 +0200 Introduce: oscap_source_apply_xslt_path_mem. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Oct 22 13:43:26 2014 +0200 Refactor: Extract function: apply_xslt_path_internal. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Oct 22 13:13:10 2014 +0200 Free XSLT arguments immediatelly. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Oct 22 13:05:16 2014 +0200 Refactor: Extract function: save_stylesheet_result_to_file. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Oct 22 08:45:43 2014 +0200 Merge pull request #15 from jan-cerny/conffail trac#408: ./configure --enable-valgrind should fail when valgrind comman... Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Oct 22 08:44:10 2014 +0200 Merge pull request #14 from jan-cerny/master Plug a memory leak. Author: Jan Černý <jcerny@redhat.com> Date: Tue Oct 21 16:13:36 2014 +0200 trac#408: ./configure --enable-valgrind should fail when valgrind command was not found Author: Jan Černý <jcerny@redhat.com> Date: Tue Oct 21 15:30:44 2014 +0200 trac#410:bz2 opener leaks Plug a memory leak. Addressing: 568 bytes in 1 blocks are still reachable in loss record 1 of 1 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x3C2B46C17C: __fopen_internal (iofopen.c:73) by 0x4C63FEC: bz2_open (bz2.c:49) by 0x4C641D1: bz2_read_doc (bz2.c:97) by 0x4C6499B: oscap_source_get_xmlDoc (oscap_source.c:143) by 0x4C6483B: oscap_source_get_xmlTextReader (oscap_source.c:110) by 0x4C648E4: oscap_source_get_scap_type (oscap_source.c:125) by 0x40E226: app_info (oscap-info.c:81) by 0x407E28: oscap_module_call (oscap-tool.c:260) by 0x4082A5: oscap_module_process (oscap-tool.c:345) by 0x406CB6: main (oscap.c:80) LEAK SUMMARY: definitely lost: 0 bytes in 0 blocks indirectly lost: 0 bytes in 0 blocks possibly lost: 0 bytes in 0 blocks still reachable: 568 bytes in 1 blocks suppressed: 0 bytes in 0 blocks Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Oct 21 13:18:47 2014 +0200 Merge pull request #13 from jan-cerny/lcall trac#405: move LC_ALL=C from Makefile.am to test_common.sh.in Author: Jan Černý <jcerny@redhat.com> Date: Tue Oct 21 13:00:58 2014 +0200 trac#405: move LC_ALL=C from Makefile.am to test_common.sh.in Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Tue Oct 21 12:57:09 2014 +0200 Merge pull request #12 from jan-cerny/master trac#409 Author: Jan Černý <jcerny@redhat.com> Date: Thu Oct 16 17:30:45 2014 +0200 Updated path to test_common.sh and xmldiff.pl Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Oct 15 16:11:06 2014 +0200 Pass version_info to xccdf_item_to_dom This allows tailoring export to function properly with oscap_source. I am not terribly happy about this solution but it doesn't break behavior and it doesn't break API. Right now the xccdf items don't have to know their XCCDF version to function properly but that may change in the future. At which point we will have to deal with this issue in a cleaner way. Author: Jan Černý <jcerny@dhcp-2-155.brq.redhat.com> Date: Wed Oct 15 15:49:46 2014 +0200 trac#409: tests_common.sh should not be part of distribution tarball tests_common.sh removed from makefiles Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Oct 15 15:41:05 2014 +0200 Create xccdf ns always in some node, don't rely on nsDef workarounds Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Oct 15 15:35:08 2014 +0200 Merge pull request #11 from jan-cerny/maint-1.0 Plug a memory leak. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Oct 15 15:34:32 2014 +0200 Merge pull request #10 from jan-cerny/master removed + memory leak Author: Jan Černý <jcerny@dhcp-2-155.brq.redhat.com> Date: Wed Oct 15 14:53:07 2014 +0200 Plug a memory leak. Addressing: 12 bytes in 1 blocks are definitely lost in loss record 1 of 2 at 0x4A0858C: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4A08651: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4C8DC13: SEXP_val_new (sexp-value.c:38) by 0x4C8B2D0: SEXP_parse_kl_string (sexp-parser.c:1638) by 0x4C8D8EA: SEXP_parse (sexp-parser.c:525) by 0x4C858F4: SEAP_packet_recv (seap-packet.c:721) by 0x4C871CA: SEAP_recvmsg (seap.c:356) by 0x4C7E998: oval_probe_comm (oval_probe_ext.c:487) by 0x4C7FC5E: oval_probe_ext_eval (oval_probe_ext.c:1085) by 0x4C7FF19: oval_probe_ext_handler (oval_probe_ext.c:902) by 0x4C6EC02: oval_probe_query_object (oval_probe.c:285) by 0x4C6EE73: oval_probe_query_criteria (oval_probe.c:374) 16 bytes in 1 blocks are definitely lost in loss record 2 of 2 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4C890DD: SEXP_new (sexp-manip.c:1593) by 0x4C8CB48: SEXP_parse (sexp-parser.c:490) by 0x4C858F4: SEAP_packet_recv (seap-packet.c:721) by 0x4C871CA: SEAP_recvmsg (seap.c:356) by 0x4C7E998: oval_probe_comm (oval_probe_ext.c:487) by 0x4C7FC5E: oval_probe_ext_eval (oval_probe_ext.c:1085) by 0x4C7FF19: oval_probe_ext_handler (oval_probe_ext.c:902) by 0x4C6EC02: oval_probe_query_object (oval_probe.c:285) by 0x4C6EE73: oval_probe_query_criteria (oval_probe.c:374) by 0x4C6EDAF: oval_probe_query_criteria (oval_probe.c:427) by 0x4C6EDAF: oval_probe_query_criteria (oval_probe.c:427) Author: Jan Černý <jcerny@dhcp-2-155.brq.redhat.com> Date: Mon Oct 13 17:36:18 2014 +0200 Valgrind test script. Script for memory leak testing. Enable by ./configure --enable-valgrind Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Oct 15 11:34:43 2014 +0200 Fixed xccdf_session error message when exporting XCCDF results Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Oct 15 11:08:42 2014 +0200 Added OSCAP_DOCUMENT_UNKNOWN to oscap_document_type_t enum, use it instead of 0 Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Oct 14 17:03:12 2014 +0200 tests: Make sure diff is always shown. Even in cases, when the failure (and set -e) would end the test. Author: Jan Černý <jcerny@dhcp-2-155.brq.redhat.com> Date: Mon Oct 13 17:18:58 2014 +0200 Plug a memory leak. Addressing: 59 bytes in 1 blocks are definitely lost in loss record 2 of 3 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4C593D8: __oscap_alloc (alloc.c:52) by 0x4C5DD52: oscap_vsprintf (util.c:170) by 0x4C5DE0B: oscap_sprintf (util.c:184) by 0x4C5BD00: oscap_acquire_guess_realpath (oscap_acquire.c:244) by 0x4CB2541: _xccdf_session_export_oval_result_file (xccdf_session.c:1072) by 0x4CB44BC: xccdf_session_export_oval (xccdf_session.c:1161) by 0x40B72B: app_evaluate_xccdf (oscap-xccdf.c:501) by 0x407A7F: oscap_module_process (oscap-tool.c:260) by 0x406B1E: main (oscap.c:80) Author: Jan Černý <jcerny@dhcp-2-155.brq.redhat.com> Date: Mon Oct 13 15:16:54 2014 +0200 Removed old valgrind tests. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Oct 13 14:23:41 2014 +0200 Merge branch 'maint-1.1' We want to have all the memore leaks merged to master. So we can introduce automated tests for memory leaks. Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Mon Oct 13 14:23:13 2014 +0200 Merge pull request #9 from isimluk/master Enable multiple scans and remediation in oscap-scan service. Author: Trey Henefield <trey.henefield@ultra-ats.com> Date: Thu Oct 9 10:12:44 2014 +0200 Enable multiple scans and remediation in oscap-scan service. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Oct 8 17:18:06 2014 +0200 Export request for valgrind test to all the tests. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Oct 8 16:10:30 2014 +0200 Merge branch 'maint-1.0' into maint-1.1 Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Oct 8 16:08:16 2014 +0200 Merge pull request #8 from jan-cerny/maint-1.0 Plug a memory leak. Author: Jan Černý <jcerny@dhcp-2-155.brq.redhat.com> Date: Wed Oct 8 14:42:24 2014 +0200 Plug a memory leak. Addressing: 4 bytes in 1 blocks are definitely lost in loss record 1 of 1 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x31EAC860B9: strdup (in /usr/lib64/libc-2.18.so) by 0x4C5DBDA: oscap_strdup (util.c:65) by 0x4C9743C: cpe_parser_ctx_set_schema_version (cpe_ctx_priv.c:97) by 0x4C99A37: cpe_generator_parse (cpedict_priv.c:710) by 0x4C9B2C9: cpe_dict_model_parse (cpedict_priv.c:644) by 0x4C9B4C9: cpe_dict_model_parse_xml (cpedict_priv.c:580) by 0x4C955E2: cpe_dict_model_import (cpedict.c:56) by 0x40CBE1: app_info (oscap-info.c:220) by 0x4079BF: oscap_module_process (oscap-tool.c:261) by 0x4069BE: main (oscap.c:79) Author: Jan Černý <jcerny@dhcp-2-155.brq.redhat.com> Date: Wed Oct 8 11:21:02 2014 +0200 Plug a memory leak. Addressing: 37 bytes in 1 blocks are definitely lost in loss record 2 of 3 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x31EAC860B9: strdup (in /usr/lib64/libc-2.18.so) by 0x4C5DBDA: oscap_strdup (util.c:65) by 0x4CB1AEF: xccdf_session_set_report_export (xccdf_session.c:291) by 0x40B9D1: app_evaluate_xccdf (oscap-xccdf.c:507) by 0x4079BF: oscap_module_process (oscap-tool.c:261) by 0x4069BE: main (oscap.c:79) Author: Šimon Lukašík <isimluk@fedoraproject.org> Date: Wed Oct 8 10:56:52 2014 +0200 Merge pull request #7 from jan-cerny/maint-1.0 Maint 1.0 Author: Jan Černý <jcerny@dhcp-2-155.brq.redhat.com> Date: Wed Oct 8 10:04:45 2014 +0200 Plug a memory leak. Addressing: 35 bytes in 1 blocks are definitely lost in loss record 2 of 3 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4C58B38: __oscap_alloc (alloc.c:52) by 0x4C9688C: cpe_name_get_as_format (cpename.c:670) by 0x4C97F3B: cpe_testexpr_export (cpelang_priv.c:571) by 0x4C98047: cpe_testexpr_export (cpelang_priv.c:603) by 0x4C9811B: cpe_platform_export (cpelang_priv.c:556) by 0x4C981B7: cpe_lang_export (cpelang_priv.c:538) by 0x4C9FF8A: xccdf_benchmark_to_dom (benchmark.c:303) by 0x4CA0246: xccdf_benchmark_export (benchmark.c:236) by 0x4CB2CE5: xccdf_session_export_xccdf (xccdf_session.c:998) by 0x40B9D9: app_evaluate_xccdf (oscap-xccdf.c:508) by 0x4079BF: oscap_module_process (oscap-tool.c:261) Author: Jan Černý <jcerny@dhcp-2-155.brq.redhat.com> Date: Tue Oct 7 17:28:34 2014 +0200 Plug a memory leak. Addressing: 379 bytes in 7 blocks are definitely lost in loss record 4 of 4 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x31F78AE548: xmlStrndup (in /usr/lib64/libxml2.so.2.9.1) by 0x31F78EBB8C: xmlTextReaderGetAttribute (in /usr/lib64/libxml2.so.2.9.1) by 0x4C9B86A: cpe23_item_parse (cpedict_ext_priv.c:244) by 0x4C9B08C: cpe_item_parse (cpedict_priv.c:840) by 0x4C9B2E2: cpe_dict_model_parse (cpedict_priv.c:646) by 0x4C9B4B9: cpe_dict_model_parse_xml (cpedict_priv.c:580) by 0x4C955E2: cpe_dict_model_import (cpedict.c:56) by 0x40CBE1: app_info (oscap-info.c:220) by 0x4079BF: oscap_module_process (oscap-tool.c:261) by 0x4069BE: main (oscap.c:79) Author: Jan Černý <jcerny@dhcp-2-155.brq.redhat.com> Date: Tue Oct 7 17:26:25 2014 +0200 Plug a memory leak. Addressing: 148 bytes in 3 blocks are definitely lost in loss record 3 of 4 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x31F78AE548: xmlStrndup (in /usr/lib64/libxml2.so.2.9.1) by 0x31F78EBB8C: xmlTextReaderGetAttribute (in /usr/lib64/libxml2.so.2.9.1) by 0x4C9BA87: cpe23_item_parse (cpedict_ext_priv.c:128) by 0x4C9B08C: cpe_item_parse (cpedict_priv.c:840) by 0x4C9B2E2: cpe_dict_model_parse (cpedict_priv.c:646) by 0x4C9B4B9: cpe_dict_model_parse_xml (cpedict_priv.c:580) by 0x4C955E2: cpe_dict_model_import (cpedict.c:56) by 0x40CBE1: app_info (oscap-info.c:220) by 0x4079BF: oscap_module_process (oscap-tool.c:261) by 0x4069BE: main (oscap.c:79) Author: Jan Černý <jcerny@dhcp-2-155.brq.redhat.com> Date: Tue Oct 7 17:18:44 2014 +0200 Plug a memory leak. Addressing: 48 bytes in 3 blocks are definitely lost in loss record 2 of 4 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x31F78AE548: xmlStrndup (in /usr/lib64/libxml2.so.2.9.1) by 0x31F78EBB8C: xmlTextReaderGetAttribute (in /usr/lib64/libxml2.so.2.9.1) by 0x4C9BA9A: cpe23_item_parse (cpedict_ext_priv.c:129) by 0x4C9B08C: cpe_item_parse (cpedict_priv.c:840) by 0x4C9B2E2: cpe_dict_model_parse (cpedict_priv.c:646) by 0x4C9B4B9: cpe_dict_model_parse_xml (cpedict_priv.c:580) by 0x4C955E2: cpe_dict_model_import (cpedict.c:56) by 0x40CBE1: app_info (oscap-info.c:220) by 0x4079BF: oscap_module_process (oscap-tool.c:261) by 0x4069BE: main (oscap.c:79) Author: Martin Preisler <martin@preisler.me> Date: Mon Oct 6 14:46:48 2014 +0200 Merge pull request #6 from isimluk/bzip2 Bzip2 support for openning SCAP files Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Oct 3 13:55:47 2014 +0200 Removed the tailoring parser workaround, it's no longer needed The issue was fixed in maint-1.0 Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Oct 3 13:54:16 2014 +0200 Merge branch 'maint-1.1' Conflicts: ac_probes/configure.ac.tpl configure.ac Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Oct 3 13:52:39 2014 +0200 Merge branch 'maint-1.0' into maint-1.1 Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Oct 3 13:50:48 2014 +0200 XCCDFE_RESULT_BENCHMARK and XCCDFE_BENCHMARK_REF are indistinguishable So lets use the same enum code for both. This fixes the tailoring parser, benchmark_ref is loaded properly now. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Oct 3 13:44:42 2014 +0200 xccdf_session can open XCCDF tailoring files directly Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 2 16:48:40 2014 +0200 Refactoring regarding user_tailoring_file and cid in xccdf_session Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Oct 2 10:14:30 2014 +0200 Make sure that SCE compilation finds oscap_source. Addressing: ../../src/XCCDF/public/xccdf_benchmark.h:40:26: fatal error: oscap_source.h: No such file or directory #include <oscap_source.h> ^ Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Oct 1 22:21:17 2014 +0200 tests: Run bz2 tests only when bzlib.h and /bin/bzip found Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 30 08:42:20 2014 +0200 tests: The very first test for bz2 openner. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 30 17:58:49 2014 +0200 Change prototype of bz2_read to avoid a lot of casts. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 30 17:54:41 2014 +0200 Make sure to never run BZ2_bzRead after eof Addressing: OpenSCAP Error: Could not read from bZ2FILE: SEQUENCE_ERROR [bz2.c:77] Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 29 14:20:35 2014 +0200 Open bzip2ed files nativaly. When their name ends with '.xml.bz2'. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 29 13:40:08 2014 +0200 Find libbz2 if available. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Oct 1 14:03:50 2014 +0200 Bump version after release. Author: Martin Preisler <martin@preisler.me> Date: Wed Oct 1 13:35:25 2014 +0200 Merge pull request #5 from OpenSCAP/oscap_source Oscap source Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 30 18:06:23 2014 +0200 A typo fix. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 30 10:38:34 2014 +0200 Add missing backslash to include assume.h to the dist. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 30 10:07:53 2014 +0200 tests: Assume.h is not needed to test codestyle. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 19:23:33 2014 +0200 Rename private constant to better reflect its use. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 19:20:02 2014 +0200 Remove TODO that no longer applies The oscap_source originated from DataStream is currently known as OSCAP_SRC_FROM_EXPORT_XML_DOM, the internal temp files do not need to be handled explicitly. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 19:15:22 2014 +0200 Improve documentation of oscap_source and ds_sds_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 19:06:16 2014 +0200 Fix a typo. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 18:34:27 2014 +0200 Make sure that error message is generic enough. Kudos go to Martin, who noticed that this function is generic but the error message assumes we are exporting a file. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 18:23:12 2014 +0200 Merge branch 'master' into oscap_source Before we merge oscap_source to master we want to test the-latest-greatest HEAD in oscap_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 18:16:35 2014 +0200 Merge branch 'maint-1.1' This is merge after 1.1.1 release. It brings us the soname bump and changelog entries. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 18:15:34 2014 +0200 Wipe a strange bytes from date string caused by solar eruptions. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 18:08:44 2014 +0200 Avoid direct use of xmlSaveFileEnc. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 17:52:15 2014 +0200 Export XCCDF TestResult only when explicitly requested. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 17:44:23 2014 +0200 Drop xccdf_session->oval.result_files. No longer need to have them. (oval.result_sources structure took over all responsibilities. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 17:37:23 2014 +0200 Use exported source to validate ARF DOM directly. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 16:27:36 2014 +0200 Avoid direct use of xmlSaveFileEnc. MAke a use of oscap_source facility instead. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 16:15:24 2014 +0200 Refactor: Extract function: ds_rds_create_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 15:24:39 2014 +0200 tests: Forbid direct use of xmlReadFile within OpenSCAP project Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 15:18:52 2014 +0200 tests: Check codestyle only in C,C++ sources and header files. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 14:54:44 2014 +0200 Avoid direct use of xmlReadFile. This also changes the oval_result_* structure from array to oscap_htable. The manipulation is easier and more straight forward. Additionally, this will allow us to pass xccdf_session->oval.result_sources directly here. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 14:34:49 2014 +0200 Avoid direct use of xmlReadFile Make a use of oscap_source facility instead. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 14:22:53 2014 +0200 Avoid direct use of xmlReadFile Make a use of oscap_source facility instead. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 14:17:58 2014 +0200 Re-use existing oscap_source to add component with dependencies. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 14:12:50 2014 +0200 Avoid direct use of xmlReadFile Use oscap_source facility instead. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 14:07:00 2014 +0200 Avoid direct use of xmlReadFile Use oscap_source facility instead. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 14:03:39 2014 +0200 Refactor: Merge two subsequent conditions together Decrease a codebase and increase readability. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 14:01:17 2014 +0200 Do not attempt to open SCE script to DOM Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 13:55:29 2014 +0200 Avoid direct use of xmlReadFile. Use oscap_source facility instead. This also fixes a leak when ds_sds_compose_add_component_with_ref fails. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 13:42:25 2014 +0200 Drop xccdf_session->filename. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 13:38:33 2014 +0200 session->xccdf.source should never be owned directly. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 13:30:16 2014 +0200 Refactor: Extract function ds_sds_compose_component_add_script_content This also fixes a leak. The 'component' variable was not freed before, but it should have been. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 28 12:51:48 2014 +0200 Use exported XCCDF dom to generate HTML report. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 20:48:11 2014 +0200 Avoid using oscap_apply_xslt. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 20:47:02 2014 +0200 Promote oscap_path_to_xslt to privileged. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 20:19:59 2014 +0200 Deprecate: cpe_dict_model_import. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 20:01:29 2014 +0200 ds_sds_session switches from absolute paths to relative The firstly it seemed that it will be much more easier to calculate realpath of each file. However, later on, standard realpath() function stopped working. As we stopped to create directories and storing files on the disc. Problematic were the tests from tests/API/XCCDF/applicability that use oval component with filepath like: ../unittests/oval.xml. When the ds_sds_session uses /tmp/tmp.XXXXXX it will attempt to get realpath of /tmp/unittests and that will fail. Stopping the ds_sds_session from finding appropriate oscap_source for the given file. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 19:04:45 2014 +0200 Refactor: rename variable. This needs to be done to improve readability. This whole relative versus absolute paths is a mess. There are some variables that can carry only filename others can carry filepath (some relative, some absolute or some both). There is a benefit of passing down the relative path. Because relative path is the catalogue value and the name how the file is known to other components. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 18:26:39 2014 +0200 Avoid use of cpe_dict_model_import Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 18:15:55 2014 +0200 Tests: Forbid use of xmlTextReaderReadString. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 18:12:12 2014 +0200 Avoid using xmlTextReaderReadString function. It requires that we have correct position on the TextNode. Interestingly, there were no problems with native xmlTextReader, but with xmlWalkerReader we are hitting xmllib2 TODO like: Unimplemented block at xmlreader.c:1794 Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 18:00:56 2014 +0200 tests: Introduce test for a codestyle Let's forbid ourselves from useing certain functions. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 16:53:38 2014 +0200 Drop libxml_error_handler. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 16:34:49 2014 +0200 Avoid use of xmlReaderForFile Also avoid use of xmlTextReaderSetErrorHandler and libxml_error_handler. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 16:27:45 2014 +0200 Deprecate: ds_sds_index_import Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 16:24:56 2014 +0200 Deprecate: ds_sds_decompose_custom. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 16:23:22 2014 +0200 Deprecate: ds_sds_decompose. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 15:32:07 2014 +0200 Reset sds_session after each checklist selection Addressing: OpenSCAP Error: File /tmp/oscap.e9MUC8/second-oval.xml has already been register with Source DataStream session: /tmp/tmp.0WrzQNTVWK/sds.xml [ds_sds_session.c:230] When working with DataStream whose checklists referenced the very same file with different content (different datastream component). Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 15:28:04 2014 +0200 Introduce function: ds_sds_session_reset. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 15:48:46 2014 +0200 Use ds_sds_session within oscap ds sds-split. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 14:14:12 2014 +0200 Refactor: Extract function: _gcwd. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 14:12:09 2014 +0200 Show errno to the user. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 27 14:10:04 2014 +0200 Error shall go to stderr. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 17:46:20 2014 +0200 Deprecate: oscap_validate_document. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 16:32:57 2014 +0200 Do not forget to take break Addressing: 4 bytes in 1 blocks are definitely lost in loss record 1 of 2 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x33AD886139: strdup (strdup.c:42) by 0x4C648B8: oscap_source_get_schema_version (oscap_source.c:186) by 0x4C646DD: oscap_source_validate (oscap_source.c:154) by 0x4091E5: app_ds_rds_validate (oscap-ds.c:488) by 0x407CFC: oscap_module_call (oscap-tool.c:260) by 0x408179: oscap_module_process (oscap-tool.c:345) by 0x406BA6: main (oscap.c:79) 4 bytes in 1 blocks are definitely lost in loss record 2 of 2 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x33AD886139: strdup (strdup.c:42) by 0x4C648B8: oscap_source_get_schema_version (oscap_source.c:186) by 0x4C6478B: oscap_source_validate (oscap_source.c:161) by 0x4091E5: app_ds_rds_validate (oscap-ds.c:488) by 0x407CFC: oscap_module_call (oscap-tool.c:260) by 0x408179: oscap_module_process (oscap-tool.c:345) by 0x406BA6: main (oscap.c:79) Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 15:52:15 2014 +0200 Avoid use of oscap_validate_document from xccdf_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 26 13:28:34 2014 +0200 openscap-1.1.1 Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 26 13:27:00 2014 +0200 Bump soname from 8.3.1 to 8.3.2 The interface has not changed. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 26 10:41:04 2014 +0200 Merge branch 'maint-1.1' Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 26 10:16:10 2014 +0200 Test driver must not be part of openscap repo. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 26 09:46:09 2014 +0200 Merge branch 'maint-1.0' into maint-1.1 Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 16:41:07 2014 +0200 Promote ds_sds_session_set_target_dir to public API. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 15:46:47 2014 +0200 Promote ds_sds_session_dump_component_files to public API. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 15:35:29 2014 +0200 Drop validation_failed. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 15:34:09 2014 +0200 Avoid use of oscap_validate_document within oscap-cve. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 15:29:27 2014 +0200 Avoid use of oscap_validate_document within oscap-ds. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 14:58:50 2014 +0200 Drop oscap_acquire_temp_dir_bundled. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 14:57:20 2014 +0200 Promote ds_sds_session_register_component_with_dependencies to public API. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 14:52:31 2014 +0200 Promote ds_sds_session_get_component_by_href to public API. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 14:29:13 2014 +0200 Use ds_sds_session to extract OVAL file from DataStream. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 14:18:45 2014 +0200 Promote ds_sds_session_set_datastream_id to public API. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 13:33:25 2014 +0200 Deprecate oscap_determine_document_type. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 13:31:37 2014 +0200 Avoid use of oscap_determine_document_type. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 14:01:45 2014 +0200 Promote oscap_source_readable_origin to public API. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 13:14:23 2014 +0200 Drop oscap_acquire_cleanup_dir_bundled. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 13:11:08 2014 +0200 Import XCCDF file from the DataStream DOM. Avoid dumping file to the disc. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 13:03:53 2014 +0200 Deprecate xccdf_benchmark_import Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 12:52:26 2014 +0200 Avoid using xccdf_benchmark_import. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 12:49:56 2014 +0200 No need to set-up temp_dir when loading XCCDF. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 12:47:07 2014 +0200 Use ds_sds_session to build ds_sds_index. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 12:45:24 2014 +0200 Build ds_sds_session when querying DataStream for info Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 12:38:47 2014 +0200 Do not open XCCDF and CPE again when we already have them parsed. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 12:32:51 2014 +0200 Do not dump CPE files from DataStream on the disc. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 00:40:32 2014 +0200 Remove duplicate definitions. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 24 00:25:32 2014 +0200 Do not dispose an item that is not owned Addressing: Invalid read of size 8 at 0x4C5BCE4: __oscap_free_dbg (alloc.c:183) by 0x4C642A2: oscap_source_free (oscap_source.c:93) by 0x4CDB547: cpe_session_lookup_oval_session (cpe_session.c:106) by 0x4D00B03: _xccdf_policy_cpe_check_cb (xccdf_policy.c:811) by 0x4CD184A: cpe_check_evaluate (cpedict.c:190) by 0x4CD18A3: cpe_item_is_applicable (cpedict.c:200) by 0x4CD17C4: cpe_name_applicable_dict (cpedict.c:174) by 0x4D00D0B: xccdf_policy_model_platforms_are_applicable_dict (xccdf_policy.c:874) by 0x4D01031: xccdf_policy_model_platforms_are_applicable (xccdf_policy.c:971) by 0x4D010BC: xccdf_policy_model_item_is_applicable (xccdf_policy.c:985) by 0x4D011AF: _xccdf_policy_rule_evaluate (xccdf_policy.c:1016) by 0x4D016F2: xccdf_policy_item_evaluate (xccdf_policy.c:1133) Address 0x56aabc8 is 24 bytes inside a block of size 40 free'd at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4C5BCFA: __oscap_free_dbg (alloc.c:184) by 0x4C642F3: oscap_source_free (oscap_source.c:98) by 0x4C6F52A: _oval_definition_model_merge_source (oval_defModel.c:219) by 0x4C6F5B3: oval_definition_model_import_source (oval_defModel.c:236) by 0x4CDB537: cpe_session_lookup_oval_session (cpe_session.c:105) by 0x4D00B03: _xccdf_policy_cpe_check_cb (xccdf_policy.c:811) by 0x4CD184A: cpe_check_evaluate (cpedict.c:190) by 0x4CD18A3: cpe_item_is_applicable (cpedict.c:200) by 0x4CD17C4: cpe_name_applicable_dict (cpedict.c:174) by 0x4D00D0B: xccdf_policy_model_platforms_are_applicable_dict (xccdf_policy.c:874) by 0x4D01031: xccdf_policy_model_platforms_are_applicable (xccdf_policy.c:971) Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 23 13:58:35 2014 +0200 Use ds_sds_session to cache oscap_source for OVAL CPE. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 23 13:51:35 2014 +0200 CPE sesion may take external cache of oscap_sources Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 23 13:31:48 2014 +0200 Introduce: ds_sds_session_get_component_sources. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 23 13:02:57 2014 +0200 Introduce xccdf_policy_model_get_cpe_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 23 12:43:41 2014 +0200 Move default_cpe initializator to cpe_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 23 12:28:50 2014 +0200 Refactor: Extract function: cpe_session_add_cpe_autodetect_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 23 12:19:47 2014 +0200 Always use oscap_source to import cpe_dict. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 23 00:01:41 2014 +0200 Introduce: cpe_session_add_cpe_dict_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 23:57:07 2014 +0200 Drop cpe_dict_model_parse_xml Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 23:53:26 2014 +0200 Refactor: Extract function: cpe_dict_model_import_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 23:46:02 2014 +0200 Drop cpe_parser_ctx_new. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 23:43:11 2014 +0200 Use oscap_source for parsing cpe_dict. Drop cpe_validate_xml. XML_PARSE_DTDATTR does not imply any validation. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 23:36:07 2014 +0200 Deprecate: cpe_lang_model_import. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 23:32:28 2014 +0200 Always use oscap_source to import cpe_lang. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 23:29:05 2014 +0200 Introduce: cpe_session_add_cpe_lang_model_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 23:20:15 2014 +0200 Drop cpe_lang_model_parse_xml. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 23:13:00 2014 +0200 Refactor: Extract function: cpe_lang_model_import_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 19:14:26 2014 +0200 Use oscap_source to parse cpe_lang_model. The cpe_validate_xml could be dropped as it does basically nothing. (XML_PARSE_DTDATTR is useless). Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 18:45:29 2014 +0200 Refactor: Extract function: cpe_session_lookup_oval_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 17:05:14 2014 +0200 Refactor: Extract function: cpe_session_free. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 16:52:35 2014 +0200 Refactor: Extract funciton: cpe_session_new Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 16:47:41 2014 +0200 Make cpe an allocated property. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 22 15:33:35 2014 +0200 oscap_source_get_scap_type shall recognize TestResult. This is needed since oscap_source is used to validate input files for ARF compose. Addressing: OpenSCAP Error: Unknown document type: './rds_testresult/results-xccdf.xml' [oscap_source.c:133] Unknown document type: './rds_testresult/results-xccdf.xml' [oscap_source.c:133] Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 21:54:45 2014 +0200 Avoid use of ds_sds_decompose_custom And re-use existing oscap_sources for validatio purposes. Removing a FIXME! :) Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 21:41:07 2014 +0200 Deprecate: xccdf_detect_version. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 21:39:49 2014 +0200 Use oscap_source to validate input XCCDF for evaluation. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 21:36:49 2014 +0200 Use oscap_source to validate input of xccdf resolve. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 21:34:25 2014 +0200 Use oscap_source to validate resolved XCCDF. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 21:30:40 2014 +0200 Use oscap_source to validate input testresult. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 21:26:37 2014 +0200 Use oscap_source to determine XCCDF version within info module. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 21:19:00 2014 +0200 Do not pass filepath to cpe_lang_model_detect_version. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 21:15:05 2014 +0200 Refactor: Extract function: cpe_lang_model_detect_version_priv This is kida funny move, but we need to deprecate the function cpe_lang_model_detect_version which takes the filepath in. To ensure that oscap_source is able to operate without file existence. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 21:07:03 2014 +0200 Deprecate: cpe_dict_detect_version Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 21:04:26 2014 +0200 Use oscap_source to validate cpe documents from command-line Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 20:56:46 2014 +0200 Use oscap_source to validate CPE file from user. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 20:50:12 2014 +0200 Use oscap_source when determining version of CPE dict This avoids yet another use of xmlReaderForFile. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 20:45:11 2014 +0200 CPE version should be received using existing textReader. This avoids another open of a file. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 20:42:38 2014 +0200 Refactor: Extract function: cpe_dict_detect_version_priv. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 20:36:58 2014 +0200 Deprecate: oval_determine_document_schema_version. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 20:33:55 2014 +0200 Promote oscap_source_get_schema_version to public API. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 20:31:29 2014 +0200 Use oscap_source to validate OVAL results within datastream And avoid using oval_determine_document_schema_version. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 20:23:09 2014 +0200 Use oscap_source when determining version of OVAL document. This avoids yet another use of xmlReaderForFile. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Sep 21 20:15:07 2014 +0200 Use oscap_source to validate embedded CPE. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 17:19:38 2014 +0200 Refactor: Extract structure: cpe_session Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 17:15:08 2014 +0200 Move CPE applicable_platforms from policy to child structure. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 17:12:47 2014 +0200 Move CPE oval_sessions from policy to a child structure. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 17:10:58 2014 +0200 Move CPE lang_models from policy to a child structure. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 17:08:42 2014 +0200 Move CPE dicts from policy to a new child structure. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 17:03:00 2014 +0200 Do not store tailoring component on disk. Just use oscap_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 16:57:41 2014 +0200 Deprecate: xccdf_tailoring_import. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 16:41:28 2014 +0200 Use oscap_source to import tailoring from session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 16:38:32 2014 +0200 Refactor: Extract function: xccdf_tailoring_import_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 16:30:25 2014 +0200 Use oscap_source to parse tailoring file. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 16:29:46 2014 +0200 Remove unneeded code. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 16:24:45 2014 +0200 Use oscap_source to validate tailoring file. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 15:56:49 2014 +0200 Introduce: ds_sds_session_select_tailoring Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Sep 19 15:34:54 2014 +0200 Hint towards `oscap info` when profile is not found in oscap tool Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Sep 19 14:15:25 2014 +0200 Source OVAL results from ARF if available when generating HTML report Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 14:11:30 2014 +0200 Stop storing component files on disk. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 11:47:58 2014 +0200 Drop filename property from oval_content_resource. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 11:39:27 2014 +0200 Re-use existing oscap_source for each OVAL file. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 11:37:39 2014 +0200 Remove a dead code The contents->source is always not NULL. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 11:05:32 2014 +0200 oval_content_resource should always point to an oscap_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 10:36:00 2014 +0200 Use existing oscap_source for validation. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 10:32:17 2014 +0200 Fix sorting in error message arguments. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 10:27:07 2014 +0200 Return NULL on error Addressing: src/XCCDF/benchmark.c:233:3: warning: statement with no effect [-Wunused-value] NULL; Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 10:23:54 2014 +0200 Prepare already parsed oscap_sources to oval_content_resource list. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 10:13:40 2014 +0200 Introduce function: ds_sds_session_get_component_by_href Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 09:21:46 2014 +0200 Refactor: Drop component_id property from xccdf_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 09:17:13 2014 +0200 Refactor: Drop datastream_id property from xccdf_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 08:28:57 2014 +0200 Refactor: replace variable with function call. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 19 00:00:03 2014 +0200 Do not set target_directory for sds_session. It is no longer needed because we derive path to XCCDF from the sds_session and not from xccdf_session. (Hence the temp_dir doesn't need to be shared. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 23:27:23 2014 +0200 Drop XCCDF_XML literal constant Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 23:26:42 2014 +0200 Drop session->xccdf.file property. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 23:25:00 2014 +0200 Avoid using session->xccdf.source Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 22:32:46 2014 +0200 Plug a memory leak Addressing: 7 bytes in 1 blocks are definitely lost in loss record 1 of 2 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x3D134AE548: xmlStrndup (xmlstring.c:45) by 0x4C6ABAC: ds_rds_add_ai_from_xccdf_results (rds.c:311) by 0x4C6B9DF: ds_rds_add_xccdf_test_results (rds.c:688) by 0x4C6BDC4: ds_rds_create_from_dom (rds.c:760) by 0x4C6C08A: ds_rds_create (rds.c:826) by 0x4CFE994: xccdf_session_export_arf (xccdf_session.c:1340) by 0x40BF41: app_evaluate_xccdf (oscap-xccdf.c:515) by 0x407EA0: oscap_module_call (oscap-tool.c:261) by 0x40831D: oscap_module_process (oscap-tool.c:346) by 0x406CD6: main (oscap.c:79 Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 22:29:53 2014 +0200 Plug a memory leak. Addressing: 4,096 bytes in 1 blocks are definitely lost in loss record 4 of 4 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x33AD842F4B: realpath@@GLIBC_2.3 (canonicalize.c:78) by 0x4C60848: oscap_acquire_guess_realpath (oscap_acquire.c:233) by 0x4C66C5E: ds_sds_dump_component (sds.c:226) by 0x4C66E9B: ds_sds_dump_component_ref_as (sds.c:263) by 0x4C671CD: ds_sds_dump_component_ref_as (sds.c:320) by 0x4C66449: ds_sds_session_register_component_with_dependencies (ds_sds_session.c:240) by 0x4C66085: ds_sds_session_select_checklist (ds_sds_session.c:174) by 0x4CFBBF0: xccdf_session_load_xccdf (xccdf_session.c:408) by 0x4CFB8DA: xccdf_session_load (xccdf_session.c:351) by 0x40BCB4: app_evaluate_xccdf (oscap-xccdf.c:469) by 0x407EA0: oscap_module_call (oscap-tool.c:261) Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 22:11:50 2014 +0200 Start using XCCDF source from DataStream. We still dump the XCCDF to a disk among all the files from catalog, but we no longer parse XCCDF twice in the xccdf_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 22:09:18 2014 +0200 ds_sds_session_select_checklist should return XCCDF source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 20:43:00 2014 +0200 Allows for elements like: <plain-text id='empty'/> The issue manifestated itself, when we started to use xmlReaderWalker. As a DOM representation of <plain-text id='empty'></plain-text> is <plain-text id='empty'/>. That is hard to parse. Let me explain why we use xmlTextReaderReadInnerXml call here. The problem is that once we move from element to attribute we cannot easily read the text value of the element. Remember that xmlTextReaderReadString cannot be used as it does not work with xmlReaderWalker. The xmlTextReader*Value cannot be used as it will just return value of the attribute. The xmlTextReaderIsEmptyElement is not useful either. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 18:17:20 2014 +0200 Promote oscap_text_consumer to commons This should be useful beyond OVAL parser. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 17:48:57 2014 +0200 Promote oval_parser_text_value to commons This is far more rigorous way to parse text content of a node. It should be useful beyond the OVAL parser. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 17:45:30 2014 +0200 Promote oval_xml_value_consumer to commons This should be useful beyond OVAL parser. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 17:31:18 2014 +0200 Do not pass oval_context to oval_parser_text_value It is not used. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 16:15:25 2014 +0200 Firsly created XCCDF namespace shall be assigned with Benchmark node. Previous assumption that xmlSetNs sets the namespace declaration was high-flying. Addressing: 37 bytes in 1 blocks are indirectly lost in loss record 2 of 3 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x3D134AE548: xmlStrndup (xmlstring.c:45) by 0x3D1345489B: xmlNewNs (tree.c:757) by 0x4CE3C4B: lookup_xccdf_ns (elements.c:457) by 0x4CE497E: xccdf_item_to_dom (item.c:348) by 0x4CE0C7C: xccdf_benchmark_to_dom (benchmark.c:258) by 0x4CE0B96: xccdf_benchmark_export_source (benchmark.c:235) by 0x4CFD9C2: _build_xccdf_result_source (xccdf_session.c:1001) by 0x4CFDAD5: xccdf_session_export_xccdf (xccdf_session.c:1023) by 0x40BECA: app_evaluate_xccdf (oscap-xccdf.c:509) by 0x407EA0: oscap_module_call (oscap-tool.c:261) by 0x40831D: oscap_module_process (oscap-tool.c:346) 85 (48 direct, 37 indirect) bytes in 1 blocks are definitely lost in loss record 3 of 3 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x3D1345482B: xmlNewNs (tree.c:748) by 0x4CE3C4B: lookup_xccdf_ns (elements.c:457) by 0x4CE497E: xccdf_item_to_dom (item.c:348) by 0x4CE0C7C: xccdf_benchmark_to_dom (benchmark.c:258) by 0x4CE0B96: xccdf_benchmark_export_source (benchmark.c:235) by 0x4CFD9C2: _build_xccdf_result_source (xccdf_session.c:1001) by 0x4CFDAD5: xccdf_session_export_xccdf (xccdf_session.c:1023) by 0x40BECA: app_evaluate_xccdf (oscap-xccdf.c:509) by 0x407EA0: oscap_module_call (oscap-tool.c:261) by 0x40831D: oscap_module_process (oscap-tool.c:346) by 0x406CD6: main (oscap.c:79) Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 16:02:15 2014 +0200 Pass NS to the node upon creation. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 14:59:27 2014 +0200 Avoid using xmlTextReaderReadString function. It requires that we have correct position on the TextNode. Interestingly, there were no problems with native xmlTextReader, but with xmlWalkerReader we are hitting xmllib2 TODO like: Unimplemented block at xmlreader.c:1794 Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 13:23:39 2014 +0200 Use oscap_source to parse XCCDF content within session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 13:20:38 2014 +0200 Refactor: Extract function: xccdf_benchmark_import_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 12:17:46 2014 +0200 Drop XCCDF version from XCCDF Session The oscap_source at session.xccdf.source already holds it. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 12:15:46 2014 +0200 Use oscap_source to validate XCCDF document within session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 12:05:20 2014 +0200 Use existing DOM to detect version of XCCDF file. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 12:01:16 2014 +0200 Refactor: Extract function: xccdf_detect_version_priv. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 11:46:53 2014 +0200 Start building oscap_source for XCCDF file within session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 11:31:20 2014 +0200 Refactor: Extract function: ds_sds_session_register_component_with_dependencies. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 11:19:09 2014 +0200 Refactor: Promote: ds_sds_dump_component_ref* to privileged. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 11:04:07 2014 +0200 Refactor: Promote: containter_get_component_ref_by_id to privileged., Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 10:50:03 2014 +0200 Postpone the creation of target dir. Create directories right before exporting. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 10:19:36 2014 +0200 Do not pass target_dir to ds_sds_find_component_ref. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 10:15:50 2014 +0200 Set target_dir to sds_session before split. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 10:12:01 2014 +0200 Remove oscap_debug.log.* from split directory The oscap info module started to create these debug files after switch to oscap_source. Addressing: rmdir: failed to remove ‘/tmp/tmp.VmUI3fIhII’: Directory not empty $ ls /tmp/tmp.VmUI3fIhII/ oscap_debug.log.17855 $ cat /tmp/tmp.VmUI3fIhII/oscap_debug.log.17855 =============== LOG: Thu Sep 18 10:07:26 2014 =============== (17855:7fbaf886e840) [I:doc_type.c:92:oscap_determine_document_type_reader] Identified document type: data-stream-collection Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 10:05:50 2014 +0200 Introduce target_dir as a property of ds_sds_session. Distinction between target_dir and temp_dir allows users to set their own target_dir or use automatic tamp_dir. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 09:41:45 2014 +0200 Tests: Files are now exported with encoding="UTF-8". This is result of using oscap_source for splitting the datastream. This may change once more in future (once everything uses oscap_source we may determine what would be pros and cons). Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 09:03:19 2014 +0200 Override return code of oscap_xml_save_filename Prose: The most libopenscap api return (int)0 as a sign of success. A few functions return (bool)true to indicate success. This alone may cause a headache to juniors. This particular function trains our brains and returns 1 to indicate success. A consistent world would be very boring place to live in. First, I propagated oscap_xml_save_filename return code to oscap_source_save_as. Because a lot of *_export functions returned what oscap_xml_save_filename passed on them. However, I figured out that these *_export functions will be deprecated. Hence, there seems to be a little reason to take them into consideration. Let's make oscap_source_save_as return (int)0 as sign of success. That should improve consistency going forward and make this world boring once again. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 18 08:05:20 2014 +0200 Serialize all files from sds split at once Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 18:16:05 2014 +0200 Introduce function: ds_sds_session_dump_component_files. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 17:31:47 2014 +0200 Register parsed components with sds_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 17:55:43 2014 +0200 Refactor: Promote _guess_real_path to oscap_acquire module. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 17:29:23 2014 +0200 Introduce function: ds_sds_session_register_component_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 17:14:35 2014 +0200 Pass sds_session downto ds_sds_dump_componen Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 17:10:21 2014 +0200 Reuse existing code in ds_sds_find_component_ref. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 14:48:32 2014 +0200 Pass only sds_session to ds_sds_dump_component_ref_as Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 14:38:48 2014 +0200 Pass only sds_session to ds_sds_dump_component_ref. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 14:36:12 2014 +0200 Introduce function: ds_sds_session_get_xmlDoc Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 13:23:41 2014 +0200 Refactor: Extract function: ds_sds_session_get_selected_datastream Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 11:45:14 2014 +0200 Introduce function: ds_sds_session_set_datastream_id Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 11:31:46 2014 +0200 Wrap oscap_source within ds_sds_decompose_custom by sds_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 11:26:11 2014 +0200 Yell an error message when a datastream session could not be created. No need to include all the details in the message. More detailed error message should already have been registered by prior function call. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 11:10:51 2014 +0200 Wrap DOM within ds_sds_decompose_custom by oscap_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 10:50:01 2014 +0200 Refactor: Extract function: _containter_get_component_ref_by_id Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 15 17:02:25 2014 +0200 Refactor: Checklist selection is responsibility of ds_sds_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 16 10:05:43 2014 +0200 Refactor: Rename function: xccdf_session_get_ds_sds_session Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 15 16:27:10 2014 +0200 temp_directory will be property of ds_sds_session Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 11 14:10:48 2014 +0200 Refactor: Rename structure: sds_registry --> sds_session I was truly struggling to find best name for this structure. It relates to the fact that I was also struggling to draw line about sds_session responsibilities. First I thought it will be something like oscap_source managing only low level thing of split DS oscap_source to many OVAL/XCCDF oscap_sources. However, I later found that notion of DataStream internals needs to be build in to roots of sds_session to be really useful. That was a time I decide sds_registry is appropriate name. Later on, I understood that whole registry of DataStrem content is not needed. And that caller would need to remember datastream_id and lot of component_ids. That's how the idea of sds_ctx emerged. Then I think it will be much more intuitive to call this sds_session, since we already have xccdf_session and there are certain similarities. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 11 11:52:55 2014 +0200 Refactor: Extract function: ds_doc_from_foreign_node Change the error messages along the way. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 18:22:28 2014 +0200 Refactor: Extract function: ds_sds_dump_component_sce. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 18:09:37 2014 +0200 Never try to export a file twice. Changes behavior only for invalid content. Otherwise it does not change behavior. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 17:00:57 2014 +0200 Start using ds_sds_registry to query sds_index This again reduce number of file opens we need to do. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 16:58:46 2014 +0200 Make sure the sds_idx is available. Addressing segfault. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 16:54:29 2014 +0200 ds_sds_registry should better not own the oscap_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 16:02:53 2014 +0200 Introduce ds_sds_registry_get_sds_idx Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 16:33:41 2014 +0200 Refactor: Drop _build_new_xmlTextReader function. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 16:14:56 2014 +0200 xmlTextReader should not be cached by oscap_source The reader cannot be reused like DOM can. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 16:01:51 2014 +0200 Refactor: Promote ds_sds_index_parse to privileged Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 11 17:37:48 2014 +0200 Better support for (default) in HTML guide Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 11 17:34:16 2014 +0200 Avoid cdf12:notice appearing in generate HTML guide, only its contents Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 11 14:12:39 2014 +0200 xccdf_policy_get_readable_item_{title,description} shall not segfault with no texts Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 2 19:48:20 2014 +0200 Introduce new structure ds_sds_registry. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 10 14:07:59 2014 +0200 Highlight notchecked rules in HTML report, treat them as rules that need attention Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 10 13:59:04 2014 +0200 Show info about selected profile in HTML guide Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 10 13:49:16 2014 +0200 Show benchmark title in HTML guide Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 10 13:32:38 2014 +0200 Merge branch 'maint-1.0' into maint-1.1 Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 11:00:13 2014 +0200 Use already parsed sds for validation. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 10:30:16 2014 +0200 Use oscap_source to query scap_type of session document. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 10:24:19 2014 +0200 Build oscap_source for main file of xccdf_session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 02:15:29 2014 +0200 Export <metadata> to XCCDF namespace Addressing (validation prior export): OpenSCAP Error: File '/tmp/test_xccdf_sub_title.res.CzgNxf' line 1: Element 'metadata': This element is not expected. Expected is one of ( {http://checklists.nist.gov/xccdf/1.2}metadata, {http://checklists.nist.gov/xccdf/1.2}model, {http://checklists.nist.gov/xccdf/1.2}Profile, {http://checklists.nist.gov/xccdf/1.2}Value, {http://checklists.nist.gov/xccdf/1.2}Group, {http://checklists.nist.gov/xccdf/1.2}Rule, {http://checklists.nist.gov/xccdf/1.2}TestResult, {http://checklists.nist.gov/xccdf/1.2}signature ). Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 02:05:07 2014 +0200 Export <fix> element to the XCCDF namespace Addressing (validation of DOM before export): OpenSCAP Error: File '/tmp/test_xccdf_fix_attr_export.out.Dasz2C' line 1: Element 'fix': This element is not expected. Expected is one of ( {http://checklists.nist.gov/xccdf/1.2}status, {http://checklists.nist.gov/xccdf/1.2}dc-status, {http://checklists.nist.gov/xccdf/1.2}version, {http://checklists.nist.gov/xccdf/1.2}title, {http://checklists.nist.gov/xccdf/1.2}description, {http://checklists.nist.gov/xccdf/1.2}warning, {http://checklists.nist.gov/xccdf/1.2}question, {http://checklists.nist.gov/xccdf/1.2}reference, {http://checklists.nist.gov/xccdf/1.2}metadata, {http://checklists.nist.gov/xccdf/1.2}rationale ). Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 02:03:22 2014 +0200 Refactor: pass version_info downto xccdf_fix_to_dom() Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 01:52:54 2014 +0200 Do not recreate xccdf namespace, just look it up. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 01:49:54 2014 +0200 Refactor: Declutter code and make it more compact and readable Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 01:45:44 2014 +0200 Do not set namespace to Benchmark element. It already has one assigned. Addressing: OpenSCAP Error: File '/tmp/tmp.eufUBtxpsQ' line 0: Element 'Benchmark': No matching global declaration available for the validation root. [xccdf_session.c:350] Interestingly, this error is also produced only when validating our DOM prior the export. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 10 01:42:10 2014 +0200 Make sure that xccdf:item gets always created with namespace This avoids declaring namespace in each Benchmark's child. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 9 18:07:23 2014 +0200 Make sure to create xccdf namespace if that is missing. Addressing (validation of exported xmlDom): File '/tmp/tmp.4h6LOGMsaX' line 0: Element 'status': This element is not expected. Expected is ( {http://checklists.nist.gov/xccdf/1.1}status ). We have never seen this error before until switching validation from file to exported DOM. We have always created the DOM incorrectly (i.e. without namespace). However, this error had never been exercised because libxml exported nodes without namespace to the "parent/default" namespace. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 9 17:55:36 2014 +0200 Refactor: Extract function: lookup_xccdf_ns Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 9 16:01:03 2014 +0200 Refactor: Extract function: _build_xccdf_result_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 9 15:37:55 2014 +0200 Do not export namespaced property by xmlNewProp Use xmlNewNsProp instead. Addressing (pre-export validation error): OpenSCAP Error: File '/tmp/tmp.k8sAMVDRGW' line 0: Element '{http://checklists.nist.gov/xccdf/1.1}Benchmark', attribute 'xml:lang': The attribute 'xml:lang' is not allowed. [xccdf_session.c:350] Could not export OVAL Results correctly to /tmp/tmp.k8sAMVDRGW [xccdf_session.c:1020] Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 9 11:08:12 2014 +0200 Validate XCCDF results using oscap_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 9 11:05:42 2014 +0200 Use oscap_source to export XCCDF results from session. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 9 10:47:45 2014 +0200 Refactor: Extract function: xccdf_benchmark_export_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 8 21:10:56 2014 +0200 We cannot use realpath easily, we need to play guessing game Previously, we avoided duplicates just by calling realpath. But realpath only works for exisiting files. We changed export code and we no longer have files exported, but we still need to avoid duplicates. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 6 23:43:12 2014 +0200 Export all oval results at once, after sources are prepared. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 6 23:38:01 2014 +0200 Refactor: Extract function: _build_oval_result_sources Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 6 23:30:00 2014 +0200 Make sure that oscap_source is added to the table. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 6 23:25:33 2014 +0200 Do not free string when you need to allocate it again. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 6 17:40:20 2014 +0200 Store oval result sources to a map instead of disposing them Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 19:58:21 2014 +0200 tests: XSI namespace is now exported only once Amend the exemplary content. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 19:52:18 2014 +0200 tests: namespaces gets exported before the properties Amend the exemplary content. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 19:38:22 2014 +0200 Drop XCCDF_XSI_NAMESPACE. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 19:33:27 2014 +0200 Drop OVAL_XMLNS_XSI. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 19:14:30 2014 +0200 Do not export namespaced property by xmlNewPror Use xmlNewNsProp instead. Addressing (pre-export validation error): OpenSCAP Error: File '/tmp/oscap.HceiZV/stub-oval.xml.result.xml' line 0: Element '{http://oval.mitre.org/XMLSchema/oval-results-5}oval_results', attribute 'xsi:schemaLocation': The attribute 'xsi:schemaLocation' is not allowed. [xccdf_session.c:346] Could not export OVAL Results correctly to /tmp/oscap.HceiZV/stub-oval.xml.result.xml [xccdf_session.c:1202] Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 19:12:16 2014 +0200 Refactor: Extract function: lookup_xsi_ns. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 18:01:19 2014 +0200 Move oval_results_model_export_source to public API. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 3 23:14:53 2014 +0200 Use oscap_source within _xccdf_session_export_oval_result_file Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 3 22:13:45 2014 +0200 OVAL Results export should use oscap_source_save_as. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 17:23:19 2014 +0200 Avoid using xmlTextReaderReadString function. It requires that we have correct position on the TextNode. Interestingly, there were no problems with native xmlTextReader, but with xmlWalkerReader we are hitting xmllib2 TODO like: Unimplemented block at xmlreader.c:1794 Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 11:30:31 2014 +0200 Do not try to open file again to determine oval version Reuse existing DOM instead. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 11:13:43 2014 +0200 Refactor: Extract function: oval_determine_document_schema_version_priv. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 16:35:20 2014 +0200 tests: Expect different output after xmlTextReader changes. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 13:01:55 2014 +0200 Do not report errno when xmlError is encountered It is not terribly useful. Addressing output like: test_unfinished.xccdf.xml:18: parser error : Premature end of data in tag Benchmark line 2 ^ Could not dermine document type OpenSCAP Error: Unable to parse XML at: 'test_unfinished.xccdf.xml' (Do not report errno when xmlError is encountered It is not terribly usefull ) [oscap_source.c:161] Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 12:54:39 2014 +0200 Do not report the same error multiple times Addressing output like: test_unfinished.xccdf.xml:18: parser error : Premature end of data in tag Benchmark line 2 ^ Could not dermine document type OpenSCAP Error: Unable to parse XML at: 'test_unfinished.xccdf.xml' (No such file or directory) [oscap_source.c:161] Unable to open file: 'test_unfinished.xccdf.xml' (No such file or directory) [oscap_source.c:145] Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 12:33:49 2014 +0200 Do not pass NULL to strregcomp xmlWalkerReader may give us NULL where we used to get "" from xmlTextReader Addressing: #1 0x00007ffff7d5cd3b in strregcomp (pattern=0x629a70 ".*", test_str=0x0) at oval_cmp_basic.c:143 #2 0x00007ffff7d5cecf in oval_string_cmp (state=0x629a70 ".*", syschar=0x0, operation=OVAL_OPERATION_PATTERN_MATCH) at oval_cmp_basic.c:192 #3 0x00007ffff7d5c362 in oval_ent_cmp_str (state_data=0x629a70 ".*", state_data_type=OVAL_DATATYPE_STRING, sysent=0x62a210, operation=OVAL_OPERATION_PATTERN_MATCH) at oval_cmp.c:99 #4 0x00007ffff7d64a44 in _evaluate_sysent (syschar_model=0x61c870, item_entity=0x62a210, state_entity=0x6299c0, state_entity_operation=OVAL_OPERATION_PATTERN_MATCH, content=0x629970) at oval_resultTest.c:464 #5 0x00007ffff7d64cd5 in eval_item (syschar_model=0x61c870, cur_sysitem=0x61f200, state=0x61fab0) at oval_resultTest.c:546 #6 0x00007ffff7d65021 in eval_check_state (test=0x627d60, args=0x7fffffffd600) at oval_resultTest.c:644 #7 0x00007ffff7d6553a in _oval_result_test_evaluate_items (test=0x627d60, syschar_object=0x61e180, args=0x7fffffffd600) at oval_resultTest.c:805 #8 0x00007ffff7d65765 in _oval_result_test_result (rtest=0x62a770, args=0x7fffffffd600) at oval_resultTest.c:870 #9 0x00007ffff7d65af4 in oval_result_test_eval (rtest=0x62a770) at oval_resultTest.c:966 #10 0x00007ffff7d5f907 in _oval_result_criteria_node_result (node=0x62d510) at oval_resultCriteriaNode.c:357 #11 0x00007ffff7d5f99f in oval_result_criteria_node_eval (node=0x62d510) at oval_resultCriteriaNode.c:378 #12 0x00007ffff7d5f8a5 in _oval_result_criteria_node_result (node=0x61e1e0) at oval_resultCriteriaNode.c:348 Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Sep 5 11:05:54 2014 +0200 Build xmlTextReader from the existing DOM. This change will allow us to decrease ammount of open() calls per file by 1 or by three in certain cases. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 3 22:04:03 2014 +0200 Refactor: Extract function: oscap_xml_save_filename Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 3 21:53:26 2014 +0200 Refactor: Rename function to oscap_xml_save_filename_free To indicate that this function disposes the xmlNode afterwards. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 3 21:41:51 2014 +0200 Introduce: oval_results_model_export_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 3 21:31:10 2014 +0200 Introduce new function: oscap_source_new_from_xmlDoc Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 3 17:45:07 2014 +0200 Refactor: Promote node_get_child_element to priviledged. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 2 20:22:47 2014 +0200 Refactor: Promote _lookup_datastream_in_collection to priviledged. Author: Martin Preisler <martin@preisler.me> Date: Tue Sep 9 13:17:46 2014 +0200 Merge pull request #2 from isimluk/maint-1.0 Do not wipe last_fqdn out in each iteration Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 8 13:58:53 2014 +0200 Don't assume cdf:Value is directly in cdf:Benchmark when substituting Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Sep 6 18:04:28 2014 +0200 Plug a memory leak. Addressing: 7 bytes in 1 blocks are definitely lost in loss record 1 of 2 at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x33B44AE548: xmlStrndup (xmlstring.c:45) by 0x4C6A11B: ds_rds_add_ai_from_xccdf_results (rds.c:332) by 0x4C6AF4E: ds_rds_add_xccdf_test_results (rds.c:709) by 0x4C6B333: ds_rds_create_from_dom (rds.c:781) by 0x4C6B5F9: ds_rds_create (rds.c:847) by 0x4CFE086: xccdf_session_export_arf (xccdf_session.c:1340) by 0x40BF41: app_evaluate_xccdf (oscap-xccdf.c:515) by 0x407EA0: oscap_module_call (oscap-tool.c:261) by 0x40831D: oscap_module_process (oscap-tool.c:346) by 0x406CD6: main (oscap.c:79) Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 4 15:13:44 2014 +0200 Do not wipe last_fqdn out in each iteration Addressing coverity findings: 1. openscap-1.1.0/src/DS/rds.c:366:assignment – Assigning: "last_fqdn" = "NULL". 2. openscap-1.1.0/src/DS/rds.c:374:null – At condition "last_fqdn", the value of "last_fqdn" must be NULL. 3. openscap-1.1.0/src/DS/rds.c:374:dead_error_condition – The condition "!last_fqdn" must be true. 4. openscap-1.1.0/src/DS/rds.c:378:dead_error_line – Execution cannot reach this statement "xmlAddNextSibling(last_fqdn...". Author: Martin Preisler <martin@preisler.me> Date: Thu Sep 4 14:53:55 2014 +0200 Merge pull request #1 from isimluk/maint-1.1 Always check return from dbus_message_iter_next Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 4 14:38:43 2014 +0200 Always check return from dbus_message_iter_next Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 4 14:31:07 2014 +0200 Always check return value of fscanf. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 4 14:22:43 2014 +0200 Remove a code that has been commented out. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 4 14:06:27 2014 +0200 Plug a memory leak. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Sep 4 13:58:02 2014 +0200 Plug a memory leak. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 2 08:46:48 2014 +0200 Use oscap_source_validate when validating OVAL input. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 2 08:31:43 2014 +0200 Deprecate: oscap_schematron_validate_document. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 2 08:24:07 2014 +0200 Make use of oscap_source_validate_schematron. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 2 08:20:03 2014 +0200 Introduce oscap_source_validate_schematron Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 2 08:09:05 2014 +0200 Refactor: Extract function: oscap_source_validate_schematron_priv Also improve error messages and start using outfile for xslt transformations. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 1 23:53:25 2014 +0200 Refactor: Expand and drop function: oscap_apply_xslt_path Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 1 23:41:25 2014 +0200 Refactor: Extract function: oscap_source_apply_xslt_path Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 1 23:13:32 2014 +0200 Rewrite OVAL's validate_inputs to use oscap_source_validate. This provides more detailed reporting. Multiple errors will be reported at once. Type mismatch will be spelled out separately. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 1 21:19:55 2014 +0200 Start using oscap_source_validate for generated oval results. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 1 21:11:32 2014 +0200 Start using oscap_source_validate for generated syschar. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Sep 1 21:09:40 2014 +0200 Notify user when oscap_source_validate failed. This will allow us to drop validation_failed and _validation_failed functions. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Aug 9 19:51:02 2014 +0200 Introduce oscap_source_validate This is a revolution in the SCAP document validation! You don't need to know type and version of your document oscap_source will do the right thing. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Aug 9 19:39:01 2014 +0200 Refactor: Hide oscap_validate_xml Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Aug 9 19:34:14 2014 +0200 Refactor: Extract function: oscap_source_validate_priv Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Aug 9 19:06:47 2014 +0200 Implement oscap_source_get_schema_version The oscap_source should be responsible to handle such stuff. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Aug 9 18:36:25 2014 +0200 Correct the error message. ARF is only version 1.1 Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Aug 9 18:10:54 2014 +0200 Re-use oscap_source to query document type. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Aug 9 18:05:31 2014 +0200 Refactor: Move oscap_source initialization upward in the scope. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Aug 9 09:57:44 2014 +0200 Refactor: oscap_validate_xml should take oscap_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Aug 8 15:03:01 2014 +0200 Refactor: rename a variable: avoid having two void *user pointers Author: Šimon Lukašík <slukasik@redhat.com> Date: Fri Aug 8 12:02:45 2014 +0200 Use oscap_source within oscap_validate_xml. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Aug 7 09:21:34 2014 +0200 Promote and rename oscap_source_readable_origin. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Aug 6 17:26:26 2014 +0200 Refactor: Move oscap_validate_xml to the sources module Later, it will be dependent on the oscap_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Aug 6 16:34:09 2014 +0200 Introduce oscap_source_get_xmlDoc Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Aug 6 09:55:38 2014 +0200 Deprecate function: oval_directives_model_import. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Aug 6 09:50:28 2014 +0200 Do not use oval_directives_model_import. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Aug 6 09:43:50 2014 +0200 Refactor: Extract function: oval_directives_model_import_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Aug 6 09:34:17 2014 +0200 Deprecate function: oval_syschar_model_import Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Aug 6 09:32:31 2014 +0200 Do not use oval_syschar_model_import. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Aug 6 09:24:02 2014 +0200 Refactor: Extract function: oval_syschar_model_import_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Aug 6 08:38:43 2014 +0200 Deprecate function: oval_variable_model_import Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Aug 6 08:35:05 2014 +0200 Do not use oval_variable_model_import. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Aug 6 08:30:35 2014 +0200 Bind correct filename to the error message. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Aug 6 08:16:40 2014 +0200 Refactor: Extract function: oval_variable_model_import_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Aug 6 08:08:36 2014 +0200 Deprecate function: oval_results_model_import. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Aug 6 08:00:03 2014 +0200 Do not use oval_results_model_import Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Aug 5 13:27:47 2014 +0200 Revert small part of 3df010c0 I don't understand it. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Aug 5 13:24:51 2014 +0200 Refactor: Extract function: oval_results_model_import_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Aug 5 13:13:17 2014 +0200 Deprecate function: oval_definition_model_import. Author: Šimon Lukašík <slukasik@redhat.com> Date: Mon Aug 4 18:10:14 2014 +0200 Do not use oval_definition_model_import Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 18:20:22 2014 +0200 No need to include CVE path twice. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 18:13:15 2014 +0200 Take oscap_source_get_xmlTextReader back to private. It needs libxml and it is unnecessary to have libxml requirement in public API. Addressing: CC oscap-oscap-oval.o In file included from ../src/OVAL/public/oval_definitions.h:42:0, from ../src/OVAL/public/oval_probe.h:37, from oscap-oval.c:29: ../src/source/public/oscap_source.h:29:30: fatal error: libxml/xmlreader.h: No such file or directory #include <libxml/xmlreader.h> ^ Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 17:53:40 2014 +0200 Refactor: Extract function: oval_definition_model_import_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 17:48:14 2014 +0200 Deprecate oval_definition_model_merge. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 17:42:34 2014 +0200 oval_definition_model_import should use oscap_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 17:15:03 2014 +0200 Refactor: Extract function: _oval_definition_model_merge_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 16:59:18 2014 +0200 Make oscap_source thingy public. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 16:11:33 2014 +0200 Consolidate error messages from oscap_source Once we have the code on the single place we can spot inconsistencies easily. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 16:08:41 2014 +0200 _build_new_xmlTextReader could SetErrorHandler Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 16:03:23 2014 +0200 oscap_source_get_xmlTextReader should ensure that error handler is set Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 15:53:27 2014 +0200 Do not forward parser context to error handler. The libxml_error_handler does not take any user data anyway. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 15:49:25 2014 +0200 Introduce new responsibility for oscap_source: get_scap_type Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 15:27:08 2014 +0200 Refactor: Extract function: _build_new_xmlTextReader Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 15:20:55 2014 +0200 Refactor: Extract function: _readable_origin. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 15:16:54 2014 +0200 Refactor: Move determine_type implementation to the source module tree. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 14:48:13 2014 +0200 Refactor: Extract function: _oscap_determine_document_type_reader Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 13:01:27 2014 +0200 CCE parser should use oscap_source Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 12:51:56 2014 +0200 OVAL directives parser should use oscap_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 12:45:33 2014 +0200 OVAL syschar parser should use oscap_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 12:38:15 2014 +0200 OVAL variables parser should use oscap_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 12:31:48 2014 +0200 OVAL result parser should use oscap_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 12:26:47 2014 +0200 OVAL definition parser should use oscap_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 26 12:20:28 2014 +0200 Introduce very simple file openner to scap_source. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 19 13:31:58 2014 +0200 Introduction of oscap_source This is pretty much an empty suit now. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 3 22:31:04 2014 +0200 bump version after release Next release from master branch will be 1.2+ Author: Martin Preisler <martin@preisler.me> Date: Wed Sep 3 19:07:02 2014 +0200 Merge branch 'maint-1.1' Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 3 19:03:21 2014 +0200 Merge branch 'maint-1.0' into maint-1.1 Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 3 18:59:45 2014 +0200 Repository moved to github Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 3 18:38:00 2014 +0200 lib/sys/types.h is product, it should not be in repo. Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 3 16:45:20 2014 +0200 We need to include absolute-header.m4 everywhere Addressing: checking for complete errno.h... yes ./configure: line 7133: syntax error near unexpected token `errno.h' ./configure: line 7133: ` gl_ABSOLUTE_HEADER_ONE(errno.h)' Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 3 13:37:11 2014 +0200 Updating Gnulib to commit 78f00bd0af9a940d40decad6099b828e08aa91d1 Author: Šimon Lukašík <slukasik@redhat.com> Date: Wed Sep 3 13:31:00 2014 +0200 Bump version after release. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 2 23:07:53 2014 +0200 openscap-1.1.0 Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 2 20:57:29 2014 +0200 Bump soname from 8.3.0 to 8.3.1 The interface has not changed. Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Sep 2 20:25:04 2014 +0200 Merge branch 'maint-1.0' Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 2 18:31:43 2014 +0200 Look for the first cdf:Benchmark anywhere in the XML file as last resort in report This means we now support ARFs with XCCDF 1.1 inside. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 2 18:25:57 2014 +0200 Use utf-8 consistently as encoding in XSLTs Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 2 18:25:21 2014 +0200 Extended the ns_workaround to look for all XCCDF 1.1 occurences, even nested Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 2 14:54:04 2014 +0200 Minor indentation fixes in the new XSLTs to make them consistent Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 2 14:43:09 2014 +0200 Less "startling" summary messages in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 1 19:34:37 2014 +0200 Don't show Benchmark item twice in HTML guide Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 1 19:13:28 2014 +0200 Description should also be scrollable in report instead of overflowing Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 1 16:28:23 2014 +0200 Added tooltip to score that points to XCCDF spec Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 1 16:28:06 2014 +0200 Added tooltip to failed rules severity breakdown in report Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 1 16:27:48 2014 +0200 Added tooltip to rule result breakdown in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 1 15:58:15 2014 +0200 Make OVAL test more apparent in check system details in report Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 1 15:47:06 2014 +0200 Remediation should also scroll instead of overflow in HTMLreport Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 1 15:41:57 2014 +0200 check-system-details should scroll when overflowing This is still not ideal becuase it's inconvenient to have to scroll but it's better than before. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 1 15:24:13 2014 +0200 Colors in HTML report are now consistent with Bootstrap colors Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 1 15:16:08 2014 +0200 Show Evaluation Characteristics as a table instead of prose in report Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 1 15:00:25 2014 +0200 Lock rule detail column sizes so that they are consistent in report Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Aug 31 23:25:14 2014 +0200 Refactor: cve parser shall check node type only once. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Aug 31 23:19:27 2014 +0200 Do not continue parsing, when unknown element occur. Author: Šimon Lukašík <slukasik@redhat.com> Date: Sun Aug 31 23:04:53 2014 +0200 Plug a memory leak. Addressing: 30 bytes in 1 blocks are definitely lost in loss record 1 of 1 at 0x4C2745D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x348A2AE548: xmlStrndup (xmlstring.c:45) by 0x348A2EBB8C: xmlTextReaderGetAttribute (xmlreader.c:2400) by 0x4EFBBBD: cve_model_parse (cve_priv.c:436) by 0x4EFBAE5: cve_model_parse_xml (cve_priv.c:414) by 0x4EFAA19: cve_model_import (cve.c:60) by 0x40E150: app_cve_find (oscap-cve.c:119) by 0x407D20: oscap_module_call (oscap-tool.c:261) by 0x40819D: oscap_module_process (oscap-tool.c:346) by 0x406B56: main (oscap.c:79) Author: Shawn Wells <shawn@redhat.com> Date: Fri Aug 29 03:40:36 2014 +0200 fixing extended definition segfault after three days of an SCAP conference, in which multiple whiskeys were had, I mistyped an extended definition and crashed openscap. whoops. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 27 15:47:21 2014 +0200 Added test for no title and title scenarios in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 27 15:08:32 2014 +0200 Show identifiers and references in XCCDF report Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 27 14:58:24 2014 +0200 Show ID for rules, groups, benchmarks in guide, report if title is N/A Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 26 17:15:10 2014 +0200 Added python3 swig generated files to .gitignore Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 26 16:46:42 2014 +0200 Use ${prefix} for python3 directories, avoid permission errors on distcheck Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 26 15:07:09 2014 +0200 Don't build python3 by default --enable-python3 requires python3-config or ./configure fails. python3 is not readily available on EL6. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 25 19:53:32 2014 +0200 Merge branch 'xslt-devel' Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 25 19:50:41 2014 +0200 Added labels for group and rule in guide Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 25 19:20:53 2014 +0200 Link CVE idents to CVE browser Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 25 16:57:16 2014 +0200 Rework of guide, children are added to a special neighbor node of parent Also removed dead code in report. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 25 16:00:29 2014 +0200 Refactored report and guide entry templates Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 25 15:24:50 2014 +0200 Unified remediation and check system details labels between report and guide Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 25 13:53:38 2014 +0200 Only show OVAL results if there are any to show, same with SCE Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 25 13:37:47 2014 +0200 Only show check-system-details if the rule failed Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 21 16:39:57 2014 +0200 Output messages about used benchmark and profile if $verbosity is true Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Aug 21 16:11:17 2014 +0200 Start building python3 bindings. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 21 16:08:24 2014 +0200 Changed tests to suit the new report and guide Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 21 16:05:08 2014 +0200 sub-testresult substitution, don't show unselected items in guide If set-value is in TestResult we are guaranteed to make the right substitution. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Aug 14 11:32:10 2014 +0200 python3: Introduce new option and probe python3 existence ./configure --enable-python3=yes Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 21 16:01:50 2014 +0200 Put openscap version that was used into report and guide Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Aug 21 15:04:08 2014 +0200 Always include swig directory. It should be intelligent enough to do the right thing. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Aug 21 14:58:42 2014 +0200 Refactor: Move pel bindings to a separate subdirectory. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Aug 21 13:51:40 2014 +0200 Refactor: Move python2 bindings to a separate subdirectory. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Aug 21 13:38:15 2014 +0200 Refactor: Move openscap.i to src/ sub-dir. Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Aug 21 15:50:47 2014 +0200 Remove my outdated networking information. I am unable to keep it up to date. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 21 15:14:02 2014 +0200 Fixed a typo in remediation, "comleted" should be "completed" I have fixed this in master and not in the maintenance branch to avoid breaking code that may be relying on this broken behavior. As did our tests. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 21 11:57:34 2014 +0200 Fixed a strangely widespread typo "parameteres" Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 20 13:37:32 2014 +0200 Added xccdf-resources.xsl to the repo, changed Makefile.am accordingly Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 19 16:48:55 2014 +0200 fix.xsl is now legacy-fix.xsl, the old broken behavior is kept Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 18 19:23:44 2014 +0200 Altered systemd probes tests to use -.mount instead of boot.mount boot.mount needn't be enabled or even present on a fully functional system. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 18 18:16:54 2014 +0200 Fixed systemdunitproperty tests, default.target is an alias, not a unit name There were other issues as well, the tests had human readable text in @comment, verify_results expects true or false there. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 18 18:16:23 2014 +0200 Moved functions from systemdshared to the probes that use them Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 18 17:49:13 2014 +0200 Removed a check that every dependency of sockets.target has to be active The assumption is not correct. We can't rely on it. Also fixed the verify_results invocation to pass the correct amount of tests and defs. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 18 17:19:27 2014 +0200 Only run systemd probes tests if systemd is on the system Both tests have the assumption that systemd is the used init system. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 18 16:42:48 2014 +0200 Merge branch 'maint-1.0' Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 18 16:41:19 2014 +0200 Slightly slower xmldiff.pl but without Digest::MD5 perl dependency Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 14 11:44:54 2014 +0200 Removed unnecessary namespaces from xccdf-guide-impl Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 13 16:45:49 2014 +0200 Split xccdf-guide into xccdf-guide and xccdf-guide-impl Same situation as in xccdf-report, xccdf-guide will handle ARF vs XCCDF 1.1 vs XCCDF 1.2 negotiation. The guide itself will be implemented in xccdf-guide-impl.xsl. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 13 15:50:09 2014 +0200 security-guide.xsl was renamed to xccdf-guide.xsl Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 13 15:46:36 2014 +0200 HTML report tests reflect that the new stylesheet is for XCCDF 1.2 Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 13 15:45:39 2014 +0200 If TestResult doesn't supply the benchmark/@id, try to use root Benchmark This is mostly for backwards compatibility, openscap always references the benchmark in TestResult nowadays. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 13 15:44:10 2014 +0200 The ns_workaround now changes XCCDF 1.1 to 1.2 instead of the other way around Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 13 15:33:52 2014 +0200 Allow selection of Benchmark ID in the same way TestResult ID is selected This means that HTML report can be generated from Result DataStream since this commit. (and the crowd goes wild!) Both TestResult ID and Benchmark ID are autodetected when not supplied. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 13 15:06:54 2014 +0200 Split off the entry point for xccdf-report to a separate file This will help contain all the ARF vs XCCDF 1.1 vs XCCDF 1.2 negotiating logic. xccdf-report-impl will get all the elements as parameters. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 12 15:55:23 2014 +0200 Renamed oval-report.xsl to xccdf-report-oval-details.xsl to avoid confusion Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 12 13:23:19 2014 +0200 Rewrite of oval-report.xsl to use HTML5 instead of docbook Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 12 12:53:21 2014 +0200 Initial support for check system result details OVAL results are written out as docbook, this will be changed in future commits. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 12 12:52:54 2014 +0200 Added labels for progress bars displaying rule result breakdown Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 12 12:51:35 2014 +0200 Removed top navigation menu from HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 12 12:50:40 2014 +0200 Deleted unused XSL files Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 5 11:37:10 2014 +0200 Removed an unused XSLT responsible for tailoring functionality We do tailoring in the openscap API, duplicating that in XSLT increases maintenance costs. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 5 10:52:35 2014 +0200 Added breakdown by severity for failed rules in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 5 10:29:50 2014 +0200 Correctly show used profile's ID in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 4 20:46:15 2014 +0200 Use $benchmark instead of a hard coded XPath to get cdf:Benchmark We can use the parameter to later pass ARF component contents instead of just the root element. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 4 20:42:48 2014 +0200 Changed xccdf-report.xsl to take testresult id parameter Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 4 20:22:49 2014 +0200 Reworked xccdf-guide.xsl to take params for benchmark and profile Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 4 18:18:23 2014 +0200 Display identifiers and references in XCCDF guide Plus related refactoring to reuse XSLT templates. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 31 17:47:30 2014 +0200 Added rule overview to HTML guide, refactoring to share code with report Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 31 16:41:13 2014 +0200 Removed unnecessary XSLT files Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 31 16:07:36 2014 +0200 Started rewrite of XCCDF guide, just intro and footer for now Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 31 10:29:06 2014 +0200 Copy the DBus8ByteStruct typedef as well, old libdbus APIs don't have it Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 30 17:30:34 2014 +0200 Moved xccdf substitution code to xccdf-share.xsl, HTML report now substitutes Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 30 17:20:26 2014 +0200 Close button in rule modal should appear top right Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 30 13:54:28 2014 +0200 Fixed SIGSEGV with non-existant systemd units or units that don't depend on anything Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 30 11:23:28 2014 +0200 Do not attempt to get file descriptors out of DBus values We have no need for this functionality and it may not be supported depending on the libdbus version we are using. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 30 11:21:37 2014 +0200 Only attempt to get int64 and uint64 out of dbus if it supports it Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 30 11:18:57 2014 +0200 Old versions of libdbus-1 API don't have DBusBasicValue as a public typedef We have to define it ourselves to prevent build errors. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 29 20:36:52 2014 +0200 Get rid of hardcoded libdbus-1 library paths, use the configure system Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 29 20:20:38 2014 +0200 Merge branch 'systemdtests-devel' Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 28 16:54:11 2014 +0200 Removed unused jquery.treetable CSS Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 28 16:53:51 2014 +0200 Removed glyphicon usage, we are not shipping the glyphicon fonts Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 28 16:34:09 2014 +0200 Refactored logo into a separate XSL template to make patching easier Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 28 16:33:43 2014 +0200 Regenerated bootstrap with just what we need to save space Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 28 15:47:34 2014 +0200 Avoid needless whitespace in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 24 17:47:59 2014 +0200 Bundle bootstrap.min.css and jquery.min.js as well but don't minify Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 24 17:33:37 2014 +0200 Initial work to bundle CSS and JS in a sane way, it's still a bit insane though Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 24 15:31:25 2014 +0200 Embedded the OpenSCAP logo in xccdf-branding as a minified SVG Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 24 15:18:25 2014 +0200 Split header and footer code into xccdf-branding.xsl xccdf-brainding.xsl is a file that can be patched by downstreams to provide their own logos and other branding. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 24 15:13:05 2014 +0200 Extra compliance state for just unknown rules in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 24 15:07:23 2014 +0200 Fixed compliant / non-compliant icons to be glyphicons Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 24 13:31:40 2014 +0200 Minor styling for result details of rules that need attention in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 24 13:29:59 2014 +0200 Rule result gets CSS treatment and a tooltip in result details in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 24 13:16:03 2014 +0200 Removed identifiers from rule overview in HTML report Identifiers are in result details, they take too much space in overview. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 24 13:11:54 2014 +0200 Self documenting tooltips for XCCDF results in HTML report Author: Jakub Jelen <jjelen@redhat.com> Date: Thu Jul 24 11:09:31 2014 +0200 Update RHEL6 OVAL file to ignore world-writable files in /proc/ directory * This change is made in reference to message in SSG [1] * Kernel people says that files have write flag, but they are not writable, so it is ok. [1] https://lists.fedorahosted.org/pipermail/scap-security-guide/2014-May/005512.html Author: Jan Lieskovsky <jlieskov@redhat.com> Date: Thu Jul 17 18:26:20 2014 +0200 Don't be so strict when retrieving content items & result items within verify_results() routine Current implementation retrieved just OVAL IDs prefixed with "oval:1". Doing so might skip some tests (e.g. textfilecontent54 or systemd* probes ones) from evaluation. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 23 16:19:16 2014 +0200 Show identifiers in result details, add them to keywords Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 23 16:18:54 2014 +0200 Don't indent output to speed up XSLT transformation in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 23 14:34:00 2014 +0200 Report number of rules that match when searching in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 23 14:33:42 2014 +0200 Footer no longer takes more than 100% of screen width in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 22 19:37:56 2014 +0200 Hide the huge result details list by default when JavaScript is available This is mostly a performance fix for huge XCCDFs. The browser is very busy doing reflows and relayouts when filtering and having all result details shown all the time is wasteful. Most people who have JavaScript should use the modal dialogs in rule overview anyway. Rule results can still be shown using a button. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 22 19:37:42 2014 +0200 Show identifiers in rule overview in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 22 18:14:10 2014 +0200 Correctly show profile name in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 22 18:09:20 2014 +0200 "notselected" rules are hidden by default in HTML report Had to rewrite the rule hiding logic a bit to accomplish this. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 22 15:35:58 2014 +0200 Don't show @authenticated and @authorized from cdf:identity in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 22 15:34:40 2014 +0200 All keywords have to match when searching through XCCDF rules in HTML report Author: Šimon Lukašík <slukasik@redhat.com> Date: Tue Jul 22 10:31:30 2014 +0200 trac#387: A typo fix Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 21 15:42:31 2014 +0200 Array type dbus properties are reported as one value per one element If there is an array of arrays the internal elements are ", " delimited as before. The non-nested elements are one value per one element. Author: Jan Lieskovsky <jlieskov@redhat.com> Date: Fri Jul 18 16:13:32 2014 +0200 Add (currently failing) test to check if value of sockets.target unit Wants property contains two or more values Author: Jan Lieskovsky <jlieskov@redhat.com> Date: Wed Jul 16 17:42:06 2014 +0200 Add another failing systemdunitproperty probe test, which should pass Because default.target should be enabled on common system. Author: Jan Lieskovsky <jlieskov@redhat.com> Date: Wed Jul 16 16:27:25 2014 +0200 Add example of test for systemdunitproperty probe returning unknown result Author: Jan Lieskovsky <jlieskov@redhat.com> Date: Wed Jul 16 15:50:20 2014 +0200 Add systemdunitproperty probe test returning incorrect result (IMHO should be true, but returns false). Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 19 09:48:36 2014 +0200 Merge branch 'maint-1.0' Author: Šimon Lukašík <slukasik@redhat.com> Date: Sat Jul 19 09:43:17 2014 +0200 trac#387: Fix segfault on incorrect content Addressing: #0 0x000000391c035c39 in raise () from /lib64/libc.so.6 #1 0x000000391c037348 in abort () from /lib64/libc.so.6 #2 0x00007ffff7d390fa in oval_string_map_get_value (map=0x62a080, key=0x0) at oval_string_map.c:237 #3 0x00007ffff7d057eb in oval_definition_model_get_test (model=0x61ec20, key=0x0) at oval_defModel.c:262 #4 0x00007ffff7d05ddd in oval_definition_model_get_new_test (model=0x61ec20, id=0x0) at oval_defModel.c:443 #5 0x00007ffff7d20cc3 in oval_test_parse_tag (reader=0x61eac0, context=0x7fffffffd840, usr=0x0) at oval_test.c:365 #6 0x00007ffff7d15134 in oval_parser_parse_tag (reader=0x61eac0, context=0x7fffffffd840, tag_parser=0x7ffff7d20c63 <oval_test_parse_tag>, user=0x0) at oval_parser.c:59 #7 0x00007ffff7d15608 in oval_definition_model_parse (reader=0x61eac0, context=0x7fffffffd840) at oval_parser.c:177 #8 0x00007ffff7d0573b in oval_definition_model_merge (model=0x61ec20, file=0x61c9f0 "/tmp/1.xml") at oval_defModel.c:245 #9 0x00007ffff7d055ea in oval_definition_model_import (file=0x61c9f0 "/tmp/1.xml") at oval_defModel.c:214 #10 0x0000000000409c8c in app_evaluate_oval (action=0x7fffffffd990) at oscap-oval.c:390 #11 0x0000000000407d21 in oscap_module_call (action=0x7fffffffd990) at oscap-tool.c:261 #12 0x000000000040819e in oscap_module_process (module=0x616f00 <OVAL_EVAL>, argc=5, argv=0x7fffffffdc08) at oscap-tool.c:346 #13 0x0000000000406b57 in main (argc=5, argv=0x7fffffffdc08) at oscap.c:79 Author: Šimon Lukašík <slukasik@redhat.com> Date: Thu Jul 17 20:28:56 2014 +0200 trac#386: Remove overabundant and wrong declaration. And replace it with unnecessary but right declaration. I could not verify that we ever had oval_string_map declared correctly. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 17 19:55:51 2014 +0200 First version of XCCDF rule search in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 17 17:12:13 2014 +0200 Implemented rule filtering by XCCDF result in HTML report (JavaScript) Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 17 17:11:53 2014 +0200 Don't count notchecked and notselected into total rule count in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 17 16:05:27 2014 +0200 Use text color instead of border-left to highlight rules that need attention Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 17 14:41:01 2014 +0200 Tooltips for CPE platforms, faster selectors for rule detail modal Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 17 13:50:03 2014 +0200 Tree indentation now works even without JavaScript in HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 17 13:28:31 2014 +0200 Get rid of PatternFly for now, minor fixes Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 16 17:46:17 2014 +0200 Rule results shall be badges and have borders in the HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 16 17:32:01 2014 +0200 Better styling in rule overview, left border is red for rules needing attention Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 16 16:50:17 2014 +0200 Anchors to jump to rule result detail Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 16 16:42:56 2014 +0200 Severity and badges that show how many rules in a given group are not passing Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 16 14:29:38 2014 +0200 Rewrite of HTML report and HTML guide XSLTs Please note that this does break unit tests, the recommended way to test: xsltproc --stringparam result-id xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_common xccdf-report.xsl ssg-fedora-ds-xccdf.results.xml > openscap-xsl-prototype/out.html Where openscap-xsl-prototype contains the necessary JS and CSS files. This arrangement will of course change later on where no such tricks will be necessary. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jul 15 13:01:48 2014 +0200 Merge branch 'maint-1.0' Conflicts: ac_probes/configure.ac.tpl configure.ac Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jul 15 12:56:07 2014 +0200 Introduce CPE name for upcomming Fedora 22 Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jul 15 12:44:38 2014 +0200 Remove specfiles for Red Hat Enterprise Linux from upstream repository Consumers are adviced to refer to the specfiles shipped by Red Hat, Inc. We learned through history that maintaing the same spec file in two repositories was tedious job. There were multiple reasons why the specfiles diverged from each other. Going forward, we cannot see a value in duplicate work. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jul 15 11:22:01 2014 +0200 Remove specfile for Fedora from upstream repository Consumers are adviced to refer to Fedora packaging repository. Where the authoritative packaging information lays. We learned through history that maintaing the same spec file in two repositories was tedious job. There were multiple reasons why the specfiles diverged from each other. Going forward, we cannot see a value in duplicate work. Author: Jan Lieskovsky <jlieskov@redhat.com> Date: Fri Jul 11 18:07:27 2014 +0200 Add three new tests for systemdunitdependency probe Author: Jan Lieskovsky <jlieskov@redhat.com> Date: Fri Jul 11 19:29:38 2014 +0200 Add three new tests for systemdunitproperty probe Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 10 18:36:50 2014 +0200 Empty dbus string arrays are no longer reported as "(null)" Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 10 18:13:11 2014 +0200 [systemdunitdependency] check the callback return for 0, not for true Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 10 18:05:40 2014 +0200 Rerun confgen.sh to rescan deps for the 2 new tests Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jul 10 15:03:10 2014 +0200 Bump version after release. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jul 10 14:52:02 2014 +0200 Merge branch 'maint-1.0' Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jul 10 14:37:55 2014 +0200 trac#385: Missing version should not be fatal We already handle @comment similarly. Addressing: #0 0x000000391c03a997 in ____strtoll_l_internal () from /lib64/libc.so.6 #1 0x000000391c0371d0 in atoi () from /lib64/libc.so.6 #2 0x00007ffff7d20f52 in oval_test_parse_tag (reader=0x61eac0, context=0x7fffffffd840, usr=0x0) at oval_test.c:402 #3 0x00007ffff7d151f4 in oval_parser_parse_tag (reader=0x61eac0, context=0x7fffffffd840, tag_parser=0x7ffff7d20d23 <oval_test_parse_tag>, user=0x0) at oval_parser.c:59 #4 0x00007ffff7d156c8 in oval_definition_model_parse (reader=0x61eac0, context=0x7fffffffd840) at oval_parser.c:177 #5 0x00007ffff7d057fb in oval_definition_model_merge (model=0x61ec20, file=0x61c9f0 "/var/tmp/1.xml") at oval_defModel.c:245 #6 0x00007ffff7d056aa in oval_definition_model_import (file=0x61c9f0 "/var/tmp/1.xml") at oval_defModel.c:214 #7 0x0000000000409c8c in app_evaluate_oval (action=0x7fffffffd990) at oscap-oval.c:390 #8 0x0000000000407d21 in oscap_module_call (action=0x7fffffffd990) at oscap-tool.c:261 #9 0x000000000040819e in oscap_module_process (module=0x616f00 <OVAL_EVAL>, argc=5, argv=0x7fffffffdc08) at oscap-tool.c:346 #10 0x0000000000406b57 in main (argc=5, argv=0x7fffffffdc08) at oscap.c:79 Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 7 16:06:08 2014 +0200 Improved the work in progress systemd tests Both tests (systemdunitdependency and systemdunitproperty) run the XML attached in the folder and produce results.xml (this is an OVAL results file). Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 7 09:31:58 2014 +0200 [tests/probes] Remove invalid entities from systemd probe testing XMLs Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 7 09:30:02 2014 +0200 [probes/linux] Finalized prototypes of systemdunit{property,dependency} probes Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jul 3 17:20:06 2014 +0200 trac#384: Report when has_extended_acl does not exist correctly Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 26 12:59:19 2014 +0200 systemd tests shared API now uses callbacks to report unit properties Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jun 25 14:39:32 2014 +0200 [probes/systemd API] If not sure, use a callback. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 25 14:10:13 2014 +0200 openscap-1.0.9 Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 25 12:32:29 2014 +0200 Bump soname from 8.2.3 to 8.3.0 One new symbol has been added: xccdf_policy_get_value_of_item Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jun 23 18:18:07 2014 +0200 Added get_all_systemd_units to the shared systemd tests mini API This functionality is required for pattern matching across systemd units. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jun 23 17:37:00 2014 +0200 Do not destroy SVG data in XCCDF elements that allow XHTML (and SVG) content SVG is allowed in XHTML so we shall pass it through the guide and report generating machinery. Author: Greg Elin <greg@fotonotes.net> Date: Thu Jun 19 20:02:39 2014 -0400 Display severity, weight in summary section Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jun 20 13:38:37 2014 +0200 Merge branch 'maint-1.0' Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 28 15:55:53 2014 +0200 tests: Take only one of the installed versions for comparison. Addressing: version=2.7.62.7.6 on multilib systems Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 28 13:36:36 2014 +0200 tests: Skip test when libxml 2.7.6-14 is around Addressing false negative: $ echo 2.7.6-14.el6 | awk -F. '{print ($1 == 2 && ($2 < 7 || ($2 == 7 && $3 <= 6))) ? "true" : "false"}' false Fixed: $ echo 2.7.6-14.el6 | awk -F. '{print ($1 == 2 && ($2 < 7 || ($2 == 7 && $3 < 7))) ? "true" : "false"}' true Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Apr 22 19:55:21 2014 +0200 Export results only after evaluation Addressing (Segmentation Fault): libopenscap_testing.so(+0xd2674) [0x7f87337ab674] item.c:176 libopenscap_testing.so(xccdf_result_clone+0x4e) [0x7f87337b88bb] result.c:78 libopenscap_testing.so(xccdf_session_export_xccdf+0xe3) [0x7f87337c4fd3] xccdf_session.c:991 Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 14 14:58:19 2014 +0200 Cast enums to int before comparing them to 0 in xccdf_policy.c Pointed out by Jacob Varughese, thanks! Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 4 19:07:02 2014 +0200 Export set-value in TestResult correctly Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 4 16:47:37 2014 +0200 Only export the effective set-value in each profile Otherwise we may end up with invalid content being exported. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 4 16:27:33 2014 +0200 Consider the last set-value as the effective set-value This makes openscap behave correctly in cases where there are more set-values setting the same item. While this is forbidden in serialized content it makes sense to create such content via the API. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Apr 4 16:21:13 2014 +0200 trac#378: Return non-zero when cannot resolve XCCDF. Regression, brought by 7363256124d414 Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Apr 3 16:14:08 2014 +0200 rhbz#1084067: Make sure the OVAL session is created before using it Addressing segfault: #0 oval_agent_eval_definition (ag_sess=0x0, id=0x7f0513727580 "oval:org.open-scap.cpe.rhel:def:6") at oval_agent.c:160 #1 0x00007f0512638fb1 in _xccdf_policy_cpe_check_cb (sys=<value optimized out>, href=0x7f051367b6c0 "openscap-cpe-oval.xml", name=0x7f0513727580 "oval:org.open-scap.cpe.rhel:def:6", usr=<value optimized out>) at xccdf_policy.c:823 #2 0x00007f0512616b54 in cpe_check_evaluate (item=<value optimized out>, cb=0x7f0512638f00 <_xccdf_policy_cpe_check_cb>, usr=0x7f0513670940) at cpedict.c:173 #3 cpe_item_is_applicable (item=<value optimized out>, cb=0x7f0512638f00 <_xccdf_policy_cpe_check_cb>, usr=0x7f0513670940) at cpedict.c:183 #4 0x00007f0512616c0c in cpe_name_applicable_dict (cpe=0x7f0513670800, dict=<value optimized out>, cb=0x7f0512638f00 <_xccdf_policy_cpe_check_cb>, usr=0x7f0513670940) at cpedict.c:157 #5 0x00007f05126391af in xccdf_policy_model_platforms_are_applicable_dict (model=0x7f051366bb20, dict=0x7f0513676960, platforms=0x7f05136707a0) at xccdf_policy.c:880 #6 0x00007f0512639322 in xccdf_policy_model_platforms_are_applicable (model=0x7f051366bb20, platforms=0x7f05136707a0) at xccdf_policy.c:972 Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 3 14:56:26 2014 +0200 Correctly skip "Signature" when parsing sds_index without spewing out an error Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 3 14:51:06 2014 +0200 Expose xccdf_policy_get_value_of_item as public API Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 19 12:09:16 2014 +0200 Renames and minor fixes in systemd probe tests, distcheck passes Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 18 15:47:40 2014 +0200 Renamed systemdunitdependency test data Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 18 15:45:15 2014 +0200 Initial versions of systemdunit{property,dependency} tests Author: Martin Preisler <mpreisle@redhat.com> Date: Thu May 29 18:10:00 2014 +0200 Refactoring to avoid code duplication in systemdunitdependency probe Author: Martin Preisler <mpreisle@redhat.com> Date: Thu May 29 18:06:45 2014 +0200 Only recurse into target units in systemdunitdependency probe Same behavior as systemctl list-dependencies --plain $UNIT Author: Simon Lukasik <slukasik@redhat.com> Date: Thu May 29 10:54:04 2014 +0200 Merge branch 'maint-1.0' Author: Simon Lukasik <slukasik@redhat.com> Date: Thu May 29 10:52:14 2014 +0200 Next version from main-1.0 branch will be 1.0.9 Author: Martin Preisler <mpreisle@redhat.com> Date: Wed May 28 19:20:10 2014 +0200 Initial code for systemdunitdependency test, prints transitive deps for given unit Author: Martin Preisler <mpreisle@redhat.com> Date: Wed May 28 19:19:33 2014 +0200 Getting all properties is only required in the unit property probe, cleanup Author: Simon Lukasik <slukasik@redhat.com> Date: Wed May 28 18:26:56 2014 +0200 Merge branch 'maint-1.0' Author: Simon Lukasik <slukasik@redhat.com> Date: Wed May 28 18:26:43 2014 +0200 xccdf_session_export_arf must not return 0 if the export failed. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed May 28 16:00:16 2014 +0200 Extracted shared systemd test functionality into systemdshared.h, added a simple test function Author: Martin Preisler <mpreisle@redhat.com> Date: Tue May 27 18:25:20 2014 +0200 Initial dbus array to string support in systemdunitproperty probe Author: Martin Preisler <mpreisle@redhat.com> Date: Mon May 26 19:30:23 2014 +0200 Fixed single property retrieval in systemdunitproperty probe Author: Martin Preisler <mpreisle@redhat.com> Date: Mon May 26 19:26:44 2014 +0200 Only query properties from the systemd Unit interface, skip the rest Author: Martin Preisler <mpreisle@redhat.com> Date: Mon May 26 17:28:47 2014 +0200 Skip complex dbus properties when querying systemd unit properties Author: Martin Preisler <mpreisle@redhat.com> Date: Fri May 23 15:44:12 2014 +0200 Changed signature of get_all_properties_by_unit_path to return exit code Author: Martin Preisler <mpreisle@redhat.com> Date: Fri May 23 14:56:20 2014 +0200 Added work in progress function to retrieve one property value from systemd unit path Author: Martin Preisler <mpreisle@redhat.com> Date: Fri May 23 13:41:49 2014 +0200 libdbus code to query all properties of a unit by its path The properties are just outputted using dI for now. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri May 23 13:40:44 2014 +0200 libdbus code to query unit dbus path by systemd unit name Author: Martin Preisler <mpreisle@redhat.com> Date: Fri May 23 13:35:38 2014 +0200 Temporary build system hacks regarding libdbus Author: Simon Lukasik <slukasik@redhat.com> Date: Fri May 23 11:21:47 2014 +0200 rhbz#1085977: OpenSCAP inbuild dictionary shall include CentOS Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 6 10:21:38 2014 +0200 Initial systemdunitproperty and systemdunitdependency object implementation Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Fri May 16 11:20:02 2014 -0700 Fixed recurse directories when local is specified. Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Tue May 13 10:53:00 2014 -0700 Fixed gmake check failure. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu May 15 15:05:18 2014 +0200 The sys/systeminfo.h should have only been an optional dependency Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Thu May 1 10:14:13 2014 -0700 Fixed uname probe to return processor type for solaris Author: Simon Lukasik <slukasik@redhat.com> Date: Thu May 15 14:28:03 2014 +0200 The sys/acl.h should have been only an optional dependency Author: Simon Lukasik <slukasik@redhat.com> Date: Wed May 14 15:43:52 2014 +0200 Make at least one debug message usefull. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri May 9 13:45:33 2014 +0200 Check for sys/acl.h since 8faff9719b426807cf5053a6d16e93e763b2a73e Author: Simon Lukasik <slukasik@redhat.com> Date: Fri May 9 13:44:22 2014 +0200 Next release from master branch will be openscap-1.1.x The openscap-1.0.x can be build from maint-1.0 branch. Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Thu May 1 10:23:52 2014 -0700 Fixed issue with textfilecontent54 not matching patterns in certain files on solaris Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Thu May 1 09:40:45 2014 -0700 Fixed file probe failure when encountering door,port file types on solaris. Author: Jacob Varughese <jacob.varughese@ORACLE.COM> Date: Tue Apr 29 12:35:37 2014 +0200 [probes] file: set the has_extended_acl entity on Solaris too Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 28 15:55:53 2014 +0200 tests: Take only one of the installed versions for comparison. Addressing: version=2.7.62.7.6 on multilib systems Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 28 13:36:36 2014 +0200 tests: Skip test when libxml 2.7.6-14 is around Addressing false negative: $ echo 2.7.6-14.el6 | awk -F. '{print ($1 == 2 && ($2 < 7 || ($2 == 7 && $3 <= 6))) ? "true" : "false"}' false Fixed: $ echo 2.7.6-14.el6 | awk -F. '{print ($1 == 2 && ($2 < 7 || ($2 == 7 && $3 < 7))) ? "true" : "false"}' true Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Thu Apr 17 09:49:57 2014 -0700 Fixed debug logging on solaris Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Apr 22 19:55:21 2014 +0200 Export results only after evaluation Addressing (Segmentation Fault): libopenscap_testing.so(+0xd2674) [0x7f87337ab674] item.c:176 libopenscap_testing.so(xccdf_result_clone+0x4e) [0x7f87337b88bb] result.c:78 libopenscap_testing.so(xccdf_session_export_xccdf+0xe3) [0x7f87337c4fd3] xccdf_session.c:991 Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Tue Apr 15 09:34:30 2014 +0200 Fixed broken build issues on solaris. Addressing: unix/solaris/isainfo.c: In function 'read_sysinfo': unix/solaris/isainfo.c:74:2: warning: implicit declaration of function 'dI' [-Wimplicit-function-declaration] CCLD probe_isainfo Undefined symbol dI first referenced in file isainfo.o ld: fatal: symbol referencing errors collect2: error: ld returned 1 exit status make[4]: *** [probe_isainfo] Error 1 Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 14 14:58:19 2014 +0200 Cast enums to int before comparing them to 0 in xccdf_policy.c Pointed out by Jacob Varughese, thanks! Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 14 09:51:44 2014 +0200 Rename stdout to std_out That should fix a broken build on solaris. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 14 09:47:03 2014 +0200 Fix broken build issues on solaris. We can source the PATH_MAX frim limits.h Author: Jacob Varughese <jacob.varughese@oracle.com> Date: Mon Apr 14 09:15:02 2014 +0200 Fixed broken build issues on solaris. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 4 19:07:02 2014 +0200 Export set-value in TestResult correctly Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 4 18:42:52 2014 +0200 Add final values used in evaluation to TestResult Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 4 16:47:37 2014 +0200 Only export the effective set-value in each profile Otherwise we may end up with invalid content being exported. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 4 16:27:33 2014 +0200 Consider the last set-value as the effective set-value This makes openscap behave correctly in cases where there are more set-values setting the same item. While this is forbidden in serialized content it makes sense to create such content via the API. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Apr 4 16:21:13 2014 +0200 trac#378: Return non-zero when cannot resolve XCCDF. Regression, brought by 7363256124d414 Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Apr 3 16:14:08 2014 +0200 rhbz#1084067: Make sure the OVAL session is created before using it Addressing segfault: #0 oval_agent_eval_definition (ag_sess=0x0, id=0x7f0513727580 "oval:org.open-scap.cpe.rhel:def:6") at oval_agent.c:160 #1 0x00007f0512638fb1 in _xccdf_policy_cpe_check_cb (sys=<value optimized out>, href=0x7f051367b6c0 "openscap-cpe-oval.xml", name=0x7f0513727580 "oval:org.open-scap.cpe.rhel:def:6", usr=<value optimized out>) at xccdf_policy.c:823 #2 0x00007f0512616b54 in cpe_check_evaluate (item=<value optimized out>, cb=0x7f0512638f00 <_xccdf_policy_cpe_check_cb>, usr=0x7f0513670940) at cpedict.c:173 #3 cpe_item_is_applicable (item=<value optimized out>, cb=0x7f0512638f00 <_xccdf_policy_cpe_check_cb>, usr=0x7f0513670940) at cpedict.c:183 #4 0x00007f0512616c0c in cpe_name_applicable_dict (cpe=0x7f0513670800, dict=<value optimized out>, cb=0x7f0512638f00 <_xccdf_policy_cpe_check_cb>, usr=0x7f0513670940) at cpedict.c:157 #5 0x00007f05126391af in xccdf_policy_model_platforms_are_applicable_dict (model=0x7f051366bb20, dict=0x7f0513676960, platforms=0x7f05136707a0) at xccdf_policy.c:880 #6 0x00007f0512639322 in xccdf_policy_model_platforms_are_applicable (model=0x7f051366bb20, platforms=0x7f05136707a0) at xccdf_policy.c:972 Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 3 14:56:26 2014 +0200 Correctly skip "Signature" when parsing sds_index without spewing out an error Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 3 14:51:06 2014 +0200 Expose xccdf_policy_get_value_of_item as public API Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 26 10:45:50 2014 +0100 Bump version after release. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 26 10:33:48 2014 +0100 openscap-1.0.8 Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 26 08:39:22 2014 +0100 Bump soname from 8.2.2 to 8.2.3 The interface has not changed. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Mar 25 19:33:21 2014 +0100 Add all MAC addresses from target-facts to ARF as asset identification data Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Mar 25 19:32:43 2014 +0100 Add hostname for each fqdn when generating ARF asset identification data Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Mar 24 14:48:35 2014 +0100 Inject arf:report/@id into nested rule-result/check/check-content-ref/@href As per requirement 370-1. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 20 13:09:47 2014 +0100 Bump version after release. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 20 10:23:41 2014 +0100 openscap-1.0.7 Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 20 10:19:12 2014 +0100 Bump soname from 8.2.1 to 8.2.2 The interface has not changed. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 19 20:49:41 2014 +0100 ARF relationship's isAbout and createdFor both need to use different namespaces Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 19 15:07:13 2014 +0100 Avoid ".00" as the score in HTML report when score is 0. Show 0.00 instead. Also solves issues with some CSS parsers not understanding "width: .00%". Spotted by theinric, thanks. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 19 10:57:36 2014 +0100 Bump version after release. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 19 09:07:26 2014 +0100 openscap-1.0.6 Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 19 08:59:57 2014 +0100 Bump soname from 8.2.0 to 8.2.1 The interface has not changed. Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 18 21:07:03 2014 +0100 fix process58 loginuid integer handling on 32bit Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Mar 14 15:58:05 2014 +0100 Bump version after release. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Mar 14 12:37:10 2014 +0100 openscap-1.0.5 Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Mar 14 12:11:07 2014 +0100 Bump soname from 8.1.0 to 8.2.0 Five new symbols were added: xccdf_result_add_applicable_platform xccdf_result_get_applicable_platforms xccdf_tailoring_resolve xccdf_policy_get_readable_item_description xccdf_policy_get_readable_item_title Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Mar 14 11:48:24 2014 +0100 Fixes SIGSEGV in tests/API/XCCDF/tailoring when debug is enabled Apparently, it is really important to put all brackets in the right order. Who would have thought? Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Mar 14 11:02:22 2014 +0100 We are all excited to finally remove this non-deterministic test Anything that can't last forever will end. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Mar 13 20:08:39 2014 +0100 Resolve tailoring in xccdf_policy_model_set_tailoring, not in session Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Mar 13 19:49:46 2014 +0100 Added xccdf_tailoring_resolve and related functions, resolve tailoring after loading it in session `make distcheck` now passes, this fixes the failing test. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Mar 13 15:38:34 2014 +0100 Test applicability of a Rule with platform in the root Benchmark element Created this as a side effect of the HTML report applicable platforms work. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Mar 13 15:15:02 2014 +0100 Only show applicable platforms in Scan Report, first from Benchmark, then extra CPEs Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 13 12:31:45 2014 +0100 tests: trac#373: Ensure refina-value gets inherited with the tailoring. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 12 21:29:29 2014 +0100 Use "Scan Report" as title and main heading in XCCDF HTML report Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 12 21:19:37 2014 +0100 Do not leak in xccdf_policy_get_readable_item_description Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 12 21:18:22 2014 +0100 Put all CPE platform names that were found applicable into TestResult Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 12 14:47:25 2014 +0100 tests: Skip process test if the bash does not support associative arrays Addressing: TEST: test_probes_process ./test_probes_process.xml.sh: line 6: declare: -A: invalid option declare: usage: declare [-afFirtx] [-p] [name[=value] ...] ./test_probes_process.xml.sh: line 8: declare: -A: invalid option declare: usage: declare [-afFirtx] [-p] [name[=value] ...] ./test_probes_process.xml.sh: line 23: migration/0: division by 0 (error token is "0") Author: Jakub Jelen <jjelen@redhat.com> Date: Tue Mar 11 14:05:55 2014 +0100 Updated OVAL specification - changed location of executable in abrt Executable abrt-action-install-debuginfo-to-abrt-cache moved from /usr/bin/ to /usr/libexec/ in package abrt. Author: Jakub Jelen <jjelen@redhat.com> Date: Tue Mar 11 14:05:54 2014 +0100 New file with SGID from package libcgroup. Whitelisted in rhel6 OVAL specification - added in rebase to 0.40.rc1 Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 11 10:45:05 2014 +0100 Readable description shall not contain xhtml elements. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 11 10:37:46 2014 +0100 Refactor: Get rid of a goto statement. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 11 10:35:02 2014 +0100 Refactor: Extract function: _xhtml_to_plaintext Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Mar 10 16:59:31 2014 +0100 Do not pass a plaintext to xccdf_substite. Plaintext does not contain xccdf:sub elements. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Mar 10 16:46:36 2014 +0100 Refactor: Extract function: oscap_textlist_get_preferred_text Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Mar 10 14:46:24 2014 +0100 tests: Assert for <xccdf:sub> resolution within oscap xccdf generate guide. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Mar 10 14:33:14 2014 +0100 tests: Assert for <xccdf:sub> resolution within oscap xccdf generate report Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Mar 10 13:56:13 2014 +0100 Introduce function to get human readable descriptions from the policy Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Mar 10 11:33:14 2014 +0100 tests: Assert for resolved titles in the output of oscap. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Mar 7 11:33:22 2014 +0100 oscap shall print out resolved titles (<xccdf:sub>) Note the provision for localization. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Mar 7 08:46:04 2014 +0100 Allow for sub elements within title to be parsed. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Mar 7 08:10:23 2014 +0100 Refactor: Rename type callback_out -> struct reporter Hide its definition. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Mar 7 07:54:46 2014 +0100 Refactor: Extract function: reporter_new Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 6 11:11:58 2014 +0100 Refactor: Extract function: reporter_send_simple Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 6 10:04:50 2014 +0100 Refactor: Move callback definitions to separate file. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 6 10:02:11 2014 +0100 Refactor: Hide xccdf_policy_engine definition from header file. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 6 09:55:46 2014 +0100 Refactor: Drop the 'callback' type This unfortunate type can be dropped, since the callbacks and checking engines has been separated. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 6 09:44:10 2014 +0100 Refactor: store callbacks and checking engines in separate lists I was horrified when I found out that checking engines and callbacks are stored in the same oscap_list even though they are of different type/memsize. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 6 09:32:54 2014 +0100 Refactor: Rename function Make a distinction between callbacks (means to report back to user) and checking engines (means to assess system facts). Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 5 21:54:06 2014 +0100 Refactor: Rename structure: callback -> struct xccdf_policy_engine Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 5 17:28:36 2014 +0100 Refactor: use xccdf_policy_engine_filter for comparison. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 5 17:10:04 2014 +0100 Refactor: Extract function: xccdf_policy_engine_new Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 5 16:52:59 2014 +0100 Refactor: Extract function: xccdf_policy_engine_query Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 5 16:39:43 2014 +0100 Refactor: Drop unused argument from xccdf_policy_engine_eval Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 5 16:37:54 2014 +0100 Refactor: Drop unused argument from xccdf_policy_evaluate_cb. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 5 16:04:52 2014 +0100 Refactor: Extract function: xccdf_policy_engine_eval This abstracts policy of the checking engines interface. This shall also became more human redable than cb->callback(); Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 5 15:33:16 2014 +0100 Refactor: Rename function And move it to newly created xccdf_policy_engine. This module shall abstract from checking engines interface. Currently it is all cluttered within xccdf_policy.c Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 5 15:18:21 2014 +0100 Refactor: Move structure for checking engine to separate header file. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 5 13:55:20 2014 +0100 Refactor: Move xccdf_policy_model definitions to a separate header. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Mar 10 15:42:33 2014 +0100 Do not leak the check engine ID string in SCE Author: Jakub Jelen <jjelen@redhat.com> Date: Fri Mar 7 15:03:15 2014 +0100 Update OVAL specification to accept new version of syslog - In specification was hardcoded number 4 and test didn't accept actual version - Test interpreted it as syslog running in compatibility mode - TODO Better solution would be to get currently installed version and test it against this number Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Feb 27 15:58:42 2014 +0100 Small typographic amend. The a space shall precede parenthesis. Otherwise we risk for tools to interpret it badly like at http://manpages.ubuntu.com/manpages/trusty/man8/oscap.8.html Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Feb 21 16:44:39 2014 +0100 tests: Amend existing tests to the new behaviour. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Feb 21 16:39:00 2014 +0100 tests: Make sure that check is always included in the xccdf:rule-result Even in cases when it is useless. ;-) Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 19 17:22:31 2014 +0100 Always include check in the xccdf:rule-result Even in cases when it is useless. http://making-security-measurable.1364806.n2.nabble.com/Xccdf-dev-xccdf-rule-result-element-properties-td7582721.html Addressing scapval error: ERROR: SCHEMATRON - [blah.xml] Every <xccdf:rule-result> must have a <xccdf:check>/<xccdf:check-content-ref> that has attributes @href and @name Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 19 13:01:10 2014 +0100 Introduce: oscap xccdf validate --schematron Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 19 12:39:32 2014 +0100 Introduce a mechanism for maintainers to query remote resources. Usage: cd schemas ./refresh.sh git diff Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 19 12:31:50 2014 +0100 Introduce schematron file for XCCDF 1.2. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 19 11:59:09 2014 +0100 Do not share force flag for indicating schematron validation. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 19 11:33:56 2014 +0100 tests: Do not bundle xpath. First of all the reason (trac#237) for bundling has passed away many months ago. Secondly, we still require perl-XML-XPath to be installed. Like: Can't locate XML/XPath.pm in @INC (you may need to install the XML::XPath module) (@INC contains: [...].) at openscap/tests/xpath.pl line 18. BEGIN failed--compilation aborted at openscap/tests/xpath.pl line 18. Hence, no reason of bundling of random version of xpath.pl. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 19 11:24:04 2014 +0100 tests: Clean products of failed test in the report_variable_values test Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 19 10:51:00 2014 +0100 Do not confuse users with nonvalid schematron path Addressing: oscap.c: In function ‘print_versions’: oscap.c:148:2: warning: ‘oscap_path_to_schematron’ is deprecated (declared at ../src/common/public/oscap.h:171) [-Wdeprecated-declarations] printf("Schematron files: %s\n", oscap_path_to_schematron()); Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 19 10:38:53 2014 +0100 Deprecate oscap_path_to_schematron() This function never returned correct path to schematron files. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 19 10:30:11 2014 +0100 Do not use path to schematron when you want path to xslt. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 19 10:28:15 2014 +0100 Refactor: Extract function: oscap_path_to_xslt Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Feb 15 12:07:01 2014 +0100 Dead code removal. Addressing: memusage.c:63:12: warning: 'read_common_ulong' defined but not used [-Wunused-function] Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Feb 15 12:05:20 2014 +0100 Dead code removal. Addressing: unix/xinetd.c:820:12: warning: ‘xiconf_service_merge_and_free’ defined but not used [-Wunused-function] static int xiconf_service_merge_and_free(xiconf_service_t *dst, xiconf_service_t *src) Author: Андрей Рудаков <melhior@altx-soft.ru> Date: Sat Feb 15 11:56:13 2014 +0100 trac#357: dpkginfo probe does not collect epoch in evr Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Feb 13 16:20:00 2014 +0100 Bump version after release. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Feb 13 12:44:31 2014 +0100 openscap-1.0.4 Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Feb 13 12:41:06 2014 +0100 Bump soname from 8.0.4 to 8.1.0 Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Feb 12 18:32:00 2014 +0100 Added xccdf_tailoring_remove_profile to public API This change was required for scap-workbench Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Feb 12 15:55:51 2014 +0100 Unit test for oscap_list_remove Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Feb 12 15:50:50 2014 +0100 oscap_list_remove - remove one specific item from linked list Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Feb 11 17:09:20 2014 +0100 [probes] process58: fixed type cast to correspond to the expected type Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jan 24 11:16:02 2014 +0100 [probes] partition: fixed NULL dereference bug when compiled without blkid library Addressing: https://fedorahosted.org/openscap/ticket/369 Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jan 10 14:34:04 2014 +0100 Set freed name to NULL when searching for OVAL result file conflicts This prevents use-after-free when there are UINT_MAX or more conflicting OVAL sessions. Even though this is highly unlikely it's the right thing to fix it as it silences a coverity warning. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jan 16 18:31:22 2014 +0100 [tests] xinetd: check whether the parser is able to process duplicate service records Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jan 16 18:29:28 2014 +0100 [probes] xinetd: allow processing of duplicate service records without an id attribute Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 14 17:05:54 2014 +0100 Bump version after release. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 14 16:38:30 2014 +0100 openscap-1.0.3 Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 14 16:32:13 2014 +0100 Bump soname from 8.0.3 to 8.0.4 Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 14 14:36:23 2014 +0100 [tests] rhbz#1052142: Ensure correct intmax_t comparison in OVAL results. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 14 11:16:41 2014 +0100 rhbz#1052142: partition_test fails with huge values in *space* system data Introduced by: 9601ce1032fca9893b8e04d12f6bbab2c9f86729 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jan 10 18:43:29 2014 +0100 [SEAP] Don't break strict aliasing rules in __SEAP_recvmsg_process_err Addressing: seap.c: In function '__SEAP_recvmsg_process_err': seap.c:327: warning: dereferencing type-punned pointer will break strict-aliasing rules Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jan 10 18:36:10 2014 +0100 Fix semicolon deficiency in ipaddr_cmp Addressing: oval_cmp_ip_address.c: In function 'ipaddr_cmp': oval_cmp_ip_address.c:59:3: error: expected ';' before 'return' oval_cmp_ip_address.c:61:1: warning: control reaches end of non-void function [-Wreturn-type] make[4]: *** [libovalcmp_la-oval_cmp_ip_address.lo] Error 1 Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 10 14:08:15 2014 +0100 Make sure to always return a value from the function Addressing: src/OVAL/results/oval_cmp_ip_address.c:61:missing_return – Arriving at the end of a function without returning a value. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 10 14:04:44 2014 +0100 Store ip_address in an unsigned data type. Addressing: src/OVAL/results/oval_cmp_ip_address.c:196:warning[invalidScanfArgType_int] – %hhu in format string (no. 1) requires 'unsigned char *' but the argument type is 'char *'. src/OVAL/results/oval_cmp_ip_address.c:196:warning[invalidScanfArgType_int] – %hhu in format string (no. 2) requires 'unsigned char *' but the argument type is 'char *'. src/OVAL/results/oval_cmp_ip_address.c:196:warning[invalidScanfArgType_int] – %hhu in format string (no. 3) requires 'unsigned char *' but the argument type is 'char *'. src/OVAL/results/oval_cmp_ip_address.c:196:warning[invalidScanfArgType_int] – %hhu in format string (no. 4) requires 'unsigned char *' but the argument type is 'char *'. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 10 14:01:03 2014 +0100 Plug a memory leak. Addressing: src/OVAL/probes/unix/linux/rpminfo.c:555:leaked_storage – Variable "ent" going out of scope leaks the storage it points to. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 10 13:54:31 2014 +0100 Plug a memory leak. Addressing: src/OVAL/probes/probe-api.c:278:leaked_storage – Variable "elm_res" going out of scope leaks the storage it points to. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 10 11:08:59 2014 +0100 Bump version after release. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 10 07:47:39 2014 +0100 openscap-1.0.2 Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 10 08:54:41 2014 +0100 Bump soname from 8.0.2 to 8.0.3 Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jan 9 17:44:06 2014 +0100 Added test for CPE OVAL and check XCCDF OVAL results export collision Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jan 9 17:41:16 2014 +0100 Do not overwrite OVAL results if we export multiple ones from single OVAL Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 9 15:23:34 2014 +0100 Define -Werror=format-security only when available. Addressing: cc1: error: unrecognized command line option "-Werror=format-security" configure: error: pthread library is missing Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 9 13:47:24 2014 +0100 Update copyright, next OpenSCAP release will be during great year of 2014. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 9 12:14:06 2014 +0100 Refactor: Extract function: probe_ent_cmp_single Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jan 9 14:08:21 2014 +0100 Notify running SCE script of oscap termination using SIGTERM Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jan 9 12:11:26 2014 +0100 ac_probes: fixed procps definition to not generate warnings when running autogen.sh Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 9 11:21:31 2014 +0100 Remove duplicate code. I was unable to obtain opinion of the authors of both codes -- whether to delete this one or the other one. I decided to delete this one since it presents trickier use-case, hence it could have been executed less times. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 9 10:13:52 2014 +0100 Remove useless todo. We cannot easily cast to common type, unless we introduce some generic type artificially. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 9 10:10:38 2014 +0100 Refactor: Rename function: evaluate -> oval_ent_cmp_str And document its API. In future, there needs to be created another function (presumably named oval_ent_cmp) with @datatype="record" support. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jan 8 17:25:20 2014 +0100 [probes] partition: set correct status on the uuid entity if a partition does not have one Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jan 8 17:23:57 2014 +0100 [SEAP] sexp-manip: refactored SEXP_softref Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jan 8 17:23:21 2014 +0100 [SEAP] Implemented SEXP_rawval_copy for copying raw S-exp values Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jan 8 13:33:46 2014 +0100 Improve man page with regards to --oval-results putting files in CWD and --report Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 6 15:06:57 2014 +0100 Refactor: Pass whole sysent to comparison. That is needed by trac#345 and part of trac#367. Note that sys_data_type was not used. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 6 14:39:17 2014 +0100 trac#367: Refactor: Move function evaluate() to separate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 6 13:05:29 2014 +0100 Rename files. Common prefix for modules handling OVAL datatype comparison is oval_cmp_. Relates to trac#367. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jan 7 13:23:15 2014 +0100 Revert "[probes] partition: set the UUID entity to an empty string if a partition does not have one assigned" This reverts commit 2c24f9dcf60010955bf27845d594e4fc572e0110. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jan 7 13:20:38 2014 +0100 [probes] probe API: item filtering bugfix - fixed item filtering when there are no matching entities between the filter state and filtered item. the code now evaluates this case to FALSE. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jan 7 10:34:12 2014 +0100 [probes] partition: set the UUID entity to an empty string if a partition does not have one assigned Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 3 11:59:23 2014 +0100 Assert that comments hold true. Also avoid compiler warning. Addressing: oval_evr_string.c:352:1: warning: control reaches end of non-void function Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 3 11:58:24 2014 +0100 Refactor: Extract function: oval_versiontype_cmp. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 3 11:44:44 2014 +0100 Consolidate OVAL/boolean comparisons. Delete code from probes. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 3 11:43:45 2014 +0100 Refactor: Extract function: oval_boolean_cmp. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 3 11:35:33 2014 +0100 Consolidate OVAL/int comparisons. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 3 11:28:06 2014 +0100 Refactor: Extract function: oval_int_cmp. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 3 11:07:37 2014 +0100 Consolidate OVAL/binary comparisons. Delete code from probes. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 3 11:04:18 2014 +0100 Refactor: Extract function: oval_binary_cmp Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 3 10:51:09 2014 +0100 Consolidate OVAL/string comparison. Delete weaker code. Previously we had two implementations of string comparison. The implementation from OVAL Results model is slightly different to this removal, however the differences don't look to be material. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 3 10:47:12 2014 +0100 Fix the logic of CASE_INSENSITIVE_NOT_EQUAL. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 2 18:26:43 2014 +0100 Refactor: Extract function: oval_string_cmp And move it (together with its dependencies) to another module. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 2 17:28:45 2014 +0100 trac#366: Do not be fooled by a negative number Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 2 14:23:10 2014 +0100 [tests] trac#366: Asserts for OVAL float comparison Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 2 12:15:28 2014 +0100 Consolidate OVAL/float comparisons. Delete weaker code. Previously we had two different implementations of float comparison. The implementation from OVAL Results model considers relative error hence is considered more mature. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 2 12:07:42 2014 +0100 Refactor: Move oval_float_cmp to separate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 2 11:28:45 2014 +0100 Refactor: Extract function: oval_float_cmp Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Dec 25 22:38:02 2013 +0100 fix confgen.sh setting two or more libraries in probes_opt (ac_probes/libs/procps) caused confgen to create messed up library requirements for probes Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Dec 23 16:26:31 2013 +0100 Provision for next release NEWS. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Dec 23 15:19:08 2013 +0100 Add -Werror=format-security It's getting popular. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Dec 23 11:07:43 2013 +0100 rhbz#1018291: Point out to rhn.redhat.com from RHSA ident Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun Dec 22 17:45:21 2013 +0100 [probe] fix process58_item session_id get session_id from /proc/id/stat instead of /proc/id/sessionid /proc/id/stat is used by 'ps' Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Dec 20 16:43:35 2013 +0100 Top level XCCDF Group's parent is the Benchmark and we always consider it selected This fixes assertion failures in scap-workbench when selecting/deselecting top level XCCDF Groups. As far as I can tell this cannot be triggered with just content using the oscap tool. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 20 13:43:52 2013 +0100 rhbz#1029879: Do not show remediation instructions for rule-result=pass Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 20 11:55:22 2013 +0100 Do not append new line to oscap_seterr output It shall be added automatically. Addressing output like: OpenSCAP Error: SCE has found script file 'selinux.sh' at './selinux.sh' but it isn't executable! [sce_engine.c:334] Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Dec 20 12:47:33 2013 +0100 [probe] fix process58_item loginuid /proc/XXXX/loginuid should be returned, unsigned int is expected Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Dec 20 11:43:13 2013 +0100 [probe] fix process_item tty TTY name and number (equal to ps command) should be returned according to the specification Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Dec 19 22:02:36 2013 +0100 [probe] fix process58_item tty TTY name and number (equal to ps command) should be returned according to the specification Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 20 11:06:16 2013 +0100 [tests] For anaconda usage of tailoring when generating fix scripts Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 20 10:48:11 2013 +0100 Do not print freed memory to debug log. Invalid read of size 1 at 0x3E07648DF9: vfprintf (vfprintf.c:1635) by 0x3E0764CA10: buffered_vfprintf (vfprintf.c:2319) by 0x3E07647B8D: vfprintf (vfprintf.c:1289) by 0x4C5B8FB: __oscap_vdlprintf (debug.c:178) by 0x4C5B9FD: __oscap_dlprintf (debug.c:194) by 0x4D02C75: _xccdf_fix_decode_xml (xccdf_policy_remediate.c:263) by 0x4D037F1: _xccdf_policy_rule_generate_fix (xccdf_policy_remediate.c:503) by 0x4D03961: _xccdf_policy_item_generate_fix (xccdf_policy_remediate.c:534) by 0x4D03A5A: xccdf_policy_generate_fix (xccdf_policy_remediate.c:555) by 0x40CB48: app_generate_fix (oscap-xccdf.c:814) by 0x407E84: oscap_module_call (oscap-tool.c:261) by 0x408301: oscap_module_process (oscap-tool.c:346) Address 0x5ac8f90 is 0 bytes inside a block of size 167 free'd at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4C5B22A: __oscap_free_dbg (alloc.c:184) by 0x4D02B8D: _xccdf_fix_decode_xml (xccdf_policy_remediate.c:237) by 0x4D037F1: _xccdf_policy_rule_generate_fix (xccdf_policy_remediate.c:503) by 0x4D03961: _xccdf_policy_item_generate_fix (xccdf_policy_remediate.c:534) by 0x4D03A5A: xccdf_policy_generate_fix (xccdf_policy_remediate.c:555) by 0x40CB48: app_generate_fix (oscap-xccdf.c:814) by 0x407E84: oscap_module_call (oscap-tool.c:261) by 0x408301: oscap_module_process (oscap-tool.c:346) by 0x406CA6: main (oscap.c:79) Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 18 16:58:51 2013 +0100 [tests] trac#363: Make sure fix filtering works properly. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 18 15:05:55 2013 +0100 trac#363: Make sure that fixes are There were two problems: - missing continue; after first oscap_iterator_detach - rebootable fixes with low disruption broken logic (disruption="low" reboot="true" VS disruption="high" reboot="false") I know. It could have been done in two loops. However, I believe that it is much better readable now. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 18 15:06:15 2013 +0100 Make sure that only Groups and Rules are encountered. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 18 14:13:52 2013 +0100 Print-out debugging when generating list of fixes. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 18 13:52:11 2013 +0100 Make a new line after very first debugging message. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 18 13:17:51 2013 +0100 Simplify the logic Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 18 13:09:37 2013 +0100 [tests] trac#362: Ensure that new files are created with sane permissions Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 18 12:59:15 2013 +0100 trac#362: Creation mode should be an octal number Addressing weird permission like --w-r-xr-T. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 18 10:46:16 2013 +0100 Tailoring support for oscap-xccdf-generate-fix Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 18 10:44:40 2013 +0100 tests: Clean oscap_debug.log.$pid files in tailoring directory. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 17 19:55:19 2013 +0100 Inherit parent's namespace when exporting oscap_text with HTML trait Previously we only inherited parent's namespace when we exported plain text and we use unnamed namespace when exporting HTML. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 17 13:21:00 2013 +0100 [tests] Fix process/start_time assumption. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Dec 16 14:14:22 2013 +0100 Do not override '(none)' with '0' in rpm*_item/epoch Override it only in rpm*_item/evr and rpm*_item/extended_name Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Dec 13 14:25:37 2013 +0100 [probes] xinetd: enable processing of the flags setting Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Dec 13 14:09:20 2013 +0100 [probes] xinetd: fixed boolean parsing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Dec 13 13:56:54 2013 +0100 [probes] xinetd: try to guess protocol from socket_type Author: Андрей Рудаков <melhior@altx-soft.ru> Date: Fri Dec 13 13:25:16 2013 +0100 Security: Format string is not a string literal Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Dec 13 12:18:44 2013 +0100 [tests] runlevel: don't use Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 13 10:54:45 2013 +0100 Warn users who use obsoleted XSLT to generate fixes. Also do the better job documenting things. Related: d3337df274addd18c1a69bcc26b15987ac629de9 Related: 5663d0243d2871c12eb8a60a2aa7b89678a80690 Related: 2e819350872da9143ad90a477130147ed01d8ed7 Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 11 15:02:59 2013 +0100 tests: Ensure that textfilecontent_state/line matches to syschar correctly Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 12 15:32:50 2013 +0100 Walk around textfilecontent calamity. (1) In OVAL 5.3 textfilecontent_test does not work by design (syschar is missing important data ('text' ent)). (2) In OVAL 5.4+ textfilecontent_test was deprecated. However, syschar was improved to include the data ('text' ent). (3) In OVAL 6.0 textfilecontent_test is promised to be dropped. This patch only improves situation for case (2). Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 12 15:26:26 2013 +0100 Introduce function: oval_state_get_schema_version Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Dec 12 17:14:40 2013 +0100 Added a test for `oscap xccdf generate custom` with XCCDF 1.1 content Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Dec 12 16:03:01 2013 +0100 Pass a hardcoded $PATH env variable to SCE checks Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Dec 11 13:16:23 2013 +0100 Added support for remaining document types to oscap info We do not write out much about CVE feeds and SCE result files but we at least acknowledge that we recognize these files. Also added a comment to make it harder to add a new document type without adding support for it to `oscap info`. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Dec 11 14:26:32 2013 +0100 [probes] xinetd: collect the type setting Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Dec 11 10:44:56 2013 +0100 [probes] xinetd: guess the port setting value if not specified in the config Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Dec 11 10:43:19 2013 +0100 [probes] xinetd: collect the socket_type setting Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 10 16:14:55 2013 +0100 Implemented `oscap info` for XCCDF tailoring files, added tests Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Dec 10 15:18:14 2013 +0100 [tests] xinetd: added regression test for string list operations Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Dec 10 14:26:58 2013 +0100 [probes] xinetd: fixed processing of the flags, no_access and only_from settings Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 10 12:11:12 2013 +0100 Prefer lazy linking (LIBADD over LDFLAGS). This partly reverts 6a6c45fc2d87b8dc7ecbc74db2bd4825df0b0b18, however it does not break --disable-shared build. Per automake, LDFLAGS is used early in the line, and LIBADD is used late. LIBADD is preferred because it seems to make Make aware of the dependencies and enforces relink any time it is needed. Previously, if you made a change in, say, src/common probes were not relinked and used the old implementation. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 10 12:06:39 2013 +0100 Fix --disable-shared build Addressing: src/common/oscap_acquire.c:45: multiple definition of `oscap_acquire_temp_dir' oscap-oscap-tool.o:/home/slukasik-f16/data/redhat/git/openscap/utils/oscap-tool.c:387: first defined here ../src/.libs/libopenscap.a(liboscapcommon_la-oscap_acquire.o): In function `oscap_acquire_cleanup_dir': src/common/oscap_acquire.c:68: multiple definition of `oscap_acquire_cleanup_dir' oscap-oscap-tool.o:/home/slukasik-f16/data/redhat/git/openscap/utils/oscap-tool.c:406: first defined here Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 10 11:13:59 2013 +0100 Calm down agile compiler Addressing: oval_ip_address.c: In function 'oval_ipaddr_cmp': oval_ip_address.c:161:6: warning: 'mask1' may be used uninitialized in this function [-Wmaybe-uninitialized] if (mask1 < mask2) { ^ oval_ip_address.c:68:16: warning: 'mask2' may be used uninitialized in this function [-Wmaybe-uninitialized] ipv6addr_mask((struct in6_addr *) ip_addr, mask); ^ oval_ip_address.c:98:18: note: 'mask2' was declared here uint32_t mask1, mask2; ^ Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 10 11:11:39 2013 +0100 Calm down agile compiler Addressing: oval_ip_address.c: In function 'ipaddr_parse': oval_ip_address.c:82:1: warning: control reaches end of non-void function [-Wreturn-type] Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 10 10:53:15 2013 +0100 tests: Another test case for proper 'greater that' IPv4 comparison. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Dec 9 14:32:47 2013 +0100 Fix flaws in IP address comparisons again. This also reverts e2a0f7924f1932dba3cdbc8f90d2fa4abc84c41e. We can use memcmp on network ordered bytes (big-endian), the problem actually was that equation signs were logically inverted. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Dec 9 12:46:21 2013 +0100 typo Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Dec 9 12:36:12 2013 +0100 Implement probe_ent_cmp_evr Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Dec 9 12:31:12 2013 +0100 Introduce libovalcmp.la to hold OVAL comparison operations. These operations are shared between OVAL Results Model and probes/probe/entcmp.c. The reason for this separate object is that I don't want to relink all the probes each time I make a change in definition, syschar or results model. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Dec 9 11:27:16 2013 +0100 Refactor: Hide operation/result logic for evr_string to library function Afterwards it will be easy to reuse oval_evr_string_cmp for probes/probe/entcmp.c Also document oval_evr_string_cmp function. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Dec 9 11:35:52 2013 +0100 [tests] process58: fetch the start time of a process in the expected format Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Dec 9 10:48:08 2013 +0100 tests: Assert for 'subset of' operation on ipv4_address type Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 7 21:07:09 2013 +0100 tests: Minor improvements of 'superset of' tests Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 7 20:58:45 2013 +0100 tests: Assert for 'subset of' operation on ipv6_address type Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 7 12:55:26 2013 +0100 Let us know if an undefined operation was requested Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 7 12:45:54 2013 +0100 Fix flawed 'subset of' operation for ipv4_address and ipv6_address Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 7 12:35:32 2013 +0100 Refactor: Replace two probe_ent_cmp_ipv?addr functions with a single one Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 7 12:33:10 2013 +0100 Refactor: Replace two ipv?addr_cmp functions with a single one Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 7 12:15:26 2013 +0100 Make ipv6 prefix-length unsigned Addressing: oval_ip_address.c:82:3: warning: pointer targets in passing argument 2 of 'ipv6addr_parse' differ in signedness [-Wpointer-sign] ipv6addr_parse(oval_ip_string, mask_out, ip_out); ^ oval_ip_address.c:75:12: note: expected 'int *' but argument is of type 'uint32_t *' static int ipv6addr_parse(const char *oval_ipv6_string, int *len_out, struct in6_addr *ip_out); Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 7 12:13:10 2013 +0100 Refactor: Introduce layer of indirection: ipaddr_parse Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 7 12:00:12 2013 +0100 Refactor: Introduce layer of indirection: ipaddr_mask Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 6 16:15:30 2013 +0100 Fix ipv4 comparison. The OVAL standard does not specify what 'greater than', 'less than', etc. means in context of ipv4_address. However, the memcmp of network ordered bytes does not seem right. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 6 15:51:26 2013 +0100 Refactor: Extract function: ip_cmp Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 7 11:29:07 2013 +0100 tests: Reveal flawed ipv4 comparison Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat Dec 7 16:57:22 2013 +0100 [tests] added runlevel probe regression test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat Dec 7 16:53:57 2013 +0100 [probes] runlevel: don't get lost in relative paths Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Dec 6 15:51:16 2013 +0100 [probes] process,process58: follow the specification correctly when generating the start_time value Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 6 13:40:10 2013 +0100 tests: Rename ipv6 files to conform the way their ipv4 counterpart is named Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 5 17:53:29 2013 +0100 tests: Assert for 'superset of' operation on ipv4_address type These tests are inspirated by their ipv6 equivalent. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 6 13:12:40 2013 +0100 Do not forget to take a break And also amend documentation to not include prefix-length, when we are in fact handling netmasks. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 6 13:10:27 2013 +0100 Fix ipv4addr_mask to reflect host/network byte order. Note that netmask is stored in host byte order to facilitate easy comparisons. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 6 13:07:12 2013 +0100 Refactor: Extract function: ipv4addr_mask We need to extract it, so it can be easily fixed. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 6 10:50:53 2013 +0100 Change storage type for ipv4 netmask to uint32_t The code seems to assume that int is 4 bytes anyway (see parsing and subsequent comparisons). Also make the type unsigned. Only then the comparisons are starting to make sense. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 6 10:45:14 2013 +0100 Documentation for comparison functions on ipv?_address types Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 5 16:39:35 2013 +0100 Fix and document 'superset of' operation on ipv4_address type Related to 374ce97838716d38e5369d8844a802650c38180a. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 5 16:04:43 2013 +0100 Refactor: Expand and remove function: mask_v6_addrs Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 5 15:58:59 2013 +0100 tests: Assert for 'superset of' operation on ipv6_address type Compare different ipv6 addresses. Ensure that masking is made properly (addresses should not be zeroed). Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 5 15:33:27 2013 +0100 Implement ipv6 CIDR masking more properly. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Dec 5 14:36:33 2013 +0100 [probes] process58: use the proper value for the loginuid entity Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Dec 5 14:01:58 2013 +0100 [probes] process58: use the collected session_id value in the item Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 5 13:52:24 2013 +0100 Refactor: Make a use of common library function. This commit does not change the behavior. It is not a proper implementation of mask_v6_addrs, it is just less obfuscated and more efficient. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 5 13:48:18 2013 +0100 Remove duplicate code to compare ipv4 addresses. This needs to be done in order to bring comming ipv4 comparison fixes down to the probes. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 5 13:43:27 2013 +0100 Input arguments for comparisons shall be 'const'. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 5 13:35:11 2013 +0100 Remove duplicate code to compare ipv6 addresses. This needs to be done in order to bring recent (and shortly comming) ipv6 comparison fixes down to the probes. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Dec 5 12:48:43 2013 +0100 [OVAL/results] Corrected types in cmp_float Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Dec 5 12:43:52 2013 +0100 [OVAL/results] Made integer and floating type number parsing much stricter - switched from atoi/atof to strtoimax/strtod - checking for underflow/overflow - checking for invalid characters Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 5 11:31:12 2013 +0100 tests: Assert for 'superset of' operation on ipv6_address type Compare different ipv6 addresses. The address on system has shorter prefix length (32); both addresses match on first 32b. Thus state is 'superset of' syschar. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 5 11:08:18 2013 +0100 tests: Assert for 'superset of' operation on ipv6_address type Make sure that the 'superset of' operation recognize different ipv6 addresses. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 5 10:51:15 2013 +0100 tests: Assert for 'superset of' operation on ipv6_address type Make sure that the 'superset of' operation yields true when ipv6 set on system has greater cardinality than ipv6 set from state. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 5 10:25:42 2013 +0100 tests: Assert for 'superset of' openration on ipv6_address type Make sure that the 'superset of' operation yields false when state ipv6 set has greater address space. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 4 14:08:32 2013 +0100 tests: Assert for 'superset of' operation oobn ipv6_address type Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 4 17:39:45 2013 +0100 Fix and document 'superset of' operation on ipv6_address type Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 4 16:27:03 2013 +0100 Refactor: Extract function: ipv6addr_parse Avoid duplication of code. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 4 16:17:33 2013 +0100 Refactor: Extract function: ipv4addr_parse Avoid duplication of code. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 4 15:58:35 2013 +0100 Refactor: move ipv*_address_cmp functions to separate module Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 4 15:32:41 2013 +0100 promote ipv*_address_cmp functions to privileged (from static) Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 4 15:11:21 2013 +0100 Move oval_evr_string.c to results/ sub-directory. It is only relevant to OVAL Results model. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 4 15:09:05 2013 +0100 Move oval_evr_string_impl.h to results/ sub-directory. It is only relevant to OVAL Results model. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Dec 4 17:00:10 2013 +0100 Workaround for libxml2 when validating xmldsig x509 serial as xs:integer Causes validation errors in valid x509 signed datastreams otherwise. See https://bugzilla.gnome.org/show_bug.cgi?id=350248 for more details about this libxml2 limitation. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 4 11:06:22 2013 +0100 Do not reinvent the wheel unless you stink Addressing the comparison of 'temp' and 'temPX' which returned 0 (equals). Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 4 10:44:12 2013 +0100 tests: Make sure that 'temp != temPX' for case insensitive equals Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 28 15:33:37 2013 +0100 Bump version after release. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Dec 2 15:29:02 2013 +0100 [probes/file] Use the autogenerated macros when checking for acl support Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Dec 2 15:27:18 2013 +0100 Look for acl_extended_file and blkid_get_tag_value functions Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 27 19:03:36 2013 +0100 openscap-1.0.1 Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 28 12:21:24 2013 +0100 Bump version after release Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 27 18:49:35 2013 +0100 Bump the soname of libopenscap Changing from 8.0.1 to 8.0.2 Interface has not been changed. Only the implementation was. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 27 17:51:07 2013 +0100 Collect selinux_domain_label properly In OVAL 5.10.1 specification selinux_domain_label is regarded as An selinux domain label associated with the process. Previously, OpenSCAP has collected strings like system_u:system_r:systemd_logind_t:s0 which is SELinux Security Context. The context is composed of User Identity, Role, Domain (or Type), Sensitivity, and Category. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 27 16:33:35 2013 +0100 Do not report process on stderr Only error and warning messages shall be routed to stderr. Consumers of the output shall be able to see the errors easily. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 27 14:03:50 2013 +0100 tests: Ensure that selinux_domain_label is collected on selinux enabled systems. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 27 11:27:24 2013 +0100 Start collecting unix-sys:selinux_domain_label within process58_item again Introduced by: 7e4993fc293f3e0f83fee8fe8af70186dc13aabf Investigation kudos go to: Petr Lautrbach Daniel Kopecek Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Nov 27 11:46:15 2013 +0100 Fixed detection of capability data manipulation functions - check for HAVE_SYS_CAPABILITY_H in process58.c - detect libcap version based on the availability of cap_get_pid and capgetp functions Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 21 16:42:19 2013 +0100 rhbz#1032537: man: Correct a typo when referring to other option Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 21 16:36:06 2013 +0100 Bump version after release. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 26 15:49:42 2013 +0100 Error out when LT_CURRENT_MINUS_AGE is not defined Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Nov 26 12:52:51 2013 +0100 GNULib update Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Nov 25 16:35:11 2013 +0100 Clarified the man page WRT which XCCDF is used when no --xccdf-id is passed Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 21 14:44:26 2013 +0100 dlopen libopenscap_sce.so.{current-age} explicitly If we dlopened libopenscap_sce.so the user would be required to have the symlink in place, the symlink is auto moved to -devel packages in many distributions. We also get ABI sanity checking for free with this approach. Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Nov 20 13:17:33 2013 +0100 [tests] test_probes_interface: ip doesn't show brd field if a broadcast address is same as ip address Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Nov 19 11:16:15 2013 +0100 openscap-1.0.0 Well you see, it is true. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Nov 19 11:06:32 2013 +0100 Bump the soname of libopenscap Changing from 8.0.0 to 8.0.1 Interface has not been changed. Only the implementation was. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 18 14:33:33 2013 +0100 dist: package openscap-engine-sce-devel separately. Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 17 22:51:34 2013 +0100 Move oval_resModel.c to results/ sub-directory. Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 17 22:48:18 2013 +0100 Move oval_resultSystem.c to results/ sub-directory Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 17 22:41:11 2013 +0100 Move oval_resultItem.c to results/ sub-directory Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 17 22:40:07 2013 +0100 Move oval_resultTestIterator.c to results/ sub-directory Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 17 22:38:44 2013 +0100 Move oval_resultTest.c to results/ sub-directory Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 17 22:35:22 2013 +0100 Move oval_resultCriteriaNode.c to results/ sub-directory Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 17 22:33:42 2013 +0100 Move oval_resultDefinitionIterator.c to results/ sub-directory Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 17 22:28:24 2013 +0100 Move oval_resultDefinition.c to results/ sub-directory Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 17 22:21:43 2013 +0100 Move oval_results_impl.h to results/ sub-directory Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Sep 9 10:10:13 2013 +0200 Fix include: No need for results_model privileged primitives. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Sep 9 10:09:25 2013 +0200 Fix include: No need for results_model privileged primitives. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Sep 9 10:04:43 2013 +0200 Fix include: No need for results_model privileged primitives. Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 17 21:36:25 2013 +0100 Do not compare unsigned value with (-1). Addressing: oval_enumerations.c: In function 'oval_subtype_parse': oval_enumerations.c:636:14: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] if (subtype == OVAL_ENUMERATION_INVALID) Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 26 16:34:22 2013 +0200 Fix include: Include syschar for oval_message_level_t. Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 17 21:17:15 2013 +0100 Remove overabundant file from src/OVAL dist list. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 15 19:33:05 2013 +0100 bump version after release Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 15 18:44:44 2013 +0100 Make sure to have risdigit Apparently, it has something to do with superscript digits, like 0xB2 ('²'), 0xB3 ('³') and 0xB9 ('¹'). Addressing: src/.libs/libopenscap.so: undefined reference to `risdigit' collect2: ld returned 1 exit status Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 15 17:23:47 2013 +0100 Avoid obsoleting noarch package by an arch package The scap-secrity-guide package will bring this directive instead. Addressing (rhbz#1028706): openscap update incorrectly pulls in piles of 32bit packages Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 15 17:17:02 2013 +0100 Do not specify fully versioned arch-specific requires for noarch packages The Packaging:Guidelines#Requiring_Base_Package explicitly prohibits this by: When a subpackage requires the base package, it must do so using a fully versioned arch-specific (for non-noarch packages) dependency. ^^^ Addressing: BuildError: mismatch when analyzing openscap-content-sectool-0.9.13-5.fc21.noarch.rpm, rpmdiff output was: removed REQUIRES openscap(armv7hl-32) = 0.9.13-5.fc21 removed REQUIRES openscap-engine-sce(armv7hl-32) added REQUIRES openscap(x86-64) = 0.9.13-5.fc21 added REQUIRES openscap-engine-sce(x86-64) Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 15 17:15:24 2013 +0100 Use a fully versioned dependency That is advised practice by the rule book at Packaging:Guidelines#Requiring_Base_Package Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 15 16:30:40 2013 +0100 git: ignore product of selinux-policy build Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 15 14:58:30 2013 +0100 tests: Ensure correct comaprison when an epoch is missing in the content Relates: https://github.com/OVALProject/Language/issues/175 Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 13 20:31:33 2013 +0100 trac#355: Do not use rpmvercmp to compare EntityStateEVRStringType as it is Make a use of rpmEVRcmp (or something like that) instead. This change is not fully in line with the current OVAL specification (version 5.10.1) regarding EntityStateEVRStringType which reads: Comparisons involving this datatype should follow the algorithm of librpm's rpmvercmp() function. However, this wording of specification needs to be amended to better reflect reality of librpm (and dependant ecosystem). Librpm never uses rpmvercmp for comparison of EVR literals (Epoch:Version-Release). Librpm approaches EVR literals comparison in the way as folows: * (parse EVR to Epoch:Version-Release) * compare Epoch numbers first * if that equals -> compare Version by rpmvercmp * if that equals -> compare Release by rpmvercmp Hence, librpm uses rpmvercmp function iteratively. It does never compare EVR as it is by rpmvercmp. Note that rpmdev-vercmp tool compares even epochs using rpmvercmp. These two approaches are more-or-less equivalent. The later allows for greater flexibility in Epoch literal. By way of example, in the rpm word: 0:0.4.20.1-6.el5 is greater then 0:0.4.20-33.el5_5.2 in the OVAL word, on the other hand: 0:0.4.20.1-6.el5 is lesser then 0:0.4.20-33.el5_5.2 That makes OVAL inconsistent with characteristics of the underlying word. And finally note for the implementation: Sadly, librpm version 4 does not export anything like rpmEVRcmp for an external use. OpenSCAP needs to copy several static functions from librpm version 4 to minic rpmEVRcmp of rpm5. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 13 19:10:48 2013 +0100 tests: remove misleading print-out. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 13 18:51:13 2013 +0100 tests: trac#355: Assert for improved EntityStateEVRStringType comparison Ensure that 0:0.4.20.1-6.el5 is greater than 0:0.4.20-33.el5_5.2. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 11 16:47:15 2013 +0100 Use rpmvercmp from librpm of there is librpm available If there is no librpm, we fallback to OpenSCAP's internal implementation of librpm. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 13 16:20:35 2013 +0100 Refactor: Move oval_evr_string_cmp to separate module This does not change any semantics, except it drops the following unfortunate comment: // don't really feel like creating a new header file just for this Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 13 16:05:16 2013 +0100 Introduce oval_evr_string_cmp function We introduce this layer of indirection to reduce confusion and to be able to abstract from rpmvercmp function which will be later moved to separate module. Note that EntityStateEVRStringType comparisons should follow the algorithm of rpmvercmp function. Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Nov 12 11:01:21 2013 +0100 OVAL: change the algo used to distinguish 'local' and 'remote' fs With 'local', fts now descends into /proc and /sys, among others, which were previously excluded. This can cause performance issues. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 11 13:28:19 2013 +0100 dist: Do not use tabs Addressing: openscap.src:116: W: mixed-use-of-spaces-and-tabs (spaces: line 7, tab: line 116) Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 11 13:26:26 2013 +0100 tests: trac#354: oscap info should not segfault Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 11 11:53:54 2013 +0100 trac#354: Do not die when namespace declaration is missing. Addressing: $ oscap info oval.xml Document type: OVAL Definitions Segmentation fault #0 __strrchr_sse42 () at ../sysdeps/x86_64/multiarch/strrchr.S:140 #1 0x00007ffff7d13bcd in oval_family_parse (reader=0x61ea80) at oval_enumerations.c:372 #2 0x00007ffff7d13cd2 in oval_subtype_parse (reader=0x61ea80) at oval_enumerations.c:571 #3 0x00007ffff7d2c6eb in oval_test_parse_tag (reader=0x61ea80, context=0x7fffffffd5e0, usr=0x0) at oval_test.c:367 #4 0x00007ffff7d17648 in oval_parser_parse_tag (reader=0x61ea80, context=0x7fffffffd5e0, tag_parser=0x7ffff7d2c67b <oval_test_parse_tag>, user=0x0) at oval_parser.c:59 #5 0x00007ffff7d17b1c in oval_definition_model_parse (reader=0x61ea80, context=0x7fffffffd5e0) at oval_parser.c:177 #6 0x00007ffff7d06f6b in oval_definition_model_merge (model=0x61ebe0, file=0x7fffffffdefd "oval.xml") at oval_defModel.c:246 #7 0x00007ffff7d06e1a in oval_definition_model_import (file=0x7fffffffdefd "oval.xml") at oval_defModel.c:215 #8 0x000000000040e631 in app_info (action=0x7fffffffd8d0) at oscap-info.c:84 #9 0x0000000000407e15 in oscap_module_call (action=0x7fffffffd8d0) at oscap-tool.c:261 #10 0x0000000000408292 in oscap_module_process (module=0x617ba0 <OSCAP_INFO_MODULE>, argc=3, argv=0x7fffffffdb38) at oscap-tool.c:346 #11 0x0000000000406c37 in main (argc=3, argv=0x7fffffffdb38) at oscap.c:79 Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Nov 9 17:30:43 2013 +0100 Make an explicit package version requirement The openscap-devel sub-package already required libopenscap_sce, this update just puts explicit version/release requirement. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Nov 9 17:29:49 2013 +0100 Correct openscap-utils sub-package dependencies. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Nov 9 16:45:46 2013 +0100 Plug a memory leaks. Addressing: input_handler.c:95:overwrite_var – Overwriting "probe_in" in "probe_in = SEAP_msg_get(seap_request)" leaks the storage that "probe_in" points to. input_handler.c:107:overwrite_var – Overwriting "oid" in "oid = probe_obj_getattrval(probe_in, "id")" leaks the storage that "oid" points to. input_handler.c:248:leaked_storage – Variable "probe_in" going out of scope leaks the storage it points to. input_handler.c:248:leaked_storage – Variable "oid" going out of scope leaks the storage it points to. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Nov 8 15:44:50 2013 +0100 Updated the AUTHORS file Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 8 13:07:28 2013 +0100 Obsolete openscap-content package in Fedora Please refer to scap-security-guide for next-generation of Fedora content. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 8 10:56:47 2013 +0100 Revert "dist: Drop old openscap SysV init scripts" This reverts commit 1fe1f60956dc9c89ad104a30ff967149c217387a. Addressing: + install -p -m 755 dist/fedora/oscap-scan.init /builddir/build/BUILDROOT/openscap-0.9.13-1.el6.x86_64/etc/rc.d/init.d/oscap-scan install: cannot stat `dist/fedora/oscap-scan.init': No such file or directory Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 8 10:38:21 2013 +0100 openscap-0.9.13 Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 7 19:53:51 2013 +0100 dist: package scap-as-rpm in openscap-utils sub-package Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 7 19:22:45 2013 +0100 Bump the soname of libopenscap Changing from 3.4.0 to 4.0.0. There were 11 new symbols added (that assumes default ./configure). However, for users which had enabled SCE, some of the symbols were removed. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 7 17:54:51 2013 +0100 dist: package libopenscap_sce as openscap-engine-sce sub-package Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 7 17:50:59 2013 +0100 Update the AUTHORS file. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 7 16:35:07 2013 +0100 Plug a memory leak. Do not strdup twice in row. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 7 16:31:12 2013 +0100 Plug a memory leaks. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 7 16:26:21 2013 +0100 Plug a memory leak. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 7 15:57:50 2013 +0100 Plug a memory leak. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 7 15:53:14 2013 +0100 Avoid dead increment. Addressing (clang): Value stored to 's' is never read Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 7 15:47:10 2013 +0100 Do not pass null to strdup Addressing (clang): Argument with 'nonnull' attribute passed null Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 7 14:15:44 2013 +0100 git should ignore distcheck's deliverables. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 4 10:20:15 2013 +0100 SELinux: Allow oscap to send message to syslog Addressing: avc: denied { create } for comm="oscap" scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tclass=unix_dgram_socket avc: denied { write } for comm="oscap" name="log" dev="devtmpfs" ino=7809 scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=system_u:object_r:devlog_t:s0 tclass=sock_file avc: denied { sendto } for comm="oscap" path="/dev/log" scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_dgram_socket avc: denied { create } for comm="oscap" scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tclass=netlink_route_socket avc: denied { bind } for comm="oscap" scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tclass=netlink_route_socket avc: denied { getattr } for comm="oscap" scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tclass=netlink_route_socket avc: denied { nlmsg_read } for comm="oscap" scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tclass=netlink_route_socket Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 1 19:28:12 2013 +0100 SELinux: allow to aquire sysinfo (ip, mac) for XCCDF:TestResult Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 1 17:36:12 2013 +0100 SELinux: allow network connection Addressing: Downloading: http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml ... error WARNING: Skipping http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml file which is referenced from XCCDF content OpenSCAP Error: Download failed: Couldn't resolve host name [oscap_acquire.c:145] Addressing: avc: denied { create } for comm="oscap" scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tclass=tcp_socket avc: denied { connect } for comm="oscap" scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tclass=tcp_socket avc: denied { name_connect } for comm="oscap" dest=80 scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket avc: denied { getopt } for comm="oscap" laddr=10.34.2.170 lport=34668 faddr=2.17.39.214 fport=80 scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tclass=tcp_socket avc: denied { getattr } for comm="oscap" laddr=10.34.2.170 lport=34668 faddr=2.17.39.214 fport=80 scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tclass=tcp_socket avc: denied { read } for comm="oscap" name="resolv.conf" dev="dm-1" ino=394137 scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=file avc: denied { read } for comm="oscap" name="hosts" dev="dm-1" ino=397919 scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=file avc: denied { open } for comm="oscap" path="/etc/resolv.conf" dev="dm-1" ino=394137 scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=file avc: denied { open } for comm="oscap" path="/etc/hosts" dev="dm-1" ino=397919 scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=file avc: denied { create } for comm="oscap" scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tclass=udp_socket avc: denied { create } for comm="oscap" scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tclass=udp_socket avc: denied { connect } for comm="oscap" scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tclass=udp_socket avc: denied { getattr } for comm="oscap" path="socket:[1296340]" dev="sockfs" ino=1296340 scontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:oscap_t:s0-s0:c0.c1023 tclass=udp_socket Author: root <root@unused-2-170.nrt.redhat.com> Date: Fri Nov 1 16:53:36 2013 +0100 SELinux: Build the policy before an attempt to install it. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 1 16:07:30 2013 +0100 dist: Incorporate minor differences between changelogs. Merging back from Fedora Rawhide spec. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 1 15:43:34 2013 +0100 dist: Drop old openscap SysV init scripts Reference: 0e723d8c219e719e86210ff2eed1b8f7e8b2c714. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 1 15:40:11 2013 +0100 dist: Drop an unused patch. Reference: d092fcaa96c3fa991171d2f3ad4180295a587afd. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 7 14:43:01 2013 +0100 Fixed utils/Makefile.am to avoid make distcheck failing manpages and script were missing from EXTRA_DIST Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 7 14:21:22 2013 +0100 Do not dlclose module_handle if it's NULL in check_engine_plugin code Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 7 14:03:17 2013 +0100 Changed default scap-as-rpm destination path to /usr/share/xml/scap Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 7 14:02:32 2013 +0100 Added manpage for scap-as-rpm Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 7 13:52:06 2013 +0100 Added scap-as-rpm to Makefile.am, it is now installed with `make install` Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 7 13:33:52 2013 +0100 Added scap-as-rpm The script was prototyped outside the openscap repo, see https://github.com/mpreisler/scap-as-rpm Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Nov 7 13:38:09 2013 +0100 [rbt] Fixed strict-aliasing related issues Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 7 13:04:14 2013 +0100 Removed last traces of -DENABLE_SCE, the code doesn't have to know about this Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 7 12:40:59 2013 +0100 Merge branch 'sce-separation-devel' Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 7 12:25:52 2013 +0100 Removed leftover ENABLE_SCE macro checks Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 7 12:20:33 2013 +0100 Removed a testing printout in session when loading plugins Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 7 11:51:53 2013 +0100 Added --check-engine-results to the manual page Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 7 11:48:16 2013 +0100 Added --check-engine-results CLI switch to oscap, deprecated --sce-results Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 6 20:11:26 2013 +0100 Slight changes to plugin capabilities to make it consistent with builtin features Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 6 19:55:37 2013 +0100 Use plugin capabilities in `oscap --version` to show loaded plugins Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 6 18:10:39 2013 +0100 Added get_capabilities_fn to plugin struct This will allow us to display which specifications the plugins support. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 6 17:56:37 2013 +0100 Fixed dlerror() related memory leaks Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 6 17:18:45 2013 +0100 Call oscap_clearerr in case SCE plugin fails to load Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 6 16:27:00 2013 +0100 Removed SCE from openscap SWIG bindings It is no longer part of the main library, keeping it there causes linker errors when importing the bindings. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 6 16:05:23 2013 +0100 Introduced OSCAP_CHECK_ENGINE_PLUGIN_DIR The directory where check engine plugin shared objects are stored in. Optional, plugins are looked up in $PATH if not present. The openscap tradition is to to add one new obscure environment variable per 1000 lines of code and somebody had to do it! ;-) Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 6 14:25:38 2013 +0100 API for results export added for check engine plugins Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 5 20:02:17 2013 +0100 Copy paste error in check_engine_plugin_cleanup Spotted by theinric, thanks! Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 5 19:24:14 2013 +0100 Remember loaded check engine plugins, clean them up where necessary Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 5 18:50:38 2013 +0100 Changed the check engine plugin API to be more sane (struct that's filled) Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 5 14:25:29 2013 +0100 We probably should not dlclose a module that we need symbols from... I have been debugging this for hours, thanks goes to Tomas Heinrich for quickly spotting this stupid mistake of mine... Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Nov 4 16:20:21 2013 +0100 Build system changes to make the project compilable, dlopen now works Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Nov 1 16:21:35 2013 +0100 Deprecated xccdf_session_load_sce in favor of _extra_check_engines Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 31 18:06:31 2013 +0100 Made SCE a separate shared object libopenscap_sce.so Introduced a couple of workarounds all marked with FIXME: SCE that will get removed later (I hope). openscap can not be compiled because of missing SCE symbols in this state but libopenscap_sce.so can be and that's all that matters right now. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 31 12:59:03 2013 +0100 Added a cpename with CpE as a prefix to tests because of recent regex changes Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 31 11:52:47 2013 +0100 Changed CPE name regex to be more permissive (according to spec) Previously it would accept cPE:.. and cPe:.. but not CPE:.. even though the spec permits this (CPE names are case insensitive) Reported by Steve Grubb, thanks! Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 31 08:40:35 2013 +0100 Remove duplicate declarations from the file Addresssing: src/XCCDF/public/xccdf_benchmark.h:3340: warning: member xccdf_plain_text_iterator_reset belongs to two different groups. The second one found here will be ignored. src/XCCDF/public/xccdf_benchmark.h:3344: warning: member xccdf_value_instance_iterator_reset belongs to two different groups. The second one found here will be ignored. src/XCCDF/public/xccdf_benchmark.h:3346: warning: member xccdf_result_iterator_reset belongs to two different groups. The second one found here will be ignored. src/XCCDF/public/xccdf_benchmark.h:3348: warning: member xccdf_override_iterator_reset belongs to two different groups. The second one found here will be ignored. src/XCCDF/public/xccdf_benchmark.h:3350: warning: member xccdf_message_iterator_reset belongs to two different groups. The second one found here will be ignored. src/XCCDF/public/xccdf_benchmark.h:3352: warning: member xccdf_instance_iterator_reset belongs to two different groups. The second one found here will be ignored. src/XCCDF/public/xccdf_benchmark.h:3354: warning: member xccdf_rule_result_iterator_reset belongs to two different groups. The second one found here will be ignored. src/XCCDF/public/xccdf_benchmark.h:3356: warning: member xccdf_identity_iterator_reset belongs to two different groups. The second one found here will be ignored. src/XCCDF/public/xccdf_benchmark.h:3358: warning: member xccdf_score_iterator_reset belongs to two different groups. The second one found here will be ignored. src/XCCDF/public/xccdf_benchmark.h:3360: warning: member xccdf_target_fact_iterator_reset belongs to two different groups. The second one found here will be ignored. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 31 08:22:45 2013 +0100 Documentation: Fix incorrect file names. Addressing: src/CVE/public/cve_nvd.h:7: warning: the name `cve.h' supplied as the second argument in the \file statement is not an input file src/OVAL/adt/oval_string_map.c:2: warning: the name `oval_stringMap.c' supplied as the second argument in the \file statement is not an input file Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 31 08:18:14 2013 +0100 Correct a typos in documentation Addressing: src/XCCDF_POLICY/xccdf_policy_priv.h:36: warning: argument 'test_resut' of command @param is not found in the argument list of xccdf_policy::xccdf_policy_resolve_fix_substitution(struct xccdf_policy *policy, struct xccdf_fix *fix, struct xccdf_result *test_result) src/XCCDF_POLICY/xccdf_policy_priv.h:36: warning: The following parameters of xccdf_policy::xccdf_policy_resolve_fix_substitution(struct xccdf_policy *policy, struct xccdf_fix *fix, struct xccdf_result *test_result) are not documented: parameter 'test_result' src/XCCDF_POLICY/xccdf_policy_priv.h:113: warning: argument 'platfroms' of command @param is not found in the argument list of xccdf_policy_model::xccdf_policy_model_platforms_are_applicable(struct xccdf_policy_model *model, struct oscap_string_iterator *platforms) src/XCCDF_POLICY/xccdf_policy_priv.h:113: warning: The following parameters of xccdf_policy_model::xccdf_policy_model_platforms_are_applicable(struct xccdf_policy_model *model, struct oscap_string_iterator *platforms) are not documented: parameter 'platforms' Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 31 08:11:19 2013 +0100 sce_engine shall not print-out errors on stdout. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 31 07:55:05 2013 +0100 oval_enumerations shall not use stderr for warnings Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 31 07:49:07 2013 +0100 cpedict shall not use stderr for error reporting Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 30 10:45:01 2013 +0100 tests: Unlink oscap_debug.log.* files on `make clean` The other test directories already support this. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 30 10:23:35 2013 +0100 SCAP Errata (E1): Change arf-rel namespace Reference: http://csrc.nist.gov/publications/nistpubs/800-126-rev2/sp800-126r2-errata-20120409.pdf Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 30 10:30:42 2013 +0100 tests: Amend alignment of RDS testing documents. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 30 09:48:31 2013 +0100 Amend alignment of ARF XSD declaration to match the upstream content at http://scap.nist.gov/schema/asset-reporting-format/1.1/asset-reporting-format_1.1.0.xsd Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 22 14:31:06 2013 +0200 trac#351: Record field namespace is derives from its context. On the one hand within sql57_item we have <ind-def:field> elements, on the other hand within sql57_state element there are <oval-def:field> elements. See also: 6580c052cf270be1b185aecac1b95352727f52ab Addressing: File 'x.syschar.xml' line 52: Element '{http://oval.mitre.org/XMLSchema/oval-definitions-5}field': This element is not expected. Expected is ( {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}field ). While not regressing on: File 'x.definitions.xml' line 56: Element '{http://oval.mitre.org/XMLSchema/oval-definitions-5#independent}field': This element is not expected. Expected is ( {http://oval.mitre.org/XMLSchema/oval-definitions-5}field ). Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 22 10:11:05 2013 +0200 rhbz#1021695: Correct a misspelling Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 15 14:38:58 2013 +0200 Made the cflags of libopenscap.pc simpler -I/usr/include was both redundant and unnecessary. Having includedir be the full /usr/include/openscap path makes openscap easier to use with FindPkgConfig from cmake. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 15 11:24:30 2013 +0200 Fixed required dep names in the pkgconfig file This caused problems for all users of the openscap library. e.g.: Package 'libxml2', required by 'libopenscap', not found Package libxml2 was not found in the pkg-config search path. Perhaps you should add the directory containing `libxml2.pc' Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 11 18:29:01 2013 +0200 Assign state_entity_val properties later in the process of evaluation Only if they are needed. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 11 18:11:50 2013 +0200 Do not assign a value to the function parameter (state_entity_val_text) Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 11 18:03:11 2013 +0200 Assign var_check later in the process of evaluation Only if it is needed. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 11 17:34:15 2013 +0200 Assign state_entity_var later in the process of evaluation Only if it is needed. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 11 17:27:16 2013 +0200 Refactor: Extract function: _evaluate_sysent Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 11 17:06:15 2013 +0200 Refactor: Extract function: _evaluate_sysent_with_variable Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 8 23:31:23 2013 +0200 Typo in an error message. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 8 23:15:51 2013 +0200 Improve and unify debugging warnings from sql:connection_string parsers Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 8 23:04:17 2013 +0200 SQL probe should be able to parse passwd and port from connection string Addressing: odbx_bind failed. Could not connect to the database 'bronte': fe_sendauth: no password supplied Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 8 20:25:22 2013 +0200 DB connection failure should not abort whole OVAL evaluation Also add a 'soft' error into the result XML instead. Addressing: OpenSCAP Error: Probe at sd=1 (sql57) reported an error: Unknown error [./oval_probe_ext.c:525] Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 8 20:23:45 2013 +0200 Plug a memory leak. Related: 3702d99380ef40b67247f00de73cd8068480528d Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 8 20:12:37 2013 +0200 Plug a memory leak Related: a78b885fdff37c9821f1be3a627b7ec7820fc06b Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 8 15:22:47 2013 +0200 Plug a memory leak. Addressing: 17 bytes in 1 blocks are definitely lost in loss record 2 of 9 at 0x4A084D5: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4A0859A: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4CCB38E: __sm_memalign_dbg (sm_alloc.c:203) by 0x4CCA17E: SEXP_val_new (sexp-value.c:37) by 0x4CC2B33: SEXP_number_newu_32_r (sexp-manip_r.c:86) by 0x4CBEE60: SEXP_number_newu_32 (sexp-manip.c:312) by 0x4C98B01: probe_cobj_set_flag (probe-api.c:663) by 0x4C99210: probe_cobj_compute_flag (probe-api.c:890) by 0x409628: probe_worker (worker.c:951) by 0x406E10: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) by 0x35AE8F5E1C: clone (clone.S:113) 22 bytes in 1 blocks are indirectly lost in loss record 3 of 9 at 0x4A084D5: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4A0859A: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4CCB38E: __sm_memalign_dbg (sm_alloc.c:203) by 0x4CCA17E: SEXP_val_new (sexp-value.c:37) by 0x4CC30DC: SEXP_list_new_rv (sexp-manip_r.c:296) by 0x4CBFFB3: SEXP_list_new (sexp-manip.c:935) by 0x4C98952: probe_cobj_new (probe-api.c:608) by 0x4095B9: probe_worker (worker.c:936) by 0x406E10: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) by 0x35AE8F5E1C: clone (clone.S:113) 22 bytes in 1 blocks are definitely lost in loss record 4 of 9 at 0x4A084D5: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4A0859A: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4CCB38E: __sm_memalign_dbg (sm_alloc.c:203) by 0x4CCA17E: SEXP_val_new (sexp-value.c:37) by 0x4CC30DC: SEXP_list_new_rv (sexp-manip_r.c:296) by 0x4CBFFB3: SEXP_list_new (sexp-manip.c:935) by 0x4C9B7C4: probe_obj_getmask (probe-api.c:1739) by 0x40954A: probe_worker (worker.c:925) by 0x406E10: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) by 0x35AE8F5E1C: clone (clone.S:113) 22 bytes in 1 blocks are definitely lost in loss record 5 of 9 at 0x4A084D5: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4A0859A: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4CCB38E: __sm_memalign_dbg (sm_alloc.c:203) by 0x4CCA17E: SEXP_val_new (sexp-value.c:37) by 0x4CC30DC: SEXP_list_new_rv (sexp-manip_r.c:296) by 0x4CBFFB3: SEXP_list_new (sexp-manip.c:935) by 0x4C988BF: probe_cobj_new (probe-api.c:605) by 0x4095B9: probe_worker (worker.c:936) by 0x406E10: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) by 0x35AE8F5E1C: clone (clone.S:113) 22 bytes in 1 blocks are definitely lost in loss record 6 of 9 at 0x4A084D5: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4A0859A: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4CCB38E: __sm_memalign_dbg (sm_alloc.c:203) by 0x4CCA17E: SEXP_val_new (sexp-value.c:37) by 0x4CC30DC: SEXP_list_new_rv (sexp-manip_r.c:296) by 0x4CBFFB3: SEXP_list_new (sexp-manip.c:935) by 0x4C988E7: probe_cobj_new (probe-api.c:606) by 0x4095B9: probe_worker (worker.c:936) by 0x406E10: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) by 0x35AE8F5E1C: clone (clone.S:113) 54 (32 direct, 22 indirect) bytes in 1 blocks are definitely lost in loss record 8 of 9 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4CCB22E: __sm_alloc_dbg (sm_alloc.c:128) by 0x4CC1651: SEXP_new (sexp-manip.c:1593) by 0x4CBFF8C: SEXP_list_new (sexp-manip.c:934) by 0x4C98952: probe_cobj_new (probe-api.c:608) by 0x4095B9: probe_worker (worker.c:936) by 0x406E10: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) by 0x35AE8F5E1C: clone (clone.S:113) 140 bytes in 1 blocks are definitely lost in loss record 9 of 9 at 0x4A084D5: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4A0859A: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4CCB38E: __sm_memalign_dbg (sm_alloc.c:203) by 0x4CCA392: SEXP_rawval_lblk_new (sexp-value.c:120) by 0x4CC312B: SEXP_list_new_rv (sexp-manip_r.c:307) by 0x4CBFFB3: SEXP_list_new (sexp-manip.c:935) by 0x4C98952: probe_cobj_new (probe-api.c:608) by 0x4095B9: probe_worker (worker.c:936) by 0x406E10: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) by 0x35AE8F5E1C: clone (clone.S:113) Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 8 13:28:54 2013 +0200 Plug a memory leak. Addressing: 60 bytes in 1 blocks are definitely lost in loss record 9 of 10 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x35AE886429: strdup (strdup.c:42) by 0x4043CA: dbURIInfo_parse (sql57.c:178) by 0x404888: dbSQL_eval (sql57.c:260) by 0x405536: probe_main (sql57.c:477) by 0x4095FB: probe_worker (worker.c:944) by 0x406E08: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) by 0x35AE8F5E1C: clone (clone.S:113) Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 8 13:03:36 2013 +0200 Plug a memory leak. Addressing: 1 bytes in 1 blocks are indirectly lost in loss record 1 of 35 at 0x4A08121: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x35B040E2AE: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040FE87: PQconnectStart (in /usr/lib64/libpq.so.5.5) by 0x35B040FEB5: PQconnectdb (in /usr/lib64/libpq.so.5.5) by 0x7B53AB0: ??? (in /usr/lib64/opendbx/libpgsqlbackend.so.1.2.0) by 0x404BF6: dbSQL_eval (sql57.c:318) by 0x405527: probe_main (sql57.c:477) by 0x4095EB: probe_worker (worker.c:944) by 0x406DF8: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) by 0x35AE8F5E1C: clone (clone.S:113) 1 bytes in 1 blocks are indirectly lost in loss record 2 of 35 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x35AE886429: strdup (strdup.c:42) by 0x35B040AA4F: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040DB6F: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040FE70: PQconnectStart (in /usr/lib64/libpq.so.5.5) by 0x35B040FEB5: PQconnectdb (in /usr/lib64/libpq.so.5.5) by 0x7B53AB0: ??? (in /usr/lib64/opendbx/libpgsqlbackend.so.1.2.0) by 0x404BF6: dbSQL_eval (sql57.c:318) by 0x405527: probe_main (sql57.c:477) by 0x4095EB: probe_worker (worker.c:944) by 0x406DF8: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) 1 bytes in 1 blocks are indirectly lost in loss record 3 of 35 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x35AE886429: strdup (strdup.c:42) by 0x35B040AA7D: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040DB6F: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040FE70: PQconnectStart (in /usr/lib64/libpq.so.5.5) by 0x35B040FEB5: PQconnectdb (in /usr/lib64/libpq.so.5.5) by 0x7B53AB0: ??? (in /usr/lib64/opendbx/libpgsqlbackend.so.1.2.0) by 0x404BF6: dbSQL_eval (sql57.c:318) by 0x405527: probe_main (sql57.c:477) by 0x4095EB: probe_worker (worker.c:944) by 0x406DF8: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) 2 bytes in 1 blocks are indirectly lost in loss record 4 of 35 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x35AE886429: strdup (strdup.c:42) by 0x35B040ACDC: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040DB6F: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040FE70: PQconnectStart (in /usr/lib64/libpq.so.5.5) by 0x35B040FEB5: PQconnectdb (in /usr/lib64/libpq.so.5.5) by 0x7B53AB0: ??? (in /usr/lib64/opendbx/libpgsqlbackend.so.1.2.0) by 0x404BF6: dbSQL_eval (sql57.c:318) by 0x405527: probe_main (sql57.c:477) by 0x4095EB: probe_worker (worker.c:944) by 0x406DF8: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) 5 bytes in 1 blocks are indirectly lost in loss record 5 of 35 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x35AE886429: strdup (strdup.c:42) by 0x35B040A9F3: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040DB6F: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040FE70: PQconnectStart (in /usr/lib64/libpq.so.5.5) by 0x35B040FEB5: PQconnectdb (in /usr/lib64/libpq.so.5.5) by 0x7B53AB0: ??? (in /usr/lib64/opendbx/libpgsqlbackend.so.1.2.0) by 0x404BF6: dbSQL_eval (sql57.c:318) by 0x405527: probe_main (sql57.c:477) by 0x4095EB: probe_worker (worker.c:944) by 0x406DF8: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) 5 bytes in 1 blocks are indirectly lost in loss record 6 of 35 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x35AE886429: strdup (strdup.c:42) by 0x35B040AA21: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040DB6F: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040FE70: PQconnectStart (in /usr/lib64/libpq.so.5.5) by 0x35B040FEB5: PQconnectdb (in /usr/lib64/libpq.so.5.5) by 0x7B53AB0: ??? (in /usr/lib64/opendbx/libpgsqlbackend.so.1.2.0) by 0x404BF6: dbSQL_eval (sql57.c:318) by 0x405527: probe_main (sql57.c:477) by 0x4095EB: probe_worker (worker.c:944) by 0x406DF8: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) 7 bytes in 1 blocks are indirectly lost in loss record 7 of 35 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x35AE886429: strdup (strdup.c:42) by 0x35B040ACAB: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040DB6F: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040FE70: PQconnectStart (in /usr/lib64/libpq.so.5.5) by 0x35B040FEB5: PQconnectdb (in /usr/lib64/libpq.so.5.5) by 0x7B53AB0: ??? (in /usr/lib64/opendbx/libpgsqlbackend.so.1.2.0) by 0x404BF6: dbSQL_eval (sql57.c:318) by 0x405527: probe_main (sql57.c:477) by 0x4095EB: probe_worker (worker.c:944) by 0x406DF8: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) 9 bytes in 1 blocks are indirectly lost in loss record 8 of 35 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x35AE886429: strdup (strdup.c:42) by 0x35B040AB07: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040DB6F: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040FE70: PQconnectStart (in /usr/lib64/libpq.so.5.5) by 0x35B040FEB5: PQconnectdb (in /usr/lib64/libpq.so.5.5) by 0x7B53AB0: ??? (in /usr/lib64/opendbx/libpgsqlbackend.so.1.2.0) by 0x404BF6: dbSQL_eval (sql57.c:318) by 0x405527: probe_main (sql57.c:477) by 0x4095EB: probe_worker (worker.c:944) by 0x406DF8: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) 9 bytes in 1 blocks are indirectly lost in loss record 9 of 35 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x35AE886429: strdup (strdup.c:42) by 0x35B040AB35: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040DB6F: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040FE70: PQconnectStart (in /usr/lib64/libpq.so.5.5) by 0x35B040FEB5: PQconnectdb (in /usr/lib64/libpq.so.5.5) by 0x7B53AB0: ??? (in /usr/lib64/opendbx/libpgsqlbackend.so.1.2.0) by 0x404BF6: dbSQL_eval (sql57.c:318) by 0x405527: probe_main (sql57.c:477) by 0x4095EB: probe_worker (worker.c:944) by 0x406DF8: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) 9 bytes in 1 blocks are indirectly lost in loss record 10 of 35 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x35AE886429: strdup (strdup.c:42) by 0x35B040AE20: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040DB6F: ??? (in /usr/lib64/libpq.so.5.5) by 0x35B040FE70: PQconnectStart (in /usr/lib64/libpq.so.5.5) by 0x35B040FEB5: PQconnectdb (in /usr/lib64/libpq.so.5.5) by 0x7B53AB0: ??? (in /usr/lib64/opendbx/libpgsqlbackend.so.1.2.0) by 0x404BF6: dbSQL_eval (sql57.c:318) by 0x405527: probe_main (sql57.c:477) by 0x4095EB: probe_worker (worker.c:944) by 0x406DF8: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Oct 7 11:13:59 2013 +0200 tests: Add tests for existing cpe:/o:fedoraproject:fedora:2* CPE names. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Oct 7 11:09:58 2013 +0200 Fix incorrect platform specification. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Oct 7 11:09:31 2013 +0200 Introduce CPE name for upcoming Fedora 21 Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Oct 5 00:26:16 2013 +0200 tests: sql57: Evaluate with unsupported engine Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 4 22:58:29 2013 +0200 Export record <field> into correct OVAL namespace This generic element may appear even within ind-def:sql_state, in such case the field would inherit the ind-def namespace. Addressing: File 'x.xml' line 56: Element '{http://oval.mitre.org/XMLSchema/oval-definitions-5#independent}field': This element is not expected. Expected is ( {http://oval.mitre.org/XMLSchema/oval-definitions-5}field ). Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 4 15:18:08 2013 +0200 Do not add a new-line to the end of error message The oscap_seterri() is supposed add the information about file and line number plus the newline. Note that for some time we can print-out the whole error stack. Thus, the error handling inconsistencies are well visible: Addresing output like: OpenSCAP Error: Probe at sd=1 (sql57) reported an error: Unknown error [./oval_probe_ext.c:525] Unknown syschar flag: 0. [oval_resultTest.c:1448] Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 4 15:03:34 2013 +0200 sql* probes should not return error if db backend is missing They should return a 'soft error' which is captured in result XML document like: <object id="oval:org.gentoo.dev.swift.postgres:obj:1" version="1" flag="error"> <message level="error">odbx_init failed. Please install the opendbx postgre backend</message> </object> Otherwise oval_probe_comm() finishes with error code and whole evaluation is aborted (without producing result XML file). Addressing: $ oscap oval eval --results blah.xml simpletest.xml Loading backend library pgsql, libpgsqlbackend.so or /usr/lib64/opendbx/libpgsqlbackend.so failed /usr/lib64/opendbx/libpgsqlbackend.so: cannot open shared object file: No such file or directory Could not connect to the database. Please install the opendbx pgsql backend. Definition oval:org.gentoo.dev.swift.postgres:def:1: error OpenSCAP Error: Probe at sd=1 (sql57) reported an error: Unknown error [./oval_probe_ext.c:525] Unknown syschar flag: 0. [oval_resultTest.c:1448] Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 4 15:01:49 2013 +0200 Print full error stack from oscap-oval-eval Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 4 10:32:11 2013 +0200 Refactor: Extract function: _probe_strerror Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 3 18:18:41 2013 +0200 Advise user to install missing opendbx backend Generally, we prefer to send error messages through SEXPs and callbacks and not directly on stderr. In this case however, we make an exception and we join the opendbx library, which prints on stderr things like: Loading backend library pgsql, libpgsqlbackend.so or /usr/lib64/opendbx/libpgsqlbackend.so failed /usr/lib64/opendbx/libpgsqlbackend.so: cannot open shared object file: No such file or directory Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 3 17:16:28 2013 +0200 Plug a memory leak Addressing: 8 bytes in 1 blocks are definitely lost in loss record 1 of 11 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4CCB1CE: __sm_alloc_dbg (sm_alloc.c:128) by 0x4CBFA6A: SEXP_string_cstr (sexp-manip.c:778) by 0x4050C3: probe_main (sql57.c:445) by 0x4093E3: probe_worker (worker.c:944) by 0x406BF0: probe_worker_runfn (worker.c:53) by 0x35AF007C52: start_thread (pthread_create.c:308) by 0x35AE8F5E1C: clone (clone.S:113) Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 3 16:57:55 2013 +0200 Improve logging from sql probes. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 3 16:44:27 2013 +0200 Do not waste octotherp even if the code compiles Related: 51543f9be1b05c922ed6937894910638f3fe1e24 Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 3 16:41:52 2013 +0200 The (char *) is passed to engine_cmp, not the (dbEngineMap_t *) Related: 51543f9be1b05c922ed6937894910638f3fe1e24 Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 3 09:52:27 2013 +0200 Use correct libxml function to import xsi:nil attribute While the previous approach works in Fedora it uses undocumented functionality and may be error prone. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 2 14:38:55 2013 +0200 Use correct libxml function to export xsi:nil attribute While the previous approach works in Fedora it uses undocumented functionality and may be error prone. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 2 14:10:21 2013 +0200 tests: Refactor: Extract function definition assert_exists Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 2 13:54:25 2013 +0200 tests: rhbz#1013011: Assert for export ind-def:pid/@xsi:nil Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 2 12:31:53 2013 +0200 rhbz#1013011: Export the @xsi:nil attribute of an oval entity Addressing: oscap oval validate-xml --results --schematron ssg-rhel6-oval.xml.result.xml <?xml version="1.0"?> oval:ssg:obj:1360 - The datatype for the ind-def:pid entity is 'int' but the value is not an integer. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 2 11:06:51 2013 +0200 tests: workaround trac#346, disable test on RPM systems with older libxml2 While this is not exactly friendly for our non-rpm friends, we welcome patches which will extend the workaround or address the trac#346. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 1 19:02:50 2013 +0200 Plug a memory leak. Addressing: Definition oval:ssg:def:116: true Evaluation done. OpenSCAP Error: Is a directory '/tmp/x' [elements.c:179] LEAK SUMMARY: definitely lost: 176 bytes in 1 blocks indirectly lost: 36,576 bytes in 579 blocks Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 1 17:11:17 2013 +0200 Report file:line_number for libxml errors. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 1 16:44:23 2013 +0200 Do not touch memory which is not yours. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 1 16:12:25 2013 +0200 Avoid undefined behavior when evaluating check with no check-content-refs Also added a test related to this. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 1 15:46:52 2013 +0200 trac#344: Send libxml errors through oscap_seterr callback Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 1 15:09:26 2013 +0200 tests: trac#344: Make sure to send libxml errors through oscap_seterr callback Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 1 13:42:21 2013 +0200 Refactor: Move libxml_error_handler to common module. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 1 15:29:19 2013 +0200 [probes] Fixed uninitialized variable condition in the input handler Addressing: input_handler.c: In function 'probe_input_handler': input_handler.c:51:13: warning: 'probe_ret' may be used uninitialized in this function [-Wmaybe-uninitialized] Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 1 13:56:07 2013 +0200 Moved LC_ALL export to tests/Makefile.am, removed redundant sets Thanks goes to Petr Lautrbach for this suggestion. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 1 11:35:32 2013 +0200 Removed accidentally commited set -x from an XCCDF test Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 30 19:13:12 2013 +0200 Make all tests including test_common.sh independent of locale Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 30 18:42:20 2013 +0200 Made test_report_check_with_empty_selector.sh locale independent Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 30 18:27:13 2013 +0200 Make the runlevel probe test locale independent Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 26 17:57:27 2013 +0200 Introduce openscap-extra-probes-sql sub-package. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 26 14:58:55 2013 +0200 trac#343: Do not lie down when the mask_map is null Addressing: #0 0x000003fff74c4a15 in raise () from /lib64/libc.so.6 #1 0x000003fff74c5d15 in abort () from /lib64/libc.so.6 #2 0x000003fff7b08f24 in oval_string_map_get_value (map=0x0, key=0x2aaaacd7be0 "usename") at oval_string_map.c:236 #3 0x000003fff7b01d59 in oval_sexp_to_sysent (model=0x0, item=0x0, sexp=0x2aaaacdff60, mask_map=0x0) at oval_sexp.c:805 #4 0x000003fff7b0135d in oval_record_field_ITEM_from_sexp (sexp=0x2aaaacdff60) at oval_sexp.c:626 #5 0x000003fff7b01dc9 in oval_sexp_to_sysent (model=0x2aaaacdd990, item=0x2aaaacdf530, sexp=0x2aaaacde310, mask_map=0x2aaaacda9c0) at oval_sexp.c:817 #6 0x000003fff7b0238f in oval_sexp_to_sysitem (model=0x2aaaacdd990, sexp=0x2aaaacdf990, mask_map=0x2aaaacda9c0) at oval_sexp.c:932 #7 0x000003fff7b02708 in oval_sexp_to_sysch (cobj=0x2aaaacdde80, syschar=0x2aaaacde650) at oval_sexp.c:986 #8 0x000003fff7b06e4f in oval_probe_ext_eval (ctx=0x2aaaacdf910, pd=0x2aaaacd7b60, pext=0x2aaaacd7c60, syschar=0x2aaaacde650, flags=0) at oval_probe_ext.c:1110 #9 0x000003fff7b06461 in oval_probe_ext_handler (type=(OVAL_SUBTYPE_ALL | unknown: 7012), ptr=0x2aaaacd7c60, act=3) at oval_probe_ext.c:897 #10 0x000003fff7ad1e4a in oval_probe_query_object (psess=0x2aaaace06d0, object=0x2aaaacdffd0, flags=0, out_syschar=0x0) at oval_probe.c:283 #11 0x000003fff7ad218a in oval_probe_query_criteria (sess=0x2aaaace06d0, cnode=0x2aaaacdfc60) at oval_probe.c:372 #12 0x000003fff7ad232a in oval_probe_query_criteria (sess=0x2aaaace06d0, cnode=0x2aaaacdf4c0) at oval_probe.c:425 #13 0x000003fff7ad20ac in oval_probe_query_definition (sess=0x2aaaace06d0, id=0x2aaaacdf310 "oval:org.gentoo.dev.swift.postgres:def:1") at oval_probe.c:346 #14 0x000003fff7aba06f in oval_agent_eval_definition (ag_sess=0x2aaaacd3a20, id=0x2aaaacdf310 "oval:org.gentoo.dev.swift.postgres:def:1") at oval_agent.c:160 #15 0x000003fff7aba4b7 in oval_agent_eval_system (ag_sess=0x2aaaacd3a20, cb=0x2aaaaab6bbd <app_oval_callback>, arg=0x0) at oval_agent.c:255 #16 0x000002aaaaab760d in app_evaluate_oval (action=0x3ffffffcd80) at oscap-oval.c:426 #17 0x000002aaaaab4fdc in oscap_module_call (action=0x3ffffffcd80) at oscap-tool.c:261 #18 0x000002aaaaab54cc in oscap_module_process (module=0x2aaaacc4600 <OVAL_EVAL>, argc=4, argv=0x3ffffffd008) at oscap-tool.c:346 #19 0x000002aaaaab39c4 in main (argc=4, argv=0x3ffffffd008) at oscap.c:78 Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 26 11:18:33 2013 +0200 oval_record_field_set_name must not take memory ownership Related: 6c8b1705f123056151d3163578f3c461422f9d0f Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 24 19:31:41 2013 +0200 oval_record_field_set_value must not take memory ownership WARNING: This changes semantics of this API. Nevertheless, we can afford such change now, as this particular function was causing segfault until the previous commit. Note that most of the similar calls in the library take the ownership. Addressing: Invalid free() / delete / delete[] / realloc() at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4C5A1A6: __oscap_free_dbg (alloc.c:184) by 0x4C7E402: oval_record_field_free (oval_recordField.c:183) by 0x4CA9312: oval_collection_free_items (oval_collection.c:90) by 0x4C8C012: oval_state_content_free (oval_stateContent.c:141) by 0x4CA9312: oval_collection_free_items (oval_collection.c:90) by 0x4C8B2DE: oval_state_free (oval_state.c:203) by 0x4CAA735: __oval_string_map_node_free (oval_string_map.c:248) by 0x4CAB0C7: rbt_free2 (rbt_common.c:139) by 0x4CAF235: rbt_str_free_cb2 (rbt_str.c:80) by 0x4CAA805: oval_string_map_free (oval_string_map.c:255) by 0x4C6B868: oval_definition_model_free (oval_defModel.c:129) Address 0x73bf700 is 0 bytes inside a block of size 9 free'd at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4C5A1A6: __oscap_free_dbg (alloc.c:184) by 0x4C7CA69: oval_parser_text_value (oval_parser.c:243) by 0x4C7EA3A: oval_record_field_parse_tag (oval_recordField.c:378) by 0x4C8C1BA: _oval_state_content_parse_record_field (oval_stateContent.c:181) by 0x4C7C2C8: oval_parser_parse_tag (oval_parser.c:64) by 0x4C8C29B: oval_state_content_parse_tag (oval_stateContent.c:201) by 0x4C8B68A: _oval_state_parse_tag (oval_state.c:282) by 0x4C7C2C8: oval_parser_parse_tag (oval_parser.c:64) by 0x4C8B824: oval_state_parse_tag (oval_state.c:312) by 0x4C7C2C8: oval_parser_parse_tag (oval_parser.c:64) by 0x4C7C803: oval_definition_model_parse (oval_parser.c:184) Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 24 18:56:34 2013 +0200 Initialize record_fields structure before storing <field> elements This is needed since 3e876590 Addressing: oscap: oval_collection.c:104: oval_collection_add: Assertion `(collection) != ((void *)0)' failed. #0 0x0000003dd6835a19 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x0000003dd6837128 in __GI_abort () at abort.c:90 #2 0x0000003dd682e986 in __assert_fail_base (fmt=0x3dd697dda8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7ffff7db3d52 "(collection) != ((void *)0)", file=file@entry=0x7ffff7db3d40 "oval_collection.c", line=line@entry=104, function=function@entry=0x7ffff7db3e20 <__PRETTY_FUNCTION__.3505> "oval_collection_add") at assert.c:92 #3 0x0000003dd682ea32 in __GI___assert_fail (assertion=0x7ffff7db3d52 "(collection) != ((void *)0)", file=0x7ffff7db3d40 "oval_collection.c", line=104, function=0x7ffff7db3e20 <__PRETTY_FUNCTION__.3505> "oval_collection_add") at assert.c:101 #4 0x00007ffff7d4739c in oval_collection_add (collection=0x0, item=0x6328b0) at oval_collection.c:104 #5 0x00007ffff7d2a0a8 in oval_state_content_add_record_field (content=0x632420, rf=0x6328b0) at oval_stateContent.c:155 #6 0x00007ffff7d2a174 in _oval_state_content_record_field_consumer (rf=0x6328b0, content=0x632420) at oval_stateContent.c:176 #7 0x00007ffff7d1cb12 in oval_record_field_parse_tag (reader=0x629cb0, context=0x7fffffffd7b0, consumer=0x7ffff7d2a151 <_oval_state_content_record_field_consumer>, user=0x632420, record_field_type=OVAL_RECORD_FIELD_STATE) at oval_recordField.c:404 #8 0x00007ffff7d2a1ae in _oval_state_content_parse_record_field (reader=0x629cb0, context=0x7fffffffd7b0, user=0x632420) at oval_stateContent.c:181 #9 0x00007ffff7d1a2c9 in oval_parser_parse_tag (reader=0x629cb0, context=0x7fffffffd7b0, tag_parser=0x7ffff7d2a176 <_oval_state_content_parse_record_field>, user=0x632420) at oval_parser.c:64 #10 0x00007ffff7d2a28f in oval_state_content_parse_tag (reader=0x629cb0, context=0x7fffffffd7b0, consumer=0x7ffff7d29599 <_oval_state_content_consumer>, user=0x631ca0) at oval_stateContent.c:201 #11 0x00007ffff7d2967f in _oval_state_parse_tag (reader=0x629cb0, context=0x7fffffffd7b0, user=0x631ca0) at oval_state.c:282 #12 0x00007ffff7d1a2c9 in oval_parser_parse_tag (reader=0x629cb0, context=0x7fffffffd7b0, tag_parser=0x7ffff7d295be <_oval_state_parse_tag>, user=0x631ca0) at oval_parser.c:64 #13 0x00007ffff7d29819 in oval_state_parse_tag (reader=0x629cb0, context=0x7fffffffd7b0, usr=0x0) at oval_state.c:312 #14 0x00007ffff7d1a2c9 in oval_parser_parse_tag (reader=0x629cb0, context=0x7fffffffd7b0, tag_parser=0x7ffff7d2969f <oval_state_parse_tag>, user=0x0) at oval_parser.c:64 #15 0x00007ffff7d1a804 in oval_definition_model_parse (reader=0x629cb0, context=0x7fffffffd7b0) at oval_parser.c:184 #16 0x00007ffff7d09dac in oval_definition_model_merge (model=0x61dc20, file=0x7fffffffdf36 "/home/slukasik-f18/Desktop/report.xml") at oval_defModel.c:246 #17 0x00007ffff7d09c5e in oval_definition_model_import (file=0x7fffffffdf36 "/home/slukasik-f18/Desktop/report.xml") at oval_defModel.c:215 #18 0x0000000000408f73 in app_collect_oval (action=0x7fffffffd910) at oscap-oval.c:231 #19 0x0000000000407b41 in oscap_module_call (action=0x7fffffffd910) at oscap-tool.c:261 #20 0x0000000000407fbe in oscap_module_process (module=0x615f40 <OVAL_COLLECT>, argc=4, argv=0x7fffffffdb68) at oscap-tool.c:346 #21 0x0000000000406a07 in main (argc=4, argv=0x7fffffffdb68) at oscap.c:78 Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 24 14:32:51 2013 +0200 test: Improve time efficiency although marginally. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Sep 20 15:52:37 2013 +0200 tests: Improve robustness of time checking by hack. We want to check that correct time stamps are exported from the scan. This avoids random failures caused by clock tick in between the scan and assertion. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Sep 20 14:51:17 2013 +0200 tests: assert_exists function should be more verbose on failure. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Sep 20 14:42:31 2013 +0200 tests: log the result file path correctly. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 19 15:11:41 2013 +0200 Added python_is16.py to EXTRA_DIST in SCE checks Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 17 18:04:07 2013 +0200 Plug a memory leak. Do not cache dummy objects created when the probe does not support offline_mode. Addressing: overwrite_var – Overwriting "probe_out" in "probe_out = probe_cobj_new(___G_offline_mode_cobjflag, NULL, NULL, NULL)" leaks the storage that "probe_out" points to. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 12 13:37:01 2013 +0200 Adding ctype.h to required headers for the system_info probe This is needed since: 0e2709dd39837522997f2c8364daddaa8d947c4c Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 12 12:49:36 2013 +0200 bump version Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 12 12:48:34 2013 +0200 Add missing colon. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 12 12:46:54 2013 +0200 Merge spec file changes from Fedora We don't need to depend on selinux_policyver since we build .pp module during the build. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 12 09:08:00 2013 +0200 openscap-0.9.12 There were 14 new symbols added. The soname of libopenscap has changed from 3.3.3 to 3.4.0. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 11 17:30:44 2013 +0200 Update rpm spec files to 0.9.12-1. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 11 17:47:29 2013 +0200 bump version Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 11 16:51:50 2013 +0200 Exposed xccdf_tailoring_free as public API Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 11 16:25:40 2013 +0200 Reintroduce a removed function to keep the ABI compatibility up cpe_item_get_deprecated() is deprecated by cpe_item_get_deprecated_by(). Yes, we love self-reference, because it is still not deprecated. The said function has been accidently removed in d524e89bbeebd4e812c8067b1e5c5e64f3de7ab3. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 11 15:14:41 2013 +0200 Added Fedora 20 to default CPE dictionary Long live Heisenbug! Hooray corner cases! Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 10 17:54:08 2013 +0200 [probes] rpm*: disable thread cancelability if we are using the rpm db iterator - fixes problems with rpm probes which left the rpm database in a corrupted state when they were interrupted with an allocated db iterator Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 10 17:45:52 2013 +0200 [probes] make the probe_main() thread joinable - changing to a joinable probe_main() thread allows us to give the thread a grace period in which it can finish its critical section and correctly free any resources allocated during the critical section Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 10 16:55:02 2013 +0200 Export Tailoring's benchmark-ref with the extension namespace if needed Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 10 16:44:46 2013 +0200 Fixed validation errors related to Tailoring/benchmark element Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 5 15:46:34 2013 +0200 Fixed profile inheritance regarding item selection Added a tailoring test to demonstrate and test the issue. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 4 15:40:49 2013 +0200 Do not export duplicate selects (with the same @idref) in Profile Doing so would produce invalid data! Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 2 18:53:03 2013 +0200 Introduced xccdf-1.1-tailoring extension to the XCCDF 1.1 spec Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 3 13:07:54 2013 +0200 Match cpe_name to dictionary in correct way. The opposite (previous) was causing generalization. Meaning that things like: <xccdf:platform idref="cpe:/o:redhat:enterprise_linux:7"/> would match to items like: cpe:/o:redhat:enterprise_linux in the dictionary. This was issue introduced by: ff545b0303b29d8830cea5d42acad2212168e634 Addressing: + test_api_xccdf_default_cpe_rhel6 [ FAIL ] + test_api_xccdf_default_cpe_rhel7 [ FAIL ] Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 3 13:07:00 2013 +0200 Remove wrong line even in XCCDF 1.2 version of sectool. This is fedora content in fedora/ directory. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Sep 2 20:01:32 2013 +0200 Remove wrong line. It is fedora content in fedora/ directory. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Sep 2 17:16:15 2013 +0200 trac#340: Add cpe:/a:redhat:rhel_productivity to internal dictionary. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Sep 2 15:43:41 2013 +0200 Add cpe:/o:redhat:enterprise_linux to internal dictionary. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Sep 2 15:25:35 2013 +0200 SGML applications tend to be architecture independent Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 28 18:18:45 2013 +0200 Exposed setters and getters for tailoring benchmark_ref{,_version} Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Aug 28 11:46:41 2013 +0200 trac#339: Deprecated broken functions. We plan to fix them properly later. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 26 15:55:47 2013 +0200 Added benchmark ref version to API, serialize benchmark-ref Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 26 14:11:47 2013 +0200 trac#335: Do not define XCCDF_BOOLOP_MAP twice Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 26 11:54:40 2013 +0200 tests: Use a sub-set of official CPE 2.3 dictionary for internal testing. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 26 11:22:54 2013 +0200 Do not export component-tree if there is no vendor. Addressing failing test: ++ openscap/tests/xmldiff.pl ./official-cpe-dictionary_v2.2.xml dict.xml.out Rogue element 'component-tree' in element '/cpe-list[1]'. (53 <> 53) Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Aug 23 18:07:19 2013 +0200 tests: Include another test case for <notes> elements. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Aug 23 17:36:45 2013 +0200 trac#338: Fix export of <notes> and <note> CPE elements Previously, the input of: <notes> <note>BLA</note> </notes> got exported as: <title>BLA</title> Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Aug 23 12:46:07 2013 +0200 Now you do not need math. isnan() is not used since 3794ea128bf98abd8925b30b57c65caefa5a02dc Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Aug 23 12:43:32 2013 +0200 Avoid strverscmp outside the GNU land. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 22 16:48:32 2013 +0200 Remove fallacious commentary. The <notes> element may contain <note> sub-elements. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 22 16:23:59 2013 +0200 tests: Export of official CPE 2.2 dictionary. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 22 15:50:21 2013 +0200 tests: ensure that oscap info does not fail on official CPE dictionary. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 22 15:31:37 2013 +0200 tests: Use a sub-set of official CPE 2.2 dictionary for internal testing. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 22 12:41:31 2013 +0200 Add export of newly introduced cpe_ext_dict elements. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 22 16:42:56 2013 +0200 Use "en-US" as default language instead of "en_US" The latter is not a valid xsd:language value. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 22 16:29:39 2013 +0200 Support for Tailoring/@id Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 22 16:06:02 2013 +0200 Expose xccdf_tailoring_set_version{,_time, _update} Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 22 15:32:06 2013 +0200 Correctly handle XCCDF namespace when exporting tailoring as root Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 20 17:57:16 2013 +0200 Added a function exporting xccdf_tailoring to a file Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 20 16:49:08 2013 +0200 Removed irrelevant commented code in xccdf_benchmark_to_dom Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Aug 21 16:06:39 2013 +0200 Improve error reporting of unfamiliar elements in CPE dictionary. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 20 18:22:46 2013 +0200 Introduce parser of <<cpe_dict_ext:deprecated-by> element Addressing: OpenSCAP Error: Unexpected element within cpe23-item[@name='cpe:2.3:a:3com:tippingpoint_ips_tos:2.2.1:*:*:*:*:*:*:*']: 'deprecated-by' [cpedict_ext_priv.c:121] Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 20 17:34:30 2013 +0200 Abort when cpe23-item fails to parse. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 20 17:22:11 2013 +0200 Introduce parser of <cpe_dict_ext:deprecation> element Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 20 16:51:11 2013 +0200 Move functions handling elements from cpe_dict_ext NS to separate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 20 16:30:01 2013 +0200 Refactor: Move xmlTextReaderNextElementWE() to common module Previously this function was defined in two different places. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 20 16:21:56 2013 +0200 Refactor: Move xmlTextReaderNextNode() to common module Previously this function was defined in three (!) different places. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 20 16:00:21 2013 +0200 Refactor: Move xmlTextReaderNextElement() to common module Previously this function was defined in three (!) different places. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 20 13:24:26 2013 +0200 Do not try to recover when cpe-item failed to parse This place was hidding plethora of bugs. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 20 13:20:42 2013 +0200 Remove wrong line. It was wrong from the beginning. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 20 11:24:59 2013 +0200 cpe_item_parse should report error when returns NULL Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 20 10:49:58 2013 +0200 Export cpe-item properties correctly. Export of @deprecated, @deprecated_by, and @deprecation_date attributes should be independent on each other. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 19 15:48:02 2013 +0200 Decouple imports of deprecation related attribute of cpe-item The @deprecated, @deprecated_by, and @deprecation_date attributes should not depend on each other. Absent @deprecated_by attribute should never be fatal even when @deprecated attribute exists. Previously OpenSCAP considered such absence to be an error. Alas, that behaviour was not correct. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 19 17:31:41 2013 +0200 Refactor: Rename property from deprecated to deprecated_by This is needed because these are two different attributes in the XML format. Since they are not dependent, we need two separate properties to keep track of them. Previous assumption in the code was that @deprecated=false attribute is equivalent to deprecated property being NULL. That assumption was proved wrong by official-cpe-dictionary_v2.2.xml. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 19 15:25:18 2013 +0200 Print full error stack from 'oscap info' module. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 19 15:22:40 2013 +0200 CPE 2.2 parser should warn when @deprecated_by is missing. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 19 14:50:36 2013 +0200 CPE 2.3 parser should not fail when @deprecated_by is missing. Addressing: OpenSCAP Error: Unknown XML element in CPE dictionary, local name is 'deprecated-by'. [cpedict_priv.c:725] Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 19 14:29:21 2013 +0200 Store schema_version within the CPE parser context. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 19 14:16:05 2013 +0200 cpe_generator_parse should take CPE parser's context Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 19 13:47:48 2013 +0200 cpe_item_parse should take CPE parser's context. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 19 13:44:04 2013 +0200 cpe_dict_model_parse should take CPE parser's context. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 19 13:33:42 2013 +0200 Refactor: Extract function: _cpe_parser_ctx_new() Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 15 22:50:18 2013 +0200 Introduce cpe_parser_ctx to encapsulate xmlTextReader Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 15 22:02:53 2013 +0200 Report an error when cpe_name fails to initialize. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 15 16:42:52 2013 +0200 Assert for namespace when parsing cpe23-item element. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 15 16:27:03 2013 +0200 Refactor: Replace local literals with equivalents from common module. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 15 15:58:59 2013 +0200 Refactor: Replace literal with XMLNS_CPE2D macro. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 15 15:46:49 2013 +0200 Refactor: Replace CPELANG_NS with its equivalent from common module. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 15 15:41:34 2013 +0200 Refactor: Move CPE xmlns literals to separate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 15 15:39:42 2013 +0200 Refactor: Move CPE xmlns literals to separate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 15 14:05:23 2013 +0200 Introduce <cpe32-item> element to the CPE parser. Addressing: OpenSCAP Error: Unknown XML element in CPE dictionary, local name is 'cpe23-item'. [cpedict_priv.c:714] Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 16 15:55:33 2013 +0200 Exposed xccdf_tailoring_new Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 15 17:09:40 2013 +0200 Exposed a function to add profile to xccdf_tailoring Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 15 13:26:30 2013 +0200 Fail to inject AI asset id ref when report doesn't contain any element Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 13 15:57:39 2013 +0200 tests: trac#332: Fondle info module with inbuilt CPE dict Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 13 15:35:14 2013 +0200 tests: trac#333: Make sure that validate-xml behaves as validate Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 13 15:21:30 2013 +0200 trac#333: We still maintain validate-xml option Addressing: oscap cpe validate-xml /cpe/openscap-cpe-dict.xml Segmentation fault #0 0x000000000040bf77 in app_cpe_validate (action=0x7fffffffd9a0) at oscap-cpe.c:198 #1 0x00000000004077d0 in oscap_module_call (action=0x7fffffffd9a0) at oscap-tool.c:261 #2 oscap_module_process (module=0x614840 <CPE_VALIDATE_XML>, module@entry=0x6139a0 <OSCAP_ROOT_MODULE>, argc=argc@entry=4, argv=argv@entry=0x7fffffffdc08) at oscap-tool.c:346 #3 0x000000000040683f in main (argc=4, argv=0x7fffffffdc08) at oscap.c:78 Introduced by c5d058015ccbfebacbb9ba043ca21bd0cd4a0b2a. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 13 14:59:02 2013 +0200 tests: Validate inbuilt CPE Dictionary file. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 13 14:31:34 2013 +0200 tests: for oscap's inbuilt CPE Dictionary. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 13 14:06:08 2013 +0200 oscap's version info should be consistent with man page. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 13 13:57:12 2013 +0200 trac#332: The generator element is not cumpulsory within CPE Dict. Addressing: $ oscap info cpe/openscap-cpe-dict.xml Document type: CPE Dictionary Segmentation fault No locals. dict_model = 0x6288c0 gen = 0x0 doc_type = OSCAP_DOCUMENT_CPE_DICTIONARY result = 1 (...) Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 6 19:21:41 2013 +0200 Do not use isnan on enums, doing so will fail to compile on Solaris Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 6 16:12:07 2013 +0200 Enlargement, small letters in the main heading look uncomely. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 2 14:44:02 2013 +0200 Stop target-id-ref duplicate scan when non-matching element is found (ARF) The specification allows us to save a few cycles in this code. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 5 10:42:57 2013 +0200 Remove trailing whitespace Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 5 10:39:52 2013 +0200 Update results_to_html stylesheet from The Mitre Corporation. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 2 12:16:57 2013 +0200 Inject target-id-ref into TestResults when constructing ARF from them Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 31 16:50:37 2013 +0200 Output <benchmark> in TestResult where applicable This helps to satisfy requirements in ARFs where we have to have these benchmark hints. It might also help elsewhere, so we are providing this backref always when we can. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 30 16:29:39 2013 +0200 Export XCCDF/TestResult/target-address with fully expanded IPv6es Sometimes this is enforced in datastreams by schematrons, sometimes it's not. It generally doesn't hurt anything to always expand so that's what we do. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 30 13:42:56 2013 +0200 Refactored oscap_expand_ipv6 into a function in common/util.h Previously, we only needed it for RDS compose. Now we also want it for TestResult/target-address elements. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jul 17 12:30:29 2013 +0200 Plug a memory leak. Addressing: Resource "cpe_it" is not freed or pointed-to in function "oscap_htable_iterator_next_kv(struct oscap_htable_iterator *, char const **, void **)". Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Jul 17 11:26:06 2013 +0200 openscap-0.9.11 Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 17 11:20:56 2013 +0200 SCE tests can not depend on whether there are unconfined daemons Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Jul 17 10:48:29 2013 +0200 [tests] rpminfo - don't use packages installed for multiple architectures Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Jul 16 13:55:34 2013 +0200 bump version in spec files Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Jul 16 13:44:54 2013 +0200 openscap-0.9.11 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 15 17:39:15 2013 +0200 [probes] PROBE_ENT_STRVAL: Fixed a possible use after free bug Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 15 17:35:56 2013 +0200 [probes] environmentvariable58, selinuxsecuritycontext: Pass OVAL_DATATYPE_INT values as 64bit ints to probe_item_create Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 15 15:29:48 2013 +0200 [OVAL/probes] Make sure S-exps are initialized before we initialize anything else in the probe session Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 15 15:50:40 2013 +0200 Accept NULL as ID when looking up report-requests in ARFs Passing NULL effectively makes any ID acceptable, the function returns the first encountered report-request. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 15 15:21:59 2013 +0200 Do not segfault indexing an invalid ARF (no relationships element) Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Jul 15 15:24:17 2013 +0200 don't enable ENABLE_SCE with --enable-selinux-policy Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Jul 12 14:52:34 2013 +0200 openscap-0.9.10 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jul 12 11:41:18 2013 +0200 [OVAL] Refactored the oval_probe_meta_list function - fixed an overflow of probe_path buffer by strncpy - fixed a potential invalid read access to probe_path by fprintf if the verbose flag is set Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Jul 11 13:02:13 2013 +0200 tests/probes/xinetd: don't use $(SHELL) -x Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Jul 11 11:47:55 2013 +0200 skip test_probes_runlevel_B if there's no SysVinit service enabled Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Jul 10 22:09:55 2013 +0200 openscap-0.9.9 Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Jul 10 21:47:40 2013 +0200 add Red Hat Enterprise Linux 7 to the default CPE dictionary Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Jul 10 16:32:50 2013 +0200 bump version Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 9 14:08:45 2013 +0200 Do not crash when oscap_text has NULL as lang Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 8 11:02:36 2013 +0200 Drop bindings_clearable attribute of result_test. It should be always true. Thus not holding any information. This change also fixes memory leak of result_test_clone, which set the bindings_clearable to false and cloned bindings. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 8 10:55:34 2013 +0200 Plug a memeory leakage. The result_test needs to own the variable_bindings. That is because of bindings referenced through the state which are always created new. Addressing: 16 bytes in 2 blocks are indirectly lost in loss record 1 of 3 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4C56F38: __oscap_alloc (alloc.c:52) by 0x4C830DD: oval_collection_new (oval_collection.c:69) by 0x4C77B83: oval_variable_binding_new (oval_variableBinding.c:113) by 0x4C71830: oval_result_test_eval (oval_resultTest.c:1521) by 0x4C6CCEC: oval_result_criteria_node_eval (oval_resultCriteriaNode.c:357) by 0x4C6CD4C: oval_result_criteria_node_eval (oval_resultCriteriaNode.c:348) by 0x4C6D906: oval_result_definition_eval (oval_resultDefinition.c:154) by 0x4C6ED3A: oval_result_system_eval_definition (oval_resultSystem.c:381) by 0x4C61D37: oval_agent_eval_rule (oval_agent.c:560) by 0x4CB050B: xccdf_policy_evaluate_cb.constprop.5 (xccdf_policy.c:434) by 0x4CB1F83: xccdf_policy_item_evaluate (xccdf_policy.c:1100) 32 bytes in 2 blocks are indirectly lost in loss record 2 of 3 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4C56F38: __oscap_alloc (alloc.c:52) by 0x4C83195: oval_collection_add (oval_collection.c:106) by 0x4C7185F: oval_result_test_eval (oval_resultTest.c:1530) by 0x4C6CCEC: oval_result_criteria_node_eval (oval_resultCriteriaNode.c:357) by 0x4C6CD4C: oval_result_criteria_node_eval (oval_resultCriteriaNode.c:348) by 0x4C6D906: oval_result_definition_eval (oval_resultDefinition.c:154) by 0x4C6ED3A: oval_result_system_eval_definition (oval_resultSystem.c:381) by 0x4C61D37: oval_agent_eval_rule (oval_agent.c:560) by 0x4CB050B: xccdf_policy_evaluate_cb.constprop.5 (xccdf_policy.c:434) by 0x4CB1F83: xccdf_policy_item_evaluate (xccdf_policy.c:1100) by 0x4CB2D75: xccdf_policy_evaluate (xccdf_policy.c:2212) 80 (32 direct, 48 indirect) bytes in 2 blocks are definitely lost in loss record 3 of 3 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4C56F38: __oscap_alloc (alloc.c:52) by 0x4C77B73: oval_variable_binding_new (oval_variableBinding.c:108) by 0x4C71830: oval_result_test_eval (oval_resultTest.c:1521) by 0x4C6CCEC: oval_result_criteria_node_eval (oval_resultCriteriaNode.c:357) by 0x4C6CD4C: oval_result_criteria_node_eval (oval_resultCriteriaNode.c:348) by 0x4C6D906: oval_result_definition_eval (oval_resultDefinition.c:154) by 0x4C6ED3A: oval_result_system_eval_definition (oval_resultSystem.c:381) by 0x4C61D37: oval_agent_eval_rule (oval_agent.c:560) by 0x4CB050B: xccdf_policy_evaluate_cb.constprop.5 (xccdf_policy.c:434) by 0x4CB1F83: xccdf_policy_item_evaluate (xccdf_policy.c:1100) by 0x4CB2D75: xccdf_policy_evaluate (xccdf_policy.c:2212) Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 8 10:09:07 2013 +0200 Revert "Plug a memory leak." There are other related leaks to variable_bindings. We need to fix it the other way around. That means to always copy variable_bindings to the result_test. This reverts commit baebd8577df144e94370d00ed8931c835bc3db71. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 8 09:37:40 2013 +0200 tests: Remove $(check_DATA), which has no special meaning It was perhaps created by copying of unittests/Makefile.am Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 8 00:26:40 2013 +0200 Insert some unreachable code to calm down compiler Addressing: oval_probe_hint.c: In function '_oval_probe_hint_criteria': oval_probe_hint.c:90:1: warning: control reaches end of non-void function Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Jul 7 22:48:52 2013 +0200 tests: change sorting of collected objects in the referential file This test has started to fail after the exporting data type was changed from string_map to smc. Previously, the results were exported in reverted order. Now they are exported in lexicological order. Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Jul 7 22:40:51 2013 +0200 Do not try to free NULL value. Addressing: Program received signal SIGSEGV, Segmentation fault. user=0x7ffff7d8e5a0 <oval_collection_free>) at rbt_common.c:123 user=<optimized out>) at rbt_str.c:80 parent=parent@entry=0x0, resolver=resolver@entry=0x0, user_arg=user_arg@entry=0x0) at oval_sysModel.c:394 Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Jul 7 22:32:37 2013 +0200 tests: varible_instance within the system characteristics model. Assert that the very same xmlfilecontent item is evaluated twice. Each time with different inputs (filepath) and output (found node). Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Jul 6 23:18:02 2013 +0200 tests: Assert for object/@variable_instance export. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Jul 6 23:10:19 2013 +0200 Start exporting object/@variable_instance That is required by schematron assertions introduced by previous changeset. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Jul 6 22:58:27 2013 +0200 tests: variable_instance tests should execute schematron Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Jul 6 22:55:36 2013 +0200 `oscap oval validate-xml` takes all file formats not only the 'Definitions'. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Jul 6 22:35:46 2013 +0200 Refactor: Extract function: oval_syschar_get_id Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Jul 6 22:07:29 2013 +0200 tests: Expect multiple collected objects for different variable sets Since the previous changeset, we create new collected objects and items when evaluating twice; each time with different variable values. Note that in this particular test scenario the variable (and its new values) are bound to a state. That could allow us to re-use existing syschar. When evaluating the test we could compare the object twice each time with a different state. In that case we would have only one set of collected objects/items. However, we choose to take fresh object/item for each value set. This will allow us to analyze (oscap oval analyze) more efficiently. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Jul 6 21:49:37 2013 +0200 Leverage the variable_instance_hint of syschar creating new collected object (syschar) when probing the very same object for another time. The hint suggests that there are new values bound in the model. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Jul 6 20:48:29 2013 +0200 Set variable_instance_hint for collected object when a new value is bind. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Jul 6 21:11:17 2013 +0200 Introduce the variable_instance_hint of collected objects The hint has meaning that any possible future probe_query of the given syschar (collected object) neets to create a new syschar and not re-use the old one. In other words, any next run of oval_probe_query_*() needs to collect object with the variable_instance equal to variable_instance_hint. This is a concept analogous to variable_instance_hint of oval_result_definition which has been recently introduced. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Jul 6 21:01:55 2013 +0200 Introduce the @variable_instance attribute of collected objects. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Jul 6 19:01:28 2013 +0200 Refactor: change data type which holds collected_objects This should not change behavior thou. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jul 4 17:17:58 2013 +0200 Refactor: rename static function. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jul 4 17:15:18 2013 +0200 Fix the leakage in result_system_clone() This leakage was never exposed because it is not used by OpenSCAP. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jul 4 16:39:36 2013 +0200 Document basic structures in system characteristics data model. Some of the names felt counter-intuitive to novices like me. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jul 4 15:00:37 2013 +0200 tests: Extend oval definition file And amend existing test assertions to reflect the new content. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jul 4 14:39:49 2013 +0200 Plug a memory leak. We should not strdup the value here. This function also sets the bindings_clearable to false which indicates that binding values shall not be freed. Addressing: 8 bytes in 2 blocks are indirectly lost in loss record 1 of 4 at 0x4A06409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x3858686349: strdup (strdup.c:42) by 0x4C5BF1A: oscap_strdup (util.c:65) by 0x4C7185C: oval_result_test_eval (oval_resultTest.c:1530) by 0x4C6CCEC: oval_result_criteria_node_eval (oval_resultCriteriaNode.c:357) by 0x4C6CD4C: oval_result_criteria_node_eval (oval_resultCriteriaNode.c:348) by 0x4C6D906: oval_result_definition_eval (oval_resultDefinition.c:154) by 0x4C6ED3A: oval_result_system_eval_definition (oval_resultSystem.c:381) by 0x4C61D37: oval_agent_eval_rule (oval_agent.c:560) by 0x4CB050B: xccdf_policy_evaluate_cb.constprop.5 (xccdf_policy.c:434) by 0x4CB1F83: xccdf_policy_item_evaluate (xccdf_policy.c:1100) by 0x4CB2D75: xccdf_policy_evaluate (xccdf_policy.c:2212) Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 4 12:15:47 2013 +0200 Simplified the _xccdf_session_export_oval_result_file filename logic We explicitly fail when oval_session has a NULL filename, previously we would mangle up a nonsensical destination file based on the '(none)' string. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 3 17:16:26 2013 +0200 Check filename before letting oscap_acquire_url_is_supported dereference Related to coverity report: /root/openscap/src/XCCDF/xccdf_session.c:1014: check_after_deref: Null-checking "filename" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 3 17:02:55 2013 +0200 Removed unused variable from sds.c Related to coverity report: /root/openscap/src/DS/sds.c:780: returned_pointer: Pointer "component_ref" returned by "ds_sds_find_component_ref(datastream, cref_id)" is never used. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jul 3 13:28:12 2013 +0200 tests: Assert that variable file 1 was not created. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jul 3 10:18:56 2013 +0200 tests: change sorting of tests in the referential file The test has started to fail after the exporting data type was changed from string_map to smc. Previously, the results were exported in reverted order. Now they are exported in lexicological order. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jun 18 16:35:03 2013 +0200 tests: Assert for @variable_instance and TestedVariableType Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jul 3 09:30:08 2013 +0200 XML export of multiple tests with various variable_instance attributes The export of OVAL result is driven by input definitions and directives. It can happen (given a directive) that there are two result-definitions for a single definition and only one (be it variable_instance="2" should be exportted to XML. Then all the result-tests with variable_instance="2" should be exported along. While, the very same set of result-tests with variable_instance="1" shall be ommitted from export. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jul 3 09:27:42 2013 +0200 New oval_smc operation: append only if not exists already. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jul 3 08:38:09 2013 +0200 Correct an unfortunate typo. Addressing: In file included from oval_smc_iterator.c:39: oval_smc_impl.h:48: error: redefinition of typedef 'oval_smc_user_clone_func' oval_smc_impl.h:48: error: previous declaration of 'oval_smc_user_clone_func' was here make[4]: *** [libovaladt_la-oval_smc_iterator.lo] Error 1 Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jul 2 14:56:51 2013 +0200 Refactor change input type of oval_scm_iterator_new() Previously, there was the oval_scm structure, the oval_scm_iterator took oval_string_map. Now it can take oval_scm instead. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jul 2 14:48:24 2013 +0200 Refactor: Migrate result tests map to oval_smc structure. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jul 2 14:20:43 2013 +0200 Refactor: Migrate result definitions map to oval_smc structure. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jul 2 13:23:52 2013 +0200 Implement polymorphic clone function for oval_smc structure. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jul 2 10:31:45 2013 +0200 Introduce new data type scm: synergy of oval_string_map and oval_collection 1 to M mapping is needed by increasing number of other modules. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jul 2 10:27:56 2013 +0200 Correct editorial of newly added privilidged module interface. Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 2 13:32:35 2013 +0200 tests: correction to a cpe test Modify the default_cpe test to match RHEL versions such as "redhat-release-server-6Server-6.3.0.3.el6_3.x86_64". Why this wasn't discovered earlier is a mystery. See you soon. Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jul 1 23:16:24 2013 +0200 tests: check var bindings for filters in objects Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 2 09:43:43 2013 +0200 oval: collect var refs from object filters Originaly, filters were permitted only inside the 'set' element. Since OVAL 5.8, filters are also permitted inside objects. Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jul 1 21:42:55 2013 +0200 tests: check var bindings for variable_object Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 2 10:26:34 2013 +0200 oval: collect var refs from variable_object Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 2 10:31:39 2013 +0200 [probes] Added new offline mode: rpm database scan - generalized offline mode support so that it allows sub-modes and combining them at run-time - updated probes to correctly set which modes they support Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jul 2 09:08:27 2013 +0200 Refactor: Extract iterator's implementation to generic module. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 17:58:02 2013 +0200 Introduce iterator for StringMap/Collection structures. Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jul 1 23:07:50 2013 +0200 tests: more verbose assert_exists() helper function Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 16:59:24 2013 +0200 A typo correction. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 15:44:51 2013 +0200 Move oval_stringMap.c to adt/oval_string_map.c Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 15:34:51 2013 +0200 Drop include of oval_string_map_impl.h There is no reason why it should be included. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 15:22:20 2013 +0200 Move oval_string_map_impl.h to adt/ subdir. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 15:12:32 2013 +0200 Move oval_collection.c to adt/ subdir. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 14:26:38 2013 +0200 Move oval_collection_impl.h to adt/ subdir. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 14:09:49 2013 +0200 Do not include oval_agent_api_impl.h from oval_system_characteristics_impl.h That is possible after peceding cleaning commits. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 14:08:02 2013 +0200 Include oval_agent_api_impl.h because of OVAL_SYSCHAR_NAMESPACE Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 14:00:49 2013 +0200 Include oval_agent_api_impl.h because of OVAL_RESULTS_NAMESPACE Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 13:53:39 2013 +0200 Include oval_agent_api_impl.h because of OVAL_DEFINITIONS_NAMESPACE Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 13:52:09 2013 +0200 Include oval_agent_api_impl.h because of OVAL_SUPPORTED Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 13:50:51 2013 +0200 Include oval_agent_api_impl.h because of OVAL_ENUMERATION_INVALID Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 14:52:57 2013 +0200 Never forget to modify ac_probes when touching ./configure.ac The related changeset was: fbc741e054e455769893aba578eb0a5991976353 Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 1 15:50:59 2013 +0200 Merge branch 'benchmark_id-devel' Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 1 15:47:11 2013 +0200 Updated man page with info about --benchmark-id Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 1 14:51:48 2013 +0200 Test selecting by benchmark-id when there are conflicts Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 1 14:43:59 2013 +0200 Added 2 tests that select benchmarks by ID in SDS Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 13:44:12 2013 +0200 Include collectVarRefs_impl.h because of oval_ste_collect_var_refs Addressing: oval_resultTest.c: In function '_oval_result_test_initialize_bindings': oval_resultTest.c:1508:3: warning: implicit declaration of function 'oval_ste_collect_var_refs' Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 13:43:04 2013 +0200 Include collectVarRefs_impl.h because of oval_obj_collect_var_refs Addressing: oval_probe.c: In function 'oval_probe_query_object': oval_probe.c:279:3: warning: implicit declaration of function 'oval_obj_collect_var_refs' Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 13:20:20 2013 +0200 tests: Remove test products at the very end. Addressing: ERROR: files left in build directory after distclean: ./tests/API/OVAL/report_variable_values/report_variable_values.stderr.AStvL5 ./tests/API/OVAL/report_variable_values/report_variable_values.res.Er7vfK.xml Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 13:15:52 2013 +0200 Clean the log files after distcheck Addressing: ERROR: files left in build directory after distclean: ./tests/API/OVAL/report_variable_values/report_variable_values.log Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 11:27:51 2013 +0200 Do not include oval_definitions_impl.h from oval_system_characteristics_impl.h This dependency can be dropped after preceding commits which cleaned missing dependencies from *.c files. Note that we should be able to logicaly separate various *_impl.h header files which depend on each other often without well founded reason. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 11:23:49 2013 +0200 include oval_parser_impl.h because of struct oval_parser_context Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 11:00:34 2013 +0200 include oval_agent_api_impl.h beacause of OVAL_SYSCHAR_NAMESPACE Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 10:53:29 2013 +0200 include oval_definitions_impl.h because of oval_record_field_parse_tag Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 10:51:50 2013 +0200 include oval_definitions_impl.h because of oval_message_parse_tag Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 10:25:25 2013 +0200 OVAL collection should not depend on privilidged interface of definitions. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 10:20:10 2013 +0200 Extract common structures to separate public header file oval_string_iterator is used not only by definition model but also by other models. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 09:56:20 2013 +0200 tests: Extend test to assert for @variable_instance attribute In the definitions part of the result model. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jul 1 09:28:07 2013 +0200 Do not flush system characteristics model Variable Instance Implementation (8/8) Addressing: Invalid read of size 8 at 0x4C8E481: oval_sysitem_get_id (oval_sysItem.c:151) by 0x4C80EF0: oval_result_item_to_dom (oval_resultItem.c:189) by 0x4C875A7: oval_result_test_to_dom (oval_resultTest.c:1769) by 0x4C822F2: oval_result_system_to_dom (oval_resultSystem.c:540) by 0x4C6C9B2: oval_results_to_dom (oval_resModel.c:258) by 0x4C6CA6F: oval_results_model_export (oval_resModel.c:279) by 0x4CF5ED1: _xccdf_session_export_oval_result_file (xccdf_session.c:1010) by 0x4CF6098: xccdf_session_export_oval (xccdf_session.c:1047) by 0x40BA9A: app_evaluate_xccdf (oscap-xccdf.c:483) by 0x407AA0: oscap_module_call (oscap-tool.c:261) by 0x407F1D: oscap_module_process (oscap-tool.c:346) by 0x406966: main (oscap.c:78) Address 0x55f5390 is 16 bytes inside a block of size 48 free'd at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4C59756: __oscap_free_dbg (alloc.c:184) by 0x4C8E37E: oval_sysitem_free (oval_sysItem.c:113) by 0x4C8B9A9: __oval_string_map_node_free (oval_stringMap.c:248) by 0x4CA8E13: rbt_free2 (rbt_common.c:139) by 0x4CACF81: rbt_str_free_cb2 (rbt_str.c:80) by 0x4C8BA79: oval_string_map_free (oval_stringMap.c:255) by 0x4C6B520: oval_syschar_model_reset (oval_sysModel.c:154) by 0x4C68A5F: oval_agent_reset_session (oval_agent.c:211) by 0x4C691BD: _oval_agent_resolve_variables_conflict (oval_agent.c:440) by 0x4C6926F: oval_agent_resolve_variables (oval_agent.c:463) by 0x4C696AC: oval_agent_eval_rule (oval_agent.c:546) Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jun 28 19:53:40 2013 +0200 Refactor: Extract function: _oval_agent_get_first_result_system Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jun 28 19:01:23 2013 +0200 Refactor: Extract function: oval_result_definition_get_id Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jun 28 18:47:58 2013 +0200 Refactor: Extract function: oval_result_test_get_id Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jun 28 17:42:45 2013 +0200 Export definition/@variable_instance=1 to XML When it is probable that there is another definition with @variable_instance=2. Note that @variable_instance=1 is default, and we export it only to hint human readers. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jun 28 17:31:29 2013 +0200 Export all OVAL result definitions, not only the latest one Variable Instance Implementation (7/8) Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jun 28 17:12:25 2013 +0200 Refactor: Extract function: _oval_result_definition_to_dom_based_on_directives Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jun 28 16:16:38 2013 +0200 OVAL agent shall not reset result model, it should hold multiple results instead Variable Instance Implementation (6/8) The @variable_instance was popular, fancy, reoccuring, and headachy phenomenon. As everything which cannot last forever, this phenomenon must go. Special thanks goes to Tomas Heinric for patient and deeply thoughful opponencies. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jun 28 14:45:50 2013 +0200 Allow multiple result_tests of the same id within result_system Variable Instance Implementation (5/8) Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jun 28 07:36:11 2013 +0200 Allow variable_instance to be set during result model creation Variable Instance Implementation (4/8) For start we always pass variable_instance=1 everywhere. In the next changeset I will make it less useless. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jun 27 17:35:13 2013 +0200 Introduce variable_instance_hint to each result_definition Variable Instance Implementation (3/8) The hint has meaning that any possible future evaluation of the given definition needs to create new result-definition and not re-use the old one. In other words, the new oval_probe_query_* has to be collected with the new variable_instance set. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jun 27 17:23:35 2013 +0200 Allow multiple result_definitions of the same id within result_system Variable Instance Implementation (2/8) Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jun 27 16:53:01 2013 +0200 Introduce mapping between variables and definitions in definition_model. Variable Instance Implementation (1/8) That will come in handy when binding a new value to a variable which was already assigned with another value (multiset). Such new binding may require that some of the result_definitions needs to be "probed" again if evaluated. This mapping helps determine which definitions are dependent on a given variable. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jun 18 16:23:21 2013 +0200 tests: Exaluation of multiset This test remains unfinished. It only asserts for parts which are working correctly. The completion of this test is blocked by OpenSCAP not implementing TestedVariableType. Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jun 26 17:04:53 2013 +0200 tests: verify exported variable values Variable values need to be exported in the 'system characteristics' and 'results' OVAL documents. This test verifies all values are exported as expected. Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jul 1 11:46:42 2013 +0200 oval: report bindings referenced through a state When a test references a state that uses variables, those variables have to be reported in the OVAL results document. Previously, this was done only for objects and states were ommited by mistake. Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jul 1 11:43:54 2013 +0200 oval: shuffle var-ref-collect code around It needs to be called from two places: to create a syschar and to create a result test. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jun 28 15:09:19 2013 +0200 Added missing API documentation for benchmark_id selection Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jun 28 14:27:11 2013 +0200 Initial --benchmark-id oscap option implementation Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jun 24 18:28:03 2013 +0200 Be consistent with --results-arf, act the same regardless of --oval-results To achieve this we mkdir_p into the temporary directory in case the oval result files have relative path containing at least one folder. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jun 24 15:26:48 2013 +0200 Output OVAL results from CPEs when using --oval-results Pack the result XMLs to ARFs when asked to do so. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jun 19 11:59:45 2013 +0200 Plug a memory leak. Addressing: src/OVAL/probes/probe/input_handler.c:242: leaked_storage: Variable probe_in going out of scope leaks the storage it points to. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jun 19 11:50:33 2013 +0200 Plug a memory leak in colander. Addressing: utils/oscap-info.c:371: leaked_storage: Variable "report_it" going out of scope leaks the storage it points to. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jun 19 11:45:02 2013 +0200 Plug a memory leak. Addressing: src/XCCDF/xccdf_session.c:469: leaked_storage: Variable cpe_it going out of scope leaks the storage it points to. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jun 17 11:11:00 2013 +0200 Some of libxml2 bugfixes improve processing of DataStreams See rhbz#884707, rhbz#877348. Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Jun 17 08:21:48 2013 +0200 openscap-0.9.8 Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jun 14 13:12:09 2013 +0200 tests: Export variable set and its sub-set (multiset, multival) Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jun 14 13:07:17 2013 +0200 tests: Export variable set and its super-set (multiset, multival) Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jun 14 11:29:17 2013 +0200 tests: Export of the same (although shuffled and doubled) values (multival) Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jun 13 16:10:03 2013 +0200 tests: Export of the same (although shuffled) values (multival) Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jun 13 16:01:18 2013 +0200 Improve process of variable-conflicts recognition Note that comparison of two lists based on equality of its first elements can be considered naive. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jun 13 12:33:18 2013 +0200 Refactor: Extract function: _oval_agent_resolve_variables_conflict Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jun 13 12:31:36 2013 +0200 tests: Export two variables tupples (multival and multiset) Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jun 12 16:13:47 2013 +0200 tests: Export the same variables twice (multival and not multiset). Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jun 12 16:12:24 2013 +0200 tests: use correct profile other it only duplicates other tests Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 13 11:05:20 2013 +0200 Merge branch 'offline-mode' Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 13 10:56:38 2013 +0200 [XCCDF] Don't allow remediation in offline mode Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jun 12 15:00:02 2013 +0200 tests: Export the very same value twice in a single batch Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jun 12 14:00:36 2013 +0200 Bind multiple values from XCCDF to OVAL (multival) There are two antagonistic scenarios to consider: - 1) export non-first value from multival - 2) export the same value (or multival) by another batch Then, there is possibly - 3) export the same value multiple times as part of single batch This amendment improves behavior of the first scenario, while not changing behaviour of other two. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jun 11 18:20:09 2013 +0200 tests: Export the very same variable from XCCDF to OVAL twice Author: Simon Lukasik <slukasik@redhat.com> Date: Fri May 31 16:31:22 2013 +0200 tests: Export of variable instances from XCCDF to OVAL Author: Simon Lukasik <slukasik@redhat.com> Date: Fri May 31 16:34:31 2013 +0200 tests: Do not be afraid to use the alphabet. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jun 11 15:04:41 2013 +0200 Minor spelling mistakes. Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jun 10 15:21:16 2013 +0200 Print result of evaluation of a definition even when we use "--id" option Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jun 10 14:33:57 2013 +0200 fixing manual page statement about return code for OVAL evaluation was not correct. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jun 10 14:51:41 2013 +0200 Print all the idents of a rule while scanning in oscap tool Previously we only displayed the last parsed ident. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jun 10 11:23:24 2013 +0200 Missing include directive Addressing: sds.c:763:5: warning: implicit declaration of function 'oscap_acquire_url_is_supported' Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jun 10 11:19:53 2013 +0200 Remove unused label. Addressing: oscap-ds.c:350:1: warning: label ‘cleanup’ defined but not used Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jun 10 10:54:02 2013 +0200 Do not dirty your hands with magic constants. And remember that cleanliness is half your health. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jun 10 10:37:30 2013 +0200 OVAL definition parser shall jump on the first XML element skipping all of the XML comments on its way. Addressing errors of evaluation of: DoD Consensus Security Configuration Checklist for Red Hat Enterprise Linux 5 (2.0) Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jun 7 15:47:46 2013 +0200 Print test results in XCCDFs inside source datastreams in 'oscap info' Previously we only printed them for XCCDFs as standalone files. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jun 7 15:42:34 2013 +0200 Print check files referenced by XCCDF with 'oscap info' Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jun 7 11:58:56 2013 +0200 Added tests for CPE2 referencing something from external CPE dictionary Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jun 3 14:16:05 2013 +0200 Do not include remote components in the DataStream Addressing: "OpenSCAP Error: Unable to open file: '/root/http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml' [oscapxml.c:565] Could not found file /root/http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml: No such file or directory. [sds.c:531]" Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jun 3 11:46:23 2013 +0200 Correct spelling to resemble more standard English. Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu May 30 17:10:14 2013 +0200 bumb version Author: Simon Lukasik <slukasik@redhat.com> Date: Wed May 29 15:03:19 2013 +0200 Dead code removal Suffixes of filenames are no longer used, since their limited reliability. Addressing: sds.c:478:13: warning: 'strendswith' defined but not used [-Wunused-function] Author: Simon Lukasik <slukasik@redhat.com> Date: Wed May 29 14:57:00 2013 +0200 Eliminate gcc warnings from rds_index. Some versions of string.h define index() function. Addressing: warning: declaration of 'index' shadows a global declaration Author: Martin Preisler <mpreisle@redhat.com> Date: Tue May 21 14:02:20 2013 +0200 Few typos and other minor issues in the man page fixed Author: Martin Preisler <mpreisle@redhat.com> Date: Tue May 21 13:57:16 2013 +0200 Added bug reporting info to the man page Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon May 13 15:43:56 2013 +0200 [probes] family, rpminfo: enable in offline mode, these probes are heavily used to detect the operating system and platform - The family probe doesn't detect the platform at run-time, this has to be fixed. For now, the platforms of the scanning and scanned machine must match to get sane results. - The rpm* probes emit warnings about /proc not being mounted, so that's an indication that these probe may not behave correctly when run in offline mode (inside a different root directory) Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon May 13 15:42:07 2013 +0200 [probes] Change the default result flag if offline mode is not supported to not applicable Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon May 13 15:10:42 2013 +0200 [probes] Short circuit evaluation of the current object if offline mode isn't supported Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon May 13 14:22:25 2013 +0200 [probes] Enable offline mode support for probes which work with files only Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon May 13 13:55:52 2013 +0200 [probes] system_info: implemented offline mode support - when in offline mode, get the system information from environment - the probe caller is responsible for setting sane values for the following environment variables: - OSCAP_PROBE_OS_NAME - OSCAP_PROBE_OS_VERSION - OSCAP_PROBE_ARCHITECTURE - OSCAP_PROBE_PRIMARY_HOST_NAME Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon May 13 13:55:00 2013 +0200 [probes] Accept a NULL pointer as an argument to the offline mode option handler Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu May 9 13:57:39 2013 +0200 [probes] Refactored the probe_{set,get}option API - moved the code to a separate file, we don't want to add the required global symbols to the library - implemented the offline mode option - added support for the "get" operation from the public API Author: Martin Preisler <mpreisle@redhat.com> Date: Tue May 7 17:03:24 2013 +0200 Be more robust when splitting ARF into a non-existent dir The directory is created if non-existent, if this fails error is reported. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue May 7 16:32:18 2013 +0200 Refactored ds_common_mkdir_p out of sds.c so that it can be reused Author: Martin Preisler <mpreisle@redhat.com> Date: Mon May 6 20:27:39 2013 +0200 Check return value of mkdir, be more robust in mkdir_p in SDS Author: Martin Preisler <mpreisle@redhat.com> Date: Mon May 6 14:33:57 2013 +0200 Added rds-split to the manpage, slight documentation fix in oscap-ds.c Author: Simon Lukasik <slukasik@redhat.com> Date: Thu May 2 11:19:27 2013 +0200 tests: Do not hardcode /tmp directory The system might have different settings. Or the build system may forge its own temp dir. Addressing: + Multiple xccdf:TestResult elements FAIL: all.sh ++ cat /var/tmp/portage/app-forensics/openscap-0.9.7/temp/test_xccdf_multiple_testresults.out.Lit1Ly + '[' 'WARNING: Skipping /var/tmp/portage/app-forensics/openscap-0.9.7/temp/non_existent.oval.xml file which is referenced from XCCDF content' == 'WARNING: Skipping /tmp/non_existent.oval.xml file which is referenced from XCCDF content' ']' Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 30 17:43:56 2013 +0200 Merge branch 'rds_index-devel' Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 30 12:52:30 2013 +0200 Added missing xccdf_session.h to SWIG's openscap.i Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Apr 29 12:56:00 2013 +0200 [OVAL/probes] Added support for running probes within a custom root directory - oscap: added new --probe-root option - new environment variable OSCAP_PROBE_ROOT Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 26 14:41:03 2013 +0200 Documentation and code style fixes in rds_index Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Apr 26 13:44:58 2013 +0200 openscap-0.9.7 Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Apr 26 13:42:40 2013 +0200 bump libopenscap.so version to libopenscap.so.3.2.1 Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 25 16:35:33 2013 +0200 Fixed a typo that caused broken build with --enable-sce Build was broken in 49223a7467c5a190cec25b19083e3a0096bc356c Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 25 15:32:08 2013 +0200 Added missing test files to tests/DS/Makefile.am Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Apr 25 15:28:35 2013 +0200 rhbz#953069: Allocate SCE session before scanning This regression was introduced by d4ab011b3e25258b5f344429694e767a6ad7d9d8 Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Apr 25 13:50:46 2013 +0200 rhbz#953069: Do not iterate through nonexistent sce_session Addressing: Program received signal SIGSEGV, Segmentation fault. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Apr 25 11:30:40 2013 +0200 trac#304: Export @var_check together with @var_ref for states This also addresses rhbz#954368. Schematron validation asserts that each state content element which has @var_ref attribute defined has also the @var_check attribute. Addressing schematron errors like: oval:gov.nist.usgcb.rhel:ste:20354 - a var_ref has been supplied for the ind-def:subexpression entity so a var_check should also be provided Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 25 11:45:23 2013 +0200 Added a simple RDS/ARF split, compose roundtrip test Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Apr 25 11:16:17 2013 +0200 fedora: add openscpa-selinux sub-package Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Apr 24 15:53:50 2013 +0200 support DESTDIR for SELinux module files Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Apr 24 20:50:54 2013 +0200 In case of error, do not free XML context before we get error from it Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Apr 24 14:51:42 2013 +0200 Fixed and improved the rds_index_simple test Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Apr 24 14:46:56 2013 +0200 add oscap.* SELinux module files to dist Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Apr 23 19:36:30 2013 +0200 bumb version Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Apr 23 19:29:13 2013 +0200 fix probes test for new automake Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Apr 23 19:10:27 2013 +0200 openscap-0.9.6 Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Apr 23 18:49:52 2013 +0200 Added Fedora 19 to default CPE dictionary Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Apr 23 18:39:14 2013 +0200 bump libopenscap.so version to libopenscap.so.3.2.0 Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 23 18:25:34 2013 +0200 Initial implementation of RDS/ARF splitting Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Apr 23 15:38:09 2013 +0200 sync ac_probes/configure.ac.tpl with configure.ac after addc83da7cfcffc2e8a7c634c838b62fbbd76f26 Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 22 19:29:07 2013 +0200 Show requests and report in 'oscap info' for result datastreams Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 22 16:33:48 2013 +0200 The XSLT for bogus <sub> elements shall be distributed. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 22 16:21:47 2013 +0200 Added forgotten ARF to tests' Makefile.am Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 22 15:54:28 2013 +0200 Merge branch 'master' into rds_index-devel Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 22 15:31:14 2013 +0200 Include swig source directory in PYTHONPATH in the run script Else the openscap_api.py file wouldn't be found and tests would resort to using the system-wide openscap file. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 22 11:23:50 2013 +0200 Don't forget dependencies when adding of CPE Dictionary to DataStream Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 22 10:51:22 2013 +0200 The dictionaries must be the very first elements in the datastream Addressing: line 10: Element '{http://scap.nist.gov/schema/scap/source/1.2}dictionaries': This element is not expected. Expected is ( {http://scap.nist.gov/schema/scap/source/1.2}checks ). Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 22 10:29:10 2013 +0200 Plug a memory leak Addressing: at 0x4A074CD: malloc (vg_replace_malloc.c:236) by 0x407D28: getopt_ds (oscap-ds.c:175) by 0x4077FA: oscap_module_process (oscap-tool.c:338) by 0x4061DA: main (oscap.c:78) Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 22 10:24:57 2013 +0200 Plug a memory leak Addressing: 74 bytes in 1 blocks are definitely lost in loss record 2 of 2 at 0x4A074CD: malloc (vg_replace_malloc.c:236) by 0x4C579C1: __oscap_alloc_dbg (alloc.c:126) by 0x4C61FB0: ds_sds_mangle_filepath (sds.c:701) by 0x4C62CD1: ds_sds_compose_add_component (sds.c:1021) by 0x408364: app_ds_sds_add (oscap-ds.c:317) by 0x4073B2: oscap_module_call (oscap-tool.c:261) by 0x40783A: oscap_module_process (oscap-tool.c:346) by 0x4061DA: main (oscap.c:78) Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 22 10:21:38 2013 +0200 Free XML document after new component has been added successfully Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 22 10:13:59 2013 +0200 Validate output document after adding new component Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 22 10:01:07 2013 +0200 Create the ds:dictionaries element when adding cpe to DataStream This is crucial for `oscap ds sds-add` which often takes DataStream without any CPE Dictionary. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 22 09:56:05 2013 +0200 Even non-existent file deserves proper treatment Addressing: I/O warning : failed to load external entity "usgcb-rhel5desktop-ds.xml" Program received signal SIGSEGV, Segmentation fault. Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Apr 21 23:16:52 2013 +0200 Vanishing component-ref must not remain unnoticed. OpenSCAP shall fail when the component-ref was not added. Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Apr 21 22:46:58 2013 +0200 XSLT to remove xccdf:sub elements with broken @idref Rationale: Official USGCB guidance for RHEL 5 Desktop contains four <xccdf:sub> elements which refer to nonexistent values. These 4 elements remain unnoticed as long as the content is in XCCDF version 1.1. However, the XSD validation schema for XCCDF 1.2 is more strict and it is picking up on these. This XSL transformation comes in handy for those, who want to convert their USGCB to XCCDF 1.2. Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Apr 21 21:54:15 2013 +0200 tests: Add same components to the DataStream twice Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Apr 19 14:30:31 2013 +0200 docs: man pages shall include examplary usage of oscap tool Also adding people into the authors section. People can be recognized only when they raise their hands in the cubicle. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 18 17:53:52 2013 +0200 Regression test for rds indexing, tests that all assets are parsed in Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 18 17:12:32 2013 +0200 Merge branch 'master' into rds_index-devel Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 18 16:47:37 2013 +0200 Only put single paths into our path environment variables in run script openscap library does not parse the env var and split by :, it just uses it as a prefix as it is. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 18 16:42:13 2013 +0200 Parse relationships, use them after all else is loaded in RDS Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Apr 18 14:40:50 2013 +0200 Allow --cpe option for export-oval-variables Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Apr 17 13:57:54 2013 +0200 export-oval-variables shall succeed only when files were exported Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Apr 16 17:14:28 2013 +0200 textfilecontent54: be more tolerant of invalid regexps Author: Steve Grubb <sgrubb@redhat.com> Date: Tue Apr 16 13:33:52 2013 +0200 Remove redundant closedir() Author: Steve Grubb <sgrubb@redhat.com> Date: Tue Apr 16 13:32:49 2013 +0200 Plug several memleaks Author: Steve Grubb <sgrubb@redhat.com> Date: Tue Apr 16 13:25:52 2013 +0200 Plug several memleaks Author: Steve Grubb <sgrubb@redhat.com> Date: Tue Apr 16 13:13:04 2013 +0200 Remove unused variable Author: Steve Grubb <sgrubb@redhat.com> Date: Tue Apr 16 11:55:39 2013 +0200 Plug several memleaks Author: Steve Grubb <sgrubb@redhat.com> Date: Tue Apr 16 11:49:42 2013 +0200 Pass a struct function arg indirectly Author: Steve Grubb <sgrubb@redhat.com> Date: Tue Apr 16 11:11:16 2013 +0200 Bail out after a failure Author: Steve Grubb <sgrubb@redhat.com> Date: Tue Apr 16 11:00:40 2013 +0200 Plug a memleak Author: Steve Grubb <sgrubb@redhat.com> Date: Tue Apr 16 10:53:13 2013 +0200 Limit copied string length Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Apr 16 16:54:21 2013 +0200 Update build-time deps list in the README file Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 16 15:13:11 2013 +0200 The initial preliminary version of RDS index Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 16 11:53:04 2013 +0200 Do not remove 'run' script with make clean, only with distclean Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Apr 15 21:55:40 2013 +0200 [OVAL/probes] Print a human readable form of the OVAL object subtype when reporting an error Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Apr 15 21:49:19 2013 +0200 [probes/SEAP] Fixed SEAP error packet parsing and processing Some members (incl. the error queue) of the SEAP descriptor were not properly initialized. Fixed by adding initialization code. Also fixed the error packet parsing where a wrong S-exp ref was used to extract the attribute values. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 15 20:24:42 2013 +0200 Fixed Makefile.am and run.in to work with 'make distcheck' Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 15 19:14:59 2013 +0200 Fixed oscap_debug.log.* entry and added SCE related files to gitignore Author: Richard W.M. Jones <rjones@redhat.com> Date: Mon Apr 15 15:02:46 2013 +0100 gitignore: Reorganize this file, anchoring paths with leading '/' where necessary. Signed-off-by: Martin Preisler <mpreisle@redhat.com> Author: Richard W.M. Jones <rjones@redhat.com> Date: Mon Apr 15 15:02:45 2013 +0100 gitignore: Ignore output from tests. Signed-off-by: Martin Preisler <mpreisle@redhat.com> Author: Richard W.M. Jones <rjones@redhat.com> Date: Mon Apr 15 15:02:44 2013 +0100 Add ./run script. In libguestfs & libvirt we have very successfully use a ./run script in the top level directory to set environment variables so the program can be run from the local directory. eg: ./run utils/oscap oval eval [...] or: ./run gdb --args utils/oscap oval eval [...] or from another project that uses openscap libraries: ../openscap/run ./another-program The same idea appears in the utils/oscap-local.sh script, but ./run is more flexible since it can also be used for tests, or for running any external program that happens to use the openscap libraries. As well as being easier to type. Signed-off-by: Martin Preisler <mpreisle@redhat.com> Author: Richard W.M. Jones <rjones@redhat.com> Date: Mon Apr 15 15:02:43 2013 +0100 oscap: Don't segfault if './utils/oscap -V' is run from build directory. Signed-off-by: Martin Preisler <mpreisle@redhat.com> Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 15 17:26:52 2013 +0200 tests: run oscap-info for each created DataStream And ensure that stderr is empty. Note that the oscap info currently may print-out errors even though the command succeeds. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 15 17:13:46 2013 +0200 tests: trac#328: Missing OVAL file shall not cause broken DataStream Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 15 17:02:10 2013 +0200 Fix memory leak Introduced by: 094fa1710dde941ff88e311350739a30ddc0ef71 Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 15 16:46:31 2013 +0200 Do not resign when component failed to be added This partial return to the old behavior, when we didn't honour any failure and exported the DataStream. I believe, that creating datastream without some particular OVAL is valid usecase. Add cat:uri only when the component was added Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 15 16:09:58 2013 +0200 trac#328: Do not add ds:component-ref when ds:component missing There must be 1:1 mapping between ds:component-ref and ds:component elements. And since the process of adding ds:component is more error prone, we should add ds:component-ref only when the component was added successfully. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 15 16:06:20 2013 +0200 Do not attempt to xmlReadFile() when the file does not exists. That way we can avoid non solicited stderr message from libxml. Note that we need to stat the file anyway. Addressing: I/O warning : failed to load external entity Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Apr 15 08:06:29 2013 +0200 Do not attempt to free non-existent value Addressing: Program received signal SIGSEGV, Segmentation fault. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Apr 12 14:34:53 2013 +0200 Never create a component of the already existing ID. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Apr 11 15:13:32 2013 +0200 Avoid exporting duplicate components in the same batch run We may still export component which is duplicate to the previously added one, however that is hard to spot. In future, we may need to have deduplication algorithm, which will go through the DOM structure of each two components. Noteworthy, the plain-text comparison seems not be feasible since namespaces may be named differently and so on. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Apr 10 09:40:43 2013 +0200 Refactor: Extract function: _lookup_component_in_collection Related to the 368f8027e9bf04be2527b6ab0c83e94a983eff8c. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Apr 10 15:02:36 2013 +0200 Do not leave a file opened in case of failure in app_generate_fix Furthermore, do not close the file descriptor in case it is stdout any more. Reported by Steve Grubb, thanks! Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 9 20:27:33 2013 +0200 Plugged a memory leak in case fork fails when running remediation fixes Patch by Steve Grubb Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Apr 9 17:52:50 2013 +0200 bumb version Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Apr 9 16:26:27 2013 +0200 Do not allow the same component-ref/@id in the SDS when adding dependencies of newly added XCCDF. Addressing (when addition run twice in row). $ oscap ds sds-add TEST_XCCDF.xml TEST_SDS.xml $ oscap ds sds-add TEST_XCCDF.xml TEST_SDS.xml File 'TEST_SDS.xml' line 2: Element '{http://scap.nist.gov/schema/scap/source/1.2}component-ref', attribute 'id': 'scap_org.open-scap_cref_test_remediation_simple.oval.xml' is not a valid value of the local atomic type. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 9 17:04:40 2013 +0200 Make sure we don't overflow ifa_name when copying from unlimited source More than likely the source will be in bounds but still... Patch by Steve Grubb Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 9 16:44:21 2013 +0200 Free environment values on the heap in case opening pipes fails (SCE) Patch by Steve Grubb Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 9 16:28:20 2013 +0200 Allocate sds_stream_index only after sanity check has been done Else we would senselessly allocate an empty structure and immediately free it in case of failure. (or leak it as we have done previously). Spotted by Steve Grubb, thanks! Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 9 16:22:39 2013 +0200 Cleanup in case of failure when composing a source datastream Patch by Steve Grubb Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 9 14:40:39 2013 +0200 Cleanup in case of failure when splitting SDS Patch by Steve Grubb, with minor changes by me. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Apr 9 14:19:25 2013 +0200 Fix variable name Addressing: sds.c: In function 'ds_sds_compose_add_component': sds.c:948:23: error: 'id' undeclared (first use in this function) sds.c:948:23: note: each undeclared identifier is reported only once for each function it appears in Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Apr 9 13:59:50 2013 +0200 trac#309: cmp function usually returns int, not bool Addressing: resolve.c:136: result_independent_of_operands: xccdf_version_cmp(xccdf_item_get_schema_version(item), "1.2") >= 0 is always true regardless of the values of its operands. This occurs as the logical second operand of '&&'. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Apr 9 13:49:19 2013 +0200 Remove unused parameter from function call Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Apr 4 16:34:06 2013 +0200 oscap ds shall always print full error stack Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Apr 4 16:27:22 2013 +0200 Refactor: Move error handling function to oscap-tool.c Hence, it could be used by other modules beyond the XCCDF. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Apr 4 16:09:11 2013 +0200 Remove unused macro definition. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Apr 4 15:17:00 2013 +0200 Introduce: "oscap ds sds-add" command-line module Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Apr 4 12:21:06 2013 +0200 Refactor: Extract function: _lookup_datastream_in_collection Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Apr 4 11:40:03 2013 +0200 Refactor: rename function This name might be usefull for higher level public function. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 9 13:41:58 2013 +0200 0 is a valid file description, not an error when using open(..) Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Apr 3 13:40:01 2013 +0200 tests: Assert that TestResult includes accurate timestamps Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Apr 3 12:07:19 2013 +0200 tests: Modify python fix test to use xhtml:object substitution There are already other tests for <xccdf:sub> substitution. It is unclear what is the status of <xhtml:object> text substitution within the XCCDF 1.2 standard. The NISTIR-7275r4 document specifies the semantics of <xhtml:object> elements, however the XSD schema for XCCDF 1.2 does not allow <xhtml:object> within <xccdf:fix> elements. Therefore, we enforce --skip-valid option for now. Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Apr 3 11:25:05 2013 +0200 update configure.ac according to confgen.sh Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Apr 3 10:54:11 2013 +0200 tests: Simple test for perl fix Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Apr 3 10:36:30 2013 +0200 tests: Simple test for Python fix combined with text substitution Considering Python's semantic of indentation, it is crucial to plot text substitution correctly. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Apr 2 17:57:13 2013 +0200 docs: Use comments to reduce the risk of breakage Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Apr 2 17:52:30 2013 +0200 tests: Simple test for fix element written in Python Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Apr 2 16:32:03 2013 +0200 add initial version of SELinux policy for oscap tool and OVAL probes use ./configure --enable-selinux_policy to enable this Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Apr 2 16:08:53 2013 +0200 tests: Test for Anaconda usage of oscap + CPE Generate fix elemenets considering CPE. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Apr 2 14:54:33 2013 +0200 tests: Test for Anaconda usage of oscap + DS Generate fix elements from the DataStream document. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Apr 2 14:00:09 2013 +0200 tests: Complex test for xccdf:fix selection within DataStream Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 28 15:26:10 2013 +0100 Allow DataStream when generating fix. For now this option is intentionally left undocumented. In most cases we still rely on xsl/fix.xslt. Which does not work with DataStream. This option shall be documented once the xsl/fix.xslt is gone. This option will be used by Anaconda however, to allow use of Source DataStream Collection during installation. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 28 15:09:26 2013 +0100 tests: verify that report.html contains OpenSCAP version. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 27 15:08:37 2013 +0100 Allow --cpe argument when generating fix from source XCCDF. For now this option is intentionally left undocumented. In most cases we still rely on xsl/fix.xslt. Which does not process CPE. This option shall be documented once the xsl/fix.xslt is gone. This option will be used by Anaconda however, to allow different Anaconda_Fixes for different Anaconda versions. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 27 15:02:13 2013 +0100 Include OpenSCAP version in the footer of the report Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Mar 25 19:58:02 2013 +0100 Apply fix only when the given Rule was applicable. This might be the case, when transfering a single TestResult document to different machines and running oscap-xccdf-remediate. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Mar 25 17:57:36 2013 +0100 Avoid discarding const qualifier when getting selected rules count Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Mar 25 18:04:53 2013 +0100 Do not use 'template' as param name. It is keyword in C++. Addressing compilation issue of derivered project: xccdf_policy.h:482:101: error: expected ‘,’ or ‘...’ before ‘template’ Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Mar 25 16:27:52 2013 +0100 tests: Typo fix. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Mar 22 15:01:10 2013 +0100 Command-line option --output should open output file. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Mar 22 14:56:57 2013 +0100 tests: Test for Anaconda usage of oscap. Generate fix elements from the XCCDF document, ensure that Text Substitution is resolved. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 21 15:42:48 2013 +0100 Improve oscap-xccdf-generate-fix processing for cases when TestResult is missing. Previously, we have been using XSLT transformation, but it is hard to implement Text Substitution in XSLT and additionally it seems impossible to implement CPE in XSLT. This move might be usefull for anaconda, which could issue oscap command to determine special remeditaion prescriptions which need to be applied prior the installation. Example: $ oscap xccdf generate guide --profile myprofile \ --template urn:redhat:anaconda:pre XCCDF.xml Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 21 15:27:06 2013 +0100 Use loop when writing fix to the temp file. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 21 15:17:10 2013 +0100 Introduce xccdf_policy_generate_fix() function. As possible replacement for our XSLT transformation generating list of fixes (xsl/fix.xsl). Considering, Text Substitution, CPE applicability, XCCDF Processing (...), we can hardly implement all the processing requirements in the XSLT anyway. In future, we may want to drop xsl/fix.xsl. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 21 12:59:40 2013 +0100 tests: Assert that the least disruptive xccdf:fix is executed. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 21 12:55:01 2013 +0100 Choose 'the most suitable' xccdf:fix for execution based on its disruption and reboot requirements. Even though this heuristic is not required by any SCAP specification, we hope it will prove useful. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 21 10:27:27 2013 +0100 tests: Example of complex xccdf:fix processing Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 21 09:55:08 2013 +0100 tests: Assert that fix is not executed if the fix/@system is unknown This is not required by standard, but it is our decision. We believe that we should not try to execute arbitrary content when the language interpreter is unknown. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 21 09:34:17 2013 +0100 Appropriate xccdf:fix selection shall be based on its @system atribute Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 20 14:48:55 2013 +0100 Use string-to-string map for searching applicable interpret. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 20 12:12:38 2013 +0100 tests: Test CPE applicability of xccdf:fix/@platform Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 20 11:31:31 2013 +0100 Polish prototype of _lookup_rule_by_rule_result() function. Change return value to (xccdf_rule *). And use more standard English as the function name. Addressing: xccdf_policy_remediate.c: In function '_find_suitable_fix': xccdf_policy_remediate.c:141:9: warning: passing argument 2 of '_filter_fixes_by_applicability' from incompatible pointer type [enabled by default] xccdf_policy_remediate.c:109:27: note: expected 'const struct xccdf_rule *' but argument is of type 'const struct xccdf_item *' Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 20 11:27:52 2013 +0100 Do not remediate fixes which are not CPE applicable Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 19 18:26:43 2013 +0100 Move xccdf_policy_model_item_is_applicable from static to privileged Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 19 18:00:14 2013 +0100 Refactor: Extract function: xccdf_policy_model_platforms_are_applicable() And make this function privileged. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 19 16:56:43 2013 +0100 Refactor: CPE applicability functions shall not depend on xccdf_item This will help with implementation of xccdf:fix/@platform, since the fix element is not an item, but may have CPE platform defined. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 20 13:45:40 2013 +0100 Introduce --cpe option for oscap xccdf remediate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Mar 18 18:12:29 2013 +0100 Remediation shall refresh XCCDF timestamps with current time. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Mar 18 17:58:14 2013 +0100 Refactor: Extract timestamp operations to the separate functions Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Mar 18 15:54:20 2013 +0100 Bash completion for oscap-xccdf-generate-fix/custom. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Mar 15 16:24:01 2013 +0100 Remediation shall refresh target system facts. As the remediation of a given TestResult might have been executed on different target (or the target facts can change over time). Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Mar 19 16:35:30 2013 +0100 openscap-0.9.5 Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Mar 19 15:50:25 2013 +0100 adjust rhel5 BuildRequires Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 19 14:55:28 2013 +0100 Avoid race condition when decomposing SCE files from DataStream Also, apply chmod only with SCE enabled OpenSCAP. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 19 12:11:37 2013 +0100 Produce more detailed message when mkstemp failed. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 19 11:30:48 2013 +0100 Typo fix, use correct template for downloaded files. Introduced by: 92c98d9ef9104131bdb86c1c322d9961e3ed110f Addressing: WARNING: Skipping http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml file which is referenced from XCCDF content OpenSCAP Error: mkstemp failed, No such file or directory [oscap_acquire.c:93] Downloading: http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml ... error Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Mar 15 16:18:18 2013 +0100 trac:270: Identify the user who executes the scan. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Mar 15 15:55:55 2013 +0100 [probes] rpminfo: use a regular expression to locate the signature key ID Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 14 17:31:25 2013 +0100 Output XCCDF shall contain scanner version. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Mar 14 12:45:17 2013 +0100 With --progress the output shall be less human friendly Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 13 15:15:23 2013 +0100 tests: Assert that oscap-xccdf-remediate does not modify input data. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Mar 13 14:42:00 2013 +0100 Use deprecated option of mktemp command. For sake of older implementations. Addressing missing --tmpdir option in mktemp version 1.5 (RHEL5). Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 13 13:46:04 2013 +0100 Avoid dereferencing a NULL file descriptor when opening a script fails (Related to source datastream composing and SCE script files inside.) Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Mar 12 17:36:10 2013 +0100 Added XSD file describing the <script> element in extended-components Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Mar 12 17:28:22 2013 +0100 chmod split scripts from a datastream so that they are executable Also fixed a trivial typo. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Mar 12 17:18:49 2013 +0100 Changed the way we treat scripts in datastreams We are now conformant to how handling SCE in datastreams was suggested by David Solin. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 12 16:31:24 2013 +0100 tests: Copy of the oval file in the /temp shall be writable. Addressing: Stalled distcheck at: rm: remove write-protected regular file `/tmp/test_remediate_simple.out.bad4pt/test_remediation_simple.oval.xml'? Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 12 15:21:43 2013 +0100 tests: Assert for TestResults exported by oscap-xccdf-remediate This covers multiple scenarios: - appending new TestResult to the bottom of the document - using the very last test result, when --result-id is not supplied - creation of new TestResult/@id based of the input TestResult - creation when the new TestResult/@id already exists - when there is nothing to remediate (result=notchecked) - when there is wrong OVAL to verify remediation (result=error) - successful run (result=fixed) Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Mar 12 13:33:02 2013 +0100 Avoid writing "(null)" instead of "" to plain files when splitting SDS Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Mar 11 17:02:05 2013 +0100 Handle even more errors when reading from plain-text to compose DS Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Mar 11 16:47:42 2013 +0100 Guard against empty files or errors while seeking when composing SCE SDS Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Mar 11 16:30:33 2013 +0100 Do not include XML tags in dumped plain-text datastream components Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Mar 11 09:05:58 2013 +0100 Return from remediation based on the return code. Addressing static analyzer error which reports a dead code on a line 302. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 6 16:32:13 2013 +0100 Added two more tests regarding plain-text in extended component These were failing with my previous implementation and now seem to work fine. I think this should exhaust most of the problematic cases. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 6 16:13:14 2013 +0100 Added test for plain-text extended-component in datastream Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 6 14:38:33 2013 +0100 Use a custom namespace for plain-text node to pass validation Author: Martin Preisler <martin@preisler.me> Date: Wed Mar 6 12:36:39 2013 +0100 Initial plain-text extended-component implementation Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 17:27:36 2013 +0100 Introduce --results-arf option for oscap xccdf remediate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 17:23:40 2013 +0100 Introduce --report option for oscap xccdf remediate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 17:20:32 2013 +0100 Introduce --results option for oscap xccdf remediate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 17:16:38 2013 +0100 Introduce --sce-results option for oscap xccdf remediate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 17:13:49 2013 +0100 Introduce --export-variables option for oscap xccdf remediate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 17:09:23 2013 +0100 Introduce --oval-results option for oscap xccdf remediate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 17:02:36 2013 +0100 tests: Simple test for oscap xccdf remediate. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 16:05:08 2013 +0100 docs: Man page shall describe return value of oscap command. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 14:59:46 2013 +0100 Amend return values of oscap xccdf remediate command. The zero value shall be returned when the results does not contains any FAIL or ERROR rule-results. This also changes behaviour of oscap xccdf eval command which previously has returned 0 in cases there were ERROR results. From now on, the oscap recognizes rule-result/result=ERROR as a reason to not return zero value (indicating success). Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 14:11:28 2013 +0100 Introduce [oval-definitions-file] option for oscap xccdf remediate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 13:55:24 2013 +0100 Introduce --fetch-remote-resources option for oscap xccdf remediate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 13:51:16 2013 +0100 Remove a TODO. This has been accomplished in 674e1321be1055bab5b0b9bb32d73f65a896c4b5. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 13:47:42 2013 +0100 Introduce --skip-valid option for oscap xccdf remediate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 13:42:46 2013 +0100 Refactor: Extract function: xccdf_policy_get_benchmark(). Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 11:50:47 2013 +0100 Use the eval reporting primitives for remediation reporting. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 11:47:01 2013 +0100 docs: improve bash completion for CPE. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 11:40:08 2013 +0100 docs: bash completion for oscap ds and oscap info modules. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 11:39:55 2013 +0100 docs: Man page shall list oscap ds module. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 11:11:43 2013 +0100 docs: bash completion for oscap-xccdf-remediate. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 11:06:30 2013 +0100 docs: Man page for oscap-xccdf-remediate. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 10:30:36 2013 +0100 Refactor: Extract function: _register_progress_callback(). Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 09:57:24 2013 +0100 Make assertions NDEBUG agnostic. These assertions must always return NULL. Addressing: warning: statement with no effect [-Wunused-value] Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 09:47:51 2013 +0100 Refactor: Extract function: _lookup_rule_for_rule_result() Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Mar 5 09:37:15 2013 +0100 Move xccdf_policy_report_cb() from static to priviledged. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Feb 28 16:59:27 2013 +0100 Refactor hardcoded literals to cpp macros. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Feb 28 16:43:50 2013 +0100 Clarify the xccdf:message when a fix was not executed. It shall be clearly stated that the fix was not aborted but it has never run. Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Feb 28 16:23:19 2013 +0100 bump version Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Feb 28 13:47:03 2013 +0100 fix -version-info for libopenscap.so Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 27 15:08:34 2013 +0100 Do not print 1970-01-01 when you do know nothing. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 27 14:59:38 2013 +0100 Very basics of -- oscap xccdf remediate Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 27 14:50:06 2013 +0100 Introduce xccdf_session_build_policy_from_testresult. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 27 11:07:23 2013 +0100 Remove overabundand 'i' character. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 27 11:05:01 2013 +0100 Introduce xccdf_benchmark_get_result_by_id. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 27 10:56:52 2013 +0100 Move TestResult/profile settings from xccdf_session to xccdf_policy. This ensures that each scan performed by OpenSCAP gets the profile element set, even for cases when it doesn't use xccdf_session API. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 26 16:34:37 2013 +0100 tests: trac#321: Assert for multiple xccdf:TestsResult elements. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 26 15:18:07 2013 +0100 The XCCDF_ID_SIZE is clearly not 32 characters. Addressing the forcibly truncated IDs. Also handle the return value from snprintf properly. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 26 15:12:29 2013 +0100 trac#321: Avoid possible conflicts of TestResult/@id. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 26 11:34:28 2013 +0100 docs: Fix misspelled constant name. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 26 11:08:22 2013 +0100 Expand XCCDF_ITEM_ADDER_REG macro for result list. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 26 10:38:38 2013 +0100 Abort in debug mode, when an item fails to register. We shall investigate when this happens to spot problems like trac#321 early. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 25 17:19:58 2013 +0100 The 'resolve' and 'validate' modules shall print out full error stack. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 25 17:18:13 2013 +0100 Refactor: extract function: _print_oscap_error(). Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Feb 26 10:12:55 2013 +0100 openscap-0.9.4 Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 20 10:12:56 2013 +0100 tests: Ensure that Remediation aborts on unresolved substitution element. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Feb 19 12:50:47 2013 +0100 Only allow XCCDF and SDS to be the input files for xccdf_session Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 18 13:46:18 2013 +0100 tests: Remediation script may contain <[CDATA[ section ]]>. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 18 13:37:28 2013 +0100 Explicitly list nodes which shall be executed. Default behaviour shall be to skip them. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 18 11:41:33 2013 +0100 Avoid execution of XML comments during remediation. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 18 11:40:52 2013 +0100 tests: Ensure that XML commentaries will not be executed. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 18 11:03:40 2013 +0100 trac#320: Decode XML escape sequences (like &) properly. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 18 10:41:38 2013 +0100 tests: trac#i320: Decode & from fix scripts properly. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 12 14:32:04 2013 +0100 tests: Remediate with value substitutuion shall take title of value. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 12 14:23:54 2013 +0100 tests: Do not produce debugging output. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 12 14:22:08 2013 +0100 tests: Remediate with value substitution shall take the value without selector. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 12 14:11:13 2013 +0100 tests: Remediate with value substitution shall take the first value. In cases when there is no profile to define selection and there is not a value without selector attribute. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 12 13:54:52 2013 +0100 tests: Extend default output width by 20 characters. And let the tests with very long names to look less ugly. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 12 13:47:13 2013 +0100 tests: Remediate with value substitution defined by refine-value. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 12 13:22:17 2013 +0100 tests: trac#318: Asserts for empty plain-text substitution. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 12 11:30:13 2013 +0100 trac#318: Empty plain-text elements shall be resolved corectly. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 12 10:39:13 2013 +0100 tests: trac#174: Make sure that plain-text element is exported. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 12 10:37:30 2013 +0100 tests: Simple test for plain-text substitution of sub elements. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 11 17:12:39 2013 +0100 trac#174: Export plain-text elements od XCCDF Benchmark. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 11 15:15:10 2013 +0100 tests: The assert_exists function shall be define globally. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 11 15:00:48 2013 +0100 tests: Rewrite legacy XSLT asserts to use `assert_exists` function. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 11 14:48:40 2013 +0100 tests: Rewrite assert_exists_* functions to `assert_exists` function. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 11 13:41:10 2013 +0100 tests: Flawed fix element shall trigger off the 'error' result. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 11 11:51:06 2013 +0100 Fix dangerous typo -- causing buffer overflow. Addressing: xccdf_policy_remediate.c:147: overrun-buffer-val: Overrunning array pipefd of 4 bytes by passing it to a function which accesses it at byte offset 4. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 11 11:35:11 2013 +0100 Avoid use of O_CLOEXEC. It breaks RHEL5 build and this fd gets closed immediatelly anyway. Addressing: elements.c: In function 'oscap_xml_save_filename': elements.c:176: error: 'O_CLOEXEC' undeclared (first use in this function) elements.c:176: error: (Each undeclared identifier is reported only once elements.c:176: error: for each function it appears in.) Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 11 11:27:42 2013 +0100 Do not expect libxml to close fd. The xmlSaveFormatFileTo does not close fd. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Feb 8 19:37:27 2013 +0100 tests: Very simple test probing XCCDF --remediate. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Feb 8 19:25:20 2013 +0100 Do not export empty output of fix script. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Feb 8 15:29:51 2013 +0100 Introduce --remediate option for `oscap xccdf eval` As a tech preview which may eat kittens. And provide enough of a Do not continue with this if you do not know what you're doing. warnings to keep the user from shooting himself in the head. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Feb 8 16:39:05 2013 +0100 Loading OVAL multiple times into XCCDF Session shall not leak. Addressing: 16 bytes in 1 blocks are indirectly lost in loss record 1 of 4 at 0x4A074CD: malloc (vg_replace_malloc.c:236) by 0x4CEE1CD: _xccdf_session_get_oval_from_model (xccdf_session.c:564) by 0x4CEE647: xccdf_session_load_oval (xccdf_session.c:651) by 0x4CED486: xccdf_session_load (xccdf_session.c:287) by 0x40ABEB: app_evaluate_xccdf (oscap-xccdf.c:414) by 0x4071F6: oscap_module_call (oscap-tool.c:261) by 0x40767E: oscap_module_process (oscap-tool.c:346) by 0x40602A: main (oscap.c:78) Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Feb 8 15:05:02 2013 +0100 xccdf_session_remediate -- the high-level API of remediation. Caller of this function must ensure that XCCDF Session contains TestResult and that it corresponds with selected XCCDF Policy. This may be achieved by running xccdf_session_evaluate. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Feb 8 15:09:57 2013 +0100 xccdf_policy_remediate -- remediation of the xccdf_policy. Input paramter XCCDF TestResult element defines rule-results elements which shall be remediated. Input parameter XCCDF Policy defines how to remediate (fix elements, value bindings, ...). Make sure before calling this function that XCCDF Policy Model does not contain any previously used checking engines. Especially, OVAL Agent Sessions which contain previously used resultModel, syschar or probe's caches must be refreshed -- to allow verification of applied fixes. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Feb 8 14:11:10 2013 +0100 Replace hardcoded literal with static constant literal. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Feb 8 14:02:14 2013 +0100 Introduce function for unregistering checking-engines from policy model. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Feb 8 15:41:40 2013 +0100 Do not try to apply fix for checks with @multi-check="true". Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 6 09:52:33 2013 +0100 Verify applied fix by OVAL. Introduce FIXED test result. This of course needs to have empty oval_agent session, otherwise it will not evaluate the system, but only query oval_resultsModel. There are some discussions about selectivelly reset variables of the resultsModel, sysModel and caches of probes, but there is no consensus whether it is possible to do it in a reliable way. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 6 10:22:28 2013 +0100 Move xccdf_policy_check_evaluate from static to priviledged. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 6 10:20:13 2013 +0100 Do not pass rule_id to xccdf_policy_check_evaluate It is legacy and it is always NULL nowdays. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Feb 8 16:23:24 2013 +0100 Tests shall not expect all the fix elements exported. We shall not include fix elements in the rule-result elements unless we have issued them as a part of remediation process. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 6 09:25:24 2013 +0100 Do not blindly append all xccdf:fix elements to the rule-result. About rule-result/fix from NISTIR-7275r4: Fix script for this target platform, if available (would normally appear only for result values of “fail”). It is assumed to have been ‘instantiated’ by the testing tool and any substitutions or platform selection already made. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 6 08:31:43 2013 +0100 Do not use xmlOutputBufferCreateFile() as it may leak the FILE*. At the end, the xmlSaveFormatFileTo calls xmlOutputBufferClose, which is documented as follows: flushes and close the output I/O channel and free up all the associated resources However it (at least in one version) does not call fclose(). Given the documentation I suppose that xmlOutputBufferClose, may start fclosing the stream in any time. Addressing: 568 bytes in 1 blocks are still reachable in loss record 1 of 1 at 0x4A074CD: malloc (vg_replace_malloc.c:236) by 0x3E9426E53A: __fopen_internal (iofopen.c:76) by 0x4C57497: oscap_xml_save_filename (elements.c:175) by 0x4CD3F54: xccdf_benchmark_export (benchmark.c:228) by 0x4CEF233: xccdf_session_export_xccdf (xccdf_session.c:888) by 0x40ADB2: app_evaluate_xccdf (oscap-xccdf.c:462) by 0x407196: oscap_module_call (oscap-tool.c:261) by 0x40761E: oscap_module_process (oscap-tool.c:346) by 0x405FCA: main (oscap.c:78) Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Feb 6 08:27:24 2013 +0100 doc: Man page shall be in line with oscap --help query. Addressing confusing wording: https://www.redhat.com/archives/open-scap-list/2013-February/msg00000.html Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 5 17:32:54 2013 +0100 Do not allow XCCDF remediation unless the rule-result/result is FAIL. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 5 17:01:16 2013 +0100 XCCDF Session shall not leak memory when exporting XCCDF file. Addressing: 14 bytes in 1 blocks are definitely lost in loss record 1 of 5 at 0x4A074CD: malloc (vg_replace_malloc.c:236) by 0x3E94288551: strdup (strdup.c:43) by 0x4C5DFFF: oscap_strdup (util.c:65) by 0x4CED253: xccdf_session_set_xccdf_export (xccdf_session.c:240) by 0x40AD8F: app_evaluate_xccdf (oscap-xccdf.c:460) by 0x407196: oscap_module_call (oscap-tool.c:261) by 0x40761E: oscap_module_process (oscap-tool.c:346) by 0x405FCA: main (oscap.c:78) Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 5 16:56:49 2013 +0100 A remediation script shall get minimal environ. Since this interface is not covered by XCCDF specification we believe that it shall not be used by content authors. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 5 15:43:29 2013 +0100 Introduce basic model of XCCDF Remediation. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 5 14:11:15 2013 +0100 CVE parsing error shall be more specific. Addressing: OpenSCAP Error: Unknown XML element in CVE entry [cve_priv.c:626] Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 4 18:29:23 2013 +0100 Refactor: extract function: oscap_acquire_pipe_to_string. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 4 13:35:48 2013 +0100 Refactor: extract function: oscap_acquire_temp_file. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 4 08:24:53 2013 +0100 Introduce function for text substitution of xccdf:fix. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 31 17:28:35 2013 +0100 Implement text substitution of xhtml:object/@data="#xccdf:(...)". As described in NISTIR-7275-4 page 62. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 31 15:00:14 2013 +0100 Rewrite xccdf_policy_substitute to use xml_iterate. This move corrects a few bugs and brings a bit more flexibility. The previous attempt did not allowed resolve of xccdf:sub/@use leaked memory, accessed freed values and did not comply with XCCDF 1.2. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 31 14:05:14 2013 +0100 xml_iterate shall allow modification of the current node. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 31 12:20:24 2013 +0100 trac#313: Fix value instance resolving. We must not return NULL, for default profile. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 29 19:14:04 2013 +0100 Make sure to always append new line to the warnings. The dW() macro does not append new-line itself. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 29 16:37:46 2013 +0100 Introduce function for querying XCCDF namespaces. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 29 16:21:56 2013 +0100 Refactor: extract function: _namespace_get_xccdf_version_info. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Feb 4 08:27:17 2013 +0100 xccdf_session_free(0) shall not SIGSEGV. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 29 16:13:48 2013 +0100 Docs: Fix a typo. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 28 16:28:29 2013 +0100 Introduce a helper module for iterating through minidom. This shall be usefull when resolving the Text Substitution of XCCDF. Note that in some cases we store snippets of xml as plain text, and which might need to be modified later during processing. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 28 11:51:57 2013 +0100 The text substitution is good candidate for separate module. Even though that text substitution is related to xccdf_policy, it has potential to grow rapidly since we need to resolve <xccdf:sub>, <xccdf:instance>, <xhtml:object> and <xhtml:a> elements. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 5 14:53:55 2013 +0100 Deprecate xccdf_subst_type. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Feb 5 14:50:33 2013 +0100 Do not deprecate xccdf_substitution_func. While this type is deprecated and shall be avoided, we cannot easily mark this as deprecated. -- Unless we are ready for dozens of meaningless warnings during OpenSCAP build. Addressing: In file included from public/xccdf_policy.h:34:0, from xccdf_policy_priv.h:29, from xccdf_policy.c:36: ../../src/XCCDF/public/xccdf_benchmark.h:3367:1: warning: 'xccdf_substitution_func' is deprecated [-Wdeprecated-declarations] Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 28 10:44:18 2013 +0100 Deprecate a function which is not compatible with XCCDF 1.2 It was never used in OpenSCAP. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Feb 8 15:58:32 2013 +0100 Fixed a copy paste error in xccdf_session_get_component_id Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Feb 7 12:50:36 2013 +0100 Various minor OpenAPI API additions required for workbench Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jan 30 13:28:57 2013 +0100 Fixed wrong sizeofs Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 29 17:04:40 2013 +0100 Do not forget to visit your library. Addressing: xccdf_session.h:155:75: error: ‘xccdf_policy_engine_eval_fn’ has not been declared Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 25 14:39:43 2013 +0100 Remove a dead code. It is a dead code considering the above XPATH query has already casted instances out. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jan 23 13:51:24 2013 +0100 Fixed botched returns in xccdf_benchmark_{,un}register_item Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jan 22 17:13:20 2013 +0100 Merge branch 'xccdf-tailoring-devel' Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 22 16:14:43 2013 +0100 Printf full stack of errors whenever using xccdf_session. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 22 15:45:00 2013 +0100 Do not use session, unless it exists. Addressing: ==16194== Invalid read of size 4 ==16194== at 0x4CABF70: xccdf_session_get_base_score (xccdf_session.c:1007) ==16194== by 0x40A642: app_evaluate_xccdf (oscap-xccdf.c:482) ==16194== by 0x406EA3: oscap_module_process (oscap-tool.c:261) ==16194== by 0x405E7E: main (oscap.c:78) ==16194== Address 0x38 is not stack'd, malloc'd or (recently) free'd Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 22 15:37:47 2013 +0100 Float values shall be initialized explicitly in xccdf_session constructor. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 22 15:06:16 2013 +0100 Introduce function for accessing full error stack. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jan 22 15:56:25 2013 +0100 Added hybrid DS + external file tailoring tests Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jan 22 15:35:05 2013 +0100 5.10.1 is not a valid value for xsd:decimal and causes validation errors Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jan 22 15:34:43 2013 +0100 Added tests for tailoring inside a datastream Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jan 22 14:39:58 2013 +0100 In oscap tool, --tailoring-file takes priority over --tailoring-id Also don't validate the tailoring file if it comes from a datastream (that has already been validated) and full validation is off. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jan 22 14:30:27 2013 +0100 Added tailoring oscap options to man page Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jan 22 14:27:33 2013 +0100 Added --tailoring-id, renamed --tailoring to --tailoring-file in oscap And changed tests accordingly. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 21 17:16:21 2013 +0100 Do not clearerr() before setting an error. This allows multiple error messages stored in the err_queue. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 21 17:09:55 2013 +0100 Use internal queue to store OpenSCAP error messages. This change does not affect the semantics of the error handling functions. It only changes underlying structure from a single error to a queue of errors. Note that no more than single message can be stored in the queue given the oscap_clearerr() calls. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jan 21 16:09:11 2013 +0100 Implemented Tailoring loading in xccdf_session Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 21 15:24:57 2013 +0100 Refactor, extract function: oscap_err_free. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 21 15:00:01 2013 +0100 Do not leak user_cpe when set in the xccdf_session. Author: Martin Preisler <martin@preisler.me> Date: Mon Jan 21 14:29:40 2013 +0100 Merge branch 'master' into xccdf-tailoring-devel Conflicts: utils/oscap-xccdf.c Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 18 10:15:53 2013 +0100 Hide oscap_acquire module from public API. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 18 10:09:14 2013 +0100 Copy primitives for handling tmp/dir back to tool. We don't want want them in the public API. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 18 09:57:24 2013 +0100 Hide internals of xccdf_session from public API. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 17 17:30:16 2013 +0100 docs: Improve documentation as suggested by doxygen warnings. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 17 17:06:33 2013 +0100 Refactor extract method xccdf_session_contains_fail_result. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 17 16:46:55 2013 +0100 Refactor export of ARF to xccdf_session. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 17 16:29:48 2013 +0100 Refactor export of XCCDF to xccdf_session. Sadly, we had to duplacate app_xslt() within xccdf_session. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 17 15:15:11 2013 +0100 Refactor XCCDF Evaluation to xccdf_session. We need xccdf.result in the session for the export. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 17 14:24:03 2013 +0100 Refactor export of SCE result files to xccdf_session. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 14 15:17:58 2013 +0100 Refactor export of OVAL variables to xccdf_session. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 14 14:31:06 2013 +0100 Refactor export of OVAL results to xccdf_session. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 17 17:15:33 2013 +0100 Do not strdup if you free the source anyway. We should be modest in our claims and older pointer shall be enough for us. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 14 13:28:11 2013 +0100 Refactor: Extract function xccdf_session_load(). Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 14 13:01:45 2013 +0100 Sort xccdf_session calls in the oscap tool. This shall have no effet on semantics. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 14 12:58:18 2013 +0100 Refactor SCE initialization to xccdf_session. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Jan 14 10:59:06 2013 +0100 Move code which parses the OVAL files to xccdf_session. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 11 14:33:16 2013 +0100 Refactor validation of OVAL files to xccdf_session. From now OVAL files are validated even in export-oval-variables. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 11 11:01:02 2013 +0100 Refactor OVAL content resources from tool to xccdf_session. This all code only locates OVAL files which will be later processed in the session. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 11 14:04:50 2013 +0100 Introduce --datastream-id and --xccdf-id to export-oval-variables module. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 11 13:14:38 2013 +0100 Use xccdf_session to parse document. Therewithal, allow DS in export-oval-variables. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 11 13:02:07 2013 +0100 Make a use of xccdf_session to validate the XCCDF. Export-oval-variables shall take OSCAP_FULL_VALIDATION and accept DS as well. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 11 11:23:27 2013 +0100 Use xccdf_session for export-oval-variables. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 10 13:50:39 2013 +0100 Refactor progress reporting of download to separate function. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Jan 10 11:54:19 2013 +0100 Refactor: Extract CPE-parsing into xccdf_session. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 8 15:57:02 2013 +0100 Refactor: Extract XCCDF-parsing into xccdf_session. Also move variables needed into xccdf_session structure. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 8 16:10:22 2013 +0100 Move information about validation level to xccdf_session. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 8 14:42:14 2013 +0100 Refactor variable by method call. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 8 15:03:57 2013 +0100 Start using xccdf_session in oscap tool for XCCDF evaluation. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 4 17:04:55 2013 +0100 Introducing xccdf_session stucture and module. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jan 2 08:58:04 2013 +0100 Move oscap_acquire from tool to API. And replace all stdout/stderr operations in the module with oscap_seterr(). Note that in the end this module will be private, however it is public in the next few commits for the refactoring purposes. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 19 21:02:36 2012 +0100 Sort common sources. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 8 18:42:05 2013 +0100 Refactor: Extract function: oscap_document_type_to_string. This will come in handy later. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 11 14:36:59 2013 +0100 Fix typo, causing false negative when validating arf. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 8 18:26:17 2013 +0100 Fix copy/paste typo. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jan 2 10:25:16 2013 +0100 Finally, we have a (happy) New Year. And I can turn this back to using en-dash. And make our hero Donald Knuth happy again. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 11 13:48:03 2013 +0100 docs: Update documentation of export-oval-variables. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 8 12:03:32 2013 +0100 docs: Fix typo. Addressing: oscap.h:101: warning: argument 'reporetr' of command @param is not found in the argument list Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 4 20:38:12 2013 +0100 docs: Up2date version info of supported component standards. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Jan 4 18:34:45 2013 +0100 docs: Make a use of correct doxygen command. Addressing: src/CVE/cve_priv.c:55: warning: Found unknown command `\structure' Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Jan 2 10:11:01 2013 +0100 Remove useless code. Given that with NDEBUG the assume_d expands to while(0). Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jan 17 14:49:56 2013 +0100 Fixed cloning of Profiles (carries tailoring now) Also a slight change to prevent tailoring tests from writing the resulting files to stdout every time. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jan 17 14:34:57 2013 +0100 Profiles now remember if they are tailoring or not This fixes the issue with debug build, we no longer register and unregister the Tailoring element profiles so no id conflicts happen anymore. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jan 16 16:10:09 2013 +0100 Test serialization of TestResults as part of XCCDF 1.2 parser testing Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jan 15 16:39:32 2013 +0100 Validate external Tailoring file before using it, fixed tests Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jan 15 16:16:29 2013 +0100 Added Tailoring as a document type, added code to detect it Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jan 15 15:10:13 2013 +0100 Added a profile overriding test to the set of Tailoring element tests Overriding is sometimes also refered to as "shadowing". Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jan 15 14:31:27 2013 +0100 Destroy Tailoring before destroying the benchmark in XCCDF Policy Model Tailoring references items from the benchmark, destroying it first avoids dangling pointers. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jan 15 13:44:54 2013 +0100 Fixed a small Tailoring parser bug, added tests There are occasional segfaults when destructing the xccdf_policy_model, needs to be investigated. But both tests pass otherwise. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jan 14 17:35:39 2013 +0100 Integrated Tailoring element into XCCDF Policy Model Tailoring profiles take precedence now. Tests need to be written! Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jan 14 15:12:39 2013 +0100 Write out Tailoring element's statuses and dc-statuses Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jan 14 15:05:35 2013 +0100 Split Tailoring element code to a separate file It shouldn't depend on benchmark code because benchmark code will depend on it. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jan 11 15:47:10 2013 +0100 Slight changes in the parser, added CLI option --tailoring for testing Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jan 11 11:36:33 2013 +0100 Initial parser implementation for the xccdf:Tailoring element/document Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Jan 8 11:20:20 2013 +0100 Do not use TRUE/FALSE identifiers to avoid compile time issues. Kudos goes to Anton Bolshakov for original patch. Thanks! https://bugs.gentoo.org/show_bug.cgi?id=450328 Addressing: xccdf_policy.c: In function 'xccdf_policy_resolve_item': xccdf_policy.c:392:14: error: expected identifier or '(' before numeric constant xccdf_policy.c:393:14: error: expected identifier or '(' before numeric constant xccdf_policy.c:411:2: error: lvalue required as unary '&' operand xccdf_policy.c:411:2: error: lvalue required as unary '&' operand Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jan 3 12:18:22 2013 +0100 Added more status elements to XCCDF parser test data Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jan 3 12:16:54 2013 +0100 Improved error checking in ds_sds_index_parse We now report a different error if end of document is reached before any element is read. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 19 20:21:34 2012 +0100 Functions which are marked in documentation as deprecated shall warn when used. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 19 19:59:13 2012 +0100 docs: Doxygen should be able to parse OSCAP_DEPRECATED macro. Addressing broken documentation which did not contained names of deprecated functions, it contained only OSCAP_DEPRECATED instead. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 19 19:26:37 2012 +0100 docs: Improve documentation by referencing prefered functions. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 18 17:26:09 2012 +0100 Replace `exists` with `boolean` XPath function globaly. To avoid things like trac#302. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 18 17:06:29 2012 +0100 doc: Make sure our workarounds don't get lost. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 18 17:02:29 2012 +0100 trac#302: Replace `exists` with `boolean` XPath function. Because we prefer to use functions which exists. Addressing: xmlXPathCompOpEval: function exists not found XPath error : Unregistered function xmlXPathCompiledEval: 1 objects left on the stack. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 18 16:37:14 2012 +0100 Fix developer documentation regarding schematron. Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Dec 17 16:38:16 2012 +0100 [docs] don't prepend the full path before file names Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Dec 17 15:18:35 2012 +0100 bump version Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Dec 17 11:26:08 2012 +0100 openscap-0.9.3 Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Dec 14 14:26:46 2012 +0100 bump libopenscap.so version to libopenscap.so.3.0.0 Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Dec 14 14:45:40 2012 +0100 probes: Plug memleaks Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Dec 14 14:26:11 2012 +0100 probes: Plug memleaks Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 14 10:34:09 2012 +0100 doc: Update description of openscap-utils package. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 13 18:32:27 2012 +0100 doc: Indicate scope of OpenSCAP capabilities. Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Dec 13 17:22:40 2012 +0100 oval fts: Plug memleaks Add a silly hack to apease glibc: One dummy read to get rid of an uninitialized value in the FTS data before calling fts_close() on it. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 13 18:06:46 2012 +0100 Update date information. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 13 17:32:45 2012 +0100 is_item_selected shall not segfault on incorrect. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 13 17:23:01 2012 +0100 tests: Do not combine && with set -e It has a very special semantics. See `man bash` for more info. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 13 15:51:21 2012 +0100 tests: Do not use -rf when issuing rm command. It has potential to hide bugs as well as it can make the project really, really famous. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 13 15:32:45 2012 +0100 tests: trac#300: Ensure there are no warnings on stderr. A test which will celebrate the jubilee issue. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Dec 13 14:49:19 2012 +0100 trac#300: Do not define oval-result-template when file is missing. Addressing: I/O warning : failed to load external entity Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Dec 13 16:12:44 2012 +0100 oscap info prints XCCDF result test IDs Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Dec 13 13:52:14 2012 +0100 CPE: Plug memleaks Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Dec 13 15:10:20 2012 +0100 Allow the user to select datastream or XCCDF by id when splitting SDS Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Dec 13 14:38:20 2012 +0100 Moved xccdf datastream ID selection to public API in sds_index This code will be reused in oscap ds sds-split AND workbench in the future. It would make no sense to keep reimplementing it over and over. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Dec 13 14:34:34 2012 +0100 Properly allocate and deallocate extended component list in sds_index Previously we never allocated this list and it was NULL. This was not triggered because extended components are fairly rare in datastreams. Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Dec 13 12:39:03 2012 +0100 clarify what xccdf eval prints during evaluation SCAP validation requirement Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 12 16:47:54 2012 +0100 Do not leak datastream iterator, when handling errors (CWE-404). Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 12 16:45:48 2012 +0100 Do not leak whole document, when handling erros (CWE-404). Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 12 16:38:31 2012 +0100 Do not lead iterator, when handling errors (CWE-404). Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Dec 12 15:02:43 2012 +0100 Test for 'oscap xccdf eval --progress' Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Dec 12 14:53:13 2012 +0100 [SEAP] sexp-manip: provide an alternative implementation of SEXP_vfree to reduce false positives in Coverity reports Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Dec 12 14:28:07 2012 +0100 Added --progress option to oscap xccdf eval This option provides very sparse reporting of just the rule id and its result delimited by newline. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Dec 12 13:29:56 2012 +0100 Output neat when oval contains multiple references. Addressing output like: RHSA-2012:1141-00CVE-2012-3571CVE-2012-3954 Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Dec 12 13:14:00 2012 +0100 add missing va_end() issue reported from coverity Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 11 18:11:47 2012 +0100 Do not leak filename_cpy in sds.c when error happens while making a dir Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 11 18:04:50 2012 +0100 Do not free id_candidate prematurely in rds.c Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Dec 11 17:38:01 2012 +0100 [probes] interface: make the probe OVAL version aware - include the type entity only for OVAL 5.6 and higher - use EntityItemIPAddressStringType only for OVAL 5.8 and higher Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Dec 11 17:23:19 2012 +0100 [probes] filehash: generate the filepath entity only for OVAL 5.6 and higher Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 11 17:07:43 2012 +0100 clean /tmp after make check Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 11 15:33:51 2012 +0100 XML validation error is printed to stderr fixing rhbz #825839 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Dec 11 16:11:56 2012 +0100 [probes] routingtable: removed IPv6-only flag checks from IPv4 input processing Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 11 15:29:30 2012 +0100 Added messages explaining what the fix script was generated for This should help avoid confusion about generating fixes for all rules selected by default vs generating fixes for a specific test result. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 11 15:16:36 2012 +0100 Added 'oscap generate guide' tests for XCCDF 1.1 and 1.2 The tests are very basic but should prevent the scenario of XSLT generating an empty HTML skeleton for files it doesn't understand. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 11 14:47:35 2012 +0100 Created a workaround to make XCCDF 1.2 files work with XSLTs we provide Also uncommented XCCDF 1.2 generate {report,fix} tests because it all works now! Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Dec 10 18:57:40 2012 +0100 Added rudimentary 'oscap xccdf generate report' tests Only XCCDF 1.1 for now, XCCDF will be fixed and uncommented later. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Dec 10 15:20:18 2012 +0100 Do not use strcmp to compare versions. As the FIXME suggested. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Dec 10 16:13:20 2012 +0100 Tests for 'oscap xccdf generate fix' XCCDF 1.2 testing is commented because it doesn't work right now, will be fixed in future commits. Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Dec 9 10:15:27 2012 +0100 tests: Workaround alpha and beta releases of Red Hat Enterprise Linux Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 8 15:43:01 2012 +0100 We really ought to use --whatprovides to find out redhat-release package. Addressing (on rhel6): + test_api_xccdf_default_cpe_rhel6 [ FAIL ] Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 8 15:29:50 2012 +0100 Do not forward NULL to oscap_list_add (CWE-476). Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 8 15:17:33 2012 +0100 Do not leak iterator when returning early. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 8 15:14:58 2012 +0100 Do not leak binding when (val == NULL). Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 8 15:08:22 2012 +0100 Do not leak binding when (value == NULL). Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 7 17:00:24 2012 +0100 Ensure sane permissions on temp directory (CWE-377). Even though the mkdtemp() man page indicates that the directory will be created with always 0700 permissions on GNU/Linux, it might be actually affected by the process's umask. We shall also ensure 0700 on non-GNU/Linux other platforms. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 7 16:56:26 2012 +0100 Fix wrong regex for fedora-release rpm version. Addressing: + test_api_xccdf_default_cpe_fedora16 [ FAIL ] Caused by: 5d3d4d648591d76c6dd3ed3b26736d7f27d4ea1f Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 7 16:37:42 2012 +0100 Remove temp directory when benchmark cannot be parsed (CWE-404). Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 7 16:31:28 2012 +0100 Check the return value of the remove() syscall (CWE-252). Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 7 16:08:39 2012 +0100 trac#67: Document behavior of `oscap info ds.xml` Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 7 15:09:04 2012 +0100 CPE for Fedora 18 shall not match on Fedora 180. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Dec 7 15:02:30 2012 +0100 trac#293: Fix default cpe oval to recognize RHEL6 correctly. Note, that the new object is used only on RHEL6. As the `rpm -q` performs far better on other platforms than the `rpm -qf`. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Dec 6 12:38:38 2012 +0100 confgen.sh: don't overwrite configure.ac in case of a failure Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Dec 5 23:24:40 2012 +0100 tests: Tidy the fts test a bit Use a single tempdir. Don't delete it upon failure. Display its name in the log. Call bash directly, not through /usr/bin/env. Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Dec 5 22:11:46 2012 +0100 tests: api/probes: Call all tests from one shell script Alignment with other tests. Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Dec 5 11:31:35 2012 +0100 tests: Reformat Makefile.am variables Road to Hell is paved with good intentions. Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Dec 5 16:11:25 2012 +0100 [tests] don't run the oval-def_set.xml test on systems without /tmp on a filesystem not mounted with the relatime option Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Dec 5 16:10:15 2012 +0100 [tests] - don't run selinuxboolean and runlevel tests on rhel-7 Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Dec 4 21:13:08 2012 +0100 oval fts: Consider tmpfs to be a 'local' filesystem This caused trouble when tmpfs was mounted on /tmp, for example. Also squeeze the surrounding code a bit. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 4 18:20:32 2012 +0100 Use a single (OpenSCAP wide) XSD schema for CPE naming. Also remove redundant schemas. Addressing: OpenSCAP Error: Element '{http://www.w3.org/2001/XMLSchema}import': Skipping import of schema located at '../../../../schemas/sds/1.2/cpe-naming_2.3.xsd' for the namespace 'http://cpe.mitre.org/naming/2.0', since this namespace was already imported with the schema located at '../../../../schemas/xccdf/1.2/cpe-naming_2.3.xsd'. [../../../src/XCCDF/elements.c:83] Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 4 17:14:02 2012 +0100 Remove unused schema files. The schemas/common/xmldsig-core-schema.xsd is used instead. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 4 16:41:49 2012 +0100 Use a single (OpenSCAP wide) XSD schema for XML signatures. While having an XSD schema for the same namespace imported many times from various locations seems to be in line with the standard, it causes some ancient versions of xmllib to fail. Having the XML schema just once should also improve performance and overall size of the package. Addressing: OpenSCAP Error: Element '{http://www.w3.org/2001/XMLSchema}import': Skipping import of schema located at '../../../../schemas/sds/1.2/xmldsig-core-schema.xsd' for the namespace 'http://www.w3.org/2000/09/xmldsig#', since this namespace was already imported with the schema located at '../../../../schemas/oval/5.10/xmldsig-core-schema.xsd'. [../../../src/XCCDF/elements.c:83] Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 4 16:39:36 2012 +0100 Test that makes sure we reject datastream with invalid OVAL inside Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 4 16:12:10 2012 +0100 Remove whitespaces from XML schema definition file. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 4 15:41:34 2012 +0100 Remove unused schema files. The schemas/common/xml.xsd is used instead. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Dec 4 15:28:20 2012 +0100 Use a single (OpenSCAP wide) XSD schema for XML namespace. While having an XSD schema for the same namespace imported many times from various locations seems to be in line with the standard, it causes some ancient versions of xmllib to fail. Having the XML schema just once should also improve performance and overall size of the package. Addressing: OpenSCAP Error: Element '{http://www.w3.org/2001/XMLSchema}import': Skipping import of schema located at '../../../../schemas/sds/1.2/xml.xsd' for the namespace 'http://www.w3.org/XML/1998/namespace', since this namespace was already imported with the schema located at '../../../../schemas/xccdf/1.2/xml.xsd'. [../../../src/XCCDF/elements.c:83] Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Dec 4 16:11:04 2012 +0100 Make it explicit that we validate input data unless requested otherwise Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 4 14:08:27 2012 +0100 fixing a leak in test_api_xccdf.c Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 4 14:07:01 2012 +0100 xccdf_override->time stored as a string time_t was too error prone Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 4 13:25:42 2012 +0100 xccdf_result_item->start/end_time stored as string time_t was too error prone Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 4 13:05:28 2012 +0100 xccdf_rule_result->time stored as string time_t was too error prone Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 4 12:57:18 2012 +0100 version_time of xccdf_item stored as a string time_t was too error prone Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 4 12:21:41 2012 +0100 pub_date store timestamp as a string time_t was too error prone Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Dec 3 18:27:23 2012 +0100 Altered the xccdf11-results test a bit to explicitly contain title/@lang Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Dec 3 18:25:49 2012 +0100 Fixed a parser bug that skipped target-facts element in test-result Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Dec 3 15:04:29 2012 +0100 add missing makefile.am Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun Dec 2 15:48:55 2012 +0100 move xccdf export/validation test to "parser" subdirectory Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun Dec 2 14:50:54 2012 +0100 use "$XMLDIFF" variable instead of path to xmldiff.pl Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun Dec 2 14:49:25 2012 +0100 add XCCDF Results parser test Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun Dec 2 13:40:23 2012 +0100 remove obsoleted test_api_xccdf_dump.c Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 1 17:47:49 2012 +0100 tests: Do not export variables twice. These are already defined in the Makefile.am. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 1 15:52:08 2012 +0100 tests: Do not hardcode path to scap. Use the variable instead. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Dec 1 15:30:40 2012 +0100 tests: Drop OSCAP_DIR variable, use OSCAP instead. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 28 15:35:46 2012 +0100 tests: A more complex check for Datastream evaluation. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 28 15:43:40 2012 +0100 tests: Refactor the setting of the path to oscap binary to a single place. And export the $OSCAP variable everywhere. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Nov 30 13:39:49 2012 +0100 [probes] rpmverify: make a private copy of the filename string so that we don't read memory freed by rpmVerifyFile Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Nov 30 11:34:40 2012 +0100 Warn in the debug log about unknown XCCDF elements Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 29 19:29:34 2012 +0100 Catch errors in xccdf_benchmark_parse and pass them on Also did minor refactoring in xccdf_benchmark_import. Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Nov 29 17:51:01 2012 +0100 oscap info sds.xml -> print xccdf profiles too Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Nov 29 16:15:54 2012 +0100 oscap info recognize result datastream Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 29 16:59:20 2012 +0100 Check namespace of parsed XCCDF elements Removed XCCDF_XMLNS from elements.h header. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 29 17:30:20 2012 +0100 tests: Workaround namespaces declarations exported in different order. Addressing: + text_api_xccdf-1.1_export [ FAIL ] Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 29 16:48:36 2012 +0100 tests: Workaround missing .el5 in the redhat-release's %{RELEASE} Addressing: + test_api_xccdf_default_cpe_rhel5 [ FAIL ] Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 29 12:28:55 2012 +0100 Fixed a typo in xccdf_version_cmp Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 28 14:19:51 2012 +0100 Divide words by a space. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 28 14:03:28 2012 +0100 tests: Use correct timestamp in datastream. Addressing: $ oscap ds sds-validate ./ds_sds_index/sds.xml File './ds_sds_index/sds.xml' line 3: Element '{http://scap.nist.gov/schema/scap/source/1.2}data-stream', attribute 'timestamp': '2012-11-01' is not a valid value of the atomic type 'xs:dateTime'. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 28 13:19:52 2012 +0100 trac#286: Remove broken xlink:href. Addressing: rds_simple FAIL: test_ds.sh rds_testresult FAIL: test_ds.sh Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Nov 27 19:06:25 2012 +0100 tests: Ensure that there are no dead xlinks in DS. This shall avoid broken documents like trac#286. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 28 11:58:05 2012 +0100 tests: Do not set XPATH variable in locally in Makefile. It is already set globally in tests/test_common.sh. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 28 10:18:17 2012 +0100 tests: Configure XPATH globally. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 28 12:28:38 2012 +0100 Added forgotten fedora18-xccdf.xml required for the default_cpe tests Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Nov 27 19:21:38 2012 +0100 Do not return XCCDF_RESULT_UNKNOWN for an empty groups. A non-zero return value is considered en error. Thus evaluation of en empty group terminates evaluation. Empty groups shall return 0 value, which indicates successuful evaluation. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Nov 27 16:02:40 2012 +0100 tests: Wastly extend assertions in XCCDF and DS tests. Chances of finding errors are much larger, when the tests use `set -e -o pipefail`. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 27 15:47:41 2012 +0100 Fixed default_cpe test's Makefile.am Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 27 15:33:19 2012 +0100 Altered Fedora CPE refs inside default CPE oval files to be consistent Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 27 15:31:04 2012 +0100 Added Fedora 18 to default CPE dictionary Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Nov 27 14:55:45 2012 +0100 [probes] filehash58: remove rmd-160 from the list of supported digest algorithms OVAL doesn't know about this digest algorithm. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 27 14:40:59 2012 +0100 Added a test to evaluate a signed datastream No verification of the signature is done. This just tests that we can successfuly parse it and evaluate it as if it were a bare datastream. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Nov 27 14:29:01 2012 +0100 [crapi] Added rmd160 init,update,fini,free function implementations Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Nov 27 13:47:36 2012 +0100 [crapi] Use the CGRYCTL_SET_ENFORCED_FIPS_FLAG, if available Detect systems with gcrypt library versions with the GCRYCTL_SET_ENFORCED_FIPS_FLAG and use this flag during initialization of the gcrypt library in our crypto API. The flag puts the gcrypt library into enforced FIPS mode. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Nov 27 13:13:43 2012 +0100 [probes] filehash,filehash58: return an error if a digest algorithm is not available (FIPS) Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Nov 27 13:09:00 2012 +0100 [crapi] Check gcry_md_open return value Set the result size to zero if an algorithm is not available for some reason (FIPS). Comment on the gcry_md_hash_buffer usage where we can't check anything... Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Nov 26 16:32:57 2012 +0100 Altered the man page to mention inbuilt CPE names Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Nov 26 15:50:17 2012 +0100 Print inbuilt CPE info in "oscap --version" Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Nov 26 15:37:00 2012 +0100 Added a simple method to aid in printing oscap_text lists Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Nov 26 14:17:39 2012 +0100 Refactored code to add public oscap_path_to_cpe() Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Nov 26 13:35:10 2012 +0100 Added the default cpe folder to spec files Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 26 12:59:55 2012 +0100 trac#284: Raise a hint on unsupported XCCDF namespace. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 26 12:38:54 2012 +0100 Document datastream parsing a bit. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 26 12:22:53 2012 +0100 Assert for what is assumed. Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 25 19:15:17 2012 +0100 Do not return success on unexpected data. Throw assert intead. Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 25 19:10:33 2012 +0100 Amend cpe applicability test for distcheck. Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 25 18:37:20 2012 +0100 Decent society ought not to compare integer variable to boolean value (false). Addressing the flawed scanning process which has evaluated only first items of each group. Introduced by ed834a77f24a12ccbc81ea36816848f3c6ff6e67. This bug has not been visible until recent selector rewrite, because this was a dead code. Author: Martin Preisler <mpreisle@redhat.com> Date: Sat Nov 24 14:21:11 2012 +0100 Added forgotten cpe/Makefile.am Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Nov 23 16:24:54 2012 +0100 Default CPE tests Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Nov 23 16:12:44 2012 +0100 Default CPE content, automatically using it when creating xccdf policy Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 21 16:47:49 2012 +0100 trac#28: Make sure the Group/@extends is not used in XCCDF 1.2+ Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 21 16:46:52 2012 +0100 Introduce a function for XCCDF version comparison. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 21 15:36:38 2012 +0100 Ensure correct comparison. Addressing: debug.c:115: warning: comparison between signed and unsigned integer expressions debug.c:213: warning: comparison between signed and unsigned integer expressions Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 21 15:00:00 2012 +0100 Remove unused variables. Addressing: xccdf_policy.c:1785:43: warning: unused variable 'policy' xccdf_policy.c:1784:43: warning: unused variable 'profile' xccdf_policy.c:1783:43: warning: unused variable 'profile_it' Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 21 09:50:24 2012 +0100 Speed up policy_model creation -- lazy creation of policy. Do not instanciate xccdf_policy for each of the profiles in constructor. Create a xccdf_policy only upon demand instead. Given the model_get_policies() function, this can be seen as something controversial, but in most cases tools use only a single xccdf_policy thus creating all of the policies is an unnecessary operation. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Nov 20 18:55:02 2012 +0100 Kiss, there is no need to keep 11 extra lines because of NULL values. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Nov 20 18:29:05 2012 +0100 tests: trac#194: Use a selector with cluster-id to test correct profile resolving. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Nov 20 16:20:20 2012 +0100 tests: trac#194: Use a selector with cluster-id to enable a set of items. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Nov 20 16:00:42 2012 +0100 tests: trac#194: Use a selector with cluster-id to disable group. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 16 09:52:06 2012 +0100 trac#194: Selector processing shall consider clusters. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Nov 20 12:43:32 2012 +0100 tests: Test for oscap_htable_iterator. Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Nov 18 16:16:30 2012 +0100 oscap_htable_iterator. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Nov 17 16:44:59 2012 +0100 Publish the xccdf_policy_is_item_selected() Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 16 16:41:58 2012 +0100 Remove commented-out and non-existing function. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 16 16:16:48 2012 +0100 Ask policy if the rule is selected. Do not rely on selectors, there might not be one. Addressing Segmenation fault. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 16 15:55:36 2012 +0100 Do not use selectors to drive evaluation. We need to evaluate document in top-down order. Moreover, since trac#276 there might be items which do not have selector, but are still selected. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 16 14:44:50 2012 +0100 Update xccdf_policy internal structures when selector is added. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 16 13:55:53 2012 +0100 trac#201: Deprecate xccdf_policy_set_selected. This function can be hardly implemented. Creating a selector for a given item does not necessarily imply its selection. Anyway, deprecation should not be really concern here since this function has never been working. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 16 10:35:52 2012 +0100 Evaluation shall not decide upon selector but final value. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 16 09:51:47 2012 +0100 trac#276: Rewrite selector handling within xccdf_policy. Note that there are multiple determinants which affect selection of given item: * @selected attribute of given item * @selected attribyte of its parent group * the last selector from profile for given item (there might be none or many of them; it also needs to consider clusters). * conflicts/requires of the item Additionally, we want to support use-case when selector is added to the policy later (during tailoring or by an editor). Previously, we have maintained list of selectors in `policy->selects' for all the items (items without explicit selector got created one). To put it more clearly, we have stored user defined selectors and calculated values in the same structure -- making more than one processing in row impossible. Admittedly, it worked very well for all the naive use-cases. This rewrite brings data separation. See the very first hunk. Thereunto, xccdf:requires and xccdf:conflicts are not resolved by xccdf_policy structure and should be applied later during so-called Item Processing Algorithm. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 15 08:59:33 2012 +0100 Benchmark should have a track of cluster-id. Items (Rule, Group and Value elements), may have @cluster-id attribute. This attribute might be used for tailoring the benchmark by profile's selectors. Having items grouped by their cluster-id is prerequisite for easy tailoring. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 15 08:56:40 2012 +0100 Introduce oscap_htable_free0. This function might be usefull when disposposing hash of hashes. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 14 17:14:19 2012 +0100 Assert that selector is not null. It should really not happen. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Nov 20 18:50:15 2012 +0100 tests: Even tests shall not blindly take first policy. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 14 11:26:56 2012 +0100 Do not blindly take first policy. This does not change the behavior at all, it only cleanups the code by moving responsibility/abstraction to the proper level. One can argue that the default policy is always on the first position in the list, but that is rather the implementation detail. A detail which shall not be used within the tool. The function `xccdf_policy_model_get_policy_by_id' can already take the NULL attribute and do the right thing. Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Nov 20 14:58:33 2012 +0100 tests: Test for exact exit code Segfaulting binaries also return nonzero values. Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Nov 20 15:10:32 2012 +0100 cpe: Check the return value before passing it along Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Nov 19 15:49:56 2012 +0100 bump version to 0.9.3 Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Nov 19 15:49:33 2012 +0100 [dist] add missing changelog entries Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Nov 19 09:21:28 2012 +0100 openscap-0.9.2 Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Nov 19 09:21:10 2012 +0100 bump libopenscap.so version to libopenscap.so.2.0.1 Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Nov 19 12:48:30 2012 +0100 [tests] don't run the oval-def_set.xml test on systems without a filesystem not mounted with the relatime option Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Nov 16 15:52:48 2012 +0100 [tests] test_probes_process - 15 processes are too much for simple testing machine Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Nov 15 16:42:33 2012 +0100 [probes] rpmverify* - don't include directly rpm/rpmtag.h in order to allow build on rhel5 Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Nov 16 13:50:39 2012 +0100 Split the callback wrappers accordingly in the python bindings Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Nov 16 11:18:10 2012 +0100 CVE is always compiled -> clean up configure.ac.tpl Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Nov 16 10:42:13 2012 +0100 comment callback_syslog_result() function I want to suppress compilar warning, this function is not used now && I don't want to remove it. Future generations might like it. Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Nov 15 20:49:24 2012 +0100 probes: fileextendedattribute: Process behaviors even for a filepath Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Nov 15 20:48:55 2012 +0100 probes: filemd5: Process behaviors even for a filepath Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Nov 15 20:48:24 2012 +0100 probes: filehash58: Process behaviors even for a filepath Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Nov 15 20:47:57 2012 +0100 probes: filehash: Process behaviors even for a filepath Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Nov 15 20:20:00 2012 +0100 probes: file: Process behaviors even for a filepath Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Nov 15 20:05:37 2012 +0100 oval fts: Reorder the filesystem check before the pattern matching. Both "partial match optimization" and filesystem check are only carried out on directories or symlinks. At the point the matching succeeded, it prevented the fs check from taking place. Reorder the two to properly implement a logical AND. Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Nov 15 20:02:07 2012 +0100 oval fts: Process behaviors even for a filepath This is to align the code with the specification. http://oval.mitre.org/language/version5.10.1/ovaldefinition/documentation/unix-definitions-schema.html#FileBehaviors Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Nov 15 17:32:24 2012 +0100 oval fts: Rewrite the heuristic for pattern matching on path and filepath This includes rejecting unusable patterns, extracting a fixed prefix of the path to speed up the search and obtaining a pattern usable for patial matching to gain additional speedup. The last task is complicated by the fact that the versions of libpcre prior to 8.00 don't allow certain patterns to be used. There are several TODOs left: The first being a usable error reporting. The second being a stricter pattern checking. The code is there, sleeping in the comment block, waiting for the people, who would probably search for their car keys with a regexp, to fix their OVAL definitions. Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Nov 15 15:41:28 2012 +0100 oval fts: Don't return nonexistent paths fts_read() happily returns an entry for a nonexistent path if it was specified as an argument to fts_open(). Add a call to stat() to verify the path actually exists. Symlinks without an existing target are considered OK. Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Nov 15 14:44:54 2012 +0100 oval fts: Remove unused elements from struct OVAL_FTS Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Nov 15 16:18:20 2012 +0100 [probes] selinuxsecuritycontext - don't try to split an empty SELinux range Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Nov 15 13:18:54 2012 +0100 [test] rpmverify - fix test also for rhel5 - trac#278 Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 14 17:33:29 2012 +0100 Fixed check/@system for OVAL reference This should not affect the outcome of the test but is the right thing. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 14 17:33:02 2012 +0100 Use oscap_determine_document_type when detecting types of SDS components Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 14 15:48:12 2012 +0100 Uncommented the schemas test checking for external imports Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 14 15:45:00 2012 +0100 Include OASIS xAL.xsd and xNL.xsd schemas to avoid downloading them Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 14 14:19:04 2012 +0100 Validate embedded CPE dicts & langs from SDS with OSCAP_FULL_VALIDATION=1 Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 14 13:59:32 2012 +0100 Validate CPE resources passed via "oscap xccdf eval --cpe CPE_RESOURCE" Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 14 13:57:00 2012 +0100 Fix CPE dict version detection for CPEs not containing <generator> CPE dictionaries don't always have to contain the <generator> element, we can't rely on just this element to figure out the version. This commit adds code to detect version falling back to the namespace of the root element. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 14 12:36:57 2012 +0100 CPE 2.3 language is now supported by "oscap cpe validate" Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 14 10:52:36 2012 +0100 Fixed and added references to CPE 2.3 schemas in oscapxml.c Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Nov 13 23:51:27 2012 +0100 make test_default_selector and test_inherit_selector more robust rule results are not relevant for these tests, lets make them return always pass Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 13 15:25:05 2012 +0100 Support --cpe-dict as a deprecated synonym to --cpe in oscap xccdf eval Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 13 15:06:39 2012 +0100 Use --cpe instead of --cpe-dict and --cpe2-dict in oscap xccdf eval Document type is autodetected. Also modified tests accordingly. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 13 14:20:32 2012 +0100 Support CPE dict and CPE language for embedded CPEs in datastream Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 13 13:48:41 2012 +0100 Use CPEs inside datastream in "oscap xccdf eval". Only CPE dicts for now! Support for CPE lang models will follow. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 13 13:26:01 2012 +0100 Use more predictable "deduced" filenames when splitting datastreams Previously we used xlink:@href and stripped the prefix if it was familiar, now we use @id and never strip anything. Tests were fixed to compensate for this. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 13 13:16:49 2012 +0100 [cpe] do not free the xmlParserCtxt before reporting error from it Otherwise we report memory garbage. Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Nov 12 21:10:31 2012 +0100 tests: Correction to mktemp arguments The previous form caused some problems with older versions of mktemp. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Nov 12 19:15:51 2012 +0100 Read SDS index and use the info to figure out DS and component IDs Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Nov 12 17:01:53 2012 +0100 Removed the ability to implement a checking engine from Python It was broken and as far as I can see not used by anyone. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Nov 12 15:02:36 2012 +0100 [probes] sysctl: fixed sysctl value parsing Refactored the code a bit to make sure the boundary checking works as expected and added length check for the last value. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Nov 10 19:20:16 2012 +0100 tests: Simplifily return value logic. By removing some of the useless lines. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Nov 10 18:36:52 2012 +0100 No need to discard const qualifiers. Addressing: oscap-info.c:216:17: warning: initialization discards ‘const’ qualifier from pointer target type oscap-info.c:224:17: warning: initialization discards ‘const’ qualifier from pointer target type oscap-info.c:235:17: warning: initialization discards ‘const’ qualifier from pointer target type Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Nov 10 18:34:34 2012 +0100 Polite the info output a bit. When there are multiple streams and none has a dictionary the output look ugly to me. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Nov 10 18:15:51 2012 +0100 Do not hardcode path to oscap. It has been already exported to env. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Nov 10 18:13:57 2012 +0100 Do not shadow global declaration. Addressing: test_ds_sds_index_invalid.c: In function ‘main’: test_ds_sds_index_invalid.c:28:23: warning: declaration of ‘index’ shadows a global declaration test_ds_sds_index_multiple.c: In function ‘main’: test_ds_sds_index_multiple.c:28:23: warning: declaration of ‘index’ shadows a global declaration test_ds_sds_index.c: In function ‘main’: test_ds_sds_index.c:28:23: warning: declaration of ‘index’ shadows a global declaration Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Nov 10 18:02:11 2012 +0100 Do not forget to handle @system in the clone and check-fact-ref parsing. Related to: f1e5ed05f4d9c93ada0eaec10fa642340cdb3861 Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Nov 10 17:54:01 2012 +0100 CPE_LANG_OPER_CHECK shall dispose the @system. It carries @system since f1e5ed05f4d9c93ada0eaec10fa642340cdb3861. Addressing: 204 bytes in 4 blocks are definitely lost in loss record 1 of 2 at 0x4A074CD: malloc (vg_replace_malloc.c:236) by 0x3E9C2AA6D7: xmlStrndup (xmlstring.c:45) by 0x3E9C2E5EF3: xmlTextReaderGetAttribute (xmlreader.c:2383) by 0x4CC564B: cpe_testexpr_parse (cpelang_priv.c:522) by 0x4CC5130: cpe_platform_parse (cpelang_priv.c:412) by 0x4CC4F44: cpe_lang_model_parse (cpelang_priv.c:365) by 0x4CCFF33: xccdf_benchmark_parse (benchmark.c:181) by 0x4CCF8A3: xccdf_benchmark_import (benchmark.c:59) by 0x40AE77: app_evaluate_xccdf (oscap-xccdf.c:527) by 0x40718E: oscap_module_call (oscap-tool.c:260) by 0x407616: oscap_module_process (oscap-tool.c:345) by 0x40608A: main (oscap.c:77) Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Nov 10 17:41:31 2012 +0100 Do not hide memory by newly allocated one. Addressing: 64 bytes in 2 blocks are definitely lost in loss record 2 of 4 at 0x4A05BB4: calloc (vg_replace_malloc.c:467) by 0x4C553FA: __oscap_calloc_dbg (alloc.c:145) by 0x4CC49D7: cpe_testexpr_new (cpelang_priv.c:213) by 0x4CC4B5F: cpe_platform_new (cpelang_priv.c:273) by 0x4CC4EA1: cpe_platform_parse (cpelang_priv.c:383) by 0x4CC4E14: cpe_lang_model_parse (cpelang_priv.c:365) by 0x4CCFDF3: xccdf_benchmark_parse (benchmark.c:181) by 0x4CCF763: xccdf_benchmark_import (benchmark.c:59) by 0x40A65F: app_evaluate_xccdf (oscap-xccdf.c:527) by 0x406C0E: oscap_module_call (oscap-tool.c:260) by 0x407096: oscap_module_process (oscap-tool.c:345) by 0x405B0A: main (oscap.c:77) Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Nov 10 17:27:06 2012 +0100 Don't forget to dispose memory when the session is not null. Addressing: 30 bytes in 2 blocks are definitely lost in loss record 1 of 4 at 0x4A074CD: malloc (vg_replace_malloc.c:236) by 0x4C553B9: __oscap_alloc_dbg (alloc.c:129) by 0x4C56854: oscap_vsprintf (util.c:170) by 0x4C5694F: oscap_sprintf (util.c:184) by 0x4CE95DC: _xccdf_policy_cpe_check_cb (xccdf_policy.c:831) by 0x4CC23F9: cpe_testexpr_evaluate (cpelang.c:169) by 0x4CC2366: cpe_testexpr_evaluate (cpelang.c:158) by 0x4CC24BF: cpe_platform_applicable_lang_model (cpelang.c:186) by 0x4CE99CF: xccdf_policy_model_item_is_applicable_lang_model (xccdf_policy.c:953) by 0x4CE9AD9: xccdf_policy_model_item_is_applicable (xccdf_policy.c:995) by 0x4CE9CD7: _xccdf_policy_rule_evaluate (xccdf_policy.c:1053) by 0x4CEA228: xccdf_policy_item_evaluate (xccdf_policy.c:1170) Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Nov 9 21:27:09 2012 +0100 oscap info supports Source Data Stream Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 9 11:35:35 2012 +0100 Dispose the iterator in case of probe failure. Addressing: ==11585== 88 (8 direct, 80 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 4 ==11585== at 0x4A074CD: malloc (vg_replace_malloc.c:236) ==11585== by 0x4C527C8: __oscap_alloc (alloc.c:55) ==11585== by 0x4C5BD3D: oval_collection_iterator_new (oval_collection.c:210) ==11585== by 0x4C6C905: oval_string_map_values (oval_stringMap.c:310) ==11585== by 0x4C58D82: oval_agent_eval_system (oval_agent.c:248) ==11585== by 0x40833E: app_evaluate_oval (oscap-oval.c:411) ==11585== by 0x406873: oscap_module_process (oscap-tool.c:258) ==11585== by 0x40591E: main (oscap.c:76) Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 9 10:59:05 2012 +0100 tests: Extend the test for export-oval-variables. Each new assertion puts more requirements on the result xml. Each such requirement enhance the value of the test. The set of xml files accepted by previous version of the test is vastly bigger then the set accepted by newer version. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Nov 9 14:21:45 2012 +0100 Check that scap-version is loaded correctly in ds_sds_index tests Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Nov 9 14:21:08 2012 +0100 Parse scap-version in data-stream when loading ds_sds_index Also, minor documentation fixes. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Nov 9 13:33:26 2012 +0100 Added tests for timestamp parsing in data-stream for ds_sds_index Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Nov 9 13:35:44 2012 +0100 Parse and remember data-stream/@timestamp when reading the sds_index Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Nov 9 12:15:09 2012 +0100 add XCCDF resolved info to oscap info module Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Nov 9 09:32:20 2012 +0100 tests: trac#267: export-oval-variables segfault. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 8 21:18:10 2012 +0100 Update documentation on registering engine callbacks. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 8 20:51:54 2012 +0100 Avoid cast to xccdf_policy_engine_query_fn when registering the function. Note that casting may hide issues like trac#267. One can argue that this function always return (struct oscap_stringlist *), and thus it shall not return (void*). As a matter of fact this is subject to change. As documented around xccdf_policy_engine_query_fn this function *may* return a pointer of an arbitrary type. -- The type of pointer depends on query_type. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 8 20:24:00 2012 +0100 Deprecate xccdf_policy_model_register_engine_callback. This function does not strictly checks type of the eval_fn argument. Please use xccdf_policy_model_register_engine_and_query_callback(...) which also allows you to specify query_fn. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 8 19:15:20 2012 +0100 Engine callback shall have a definite type. Don't be afraid to capitalize on features of strongly typed language. Segfaults like trac#267 then become a thing of the past. This changes prototype of the public API function but that is viable, as it will lead only to compile time warning. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 8 19:00:47 2012 +0100 trac#267: Callbacks now have a different prototype. This is consequence of 2d651a4985e11e46d8cb9ecddf8b031a9843003f Addressing: Segmentation fault. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 8 20:38:57 2012 +0100 Do not hide global external declaration. Addressing: oscap-info.c:154:26: warning: declaration of ‘stat’ shadows a global declaration Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 8 20:36:44 2012 +0100 Variable name 'sys' is more common in similar cases. Addressing: cpedict.c:167:14: warning: declaration of 'system' shadows a global declaration xccdf_policy.c:798:52: warning: declaration of 'system' shadows a global declaration Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 8 18:35:58 2012 +0100 Prepared external imports schema test, it's commented for now It fails because OASIS schemas are not bundled yet for ARF 1.1 Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 8 18:10:15 2012 +0100 Cleanup in XSD schemas, added CPE 2.3, removed external imports except OASIS Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Nov 8 16:46:43 2012 +0100 rearrange and clarify OVAL part of the man page Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Nov 8 16:44:56 2012 +0100 use appropriate getopt for each oval operation avoid the mess when arguments from another operation were parsed and silently ignored. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Nov 8 15:35:58 2012 +0100 Documentation fixes in oscap oval eval -h and manpage Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Nov 8 15:14:37 2012 +0100 rearrange man page - first xccdf then oval Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Nov 8 14:57:20 2012 +0100 fixing $oscap xccdf generate custom ... Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 8 11:31:11 2012 +0100 tests: Oops. Even commentaries needs to be portable these days. Addressing: Makefile.am:110: `#' comment at start of rule is unportable Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 8 10:43:59 2012 +0100 tests: Group similar tests together. With growing number of tests, it will be easier to maintain. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 8 10:36:34 2012 +0100 tests: in the XCCDF/unittests we maintain alphabetical ordering. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 8 08:23:48 2012 +0100 trac#142: Avoid storing instance with an empty selector. Previously, we have created new value_instance even for elements like <description> and <title> (see the default clause), which may not carried any data. Consequently, this empty value_instance had adverse effect on evaluation. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 7 14:34:09 2012 +0100 Implement xccdf_value_instance_dump. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 7 14:31:49 2012 +0100 Dump items without status correctly. Addressing: Segmentation fault. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 7 14:10:29 2012 +0100 Refactor: Extract function: _xccdf_value_type_dump. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Nov 8 08:22:30 2012 +0100 Use different value_instance lookup for xml parsing. There are two usages for the value_instance_by_selector function. One is used during evaluation, another one during xml parsing. The former one needs to take trac#142 requirement into account, while the latter must not. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 7 10:15:43 2012 +0100 trac#142: Pick the first value (top-down) in XCCDF:Value if no default value is specified. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Nov 7 10:12:56 2012 +0100 Duplicate condition removal -- oscap_streq already handles NULL. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 7 16:11:00 2012 +0100 Removed ds_is_sds, replaced with oscap_determine_document_type Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 7 15:06:02 2012 +0100 Merge branch 'sds_index-devel' Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 7 14:58:27 2012 +0100 Made the ds_sds_index parser more robust, added tests for that Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 7 14:27:33 2012 +0100 Added ds_sds_index_get_stream testing code to sds_index tests Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 7 14:27:12 2012 +0100 Implemented ds_sds_index_get_stream (by ID) Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Nov 7 14:02:24 2012 +0100 test inheritance of value selectors in profiles Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 7 13:53:01 2012 +0100 Documentation for ds_sds_index, hidden _add_stream from public API Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 7 13:42:36 2012 +0100 Added documentation for ds_stream_index Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 7 13:29:55 2012 +0100 Added means to get components from ds_stream_index to the API Also added parsing of "extended-components" container in source datastream in the index. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 7 13:10:50 2012 +0100 Made the ds_sds_index tests work without relying on relative paths Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Nov 7 12:51:14 2012 +0100 test for trac#142 Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 7 12:47:36 2012 +0100 New ds_sds_index multiple streams test, improved the old test Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Nov 7 12:46:30 2012 +0100 Actually added ds_sds_index parsing code, previous commit only had test Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Nov 6 18:33:26 2012 +0100 Added ds_sds_index parser code + test Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Nov 6 11:31:33 2012 +0100 tests: trac257: verify that fix/@* attributes are exported correctly. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Nov 6 10:01:48 2012 +0100 tests: Do not care about stdout, but unlink stderr. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 5 13:46:40 2012 +0100 trac#257: distinguish between 'not defined' and defined as unknow. For processing both statuses seems to be the same, but for exporting they are different. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 5 15:18:13 2012 +0100 Drop xccdf_read_flag. It is implemented by XCCDF_ITEM_PROCESS_FLAG. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 5 15:08:23 2012 +0100 Drop xccdf_reference, it has been moved to oscap_reference. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 5 14:44:58 2012 +0100 Drop snippets for ancient _clone mechanism. Similar parts were already removed in past, unfortunatelly a few left over. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 5 13:52:40 2012 +0100 Remove a dirt (Christmas cleaning). If You have ever wondered whether it is good idea to comment-out some code, I have a challenge for you. Go and search for history of these leftover and find out which of them have been later implemented (in another place under different name), which have been wrong from day zero, and which have not been needed so far. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 5 14:29:42 2012 +0100 Now we can use that function and get a rid of ancient todo. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 5 13:15:28 2012 +0100 Avoid comparison with magic constants, when a constant for this purpose exists. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 5 11:45:59 2012 +0100 tests: trac#257: xccdf:fix/@disruption and @complexity exporting. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Nov 5 14:34:50 2012 +0100 Data model of the source datastream index Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Nov 5 13:07:26 2012 +0100 probes: correction to symlink handling in textfilecontent probe Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Nov 5 11:42:01 2012 +0100 probes: comment a recent change in the textfilecontent54 probe Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Nov 5 10:41:07 2012 +0100 Refactor: Extract function: oscap_acquire_unlink_dir. Directory operations (creation and removal) shall be gathered up in the same module. Author: Tomas Heinrich <theinric@redhat.com> Date: Sun Nov 4 21:18:33 2012 +0100 tests: Add a test for symlink handling in textfilecontent54 probe Author: Tomas Heinrich <theinric@redhat.com> Date: Sun Nov 4 21:12:44 2012 +0100 tests: Add OSCAP and XPATH convenience variables to TESTS_ENVIRONMENT Aiding the lazy and aligning with other tests. Author: Tomas Heinrich <theinric@redhat.com> Date: Sun Nov 4 16:14:46 2012 +0100 tests: Refactor textfilecontent54 scripts 2/2 Don't call individual tests directly from Makefile. Alignment with other tests. Author: Tomas Heinrich <theinric@redhat.com> Date: Sun Nov 4 15:33:53 2012 +0100 tests: Refactor textfilecontent54 scripts 1/2 Split a test in two for better granularity. Author: Tomas Heinrich <theinric@redhat.com> Date: Sun Nov 4 21:46:40 2012 +0100 probes: correction to symlink handling in textfilecontent54 probe Author: Tomas Heinrich <theinric@redhat.com> Date: Sat Nov 3 21:55:09 2012 +0100 tests: Clean /tmp after use Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Nov 2 22:26:16 2012 +0100 tests: test for a regression caused by the errno check after fts_open() Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Nov 2 22:25:55 2012 +0100 oval fts: Reset errno before the calls to fts_open() The errno is sometimes non-zero before the calls to fts_open() and this breaks the following condition. Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Nov 2 14:21:26 2012 +0100 oval fts: add more debugging information Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Nov 2 13:38:56 2012 +0100 oval fts: Remove unneeded code Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Nov 2 13:22:35 2012 +0100 tests: Check that oval_fts doesn't return nonexistent paths Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Nov 1 22:58:18 2012 +0100 introduce info module (missing file) Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Nov 1 18:06:49 2012 +0100 oval fts: check errno after calls to fts_open() comparing the result to NULL is not enough Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Nov 1 18:14:50 2012 +0100 introduce info module Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 31 16:31:24 2012 +0100 Fix recent typo and whitespaces. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 30 18:11:58 2012 +0100 Added a test for external CPE2 lang model and XCCDF applicability Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 30 18:10:14 2012 +0100 Provide the file path hint for external CPE2 lang models Previously this only worked with CPE2 lang models embedded in XCCDF. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 30 17:29:23 2012 +0100 Added --cpe2-dict CLI option to oscap tool, allows custom CPE2 dicts Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 30 17:28:45 2012 +0100 Implemented CPE2 origin file hint in XCCDF policy Refactored CPE1 origin file hint to use the same code. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 30 17:27:58 2012 +0100 Added check-fact-ref to the xccdf 1.2 serialization test Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 30 15:39:55 2012 +0100 Pass CPE2 check fact ref's system all the way to the callback Callback doesn't use the info but will in the future. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 30 14:51:03 2012 +0100 Parse and serialize CPE2 check fact ref's system Note: We do NOT use this information internally yet. We assume all check fact refs reference OVAL checks! This will be fixed in future commits. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 30 14:46:37 2012 +0100 Added support for check fact ref in serialization of CPE2 logical expr Also changed the logic a bit to always write out errors, even in the "early out" cases. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 30 14:24:52 2012 +0100 Merge branch 'master' into cpe23-devel Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 29 12:07:51 2012 +0100 [tests] probes: extended the file probe test Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Oct 28 16:09:41 2012 +0100 tests: trac#225: Assert for error, when no oval definition. Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Oct 28 15:51:42 2012 +0100 trac#225: Report error when no definition in OVAL file. Addressing: Result: (null) Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 26 17:05:03 2012 +0200 tests: Always recall distcheck. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 26 16:56:03 2012 +0200 Check values of indexes before dereferencing. As per XCCDF 1.2 Truth Tables are not defined for XCCDF_RESULT_FIXED. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 26 16:49:40 2012 +0200 tests: trac#254: (notchecked & notchecked) shall not return notapplicable. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 26 16:16:25 2012 +0200 Truth table should be const. And might be static. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 26 16:10:33 2012 +0200 Fix compilation error in cygwin. Addressing: ./public/oval_probe.h:84:32: error: expected ')' before '*' token Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 26 16:05:06 2012 +0200 trac#254: Repair Truth Table for OR. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 26 14:10:19 2012 +0200 trac#254: Repair Truth Table for AND. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 26 13:17:25 2012 +0200 Remove untrue commentaries. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 26 09:54:10 2012 +0200 Refactor: Extract function: oscap_content_resources_free. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 26 09:42:51 2012 +0200 trac#253: export-oval-variables & remote content Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 25 16:42:52 2012 +0200 Refactor: Extract function: command_line_get_oval_resources. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 25 16:30:52 2012 +0200 Remove tautologic condition. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 25 15:58:15 2012 +0200 Do not discriminate odd numbers. This was looping only throu even numbers. Addressing: ==23407== Invalid read of size 8 ==23407== at 0x409C73: app_evaluate_xccdf (oscap-xccdf.c:573) ==23407== by 0x4063EE: oscap_module_call (oscap-tool.c:258) ==23407== by 0x406876: oscap_module_process (oscap-tool.c:343) ==23407== by 0x4052EA: main (oscap.c:75) ==23407== Address 0x52a7f40 is 0 bytes after a block of size 16 alloc'd ==23407== at 0x4A074CD: malloc (vg_replace_malloc.c:236) ==23407== by 0x40C2CC: getopt_xccdf (oscap-xccdf.c:1403) ==23407== by 0x406836: oscap_module_process (oscap-tool.c:335) ==23407== by 0x4052EA: main (oscap.c:75) Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 25 15:03:57 2012 +0200 Workarounds shall not leak. Addressing ==1733== 9,764 (176 direct, 9,588 indirect) bytes in 1 blocks are definitely lost in loss record 36 of 36 ==1733== at 0x4A074CD: malloc (vg_replace_malloc.c:236) ==1733== by 0x3E9C251E84: xmlNewDoc (tree.c:1153) ==1733== by 0x3E9C2FCF40: xmlSAX2StartDocument (SAX2.c:982) ==1733== by 0x3E9C24DF7D: xmlParseDocument (parser.c:10285) ==1733== by 0x3E9C24E0C4: xmlDoRead (parser.c:14612) ==1733== by 0x4C5248B: oscap_validate_xml (oscapxml.c:187) ==1733== by 0x409CCB: app_evaluate_xccdf (oscap-xccdf.c:502) ==1733== by 0x4064D3: oscap_module_process (oscap-tool.c:258) ==1733== by 0x40556E: main (oscap.c:75) Caused by: 10181fcaf104901c734fbf37f385ec9eb4e5c5b6 Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 25 14:24:12 2012 +0200 Refactor: Extract function: xccdf_policy_get_oval_resources. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 25 14:09:08 2012 +0200 Do not free something which is NULL. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 25 10:16:04 2012 +0200 Escape url when exporting variables. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 25 08:45:07 2012 +0200 Reduce scope of variables -- where it does not break the style. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 24 18:47:03 2012 +0200 Report shall not query oval results for multi-check. Addressing non solicited error message from libxml on el5 at the end of USGCB evaluation. I/O warning : failed to load external entity "./http%3A//www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml.result.xml" Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 24 18:34:38 2012 +0200 trac#246: Do not process Rules, use rule-results instead. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 24 18:25:18 2012 +0200 tests: Amend buggy workaround for distcheck to not break check. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 24 17:34:24 2012 +0200 tests: Workaround trac#245 for distcheck. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 24 14:42:03 2012 +0200 tests: trac#248: Missing xsl/ shall not cause segfault. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 24 14:17:47 2012 +0200 tests: trac#247: Do not ommit checks with empty selector. This is the first test generate feature. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 24 13:41:19 2012 +0200 trac#248: Do not cleanup something which was not initialized. Addressing: Segmentation fault. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 24 11:31:01 2012 +0200 Include oval by default when `oscap xccdf generate guide'. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 24 10:27:27 2012 +0200 Documentation for `oscap xccdf generate report --oval-template'. It has been already documented in the man page. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 23 19:45:48 2012 +0200 trac#247: not(@selector) and @selector="" has the same semantics. Addressing: OVAL results missing from report driven by XCCDF result of USGCB. Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Oct 24 10:39:22 2012 +0200 tests: rename output file to have it matched by the 'distclean' rule Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Oct 23 17:46:39 2012 +0200 tests: tighter return code checking in a cpe test the previous code didn't catch a segfault of the test binary Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Oct 23 17:23:40 2012 +0200 tests: fix return codes in cpe test Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Oct 23 17:06:36 2012 +0200 cpe: check return value before dereferencing it Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 23 14:53:29 2012 +0200 [common] assume.h: use the __emitmsg_fp macro consistently Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 23 13:05:24 2012 +0200 [probes] routingtable: quiet gcc Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Oct 23 12:41:05 2012 +0200 tests: decrease number of inspected processes should prevent a failure when there's not that many running Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Oct 22 22:27:10 2012 +0200 tests: comment out obsolete tests Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 18 09:52:50 2012 +0200 obsolete unsupported quite mode Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 17 16:30:58 2012 +0200 support both validate-xml and validate Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 17 14:29:15 2012 +0200 add documentation to oscap cve Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 16 22:17:47 2012 +0200 claim we support CVE 2.0 Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 16 21:34:46 2012 +0200 implement oscap cve find + fix leaks Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 16 19:55:22 2012 +0200 fix validation - libxml workaround Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 15 15:05:52 2012 +0200 oscap tool can validate CVE NVD feed Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun Oct 14 14:38:17 2012 +0200 enable cve compilation and add cve module to oscap tool Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun Oct 14 11:26:43 2012 +0200 rework cve test suite Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun Oct 14 11:25:57 2012 +0200 rename cve public header Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Sep 27 15:33:47 2012 +0200 tests: rewrite process-probe test call ps(1) only once to prevent race conditions, remove bogus regexeps matching unwanted processes, checking for duplicities has to occur before any other filtering, prefer long-lived processes to minimize race conditions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 22 13:38:06 2012 +0200 [probes] iflisteners: fixed insecure snprintf usage Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Oct 22 09:28:13 2012 +0200 bump release number Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Oct 22 09:12:52 2012 +0200 [dist] add changelog entry for the new release Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Oct 22 08:50:13 2012 +0200 openscap-0.9.1 Author: Tomas Heinrich <theinric@redhat.com> Date: Sun Oct 21 23:27:26 2012 +0200 common: prevent passing NULL to fclose() Author: Tomas Heinrich <theinric@redhat.com> Date: Sun Oct 21 23:25:39 2012 +0200 fts: change the operator for a bool operand previously the result was always true Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Oct 20 00:29:35 2012 +0200 In OpenSCAP, we don't need to test the same thing twice again. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Oct 20 00:07:44 2012 +0200 Reduce scope of variable inside a assume macros. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 19 23:44:25 2012 +0200 Polish stderr messages with line breaks. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 19 21:14:43 2012 +0200 Ignore python's object file. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 19 19:26:25 2012 +0200 [docs] Sync documentation with param lists. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 19 18:50:27 2012 +0200 [lint] Do not use ! operator for non boolean values. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 19 18:28:03 2012 +0200 [docs] Use semantic comments to close docs groups. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 19 18:17:34 2012 +0200 Do not define macros when they are already defined. This may turn usefull when running splint which does not know GCC extensions and fails to parse things like _Pragma. You can fire up your lint commands with: -DOSCAP_HIDDEN_START='' -DOSCAP_HIDDEN_END='' Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Oct 19 20:26:55 2012 +0200 fixing trac#243 Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 19 16:09:29 2012 +0200 [dist] Curl library has a different package name on rhel5. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 19 11:50:49 2012 +0200 [docs] Clarify oscap's parameter: oval-definitions-files Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 18 15:59:26 2012 +0200 trac#213: Sanitize arbitrary url to allow --export-variables. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 18 14:15:30 2012 +0200 Replace 'Zero Killed' with 'Ola Kala'. See etymology of OK. Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 18 13:47:49 2012 +0200 change oscap oval eval return code Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 18 13:13:29 2012 +0200 make man page clear about oscap xccdf eval ... return code rc code calculation is based on scoring algoritms in xccdf where fail and unknown are considered equal Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Oct 17 17:20:25 2012 +0200 Do not use remote XML schemas when validating. Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Oct 17 17:12:57 2012 +0200 oval: off by one brace error Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Oct 17 16:22:54 2012 +0200 oval: use a specific enum for a comparison instead of an arbitrary value Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 17 15:42:30 2012 +0200 Support stdout when saving the xml. Historic feature. I am not sure if it can be dropped. Addressing failing distcheck caused by test_api_syschar.c creating `./-' file. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 17 13:19:31 2012 +0200 [docs] Doxygen should not warn on undocumented artifacts. Although we would most like to have everything documented as fully as possible, we came to the conclusion that no one pays attention to these warnings and thus reducing the number of less serious warning messages may eventually increase our ability to catch others. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 16 18:25:34 2012 +0200 Workaround unfortunate features of libxml2 The xmlSaveFormatFileEnc() prints out I/O error : No such file or directory to stderr, whenever the suplied filename contains % character. No matter that the operation succeeds. By opening the file ourselfs, we can avoid this misleading message. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 17 13:01:08 2012 +0200 Remove overabundant include directive. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Oct 17 14:16:40 2012 +0200 Pass profile info to XSL transformation when --report option is used Previously this wasn't done and it caused wrong substitution inside the generated report. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 16 21:29:35 2012 +0200 [OVAL] quiet gcc Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 16 21:20:11 2012 +0200 [OVAL] oval_fts: fixed path entity value unescaping Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 16 17:23:25 2012 +0200 add missing types, better error reporting Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 16 13:57:06 2012 +0200 [probes] routingtable,rpmverifyfile,rpmverifypackage: don't stop collecting when an item gets filtered Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 16 11:50:04 2012 +0200 oscap shall not return 0 when the export of oval variables has failed. Nor it should proceed with validation. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 16 10:59:47 2012 +0200 A typo. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 16 10:43:04 2012 +0200 trac#213: Sanitize arbitrary url to allow export of --oval-results. Addressing: I/O error : No such file or directory OpenSCAP Error: No such file or directory [oval_resModel.c:284] Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 16 09:20:55 2012 +0200 It is not a bad idea to use prime number for the hash function. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 16 08:34:33 2012 +0200 tests: trac#234: Test multiple oval files with the same basename. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Oct 15 22:06:40 2012 +0200 tests: trac#240: Amend the fashion we test hidden symbols. This shall be interim `solution' until trac#188 is resolved. Addressing: test_oscap_common.o: In function `oscap_alloc': /root/openscap/openscap-0.9.1/_build/tests/API/XCCDF/unittests/../../../../../src/common/alloc.h:105: undefined reference to `__oscap_alloc_dbg' test_oscap_common.o: In function `oscap_calloc': /root/openscap/openscap-0.9.1/_build/tests/API/XCCDF/unittests/../../../../../src/common/alloc.h:111: undefined reference to `__oscap_calloc_dbg' test_oscap_common.o: In function `oscap_realloc': /root/openscap/openscap-0.9.1/_build/tests/API/XCCDF/unittests/../../../../../src/common/alloc.h:117: undefined reference to `__oscap_realloc_dbg' test_oscap_common.o: In function `oscap_reallocf': /root/openscap/openscap-0.9.1/_build/tests/API/XCCDF/unittests/../../../../../src/common/alloc.h:123: undefined reference to `__oscap_reallocf_dbg' test_oscap_common.o: In function `oscap_free': /root/openscap/openscap-0.9.1/_build/tests/API/XCCDF/unittests/../../../../../src/common/alloc.h:129: undefined reference to `__oscap_free_dbg' collect2: ld returned 1 exit status Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Oct 15 19:41:11 2012 +0200 trac#233: Fix yet another memory leak. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Oct 15 18:38:38 2012 +0200 trac#233 A memory leak fix. Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Oct 15 18:38:41 2012 +0200 use correct path for xpath (trac#237) Author: bach <bach@o5za5.cz> Date: Mon Oct 15 16:09:26 2012 +0200 [tests] don't use the <platform> tag in sce tests Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Oct 15 15:28:02 2012 +0200 Do not report libxml2 is missing when it's libcurl that is missing Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 15 14:52:40 2012 +0200 provide our xpath trac#237 #2 Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 15 13:17:25 2012 +0200 provide our xpath trac#237 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 15 10:09:17 2012 +0200 [probes] file: don't stop collecting when an item gets filtered Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 15 09:43:31 2012 +0200 Don't abuse ac_probes/libs/ for non-probe deps (curl) Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 15 07:49:16 2012 +0200 [OVAL] Fixed leaks in the unique and count functions Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Oct 14 13:11:00 2012 +0200 [docs] Fix incorrect @file references. Addressing: src/CPE/public/cpe_name.h:8: warning: the name `cpeuri.h' supplied as the second argument in the \file statement is not an input file src/OVAL/probes/probe/entcmp.c:2: warning: the name `probe-entcmp.c' supplied as the second argument in the \file statement is not an input file src/OVAL/probes/probe/entcmp.h:2: warning: the name `probe-entcmp.c' supplied as the second argument in the \file statement is not an input file src/OVAL/probes/probe/fini.c:2: warning: the name `probe-fini.c' supplied as the second argument in the \file statement is not an input file src/OVAL/probes/probe/init.c:2: warning: the name `probe-fini.c' supplied as the second argument in the \file statement is not an input file src/OVAL/probes/unix/linux/inetlisteningservers.c:2: warning: the name `inetlisteningserver.c' supplied as the second argument in the \file statement is not an input file src/OVAL/public/oval_probe.h:2: warning: the name `oval_probe_h' supplied as the second argument in the \file statement is not an input file src/XCCDF/public/xccdf_benchmark.h:5: warning: the name `xccdf.h' supplied as the second argument in the \file statement is not an input file Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Oct 14 11:41:34 2012 +0200 [docs] Close the group command. Addressing: src/common/alloc.h:163: warning: end of file while inside a group src/common/public/oscap_error.h:87: warning: end of file while inside a group src/DS/public/scap_ds.h:155: warning: end of file while inside a group src/OVAL/_oval_probe_handler.h:54: warning: end of file while inside a group src/OVAL/_oval_probe_session.h:53: warning: end of file while inside a group src/OVAL/oval_filter.c:175: warning: end of file while inside a group src/OVAL/oval_probe_handler.c:124: warning: end of file while inside a group src/OVAL/oval_probe_impl.h:74: warning: end of file while inside a group src/OVAL/oval_probe_session.c:205: warning: end of file while inside a group src/OVAL/oval_sexp.c:1004: warning: end of file while inside a group src/OVAL/oval_sexp.h:59: warning: end of file while inside a group src/OVAL/probes/fsdev.c:412: warning: end of file while inside a group src/OVAL/probes/probe/entcmp.c:1207: warning: end of file while inside a group src/OVAL/probes/probe/entcmp.h:155: warning: end of file while inside a group src/OVAL/probes/probe-api.c:1754: warning: end of file while inside a group src/OVAL/probes/public/findfile.c:463: warning: end of file while inside a group src/OVAL/probes/public/findfile.h:62: warning: end of file while inside a group src/OVAL/probes/public/fsdev.h:93: warning: end of file while inside a group src/OVAL/probes/public/probe-api.h:584: warning: end of file while inside a group src/OVAL/probes/SEAP/public/sexp-manip.h:612: warning: end of file while inside a group src/OVAL/probes/SEAP/sexp-ID.c:127: warning: end of file while inside a group src/OVAL/public/oval_agent_api.h:134: warning: end of file while inside a group src/OVAL/public/oval_agent_xccdf_api.h:113: warning: end of file while inside a group src/OVAL/public/oval_definitions.h:3200: warning: end of file while inside a group src/OVAL/public/oval_directives.h:138: warning: end of file while inside a group src/OVAL/public/oval_probe.h:89: warning: end of file while inside a group src/OVAL/public/oval_probe_handler.h:58: warning: end of file while inside a group src/OVAL/public/oval_probe_session.h:89: warning: end of file while inside a group src/XCCDF/public/xccdf_benchmark.h:3351: warning: end of file while inside a group src/XCCDF_POLICY/public/xccdf_policy.h:581: warning: end of file while inside a group Author: Simon Lukasik <slukasik@redhat.com> Date: Sun Oct 14 11:29:50 2012 +0200 Fix typos in documentation. Addressing: src/XCCDF/public/xccdf_benchmark.h:785: warning: Found unknown command `\memeberof' src/XCCDF/public/xccdf_benchmark.h:2478: warning: Found unknown command `\memeberof' src/XCCDF/public/xccdf_benchmark.h:2480: warning: Found unknown command `\memeberof' src/XCCDF/public/xccdf_benchmark.h:2482: warning: Found unknown command `\memeberof' src/XCCDF/public/xccdf_benchmark.h:2484: warning: Found unknown command `\memeberof' src/XCCDF/public/xccdf_benchmark.h:2486: warning: Found unknown command `\memeberof' src/XCCDF/public/xccdf_benchmark.h:2909: warning: Found unknown command `\memeberof' Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 12 21:31:58 2012 +0200 Remove unused variable. Addressing: src/OVAL/oval_agent.c: In function 'oval_agent_eval_system': src/OVAL/oval_agent.c:247:16: warning: unused variable 'result' [-Wunused-variable] Caused by: 5baf373909b919d15e91fedb200867aaccd8675a Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 12 16:45:08 2012 +0200 Avoid using sprintf when the size of buffer is known. Admittedly, some of these usages were harmless. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 12 17:09:20 2012 +0200 Print out status of downloading. The oval files tend to be quite big and their download may take time. The user shall be notified about the proceedings. Note for future generations: Once we decide to migrate oscap_acquire module to the library and rewrite stderr fprintfs to oscap_seterror, the printf calls shall be moved to the oscap-xccdf.c. Now, it is not feasible as it would only mess stderr and stdout messages. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 12 20:26:16 2012 +0200 [dist] Bash completion for `--fetch-remote-resources'. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 12 20:22:28 2012 +0200 Document --fetch-remote-resources in the man-page. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Oct 8 16:28:51 2012 +0200 trac#213: Support http in check-content-ref/@href. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 12 20:06:37 2012 +0200 [dist] openscap-utils now requires libcurl. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 12 10:31:15 2012 +0200 The build now depends on libcurl-devel. And the openscap-utils package on libcurl. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 11 19:01:34 2012 +0200 Bring the curl dependency back. This partially reverts e8e6ba1e319a57258d8868d797093fa71e116519, and fixes some of its weaknesses. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 12 14:36:07 2012 +0200 trac#234: Handle files with the same basename correctly. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 11 16:57:09 2012 +0200 Get /tmp dir from P_tmpdir macro. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 11 12:14:47 2012 +0200 Make sure the temp directory gets created. Addressing: Segmentation fault. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 11 10:53:33 2012 +0200 Do not use temp_dir as a guess for sds presence. The temp_dir may be later used for oval resul. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 11 10:28:12 2012 +0200 Refactor: Replace function call with variable. We should not open the sds twice. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Oct 10 17:19:05 2012 +0200 Refactor: Extract function: oscap_acquire_temp_dir to a separate module. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 9 16:50:27 2012 +0200 Update the copyright info. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Oct 12 16:11:00 2012 +0200 [OVAL/probes] fixed obj entity mask related memory leaks Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 11 17:38:24 2012 +0200 Fixing behavior regression: oval eval MUST print definition IDs, not titles! This was the reason for make check failing previously. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 11 17:37:56 2012 +0200 Fixes regarding callback changes in openscap_api.py Python wrapper Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 11 16:48:09 2012 +0200 fix compilation of test_api_xccdf.c Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 11 16:08:51 2012 +0200 Changed SWIG start and output callback wrappers so that they compile They also work, at least in theory ;-) Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 11 15:31:48 2012 +0200 Dealt with constness in oval_result_definition getters Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 11 15:01:22 2012 +0200 split policy_reporter into two types Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 11 14:01:37 2012 +0200 Fix includes of text.h and reference.h because of previous refactoring See 659db8b4bd262aefb7ffb91045f052cba3ac42d1 and eb27b7332f687f8e09872026c240e1b3688ed5bf Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 10 13:00:46 2012 +0200 get rid of oscap_reporter at all (almost) -> bindings Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 10 10:31:46 2012 +0200 get rid of oscap_report in oval_agent_eval() Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 10 00:21:27 2012 +0200 get rid of oscap_report in policy evaluation callbacks Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 10 00:20:30 2012 +0200 don't report xml validation error 3083 Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 9 23:41:50 2012 +0200 get rid of oscap_report in oval_validate_document Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 11 11:19:13 2012 +0200 rename text.h -> oscap_text.h Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 11 10:51:37 2012 +0200 rename reference.h -> oscap_reference.h Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 11 09:48:29 2012 +0200 rename error.h -> oscap_error.h Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Oct 10 15:19:18 2012 +0200 oscap oval eval --oval-id option added, with tests Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Oct 10 14:10:41 2012 +0200 oscap xccdf eval --xccdf-id option to select a particular XCCDF in SDS Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Oct 10 13:55:56 2012 +0200 Allow user to select XCCDF from datastream using cref id in oscap Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Oct 10 10:34:30 2012 +0200 Merge branch 'master' into cpe23-devel Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 10 09:55:41 2012 +0200 [OVAL] added support for the unique function Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 10 09:48:03 2012 +0200 [OVAL] oval_stringMap: added oval_string_map_collect_values function Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 9 22:10:49 2012 +0200 don't use libxml headers in public API Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 9 17:34:57 2012 +0200 Pass origin file hint to CPE2 lang models embedded in XCCDF benchmark Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 9 17:31:36 2012 +0200 Store origin file hint in CPE2 lang model as well The origin file hint is not used at the moment but will be used to figure out OVAL referenced files paths. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 9 16:54:34 2012 +0200 Provide origin file hint to CPE1 dictionary embedded in XCCDF This is necessary for relative OVAL paths inside the CPE1 dict. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 9 16:36:32 2012 +0200 More tests changes, added missing negated embedded CPE2 test This needs further cleanup and path fixes to make distcheck work. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 9 16:10:13 2012 +0200 Changed cpe-oval.xml used for tests to contain always failing OVAL def OVAL changes by Tomas Heinrich. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 9 15:31:19 2012 +0200 Added the first few CPE2 XCCDF applicability tests Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 9 15:28:17 2012 +0200 Do proper CPE name matching when evaluation CPE2 lang model platforms Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 9 15:03:53 2012 +0200 Support for evaluation of platforms and their expressions in CPE2 models The callback that makes CPE fact-ref matching is stubbed out in XCCDF policy, that will come later. Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 9 14:24:58 2012 +0200 pass xccdf_rule/xccdf_rule_result to output callbacks Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Oct 8 19:18:31 2012 +0200 Lookup the platform when doing CPE2 applicability testing Slightly refactored cpe_check_fb and its userdata to be useful for both cpe_lang_model and cpe_dict. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Oct 8 17:20:28 2012 +0200 Make sure to gracefully skip platforms that aren't CPE names These should be handled in cpe_lang_model, not cpe_dict. Previously the code would segfault in these cases. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Oct 8 17:12:05 2012 +0200 Postpone applicability checking until after we know the rule is selected This helps performance with evaluation of many unchecked rules. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Oct 8 16:42:50 2012 +0200 Gearing up for applicability in XCCDF_POLICY for CPE2 lang models The function doing the actual evaluation of the platforms is currently stubbed out. Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Oct 8 14:59:35 2012 +0200 Added test for applicability with CPE-list (CPE1) embedded in the XCCDF Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 8 12:29:17 2012 +0200 obsolete xccdf_policy_report_rule() Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 8 12:04:34 2012 +0200 send info about failed rules to syslog Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 8 11:38:54 2012 +0200 change format of XCCDF evaluation output Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 8 11:34:27 2012 +0200 print global identifier(CVE,CCE) of evalauted XCCDF rule Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Oct 5 19:25:01 2012 +0200 send couple of syslog messages during xccdf evaluation Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Oct 5 17:39:36 2012 +0200 add test for flat and base score Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Oct 5 16:23:43 2012 +0200 fixing base scoring model Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 5 17:06:19 2012 +0200 Remove unused variable. The variable become orphaned after resolving merge conflicts. Addressing: xccdf_policy.c: In function 'xccdf_policy_item_evaluate': xccdf_policy.c:1075:7: warning: unused variable 'applicable' [-Wunused-variable] Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 5 16:44:56 2012 +0200 tests: Do not shadow variable. Addressing: test_api_probes_smoke.c: In function ‘main’: test_api_probes_smoke.c:490:18: warning: declaration of ‘ent’ shadows a previous local [-Wshadow] test_api_probes_smoke.c:29:29: warning: shadowed declaration is here [-Wshadow] Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 5 16:24:12 2012 +0200 tests: Do not compare unsigned int to signed one. Addressing: test_api_probes_smoke.c: In function ‘main’: test_api_probes_smoke.c:513:17: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 5 16:21:00 2012 +0200 tests: Remove overabundant variable declaration. Addressing: test_api_probes_smoke.c: In function ‘main’: test_api_probes_smoke.c:512:19: warning: declaration of ‘i’ shadows a previous local [-Wshadow] test_api_probes_smoke.c:491:14: warning: shadowed declaration is here [-Wshadow] test_api_probes_smoke.c:491:14: warning: unused variable ‘i’ [-Wunused-variable] Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 5 16:18:36 2012 +0200 tests: Make a function static and gcc happy. Addressing: test_api_probes_smoke.c:20:6: warning: no previous prototype for ‘print_asdf’ [-Wmissing-prototypes] Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 5 16:16:22 2012 +0200 tests: Remove unused variable. And include missing assertion. Addressing: test_probes_sysinfo.c: In function ‘main’: test_probes_sysinfo.c:15:7: warning: variable ‘ret’ set but not used [-Wunused-but-set-variable] Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 5 15:59:12 2012 +0200 tests: Fix warning and remove useless variable. Addressing: test_api_oval.c: In function ‘main’: test_api_oval.c:47:6: warning: declaration of ‘index’ shadows a global declaration [-Wshadow] Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 5 15:49:55 2012 +0200 tests: Remove unused variable Addressing: test_api_oval.c: In function ‘main’: test_api_oval.c:49:27: warning: unused variable ‘definition’ [-Wunused-variable] Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 5 15:47:00 2012 +0200 tests: sort files alphabetically and make people happy. Again. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 5 15:17:59 2012 +0200 tests: trac#215: Deriving XCCDF results when @multi-check="true". Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 5 14:53:53 2012 +0200 tests: trac#215: Deriving XCCDF results when @multi-check="false". Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Oct 5 14:34:14 2012 +0200 trac#215, trac#228: Handle XCCDF results correctly when @multi-check="false". This implements following requirements: [NISTIR-800-126r2]: Table 21: Deriving XCCDF Check Results from OVAL Definition Results [NISTIR-7275r4]: The default behavior of an <xccdf:check-content-ref> element that does not have a @name attribute SHALL be to execute all checks in the referenced code and AND their results together into a single <xccdf:rule-result>. [NISTIR-7275r4]: (...) Otherwise, an <xccdf:Rule> contributes to the positive score only if ANDing the results of all instances of that <xccdf:Rule> produces a test result of ‘pass’ according to the truth table [NISTIR-7275r4]: Table 12: Truth Table for AND Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 4 17:20:53 2012 +0200 Be so kind and emit useful message. Addressing vagueness of the error message when user apoints an xccdf file where an oval file is expected. $ oscap xccdf eval xccdf1.xml xccdf2.xml OpenSCAP Error: 'version' == NULL [oscapxml.c:255] Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 4 16:28:43 2012 +0200 trac#215: XCCDF shall report correct results on certain oval definition classes. This implements Table 21: Deriving XCCDF Check Results from OVAL Definition Results from SP800-126r2. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 4 16:26:41 2012 +0200 tests: trac#215: Simple deriving test. Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Oct 5 09:52:48 2012 +0200 fix compilation with SCE Author: Martin Preisler <martin@preisler.me> Date: Thu Oct 4 15:14:22 2012 +0200 Merge branch 'cpe23-devel' Conflicts: src/XCCDF_POLICY/xccdf_policy.c Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 4 14:19:12 2012 +0200 tests: Expected message might be different in check and distcheck. Addressing: + '[' 'WARNING: Skipping ../../../../../tests/API/XCCDF/unittests/nonexistent-file file which is referenced from XCCDF content' == 'WARNING: Skipping ./nonexistent-file file which is referenced from XCCDF content' ']' RESULT: FAILED Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 4 13:43:59 2012 +0200 test for Ticket #93 Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Oct 4 13:39:02 2012 +0200 [xccdf] Preserve XML elements in <check-content> Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 4 13:18:28 2012 +0200 tests: trac#226: assert for correct results when none of the check-content-ref is resolvable. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 4 13:15:45 2012 +0200 trac#226: Correct diagnostic message when multi-check="true" and non-existent oval file found. Previously we have exported ambiguos message about multi-check. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 4 10:54:25 2012 +0200 tests: trac#222: Expect validation message on stdout. This diagnostic message expected when OSCAP_FULL_VALIDATION=1. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 4 10:57:15 2012 +0200 tests: trac#222: Make OSCAP_FULL_VALIDATION=1 default in the unittests. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Oct 4 09:47:27 2012 +0200 tests: trac#33: Test @multi-check="true" when oval has no definitions. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 3 10:35:01 2012 +0200 [tests] mitre: fixed rpmverify test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 3 10:34:35 2012 +0200 [tests] mitre: fixed testing script Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 3 10:15:32 2012 +0200 [tests] OVAL test content update Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 2 19:58:00 2012 +0200 Added reject invalid SDS test Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 2 19:27:35 2012 +0200 Added RDS validation tests Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 2 18:59:34 2012 +0200 Added SDS validation tests Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 2 17:08:11 2012 +0200 Validate xccdf eval --results-arf if OSCAP_FULL_VALIDATION is defined Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 2 16:59:02 2012 +0200 add OVAL test for content validation Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 2 16:54:53 2012 +0200 Do not xccdf_check_free, when you assign it to the result. Caused by: ff96d86ccc3580c0055cf41402ab9d3979c9de78 Addressing: Program received signal SIGSEGV, Segmentation fault. __strlen_sse2 () at ../sysdeps/x86_64/strlen.S:43 43pcmpeqb(%rax), %xmm0 Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 2 16:33:54 2012 +0200 fixing issue with schematron validation Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 2 16:16:09 2012 +0200 Added XCCDF CPE applicability tests Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 2 15:35:34 2012 +0200 Do export UNKNOWN result, when @multi-check creates zero rule-results Another hic-sunt-leones corner-case, this happens when referenced OVAL file contains no <definition/> elements. We believe that such case happens only by accident and if the scanner was creating zero <rule-results/> it would make the problem only worse and hide the cause. We like to put the lights on. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 2 14:43:06 2012 +0200 trac#221: Export diagnostic <message>-s. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 2 15:20:23 2012 +0200 Do not leak when @multi-check gives zero rule-results. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 2 15:05:28 2012 +0200 Assert that items in dictionary are populated well. Proactively assert for issues like trac#162. This assertions will be in place only in debug mode. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 2 14:45:54 2012 +0200 tests: trac#221: Assert that <message/> is exported. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Oct 2 14:24:08 2012 +0200 A brand new assume macro! This one is usefull for our *_add_* and *_set_* functions, which return true when operation passed. If you want to assert for the result of operation in debug mode, but you still want to commit the operation in NDEBUG, you cannot use assert(). But you can use assume_ex() instead. Example: assume_ex(xccdf_rule_add_status\(rule, status)); This should help us catch internal (and often not lethal) problems during development while keeping users not annoyed. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Oct 2 16:01:14 2012 +0200 Use proper path for OVAL checks referenced from CPE dicts Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 2 12:19:55 2012 +0200 build with SCE properly Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Sep 29 14:41:10 2012 +0200 tests: trac#33 simple multi-check test. Author: Simon Lukasik <slukasik@redhat.com> Date: Sat Sep 29 13:59:30 2012 +0200 trac#33: The @multi-check. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 27 16:23:17 2012 +0200 tests: Do not use && in unitests 1) It is overabundant. 2) It actually may hide, not reveal, problems when used together with set -e. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 27 15:59:19 2012 +0200 tests: Assert that stdout is empty. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 26 13:18:52 2012 +0200 an amend Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 26 13:16:07 2012 +0200 Refactor: extract method: _build_rule_result Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 20 17:16:36 2012 +0200 Clearing the commented-out mess. This function is buggy and useless, since there might be multiple callbacks for given systems. God gave man the SCM tools so he will never need to comment-out code. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 20 17:08:44 2012 +0200 Make a use of filters when searching callbacks for a given system. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 20 16:54:04 2012 +0200 Remove mendacious comments. These were untrue from day zero. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 20 16:44:46 2012 +0200 Use filters to get callbacks for given system This reverts: e0e78749 & 3fed13a4. Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 1 22:28:10 2012 +0200 fixing compiler warnings Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 1 21:50:52 2012 +0200 fixing segfaults related to XML validation Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Oct 1 16:08:07 2012 +0200 Merge branch 'master' into cpe23-devel Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Oct 1 16:03:12 2012 +0200 Command line option for a custom CPE dict in "oscap xccdf eval" Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Oct 1 16:01:22 2012 +0200 Check associated CPE dicts after checking the embedded dict Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 1 14:37:09 2012 +0200 use dedicated function to report FAIL of the validation Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Sep 27 17:38:43 2012 +0200 autodetect OVAL document type for "oscap oval validate-xml" Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 27 15:58:22 2012 +0200 Correctly deal with the situation of xccdf_item having no platforms Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 27 14:32:23 2012 +0200 Consider the CPE platform not applicable when its OVAL file isn't found Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 27 14:23:17 2012 +0200 Evaluate CPE applicability checks using OVAL session Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 27 12:41:24 2012 +0200 Change cpe_check evaluation to work with a callback This will allow for xccdf_policy_model to cache the results in a map, speeding up applicability testing. Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Sep 27 12:26:38 2012 +0200 bump release number Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 27 12:11:29 2012 +0200 Recursive applicability support (we descend and report for each rule) The cpe_item check evaluation is still stubbed out and will always return true, this will be fixed in future commits. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 26 16:47:18 2012 +0200 Merge branch 'master' into cpe23-devel Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 26 13:26:00 2012 +0200 Added applicability into the xccdf policy machinery Right now all rules are considered applicable, the function will be changed to check the applicability in the future. Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 25 17:04:08 2012 +0200 define htobe32 if it does not exist (RHEL5) #2 make confgen happy Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 25 16:51:29 2012 +0200 minor fix Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 25 16:33:27 2012 +0200 RHEL5 spec file updated Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 25 16:22:22 2012 +0200 define htobe32 if it does not exist (RHEL5) Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 25 15:49:08 2012 +0200 update RHEL6 spec file Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 25 16:34:48 2012 +0200 Initial implementation of cpe_name_applicable_dict The cpe_check_evaluate method itself is stubbed out, it will be implemented later Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 25 15:35:04 2012 +0200 Removed declaration of cpe_name_get_wfh, it was never implemented Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 25 15:30:44 2012 +0200 Merge branch 'master' into cpe23-devel Conflicts: src/CPE/Makefile.am src/CPE/cpedict_priv.c src/CPE/cpedict_priv.h src/CPE/cpeuri.c src/CPE/public/cpe.h src/CPE/public/cpe_dict.h src/CPE/public/cpe_lang.h src/CPE/public/cpe_uri.h src/CPE/public/cpename.h src/CPE/public/cpeuri.h src/CVE/public/cve.h src/OVAL/Makefile.am src/XCCDF/Makefile.am src/XCCDF/benchmark.c src/XCCDF_POLICY/Makefile.am swig/openscap.i tests/API/CPE/Makefile.am tests/API/CPE/dict/test_api_cpe_dict.c tests/API/CPE/lang/test_api_cpe_lang.c tests/API/CPE/name/test_api_cpe_uri.c utils/oscap-cpe.c utils/oscap-tool.h Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Sep 25 15:07:58 2012 +0200 Bump supported OVAL version to 5.10.1 Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 25 15:05:30 2012 +0200 fix compilation with enabled debug mode Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 25 14:31:12 2012 +0200 bump release number and .so Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 25 14:15:48 2012 +0200 return OSCAP_DEPRECATED macro back related to commit 2b8ac55a9d8e67186927239a7b72d6bf91687b6f Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 25 14:11:44 2012 +0200 "check_SCRIPTS" macro should be used for a "built" script, or a script that is somehow generated at build time. Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 25 14:08:20 2012 +0200 update NEWS Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 25 14:18:16 2012 +0200 Bump supported CPE version to 2.3 Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 25 13:58:56 2012 +0200 Bump supported XCCDF version to 1.2 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 25 14:01:21 2012 +0200 [probes] rpmverify,rpmverifyfile: don't use the realpath function Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 25 13:43:52 2012 +0200 Avoid allocating an array of all CPEs each time we have to match Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 25 13:24:45 2012 +0200 rename xccdf.h -> xccdf_benchmark.h; cvss.h -> cvss_score.h Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 25 10:15:04 2012 +0200 rename ds.h -> scap_ds.h Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 25 10:00:01 2012 +0200 rename CPE public headers Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 24 22:28:45 2012 +0200 merge debug.h with debug_priv.h Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 24 22:03:17 2012 +0200 move OSCAP_FOR macros into private API Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 24 14:55:45 2012 +0200 fix various compiler warning messages Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 24 13:03:30 2012 +0200 Revert "Make oscap_htable public." This reverts commit 08a5cf04ac1f00599c5cf47b049c771fa731d911. Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Sep 24 17:02:46 2012 +0200 probes: remove unused variable Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Sep 24 16:56:19 2012 +0200 Allow source datastream in "oscap oval eval" Also added a simple test. Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Sep 24 13:47:37 2012 +0200 oval: return the computed result value (previously was ignored) Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Sep 21 20:01:50 2012 +0200 enhance oscap -V Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Sep 21 19:59:06 2012 +0200 rework mechanism for locating schema/schematron files Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 20 15:43:02 2012 +0200 Allow source datastream in "oscap oval validate-xml" oscap oval eval sds.xml has not been implemented yet! Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Sep 20 13:45:42 2012 +0200 minor fixes in makefile.am Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Sep 20 10:13:18 2012 +0200 ARF schemas were missing in EXTRA_DIST Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Sep 19 22:32:56 2012 +0200 split --enable-bindings into --enable-perl and --enable-python python is enabled & perl is disabled by default Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 19 17:56:57 2012 +0200 Fixed tests/DS/Makefile.am to include new datastream tests Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 19 16:50:46 2012 +0200 [ds] Added a test for extended component in source datastream Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 19 16:49:07 2012 +0200 [ds] Order components and extended-components correctly in SDS Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 19 16:32:23 2012 +0200 [ds] Use a different element name and ID scheme for extended comps Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 19 15:54:03 2012 +0200 Use the document of the component instead of the entire DS doc for deps A nasty nasty bug, this worked previously because we added components and then did the dependency traversal. It was slow and could add deps that aren't really deps. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 19 16:47:57 2012 +0200 tests: trac#186: Adding a file missing from c07f0af3aeb17 Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 19 14:46:54 2012 +0200 tests: trac#186: Test for none applicable check. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 19 14:29:00 2012 +0200 trac#186: If the refined selector does not match, checks without selector shall be used. Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 19 14:13:16 2012 +0200 tests: trac#186: bad refine must select check without @selector. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 19 13:50:41 2012 +0200 Perform full validation in all datastream tests Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 19 13:49:35 2012 +0200 [ds] Always add a trailing \0 to expanded ipv6 result Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 19 13:26:42 2012 +0200 Fixing typo. The word Security has been lost from acronym! Addressing: src/OVAL/oval_agent.c: In function '_oval_agent_list_definitions': src/OVAL/oval_agent.c:481:2: warning: return from incompatible pointer type [enabled by default] Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 19 13:24:01 2012 +0200 Compatibilization of pointer types. Addressing: src/OVAL/oval_agent.c: In function 'xccdf_policy_model_register_engine_oval': src/OVAL/oval_agent.c:488:3: warning: passing argument 5 of 'xccdf_policy_model_register_engine_and_query_callback' from incompatible pointer type [enabled by default] Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 19 13:15:03 2012 +0200 tests: not_executable file needs to be within _build/ for distcheck Addressing: + Check Processing Algorithm -- complex-check priority[ WARN ] Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 19 13:23:41 2012 +0200 [ds] If path suffix file type detection fails check the contents Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Sep 19 13:09:33 2012 +0200 Changed order of file suffix checking in source datastream compose Else the -cpe-oval.xml would never trigger because -oval.xml would trigger before it. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 18 17:57:35 2012 +0200 Expand IPv6 addresses before putting them into AI files Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 18 16:57:30 2012 +0200 [probes] routingtable: use the correct value for interface name Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 18 16:45:54 2012 +0200 CVE and CCE are not build by default; OVAL,XCCDF,CPE,CVSS and probes are build by default(and no optional anymore) Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 18 16:09:58 2012 +0200 [tests] probes: added object entity mask attribute test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 18 16:07:38 2012 +0200 Added missing rpmverify AC_CONFIG_FILE entry to the template Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 18 15:27:15 2012 +0200 Added info about the new datastream "oscap ds" feature set to manpage Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 18 15:12:41 2012 +0200 Added info about the new datastream "xccdf eval" feature to manpage Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 18 14:50:29 2012 +0200 [tests] probe API: test probe_ent_attrexists (probe_obj_attrexists) with non-valued attributes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 18 14:48:30 2012 +0200 [OVAL/probes] Propagate the mask attribute from object entities to probes and use them to mask the results Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 18 14:41:59 2012 +0200 [probes] probe API: fix probe_obj_attrexists to search for non-valued attributes Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 18 14:16:30 2012 +0200 If user gives a relative path to sds-compose we chdir to it temporarily This results in cleaner resulting source datastreams because the paths inside aren't all mangled and extremely long. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 18 13:31:55 2012 +0200 Added name mangling for file paths in SDS composition This should deal with all the cases where path separators "leak" into the component or component-ref ids. We do not demangle these mangled ids! Since the paths are taken from catalog there is no need for demangling except for the source XCCDF. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 18 13:30:58 2012 +0200 Added a failing test for SDS compose from a subdir Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 18 12:52:37 2012 +0200 tests: trac#186: assert that none check is used when no profile is selected. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 18 12:37:20 2012 +0200 tests: These tests must pass the scanner. Removing copy-pasted workaround to make selected tests more strict. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 18 12:16:59 2012 +0200 trac#207: Start exporting complex-check/@operator. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 18 11:44:05 2012 +0200 tests: trac#207: Assert that complex-check/@operator is exported. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 18 10:51:12 2012 +0200 trac#206: Do not export complex-check/@system="" Addressing: Element '{http://checklists.nist.gov/xccdf/1.2}complex-check', attribute 'system': The attribute 'system' is not allowed. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 18 11:41:05 2012 +0200 tests: trac#206: Assert that complex-check/@system is not exported. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 18 11:09:35 2012 +0200 tests: trac#186: assert that complex-check is always prefered over check Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 18 11:38:53 2012 +0200 Do not compare NULL to time_t. Addressing: item.c: In function 'xccdf_status_to_dom': item.c:511:16: warning: comparison between pointer and integer [enabled by default] Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 18 11:27:18 2012 +0200 Fix default precedence. Ternary operator condition shall not be casted. Addressing: item.c: In function 'xccdf_check_to_dom': item.c:623:4: warning: pointer targets in passing argument 3 of 'xmlNewProp' differ in signedness [-Wpointer-sign] /usr/include/libxml2/libxml/tree.h:745:3: note: expected 'const xmlChar *' but argument is of type 'char *' item.c:627:4: warning: pointer targets in passing argument 3 of 'xmlNewProp' differ in signedness [-Wpointer-sign] /usr/include/libxml2/libxml/tree.h:745:3: note: expected 'const xmlChar *' but argument is of type 'char *' Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Sep 18 12:06:43 2012 +0200 Merge branch 'master' into cpe23-devel Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Sep 17 19:50:45 2012 +0200 tests: mitre: disable rpmverify test for now it is unclear how this should be corrected in code and/or the test content updated Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Sep 13 16:32:50 2012 +0200 tests: add test for trac#147 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Sep 17 15:06:46 2012 +0200 Removed the oscap_sysinfo function which isn't used anymore Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 17 14:44:54 2012 +0200 oscap.c -> oscapxml.c Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 17 10:57:29 2012 +0200 be more informative if file can't be loaded Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Sep 14 17:59:29 2012 +0200 [dist] revert mistaken version bump Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Sep 14 17:57:52 2012 +0200 [dist] openscap.spec - update source url Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Sep 14 14:49:05 2012 +0200 tests: Fix failing make check Addressing: CCLD test_oscap_common test_oscap_common.o: In function `oscap_alloc': test_oscap_common.c:(.text+0x20): undefined reference to `__oscap_alloc_dbg' Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Sep 10 13:45:15 2012 +0200 trac#187: Checking engine must provide list of IDs in the given document. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Sep 7 15:54:10 2012 +0200 OSCAP_DEPRECATED -- macro to label deprecated functions. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Sep 14 10:43:15 2012 +0200 Conditions are hard, let's remove a few. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Sep 14 10:40:36 2012 +0200 trac#186: Check Processing Algorithm Sub-Steps. Also fixing the previous insane behaviour. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 13 17:34:32 2012 +0200 tests: even tests shall not leak. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 13 16:23:09 2012 +0200 tests: a few more for iterators. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 13 16:10:29 2012 +0200 trac#200 *iterator_has_more needs to consider filters. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 13 16:05:10 2012 +0200 tests: trac#200: flawed iterators. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 13 14:50:00 2012 +0200 trac#199: Delete buggy code. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Sep 13 14:41:18 2012 +0200 tests: trac#199 Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 12 11:56:06 2012 +0200 Remove overabundant lines of code. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 11 11:29:48 2012 +0200 trac#191 Removing TODOs -- there is nothing to do. Today's ANSI C is C99. And our NaNs are all compliant. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 11 11:25:36 2012 +0200 trac#191 Fix flawed NAN comparisons. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 11 11:12:06 2012 +0200 tests: trac#190: Make sure @weight is not exported. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 11 09:57:40 2012 +0200 trac#190: Check @weight definition consistently. On same places we've checked for NaN, elsewhere for -1.0. While it cannot be ever NaN. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Sep 10 16:41:22 2012 +0200 trac#190: Do not export refine-rule/@weight="-1.0" when it was not defined. Addressing: In file '/tmp/blah.xml' on line 9: Element '{http://checklists.nist.gov/xccdf/1.1}refine-rule', attribute 'weight': [facet 'minInclusive'] The value '-1.000000' is less than the minimum value allowed ('0.0'). 1 1824 In file '/tmp/blah.xml' on line 9: Element '{http://checklists.nist.gov/xccdf/1.1}refine-rule', attribute 'weight': '-1.000000' is not a valid value of the atomic type '{http://checklists.nist.gov/xccdf/1.1}weightType'. XCCDF Results are NOT exported correctly. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Sep 10 15:46:30 2012 +0200 Deliver an error message, when I urge you to validate document without namespace Addressing confusing blank output on: <Benchmark xmlns:xccdf="... Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Sep 7 13:37:37 2012 +0200 Make oscap_htable public. Author: Simon Lukasik <slukasik@redhat.com> Date: Fri Sep 7 14:07:40 2012 +0200 Sort files alphabetically like nice guys do. Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Sep 13 18:08:36 2012 +0200 include schematron files in installation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Sep 13 16:13:47 2012 +0200 [dist] removed libnl-devel BuildRequires Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Sep 13 15:04:16 2012 +0200 Corrected name of the opendbx library Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Sep 13 13:51:44 2012 +0200 OVAL: don't reference duplicit items from collected objects Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Sep 13 13:07:08 2012 +0200 rpmverify probe: use probe_entobj_cmp() for entity comparisons, resolves: trac#147 Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Sep 12 22:30:07 2012 +0200 trac#120 support anyxml element + test Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Sep 11 13:45:28 2012 +0200 tests: don't discard stderr output Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 11 10:43:36 2012 +0200 minor fix in isainfo test Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Sep 7 17:04:43 2012 +0200 tests: a test for ticket #109 Evaluating OVAL objects and states that reference an empty variable should produce "does not exist" and "error" results, respectively Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Sep 7 13:43:32 2012 +0200 Removed libnl dependency checking Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Sep 7 13:36:01 2012 +0200 [probes] routingtable: complete rewrite; IPv6 support, don't use libnl Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Sep 7 13:34:12 2012 +0200 [SEAP/generic] strto: added strto_uint32_hex and made the symbols of implemented functions public Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Sep 7 10:55:53 2012 +0200 trac#121 test that we don't create items if object is not collected Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Sep 5 22:59:45 2012 +0200 trac#13: applicability_check element support Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Sep 5 15:00:33 2012 +0200 [OVAL] - test for count function (#9) Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Sep 5 13:41:54 2012 +0200 [OVAL] - add support for count function (#9) Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 5 13:48:11 2012 +0200 trac#25: start exporting @negate attribute Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 5 12:42:20 2012 +0200 trac#25: Handle check/@negate Since XCCDF 1.2 @negate is allowed for both complex-check & check. Consequently, attributes @operator and @negate have more in contrast than in common. Thereby, following fruitless constants were dropped from public api: XCCDF_OPERATOR_NOT XCCDF_OPERATOR_NAND XCCDF_OPERATOR_NOR XCCDF_OPERATOR_MASK Addressing: Rule ID: xccdf_moc.elpmaxe.www_rule_1 Title: (null) Result: (null) Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 5 10:28:19 2012 +0200 tests: trac#25: assert for comment:3 Author: Simon Lukasik <slukasik@redhat.com> Date: Wed Sep 5 10:21:04 2012 +0200 tests: Fix flawed xpath expression. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 4 13:54:04 2012 +0200 trac#33: import & export @multi-check Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 4 14:03:13 2012 +0200 tests: trac#33: ensure @multi-check is not exported if missing. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 4 11:30:11 2012 +0200 tests: trac#33: test import & export. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 4 11:03:15 2012 +0200 tests: Make sure this file is not executable Tests with oval are designed to depend on this externality. Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 4 18:10:29 2012 +0200 trac#116: evaluation of deprecated definition Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 4 17:06:44 2012 +0200 trac#130: test for empty value in filename entities Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 4 14:27:43 2012 +0200 be more consistent with path to oscap tool in make check Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 4 14:25:52 2012 +0200 update README for confgen usage Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 4 14:21:46 2012 +0200 trac#13: add 'applicability_check' element test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 4 10:57:45 2012 +0200 [tests] SEAP/generic: added strto_uint16_hex test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 4 10:56:56 2012 +0200 [SEAP/generic] strto: added implementation of strto_uint16_hex, strto_uint8_hex based on the uint64_hex function Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 4 10:54:50 2012 +0200 Scratch perl-XML-XPath requires -- rhel5 spec does not understand '--with check'. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 4 10:53:35 2012 +0200 SGML applications tend to be architecture independent. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 4 10:35:11 2012 +0200 `make check' is now dependent on perl-XML-XPath. Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 4 10:03:52 2012 +0200 tests: A test for trac#185 Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Sep 4 09:51:44 2012 +0200 trac#185: Export status/@date only when exists Addressing: <status date="1970-01-01">incomplete</status> Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Sep 3 15:25:33 2012 +0200 trac#182: Don't export check-content-ref/@name if missing. A nameless check-content-ref has a special semantics and the @name="" it is not considered to be nameless. Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 16 14:30:44 2012 +0200 tests: A test for trac#33 & trac#182. - Nameless check-content-ref shall exercise whole OVAL file. - A @name must not be exported. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Sep 3 15:34:00 2012 +0200 tests: sort files alphabetically and make people happy. Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Sep 3 13:29:54 2012 +0200 A typo. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Sep 3 14:22:32 2012 +0200 [tests] SEAP/generic: added strto_uint8_hex test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Sep 3 14:15:04 2012 +0200 [SEAP/generic] strto: implemented strto_uint8_hex Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 29 16:52:55 2012 +0200 Fixed XCCDF guide formatting for XCCDFs with short descriptions Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 29 15:51:42 2012 +0200 Do not warn about unresolved XCCDF benchmark when @resolved='true' Previously we would only check for @resolved=1. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 29 14:10:26 2012 +0200 Separated cpestring component encoding and decoding from URI fcts Unescaped * and - works now. Initial support for escaped chars. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 28 17:27:05 2012 +0200 Added cpe2:platform-specification to the xccdf12 import export test Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 28 16:46:17 2012 +0200 Do not skip elements in CPE language parsing This is necessary to prevent skipping neighbour XCCDF data when cpe2:platform-specification is being parsed. CPE names are also saved with the format they were loaded in from now on (in CPE language expressions). Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 28 16:41:30 2012 +0200 Use macros instead of literals for element names in CPE dict parsing Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 28 16:21:24 2012 +0200 Initial support for cpe2:platform-specification CPE XCCDF integration Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Aug 28 15:28:43 2012 +0200 openscap.spec - add probe_rpmverifypackage Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 28 15:08:22 2012 +0200 Merge branch 'master' into cpe23-devel Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 28 15:07:27 2012 +0200 Fixes that prevent CPE parser from skipping elements and a test mod Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Aug 28 15:03:05 2012 +0200 bump version to 0.8.6 Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Aug 27 12:21:12 2012 +0200 openscap-0.8.5 Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 28 14:22:05 2012 +0200 Use local cpe-naming XSD instead of a remote one when validating XCCDF Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 28 14:13:33 2012 +0200 Preliminary support for CPE 1.1 and multiversion support for CPE Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 28 14:09:37 2012 +0200 fixing oscap return code Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 28 10:51:14 2012 +0200 [probes] probe core: fixed leaks in the input handler Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 27 17:14:13 2012 +0200 Prevent skipping elements when reading CPE from within XCCDF benchmark A much better fix would be to rework the parser but this should do. The change is basically about catching </cpe-list> and exiting when we encounter it. Previously we would read the element after that and XCCDF parser would skip it and start with the element that comes after it. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 27 16:16:06 2012 +0200 [probes] oval_fts: unescape the starting path extracted from the path entity, if needed Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 27 16:19:43 2012 +0200 Import and export of xccdf:Benchmark/cpe-list Needed changes to the CPE parsing code itself, we now exit whenever we get back to the "depth" of cpe-list. Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 27 10:33:50 2012 +0200 improved debug of oval_fts machinery Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 24 15:56:02 2012 +0200 Benchmark now has cpe_list, this is necessary for cpe-list support Parsing and exporting will follow in future commits. This commit introduces hard dependency on CPE in XCCDF and OVAL. Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Aug 24 13:44:08 2012 +0200 gnulib: import strverscmp module Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 24 12:27:38 2012 +0200 [probes] sysctl: added missing attributes to the behavior & path entities Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 24 11:25:12 2012 +0200 [OVAL/probes] don't generate an error if an object cannot be translated because of an empty variable Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 23 16:50:19 2012 +0200 Skip test_probes_selinuxboolean if user doesn't have SElinux enabled Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 23 15:38:27 2012 +0200 Fixed binding tests for out of source build "make distcheck" finally passes with this. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 23 15:14:32 2012 +0200 Use ${srcdir} for the DS eval_simple check This fixes issues with make distcheck. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 23 14:50:28 2012 +0200 Merge branch 'master' into cpe23-devel Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 23 12:52:23 2012 +0200 tests: Test for trac#167. Signed-off-by: Martin Preisler <mpreisle@redhat.com> Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 23 12:52:22 2012 +0200 trac#167: Escape content of xccdf:value Subsequent xmlNodeSetContent call expects XML CDATA, thus we need the string to be escaped first. Addressing (suppose <xccdf:value>R&B</xccdf:value>): error : unterminated entity reference B Signed-off-by: Martin Preisler <mpreisle@redhat.com> Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 23 13:03:50 2012 +0200 Removed leftover debug printf in cpedict_priv.c parsing Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 23 12:37:26 2012 +0200 Change to API to allow exporting of CPE name in any format This is needed because the dictionary strictly needs formats at various places. Many times the same CPE name is written twice in 2 formats in the XML. The ability to export in the format it was imported in is still there. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 23 10:45:16 2012 +0200 Renamed cpeuri.{h,c} to cpename.{h,c} to reflect that it needn't be URI anymore Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 22 14:33:38 2012 +0200 Do not hide public API symbols xccdf_benchmark_get_{item,member} This has caused the python and perl bindings to fail to import. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 22 13:26:02 2012 +0200 Replaced CPE format detecting regexes with official ones Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 22 12:40:15 2012 +0200 Bump supported version of CPE name to 2.3 Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 22 12:39:17 2012 +0200 Removed unused code - cpe_assign_values Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 21 15:03:26 2012 +0200 remove oscap_file_exists() Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 21 14:50:52 2012 +0200 change oscap_find_file() indention Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 21 14:45:20 2012 +0200 provide oscap_schematron_validate_document() function Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 21 14:39:26 2012 +0200 Added serialization support for CPE 2.3 strings Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 21 14:29:01 2012 +0200 Initial parsing support for CPE 2.3 strings Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 21 14:11:14 2012 +0200 Slightly stricter WFN regex Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 21 14:07:23 2012 +0200 CPE 2.3 string has all the components mandatory, upgraded the regex Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 21 12:33:08 2012 +0200 move oval validate-xml from app_validate_xml() to oscap-oval module Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 20 13:48:33 2012 +0200 tests: Test for trac#162 issue. Signed-off-by: Martin Preisler <mpreisle@redhat.com> Author: Simon Lukasik <slukasik@redhat.com> Date: Mon Aug 20 11:07:14 2012 +0200 trac#162: disjoin internal hashtable of xccdf_benchmark With scap 1.1, certain members of benchmark are not guaranteed to have different ID (e.g. a profile and a group with the very same ID might co-exists in a valid content). Alas, they cannot be stored within a single dictionary. This brings change of semantics (!) in public API. Function xccdf_benchmark_get_item now returns only xccdf:Items. The xccdf:Profiles and xccdf:TestResult are no longer returned. In an unlikely case that your dependent code uses xccdf_benchmark_get_item and expects Profiles and TestResults to be returned, please amend it to use new xccdf_benchmark_get_member instead. Addressing: Assertion `xccdf_benchmark_get_item(bench, xccdf_item_get_id(item)) == item' failed. Aborted Signed-off-by: Martin Preisler <mpreisle@redhat.com> Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 20 16:57:40 2012 +0200 move xccdf validate-xml from app_validate_xml() to oscap-xccdf module Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 20 13:57:19 2012 +0200 change xccdf_detect_version() API Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 20 13:15:26 2012 +0200 Added python binding import test and a stubbed out perl import test Author: Peter Vrabec <pvrabec@redhat.com> Date: Sat Aug 18 22:29:50 2012 +0200 fixing compiler warning Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Aug 17 14:35:44 2012 +0200 get rid of a newline that was pass by xmlGetLastError() Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 17 15:26:23 2012 +0200 Fixed CPE uri creation test to properly handle empty CPE attributes Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Aug 17 15:09:32 2012 +0200 tests: add files missing from CLEANFILES Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Aug 17 15:09:00 2012 +0200 tests: fix path to tested OVAL content Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 17 12:02:59 2012 +0200 Fixed serialization of packed CPE name URIs Tests now pass with both CPE 2.2 names and CPE 2.3 packed names Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 16 22:46:35 2012 +0200 error handling in xmlfilecontent_probe Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 16 17:50:49 2012 +0200 Merge branch 'master' into cpe23-devel Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 16 17:49:27 2012 +0200 Improved oscap-local.sh to use absolute $PREFIX That way you can run "oscap-local.sh bash" and use that to debug tests. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 16 17:47:52 2012 +0200 Fixed memleaks and parsing of packed extended CPE attributes 1 of the CPE tests fails after this commit, will be fixed soon. Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Aug 16 16:14:49 2012 +0200 tests: add files missing from EXTRA_DIST Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 16 16:10:32 2012 +0200 more specific debug messages related to conflicts in variables resolving Author: Simon Lukasik <slukasik@redhat.com> Date: Thu Aug 16 13:23:37 2012 +0200 tests: Use correct paths and make distcheck happy. Addressing: + xccdf:complex-check -- NAND is working properly[ WARN ] + xccdf:complex-check -- single negation [ WARN ] Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 16 15:24:32 2012 +0200 [probes] sql57: fixed comment Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 16 15:02:00 2012 +0200 Fixed warnings in utils/oscap-xccdf.c Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Aug 16 15:03:05 2012 +0200 [tests] mitre - add linux-def_selinuxsecuritycontext_test.xml Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Aug 16 15:02:29 2012 +0200 [probes] selinuxsecuritycontext - use file behaviors (#127) Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Aug 16 13:46:27 2012 +0200 textfilecontent54 probe: optimize regexp handling Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 16 14:51:12 2012 +0200 Removed dead-code in error.c, replaced invalid \) escape seq Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 16 14:47:32 2012 +0200 Added missing xccdf_result_add_dc_status decl to XCCDF/unused.h Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 16 13:53:21 2012 +0200 Added support for dc-status in XCCDF elements with status in them This is needed for XCCDF 1.2 support Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 16 13:51:48 2012 +0200 Patched the XCCDF 1.2 schema to be lax when validating dc-status The reason is that DublinCore XSD is not included in the validation bundle, therefore it can't be found when validating and this causes errors when with valid content. Same approach is used for xccdf:reference so I chose this instead of downloading the DublinCore XSD and bundling it myself. Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Aug 16 11:36:43 2012 +0200 [probes] rpminfo - add extended_name and filepaths behavior according to OVAL 5.10 (#138) Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 16 10:48:30 2012 +0200 When CPE name serialization fails, write a message Previously the test would just fail without any reason. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 16 10:42:24 2012 +0200 Include DS/public/ds.h in the swig generated files Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 15 20:16:23 2012 +0200 textfilecontent, textfilecontent54: only inspect regular files Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 15 20:10:30 2012 +0200 oval fts: add fts_info to OVAL_FTSENT to provide file type information Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 15 18:36:46 2012 +0200 textfilecontent54 probe: improve error message Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 15 18:36:17 2012 +0200 Fixed tests/DS/Makefile.am to have the right files in EXTRA_DIST Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 15 18:29:56 2012 +0200 fix leak in seterr function Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 15 18:28:53 2012 +0200 add cpe validate-xml functionality Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 15 16:26:06 2012 +0200 Merge branch 'master' into cpe23-devel Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 15 16:15:17 2012 +0200 oval_determine_document_schema_version now uses char* instead of xmlChar* We should not expose dependencies of openscap in public API! Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 15 15:52:01 2012 +0200 Implemented cpe_dict_detect_version Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 15 15:16:24 2012 +0200 oval fts: add some comments Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 15 13:35:38 2012 +0200 Initial support for multiple CPE name formats, edition attr unpacking Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 15 13:31:58 2012 +0200 minor tweak (add newline in debug message) Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 14 13:48:17 2012 +0200 Test for a single negated check. Signed-off-by: Martin Preisler <mpreisle@redhat.com> Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 14 13:13:37 2012 +0200 The result must not be negated with each _resolve_operation call. In case there is a more the 2 checks within a complex-check the result is negated multiple times and thus producing a nonsence. Also, this address a case when there is only one check within negated complex-check. Previously the result was not negated. Signed-off-by: Martin Preisler <mpreisle@redhat.com> Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Aug 14 12:46:53 2012 +0200 Test for flawed corner case of xccdf:complex-check Signed-off-by: Martin Preisler <mpreisle@redhat.com> Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Aug 14 17:27:19 2012 +0200 [probes] rpmverifypackage - add the missing extended_name entity (#112) Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 13 15:51:37 2012 +0200 Improved and commented cpe_urldecode Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Aug 13 15:30:37 2012 +0200 Improved and commented cpe_urlencode Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Aug 10 15:30:52 2012 +0200 tests: test support for older schemas Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 10 15:45:28 2012 +0200 Further improvements to error handling in result datastream API Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 10 15:39:42 2012 +0200 Ignore libxml2 warning about already imported schemas This makes output from validation easier to read and less clogged. Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Jul 16 18:33:30 2012 +0200 [probes] add rpmverifypackage probe This is anything but not ideal. For each verify check - digest, signature, deps, verify scripts - is called a rpmcliVerify() function from rpm API with disabled other checks. So for a complete check this function is called 4x in the same way as these commands: rpm -V --quiet --nofile --nodigest --nodeps --noscripts <package> rpm -V --quiet --nofile --signature --nodeps --noscripts <package> rpm -V --quiet --nofile --nodigest --nosignature --noscripts <package> rpm -V --quiet --nofile --nodigest --nodeps --nosignature <package> Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Aug 10 12:42:08 2012 +0200 set path to probes for DS tests Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 10 13:37:16 2012 +0200 Better error reporting/handling in "oscap ds" CLI Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Aug 10 13:08:54 2012 +0200 probes: make shadow probe respect schema version Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 10 10:49:20 2012 +0200 We aren't changing the version string in oscap.c, made it const xmlChar Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 10 10:48:39 2012 +0200 Handle errors when decomposing SDS better in oscap tool Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 9 18:54:29 2012 +0200 User can now specify which datastream id to use in xccdf eval Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 9 15:23:00 2012 +0200 More strict and better error handling in source datastream API Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 9 13:36:38 2012 +0200 Made local helper functions static in sds.c Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 9 13:10:29 2012 +0200 Use absolute paths for LD_* in Makefile.am for datastream tests "make check" now passes on my machine w/o openscap being installed. Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Aug 9 11:34:21 2012 +0200 probes: make process probe respect schema version Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 9 01:06:07 2012 +0200 adjust to new oscap_seterr() Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 9 01:04:33 2012 +0200 oscap_seterr() allows formatted output conversions for an err desc Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 8 22:19:01 2012 +0200 drop error code from error checking mechanism Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 8 17:41:03 2012 +0200 Validate XCCDF before resolving, optionally validate after it Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 8 16:19:39 2012 +0200 probes: make textfilecontent probe respect schema version Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 8 15:44:59 2012 +0200 probes: make textfilecontent54 probe respect schema version Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 8 17:14:21 2012 +0200 Validate source datastream in "oscap xccdf eval" Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 8 16:55:32 2012 +0200 oval fts: fix double free Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 8 14:59:40 2012 +0200 Fixed validation issues with XCCDF taken from source datastream Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 8 14:25:39 2012 +0200 Fix: Interpret return codes from validation in "oscap ds" correctly oscap_validate_document changed the semantics of the return codes, true used to mean validation passed but now it's 0. Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 8 13:14:57 2012 +0200 schemas: remove unterminated comments Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 8 13:11:17 2012 +0200 change oscap_apply_xslt_var() return codes Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 8 12:49:49 2012 +0200 Ignore oscap_debug.log files when comparing directories in DS tests Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 8 12:45:20 2012 +0200 [probes] file: stop collecting items if probe_item_collect returns a non-zero value Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 7 18:55:03 2012 +0200 probes: made several entities in file probe dependent on schema version Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 8 10:09:30 2012 +0200 oval_validate_document() return code change (pass,fail,error) #2 Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 7 16:03:06 2012 +0200 check "doc_version" in app_validate_xml() Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 7 15:46:50 2012 +0200 oval_validate_document() return code change (pass,fail,error) Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 7 12:33:19 2012 +0200 workaround old schema version(linux-variables) in mitre testsuite Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 7 12:23:38 2012 +0200 append file name and line number to oscap errmsg Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 7 12:21:41 2012 +0200 run validation only against one particular schema Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 7 16:20:15 2012 +0200 Removed forgotten printfs in oscap_validate_document Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 7 16:10:52 2012 +0200 Build fixes in datastream, alloc is not in public API now Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Aug 7 15:06:45 2012 +0200 Merge branch 'datastreams-devel' Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Aug 7 12:18:51 2012 +0200 openscap-0.8.4 Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Aug 7 10:54:08 2012 +0200 synchronize configure.ac with password probe Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 6 16:20:41 2012 +0200 [probes] password: return the last_login entity for OVAL 5.10 and above Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Aug 3 17:02:18 2012 +0200 schemas: modify schemas to resolve parsing issues Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Aug 6 10:55:26 2012 +0200 schemas: add new OVAL schemas 5.9, 5.10.1 Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Aug 6 10:17:31 2012 +0200 schemas: fix paths for OVAL schemas 5.3, 5.4 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 6 10:11:42 2012 +0200 [probes] sysctl: return multiline sysctl values as multiple value entities in OVAL 5.10 and above Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Aug 3 15:02:36 2012 +0200 schemas: add missing schematron file Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 3 14:54:59 2012 +0200 Get dublin core element content from the right element This prevents duplication of text in dublin core content in xccdf:reference Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 3 14:50:21 2012 +0200 Merge branch 'master' of ssh://git.fedorahosted.org/git/openscap Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 3 14:49:08 2012 +0200 Store @href separately in xccdf:reference, it may exist even for DC The implementation "abused" the dc:identifier storage for @href previously. Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Aug 3 14:13:56 2012 +0200 move oscap_alloc* stuff into non public API #2 Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Aug 3 13:57:40 2012 +0200 schemas: rename schematron file Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Aug 3 13:40:18 2012 +0200 Fixed issues with dublin core references used mainly in XCCDFs The namespace is created locally if it doesn't exist, only non-empty fields are exported now, fixed a bug when loading DC refs. Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Aug 3 12:55:12 2012 +0200 fix OVAL version of scap-rhel6-oval.xml Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Aug 3 12:51:22 2012 +0200 move oscap_alloc* stuff into non public API Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Aug 3 13:05:54 2012 +0200 oval fts: correct detection of local filesystems Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 3 11:08:00 2012 +0200 [probes] iflisteners: changed type of the user_id entity for OVAL versions 5.10 and above Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 2 23:50:24 2012 +0200 add schematron files Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 2 18:34:25 2012 +0200 fix path to schematron files Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Aug 2 18:09:00 2012 +0200 oval fts: don't traverse paths causing cycles in the filesystem tree Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Aug 2 18:06:03 2012 +0200 oval fts: respect filesystem restrictions even when selecting paths with a regexp Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 2 17:49:00 2012 +0200 Updated usage help for "oscap xccdf eval" Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 2 17:08:05 2012 +0200 Support ip-v6 addresses in ARF asset identification These are converted from XCCDF target-address elements Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 2 16:59:48 2012 +0200 consolidate functions for debug log (get rid of seap-debug.h) Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 2 11:29:40 2012 +0200 minor logging tweaks Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 2 16:25:55 2012 +0200 Include OVAL results when we are exporting ARF in oscap xccdf eval If user hasn't explicitly requested oval results we will export them to a temporary directory. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 2 15:57:39 2012 +0200 Support --results-arf in oscap xccdf eval even with plain XCCDF as input Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 2 15:50:54 2012 +0200 Merge branch 'master' into datastreams-devel Conflicts: utils/oscap-xccdf.c Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 2 15:43:39 2012 +0200 Initial support for --results-arf in oscap xccdf eval, only SDS for now I will add support for ARF exporting for plain XCCDFs soon. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 2 15:11:37 2012 +0200 Use temp_dir for XCCDF results if needed in "oscap xccdf eval" This is in preparation for --results-arf but it does add one useful feature: You no longer have to specify --results for --report to work. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 2 15:02:59 2012 +0200 [OVAL] oval_version_to_cstr: use correct format strings Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 2 14:15:18 2012 +0200 Only inherit flags that are defined in the ancestor when resolving This works around the Profile/@hidden regression in openscap 0.8.3. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 2 13:07:20 2012 +0200 [probes] xinetd: fixed a NULL dereference bug Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Aug 2 11:23:03 2012 +0200 Detect OVAL results version when validating in "oscap ds rds_create" Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 1 18:01:51 2012 +0200 Added oscap ds rds-validate Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 1 17:07:44 2012 +0200 Silenced a warning, renamed datastream CLI cmds to be easier to write Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Aug 1 14:40:37 2012 +0200 Added oscap ds sds_validate Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Jul 30 12:37:50 2012 +0200 openscap-0.8.3 Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Jul 30 12:35:36 2012 +0200 remove oval_agent_get_generator_template from api Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jul 27 10:23:21 2012 +0200 validate exported documents in make check Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jul 27 09:27:44 2012 +0200 schema location does not reference to URL Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jul 27 09:24:54 2012 +0200 schema version of imported and exported content is same. Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jul 27 09:21:50 2012 +0200 rework product_name setting for exported documents Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jul 27 00:59:21 2012 +0200 Use schema based on detected version with 'oscap xccdf validate-xml' This provides much better error reporting. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 25 14:52:28 2012 +0200 [OVAL/probes] OVAL FTS: don't recurse into directories if it's not needed (#155) Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Jul 24 13:12:45 2012 +0200 [common] fixed read_status() Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 24 17:28:07 2012 +0200 Don't duplicate the hidden attribute in xccdf:Group when exporting Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 24 12:31:42 2012 +0200 ac_probes.sh: Use mktemp to create a temporary directory and do a cleanup at the end Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 23 18:32:37 2012 +0200 Plugged a memory leak when exporting metadata in Benchmark Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 23 18:22:07 2012 +0200 Make sure Rule's rationale doesn't have tags escaped if it's HTML Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 23 18:21:43 2012 +0200 [probes] partition: adjust the probe to recent API changes; utilize the OVAL version API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 23 18:16:22 2012 +0200 [OVAL/probes] pass the schema version to probes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat Jul 21 00:19:25 2012 +0200 [tests] simplified OVAL version API test macros Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jul 20 17:54:37 2012 +0200 [tests] Added OVAL version API test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jul 20 17:53:00 2012 +0200 [OVAL] Added OVAL version API Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jul 20 15:29:38 2012 +0200 Support for OSCAP_FULL_VALIDATION in the datastream oscap changes Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jul 20 15:11:01 2012 +0200 Merge branch 'master' into datastreams-devel Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jul 20 15:09:25 2012 +0200 Only validate results with oscap tool with OSCAP_FULL_VALIDATION env var Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jul 20 12:34:55 2012 +0200 Simple test that evaluations a source data stream with no profile No checks are actually evaluated because the default profile of the SDS has no check selected. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 19 17:23:18 2012 +0200 Remove the tmpdir we create to split the source datastream in oscap Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 19 16:27:47 2012 +0200 Initial support for 'oscap xccdf eval' with source data streams Memory leaks have been fixed but this commit does leak the tmpdir it creates! Will be fixed in future commits. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 19 16:21:48 2012 +0200 Merge branch 'master' into datastreams-devel Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 19 16:20:45 2012 +0200 Fixed memleaks in oval_determine_document_schema_version Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 18 17:58:28 2012 +0200 Added 'oscap ds rds_create' test with bare TestResult XCCDF result Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 18 15:43:01 2012 +0200 [probes] rpmverifyfile: stop collecting items if probe_item_collect returns a non-zero value Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 18 15:40:15 2012 +0200 [tests] added memusage API test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 18 15:39:47 2012 +0200 [common] reworked the memusage API Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 18 15:35:48 2012 +0200 Use target-address as ip-v4 in asset identification, fixed memleaks Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 18 15:07:47 2012 +0200 Use <target> from XCCDF TestResult as FQDN for asset identification Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 18 14:47:01 2012 +0200 Initial support for asset identification in RDS/ARF The assets are there with relationships handled but their content is stubbed out. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 17 17:59:45 2012 +0200 Merge branch 'master' into datastreams-devel Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 17 17:52:28 2012 +0200 Added *~, swp files, .clang_complete and oscap_debug.log.* to gitignore Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 17 17:25:20 2012 +0200 Added schemas for ARF/RDS validation Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 17 16:37:36 2012 +0200 Put arf:report contents into the arf:content subelement as XSD dictates Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 17 16:30:47 2012 +0200 Added missing arfvocab namespace to the relationships element in RDS Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 17 16:19:28 2012 +0200 Newlines after error messages , arf-content should be arf:content Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 17 16:11:46 2012 +0200 Added core:relationship support to ARF/RDS create code Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 17 16:09:07 2012 +0200 First version of the 'oscap ds rds_create' test, exports and validates Right now the validation will fail due to issues in the RDS code. This will be fixed soon. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 17 15:58:17 2012 +0200 Added validation machinery for ARF/ResultDataStream files Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 17 14:32:32 2012 +0200 [probes] probe core: fixed a potential deadlock in the input handler thread Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 17 14:31:27 2012 +0200 [probes] probe core & API: refactored item collecting for better flow control Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 17 14:00:37 2012 +0200 Fixed error msg format string after validation fails with 'oscap ds *' Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 17 13:58:10 2012 +0200 Fixed memory leak that happened after all 'oscap ds' commands ended Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 16 16:20:21 2012 +0200 [probes] probe_icache_worker: don't free the item if probe_cobj_add_item fails Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Jul 16 16:11:13 2012 +0200 [probes] rpmverifyfile - clean dead code Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 16 15:50:38 2012 +0200 [probes] probe core: don't freeze the probe process if adding an item to a collected object fails Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Jul 16 15:01:31 2012 +0200 update spec files with rpmverifyfile probe Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Jul 11 17:57:50 2012 +0200 [probes] add rpmverifyfile probe Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 16 14:55:18 2012 +0200 [probes] probe API: implemented probe_entval_from_cstr function (#149) Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jul 13 11:56:21 2012 +0200 [tests] probe API: added probe_ent_from_cstr test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jul 13 11:24:48 2012 +0200 [probes] probe_ent_from_cstr: added missing argument to assume_d calls Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 12 18:02:43 2012 +0200 [probes] probe API: added probe_ent_from_cstr function Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 12 16:23:31 2012 +0200 Include OVAL results in the result data stream, fixed pointer arith bug Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 12 15:33:34 2012 +0200 Initial support for CLI "oscap ds rds_create" Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 12 13:43:02 2012 +0200 Restructured the data stream tests a bit to prepare space for ARF tests Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 12 12:45:08 2012 +0200 Validate source data stream after exporting using oscap ds sds_compose Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jul 12 12:37:24 2012 +0200 Validate source data streams before splitting them Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 11 18:31:08 2012 +0200 Removed a source data stream test that produces invalid datastream The empty XCCDF test can't possibly fill the <checks> collection element in th resulting data stream. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 11 18:11:08 2012 +0200 Reindented everything with tabs Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 11 18:05:57 2012 +0200 Use ids for SDS elements that will pass validation by the XSD We get rid of the artificially added prefix when decomposing to produce nicer filenames. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 11 16:32:43 2012 +0200 Don't write out empty catalogs in SDSs Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 11 16:27:49 2012 +0200 Write attributes required by the SDS XSD to data-stream Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 11 16:17:14 2012 +0200 Write attributes required by the SDS XSD to data-stream-collection Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Jul 11 16:13:54 2012 +0200 ac_probes: fix SOURCES detection script Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 11 15:24:14 2012 +0200 No empty collections in SDS, valid component-ref ids The supplied source data stream XSD doesn't allow empty collections Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 11 13:25:48 2012 +0200 Synchronized configure.ac.tpl with configure.ac Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jul 11 13:22:27 2012 +0200 Merge branch 'master' into datastreams-devel Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Jul 11 13:13:04 2012 +0200 synchronize configure.ac.tpl with configure.ac (#146) Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 10 18:07:50 2012 +0200 Use local XSDs in source data stream schema, added OCIL 2.0 schema Note: openscap does NOT support OCIL at this point, the schema was added just because the data stream schema needs to import it! Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 10 17:39:32 2012 +0200 Initial commit of Source Data Stream schema bundle Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 10 16:18:33 2012 +0200 Added a more complex test for SDS, XCCDF containing multiple OVAL files Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 10 15:36:48 2012 +0200 Initial datastream tests for source data stream spliting and composing Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 10 15:07:56 2012 +0200 Merge branch 'master' into datastreams-devel Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 9 16:46:19 2012 +0200 ds_sds_compose_from_xccdf should save to the target_datastream file Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 9 11:28:07 2012 +0200 Added CLI support for "oscap ds sds_compose" Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 9 11:17:55 2012 +0200 Added CLI support for "oscap ds sds_split" Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jul 4 13:35:39 2012 +0200 [schemas] add additional OVAL schemas (5.3, 5.4) Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jul 3 15:02:06 2012 +0200 Only put TestResult in the ARF XCCDF report, support 1+ of them Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Jul 3 09:19:44 2012 +0200 [probes] rpmverify: use realpath(file) in EQUAL and NOT EQUAL operations (#145) Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jul 2 11:52:22 2012 +0200 Support for OVAL result files when composing result data stream Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jun 29 14:32:32 2012 +0200 Added report ids for reports inside the result data stream Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 28 17:00:06 2012 +0200 Wrap reports in the result data stream Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jun 28 16:29:59 2012 +0200 move NDEBUG from CFLAGS into config.h Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 28 15:03:21 2012 +0200 Beginnings of the result data stream supporting implementation The function creates the husk ARF and bundles given source data stream in it. Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 28 13:14:20 2012 +0200 Changed API function names in datastream, sds instead of ids Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 28 00:22:41 2012 +0200 [probes] probe core: use timed join when joining with the input worker thread Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jun 27 23:21:54 2012 +0200 [probes] probe core: check the return value of pthread_barrier_wait Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jun 27 15:07:24 2012 +0200 [probes] probe core: synchronize the initialization process to prevent a deadlock Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 28 13:07:49 2012 +0200 Moved ids.c to sds.c, to conform SCAP specification naming - source data stream Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 28 12:21:48 2012 +0200 More safety when discovering XCCDF dependencies for datastreams Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 28 12:13:34 2012 +0200 Consistently use real paths in component-ref ids Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 28 11:57:51 2012 +0200 Use the xlink namespace for datastream attributes where appropriate Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 27 17:36:51 2012 +0200 More nasty memory leaks fixed in datastream composition implementation Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 27 16:50:04 2012 +0200 [tests] test_api_xccdf.sh fixing Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 27 15:13:30 2012 +0200 Fixed memleaks related to skipping duplicate XCCDF dependencies in DS Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 27 15:09:14 2012 +0200 Add proper timestamps to components in datastream Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 27 14:45:28 2012 +0200 Use oscap_seterr for XPath related errors in DS creation Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 27 14:41:21 2012 +0200 Detect duplicates in the dependency catalog and avoid adding them in DS Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 27 14:30:38 2012 +0200 Also check the component-ref/@id when looking for duplicates in DS Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 27 14:25:03 2012 +0200 Don't add duplicate components and component-refs when assembling DS Duplicate catalog uris are still added, will be dealt with soon. Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 27 14:24:03 2012 +0200 [oscap] rework oscap-debug.txt to oscap-local.sh Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 27 13:24:24 2012 +0200 Introduced another namespace called 'cat' in the datastream 'cat' is used for component dependency catalog and its entries Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 27 13:12:09 2012 +0200 Use BAD_CAST instead of (const xmlChar*) for consistency The rest of the codebase uses BAD_CAST Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 27 13:02:45 2012 +0200 Put elements into the xlink namespace where appropriate Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 27 12:48:50 2012 +0200 Added documentation for ds_ids_compose_from_xccdf Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 26 18:02:28 2012 +0200 Add metadata to a rule in XCCDF 1.2 API check Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jun 26 17:00:16 2012 +0200 [schemas] distribute additional OVAL schemas (5.5, 5.6, 5.7), workaround Makefile.am wildcard issue Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 26 17:49:03 2012 +0200 Add XCCDF deps to its catalog when creating a data-stream-collection Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jun 26 17:46:12 2012 +0200 rework XCCDF export & validate test Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jun 26 17:45:00 2012 +0200 fix typo in OSCAP_SCHEMAS_TABLE Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 26 17:15:17 2012 +0200 Initial implementation of XCCDF dependency detection in ds_ids_compose_* Duplicates are not skipped at this point, running this on real XCCDF and OVAL data will create huge datastreams. Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 26 15:10:18 2012 +0200 Got rid of unsigned/signed char warnings Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jun 26 14:30:51 2012 +0200 [utils] oscap: use correct schema version for document validation Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jun 26 14:29:02 2012 +0200 [oval] implement oval_determine_document_schema_version() Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jun 21 13:42:47 2012 +0200 [utils] oscap: enable passing of oval command options through environment variable Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jun 21 15:16:20 2012 +0200 [schemas] Makefile.am: shorten file lists Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jun 19 16:36:07 2012 +0200 [schemas] update OVAL schemata to 5.10 Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 26 12:30:05 2012 +0200 Wrapping files into components works now Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 26 12:04:32 2012 +0200 The metadata element was misplaced in xccdf:Benchmark at export, causing validation issues Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jun 25 16:39:14 2012 +0200 [oval] define macros for root element names Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jun 22 15:49:51 2012 +0200 Beginnings of ds_ids_compose_from_xccdf implementation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 21 18:24:43 2012 +0200 gnulib update Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 21 18:12:35 2012 +0200 [probes] Use 64-bit ints in probe_ent_cmp_int Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 21 16:07:29 2012 +0200 Properly closed the doxygen documentation group in DS/public/ds.h Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 21 16:05:52 2012 +0200 Added documentation for ds_ids_decompose Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 21 15:22:54 2012 +0200 Provide less pathetic error messages when things go wrong when splitting datastreams Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Jun 21 14:07:29 2012 +0200 Revert "update gnulib" This reverts commit ba0db983b7e17aab08a058d70f976e35b8b7abdd. Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Jun 21 14:07:14 2012 +0200 Revert "fix update gnulib" This reverts commit 4bd4bb98fd1e3b7dd4f99a12eb14fb02bde2f4b6. Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Jun 21 13:57:56 2012 +0200 fix update gnulib Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 21 13:50:17 2012 +0200 Fixed xmlGetProp related memory leaks in ds_ids_decompose Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 21 13:38:11 2012 +0200 Deal with folders in paths of the component refs in input data stream decompose Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 20 16:18:14 2012 +0200 Check properly before stripping the # character from attributes, the result must be a valid string Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 20 16:08:40 2012 +0200 Export the checklist to a more sensible filename than a-xccdf.xml Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 20 15:50:39 2012 +0200 Error handling, removed debugging printfs, got rid of warnings Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 20 14:17:02 2012 +0200 Ensure all required namespace refs are in the new root node when dumping a component Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 20 13:51:46 2012 +0200 Checklist with all its dependencies is dumped now Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 20 10:28:03 2012 +0200 Dumping of components to files works now, including handling of namespaces Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Jun 20 09:19:17 2012 +0200 update gnulib Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jun 18 23:27:41 2012 +0200 Initial datastream code, mostly stubbed out Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jun 18 11:32:39 2012 +0200 Don't repeat test result id in the title in xccdf report Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jun 15 14:04:00 2012 +0200 Be robust when dealing with NULL variable export conflicts in OVAL Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jun 14 12:32:52 2012 +0200 Put version and revision info to the right in security guides Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 13 16:23:13 2012 +0200 Make result titles links to fill the role of the 'view' column in xccdf-report.xsl Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 13 14:11:14 2012 +0200 Fixed a bug in xccdf report, profile is now reported correctly Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 13 13:49:27 2012 +0200 Check the system of ident to optionally provide links in xccdf report Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 13 13:39:48 2012 +0200 Display percentage and divide the bar in score listings in xccdf reports Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 13 13:27:28 2012 +0200 Display benchmark @href if any in xccdf reports Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 13 13:09:43 2012 +0200 Added table row bottom borders to improve usability in xccdf reports Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 13 12:58:40 2012 +0200 Removed the quicknav menu from xccdf reports Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 13 12:52:28 2012 +0200 Don't use the tr:hover usability feature for raw tables in xccdf reports Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 13 12:45:45 2012 +0200 Merged score into introduction in xccdf-report.xsl Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 13 12:38:42 2012 +0200 Use the same width for each of the rule result legend columns in xccdf-report.xsl Also added bottom margin to the table. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 13 12:32:16 2012 +0200 Provide links for CVE IDs in the reports Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jun 13 10:22:43 2012 +0200 Split results chapter into results overview and details in xccdf-report.xsl Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 12 17:50:18 2012 +0200 Divided the introduction chapter to 2 sections in xccdf-report.xsl - test result and target info Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 12 15:47:15 2012 +0200 Fixed a namespace related bug WRT svg score bars in xccdf-report.xsl Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 12 14:08:07 2012 +0200 Display both Benchmark's and TestResult's platforms in xccdf-report.xsl Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 12 14:06:13 2012 +0200 Moved Rule Results Summary closer to Results in xccdf-report.xsl Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 12 14:03:17 2012 +0200 Display a horizontal table with summary info instead of a list in xccdf-report.xsl Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 12 13:37:52 2012 +0200 More useful title in xccdf-report.xsl Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 12 12:10:13 2012 +0200 Fixed xsl:message contents in xccdf-report.xsl Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 12 12:08:03 2012 +0200 Less unused space in db2html xslt, it also now handles @align in db:entry Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Jun 11 15:12:05 2012 +0200 Don't display target name(s) twice in xccdf report Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jun 8 13:38:43 2012 +0200 Added a note about the ac_probes template to the configure.ac(.tpl) files Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jun 8 13:24:05 2012 +0200 Merged version bump in configure.ac to ac_probes/configure.ac.tpl Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Jun 5 11:34:53 2012 +0200 Write '&' instead of '&' in SCE stdout, prevents XML entity errors Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jun 1 15:24:22 2012 +0200 [probes] dnscache: use the not applicable flag instead of the not collected status Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jun 1 10:55:29 2012 +0200 Don't repeat information in the result report Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Apr 26 15:54:22 2012 +0200 XCCDF's target-id-ref element is now parsed and exported any element support is pending but xccdf_target_identifier class is ready for it Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 20 11:48:23 2012 +0200 Localize variables to their templates in xccdf-report.xsl in preparation for 2-pass transformation Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 16 13:52:14 2012 +0200 Don't hide nested rules by default when generating security guide for default profile Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Apr 11 15:56:33 2012 +0200 Added a new xccdf_target_identifier structure that represents xccdf:target-id-ref or any element It is currently not used in TestResult, that will come in another commit Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 10 17:21:11 2012 +0200 Test import/export of XCCDF 1.1 and 1.2 separately Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 10 12:50:28 2012 +0200 Require 'ipcalc' for test_probes_interface Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Apr 10 10:45:04 2012 +0200 Report which executable is missing in test_common.sh's require Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 6 15:39:57 2012 +0200 Removed declarations of non-existant functions Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 6 11:21:57 2012 +0200 Added XCCDF 1.2 version of sectool-xccdf.xml, mainly for testing purposes Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 6 11:17:39 2012 +0200 Removed usage of XCCDF_BASE_NAMESPACE and related macros Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Apr 6 10:48:42 2012 +0200 First stab at multi version support for XCCDF, openscap can load 1.1 and some 1.2 documents and save them in the same version Compatibility support for test result @id pattern in XCCDF 1.2 added. Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Apr 4 15:05:30 2012 +0200 Offer XCCDF version detection in the API, detect version before validating XCCDFs Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Apr 4 14:02:27 2012 +0200 Fixed a typo in oscap error report Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Apr 4 13:56:17 2012 +0200 Fixed a trivial memory leak in xccdf_item_to_dom Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Apr 4 13:46:45 2012 +0200 oscap now allows generating a custom document from XCCDF (using a custom XSLT) This is a slightly reworked patch by Maura Dailey, thanks! Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 2 16:04:15 2012 +0200 metadata is 0..* in XCCDF 1.2 and can be in any item This change doesn't break backwards compatibility with XCCDF 1.1 Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Apr 2 11:19:53 2012 +0200 Merge Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Mar 30 16:18:20 2012 +0200 [OVAL] fix a memleak Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Mar 29 17:19:19 2012 +0200 [oscap] fixing various compiler warnings Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Mar 29 20:26:38 2012 +0200 [OVAL] proper calculation of results for items with missing entities Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 29 17:09:11 2012 +0200 [SEAP,XCCDF] minor fixes to quiet gcc Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Mar 29 15:30:35 2012 +0200 Don't output XSD validation errors to stdout in case we are trying all versions Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Mar 29 15:29:45 2012 +0200 Plugged a memory leak related to schema version detection from namespace Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Mar 29 14:47:49 2012 +0200 Keep XCCDF schema bundles of each minor version, patch versions update the minor versions Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 28 17:36:42 2012 +0200 Deduce the XCCDF schema version from namespace of the root element Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 28 16:54:01 2012 +0200 Added schema_version to XCCDF benchmark, added a way to figure out schema version in other items Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 28 15:03:03 2012 +0200 oscap_validate_document can validate XCCDF 1.2 now, it tries to validate multiple versions if no version is passed Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 28 13:11:41 2012 +0200 Added XCCDF 1.2 schemas (from official schema bundle) Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Mar 28 18:50:36 2012 +0200 openscap-0.8.2 Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Mar 26 12:50:03 2012 +0200 Validate SCE results being exported after XCCDF eval is run (oscap tool) Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Mar 23 15:11:07 2012 +0100 Validate OVAL results being exported after XCCDF eval is run (oscap tool) Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Mar 23 13:30:48 2012 +0100 Makefile.am entries for xccdf_1.1_to_1.2.xsl and sce-result-schema.xsd Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Mar 22 14:03:07 2012 +0100 Use enumeration from XCCDF XSD instead of an integer for SCE XCCDF result Suggestion by David Solin, thanks! Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 21 13:20:24 2012 +0100 Fixed xccdf_1.1_to_1.2.xsl @extends migrations Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 21 11:47:04 2012 +0100 Pass reverse_DNS as a param to xccdf_1.1_to_1.2.xsl transformation, quote string literals Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 21 10:59:20 2012 +0100 Added XSLT 1.0 transformation that migrates XCCDF 1.1 content to 1.2 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 20 16:19:51 2012 +0100 [probes] rpmverify: include directories when inspecting the package content Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 20 16:08:08 2012 +0100 [utils] app_xslt: pass a correct pointer to getcwd() Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 14 13:30:05 2012 +0100 Get SCE stdout from check-import if possible when generating reports Note: It falls back to looking for SCE result files but only if the content lacks check-import with import-name="stdout" Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 13 17:34:33 2012 +0100 [oscap] fix short options in getopt Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Mar 12 17:06:18 2012 +0100 Added documentation for SCE API functions Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Mar 12 14:17:22 2012 +0100 Added environment variables back to the SCE result file Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Mar 9 14:46:11 2012 +0100 Added check-import stdout element into every check in sectool XCCDF Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Mar 9 11:57:16 2012 +0100 Passing check-imports to checking engines, added support for "stdout" import to SCE Note: We are no longer exporting passed environment variables in SCE, this needs to be fixed or documented! Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Mar 8 11:49:19 2012 +0100 Parse, store and export check-import's @import-xpath attribute This is a new attribute in XCCDF 1.2 NB: The value itself is not being interpreted at the moment! Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Mar 7 12:28:04 2012 +0100 added SCE result file XSD Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Mar 5 18:35:32 2012 +0100 Imply there is default scoring model specified for each Benchmark Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Mar 2 13:45:33 2012 +0100 [tests] simple fts test for empty 'filename' entity with pattern match Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Mar 1 13:31:36 2012 +0100 fix README Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Feb 22 17:12:13 2012 +0100 update spec files Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Feb 22 11:33:43 2012 +0100 Don't rely on PWD being a defined env variable, use getcwd instead Fixes issues with oscap tool not being able to locate OVAL and SCE results when generating XHTML report after evaluation Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Feb 21 15:41:39 2012 +0100 [dist] remove old openscap SysV init script Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Feb 16 09:54:21 2012 +0100 Added oval_agent_export_sysinfo_to_xccdf_result deprecated delegate to avoid breaking API Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Feb 21 14:19:32 2012 +0100 minor sectool content work Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Feb 15 14:42:04 2012 +0100 bump release number Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Feb 15 13:47:46 2012 +0100 Fixed a variable name typo in 09_selinux.sh SCE check Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Feb 15 09:30:11 2012 +0100 provide sample profiles in "sectool" content Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Feb 14 18:02:32 2012 +0100 Added sce-template parameter to "oscap xccdf generate", added it xccdf-report.xsl as well Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Feb 14 12:09:15 2012 +0100 Report when exporting SCE result fails, replaced 0 with NULL where applicable, check for NULL before freeing Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Feb 13 22:05:05 2012 +0100 provide content-sectool Author: Martin Preisler <mpreisle@redhat.com> Date: Mon Feb 6 13:36:33 2012 +0100 Introduced SCE session, added migrated sectool xccdf content Author: Martin Preisler <mpreisle@redhat.com> Date: Tue Feb 7 16:44:24 2012 +0100 Don't alter result and benchmark when policy is being exported. Fixes scap-workbench tailoring bug. Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Feb 3 14:15:26 2012 +0100 Changed SCE system name to URL of its description, same with SCE result file Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Feb 3 11:13:39 2012 +0100 Show details after XSLT transform for checks that returned error, fail, informational or unknown result NB: Previously we only displayed details when checks returned failed or fixed result Author: Martin Preisler <mpreisle@redhat.com> Date: Wed Jan 25 17:17:49 2012 +0100 Added __dir__ override to Python bindings, makes auto-completion more useful Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Jan 19 10:56:43 2012 +0100 results are in XML form now, fixed file_entry_iterator_next's return type, XSLT now incorporates SCE stdouts when checks fail Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jan 20 13:52:35 2012 +0100 Remove a workaround in test_sce.sh that's no longer required Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jan 20 13:08:59 2012 +0100 Python bindings fixes We should not assume that all referenced files are OVAL files Getting item values from a complex check wasn't extending the resulting list Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Jan 6 16:02:25 2012 +0100 Moved to API, added to bindings, use oscap's sprintf for simpler code, only copy href when necessary, waitpid instead of wait to be extra safe Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jan 11 13:55:48 2012 +0100 [OVAL] fix memleak Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jan 9 14:53:34 2012 +0100 [tests] disable mitre tests that does not pass on Fedora 16 Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jan 9 13:07:58 2012 +0100 [utils/oscap] utilize generator templates for OVAL documents creation Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jan 9 13:03:42 2012 +0100 [OVAL] provide more control over the 'generator' element through OVAL agent session new agent API functions: oval_agent_set_generator_template() oval_agent_get_generator_template() Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jan 5 14:35:03 2012 +0100 [XCCDF] add xccdf_result_fill_sysinfo() to api Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jan 3 17:41:24 2012 +0100 [XCCDF] don't use OVAL for sysinfo gathering remove oval_agent_export_sysinfo_to_xccdf_result() from api reimplement the same functionality in oscap-xccdf Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jan 3 13:34:45 2012 +0100 [SCE] minor fix - ifdef Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Dec 16 14:04:45 2011 +0100 Added variable passing to SCE (via environment variables), result files are now exported from each SCE check NB: result files will be optional in the future Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Dec 16 13:05:18 2011 +0100 [Makefile] minor fixes Author: Martin Preisler <mpreisle@redhat.com> Date: Thu Dec 1 13:26:53 2011 +0100 Added script check engine (experimental) Author: Martin Preisler <mpreisle@redhat.com> Date: Fri Dec 9 14:49:35 2011 +0100 Provide checking system name when querying referenced files Author: Simon Lukasik <slukasik@redhat.com> Date: Tue Nov 29 16:21:03 2011 +0100 fixing a consequence of a7827184fe47543980a0b42c162d3cd34e1a5994. Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Nov 7 14:57:12 2011 +0100 [tests] enable two more mitre tests Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Nov 7 13:55:33 2011 +0100 filehash58 - compare all possible hash types Author: Josh <Joshua.Kayse@gtri.gatech.edu> Date: Thu Oct 27 17:18:37 2011 -0400 change tmout and autologout check to less than or equal Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Oct 20 15:49:19 2011 +0200 [probes] filehash58: SHA-224 and SHA-384 output size Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Oct 20 14:37:25 2011 +0200 [OVAL] correction to parsing of variable values Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 20 12:19:48 2011 +0200 [tests] include linux-def_inetlisteningservers_test.xml in mitre test suite Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Oct 19 17:50:25 2011 +0200 inetlisteningservers - don't stop after EACCESS and collect all accessible informations Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Oct 19 17:50:24 2011 +0200 add OVAL_LINUX_INET_LISTENING_SERVER - inetlisteningserver for inetlisteningserver_item Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 19 15:28:28 2011 +0200 [tests] update mitre test suite Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 19 15:10:13 2011 +0200 [probes] add "\n" to debug message Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 19 14:35:09 2011 +0200 [probes] fix incorrect use of PROBE_EUNKNOWN Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 12 17:24:32 2011 +0200 [dist] mark content as example Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 11 16:49:24 2011 +0200 update release date Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 11 16:41:05 2011 +0200 increment LT_CURRENT Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 11 16:16:26 2011 +0200 [dist] update bash_completion Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 11 15:06:41 2011 +0200 [XCCDF] validate XCCDF Results after evaluation Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 11 14:35:11 2011 +0200 [XCCDF] make exported document valid against XCCDF schemas Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 10 21:42:26 2011 +0200 [dist] RHEL6 content update #2 Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 10 20:42:33 2011 +0200 [dist] RHEL6 content update Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 10 17:48:33 2011 +0200 [oscap] fixing compiler warnings Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 10 17:42:32 2011 +0200 get rid of ENABLE_XCCDF macro in public header files Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Oct 6 16:41:54 2011 +0200 [tests] fts: add several tests for recursion Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Oct 6 16:40:49 2011 +0200 [probes] fts: don't skip fts root during recursion Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 6 16:41:19 2011 +0200 fixing compiler warnings Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Oct 6 14:22:28 2011 +0200 [tests] fixing interface probe test Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 5 21:12:04 2011 +0200 [dist] extra-probes package for RHEL5 Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Oct 5 14:09:50 2011 +0200 [probes] fts: correction to max depth limit of collected directories Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Oct 5 12:42:51 2011 +0200 [probes] fts: add missing 'break' Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Oct 4 17:49:38 2011 +0200 environmentvariable58 - optimize read_environment() Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 4 18:10:48 2011 +0200 [oscap] introduce OSCAP_ERR_MSG Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 4 17:14:58 2011 +0200 [oscap] fixing segfault in oscap tool Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 4 16:42:56 2011 +0200 oscap-debug.txt change Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Sep 30 09:46:41 2011 +0200 [probes] oval_fts: fixing Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Sep 29 17:17:01 2011 +0200 [OVAL] info message about unknown definition Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Sep 29 17:16:34 2011 +0200 bump LT_REVISION Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Sep 29 11:40:34 2011 +0200 [probes] oval_fts optimization/hack #2 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 27 17:31:51 2011 +0200 [probes] oval_fts optimization/hack Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 27 14:57:55 2011 +0200 [OVAL] turn off oval_fts optimalization Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 26 21:39:25 2011 +0200 [OVAL] oval_probe_query_object() fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Sep 26 15:44:29 2011 +0200 [utils] oscap-oval: added list-probes operation Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 26 13:44:33 2011 +0200 bump release number Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 26 12:04:53 2011 +0200 [oscap] don't print OVAL Messages Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 26 11:11:48 2011 +0200 [dist] make logrotate test more robust Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun Sep 25 17:57:32 2011 +0200 [oscap] check object ID existence Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun Sep 25 17:20:06 2011 +0200 [xccdf_policy] more informative err message Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Sep 23 13:18:20 2011 +0200 process,58 - change start_time format to MMM_DD according to OVAL This is the time of day the process started formatted in HH:MM:SS if the same day the process started or formatted as MMM_DD (Ex.: Feb_5) if process started the previous day or further in the past. Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Sep 23 10:56:38 2011 +0200 filemd5 - set and add error status and message Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Sep 23 10:56:37 2011 +0200 selinuxsecuritycontext - set and add error status and message Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Sep 22 17:12:09 2011 +0200 filehash,58 - set and add error status and message Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Sep 22 17:12:08 2011 +0200 environmentvariable58.c - use error status instead of not collected Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Sep 22 17:32:54 2011 +0200 [OVAL/probes] refactoring Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Sep 22 12:49:04 2011 +0200 [probes] env58: use probe_item_add_msg Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Sep 22 12:43:42 2011 +0200 [OVAL] oval_sexp: implemented item message parsing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Sep 22 12:23:34 2011 +0200 [probes] probe API: added probe_item_add_msg Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Sep 21 17:27:47 2011 +0200 [tests] fixing environmentvariable58-fail test Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Sep 21 17:17:02 2011 +0200 report entities of all sysitems, even is status is other then "exists" Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Sep 20 16:47:23 2011 +0200 environmentvariable58 - test current shell pid instead of pid 1 Author: Ondrej Moris <omoris@redhat.com> Date: Tue Sep 20 08:59:12 2011 -0400 Interface probe test fixed Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Sep 20 14:53:41 2011 +0200 [probes] selinuxsecuritycontext, env58: treat pid nil value as 0 Author: Ondrej Moris <omoris@redhat.com> Date: Mon Sep 19 15:43:17 2011 +0200 Minor corrections in probes tests Author: Ondrej Moris <omoris@redhat.com> Date: Mon Sep 19 15:43:05 2011 +0200 Minor corrections in API tests Author: Ondrej Moris <omoris@redhat.com> Date: Mon Sep 19 15:42:52 2011 +0200 Minor corrections in mitre tests Author: Ondrej Moris <omoris@redhat.com> Date: Mon Sep 19 15:42:40 2011 +0200 New helper functions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 20 14:34:15 2011 +0200 Revert "ac_probes.sh: disable function checks" This reverts commit 1a178fb36aea251d1aa66787cd4ee62b8d1dd18f. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 20 10:47:15 2011 +0200 configure.ac update: removed conditional AC_CONFIG_FILES Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Sep 19 22:51:57 2011 +0200 ac_probes.sh: disable function checks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Sep 19 15:45:54 2011 +0200 ac_probes.sh: bug workaround Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Sep 19 13:35:15 2011 +0200 ac_probes.sh update + minor changes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Sep 16 15:31:43 2011 +0200 Added confgen.sh Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Sep 16 14:59:30 2011 +0200 [probes] rpminfo,rpmverify: update compatibility #ifdefs Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Sep 16 14:58:53 2011 +0200 ac_probes.sh: fallback to manual detection if a .pc file is not available & detect req/opt functions Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Sep 16 14:48:00 2011 +0200 [utils] remove unused variable Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Sep 16 13:39:35 2011 +0200 NEWS update Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Sep 16 12:35:17 2011 +0200 Fixed CPPFLAGS value for header checks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Sep 16 11:05:40 2011 +0200 [dist] fedora, rhel5 & 6: added libcap-devel to BuildRequires Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Sep 16 10:59:59 2011 +0200 Use conditional config files Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Sep 16 10:09:57 2011 +0200 update README file Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Sep 16 09:24:46 2011 +0200 [oscap] man page Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Sep 16 08:50:21 2011 +0200 Generate configure.ac from a template Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Sep 9 14:21:07 2011 +0200 [probes] environmentvariable58: fixing coverity issues Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Sep 15 10:40:50 2011 +0200 [utils] oscap: update man page Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Sep 14 16:56:07 2011 +0200 [utils] oscap: add support for the 'export-oval-variables' command into the XCCDF module Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 12 21:48:17 2011 +0200 update NEWS Author: Peter Vrabec <pvrabec@gmail.com> Date: Mon Sep 12 15:26:51 2011 +0200 [OVAL] remove unused variable Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 12 14:30:00 2011 +0200 [dist] add %check section to spec files Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Sep 9 14:15:35 2011 +0200 [OVAL] refactor _get_new functions Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Sep 9 10:43:22 2011 +0200 [OVAL] set schema location in exported Variables content Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Sep 8 15:53:09 2011 +0200 [oscap] coverity issue Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Sep 8 15:43:23 2011 +0200 [probes] xinetd: fix condition scope Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Sep 8 15:34:06 2011 +0200 xccdf_policy.c - fix coverity resource leaks Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Sep 8 13:53:26 2011 +0200 [probes] xinetd: fix coverity issues Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Sep 8 13:52:52 2011 +0200 [utils] oscap: prevent NULL dereference Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Sep 7 15:32:49 2011 +0200 [OVAL] agent: fix memleak Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Sep 7 14:21:39 2011 +0200 [OVAL] correction to parsing of entities without values Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Sep 7 12:06:28 2011 +0200 [dist] spec file updates Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 6 17:19:31 2011 +0200 fixing coverity issue Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 6 17:25:33 2011 +0200 [CPE+CVE] Fixing Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Sep 6 15:13:58 2011 +0200 [probes] selinuxsecuritycontext: fixing coverity issues Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Sep 6 15:13:57 2011 +0200 [probes] filehash58: fixing coverity issues Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Sep 6 13:45:05 2011 +0200 [probes] environmentvariable58: fixing coverity issues, reverted 3fe5f05a Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 5 21:49:42 2011 +0200 fixing coverity issues Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Aug 31 16:32:43 2011 +0200 [probes] xinetd: fix leaks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 31 14:12:00 2011 +0200 [probes] fixing Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Aug 30 14:50:52 2011 +0200 interface - fixed, changed data collection Author: Janzen Brewer <Janzen.Brewer@gtri.gatech.edu> Date: Tue Aug 30 10:23:03 2011 +0200 [content] corrected reference tag on rule 1108 Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Aug 26 14:54:45 2011 +0200 system-info - do not use getnameinfo() for ipv6 Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Aug 26 14:54:44 2011 +0200 interface - use datatype in addresses and cidr notation for ipv6 Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 30 10:18:18 2011 +0200 fixing coverity issues Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 29 13:08:33 2011 +0200 [OVAL/probes] Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 29 09:31:03 2011 +0200 [SEAP] sexp-manip: pass number of args to SEXP_vfree to prevent leaks Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Aug 24 12:40:23 2011 +0200 mitre_test.sh - specify conditions for interface probe test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 25 16:33:18 2011 +0200 [SEAP] Implemented SEXP_number_getf Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 25 12:36:49 2011 +0200 [SEAP] SEXP_(sub)list_foreach: set destination variable to NULL after SEXP_free Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Aug 25 16:26:18 2011 +0200 [tests] mitre: review and comment several tests Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 24 16:58:23 2011 +0200 [OVAL] oval_fts: redesign the reader function add support for upwards recursion add several fts tests Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Aug 22 16:22:53 2011 +0200 interface - use flags from getifaddrs() Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Aug 22 13:41:23 2011 +0200 interface - set flag according to net/if.h Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 22 14:24:41 2011 +0200 [probes] make uname probe compliant with uname cmd from coreutils Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Aug 19 16:24:59 2011 +0200 some clean up Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Aug 19 15:37:57 2011 +0200 process58 - detect exec shield status Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 19 10:08:00 2011 +0200 [probes] probe_item_create: fixed leak Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 18 23:53:02 2011 +0200 [tests] vgrun: fixed valgrind output filtering, added suppressions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 18 15:35:09 2011 +0200 Fixed minor leaks & bugs Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 18 15:14:01 2011 +0200 [probes] Removed dead/unused code Author: Marshall Miller <mmiller@tresys.com> Date: Wed Aug 17 10:43:16 2011 -0400 [probes] isainfo: fixed the probe to match new probe api Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 18 10:50:13 2011 +0200 [tests] crapi: test SHA-256 wrapper Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 18 10:49:35 2011 +0200 [probes] filehash58: added SHA-224,384 to the list of supported hash algorithms Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 18 10:48:16 2011 +0200 [crapi] digest: added & finished SHA-2 wrappers Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Aug 17 10:52:06 2011 +0200 [probes] process58: add support for libcap-1 on RHEL-5 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 17 10:56:39 2011 +0200 [OVAL/probes] Simplification of probe definition, part #2 - cleanup Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 16 15:13:03 2011 +0200 [tests/mitre] allow for tests that have different results for individual definitions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 16 14:43:41 2011 +0200 [OVAL/probes] make psess_tblinit visible from oval_probe_session.c Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 16 14:23:35 2011 +0200 [OVAL/probes] Simplification of probe definition, part #1 Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 16 13:12:30 2011 +0200 [tests/mitre] add several comments Author: Janzen Brewer <Janzen.Brewer@gtri.gatech.edu> Date: Tue Aug 16 12:58:19 2011 +0200 couple more typos Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 16 12:53:39 2011 +0200 update spec files Author: Steve Grubb <sgrubb@redhat.com> Date: Sun Aug 14 12:33:40 2011 -0400 Code cleanups * cleans up missing va_end calls * adds format check for SEXP_string_newf_r * Handles negative return for read in environ58 test * fixes a couple spelling mistakes. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 15 13:24:01 2011 +0200 [probes] rpmverify: fixed compilation with librpm 4.4 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 15 13:23:20 2011 +0200 [probes] routingtable: added missing #ifdefs Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 12 16:55:39 2011 +0200 [probes] routingtable: compile & register to session Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 12 16:53:42 2011 +0200 [probes] new probe: routingtable Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 12 16:53:13 2011 +0200 [probes] entcmp: fixed probe_ent_cmp_ipv4addr Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Aug 12 11:57:17 2011 +0200 bump release number and update NEWS Author: Janzen Brewer <Janzen.Brewer@gtri.gatech.edu> Date: Thu Aug 11 15:36:23 2011 -0400 corrected title of rule 1046 I encountered a typo while going through scap-rhel6-xccdf.xml and believe I've fixed it. Patch is attached. >>From 7060f43262a91c4f841774e1f45e139ed6332516 Mon Sep 17 00:00:00 2001 From: jbrewer8 <janzen.brewer@gtri.gatech.edu> Date: Thu, 11 Aug 2011 15:11:44 -0400 Subject: [PATCH] corrected title of rule 1046 Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Aug 11 16:16:46 2011 +0200 add process58 probe based on probe process, linux part Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Aug 11 14:08:58 2011 +0200 [OVAL] fix a bug, enable corresponding mitre test Author: Miloslav Trmač <mitr@redhat.com> Date: Thu Aug 11 10:53:04 2011 +0200 Fix audit architecture checks In particular, require 32-bit audit rules also on 64-bit architectures. Author: Miloslav Trmač <mitr@redhat.com> Date: Thu Aug 11 10:53:03 2011 +0200 Fix ownership check of world-writable directories Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 10 13:58:35 2011 +0200 [probes] rpminfo: updated signature tag Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 9 23:34:12 2011 +0200 [probes] gconf: return PROBE_EFATAL instead of calling abort() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 9 18:15:46 2011 +0200 [probes] new probe: gconf Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 9 18:14:38 2011 +0200 [tests] vgrun.sh: parse only ELF executable logs Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 9 13:01:39 2011 +0200 swig api update Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 9 13:00:42 2011 +0200 [OVAL] update spec files - fileextendedattribute Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 9 10:41:31 2011 +0200 [oscap] OVAL Directives supported in oscap tool Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 9 11:00:48 2011 +0200 [tests] added fileextendedattribute probe test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Aug 7 20:45:45 2011 +0200 [probes] new probe: fileextendedattribute Author: Peter Vrabec <pvrabec@gmail.com> Date: Mon Aug 8 22:39:10 2011 +0200 makecheck fix Author: Peter Vrabec <pvrabec@gmail.com> Date: Mon Aug 8 22:37:19 2011 +0200 [OVAL] make Results Model use Directives model #2 Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 8 19:16:42 2011 +0200 distcheck fix Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 8 18:53:16 2011 +0200 [OVAL] make Results Model use Directives model #1 Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 8 16:07:22 2011 +0200 [OVAL] introduce OVAL Directives Model Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Aug 7 15:26:33 2011 +0200 [tests] fts.sh: corrected path to gentree.sh Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Aug 7 14:45:25 2011 +0200 [tests] Added a simple OVAL FTS API test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Aug 7 14:44:22 2011 +0200 [OVAL/probes] pass OVAL_PROBE_DIR using compiler flags, not config.h Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Aug 7 14:43:11 2011 +0200 [tests] environmentvariable58: skip the test if euid != 0 Author: Pierre Chifflier <chifflier@wzdftpd.net> Date: Fri Aug 5 21:29:10 2011 +0200 [probes] dpkginfo: fix build, update to new API version. Signed-off-by: Pierre Chifflier <chifflier@wzdftpd.net> Author: Pierre Chifflier <chifflier@wzdftpd.net> Date: Fri Aug 5 21:29:09 2011 +0200 [OVAL/probes] Fix segfault if a probe is defined but cannot be loaded Signed-off-by: Pierre Chifflier <chifflier@wzdftpd.net> Author: Pierre Chifflier <chifflier@wzdftpd.net> Date: Fri Aug 5 21:29:08 2011 +0200 Fix installation with non-default libexec directory When using a non-default libexec directory, do not hardcode the path for plugins, this prevents loading them at runtime. Signed-off-by: Pierre Chifflier <chifflier@wzdftpd.net> Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Aug 5 16:46:43 2011 +0200 [probes] environmentvariable58: handle operation on pid Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Aug 5 13:15:00 2011 +0200 move OVAL Directives into separate module Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 4 13:39:43 2011 +0200 [oscap] support validation of OVAL Directives Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 4 13:33:42 2011 +0200 minor fixes around iflisteners Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Aug 4 11:06:04 2011 +0200 tool manpage: CVSS vector description Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Aug 3 10:15:12 2011 +0200 cvss: describe vector functionality Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jul 29 14:35:52 2011 +0200 tool: remove old CVSS commands Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 3 15:56:15 2011 +0200 iflisteners test: skip on non-root Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Aug 3 13:39:30 2011 +0200 add iflisteners probe test Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Aug 3 13:39:29 2011 +0200 add iflisteners probe Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 1 13:39:27 2011 +0200 [OVAL] don't print debug message to stderr Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 1 11:44:42 2011 +0200 [dist] update spec files - add new probes Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Jul 29 12:59:47 2011 +0200 fix AM_CONDITIONAL variable Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Jul 29 12:36:50 2011 +0200 add selinuxsecuritycontext probe Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Jul 29 12:36:16 2011 +0200 selinuxboolean: use not applicable amd error flags Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jul 27 19:08:11 2011 +0200 cvss: test rewrite Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jul 27 17:26:27 2011 +0200 cve: port to new CVSS API Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jul 27 17:23:02 2011 +0200 cvss: remove obsolete APIs Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jul 27 17:15:40 2011 +0200 cvss: clone functions Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jul 27 01:11:31 2011 +0200 cvss: key table + xml support Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jul 26 11:24:54 2011 +0200 tool: manpage CVSS section adjustment Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jul 26 11:08:03 2011 +0200 tool: port CVSS to new API Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Jul 25 02:24:29 2011 +0200 tool: CVSS vector processing Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Jul 25 02:23:55 2011 +0200 common: add oscap_strtoupper Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jul 22 17:53:13 2011 +0200 cvss: score calculator Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jul 22 14:50:19 2011 +0200 cvss: vector serialisation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jul 22 13:17:02 2011 +0200 cvss: redesign begin Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jul 28 16:41:30 2011 +0200 [OVAL] add new datatypes+operations Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jul 28 11:51:49 2011 +0200 update test_mitre.sh Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jul 28 10:52:51 2011 +0200 [OVAL] reorganize namespaces in OVAL Syschars export Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jul 28 00:44:47 2011 +0200 [OVAL] reorganize namespaces in OVAL Definitions export Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 27 19:30:58 2011 +0200 [tests] fixed & enabled rpmverify test from MITRE Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 27 19:30:18 2011 +0200 [probes] rpmverify: fixed config/ghost file filtering Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 27 13:29:02 2011 +0200 [probes] rpmverify: initial behaviors support Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 27 03:13:55 2011 +0200 [OVAL] register rpmverify probe to session Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 27 03:13:28 2011 +0200 Updated ./configure's probe list Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 27 02:54:24 2011 +0200 [probes] new probe: rpmverify Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 27 02:52:45 2011 +0200 [probes] implemented probe_ent_getoperation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 26 16:34:43 2011 +0200 [OVAL/probes] Fixed memory leaks Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Jul 26 14:12:36 2011 +0200 xinetd probe fix Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jul 26 09:29:41 2011 +0200 [mitre] check RC from oscap tool Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jul 26 09:29:06 2011 +0200 [distcheck] clean *.vglog files Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Jul 25 17:43:05 2011 +0200 xinetd: register to session fixed configuration files parsing added protocol detection based on /etc/services Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jul 25 16:10:30 2011 +0200 [tests] vgtest: respect configure option Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jul 25 15:58:02 2011 +0200 [probes] inetlisteningservers: update to OVAL 5.8 Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jul 25 15:41:35 2011 +0200 [probes] shadow: update to OVAL 5.8 Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jul 25 15:34:30 2011 +0200 [SEAP] sexp-manip: signedness correction Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 25 15:29:16 2011 +0200 [probes] filehash(58): corrected dst buffer pointer Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 25 14:40:42 2011 +0200 [probes] crapi_mdigest_fd: initialize ctbl array Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jul 25 13:28:06 2011 +0200 [probes] process: update to OVAL 5.8 Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jul 25 12:35:15 2011 +0200 [dist] use relro flag by linker Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jul 25 12:02:48 2011 +0200 bump release number Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jul 25 12:02:19 2011 +0200 [probes] check RC of open() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 25 01:22:39 2011 +0200 [OVAL/probes] Fixed several leaks in new code Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 25 01:21:06 2011 +0200 [OVAL] oval_component.c: rewrite of datetime parsing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat Jul 23 17:07:48 2011 +0200 [probes] probe core: made input_handler thread cancelable Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat Jul 23 17:06:38 2011 +0200 [tests] fixed vgtest Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat Jul 23 14:45:32 2011 +0200 [common] util.c: fixed invalid memory reads in oscap_trim Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jul 22 11:31:37 2011 +0200 fixing make check Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jul 22 11:37:19 2011 +0200 [tests] mitre: added expected result of the partition test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jul 22 11:34:20 2011 +0200 [probes] partition: minor fix & enabled MITRE test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jul 22 10:42:37 2011 +0200 [probes] partition: added support for OVAL_OPERATION_NOT_EQUAL Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jul 22 09:43:42 2011 +0200 [probes] probe core: fixed icache queue handling Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Jul 19 10:53:59 2011 +0200 [probes] rpminfo: add OVAL_OPERATION_NOT_EQUAL to supported operations Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jul 21 23:46:17 2011 +0200 extend make check for test from mitre Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jul 21 23:34:52 2011 +0200 [OVAL] handle RC from oval_probe_query_object() correctly Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jul 21 15:17:00 2011 +0200 [probes] shadow: update to OVAL 5.8 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 21 14:49:31 2011 +0200 [probes] process: corrected datatypes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 21 14:48:31 2011 +0200 [OVAL/probes] Corrected __n2s_tbl ordering; Abort if subtype decoding fails Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 21 13:37:14 2011 +0200 [probes] partition: skip rootfs entry & translate fs types to OVAL fs types if possible Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jul 20 18:05:41 2011 +0200 [oscap] validate results of oscap analyse Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 21 11:59:07 2011 +0200 [OVAL/probes] external probe handler: unified handling of unsupported probes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 21 11:34:42 2011 +0200 [probes] probe core: adjusted item cache to the new SEXP_deepcmp implementation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 21 11:33:18 2011 +0200 [SEAP] Implemented SEXP_list_rest_r Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jul 20 17:52:18 2011 +0200 [utils] oscap: update help text Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jul 20 17:45:41 2011 +0200 [tests] mitre: turn off broken tests Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jul 20 17:17:12 2011 +0200 [oscap] extend --skip-valid functionality Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jul 20 17:09:26 2011 +0200 [oscap] analyse operation export fix Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jul 20 11:51:30 2011 +0200 validate output of oscap oval collect Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jul 20 10:48:23 2011 +0200 cleanup around mitre make check Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 19 17:42:13 2011 +0200 [tests] mitre: supply external variables document to the oscap tool Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jul 19 16:30:15 2011 +0200 [oscap] provide --skip-valid option for analyse and collect Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 19 16:42:19 2011 +0200 [probes] variable: correction to item generation Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 19 15:01:38 2011 +0200 [OVAL] support deprecated CheckEnumeration value 'none exist' Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jul 19 13:57:25 2011 +0200 oscap tool validates OVAL Results on output Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 19 13:50:38 2011 +0200 [OVAL] add debugging information Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 19 12:19:44 2011 +0200 [probes] filehash58: fix a typo in entity name Author: Francisco Slavin <fslavin@tresys.com> Date: Tue Jul 19 10:41:06 2011 +0200 [tests] Initial implementation of test for isainfo Author: Peter Vrabec <pvrabec@gmail.com> Date: Mon Jul 18 22:19:51 2011 +0200 [dist] spec file update Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Jul 18 16:45:54 2011 +0200 add selinuxboolean probe test Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Jul 18 16:45:53 2011 +0200 add selinuxboolean probe Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Jul 15 10:06:47 2011 +0200 test_probes_filehash58.xml.sh - adapting from filehash to filehash58 Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Jul 18 10:18:56 2011 +0200 filehash58 probe test Author: Petr Lautrbach <plautrba@redhat.com> Date: Mon Jul 18 10:18:08 2011 +0200 filehash58 probe Author: Peter Vrabec <pvrabec@gmail.com> Date: Mon Jul 18 16:31:04 2011 +0200 Revert "[tests] added enviromentvariable58 mitre test" This reverts commit 15fdfed90c02f567ad431518415019bf5f50a7db. Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jul 18 14:53:40 2011 +0200 clean tmp after make check Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 18 12:50:35 2011 +0200 [SEAP] sexp-manip: implemented SEXP_deepcmp Author: Tomas Heinrich <theinric@redhat.com> Date: Sat Jul 16 23:00:03 2011 +0200 [OVAL] transform variable probe from internal to external, adjust helpers Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 14 16:26:02 2011 +0200 [common] declare oscap_sysinfo outside the platform specific blocks Author: Francisco Slavin <fslavin@tresys.com> Date: Wed Jul 13 16:41:55 2011 -0400 Adding dist files for Solaris 10 packge building Author: Francisco Slavin <fslavin@tresys.com> Date: Wed Jul 13 16:41:54 2011 -0400 Added fts_* implementations Solaris does not provide fts_* functions, so copied from glibc with mods to get working on Solaris. If the function fts_open is available on the system, then fts_sun.h and fts_sun.c become empty. Fixed a problem with fts where only the root directory entry would be returned on solaris Author: Marshall Miller <mmiller@tresys.com> Date: Wed Jul 13 16:41:53 2011 -0400 Fixed sysctl's probe_main for systems where it is not supported Author: Francisco Slavin <fslavin@tresys.com> Date: Wed Jul 13 16:41:51 2011 -0400 [probes] new probe: isainfo (Solaris) The isainfo probe requires using the sysinfo function which is not the same on Linux and Solaris * Renaming sysinfo.c and .h to oscap_sysinfo.c and .h * Renaming the sysinfo function to oscap_sysinfo * Ensuring these functions still map correctly in Linux Author: Ryan E Haggerty <rhaggerty@tresys.com> Date: Wed Jul 13 16:41:50 2011 -0400 [probes] Added skeleton for solaris probes added skeleton files for the solaris probes updated makefile.am to conditionally build solaris probes Author: Ryan E Haggerty <rhaggerty@tresys.com> Date: Wed Jul 13 16:41:49 2011 -0400 configure: add option to enable/disable solaris probes allow solaris probe to be manually enabled/disabled automatically enable/disable solaris probes when option to enable/disable is not provided Author: Marshall Miller <mmiller@tresys.com> Date: Wed Jul 13 16:41:48 2011 -0400 [SEAP] Renamed the _S macro to _SE The _S macro is used by the ctypes implementation on Solaris Author: Marshall Miller <mmiller@tresys.com> Date: Wed Jul 13 16:41:47 2011 -0400 [tests] Handle commands starting with a hyphen in the process test Escape first character of command if it is a hyphen. The grep on Solaris does not support the -e option so it is not suitable. Author: Marshall Miller <mmiller@tresys.com> Date: Wed Jul 13 16:41:46 2011 -0400 [tests] Clear LD_PRELOAD when calling ps The ps on Solaris reports incompatible ELF when libopenscap_testing.so is loaded with LD_PRELOAD Author: Marshall Miller <mmiller@tresys.com> Date: Wed Jul 13 16:41:45 2011 -0400 [tests] process: made the process probe test more portable Changed the column keywords passed to ps to ones supported on Solaris and Linux Author: Marshall Miller <mmiller@tresys.com> Date: Wed Jul 13 16:41:44 2011 -0400 [tests] Removed space between -F flag and field separator The awk on Solaris does not like a space between the -F option and the field separator Author: Francisco Slavin <fslavin@tresys.com> Date: Wed Jul 13 16:41:43 2011 -0400 [probes] process: implementation of the process probe for Solaris Author: Marshall Miller <mmiller@tresys.com> Date: Wed Jul 13 16:41:42 2011 -0400 [tests] Global replace of grep -q Replaced grep -q with grep >/dev/null because grep on Solaris does not support -q Author: Ryan Hagerty <rhagerty@tresys.com> Date: Wed Jul 13 16:41:41 2011 -0400 [tests] porting runlevel probe test to Solaris Solaris does not have chkconfig. This patch adds functions which provide compatible functionality for use in the runlevel probe test scripts. Author: Marshall Miller <mmiller@tresys.com> Date: Wed Jul 13 16:41:40 2011 -0400 [tests] test_probe_xinetd: protect against passing NULL pointers to printf Author: Marshall Miller <mmiller@tresys.com> Date: Wed Jul 13 16:41:39 2011 -0400 [probes] runlevel: changes to get the runlevel probe working on Solaris Use a common function for SYSV init implementations Use correct paths for init scripts depending on system Switched to chdir() instead of fchdir(dirfd()) because dirfd does not exist on Solaris Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Jul 14 11:26:58 2011 +0200 [tests] added enviromentvariable58 mitre test Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Jul 14 11:25:40 2011 +0200 [tests] added environmentvariable58 tests Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Jul 14 11:21:18 2011 +0200 [probes] new probe: environmentvariable58 Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 12 15:05:11 2011 +0200 [probes] probe core: datatype correction Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 12 14:50:11 2011 +0200 [probes] minor corrections Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 12 14:35:30 2011 +0200 [test] mitre: workaround file access time issue Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 11 15:21:56 2011 +0200 [probes] probe-api: added PROBE_ENT_AREF, PROBE_ENT_STRVAL, PROBE_ENT_I32VAL macros Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 11 14:14:39 2011 +0200 [SEAP] SEXP_list_sort: use oscap_bfind_i for sorting in the second pass Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 7 14:16:46 2011 +0200 [probes] probe core: fixed set operations Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 7 14:13:29 2011 +0200 [SEAP] SEXP_list_it_*: fixed NULL deref Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 7 12:18:15 2011 +0200 [tests] API/SEAP: SEXP_list_sort test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 7 12:16:55 2011 +0200 [SEAP] sexp-manip: implemented SEXP_list_it_*, SEXP_list_sort, SEXP_refcmp Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 4 15:42:40 2011 +0200 [tests] mitre: enabled oval-def_set.xml Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 4 15:19:33 2011 +0200 [OVAL] resultTest: print test results in debug mode to stderr Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 4 14:33:37 2011 +0200 [probes] debug content and verbosity refinements Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Jul 1 13:44:01 2011 +0200 [OVAL] add temporary workaround to generate item ids for internal probe Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Jul 1 11:21:48 2011 +0200 [OVAL] fix mem leak Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Jul 1 10:51:41 2011 +0200 [probes] remove redundant macros Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 30 17:51:12 2011 +0200 [probes] probe set: fixing set operations #1 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 30 17:21:00 2011 +0200 [probes] remove filtering from probe_cobj_item_add Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 30 17:19:40 2011 +0200 [probes] probe core: log input and output of set operations Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jun 30 16:52:46 2011 +0200 [OVAL] use item ids that are now generated inside probes Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Jun 30 15:08:21 2011 +0200 [probes] environmentvariable is now external probe Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 30 14:27:47 2011 +0200 [probes] utilize item cache, probe context and related API functions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 30 14:26:22 2011 +0200 [probes] probe core & API: implemented probe context & related functions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 30 14:23:39 2011 +0200 [probes] probe core: finalized item cache API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jun 29 23:44:43 2011 +0200 [probes] probe core: removed dead code from worker.c Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jun 29 16:53:12 2011 +0200 [probes] probe core: initial item cache implementation (result/item cache split) Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jun 29 15:01:53 2011 +0200 [OVAL/probes] perform item filtering inside probe_cobj_add_item() Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jun 29 14:40:57 2011 +0200 [OVAL/probes] move probe_item_filtered() to probe-api.c Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jun 29 14:26:12 2011 +0200 [SEAP] rbt_i64: fixed types Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jun 29 14:25:40 2011 +0200 [SEAP] sexp-manip: added simple SEXP_deepcmp implementation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jun 29 14:24:45 2011 +0200 [SEAP] Extended S-exp ID API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jun 29 09:37:22 2011 +0200 [SEAP] rbt: added i64 variant of the tree Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jun 29 09:36:37 2011 +0200 [SEAP] rbt: moved posix_memalign implementation to rbt_common.c Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 28 18:16:23 2011 +0200 [SEAP] public/sexp-ID.h: added #include guard Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 28 16:54:49 2011 +0200 [tests/API/SEAP] Added test_api_sexp_ID Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 28 16:53:54 2011 +0200 [SEAP] Added initial S-exp ID API implementation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 28 16:53:01 2011 +0200 [SEAP] Added MurmurHash3 implementation Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 24 11:08:36 2011 +0200 fix compilation on RHEL5 Author: Petr Lautrbach <plautrba@redhat.com> Date: Thu Jun 23 14:07:14 2011 +0200 test runlevel probe - create uniq list of services Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jun 23 15:02:28 2011 +0200 [tests] fix comments Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 22 23:06:15 2011 +0200 [tests] probes/environmentvariable fix Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 22 22:36:47 2011 +0200 [tests] run environmentvariable mitre test Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Jun 22 17:10:38 2011 +0200 test environmentvariable probe - test 'not equal', 'pattern match' Author: Petr Lautrbach <plautrba@redhat.com> Date: Tue Jun 21 19:02:22 2011 +0200 fix environmentvariable probe Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 22 22:26:47 2011 +0200 [tests] adjust passwd test to 5.8 Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 22 22:05:48 2011 +0200 [OVAL] remove variable_binding_map from sysModel Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 22 22:03:57 2011 +0200 [OVAL] _oval_result_test_result() cleanup Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jun 21 13:05:33 2011 +0200 cleaner XML output Partially eliminates XML namespace redundancy. Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jun 20 10:36:25 2011 +0200 agent: small api change #2 Author: Tomas Heinrich <theinric@redhat.com> Date: Sat Jun 18 15:50:53 2011 +0200 agent: small api change Author: Petr Lautrbach <plautrba@redhat.com> Date: Fri Jun 17 13:26:56 2011 +0200 run all passing tests Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 17 11:43:10 2011 +0200 add .gitignore -> git status is clearer Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 17 11:21:38 2011 +0200 [tests] minor fixes Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jun 16 18:32:11 2011 +0200 [content] remove scap-fedora{12,13}-oval.xml Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jun 16 18:13:11 2011 +0200 [content] rename our OVAL IDs to ..org.open-scap.. Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jun 16 14:22:28 2011 +0200 [tests] run more mitre tests Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Jun 16 13:06:23 2011 +0200 [xsl] remove links from OVAL results report Author: Petr Lautrbach <plautrba@redhat.com> Date: Wed Jun 15 15:28:01 2011 +0200 curl is not needed anymore Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jun 14 13:44:40 2011 +0200 [PYTHON] Added variables model export Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jun 14 13:10:48 2011 +0200 [OVAL] fix mem leaks in sysinfo parsing, manipulation Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jun 14 10:56:42 2011 +0200 [PYTHON] Added exporting variable models to policy_export Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jun 14 08:46:47 2011 +0200 [OVAL] _lock mechanism clean up Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jun 13 17:41:07 2011 +0200 [OVAL] fix mem leak in result test parsing Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jun 13 11:24:15 2011 +0200 [OVAL] update oval_enumerations to 5.8 Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jun 13 10:49:58 2011 +0200 [OVAL] xml parsing clean up Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jun 13 10:01:27 2011 +0200 [OVAL] deprecate _is_valid mechanism Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jun 13 09:36:30 2011 +0200 [OVAL] deprecate _is_locked mechanism Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 10 15:58:24 2011 +0200 [tests] extend test_api_oval.sh test Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 10 11:47:35 2011 +0200 [tests] test_api_results fix Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Jun 10 13:50:23 2011 +0200 [OVAL] fix mem leaks in results parsing Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Jun 10 11:08:18 2011 +0200 [OVAL] don't create unnecessary result definitions, tests Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Jun 10 10:53:20 2011 +0200 [OVAL] rename badly named function Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 10 00:24:33 2011 +0200 refactor parsing of definitions, syschar, results Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jun 7 11:16:35 2011 +0200 [OVAL] object filters changes - make oval_filter_action_get_text() public - fix bug in oval_item_filtered() - enable object filters in textfilecontent54 Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 3 23:49:16 2011 +0200 [common] fixing XML_SCHEMA_PATH Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jun 3 20:49:54 2011 +0200 Ensure *_PATH macros are correctly instantiated Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 3 20:40:46 2011 +0200 [tests] fix ts from mitre Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 3 20:25:20 2011 +0200 [oscap] do not handle URLs at input Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 3 15:57:20 2011 +0200 [OVAL] include config.h Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 3 13:23:46 2011 +0200 [OVAL] remove oscap_dprintf() Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 3 11:07:29 2011 +0200 [tests] fix test_mitre.sh Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jun 2 13:30:29 2011 +0200 fix RC of oscap eval Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jun 3 01:02:11 2011 +0200 [common/SEAP] unify the debuglog API Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jun 2 14:46:33 2011 +0200 [SEAP] add debug info Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jun 1 16:17:03 2011 +0200 [probes] use int64_t as OVAL_DATATYPE_INTEGER Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jun 1 15:46:45 2011 +0200 [SEAP] sexp-parser: reset number related parser states Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 1 14:18:14 2011 +0200 [tests] adjustments to mitre testsuite (again) Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jun 1 11:55:05 2011 +0200 schematron-based validation for oscap tool Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jun 1 11:54:08 2011 +0200 allow specifying XSLT search path via API Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jun 1 11:52:49 2011 +0200 Add OVAL schematron XSL files + howto Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 1 13:07:22 2011 +0200 [tests] adjustments to mitre testsuite Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jun 1 12:54:21 2011 +0200 [OVAL] agent: clear external variables upon session reset Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 1 09:47:52 2011 +0200 [tests] adjustments to mitre testsuite Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue May 31 22:59:11 2011 +0200 incorporate test from mitre Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue May 31 20:40:23 2011 +0200 content fixes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 31 13:45:29 2011 +0200 [probes] rpminfo: use evr_string datatype Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 31 13:44:53 2011 +0200 [OVAL] oval_sysent_from_sexp: handle OVAL_DATATYPE_EVR_STRING Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon May 30 15:07:45 2011 +0200 [probes] return correct types in password probe Author: Maros Barabas <mbarabas@redhat.com> Date: Mon May 30 15:32:52 2011 +0200 Fixed double free libxml memory in xccdf_fix Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon May 30 14:16:47 2011 +0200 [oval] switch to 5.8 Author: Maros Barabas <mbarabas@redhat.com> Date: Mon May 30 09:53:20 2011 +0200 Added documentation into python API Fixed default level in XCCDF_LEVEL_MAP Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 27 15:18:52 2011 +0200 [probes] oval_fts: moved debug messages to probe_debug.log.* Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu May 26 13:39:33 2011 +0200 [SEAP] log S-exps for all types of packets in debug mode Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu May 26 12:34:36 2011 +0200 [SEAP] added _E, _I, _F debuglog functions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu May 26 12:19:58 2011 +0200 [probes] file: adapt types to 5.8 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu May 26 12:10:02 2011 +0200 [probes] create less verbose debug logs and create one for each probe PID Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 25 18:37:11 2011 +0200 [OVAL/probes] oval_probe_ext_init: fixed deadlock Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed May 25 16:03:35 2011 +0200 update file probe Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue May 24 14:16:11 2011 +0200 bump release number Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon May 23 13:41:32 2011 +0200 fix schema validation warnings fix warnings when OSCAP_SCHEMA_PATH variable ended with slash(es) Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon May 23 09:29:06 2011 +0200 [oval] move to 5.8 Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun May 22 22:07:53 2011 +0200 [schemas] upload 5.8 schemas Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun May 22 17:08:12 2011 +0200 [oval] deprecate oval_probe_query_objects() Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun May 22 16:10:33 2011 +0200 oval_probe_query_object() "return" return syschar Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun May 22 10:30:32 2011 +0200 [oval] set SYSCHAR_FLAG_ERROR on error Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri May 20 16:27:15 2011 +0200 [oscap] do not call oval_variable_model_free() Author: Tomas Heinrich <theinric@redhat.com> Date: Fri May 20 14:27:36 2011 +0200 [OVAL] agent: corrections to variable model binding Author: Tomas Heinrich <theinric@redhat.com> Date: Thu May 19 16:07:45 2011 +0200 [OVAL] variable model: change variable storage to struct oval_value Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed May 18 20:08:25 2011 +0200 [tests] libgnu clean up Author: Marshall Miller <mmiller@tresys.com> Date: Sun Apr 24 18:32:38 2011 -0400 added call to gnulib getline on solaris Author: Marshall Miller <mmiller@tresys.com> Date: Sun Apr 24 18:17:34 2011 -0400 re-imported gnulib modules with --libtool and --lgpl options added switched *LDADD and *LIBADD entries to point to libgnu.la instead of libgnu.a stopped linking libseap, libxccdf, and the probes with libgnu link libopenscap against libgnu Author: Marshall Miller <mmiller@tresys.com> Date: Sun Apr 24 18:27:13 2011 -0400 moved call to AM_PROG_LIBTOOL down to prevent lots of warnings Author: Marshall Miller <mmiller@tresys.com> Date: Sun Apr 24 18:28:55 2011 -0400 removed some lines that got re-introduced from a revert Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon May 16 13:03:41 2011 +0200 use strsep from gnulib Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon May 16 12:34:51 2011 +0200 Revert "Switching strsep use to oscap_strsep" This reverts commit b71e6dd99ba14a3d13306fb82aaece0f041f08f8. Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon May 16 11:39:26 2011 +0200 getline from gnulib Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon May 16 11:20:19 2011 +0200 Revert "Added implementation of getline for use on Solaris" This reverts commit 431a52618fa773faf13c4a965cc7f4e4010de894. Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon May 16 11:17:59 2011 +0200 vasprintf from gnulib Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri May 13 13:40:17 2011 +0200 Revert "Added implementation of vasprintf" This reverts commit 9cff72baf0e1c6300acda1f7abe4541f45ae66e2. use vasprintf from gnulib Author: Tomas Heinrich <theinric@redhat.com> Date: Wed May 18 14:53:03 2011 +0200 [OVAL] variables: add missing initializations Author: Tomas Heinrich <theinric@redhat.com> Date: Tue May 17 15:37:38 2011 +0200 [utils/oscap] update help message Author: Tomas Heinrich <theinric@redhat.com> Date: Tue May 17 15:31:17 2011 +0200 [utils/oscap] update man page, bash completion Author: Tomas Heinrich <theinric@redhat.com> Date: Mon May 16 16:55:44 2011 +0200 [utils/oscap] xccdf: implement '--export-variables' Author: Tomas Heinrich <theinric@redhat.com> Date: Mon May 16 15:53:23 2011 +0200 [OVAL] store references to bound variable models inside definition model, new api function Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri May 13 10:38:43 2011 +0200 [oval] use proper path in automake Author: Francisco Slavin <fslavin@tresys.com> Date: Wed May 11 15:31:30 2011 -0400 Moving xinetd probe test The xinetd probe test should be in tests/probes/xinetd instead of tests/API/probes Re: Dan Kopecek feedback on list 5/10/2011 Author: Francisco Slavin <fslavin@tresys.com> Date: Wed May 11 15:31:29 2011 -0400 Tests API automake restructuring Using AM_CONDITIONAL flags to selectively run tests in tests/API Author: Francisco Slavin <fslavin@tresys.com> Date: Wed May 11 15:31:28 2011 -0400 Remove use of multiplicative suffix M in dd commands. not all versions of dd support the same bite size specification suffixes specifically, the version of dd on Solaris does not support suffixes higher than k Author: Francisco Slavin <fslavin@tresys.com> Date: Wed May 11 15:31:27 2011 -0400 Reworking test orchestration Using autoconf & automake to determine which probes to test. Use autoconf to determine if commands exist because the 'which' on Solaris does not return 1 when a command does not exist. If configure is told to not build certain probes, the test infrastructure should not try to test those probes. Author: Francisco Slavin <fslavin@tresys.com> Date: Wed May 11 15:31:26 2011 -0400 Switching strsep use to oscap_strsep strsep is not portable Specifically, it does not exist in the libc on Solaris This is reflected in the comments in the src/common/util.h header, where oscap_strsep is declared Author: Francisco Slavin <fslavin@tresys.com> Date: Wed May 11 15:31:25 2011 -0400 Stopping use of 'grep -q' in test scripts 'grep -q' is not a portable usage of grep. Specifically, the grep on Solaris does not have the '-q' flag. Author: Francisco Slavin <fslavin@tresys.com> Date: Wed May 11 15:31:24 2011 -0400 Stopping use of 'sed -i' in test scripts 'sed -i' is not a portable usage of sed. Specifically, the sed on Solaris does not have the '-i' flag. Author: Marshall Miller <mmiller@tresys.com> Date: Wed May 11 15:31:23 2011 -0400 Protect against passing NULL pointers to printf Author: Marshall Miller <mmiller@tresys.com> Date: Wed May 11 15:31:22 2011 -0400 Zero memory when new cve_model is created Author: Marshall Miller <mmiller@tresys.com> Date: Wed May 11 15:31:20 2011 -0400 Added implementation of getline for use on Solaris Author: Marshall Miller <mmiller@tresys.com> Date: Wed May 11 15:31:21 2011 -0400 Removed space between -F option and argument in awk This allows the awk command to work on Solaris Author: Marshall Miller <mmiller@tresys.com> Date: Wed May 11 15:37:20 2011 -0400 Made tests align with the objects and states which they reference. Author: Marshall Miller <mmiller@tresys.com> Date: Wed May 11 15:03:02 2011 -0400 Added implementation of vasprintf vasprintf is not implemented on Solaris, so added it. Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu May 12 17:43:02 2011 +0200 [utils] introduce "--variables" option Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 11 14:21:39 2011 +0200 Don't pass gcc flags to swig and make swig wrapper compilation less verbose Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 11 13:48:13 2011 +0200 [dist/fedora] openscap.spec: added libblkid-dependency and probe_partition Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 11 13:18:54 2011 +0200 Warn about unused things only in debug mode Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 11 13:03:09 2011 +0200 [probes] partition: use blkid cache Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 11 12:34:39 2011 +0200 [probes] probe/worker.c: fixed varrefs initialization Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 11 12:28:12 2011 +0200 Show parition probe in the ./configure output Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 11 11:54:47 2011 +0200 [probes] partition: added UUID support Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 11 11:15:11 2011 +0200 [probes] partition: check whether /proc is a procfs Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 10 18:53:41 2011 +0200 [probes] dnscache: always return 'not collected' status, dropped c-ares dependency Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 10 18:15:23 2011 +0200 [probes] added probe skeleton code Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 10 18:14:08 2011 +0200 [probes] partition: fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 10 18:13:11 2011 +0200 [OVAL/probes] Added OVAL_DATATYPE_STRING_M Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 10 17:05:55 2011 +0200 [probes] new probe: partition Author: Tomas Heinrich <theinric@redhat.com> Date: Tue May 10 15:48:48 2011 +0200 [OVAL] small api change: rename two badly named functions Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue May 10 13:28:57 2011 +0200 [oscap] add analyse functionality analyse compare definitions against provided system characteristics Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue May 10 10:57:34 2011 +0200 [dist] update fedora spec file (new probe) Author: Tomas Heinrich <theinric@redhat.com> Date: Mon May 9 15:56:54 2011 +0200 [probes] initialize vars Author: Tomas Heinrich <theinric@redhat.com> Date: Mon May 9 15:54:45 2011 +0200 [OVAL] fix double-free, NULL deref Author: Tomas Heinrich <theinric@redhat.com> Date: Mon May 9 15:53:10 2011 +0200 [OVAL] fix wrong allocation size Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Apr 20 13:53:52 2011 +0200 [dist] add libacl dependency Author: Marshall Miller <mmiller@tresys.com> Date: Tue May 3 22:35:29 2011 +0200 Link against librt on Solaris Add -lrt to list of libraries to link against on Solaris because this is where sigwaitinfo is located. Signed-off-by: Daniel Kopecek <dkopecek@redhat.com> Author: Marshall Miller <mmiller@tresys.com> Date: Fri Apr 29 17:20:59 2011 -0400 Solaris-specific autoconf changes Add -D_POSIX_C_SOURCE=200112L to CFLAGS for all systems because this is required on Solaris and it should not harm other systems. Add -D__EXTENSIONS__ to CFLAGS on a Solaris system. This is needed to get some types defined. Signed-off-by: Daniel Kopecek <dkopecek@redhat.com> Author: Francisco Slavin <fslavin@tresys.com> Date: Fri Apr 29 17:20:56 2011 -0400 Defining the __STRING(x) macro if needed in oval_probe_ext.c glibc defines a __STRING(x) macro which is not defined in Sun's glibc implementation. Signed-off-by: Daniel Kopecek <dkopecek@redhat.com> Author: Francisco Slavin <fslavin@tresys.com> Date: Fri Apr 29 17:20:55 2011 -0400 Add posix_memalign implementation. posix_memalign is not implemented on Solaris, so implemented it. Signed-off-by: Daniel Kopecek <dkopecek@redhat.com> Author: Francisco Slavin <fslavin@tresys.com> Date: Fri Apr 29 17:20:54 2011 -0400 Matching Solaris behavior for sysinfo workaround to existing BSD behavior. This will eventually need a better solution, but helps the compile process for now. Signed-off-by: Daniel Kopecek <dkopecek@redhat.com> Author: Francisco Slavin <fslavin@tresys.com> Date: Fri Apr 29 17:20:53 2011 -0400 Removing the '-iquote' flag from the AM_CPPFlAGS in the swig/Makefile.am. This flag was not supported in older gcc (3.x.x) found commonly on Solaris. Additionally, '-iquote' seems unnecessary as no directory is passed to the flag as per common usage. Signed-off-by: Daniel Kopecek <dkopecek@redhat.com> Author: Francisco Slavin <fslavin@tresys.com> Date: Fri Apr 29 17:20:52 2011 -0400 implemented _fsdev_init for Solaris Solaris uses a variation of getmntent to get filesystem information Signed-off-by: Daniel Kopecek <dkopecek@redhat.com> Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 3 20:09:21 2011 +0200 [probes] new probe: sysctl Author: Miloslav Trmač <mitr@redhat.com> Date: Sat Apr 30 04:27:37 2011 +0200 Content updates - complete Tested on ~full install of RHEL6.1 beta (both workstation and server). Author: Miloslav Trmač <mitr@redhat.com> Date: Thu Apr 28 23:09:27 2011 +0200 Replace ligatures in descriptions Author: Miloslav Trmač <mitr@redhat.com> Date: Thu Apr 28 23:06:35 2011 +0200 Content update Author: Miloslav Trmač <mitr@redhat.com> Date: Thu Apr 28 00:27:07 2011 +0200 Content updates Author: Miloslav Trmač <mitr@redhat.com> Date: Wed Apr 27 17:54:18 2011 +0200 Content updates Author: Miloslav Trmač <mitr@redhat.com> Date: Wed Apr 27 00:33:17 2011 +0200 Content updates Author: Miloslav Trmač <mitr@redhat.com> Date: Fri Apr 22 15:11:21 2011 +0200 Content updates Author: Miloslav Trmač <mitr@redhat.com> Date: Wed Apr 20 14:23:46 2011 +0200 Content: Give up on testing pam_tally2 Author: Miloslav Trmač <mitr@redhat.com> Date: Wed Apr 20 13:55:15 2011 +0200 Content updates Author: Miloslav Trmač <mitr@redhat.com> Date: Wed Apr 20 11:26:41 2011 +0200 Content updates Author: Miloslav Trmač <mitr@redhat.com> Date: Tue Apr 19 15:09:54 2011 +0200 Content updates Author: Tomas Heinrich <theinric@redhat.com> Date: Mon May 2 15:00:39 2011 +0200 fix many memleaks Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Apr 29 14:14:18 2011 +0200 [common] correction to parsing of empty strings Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Apr 29 13:45:44 2011 +0200 [OVAL] report an error upon encountering a NULL variable value Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Apr 29 10:51:38 2011 +0200 add missing ':' to libopenscap.pc Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Apr 27 17:10:00 2011 +0200 [probes] oval_fts: fix dir collection Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Apr 22 13:33:07 2011 +0200 [OVAL] fix memleaks Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Apr 22 11:27:33 2011 +0200 [probes] mark valid fallthrough cases inside switch statements Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Apr 22 11:03:15 2011 +0200 remove dead code Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 20 00:20:43 2011 +0200 [probes] file: added has_extended_acl entity Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Apr 19 23:22:36 2011 +0200 [probes] ldap57: fixed several bugs, added debug messages Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Apr 19 22:53:47 2011 +0200 [OVAL,SEAP] fixed leaks Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Apr 19 16:54:17 2011 +0200 [probes] sql57: many bugfixes Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Apr 19 16:36:16 2011 +0200 [OVAL] sysEnt: add missing initialization Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Apr 19 16:33:51 2011 +0200 [OVAL] add missing entries for sql Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Apr 19 15:16:31 2011 +0200 [dist] fedora subpackage for special probes Author: Miloslav Trmač <mitr@redhat.com> Date: Fri Apr 15 19:48:07 2011 +0200 Content updates Author: Miloslav Trmač <mitr@redhat.com> Date: Fri Apr 15 17:13:38 2011 +0200 Content updates Author: mitr <mitr@rhel6.(none)> Date: Fri Apr 15 14:57:28 2011 +0200 Clean up XCCDF Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Apr 19 14:19:06 2011 +0200 [OVAL/probes] check return value of oval_pdsc_lookup Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Apr 18 20:30:06 2011 +0200 [OVAL] add missing enum for sql57 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Apr 18 18:27:13 2011 +0200 [probes] ldap57: use attribute name as the field name Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Apr 18 18:19:18 2011 +0200 [probes] ldap57: extended processing of query results Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Apr 18 17:31:33 2011 +0200 [probes] sql57: remove old column count check Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Apr 18 11:37:00 2011 +0200 [utils] error message change Author: Peter Vrabec <pvrabec@redhat.com> Date: Sat Apr 16 22:26:15 2011 +0200 probe filemd5 is deprecated Author: Peter Vrabec <pvrabec@redhat.com> Date: Sat Apr 16 21:34:04 2011 +0200 remove oscap.py Author: Peter Vrabec <pvrabec@redhat.com> Date: Sat Apr 16 21:28:57 2011 +0200 upgrade to OVAL to 5.7 Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Apr 15 20:30:17 2011 +0200 [OVAL] local_variable: support OVAL_DATATYPE_RECORD Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Apr 15 13:43:33 2011 +0200 [OVAL/probes] oval_probe_ext: filter and sort the pdsc table during init Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Apr 15 13:39:57 2011 +0200 [probes] _sexp_val_getdatatype: fixed compilation with --enable-debug Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 14 18:47:04 2011 +0200 [probes] listen to SIGPIPE and set PR_SET_PDEATHSIG on Linux Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 14 18:28:18 2011 +0200 [probes] new probe: sql57 Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Apr 14 16:50:59 2011 +0200 [probes] entcmp: support OVAL_DATATYPE_RECORD Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Apr 13 17:56:42 2011 +0200 [probes] support OVAL_DATATYPE_RECORD in probe_item_create() Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Apr 13 17:19:40 2011 +0200 [probes] probe_item_create: free_value was not reset Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Apr 13 17:05:12 2011 +0200 [test] fix make check Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Apr 13 15:35:32 2011 +0200 [dist] adjust spec files and update NEWS Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Apr 13 16:34:53 2011 +0200 [OVAL] initial support for n-tuples SEXP_t representation Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Apr 13 14:38:07 2011 +0200 [probes] probe_ent_{set,get}datatype(): store datatypes in entities, not values Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Apr 13 14:19:14 2011 +0200 [OVAL] add enum function Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Apr 13 11:37:26 2011 +0200 [probes] fix filepath element Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Apr 13 11:21:19 2011 +0200 [content] RHEL6 content work Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Apr 12 18:06:44 2011 +0200 [content] RHEL6 content work Author: Miloslav Trmač <mitr@redhat.com> Date: Tue Apr 12 15:48:13 2011 +0200 Content update Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Apr 12 17:48:37 2011 +0200 [content] RHEL6 content work Author: Miloslav Trmač <mitr@redhat.com> Date: Fri Apr 8 15:52:36 2011 +0200 Content updates Author: Miloslav Trmač <mitr@redhat.com> Date: Thu Apr 7 14:50:38 2011 +0200 SELinux content updates (separate for easier merging) Author: Miloslav Trmač <mitr@redhat.com> Date: Wed Apr 6 18:27:53 2011 +0200 content updates Author: Miloslav Trmač <mitr@redhat.com> Date: Wed Apr 6 11:43:30 2011 +0200 Update gpg-pubkey guidance Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Apr 12 14:14:14 2011 +0200 [content] RHEL6 content work Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Apr 12 09:13:41 2011 +0200 [content] RHEL6 content work Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Apr 11 11:06:45 2011 +0200 [content] make content unresolved Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Apr 8 16:35:47 2011 +0200 [PYTHON] Fixed returning sessions from init Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Apr 8 16:17:24 2011 +0200 [release] bump release number Author: mgrepl <mgrepl@redhat.com> Date: Fri Apr 8 13:40:20 2011 +0200 [content] RHEL6 content work Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Apr 8 13:03:45 2011 +0200 [OVAL] store values even for 'var_ref' elements Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Apr 8 10:51:40 2011 +0200 [probes] file: recycle path Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Apr 8 10:26:09 2011 +0200 [SEAP] sexp-manip: new API function SEXP_emptyp Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Apr 8 01:13:40 2011 +0200 [probes] unix/*: use probe_item_create where possible Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 7 23:58:44 2011 +0200 [probes] probe_item_create: don't free the value for OVAL_DATATYPE_SEXP Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 7 18:26:30 2011 +0200 [probes] probe_item_create: added support for OVAL_DATATYPE_SEXP Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 7 15:25:22 2011 +0200 [probes] ldap57: removed calls to ldap_destroy Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 7 13:58:59 2011 +0200 [probes] independent/*: use probe_item_create where possible Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 7 13:57:38 2011 +0200 [probes] probe_item_create: fixed va_arg usage Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 7 12:31:30 2011 +0200 [probes] rpminfo: restored working state on f15 (RPM API changes) Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 7 02:32:41 2011 +0200 quiet gcc + fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 7 00:20:59 2011 +0200 [probes] probe_item_create: use static memory for S-exp refs Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 7 00:19:48 2011 +0200 [SEAP] new API functions for creating S-exp objects inside statically allocated S-exp refs Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 6 22:13:29 2011 +0200 [SEAP] moved S-exp structure definition to public header Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Apr 6 17:18:15 2011 +0200 [content] rhel6 content work Author: Miloslav Trmač <mitr@redhat.com> Date: Wed Apr 6 11:22:11 2011 +0200 updates Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 6 15:49:49 2011 +0200 [probes] interface: use probe_item_create instead of probe_item_creat Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 6 15:49:01 2011 +0200 [probes] probe-api: new API function probe_item_create Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 6 15:48:11 2011 +0200 [SEAP] sexp-manip: new API function SEXP_unref_r Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 6 14:06:33 2011 +0200 [probes] probe_cobj_memcheck: lower the threshold Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 6 13:16:25 2011 +0200 [probes] ldap57: removed call to ldap_destroy Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Apr 6 11:04:28 2011 +0200 [content] rhel6 content work Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Apr 5 14:46:20 2011 +0200 [probes] oval_fts: traversal fixes - don't report symlinks twice - always descend into path's top directory Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Apr 1 16:19:24 2011 +0200 [content] rhel6 content work Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Apr 1 12:56:21 2011 +0200 Refine <br/> processing in XHTML content Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Mar 31 16:04:36 2011 +0200 [probes] xmlfilecontent: fix 'value_of' extraction Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 31 14:26:48 2011 +0200 [OVAL] added missing enumerations and types Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 31 14:03:32 2011 +0200 [SEAP] cleanup Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 31 14:01:45 2011 +0200 [SEAP] switch packet queue implementations Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 31 14:00:28 2011 +0200 [SEAP] implemented packet queue Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Mar 30 17:23:27 2011 +0200 [probes] oval_fts: fix max_depth off-by-one error Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Mar 30 13:38:28 2011 +0200 [probes] oval_fts: correction to path matching during recursion Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 29 16:26:20 2011 +0200 [probes] oval_fts: partial optimization fix Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Mar 29 10:48:09 2011 +0200 [PYTHON] Fixed policy export; [XCCDF_POLICY] Moved item_get_files to public API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 29 13:05:01 2011 +0200 [configure] check for ldap_destroy instead of ldap_initialize Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Mar 28 23:16:45 2011 +0200 [tests] fixed probe API test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Mar 28 23:15:20 2011 +0200 [probes] ncache_ref: return a new ref if the cache is not initialized Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Mar 28 22:56:22 2011 +0200 [OVAL] oval_record_field_clone: fixed c&p bug Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Mar 28 18:12:20 2011 +0200 configure.ac fix Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Mar 28 17:19:51 2011 +0200 [OVAL] initial support for n-tuples Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Mar 28 00:51:07 2011 +0200 [probes] new probe: ldap57 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Mar 27 19:24:26 2011 +0200 [probes] new probe: dnscache Author: Miloslav Trmac <mitr@redhat.com> Date: Fri Mar 25 15:40:17 2011 +0100 [content] rhel6 content work Author: Miloslav Trmac <mitr@redhat.com> Date: Fri Mar 25 15:09:17 2011 +0100 [content] rhel6 content work Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Mar 24 11:29:20 2011 +0100 [doc] create readme file Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Mar 23 14:42:34 2011 +0100 [probes] sql: fixed wrong return type & added 'filters' arg. to probe_main Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Mar 22 14:33:14 2011 +0100 [utils] oscap: fix compilation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 22 13:41:41 2011 +0100 [SEAP] SEAP_packet_recv: check parser error state Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 22 13:39:34 2011 +0100 [SEAP] seap-parser: added function for checking error state Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Mar 21 22:14:42 2011 +0100 [oscap] change eval-id to eval --id Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Mar 21 21:06:15 2011 +0100 [oscap] introduce "--skip-valid" argument Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Mar 21 14:37:53 2011 +0100 [content] remove last slash from <path> elements Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Mar 21 11:06:39 2011 +0100 [xsl] fix system attribute in bash fix template Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Mar 17 18:27:24 2011 +0100 [content] rhel6 content work Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Mar 16 16:19:53 2011 +0100 [content] rhel6 content work Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Mar 15 13:33:40 2011 +0100 [PYTHON] Added support for removing strings thru iterators Author: Steve Grubb <sgrubb@redhat.com> Date: Mon Mar 14 10:11:14 2011 +0100 [probes] inetlisteningservers fix Author: Ondrej Moris <omoris@redhat.com> Date: Fri Mar 11 15:59:49 2011 +0100 Redundant variable exports removed. Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Mar 11 15:25:42 2011 +0100 [tests] remove auto-generated .lgo file Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Mar 11 15:22:03 2011 +0100 [dist] fix specfiles Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Mar 11 15:45:20 2011 +0100 fix metadata export Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Mar 11 13:39:57 2011 +0100 [dist] move cron example to docs Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Mar 11 13:15:01 2011 +0100 [XCCDF] Fixed parsing choices and exporting mustMatch attribute Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Mar 11 11:36:57 2011 +0100 [dist] mainly rhel5 spec file fixes Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Mar 10 22:29:03 2011 +0100 [dist] correct file permissions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 10 21:56:30 2011 +0100 [tests] removed *.Po, *.Tpo, *~ files Author: Ondrej Moris <omoris@redhat.com> Date: Thu Mar 10 21:13:42 2011 +0100 Minor tests/probes improvements Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 10 18:51:28 2011 +0100 [SEAP] fixed wrong fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 10 18:34:30 2011 +0100 [OVAL] reintroduce the OVAL_PROBEDIR_ENV condition Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 10 18:29:26 2011 +0100 [OVAL] unremove oval_probe_ext.c Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 10 18:19:22 2011 +0100 [tests] fixed probe tests Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 10 18:18:53 2011 +0100 [tests] removed executables and *.o files Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Mar 10 16:35:45 2011 +0100 [tests] remove redundant automake products Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Mar 10 14:16:32 2011 +0100 [check] selfcheck mechanism changed (2) Author: Ondej Moris <omoris@redhat.com> Date: Thu Mar 10 14:02:32 2011 +0100 [check] selfcheck mechanism changed Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 10 14:07:12 2011 +0100 [probes] fsdev.c: reorder code to prevent NULL deref in fsdev_init Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Mar 10 13:55:52 2011 +0100 [utils] fix potential NULL derefs Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Mar 10 13:28:55 2011 +0100 [OVAL] resolve warnings Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 10 12:19:34 2011 +0100 [OVAL] fixed potential NULL derefs Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 10 12:14:05 2011 +0100 [common] assume.h: corrected terminate macro for runtime mode Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 10 11:46:40 2011 +0100 [OVAL] oval_resultDirectives.c: added runtime assumptions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 10 11:30:47 2011 +0100 [OVAL/probes] Fixed leaks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Mar 9 22:51:10 2011 +0100 Fixed possible leaks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Mar 9 22:30:58 2011 +0100 [OVAL/probes] fixed possible NULL deref; marked valid fallthrough cases inside switch statements Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 8 17:47:12 2011 +0100 [swig] remove shebang from openscap_api.py Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 8 17:40:09 2011 +0100 [OVAL] fixed wrong indexing constant Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 8 17:20:43 2011 +0100 [probes] fixed potential NULL derefs Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 8 17:12:13 2011 +0100 [dist] bump release number Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 8 16:27:46 2011 +0100 [OVAL, common] check return values and emit warnings if needed Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 8 16:06:21 2011 +0100 [probes] filehash, filemd5: free ent refs on error Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 8 15:23:17 2011 +0100 [probes] xinetd: pass correct pointers to rbt_str_get, removed invalid free() Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 8 15:21:39 2011 +0100 [rhel5] enable validation on RHEL5 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 8 15:00:44 2011 +0100 [probes] input_handler: set probe_out to NULL on error Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Mar 7 16:58:15 2011 +0100 [OVAL] fix various redundant/missing/bogus conditions Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Mar 7 13:55:35 2011 +0100 fix wierd conditional Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Mar 7 15:01:06 2011 +0100 [OVAL] remove dead code Author: Maros Barabas <mbarabas@redhat.com> Date: Sun Mar 6 18:55:58 2011 +0100 [XCCDF_POLICY] Fixed getting the select from policy by ID (looking in htable and in policy too) Author: Maros Barabas <mbarabas@redhat.com> Date: Sun Mar 6 16:49:20 2011 +0100 [XCCDF_POLICY] Fixed bug in strdup NULL pointer Author: Maros Barabas <mbarabas@redhat.com> Date: Sun Mar 6 16:13:52 2011 +0100 [XCCDF_POLICY] Fixed profile checking in policy_new [XCCDF] Fixed segfault in oscap_terator_find_nearest Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun Mar 6 14:17:56 2011 +0100 [probes] rename __linux to __linux__ Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sat Mar 5 13:55:54 2011 +0100 Ensure not to create zero-sized hashtable Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sat Mar 5 13:33:59 2011 +0100 support setting NULLified benchmark ID Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Mar 4 18:03:50 2011 +0100 [XCCDF] Fixed strdup call bug; Added substitute function to Python API Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Mar 4 16:36:32 2011 +0100 [content] rhel6 content work Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Mar 4 13:20:24 2011 +0100 manpage update Mention suressed rule output in guide if no profile is set. Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Mar 4 12:04:53 2011 +0100 Don't include rules in security guide w/o profile Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Mar 2 17:16:02 2011 +0100 [content] rhel6 content work Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Mar 3 17:13:13 2011 +0100 [probes] implement and utilize functions for manipulation of probe-specific 'behaviors' probe_filebehaviors_canonicalize() probe_tfc54behaviors_canonicalize() Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Mar 2 16:34:21 2011 +0100 [OVAL] correction to parsing of empty strings Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Mar 2 11:32:35 2011 +0100 [content] rhel6 content work Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Mar 1 16:52:23 2011 +0100 [probes] oval_fts: better handling of symlinks Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 1 16:35:21 2011 +0100 implement oscap_text_set_overrides Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Mar 1 14:42:49 2011 +0100 [probes] oval_fts: correction to filepath processing Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 1 15:02:14 2011 +0100 substitution takes const char* Not all strings capable of text substitution are expressed as an oscap_text. Author: Francisco Slavin <fslavin@tresys.com> Date: Fri Feb 25 16:58:15 2011 -0500 Renaming the __P Macro. An __P macro is used by some system libraries on Solaris, and redefining it breaks many things. Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Feb 28 14:04:47 2011 +0100 [OVAL] correction to item-state comparison Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Feb 28 10:58:57 2011 +0100 [OVAL] correction to the substring function Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Feb 25 20:41:42 2011 +0100 high-level substitution support Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Feb 25 16:24:55 2011 +0100 low-level substitution support Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Feb 25 16:23:29 2011 +0100 add initial rhel6 XCCDF content (DRAFT!!) Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Feb 24 16:08:36 2011 +0100 [XCCDF] Fixed notices in benchmark Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Feb 23 14:06:50 2011 +0100 [probes] don't send error messages from the signal handler Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Feb 23 13:15:53 2011 +0100 [probes] fixed leaks Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Feb 23 13:03:13 2011 +0100 [probes] rpminfo: correct header path Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Feb 23 03:11:09 2011 +0100 [probes] added license text & more cleanup Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Feb 23 02:59:44 2011 +0100 [probes] removed old files, corrected some paths Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Feb 23 02:50:30 2011 +0100 [OVAL/probes] added probe-common.h Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Feb 23 02:47:20 2011 +0100 [probes] reutilize probe_msg_creatf() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Feb 23 00:44:31 2011 +0100 [OVAL/probes] moved input handling into a separate thread + related changes - moved main probe source files into probe/ subdirectory - some API name cleanup (pcache, encache) - added a `filters' argument to probe_main Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Feb 17 16:56:15 2011 +0100 [probes] utilize probe_msg_creatf() Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Feb 17 13:52:39 2011 +0100 [probes] implement probe_msg_creatf() Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Feb 16 09:37:08 2011 +0100 fix cdf:version import/export Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Feb 15 17:09:59 2011 +0100 [probes] remove dead code Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Feb 14 13:07:39 2011 +0100 [OVAL] don't export unneeded syschars Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Feb 11 11:53:02 2011 +0100 [OVAL] probe: corrections to set evaluation Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Feb 11 00:25:33 2011 +0100 [XCCDF] Fixed import/export requires/conflicts/platform Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Feb 10 16:00:26 2011 +0100 Add missing functions (requires & conflicts insertion) Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Feb 10 14:59:38 2011 +0100 [probes] oval_fts: extend partial-match optimization Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Feb 10 13:43:30 2011 +0100 quiet gcc Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Feb 10 13:38:04 2011 +0100 [probes] oval_fts: bugfixes, extended dbg info add missing arguments to pcre_compile() partial-match optimalization corrections recursion corrections Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Feb 10 10:47:03 2011 +0100 bump release number (major) Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Feb 9 12:56:25 2011 +0100 [OVAL] oval_probe_ext: fixing Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Feb 9 11:09:00 2011 +0100 [probes] textfilecontent54: remove unused variable Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Feb 9 10:06:10 2011 +0100 [OVAL] Added OVAL_PDFLAG_SLAVE Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Feb 8 19:13:51 2011 +0100 [probes] file: fix nil filename processing Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Feb 8 19:13:30 2011 +0100 [probes] oval_fts: fix traversal for nil filename Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Feb 8 16:24:44 2011 +0100 [probes] set probe return code in the set eval branch Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Feb 7 15:42:14 2011 +0100 [probes] oval_fts: fix memleak Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Feb 7 15:26:55 2011 +0100 [probes] textfilecontent54: fix endless loop in pcre matching Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Feb 7 11:35:36 2011 +0100 correct *_{get,set}_interactive functions Author: Tomas Heinrich <theinric@redhat.com> Date: Sat Feb 5 23:13:48 2011 +0100 [probes] oval_fts: complete 'filepath' entity support Author: Tomas Heinrich <theinric@redhat.com> Date: Sat Feb 5 21:11:39 2011 +0100 [tests] OVAL/probes: fix several 'path' entity definitions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Feb 4 15:44:10 2011 +0100 [SEAP] sch_pipe_recv: fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Feb 4 15:35:15 2011 +0100 [probes] removed wrong #include; disabled connect retry mechanism Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Feb 4 15:34:02 2011 +0100 [SEAP] sch_pipe_recv: check child status if read()==0; errno value change Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Feb 4 12:16:42 2011 +0100 [probes] reimplemented signal handling Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Feb 3 15:07:43 2011 +0100 [probes] fix order of entities in variable_item Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Feb 3 13:25:52 2011 +0100 [probes] file: fix order of entities in generated items Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Feb 3 11:25:16 2011 +0100 OVAL 5.6 schema workarounds for libxml2 Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Feb 3 11:14:29 2011 +0100 [probes] fix order of entities in generated items Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Feb 2 18:25:32 2011 +0100 [OVAL] move to OVAL 5.6 + minor fixes Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Feb 2 16:01:58 2011 +0100 [XCCDF] Fixed editing values Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Feb 2 13:17:31 2011 +0100 [XCCDF] Fixed segfault in value getter when accessing NULL reference thru number Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Feb 1 16:33:20 2011 +0100 [XCCDF_POLICY] Fixed double free error by strdup in bindings generator Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jan 31 18:06:19 2011 +0100 bump release number Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Jan 31 13:10:46 2011 +0100 [XCCDF] Fixed parsing and exporting refine rule severity Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Jan 28 15:35:45 2011 +0100 [XCCDF,PYTHON] Fixed export refine-rules, added refine-rule tailoring to python API Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Jan 28 13:58:47 2011 +0100 [PYTHON] Fixed default regexp in number types Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jan 27 15:55:49 2011 +0100 [probes] filehash, filemd5, textfilecontent, textfilecontent54: remove redundant condition Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jan 27 15:41:49 2011 +0100 [probes] file: export 'filepath' entity only if the target is not a directory Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jan 26 15:42:33 2011 +0100 xsl: update excluded namespace prefixes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jan 26 15:39:01 2011 +0100 report: OVAL criteria logic syntax tree descend Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jan 26 14:45:03 2011 +0100 [OVAL] mask attribute support in sys.char. items Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jan 26 14:45:37 2011 +0100 [probes] textfilecontent54: reset only relevant attributes of 'behaviors' entity when 'filepath' entity is used Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jan 26 14:07:48 2011 +0100 [probes] textfilecontent54: export 'line' entity in items Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jan 26 14:04:10 2011 +0100 [OVAL] oval_probe_comm: reset sd is SEAP_close fails Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jan 26 12:52:45 2011 +0100 xccdf report: analyze negations in OVAL Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jan 26 11:17:19 2011 +0100 Much more precise OVAL item selection for report Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jan 25 16:08:08 2011 +0100 report: OVAL item display conditions refinement In report are now included only items from definitions without a negation in non-nested criteria element that evaluated to "false". Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jan 25 12:48:33 2011 +0100 supress redudant error msgs & docs update Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jan 26 13:11:56 2011 +0100 [SEAP] SEAP_desc_get: check whether the tree is initialized before reading from it Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jan 25 18:44:47 2011 +0100 [OVAL/probes] textfilecontent54: support for new 'behaviors' attributes Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jan 25 18:43:44 2011 +0100 [OVAL/probes] new SEXP api function Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Jan 24 16:52:58 2011 +0100 [XCCDF_POLICY] Fixed warnings of defined but unused static functions Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Jan 24 16:52:26 2011 +0100 [PYTHON] Added association of file names and sessions into python API Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jan 24 15:03:24 2011 +0100 [autotools] fix schema files installation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Jan 24 10:00:10 2011 +0100 add missing function prototype Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Jan 23 14:49:05 2011 +0100 OVAL 5.6 schemas: dos2unix line ending conversion Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Jan 23 14:46:53 2011 +0100 OVAL 5.6 schema workarounds for libxml2 Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Jan 23 14:42:30 2011 +0100 Add OVAL 5.6 XML schema files Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Jan 23 14:04:46 2011 +0100 move XSL schema file names a separate Makefile.am Author: Daniel Kopecek <xkopecek@fi.muni.cz> Date: Mon Jan 24 00:27:46 2011 +0100 [OVAL/probes] Handle errors sent by probes Author: Daniel Kopecek <xkopecek@fi.muni.cz> Date: Mon Jan 24 00:27:05 2011 +0100 [SEAP] Implemented several missing parts of the error API Author: Peter Vrabec <pvrabec@redhat.com> Date: Sat Jan 22 19:41:24 2011 +0100 config.h clean up (part #2) Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jan 21 16:31:48 2011 +0100 config.h clean up (part #1) Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jan 21 15:15:34 2011 +0100 Fix typo in an error message Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jan 21 15:14:01 2011 +0100 oval inclusion in xccdf report: docs & completion Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jan 21 14:53:50 2011 +0100 tool support for OVAL info in XCCDF report Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jan 21 14:42:15 2011 +0100 xccdf report: search OVAL files in correct dir Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jan 14 18:53:23 2011 +0100 further OVAL info in XCCDF refinement Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Jan 13 17:36:08 2011 +0100 Initial OVAL items reporting in XCCDF report Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jan 21 15:35:44 2011 +0100 [SEAP/generic] rbt_i32: extended collision handling in the _add function Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Jan 21 13:36:34 2011 +0100 [utils] oscap: enable specification of the oval schema version Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jan 20 16:12:54 2011 +0100 [probes] interface: add support for 'type' entity Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jan 20 14:55:38 2011 +0100 [OVAL] fixed leak in oval_sysent_to_dom Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jan 20 12:29:16 2011 +0100 [probes] rpminfo: don't use datatypes in 5.6 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jan 20 12:13:18 2011 +0100 [probes] rpminfo: annotate the evr entity with a correct OVAL datatype Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jan 20 12:10:44 2011 +0100 [OVAL/probes] implemented probe_itement_setdatatype Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jan 20 12:08:00 2011 +0100 [SEAP] SEXP_datatype_set_nth: pass the correct pointer to SEXP_rawval_lblk_nth Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jan 19 17:28:32 2011 +0100 [OVAL] partial mask attribute implementation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jan 19 15:54:53 2011 +0100 [OVAL] oval_generator: include time.h Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jan 18 14:15:26 2011 +0100 [OVAL] mask atribute default valua = 'false' Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jan 18 15:59:09 2011 +0100 [OVAL] fix pcre_exec() usage Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jan 18 14:15:56 2011 +0100 [OVAL] support PCRE in object-state comparison Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jan 18 11:40:32 2011 +0100 [OVAL] filepath element implementation Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jan 17 16:54:30 2011 +0100 [OVAL] make several api changes to support more than one state inside tests Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jan 14 15:21:04 2011 +0100 bump release number Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jan 14 11:04:06 2011 +0100 [swig] add @libxml_cflags@ Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jan 14 10:55:28 2011 +0100 [dist] fixing spec files Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jan 13 15:59:37 2011 +0100 [OVAL] get rid of STUB_OVAL_OBJECT Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jan 13 17:40:41 2011 +0100 [OVAL] add support for storing unstructured metadata in definitions Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jan 10 12:48:00 2011 +0100 [oscap] minor man page fix Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Jan 10 13:33:31 2011 +0100 [XCCDF] Fixed warning export order Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Jan 7 14:34:21 2011 +0100 Added missing iterator reset functions; Fixed (s)dir typo in python API Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jan 7 11:34:31 2011 +0100 [dist] update rhel noValidate patch Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Jan 7 10:53:22 2011 +0100 Removed unimplemented functions from XCCDF Policy; Added missing warning functions to XCCDF Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Jan 5 10:59:23 2011 +0100 Added reset functions to all generated iterators Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jan 4 17:06:01 2011 +0100 Added oscap_iterator_reset functions to oscap_string and oscap_text Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jan 4 15:31:41 2011 +0100 [PYTHON] Fixed reserved words in policy export; Added exception (IOError) when no OVAL loaded Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jan 4 13:46:38 2011 +0100 [oscap] fix segfault segfault occured when no OVAL content was found Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jan 4 13:43:43 2011 +0100 [OVAL] fixed typo Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jan 4 13:43:04 2011 +0100 [OVAL] free generator info Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jan 3 17:02:51 2011 +0100 [probes] oval_fts: recognize symlinks (FTS_LOGICAL->FTS_PHYSICAL) Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Dec 16 14:37:54 2010 +0100 fix html2docbook paragraph parsing Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Dec 16 11:59:55 2010 +0100 [rhel5] update openscap-0.6.3-noValidate.patch Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Dec 14 16:52:30 2010 +0100 Added fixes for editing XCCDF content #1 Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Nov 24 15:33:33 2010 +0100 Added clone functions to CVE Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 14 14:38:01 2010 +0100 [oscap] add CPE name match and check functionality Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Dec 13 11:31:15 2010 +0100 [oscap] nicer complain about invalid content Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Dec 9 17:37:12 2010 +0100 bump release number Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Dec 9 16:55:55 2010 +0100 [dist] improve atomic functions support check some archs (ppc) do not support __sync_bool_compare_and_swap_2 Author: Reggie Adkins <reggieadkins@gmail.com> Date: Fri Dec 3 13:30:44 2010 +0100 [content] Fedora 13 oval content fix Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Dec 1 14:20:35 2010 +0100 update NEWS Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Nov 30 17:46:12 2010 +0100 [dist] ustar->pax Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Nov 24 16:50:38 2010 +0100 increment release number Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Nov 24 14:45:54 2010 +0100 [dist] SCAP content into individual package Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Nov 24 13:52:14 2010 +0100 [rhel5] skip validation during oval evaluation Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Nov 24 13:35:27 2010 +0100 [PYTHON] Fixed asserts in openscap_api init function to ImportError-s Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Nov 24 10:45:34 2010 +0100 [OVAL] oval_agent_reset_session: destroy the probe session and create a new one Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Nov 23 15:32:48 2010 +0100 [rhel5] fixing rhel5 patch Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Nov 19 17:14:30 2010 +0100 [dist] add libtool versioning Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Nov 19 13:46:29 2010 +0100 [dist] include rhel5 spec into tarball Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Nov 18 15:55:41 2010 +0100 [dist] fedora, rhel5: package the libopenscap.pc file Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Nov 11 10:56:04 2010 +0100 [OVAL/probes] re-init external probes after abort Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Nov 9 15:08:10 2010 +0100 [OVAL/probes] dpkginfo: fix compilation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Nov 9 12:30:58 2010 +0100 [SEAP] fixed double-free bug Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Nov 8 14:31:40 2010 +0100 [OVAL/probes] Close the SEAP descriptor after detecting an aborted session Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Nov 8 13:42:40 2010 +0100 [OVAL/probes] oval_probe_ext_handler: fixed c&p bug Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Nov 8 13:30:59 2010 +0100 [OVAL/probes] oval_probe_ext_handler: call abort in the OVAL_SUBTYPE_ALL branch Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Nov 8 12:36:34 2010 +0100 [OVAL] include assume.h in oval_agent.c Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Nov 8 11:34:31 2010 +0100 [OVAL] added oval_agent_abort_session function Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Nov 7 23:00:30 2010 +0100 Install pkg-config file Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Nov 7 22:41:36 2010 +0100 [OVAL/probes] Initial implementation of oval_probe_session_abort & friends Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Nov 2 15:25:13 2010 +0100 [OVAL] add functions for handling OVAL "generator" element Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Oct 25 14:18:07 2010 +0200 [utils/oscap] several function calls haven't been checked for errors Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Oct 25 12:42:23 2010 +0200 [OVAL] change oval_probe_query_sysinfo() prototype to return status code Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Oct 22 13:20:19 2010 +0200 [OVAL] propagate probe communication errors upwards Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 20 16:59:02 2010 +0200 increase release number Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 20 14:55:52 2010 +0200 content fixes Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Oct 20 12:55:14 2010 +0200 Fixed leak in oval_agent Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 20 12:41:41 2010 +0200 [probes] oval_fts: fixed nil filename check Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Oct 20 11:56:47 2010 +0200 [XCCDF_POLICY] Fixed leak in xccdf policy free Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 20 10:57:38 2010 +0200 [probes] oval_fts: partial match optimization and fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 20 01:21:36 2010 +0200 [probes] oval_fts: fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 20 00:49:13 2010 +0200 [probes] oval_fts: added license text Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 20 00:47:37 2010 +0200 [probes] oval_fts: support recurse_file_system=local Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 19 23:26:07 2010 +0200 [probes] Make the rest of the probes use oval_fts_* instead of find_files Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 19 23:24:41 2010 +0200 [probes] oval_fts: make some of the behaviors attributes optional, with reasonable default values Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 19 21:46:01 2010 +0200 [probes] file: maintain filecnt, free the fs entity Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 19 21:39:57 2010 +0200 [probes] file: use oval_fts_* instead of find_files Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 19 21:38:10 2010 +0200 [probes] oval_fts: added debug messages, fixed some bugs Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 19 16:10:01 2010 +0200 [probes] Added oval_fts API Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Oct 19 15:45:30 2010 +0200 [XCCDF] Added missing reference getters; Fixed python bindings Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Oct 19 14:42:07 2010 +0200 [OVAL] make arithmetic operations on float and int produce a float Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Oct 19 12:10:06 2010 +0200 backward compatibility with an older libxml2 Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Oct 19 11:45:36 2010 +0200 [OVAL] implement bitwise comparison of item and state on int data type Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Oct 18 17:21:51 2010 +0200 [OVAL] implement item and state comparison on float data type Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Oct 18 14:09:24 2010 +0200 [utils/oscap] list errors in results summary Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Oct 15 10:57:02 2010 +0200 References in Dublin Core format Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Oct 12 13:48:57 2010 +0200 XCCDF export fixes #2 Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Oct 7 22:03:59 2010 +0200 result export fixes #1 Author: Tomas Heinrich <theinric@redhat.com> Date: Sat Oct 16 12:14:20 2010 +0200 [OVAL] correcting syschar flag computation for empty variables minor api change of internal oval_probe_*() functions and helpers prevent exporting internal objects from syschar model Author: Marshall Miller <mmiller@tresys.com> Date: Thu Oct 14 09:47:13 2010 -0400 fixed traceback when using python api to evaluate oval was getting traceback "TypeError: 'OVAL_Class' object does not support indexing" looks like method of output callback registration was changed, but agent_eval_system was not synced Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Oct 12 14:51:57 2010 +0200 [OVAL] new function: oval_syschar_add_new_message Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Oct 11 14:51:27 2010 +0200 [OVAL] link with libpcre Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 11 13:18:58 2010 +0200 update RHEL5 spec file + patch Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 7 13:23:04 2010 -0400 prepare RHEL5 spec file Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 6 17:31:55 2010 +0200 fixing CVE segfault Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 5 16:13:15 2010 +0200 turn on perl regular expressions support Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Oct 5 15:00:39 2010 +0200 [OVAL] corrections to comparing entities referencing variables Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Oct 4 15:27:41 2010 +0200 [OVAL] corrections to state comparison in OVAL test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 4 14:46:10 2010 +0200 [probes] interface: fixed memory leaks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 4 14:33:17 2010 +0200 [tests] test_probes_interface.xml.sh: added default location of the test_interface helper Author: Marshall Miller <mmiller@tresys.com> Date: Fri Oct 1 13:57:32 2010 -0400 changes to openscap_api.py to get it working with rhel5 replaced except TYPE as VAR with except TYPE, VAR SwigPyObject type is PySwigObject on earlier versions of swig import _openscap_api as OSCAP on python versions < 2.6 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Oct 1 16:07:19 2010 +0200 [probes] rpminfo: fix compilation on system with an older rpm library Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Oct 1 15:25:46 2010 +0200 remove references from xccdf content Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Sep 30 17:02:49 2010 +0200 [probes] fixed memory leaks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Sep 30 15:38:56 2010 +0200 [OVAL] Use a red-black tree instead of a linked list in the string map implementation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Sep 30 15:37:22 2010 +0200 [generic/rbt] Added _free2, _walk_inorder2 functions Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Sep 27 15:31:48 2010 +0200 Fixed coredump in xccdf_policy_get_selected_rules when select point to nonexisting rule Author: Tomas Heinrich <theinric@redhat.com> Date: Sun Sep 26 15:32:35 2010 +0200 [OVAL] use OVAL filter type in sets Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Sep 24 16:38:53 2010 +0200 XSLT fixes Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Sep 23 15:43:47 2010 +0200 Added validation function to Python bindings Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Sep 23 12:38:47 2010 +0200 Fixed XCCDF function for getting selected rules Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Sep 22 11:28:05 2010 +0200 Added hash table to Policy selects Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Sep 22 10:46:57 2010 +0200 make init script LSB compliant rhbz# 627163 Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 21 18:14:11 2010 +0200 adjust textfilecontent54 error messages Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Sep 20 00:28:27 2010 +0200 Port XCCDF report to DocBook Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Sep 20 00:25:45 2010 +0200 xsl refactoring & fixes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Sep 20 00:25:07 2010 +0200 DocBook to HTML conversion improvements Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Sep 19 16:05:25 2010 +0200 port fix to new xsl framework Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Sep 19 15:43:16 2010 +0200 tool document generator: --format support Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Sep 17 14:43:06 2010 +0200 XSL: HTML output filter Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Sep 17 14:38:09 2010 +0200 profile info in docbook guide Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Sep 13 15:12:29 2010 +0200 Make XSL stylesheets more modular Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Sep 13 11:29:49 2010 +0200 tailor XSL: refactoring + profile-note processing Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Sep 12 21:07:33 2010 +0200 XCCDF guide in DocBook format Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Sep 12 20:35:02 2010 +0200 split xccdf-common to share.xsl and substitute.xsl Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Sep 12 20:31:37 2010 +0200 rename xccdf-apply-profile.xsl -> xccdf-tailor.xsl Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Sep 12 14:43:59 2010 +0200 XSL to convert XHTML to DocBook Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Sep 12 14:43:17 2010 +0200 XSL to convert Dublin Core metadata to DocBook Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Sep 20 18:13:27 2010 +0200 [OVAL] separate oval filter data type to its own source file Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Sep 17 14:07:58 2010 +0200 [OVAL] change the probe_main() interface and the helper functions Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Sep 14 12:11:48 2010 +0200 XSL stylesheets: verbosity support Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 14 12:18:38 2010 +0200 NEWS update Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 14 12:00:24 2010 +0200 spec update Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 14 11:52:01 2010 +0200 [probes] fsdev: fix local filesystem check on Linux Author: Peter Vrabec <pvrabec@gmail.com> Date: Mon Sep 13 21:40:51 2010 +0200 content update Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Sep 13 16:07:43 2010 +0200 Moved oval.agent_export_sysinfo_to_xccdf_result to private Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Sep 13 15:50:27 2010 +0200 Python: Fixed export, free Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Sep 13 15:11:45 2010 +0200 Fixed mem problems in XCCDF Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 13 15:18:24 2010 +0200 content changes Author: Josh Adams <jadams@tresys.com> Date: Wed Sep 8 17:05:04 2010 -0400 old/new-result should be chlid element of override Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 13 10:58:08 2010 +0200 content changes Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Sep 13 10:26:09 2010 +0200 content changes Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Sep 8 17:49:40 2010 +0200 content changes Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Sep 8 13:55:38 2010 +0200 Fixed missing description segfault in creating reporter message Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Sep 8 11:41:59 2010 +0200 content fix Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Sep 8 11:16:04 2010 +0200 content changes Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 7 19:25:26 2010 +0200 content update Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Sep 7 18:35:06 2010 +0200 include security identifiers in guide Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Sep 7 17:00:38 2010 +0200 Fixed __del__ function in Python Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Sep 7 16:50:59 2010 +0200 [OVAL] corrections to struct oval_message processing Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Sep 7 16:04:38 2010 +0200 Added Python policy_export function Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Sep 7 15:26:01 2010 +0200 Added start callback, oscap: fixed colors in output Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Sep 7 00:49:34 2010 +0200 tool: completion + manpage + help strings update Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Sep 6 23:52:32 2010 +0200 tool: oscap xccdf generate fix Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Sep 6 22:27:52 2010 +0200 Add XSLT-based fix generator + bash template Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Sep 6 01:25:18 2010 +0200 f14 xccdf content fixes: xhtml list elements Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Sep 3 23:17:42 2010 +0200 Guide: different rule numbering. Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Sep 3 23:06:47 2010 +0200 Ability to generate profile info with the guide. Author: Tomas Heinrich <theinric@redhat.com> Date: Sat Sep 4 20:25:09 2010 +0200 [OVAL] add function for optimizing memory consumption during syschar collection Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Sep 3 14:35:54 2010 +0200 content update Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Sep 2 20:01:11 2010 +0200 Python API improvements Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Sep 3 14:03:58 2010 +0200 [probes] findfiles: check return code of recursive calls Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Sep 3 01:58:10 2010 +0200 [probes] findfiles: check callback return value Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Sep 2 18:25:50 2010 +0200 content changes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Sep 2 17:31:31 2010 +0200 [probes] file: use probe_result_additem Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Sep 2 16:42:09 2010 +0200 [probes] New API function: probe_result_additem Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Sep 2 16:41:05 2010 +0200 [common] added wrapper for the sysinfo function Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Sep 2 14:50:00 2010 +0200 [common] added memusage function Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Sep 1 00:17:59 2010 +0200 xslt files: add license headers Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Sep 1 00:00:58 2010 +0200 tool: modularize OVAL document generation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 31 23:28:28 2010 +0200 bash completion adjustments Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 31 22:01:00 2010 +0200 manpage update Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 31 21:20:25 2010 +0200 tool: modularize xccdf document generation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 31 21:17:13 2010 +0200 cdf:instance substitution improvement now appears in angle brackets if not substituted Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 31 17:44:25 2010 +0200 tool: ability to print module tree Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 31 16:56:13 2010 +0200 Guide generation: profile support Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 31 15:28:58 2010 +0200 result report reflects profile + fixes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 31 15:26:42 2010 +0200 better CSS style for <abbr> Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 30 17:53:00 2010 +0200 Tailoring XSLT: support cluster-id Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 30 17:30:00 2010 +0200 More XCCDF substitutions Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 30 16:38:37 2010 +0200 xslt framework refactoring Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Sep 1 13:51:54 2010 +0200 content update Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Sep 1 12:59:29 2010 +0200 bump rel. number Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Sep 1 11:19:28 2010 +0200 [OVAL] add missing arg list terminator Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Aug 31 17:57:29 2010 +0200 Fixed free profile in non-profile policy Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Sep 1 10:02:48 2010 +0200 Fixed non-existing profile; XCCDF Policy refact.; Fixed oval callback name typo Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Aug 31 17:17:43 2010 +0200 Fixed xsldir in Makefile Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 30 16:52:06 2010 +0200 content changes Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Aug 30 16:50:59 2010 +0200 [probes] correction to filter processing Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 30 15:09:48 2010 +0200 oscap_text to plaintext conversion Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 30 13:37:56 2010 +0200 substitution XSL code improvements Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 30 13:01:52 2010 +0200 Ability to select results to include in report. Default: all but notselected, notapplicable Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Aug 29 22:55:59 2010 +0200 results report: xccdf inline HTML + <sub> support Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Aug 29 21:59:59 2010 +0200 xccdf-common.xsl: fixes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sat Aug 28 21:24:34 2010 +0200 xccdf html guide: highlight link targets Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sat Aug 28 18:14:41 2010 +0200 XSLT: unresolved benchmark processing warning Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sat Aug 28 18:11:55 2010 +0200 xccdf result report: make last result default Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sat Aug 28 02:30:19 2010 +0200 xccdf apply profile XSL transformation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Aug 27 16:55:42 2010 +0200 Isolate XCCDF-specific parts into a separate file Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Aug 26 20:23:42 2010 +0200 Print style for generated documents Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 30 14:19:15 2010 +0200 proper result for unsupported OVAL objects Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Aug 30 14:41:24 2010 +0200 [probes] fix default value Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Aug 30 14:22:53 2010 +0200 [OVAL] add initial support for filters inside objects Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Aug 30 12:50:49 2010 +0200 corrections to debugging information reporting Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Aug 27 15:40:55 2010 +0200 bump release number Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Aug 27 14:03:30 2010 +0200 fixing race in python thread lock Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Aug 26 16:36:50 2010 +0200 Allowing threads from python after calling a bloking I/O code generated from SWIG Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Aug 26 14:59:27 2010 +0200 Fixed xccdf results Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Aug 26 14:38:54 2010 +0200 xccdf results max score export fix Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Aug 26 13:22:54 2010 +0200 Fix file open failure Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Aug 26 10:41:58 2010 +0200 Fix several buffer overflows Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Aug 26 13:07:27 2010 +0200 [OVAL] f14 content corrections Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Aug 26 10:14:24 2010 +0200 Content changes #9 Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Aug 26 09:34:09 2010 +0200 Fixed boundary check in getting substring in OVAL Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 26 10:25:15 2010 +0200 content fix Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 26 00:57:19 2010 +0200 content changes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 26 00:43:36 2010 +0200 [probes] quiet gcc Author: Pierre Chifflier <chifflier@edenwall.com> Date: Thu Aug 12 10:34:58 2010 +0200 Fix build on Debian/kFreeBSD This fixes the build on Debian/kFreeBSD (Debian userland with FreeBSD kernel) by checking the __GLIBC__ and __FreeBSD_kernel__ defines. Thanks to Petr Salinger and Jakub Wilk for the patches. Signed-off-by: Pierre Chifflier <chifflier@edenwall.com> Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 25 22:26:00 2010 +0200 [OVAL] f14 content corrections Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Aug 25 22:10:28 2010 +0200 Content changes #8 Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 25 21:58:27 2010 +0200 [OVAL] f14 content corrections Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 25 21:45:01 2010 +0200 update NEWS Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Aug 25 19:21:45 2010 +0200 xml validation missing filename workaround Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Aug 25 18:40:52 2010 +0200 XCCDF Value choices export Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Aug 25 18:04:17 2010 +0200 XCCDF Value choices accessor Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Aug 25 00:28:34 2010 +0200 Preserve HTML formatting in the generated guide Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Aug 25 19:34:21 2010 +0200 Fixed set_rules in Python API; Revitalized oscap.py Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Aug 25 19:51:12 2010 +0200 Fixed OVAL Agent session filename; Workaround for XCCDF callback checking Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 25 19:45:25 2010 +0200 f14 content corrections Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 25 19:25:51 2010 +0200 [OVAL] attach state attribute that was accidentally omitted Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 25 17:35:20 2010 +0200 fixing memory issues in oscap tools Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 25 16:39:57 2010 +0200 content validation fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 25 17:33:28 2010 +0200 [probes] probe_obj_eval: look into the cache before generating an error item Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 25 17:26:36 2010 +0200 [probes] _probe_cobj_get_flag: added NULL check Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 25 16:24:27 2010 +0200 [probes] probe_obj_eval: fixed invalid usage of SEXP_vfree Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 25 16:12:26 2010 +0200 [probes] probe_obj_eval: added missing variable declaration Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 25 16:03:48 2010 +0200 [probes] probe_set_eval & friends: pass the syschar flag back to probes and handle error states Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Aug 25 15:31:26 2010 +0200 Content changes #7 Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Aug 25 15:25:48 2010 +0200 Fixed get_tailor_items Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 25 15:32:58 2010 +0200 [OVAL/probes] file: fix symlink handling Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 25 13:48:37 2010 +0200 [OVAL/probes] file: add missing entity Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Aug 25 11:45:00 2010 +0200 Content changes #6 Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 25 11:34:03 2010 +0200 content changes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 24 20:56:40 2010 +0200 xccdf generate-guide: manpage + bash completion Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 24 20:37:02 2010 +0200 Tune security guide XSL file. Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 24 13:08:21 2010 +0200 Security guide from XCCDF file Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Aug 24 18:15:16 2010 +0200 Added destroy, Improved get_tailor_items Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Aug 24 18:16:13 2010 +0200 Content changes; Improved values in XCCDF Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 24 19:44:06 2010 +0200 f14 content corrections Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 24 18:45:21 2010 +0200 f14 content corrections Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 24 16:35:39 2010 +0200 F14 xccdf content update Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Aug 24 12:57:32 2010 +0200 Fixed group selection behavior Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 24 14:11:15 2010 +0200 f14 content corrections Author: Peter Vrabec <pvrabec@gmail.com> Date: Mon Aug 23 23:47:53 2010 +0200 --oval-results option for oscap tool Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 23 13:58:32 2010 +0200 [probes] Added probe_setoption function Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 23 12:43:59 2010 +0200 spec file update Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Aug 23 10:29:09 2010 +0200 Fixed wrong number of parameters in oval_agent_new_session Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Aug 20 17:18:09 2010 +0200 Fixed typo in openscap python API Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Aug 20 17:30:40 2010 +0200 XCCDF test fix Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Aug 20 17:10:18 2010 +0200 New colorful output of oscap eval xccdf Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Aug 20 16:45:09 2010 +0200 Fixed resolving of external variable conflict Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Aug 20 15:43:22 2010 +0200 Fixed xccdf_policy_model_get_files leaks Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Aug 20 15:16:44 2010 +0200 Content changes #5 Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Aug 20 15:00:29 2010 +0200 oscap tool validate content before evaluation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 20 14:35:04 2010 +0200 [probes] file: don't call probe_setoption Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 20 14:31:28 2010 +0200 [probes] file: fixed typo Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Aug 19 16:38:01 2010 +0200 Content changes #4 Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Aug 19 14:28:29 2010 +0200 Fixed boolean values of selectors in profile export Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 19 14:15:34 2010 +0200 content fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 19 17:07:15 2010 +0200 F14 content modifications #2 Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Aug 19 13:57:27 2010 +0200 Fixed Python bindings Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Aug 19 12:11:36 2010 +0200 Content changes #3 Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 19 13:25:00 2010 +0200 fix segfault in oscap_find_file Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Aug 18 21:41:20 2010 +0200 xmlNewChild -> xmlNewTextChild for proper XML entity escaping Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Aug 18 17:22:48 2010 +0200 F14 content: fix & enable some SELinux tests Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 18 17:24:59 2010 +0200 Make the F14 pass XML validation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 18 17:13:29 2010 +0200 F14 content modifications Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 17 23:30:04 2010 +0200 xccdf report: write fixtext Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 18 14:26:05 2010 +0200 OVAL and XCCDF content update Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Aug 18 09:54:28 2010 +0200 Content changes #2 Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 17 23:31:20 2010 +0200 F14 content: xml and runlevel test fixes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 17 21:41:37 2010 +0200 Represent XCCDF value as a string internally Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 17 18:23:30 2010 +0200 fedora content review Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 17 12:45:34 2010 +0200 Fix OVAL segfault + string comparison Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 17 17:08:20 2010 +0200 OVAL and XCCDF content update Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Aug 16 16:59:26 2010 +0200 Fixed oscap.py import Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Aug 16 16:59:05 2010 +0200 Content fixes #1 Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 16 17:37:27 2010 +0200 update OVAL and XCCDF content for F14 Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 16 15:24:21 2010 +0200 fix check-content-ref in XCCDF content Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 16 13:57:03 2010 +0200 fedora 14 XCCDF and OVAL content Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Aug 16 10:08:11 2010 +0200 Fixed XCCDF Policy tailor item Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 13 12:01:14 2010 +0200 [probes] file: cache group/user IDs Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 13 10:54:37 2010 +0200 [SEAP] start with 2 preallocated items in a list Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 12 17:46:50 2010 +0200 let unknown_test return OVAL_RESULT_UNKNOW Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Aug 12 17:15:49 2010 +0200 [utils/oscap] oval: report detailed information for all types of results Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 12 15:37:15 2010 +0200 [SEAP] fixed compilation with --enable-debug Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 12 15:17:01 2010 +0200 [SEAP] set the softref bit also in SEXP_unref Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 12 14:29:27 2010 +0200 [SEAP] optimized S-exp reference structure Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Aug 12 11:48:10 2010 +0200 [OVAL] corrections to object querying Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 11 13:56:23 2010 +0200 [OVAL] probe_int: process any valid datatype Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 11 13:50:26 2010 +0200 [CVE] include time.h in cve.h Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Aug 11 11:00:50 2010 +0200 Finished xccdf.init function in Python API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 11 10:37:25 2010 +0200 [OVAL+probes] Fixed the rest of gcc warnings Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 11 10:36:45 2010 +0200 Removed old bash scripts Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 10 17:39:35 2010 +0200 [OVAL/probes] fixed typo Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 10 17:33:21 2010 +0200 [OVAL] get rid of uninitialized variables in resultCriteriaNode.c, resultTest.c Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Aug 10 17:12:47 2010 +0200 Fixed oscap.py; Added simple function xccdf_init() to Python API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 10 17:18:29 2010 +0200 [buildsys] disable compilation of the sql probe if OpenDBX was not found Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 10 17:02:56 2010 +0200 resolved several gcc warnings Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 10 15:04:53 2010 +0200 Make cron job and init script generate also HTML Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 10 14:46:42 2010 +0200 tool: generate oval html report during scan Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 10 14:12:46 2010 +0200 Library initialisation function: oscap_init() Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 10 13:59:32 2010 +0200 leak fixes Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Aug 10 13:54:05 2010 +0200 Fixed wrong selector case Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 10 16:09:40 2010 +0200 [probes] new probe: sql Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 10 11:49:15 2010 +0200 [OVAL] don't attempt to reset variable type Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 10 10:25:57 2010 +0200 [OVAL/probes] findfiles: special treatment of caret in path pattern Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 9 21:03:02 2010 +0200 oscap_find_file documentation + search defpath always Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 9 19:57:16 2010 +0200 XCCDF model: add toplevel language info Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 9 19:18:36 2010 +0200 OVAL results HTML report Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 9 18:07:28 2010 +0200 oscap tool: make exit codes more consistent Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 9 16:30:58 2010 +0200 Fix common/text.h header deps Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 9 16:18:36 2010 +0200 oscap library version getter + tool adjustments Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 9 15:40:33 2010 +0200 xccdf report: bring back rule titles Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 9 14:29:51 2010 +0200 Split XSL file to generic and XCCDF specific part + a few fixes Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Aug 9 17:42:04 2010 +0200 Added function for getting names of required files from Policy model Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Aug 9 17:06:02 2010 +0200 [OVAL/probes] findfiles: several corrections Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 9 16:31:00 2010 +0200 minor fix in return code Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 9 16:16:19 2010 +0200 import functions set proper error on fail Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 9 09:59:19 2010 +0200 [OVAL/probes] Fixed regression Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Aug 6 15:07:36 2010 +0200 Fixed OVAL files in XCCDF evaluation Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Aug 6 16:33:11 2010 +0200 findfiles exclude ".." & "." directories Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 6 14:51:49 2010 +0200 [OVAL/probes] Fix also the pdcmp function Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 6 14:27:41 2010 +0200 [OVAL/probes] Fixed memory corruption when recursive object evaluation executes a probe of different type Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Aug 6 13:13:30 2010 +0200 [OVAL] initial support for casting OVAL values Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Aug 5 18:31:54 2010 +0200 Added more oval files support Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Aug 6 09:54:29 2010 +0200 [OVAL] correction to the boolean data type interpretation Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Aug 5 18:47:43 2010 +0200 [OVAL] extend boolean data type Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Aug 5 16:01:32 2010 +0200 Fixed oscap return values Added checking if value of value is valid Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Aug 5 16:00:00 2010 +0200 Fixed exporting Values in XCCDF Benchmark Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Aug 5 15:59:50 2010 +0200 [OVAL] enable binding of a partial definition model Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 5 15:52:18 2010 +0200 [probes] file: don't compute item size unless FILE_PROBE_ITEMSTATS is defined Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 5 15:51:02 2010 +0200 [common] debug: added developer friendly macros dI, dE, dW Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 5 15:49:05 2010 +0200 [SEAP] Use STRBUF_MAX value from strbuf.h Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 5 15:47:06 2010 +0200 [SEAP] strbuf: respect IOV_MAX Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 5 14:01:21 2010 +0200 make binding of the variable model more sensitive Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Aug 4 13:55:01 2010 +0200 oscap cvss - completion fix Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Aug 4 13:49:43 2010 +0200 xccdf results XSL enhancements and fixes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Aug 4 13:18:57 2010 +0200 oscap tool verbosity tweaks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 4 15:14:26 2010 +0200 [tests] added missing EXTRA_DIST entries Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 4 13:42:54 2010 +0200 [buildsys] configure: added option to enable building with SSP Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 4 13:23:46 2010 +0200 [buildsys] use AC_HELP_STRING in configure.ac Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 4 13:02:28 2010 +0200 [tests+buildsys] Fixed portability issues; Valgrind checks disabled by default Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 4 10:50:08 2010 +0200 [probes] xinetd: forgot to increment the counter in op_{assign,insert}_strl Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 3 23:55:13 2010 +0200 [probes] xinetd: fixed typo Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 3 23:54:27 2010 +0200 [tests] xinetd parser: fixing and improvements Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Aug 3 23:46:56 2010 +0200 [probes] xinetd: name & protocol to ID translation; added merge, coerce ops; fixing Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 3 19:08:03 2010 +0200 [OVAL] fix variable component evaluation Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 3 18:13:30 2010 +0200 [probes] variable: fix var_ref handling Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Aug 3 16:42:57 2010 +0200 Added new python tailoring functions; Added reset iterator fs for setvalues & refine_values Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 3 13:22:33 2010 +0200 Ability to generate HTML report during evaluation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 3 12:41:21 2010 +0200 Fix some XCCDF export typos Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 3 12:27:52 2010 +0200 oscap xccdf eval to emit whole benchmark Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 3 12:05:31 2010 +0200 Make report XSLT accept incomplete XCCDF documents Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 3 17:41:34 2010 +0200 minor tweaks in oscap tool Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 3 17:37:31 2010 +0200 add eval-id operation to oscap tool Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 3 17:23:01 2010 +0200 [probes] fix a typo Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 3 14:20:13 2010 +0200 [OVAL] rename datatypes oval_sysdata_t -> oval_sysitem_t oval_sysitem_t -> oval_sysent_t Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 3 14:11:02 2010 +0200 [OVAL] rename files src/OVAL/oval_sysItem.c -> src/OVAL/oval_sysEnt.c src/OVAL/oval_sysData.c -> src/OVAL/oval_sysItem.c Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 3 11:07:27 2010 +0200 include xsl stuff in specfile Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 2 19:19:47 2010 +0200 oscap tool refactoring Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 2 19:42:08 2010 +0200 Add oscap xccdf generate-report to the manpage Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Aug 1 20:56:05 2010 +0200 XCCDF result report generator for oscap tool Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Aug 1 20:55:34 2010 +0200 XSLT transformation support for the library Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Aug 1 19:10:47 2010 +0200 Add xccdf results -> HTML transformation XSL Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Aug 3 10:16:26 2010 +0200 Fixed debug assertion in XCCDF Policy Author: Felix Wolfsteller <felix.wolfsteller@greenbone.net> Date: Tue Aug 3 10:03:22 2010 +0200 Do not abort configure when rpm is in "wrong" ver. Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Jul 30 13:34:58 2010 +0200 [probes] return correct error code Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Jul 30 10:24:21 2010 +0200 [probes] rename part of the probe api functions and remove two of them removed: oval_probe_session_query_object() oval_probe_session_query_sysinfo() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jul 30 00:01:44 2010 +0200 [probes] xinetd: include (file) support Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 29 23:27:52 2010 +0200 [common] debug: fix segfault when the PSTRIP env. var is not defined Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 29 16:42:39 2010 +0200 [probes] xinetd: includedir support, improvements and fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 29 15:53:18 2010 +0200 [common] debug: added path strip feature Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jul 28 18:00:43 2010 +0200 [OVAL] initialize tested_variable values during test evaluation instead of export Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jul 28 13:37:26 2010 +0200 [utils] oscap: fix segfault Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jul 28 10:28:31 2010 +0200 [OVAL] remove several redundant api functions oval_definition_model_add_definition() oval_definition_model_add_object() oval_definition_model_add_state() oval_definition_model_add_test() oval_definition_model_add_variable() oval_results_model_add_system() oval_syschar_model_add_syschar() oval_syschar_model_add_sysdata() Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jul 28 10:21:12 2010 +0200 [utils] oscap: fix conditional compilation Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jul 27 18:28:07 2010 +0200 oscap.py minor fix Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jul 27 18:06:14 2010 +0200 Python: changed iterators to python lists; oscap.py: Better output, no iterators, export fix Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jul 27 18:04:02 2010 +0200 Fixed OVAL messages, Added xccdf_policy_iterator_reset Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 27 18:20:55 2010 +0200 [probes+tests] don't free uninitialized variables and don't include SHLVL envvar in the xml generated xml Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 27 17:59:42 2010 +0200 [probes+tests] fix the envvar probe _and_ the envvar test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 27 17:45:24 2010 +0200 [probes] envvar: fix NULL value handling Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 27 17:32:08 2010 +0200 [tests] new tests: test_xinetd_parser Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 27 16:54:25 2010 +0200 [common] unhide debug API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 27 16:51:49 2010 +0200 [tests] test_interface: added missing header file Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 27 16:51:05 2010 +0200 [probes] new probe: xinetd (prototpe) Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jul 27 15:25:16 2010 +0200 Fixed target system and id in XCCDF TestResult Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 27 15:08:42 2010 +0200 [OVAL] fix double free Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jul 27 14:41:53 2010 +0200 getopt fixes Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Jul 26 16:04:09 2010 +0200 Added new functions for tailoring items Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Jul 26 15:09:02 2010 +0200 Fixed CPE lang expression parsing Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jul 26 15:36:44 2010 +0200 [utils] oscap: fix conditional compilation Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jul 26 13:03:56 2010 +0200 skip DISPLAY variable in environmentvariable test Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jul 26 10:35:23 2010 +0200 include oscap bash completition in spec file Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jul 23 20:50:00 2010 +0200 xccdf resolve: remove abstract items Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jul 23 20:49:43 2010 +0200 minor fixes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jul 23 19:20:30 2010 +0200 yet another xml_metadata cleanup Author: Lukáš Kuklínek <ilja.kuklic@centrum.cz> Date: Fri Jul 23 19:02:18 2010 +0200 XCCDF model: 'remove' operation support Author: Lukáš Kuklínek <ilja.kuklic@centrum.cz> Date: Fri Jul 23 18:38:09 2010 +0200 XCCDF benchmark clone fix Author: Tomas Heinrich <theinric@redhat.com> Date: Sun Jul 25 21:25:55 2010 +0200 [OVAL] third part of supporting functionality for variable bindings Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Jul 23 14:09:59 2010 +0200 [OVAL] second part of supporting functionality for variable bindings Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Jul 23 13:25:31 2010 +0200 [OVAL] first part of supporting functionality for variable bindings Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Jul 23 10:42:30 2010 +0200 [OVAL] syschar model correction and a small api change Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Jul 22 15:29:55 2010 +0200 bash completion for oscap tool Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Jul 22 14:16:47 2010 +0200 add xccdf resolve support to oscap cli utility Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jul 22 16:25:48 2010 +0200 oscap tool modules conditional compilation Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jul 22 16:31:00 2010 +0200 [OVAL] minor fixes Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jul 22 14:20:56 2010 +0200 create symlink to default content (spec file) Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jul 22 10:34:46 2010 +0200 modules clean up Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jul 21 17:37:34 2010 +0200 XML metadata manipulation cleanup * removed xml_metadata * removed oscap_nsinfo * removed oscap_title (obsoleted by oscap_text) * adjusted CPE/CVE/CVSS implementations Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jul 21 17:57:36 2010 +0200 split oscap tool into separate modules Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Jul 21 16:34:09 2010 +0200 Fixed various requests from AidKit Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jul 21 16:56:39 2010 +0200 [OVAL] debug: minor fixes. Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 20 18:20:29 2010 +0200 [OVAL] third part of oscap_dprintf() usage cleanup Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jul 20 17:18:05 2010 +0200 split oval_agent models into sepatate files Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 20 17:05:05 2010 +0200 [OVAL] second part of oscap_dprintf() usage cleanup Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jul 20 16:18:35 2010 +0200 Fixed XCCDF without profile in python, self-free objects in python Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 20 13:37:25 2010 +0200 [OVAL] first part of oscap_dprintf() usage cleanup Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jul 20 10:03:28 2010 +0200 Apply reporter's return value Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jul 19 17:12:26 2010 +0200 [common] consolidate functions for printing debug information Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Jul 19 15:58:09 2010 +0200 Added policy without profile Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Jul 19 13:53:06 2010 +0200 Fixed missing cvss module info, fixed helps Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Jul 15 17:51:42 2010 +0200 Fixed OVAL eval to use oscap reporter; Added oscap.py util Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jul 14 17:39:43 2010 +0200 include openscap_api.py in tarball Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Jul 14 17:30:56 2010 +0200 Added new Python API; Fixed problems with oscap reporter Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jul 14 17:27:37 2010 +0200 -fno-strict-aliasing Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jul 14 14:38:24 2010 +0200 update news Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 14 14:32:07 2010 +0200 [utils] oscap: fixed segfault Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jul 14 14:15:13 2010 +0200 bump release number Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jul 14 12:41:12 2010 +0200 add cvss support to oscap Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 14 12:23:48 2010 +0200 [SEAP+OVAL] Added documentation for debug helpers Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jul 14 12:18:52 2010 +0200 [OVAL] minor fixes Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 13 18:16:30 2010 +0200 [OVAL] enable processing of variable references inside set filters Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jul 13 17:25:04 2010 +0200 oscap tool small fixes + indent Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jul 13 15:33:01 2010 +0200 common: documentation update Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jul 13 14:50:32 2010 +0200 Manpage update & -q support for validation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jul 13 13:32:41 2010 +0200 Reporters now return an integer Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jul 13 15:16:38 2010 +0200 oscap tool man page update Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jul 13 15:16:04 2010 +0200 fix make distcheck Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Jul 12 18:28:58 2010 +0200 XML schema workarounds for libxml Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Jul 12 17:49:59 2010 +0200 Add schema files Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Jul 12 17:06:30 2010 +0200 oscap tool: validation support Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Jul 12 15:07:16 2010 +0200 Better validation support Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jul 9 14:05:59 2010 +0200 Add switch reporter Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jul 13 10:43:05 2010 +0200 Added predefined reporter message Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Jul 12 17:02:05 2010 +0200 Added reporter function; Fixed xccdf-profile parameter in OSCAP util Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Jul 12 15:08:23 2010 +0200 Added xccdf_policy_model_register_engine_oval wrapper Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jul 12 13:03:35 2010 +0200 [OVAL] resolve several compiler warnings Author: Tomas Heinrich <theinric@redhat.com> Date: Sun Jul 11 23:15:37 2010 +0200 [OVAL] implement _oval_component_evaluate_TIMEDIF() Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Jul 8 18:19:01 2010 +0200 reporters design simplification Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jul 8 13:36:55 2010 +0200 [OVAL] implement _oval_component_evaluate_ARITHMETIC() Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Jul 8 11:30:30 2010 +0200 Fixed void arguments in python bindings Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Jul 8 10:07:51 2010 +0200 Fixed compilation without XCCDF enabled Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Jul 7 16:09:46 2010 +0200 API changed: removed oval_agent_cb_data, renamed register function in XCCDF Policy Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Jul 2 17:01:31 2010 +0200 Removed version requirement Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 30 16:57:37 2010 +0200 spec file fix Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 30 16:48:09 2010 +0200 increase release number Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 30 16:38:57 2010 +0200 oscap-scan -> oscap Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Jun 30 16:10:42 2010 +0200 Added new oscap_scan api; Fixed invalid sizes in calloc Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jun 30 14:53:41 2010 +0200 [OVAL] implement _oval_component_evaluate_REGEX_CAPTURE() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jun 30 13:36:45 2010 +0200 [OVAL] fixed leaks and invalid memory reads Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jun 30 11:02:43 2010 +0200 [probes] shadow, interface: return an error item in case of an error Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jun 29 19:31:20 2010 +0200 Fixed bindings; changed adding callbacks in oval_agent_cb_data; Fixed OVAL_RESULT_INVALID Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jun 29 17:09:36 2010 +0200 [OVAL] finish _oval_component_evaluate_ESCAPE_REGEX() Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jun 29 16:03:45 2010 +0200 Added register output callback function; Improve docs and fix oscap-scan Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jun 29 16:16:01 2010 +0200 fixing make check Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jun 29 15:10:50 2010 +0200 Added more rule-result items; added time to TestResult; Small fixes Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jun 29 15:57:30 2010 +0200 remove OVAL_RESULT_INVALID type Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 29 16:04:58 2010 +0200 [probes] rpminfo: use various rpm API calls to free memory allocated by rpmReadConfigFiles & friends Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jun 29 15:48:40 2010 +0200 [OVAL] fix segfault in _oval_component_evaluate_ESCAPE_REGEX() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 29 15:38:30 2010 +0200 [crapi] minor fix for gcrypt initialization Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 29 15:14:24 2010 +0200 [probes] variable: use the new variable API Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jun 29 14:57:23 2010 +0200 [OVAL] fix function component parsing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 29 14:18:29 2010 +0200 [probes] process: call closedir() before returning from read_process() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 29 14:05:16 2010 +0200 [OVAL/probes] fixed memory leaks Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Jun 28 12:17:45 2010 +0200 XCCDF <sub/> parsing and export corrections Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jun 28 17:10:19 2010 +0200 export all definitions in result model export Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jun 28 16:59:58 2010 +0200 [OVAL] fix variable component evaluation Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jun 28 14:21:48 2010 +0200 [OVAL] fix memory leaks Author: Peter Vrabec <pvrabec@redhat.com> Date: Sat Jun 26 17:24:35 2010 +0200 fixing oval_result_system_to_dom() Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Jun 25 17:05:31 2010 +0200 Fixed complex-check logic Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Jun 25 15:12:05 2010 +0200 Added score systems Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jun 25 14:32:18 2010 +0200 XCCDF oscap_text export corrections Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jun 25 12:30:24 2010 +0200 [SEAP] Added recv support into SEAP_cmd_exec Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Jun 25 12:24:09 2010 +0200 Added documentation, added session reset to variable resolve, more fixes in oscap_scan Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 25 12:02:43 2010 +0200 [OVAL] query object dependencies of states Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Jun 25 11:38:41 2010 +0200 [OVAL] get rid of oval_syschar_model_get_variable_values() Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jun 24 20:40:20 2010 +0200 fixing compilator warnings Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jun 24 17:34:34 2010 +0200 implement oval_agent_reset_session() Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Jun 24 15:59:42 2010 +0200 Fixed memory leaks & free function errors Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Jun 24 15:15:15 2010 +0200 Moved syschar results to OVAL Agent; Changed oscap-scan verbose; Added XCCDF Benchmark resolve Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 24 15:07:36 2010 +0200 [OVAL/probes] Initial probe session reset support; Added oval_probe_session_getmodel function Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Jun 24 14:48:36 2010 +0200 Implementation of new internal callback, oscap-scan, fixed variables handling, fixed bindings and more Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Jun 24 13:30:19 2010 +0200 fix XCCDF tests cleanup Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jun 23 19:15:07 2010 +0200 XCCDF export test Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jun 23 19:14:31 2010 +0200 some XCCDF export fixes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jun 23 19:14:03 2010 +0200 correct oscap_text DOM export support Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 24 10:01:44 2010 +0200 [OVAL/probes] Minor documentation improvements Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 24 10:00:59 2010 +0200 [OVAL/probes] pass session pointer to varref_to_sexp function Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Jun 23 13:24:02 2010 +0200 Fixed NULL selector in value Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 22 15:07:56 2010 +0200 [probes] fixing leaks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 22 14:35:26 2010 +0200 [tests] test_probes: use oscap_cleanup() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 22 14:29:56 2010 +0200 [OVAL] Documentation improvements Author: Lukáš Kuklínek <ilja.kuklic@centrum.cz> Date: Fri Jun 18 16:05:03 2010 +0200 various fixes in XCCDF and common Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Jun 18 16:20:54 2010 +0200 Fixed exception handling Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jun 18 18:28:29 2010 +0200 [tests] distclean valgrind logs Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jun 18 14:14:58 2010 +0200 xccdf header fix Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jun 15 15:08:11 2010 +0200 XCCDF value instance: clone, export, iterator Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Jun 17 13:37:19 2010 +0200 Added oval_agent_eval_system python callbacks Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Jun 17 14:46:45 2010 +0200 Improved oscap-scan, fixed selecting in XCCDF Pol. Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jun 17 14:03:27 2010 +0200 oval_definition_model_clear_external_variables() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 17 14:58:57 2010 +0200 [tests] vgtest-probes fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 17 13:31:54 2010 +0200 [tests] vgrun improvements Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 17 13:31:12 2010 +0200 [OVAL/probes] fixing Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Jun 16 16:47:20 2010 +0200 [common] fix memleak Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Jun 15 17:20:05 2010 +0200 More improved policy evaluation and variable handling step #1 Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Jun 14 14:59:27 2010 +0200 XCCDF value redesign Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jun 4 14:29:53 2010 +0200 list::find return data, not list_item Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Jun 4 14:11:21 2010 +0200 value_val -> value_instance Author: Josh Adams <jadams@tresys.com> Date: Mon Jun 14 15:53:32 2010 -0400 Add support for start/end-time in xccdf_result Added getter/setter functions, handling for export, and typemap for dealing with start-time and end-time in xccdf_result. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 15 18:06:47 2010 +0200 [tests] vgrun, vgtest-probes improvements Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jun 15 16:17:24 2010 +0200 [OVAL] extend validation code Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 15 15:28:46 2010 +0200 [tests] vgtest-probes: don't create result files Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 15 15:05:29 2010 +0200 [tests] vgrun.sh: redirect stderr & stdin to /dev/null Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 15 14:38:01 2010 +0200 [tests] added valgrind checks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jun 14 12:48:18 2010 +0200 [OVAL/probes] fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jun 14 10:57:05 2010 +0200 [tests] fixed typo in file-set2.xml Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jun 14 10:56:42 2010 +0200 [SEAP] SEAP_cmd_exec: fixed double free Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jun 14 10:17:00 2010 +0200 [tests] probes: modified state fetch testing xml Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Jun 13 19:27:05 2010 +0200 [probes] findfile: added more filesystems to LOCAL_FILESYSTEMS Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Jun 13 17:55:38 2010 +0200 [OVAL/probes] Documentation improvements Author: Marshall Miller <mmiller@tresys.com> Date: Sun Jun 13 11:33:17 2010 +0200 [SEAP] SEAP_close: check pointer value before using it Author: Josh Adams <jadams@tresys.com> Date: Wed Jun 9 12:40:15 2010 -0400 Added header files for swig bindings Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Jun 11 10:29:09 2010 +0200 Remove OVAL evaluation without callback Author: Marshall Miller <mmiller@tresys.com> Date: Thu Jun 10 13:28:02 2010 -0400 Added a python-only function to allow python callable to be registered as a callback Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 11 13:19:00 2010 +0200 finish high level API Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 9 18:11:19 2010 +0200 new OVAL agent high level API draft. Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 9 15:47:06 2010 +0200 changes in probing interface Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Jun 7 16:18:29 2010 +0200 Added internal system callback for OVAL evaluation + API Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jun 8 16:28:51 2010 +0200 remove export_target/import_source structures Author: Josh Adams <jadams@tresys.com> Date: Fri Jun 4 16:33:00 2010 -0400 Add checks to xccdf_rule_result Changed macros so that xccdf_check's could be added to xccdf_rule_result's. Author: Josh Adams <jadams@tresys.com> Date: Fri Jun 4 15:37:20 2010 -0400 rule-results use time, not date rule-results have an attribute called 'time', not 'date' Author: Josh Adams <jadams@tresys.com> Date: Fri Jun 4 15:03:01 2010 -0400 Fixed arguments in wrong order The call to xccdf_policy_evaluate_cb had its rule_id and content_name args in the wrong order. Author: Ondrej Moris <omoris@redhat.com> Date: Mon Jun 7 09:16:04 2010 +0200 Environmentalvariable probe test corrected. Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Jun 4 14:35:58 2010 +0200 Fixed sccdf_item_to_dom loop Author: Josh Adams <jadams@tresys.com> Date: Fri Jun 4 14:20:24 2010 +0200 Small fix and time_t typemap Author: Josh Adams <jadams@tresys.com> Date: Thu Jun 3 18:46:24 2010 +0200 Fixed a couple of mistakes Author: Josh Adams <jadams@tresys.com> Date: Thu Jun 3 18:36:14 2010 +0200 Added more NULL checks Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Jun 3 21:05:44 2010 +0200 Added TestResult fill & export Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jun 3 17:34:35 2010 +0200 minor fix Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jun 1 15:30:01 2010 +0200 value resolve stub Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jun 1 14:18:29 2010 +0200 minor refactoring Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon May 31 19:41:07 2010 +0200 resolve rule Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon May 31 19:40:35 2010 +0200 model cleanup Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon May 31 18:22:17 2010 +0200 resolve group Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri May 28 17:50:34 2010 +0200 resolve item + profile Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon May 31 16:39:44 2010 +0200 destructive list join Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon May 31 16:39:03 2010 +0200 fix typos & docs Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri May 28 16:09:19 2010 +0200 topological sort Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri May 28 16:08:07 2010 +0200 oscap_list: push, pop, find, contains Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu May 27 16:11:03 2010 +0200 implement some functions Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jun 1 16:15:28 2010 +0200 [OVAL] export variable_instance attribute in results Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jun 1 13:56:19 2010 +0200 [OVAL] better handling with result directives Author: Maros Barabas <mbarabas@redhat.com> Date: Fri May 28 14:20:55 2010 +0200 Suppress warnings Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri May 28 14:18:44 2010 +0200 use oscap_enum_to_string() in OVAL Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jun 1 12:46:23 2010 +0200 [OVAL] fix a typo Author: Tomas Heinrich <theinric@redhat.com> Date: Wed May 26 17:12:07 2010 +0200 runlevel: adjust probe for handling variables Author: Maros Barabas <mbarabas@redhat.com> Date: Wed May 26 16:22:13 2010 +0200 Added supported schemas Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed May 26 16:10:32 2010 +0200 increase release number Author: Ondrej Moris <omoris@redhat.com> Date: Wed May 26 11:33:28 2010 +0200 interface probe test fixed Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed May 26 14:33:16 2010 +0200 fixing process probe Author: Maros Barabas <mbarabas@redhat.com> Date: Tue May 25 16:52:40 2010 +0200 Fixed python bindings when (void *) used as argument Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue May 25 18:10:36 2010 +0200 environmentvariable test fixing Author: Ondrej Moris <omoris@redhat.com> Date: Tue May 25 10:53:21 2010 +0200 environmentvariable probe test added Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 25 13:20:19 2010 +0200 [probes] added library-side initialization of entity name cache; fixed envvar probe; Author: Ondrej Moris <omoris@redhat.com> Date: Tue May 25 09:40:52 2010 +0200 interface probe test corrected Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon May 24 13:12:48 2010 +0200 [probes] rpminfo: fixed leaks, removed dead code Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon May 24 12:40:54 2010 +0200 [probes] textfilecontent54: minor refactoring, fixed leaks Author: Ed Sealing <esealing@tresys.com> Date: Fri May 21 13:42:30 2010 -0400 Add XCCDF_POLICY to swig and fix RHEL 5 support Added XCCDF_POLICY header file to swig interface. Added blank functions for unimplemented XCCDF_POLICY functions. Updated rpminfo.c rpmcryptoFree definition for RHEL 5 compiling errors. Author: Ondrej Moris <omoris@redhat.com> Date: Fri May 21 20:35:45 2010 +0200 interface probe broadcast issue corrected Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun May 23 21:52:30 2010 +0200 [probes] fixing leaks, part 7: probe-api.c, probe-main.c Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 21 16:22:00 2010 +0200 [probes] fixing leaks, part 6 Author: Maros Barabas <mbarabas@redhat.com> Date: Fri May 21 15:09:55 2010 +0200 Added variable model validation Author: Maros Barabas <mbarabas@redhat.com> Date: Fri May 21 14:52:19 2010 +0200 Added schemaLocation handling to OVAL & XCCDF; Minor fix in oscap-scan Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 21 15:26:04 2010 +0200 [OVAL] fixed compilation without probes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 21 14:31:02 2010 +0200 [probes] whitespace cleanup Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 21 14:23:46 2010 +0200 Added license text Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 21 14:09:09 2010 +0200 [probes] new probe (internal): variable Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 21 08:45:44 2010 +0200 [OVAL] added missing header file Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 21 08:44:41 2010 +0200 [probes] new probe (internal): environment variable Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu May 20 23:46:44 2010 +0200 [OVAL] fixing Author: Ondrej Moris <omoris@redhat.com> Date: Thu May 20 14:58:07 2010 +0200 interface probe test added, inetlisteningservers probe test corrected Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu May 20 14:47:11 2010 +0200 do not call rpmCryptoFree() on older librpm Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 19 15:57:56 2010 +0200 [OVAL] added missing header files to Makefile.am Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed May 19 14:37:24 2010 +0200 fixing rpm leaks Author: Maros Barabas <mbarabas@redhat.com> Date: Wed May 19 12:51:10 2010 +0200 Check XML namespace in elements parsing - revert Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed May 19 13:41:23 2010 +0200 Conflicts: utils/oscap-scan.c Author: Matthew Keeler <mkeeler@tresys.com> Date: Wed May 19 10:30:00 2010 +0200 Add cloning functions for xccdf objects Author: Maros Barabas <mbarabas@redhat.com> Date: Tue May 18 17:43:49 2010 +0200 Fixed notice export; Fixed NS import->export Author: Maros Barabas <mbarabas@redhat.com> Date: Tue May 18 17:16:07 2010 +0200 Fixed minor bugs in parse & free functions Author: Maros Barabas <mbarabas@redhat.com> Date: Tue May 18 16:07:50 2010 +0200 Fixed SEGFAULT in null XCCDF argument Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 19 12:10:45 2010 +0200 [SEAP] Initial implementation of S-exp templates Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 19 12:08:15 2010 +0200 [OVAL] Initial probe session & handler API implmentation Author: Matthew Keeler <mkeeler@tresys.com> Date: Wed May 19 10:30:00 2010 +0200 Add cloning functions for xccdf objects Author: Maros Barabas <mbarabas@redhat.com> Date: Tue May 18 17:43:49 2010 +0200 Fixed notice export; Fixed NS import->export Author: Maros Barabas <mbarabas@redhat.com> Date: Tue May 18 17:16:07 2010 +0200 Fixed minor bugs in parse & free functions Author: Maros Barabas <mbarabas@redhat.com> Date: Tue May 18 16:07:50 2010 +0200 Fixed SEGFAULT in null XCCDF argument Author: Josh Adams <jadams@tresys.com> Date: Tue May 18 10:00:00 2010 +0200 Added full support for Benchmarks Author: Josh Adams <jadams@tresys.com> Date: Tue May 18 10:00:00 2010 +0200 Implemented exporting of TestResults Author: Josh Adams <jadams@tresys.com> Date: Tue May 18 10:00:00 2010 +0200 Add support for exporting Profiles. Author: Maros Barabas <mbarabas@redhat.com> Date: Mon May 17 16:35:06 2010 +0200 Fixed parsing nodes with ns prefix Author: Tomas Heinrich <theinric@redhat.com> Date: Mon May 17 16:57:45 2010 +0200 [probes] rpminfo: adjust probe for handling variables Author: Tomas Heinrich <theinric@redhat.com> Date: Mon May 17 13:49:06 2010 +0200 [probes] interface: return code correction Author: Ondrej Moris <omoris@redhat.com> Date: Mon May 17 01:08:29 2010 +0200 inetlisteningservers probe test added Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri May 14 12:48:04 2010 +0200 [oval] documentation update Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu May 13 14:23:59 2010 +0200 enable xccdf by default Author: Maros Barabas <mbarabas@redhat.com> Date: Thu May 13 11:31:58 2010 +0200 Removed user data from import functions Author: Josh Adams <jadams@tresys.com> Date: Thu May 13 10:00:00 2010 -0400 Fix issue where groups and rules would always be selected. Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu May 13 11:02:24 2010 +0200 [xccdf] parse_xml -> oscap_import Author: Tomas Heinrich <theinric@redhat.com> Date: Wed May 12 17:45:17 2010 +0200 [probes] interface: fixing - process all interfaces that match the specified name - collect broadcast address only when applicable Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 12 16:15:44 2010 +0200 [SEAP] whitespace cleanup Author: Tomas Heinrich <theinric@redhat.com> Date: Wed May 12 15:42:54 2010 +0200 [probes] inetlisteningservers: adjust probe for handling variables Author: Maros Barabas <mbarabas@redhat.com> Date: Wed May 12 14:38:11 2010 +0200 Fixed xml:lang attr; Changed HTML read from Outer to Inner; Fixed segfaults in export Author: Maros Barabas <mbarabas@redhat.com> Date: Wed May 12 11:30:48 2010 +0200 Bindings fix: removed xccdf_benchmark_export declaration from private header Author: Josh Adams <jadams@tresys.com> Date: Wed May 12 11:00:00 2010 -0400 Adds support for exporting benchmarks containing Rules and Groups to xml [3/3] Author: Josh Adams <jadams@tresys.com> Date: Wed May 12 11:00:00 2010 -0400 Adds support for exporting benchmarks containing Rules and Groups to xml [2/3] Author: Josh Adams <jadams@tresys.com> Date: Wed May 12 11:00:00 2010 -0400 Adds support for exporting benchmarks containing Rules and Groups to xml [1/3] Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 12 12:19:46 2010 +0200 [SEAP] S-exp datatypes: refactoring; part 1 Author: Tomas Heinrich <theinric@redhat.com> Date: Wed May 12 11:33:41 2010 +0200 [probes] shadow: adjust probe for handling variables Author: Maros Barabas <mbarabas@redhat.com> Date: Tue May 11 17:03:08 2010 +0200 Added export function to oval_variable_model; Fixed oval_variable_model_add function Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 11 14:56:59 2010 +0200 [SEAP] S-exp parser: allow to use different subparser functions Author: Tomas Heinrich <theinric@redhat.com> Date: Tue May 11 12:33:21 2010 +0200 [probes] runlevel: use correct function to create items Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 11 11:19:29 2010 +0200 [probes/crapi] added libgcrypt initialization Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Apr 30 15:26:08 2010 +0200 Removed client data from OVAL API step #1 Author: Tomas Heinrich <theinric@redhat.com> Date: Tue May 11 10:38:06 2010 +0200 [configure] add new probe to settings summary Author: Tomas Heinrich <theinric@redhat.com> Date: Tue May 11 10:22:23 2010 +0200 [probes] fix bitwise operators Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon May 10 15:57:01 2010 +0200 oscap_cleanup() in oscap-scan Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon May 10 12:02:08 2010 +0200 [SEAP] rbt: use rbt_free instead of rbt_walk_inorder for freeing trees Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon May 10 08:07:13 2010 +0200 [probes/crapi] GCrypt backend: fixed leaks in fini & free Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun May 9 20:47:48 2010 +0200 [probes] fixing leaks; part 5: probe-entcmp, probe-main Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun May 9 00:02:10 2010 +0200 [probes] fixing leaks; part 4 Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri May 7 20:49:46 2010 +0200 update NEWS Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 7 20:05:56 2010 +0200 [SEAP] SEAP_desctable_free: check for NULL value before freeing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 7 19:48:11 2010 +0200 [probes] fixing leaks; part 3 Author: Maros Barabas <mbarabas@redhat.com> Date: Fri May 7 15:17:52 2010 +0200 Added function to get variables from XCCDF Policy; small improvements Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 7 15:35:38 2010 +0200 [SEAP] remove debug messages Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 7 15:20:52 2010 +0200 [probes] fixing leaks; part 2 Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri May 7 15:07:45 2010 +0200 increase release number, update spec file Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri May 7 14:09:13 2010 +0200 fixing typo in makefile.am Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 7 14:04:26 2010 +0200 [probes] unhide probe cache API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 7 13:59:38 2010 +0200 [SEAP] added command backend based on red-black tree Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 7 13:58:06 2010 +0200 [probes] fixing leaks; part 1 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 7 13:56:13 2010 +0200 [probes] move probe-cache code into the library Author: Tomas Heinrich <theinric@redhat.com> Date: Fri May 7 12:04:24 2010 +0200 [probes] process: adjust probe for handling variables Author: root <root@localhost.localdomain> Date: Thu May 6 13:25:19 2010 -0400 Fixed variable model parser Added xmlTextReaderRead() before all values to prevent getting blank values, resulting in seg fault Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 7 00:11:05 2010 +0200 [SEAP] Added red-black tree implementation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu May 6 23:46:37 2010 +0200 [SEAP] Close debug log file at exit Author: Tomas Heinrich <theinric@redhat.com> Date: Thu May 6 18:37:27 2010 +0200 [probes] password: adjust probe for handling variables Author: Tomas Heinrich <theinric@redhat.com> Date: Thu May 6 17:39:18 2010 +0200 [tests] test_probes: make sure syschars are gathered correctly Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu May 6 12:38:54 2010 +0200 doc clean up Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu May 6 11:15:56 2010 +0200 documentation of memory management functions Author: Josh Adams <jadams@tresys.com> Date: Mon May 3 14:29:20 2010 -0400 Fixed issue where oval_definition_clone would not perform a proper deep copy. Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed May 5 18:41:23 2010 +0200 indent oscap-scan.c and oval_varModel.c Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed May 5 17:58:00 2010 +0200 documentation of debug mechanism Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 5 16:36:25 2010 +0200 [utils] oscap-scan: added missing #ifdef Author: Maros Barabas <mbarabas@redhat.com> Date: Wed May 5 16:18:51 2010 +0200 Fix bindings Author: Maros Barabas <mbarabas@redhat.com> Date: Wed May 5 14:50:12 2010 +0200 Adding variable support step #2 Author: Tomas Heinrich <theinric@redhat.com> Date: Wed May 5 14:57:20 2010 +0200 [OVAL] update documentation Author: Tomas Heinrich <theinric@redhat.com> Date: Wed May 5 13:17:14 2010 +0200 [OVAL] add textfilecontent probe Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed May 5 11:38:08 2010 +0200 [common] move seterr() to private header Author: Maros Barabas <mbarabas@redhat.com> Date: Tue May 4 15:32:48 2010 +0200 Adding variable support step #1 Author: Tomas Heinrich <theinric@redhat.com> Date: Tue May 4 12:23:32 2010 +0200 [OVAL] add basis for results model validation Author: Ondrej Moris <omoris@redhat.com> Date: Sun May 2 23:37:41 2010 +0200 filehash probe test added Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Apr 30 13:44:18 2010 +0200 Fixed links, added descr. for CVSS and XCCDF, added versions to documentation Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Apr 30 13:25:35 2010 +0200 Fixed private functions in doc Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Apr 30 13:00:24 2010 +0200 Documentation fixes Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Apr 30 12:02:57 2010 +0200 [OVAL] add basis for syschar model validation Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Apr 29 17:28:03 2010 +0200 [OVAL] fix memory leaks Author: Ondrej Moris <omoris@redhat.com> Date: Wed Apr 28 15:23:55 2010 +0200 filemd5 probe test added Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 28 15:21:09 2010 +0200 [probes] filehash: fixed wrong buffer lengths Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Apr 27 19:30:21 2010 +0200 fixing leaks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Apr 27 14:53:35 2010 +0200 [probes] family: detect platform using pre-defined macros Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Apr 27 14:17:53 2010 +0200 Documentation improvements in XCCDF, CPE, CVE, CVSS to ensure consistence Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Apr 27 13:30:10 2010 +0200 XCCDF documentation improvements Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Apr 27 11:26:10 2010 +0200 XCCDF_POLICY documentation improvements Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Apr 27 12:35:42 2010 +0200 [probes] file: use probe_item_creat instead of probe_obj_creat Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Apr 27 12:07:27 2010 +0200 [probes] return id attribute in items Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Apr 27 12:01:41 2010 +0200 [probes] filehash, filemd5: fixed typo Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Apr 27 11:27:55 2010 +0200 [probes] filehash, filemd5: small fix Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Apr 27 09:37:07 2010 +0200 XML metadata documentation Author: Joshua Adams <jadams@tresys.com> Date: Mon Apr 26 16:41:57 2010 -0400 Added src/common/public/text.h to openscap.i python bindings. Commented out unimplemented function oscap_text_set_overrides in the text.h Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Apr 26 21:38:47 2010 +0200 [configure] added -Wno-unknown-pragmas to CFLAGS Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Apr 26 21:37:57 2010 +0200 [probes] Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Apr 26 20:58:18 2010 +0200 [OVAL] oval_result_test_parse_tag: fixed typo Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Apr 26 16:09:13 2010 +0200 doc fix Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Apr 26 14:18:17 2010 +0200 oval_syschar_model_probe_sysinfo() + return codes for oval_syschar_model_probe* functions. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 22 13:49:53 2010 +0200 Fixing: Use assume_d instead of _A in alloc.c, oval_probe.c; quiet gcc Author: Ondrej Moris <omoris@redhat.com> Date: Thu Apr 22 10:03:17 2010 +0200 probe tests skipping corrected, sysinfo dependency removed from probe tests, minor fixes Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Apr 21 17:58:02 2010 +0200 better navigation in documentation Author: Ondrej Moris <omoris@redhat.com> Date: Tue Apr 20 10:41:56 2010 +0200 Enabling / disabling probe tests according to configure, process probe test added Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Apr 20 12:04:00 2010 +0200 remove sysinfo probe from independent family Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Apr 21 17:17:09 2010 +0200 [OVAL] make find_files use variables Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 21 15:55:21 2010 +0200 [probes/crapi] added missing crapi.c file Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 21 12:20:18 2010 +0200 [probes/crapi] fixed NSS 3.x support; new function: crapi_init Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 21 11:25:43 2010 +0200 [probes/crapi] sha1.c, md5.c: deduplication Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 21 11:05:17 2010 +0200 [SEAP] sch_pipe: check whether the path points to a regular file Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Apr 20 16:06:20 2010 +0200 [OVAL] correction for unknown_test Author: Ondrej Moris <omoris@redhat.com> Date: Mon Apr 19 12:49:21 2010 +0200 filemd5 and filehash probes included in summary Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Apr 16 17:00:03 2010 +0200 spec update Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Apr 16 16:41:34 2010 +0200 another minor doc update Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Apr 16 15:33:41 2010 +0200 Commented functions missing implementation for bindings Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Apr 16 15:02:49 2010 +0200 Fixed documentation for XCCDF_POLICY Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Apr 16 13:57:30 2010 +0200 [xccdf] some symbol visibility fixes Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Apr 16 14:24:13 2010 +0200 minor documentation tweaks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Apr 16 14:10:00 2010 +0200 [SEAP] sch_pipe: minor refactoring, more checks Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Apr 16 14:04:11 2010 +0200 inc release number, update spec file and NEWS Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Apr 16 13:26:40 2010 +0200 add unknown_test handling Author: Ondrej Moris <omoris@redhat.com> Date: Thu Apr 15 11:26:58 2010 -0400 floating point issue in CVSS corrected, BZ#581851 fixed Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Apr 15 15:05:52 2010 +0200 Added XCCDF_POLICY results and tailoring support for rules and values. Added XCCDF with result support to oscap_scan tool. Fixed oscap_scan tool return codes for XCCDF standard compliance. Fixed missing public functions in XCCDF. Added new error codes and family to support XCCDF. Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Apr 15 11:19:38 2010 +0200 fixing date tag in copyrights Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Apr 15 10:21:31 2010 +0200 include some more header files (windows issue) Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 15 01:59:15 2010 +0200 [probes/crapi] crapi_mdigest_fd: use .fini instead of .free if all previous steps succeeded Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 15 01:56:18 2010 +0200 [tests] new test: test_crapi_mdigest Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 15 01:40:30 2010 +0200 Minor corrections to get rid of some gcc warnings Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 15 01:29:19 2010 +0200 [SEAP] new API function: SEXP_eq Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Apr 14 18:02:58 2010 +0200 error mechanism clean up plus documentation Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Apr 14 16:32:04 2010 +0200 add oval_results_model_eval() return code Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Apr 14 16:02:23 2010 +0200 add oval_result_system_eval() return code and proper handling of OVAL_RESULT_INVALID Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Apr 14 13:00:30 2010 +0200 [OVAL] fix reference leak in probe_ent_getattrval() Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Apr 13 12:12:09 2010 +0200 reporters documentation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Apr 13 10:41:16 2010 +0200 update filter reporter Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Apr 13 10:40:19 2010 +0200 split reporter and error family codes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Apr 13 10:35:14 2010 +0200 Validation fail is not an error condition Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Apr 14 10:33:37 2010 +0200 implementing oval_result_system_eval_definition() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Apr 13 13:52:46 2010 +0200 [SEAP] cmd_sync_handler: Lock mutex before sending cond signal Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Apr 12 22:27:38 2010 +0200 model manipulation: constructors Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sat Apr 10 16:17:58 2010 +0200 document import optimization Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sat Apr 10 16:06:35 2010 +0200 rule + group manipulation methods Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sat Apr 10 12:06:30 2010 +0200 profile manipulation functions Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Apr 8 01:30:44 2010 +0200 benchmark manipulation functions - benchmark setters and adders - plain texts moved from hashtable to its own structure - refactoring - documentation fixes - ID hashtable integrity management Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Apr 8 00:22:09 2010 +0200 item flag setters + related struct setters Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Apr 12 12:28:06 2010 +0200 [common] minor refactoring: OSCAP_CONCAT, protect_errno are now in util.h Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat Apr 10 00:47:56 2010 +0200 [probes] rpminfo: fixed rpm-4.4 (rhel5) compatibility Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Apr 9 16:12:19 2010 +0200 [probes/crapi] added license text Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Apr 9 14:09:08 2010 +0200 [probes] filehash, filemd5: fixed mem2hex function Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Apr 9 14:06:10 2010 +0200 [tests] test_crapi_digest: fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Apr 9 13:39:51 2010 +0200 [tests] new test: test_crapi_digest Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Apr 9 13:39:03 2010 +0200 [probes/crapi] fixed wrong assumption Author: Ondrej Moris <omoris@redhat.com> Date: Fri Apr 9 12:42:58 2010 +0200 BZ#580656, BZ#580552 fixed Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Apr 9 10:52:50 2010 +0200 build DLLs on windows Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 8 23:38:01 2010 +0200 [probes/crapi] initial implementation of crapi_mdigest_fd Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Apr 8 17:57:47 2010 +0200 [probes] var ref fixes Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Apr 8 16:37:56 2010 +0200 [tests] sexp_list: add more tests on reference manipulation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 8 14:54:23 2010 +0200 [probes] filehash, filemd5: quiet gcc - uninitialized variables Author: Ondrej Moris <omoris@redhat.com> Date: Thu Apr 8 13:21:38 2010 +0200 uname probe test added, basic definition model validation incorporated into probe testing Author: Steve Grubb <sgrubb@redhat.com> Date: Thu Apr 8 11:11:29 2010 +0200 Remove libnl completely Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Apr 4 19:18:04 2010 +0200 variadic arguments support for reporters * variadic reporter message constructors * variagic report function * generic functions oscap_sprintf and oscap_vsprintf Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Apr 4 18:22:23 2010 +0200 reporter helpers + documentation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Apr 4 17:43:06 2010 +0200 Add reporter filter Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Apr 4 16:57:02 2010 +0200 oscap_salloc (struct allocating helper) Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Apr 4 02:32:22 2010 +0200 add multireporter Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sun Apr 4 02:09:46 2010 +0200 new loop construct macro: OSCAP_FOR Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sat Apr 3 20:45:17 2010 +0200 Make validator use the new report system Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Sat Apr 3 01:18:50 2010 +0200 initial reporter implementation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Mar 29 11:40:44 2010 +0200 nsinfo interface and parser Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Mar 25 16:17:29 2010 +0100 some validation support Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Mar 25 15:33:59 2010 +0100 oscap_split string splitting function Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 7 22:31:07 2010 +0200 [SEAP] fixed list block copy function Author: Ondrej Moris <omoris@redhat.com> Date: Wed Apr 7 13:44:16 2010 +0200 probes test cleaning corrected Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Apr 7 13:32:35 2010 +0200 compilation wihout probes works #2 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 7 10:29:16 2010 +0200 [probes] new probe: filemd5 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 7 10:21:39 2010 +0200 [probes] new probe: filehash Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Apr 6 22:36:01 2010 +0200 [tests] make sexp_concurency run faster in debug mode Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Apr 6 22:01:19 2010 +0200 [SEAP] new minor features - added SEXP_refs call - execute SEXP_VALIDATE only if SEXP_VALIDATE_DISABLE env var. isn't defined Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Apr 6 20:59:16 2010 +0200 [SEAP] SEXP_softref: update the referenced value in the original S-exp reference Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Apr 6 20:34:41 2010 +0200 [probes] get rid of eaccess Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Apr 6 16:56:11 2010 +0200 make compilation wihout probes impossible again Author: Steve Grubb <sgrubb@redhat.com> Date: Sun Apr 4 13:10:04 2010 -0400 [probes] interface: replace libnl Author: Steve Grubb <sgrubb@redhat.com> Date: Sat Apr 3 10:31:19 2010 -0400 [probes] inetlistening server update This patch drops the distinction between tcp & tcp6, udp & udp6, and adds raw sockets as if they were udp since they can be used only for datagrams. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 1 16:43:05 2010 +0200 [SEAP] fixing #2 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 1 15:52:31 2010 +0200 [SEAP] fixing Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Apr 1 15:23:01 2010 +0200 [SEAP] make shallow copies of multi-ref SEXP lists instead of aborting Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 1 15:09:37 2010 +0200 [SEAP] added proper rawval_list_copy function Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 1 15:09:29 2010 +0200 [configure] check libnl presence only on Linux Author: Ondrej Moris <omoris@redhat.com> Date: Thu Apr 1 14:21:03 2010 +0200 password and shadow tests added Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Mar 31 16:23:36 2010 +0200 [tests] added xml file for testing state fetch operation Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Mar 31 16:01:12 2010 +0200 make compilation wihout probes possible again Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 30 18:49:22 2010 +0200 add AC_CONFIG_MACRO_DIR back Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 30 15:22:25 2010 +0200 [configure] use GCrypt as the default crypto backend Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 30 14:25:46 2010 +0200 [tests] sexp_concurency: quiet gcc Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 30 13:52:29 2010 +0200 [tests] sexp_concurency: max. threads set to 8 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 30 13:40:05 2010 +0200 [tests] sexp_concurency: free unshared s-exp Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 30 13:11:32 2010 +0200 [tests] added sexp_concurency test into test_seap.sh Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 30 13:05:19 2010 +0200 [tests] new test: sexp_concurency Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Mar 30 12:08:40 2010 +0200 [OVAL] fix bz 577742 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 30 11:29:58 2010 +0200 [SEAP] sexp-atomic.c: include config.h; corrected assume.h location Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 30 09:53:05 2010 +0200 remove AC_CONFIG_MACRO_DIR(m4) Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 30 09:36:32 2010 +0200 [SEAP] use atomic ops also for msg and cmd packet ids Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 30 09:34:59 2010 +0200 [SEAP] Added atomic ops for uint64_t Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 30 01:47:34 2010 +0200 [SEAP] sexp-atomic.c: removed debug fprintf Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 30 01:43:43 2010 +0200 [SEAP] Abstraction of atomic operations & mutex-based emulation Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Mar 29 16:02:14 2010 +0200 configure is looking for right symbols in lib. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Mar 26 16:14:11 2010 +0100 [probes/crapi] removed OpenSSL support Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Mar 26 15:30:23 2010 +0100 Added callbacks; Added result to Policy; Fixed Policy handler for model; Fixed bug in policy evaluation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Mar 26 12:31:11 2010 +0100 [configure] Scream if no crypto library was selected Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Mar 26 12:30:00 2010 +0100 [probes/crapi] More checking and #ifdefs Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 25 19:42:52 2010 +0100 [probes/crapi] crapi_digest_fd: sha256, sha512 support Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 25 19:20:21 2010 +0100 [probes/crapi] crapi_digest_fd: sha1, rpm160 support Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Mar 25 17:56:53 2010 +0100 [OVAL] first part of definition model validation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 25 17:03:58 2010 +0100 nspr4 checking Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 25 16:44:44 2010 +0100 [probes/crapi] md5.c: include stdint.h Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 25 16:43:50 2010 +0100 [probes/crapi] fixed mmap usage Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 25 16:35:26 2010 +0100 [probes] Added cryto API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 25 16:33:35 2010 +0100 [SEAP] initialize e_dsc.v_bool Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Mar 24 20:18:12 2010 +0100 [SEAP] removed old parser Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Mar 24 20:16:22 2010 +0100 [SEAP] S-exp parser: bool value cache; extended isnetxexp function Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Mar 24 16:08:38 2010 +0100 [SEAP] Use # prefixed number representation in transport format Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Mar 24 15:50:02 2010 +0100 NEWS and release number update Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Mar 24 15:38:08 2010 +0100 man page adjustment Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Mar 24 15:07:55 2010 +0100 Added return codes Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Mar 24 14:50:07 2010 +0100 makefile fix Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Mar 24 12:37:00 2010 +0100 [OVAL] extend doxygen documentation Author: Ondrej Moris <omoris@redhat.com> Date: Wed Mar 24 11:46:32 2010 +0100 cleaning auxiliary testing files corrected Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Mar 24 11:35:51 2010 +0100 make initscript LSB compliant Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Mar 24 10:19:09 2010 +0100 [SEAP] removed boolean hack Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Mar 24 10:18:40 2010 +0100 [SEAP] S-exp parser: support for # prefixed numbers Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Mar 24 10:13:33 2010 +0100 [tests] makefile fix Author: Ondrej Moris <omoris@redhat.com> Date: Wed Mar 24 00:10:29 2010 +0100 family probe test added Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Mar 24 00:24:56 2010 +0100 [tests] test_seap_split rewrite Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Mar 24 00:24:14 2010 +0100 [SEAP] fixing #2 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 23 21:42:22 2010 +0100 [tests] test_seap: removed unsupported expressions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 23 21:37:53 2010 +0100 [SEAP] fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 23 21:13:33 2010 +0100 [SEAP] switch to new parser Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 23 21:12:05 2010 +0100 [SEAP] S-exp parser update #2 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 23 21:09:01 2010 +0100 [SEAP] fixed bug in spb_octet Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 23 16:38:54 2010 +0100 xccdf: fix symbol visibility Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 23 16:41:54 2010 +0100 minor changes in oscap-scan.cron, oscap-scan.sys Author: Steve Grubb <sgrubb@redhat.com> Date: Tue Mar 23 15:23:25 2010 +0100 cleaning up compiler warnings Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 23 14:37:51 2010 +0100 fixing Makefiles Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Mar 23 13:18:40 2010 +0100 [OVAL] interface probe correction Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 23 12:37:05 2010 +0100 create fedora 13 content from fedora 12 content Author: Joshua Adams <jadams@tresys.com> Date: Tue Mar 23 12:02:34 2010 +0100 [OVAL] fix cloning of subsets Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 23 10:51:19 2010 +0100 add cron job file Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Mar 22 13:35:05 2010 +0100 fixing fedora initscript Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Mar 22 13:06:32 2010 +0100 [OVAL] make several clone functions public Author: Ondrej Moriš <omoris@redhat.com> Date: Mon Mar 22 09:59:53 2010 +0100 Fedora12 content tuning Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Mar 22 09:51:58 2010 +0100 fixing typo in oscap-scan Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Mar 22 11:59:50 2010 +0100 [SEAP] strbuf API: include stdint.h Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Mar 22 09:04:10 2010 +0100 [SEAP] updated S-exp parser Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Mar 22 09:02:38 2010 +0100 [tests] sexp_parser: free psetup Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Mar 22 09:01:38 2010 +0100 [SEAP] minor modifications Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Mar 22 08:37:10 2010 +0100 [SEAP] extended lstack API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Mar 22 08:29:03 2010 +0100 [SEAP] extended SPB API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Mar 22 08:28:12 2010 +0100 [SEAP] extended strbuf API Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Mar 19 14:23:26 2010 +0100 improve progress, output, getopt, man page, init and sys scripts Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Mar 18 18:15:43 2010 +0100 xccdf: results import Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Mar 18 12:15:51 2010 +0100 xccdf: ID setters + upcast functions + type fix Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Mar 18 00:28:47 2010 +0100 xccdf: item adders Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Mar 17 22:48:50 2010 +0100 xccdf_result_get_benchmark Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Mar 17 22:39:49 2010 +0100 xccdf: separate header for unused funcs prototypes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Mar 17 17:29:39 2010 +0100 xccdf: item setters Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Mar 17 15:40:09 2010 +0100 xccdf: some xccdf_item getters Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Mar 18 18:28:09 2010 +0100 partial error_code cleanup Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Mar 18 18:13:59 2010 +0100 [OVAL] xml export: fix 'set' element namespace creation Fixes #574069 - Output of OVAL "set" element only has namespace if AGGREGATE. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 18 16:26:21 2010 +0100 [SEAP] SPB API: added spb_octet(); fallback to spb_pick in spb_pick_raw Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 18 16:25:01 2010 +0100 [probes] interface: fixed typo Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Mar 17 16:47:53 2010 +0100 Added -q option; better verbosity; better error handling; added return codes appropriate Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Mar 16 19:12:23 2010 +0100 [OVAL] add 'interface' probe Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 16 17:43:09 2010 +0100 xccdf: results dump (incomplete) Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 16 17:03:22 2010 +0100 xccdf result fixes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 16 13:57:29 2010 +0100 xccdf: results support in benchmark * xccdf_benchmark_add_result() * xccdf_add_item() [private] * generating IDs * results getter Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 16 01:54:45 2010 +0100 xccdf: resolve compiler warning Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 16 01:50:36 2010 +0100 xccdf: results public API Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Mar 15 23:38:33 2010 +0100 xccdf: result support structs manipulating functions Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Mar 15 23:35:18 2010 +0100 common: function generating macros enhancements * accessor for text * accessor with custom member getting expression * documentation fix * better parameter naming Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Mar 15 21:55:04 2010 +0100 xccdf: add result model missing structs * structure definitions * constructors and destructors Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Mar 15 15:52:58 2010 +0100 xccdf minor tweaks Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Mar 15 12:25:07 2010 +0100 xccdf: macros for result functions Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Mar 11 19:10:39 2010 +0100 xccdf: xccdf_rule_result initial implementation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Mar 11 19:10:10 2010 +0100 xccdf: register/unregister items to benchmark Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 9 16:10:16 2010 +0100 xccdf: initial result implementation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 9 16:09:52 2010 +0100 common: function for mass list creation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 9 16:09:02 2010 +0100 xccdf: move macros to helpers.h Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 16 15:59:05 2010 +0100 [SEAP+tests] SPB API: spb_drop_head + test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 16 13:59:25 2010 +0100 [SEAP] SPB API: fixed invalid memory read in spb_iterate Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 16 11:26:48 2010 +0100 [tests] test_spb_api: free allocated memory Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 16 01:21:52 2010 +0100 [tests] Extended test_spb_api Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 16 01:21:12 2010 +0100 [SEAP] SPB API: Implemented spb_pick; Fixing; Added printf format macro for spb_size_t Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Mar 15 16:06:05 2010 +0100 [OVAL] make oval_result_system_get_definition() function public Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Mar 15 12:59:54 2010 +0100 [OVAL] fix bool datatype Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Mar 14 15:21:33 2010 +0100 [SEAP] Sparse buffer API: fixed bugs, implemented missing functions, added test Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Mar 12 16:07:55 2010 +0100 XCCDF Policy API step #3 - evaluation Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Mar 12 14:21:03 2010 +0100 fedora initfile,sysconfig,content + spec update Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Mar 12 10:59:42 2010 +0100 [OVAL] probes: remove unneeded status handling Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 11 13:51:28 2010 +0100 [OVAL] don't use probe_obj_creat in oval_probe_sysinf_eval Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 11 12:13:14 2010 +0100 [probes] use pcache locking Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 11 11:12:45 2010 +0100 [OVAL/probes] Fix global symbol issues introduced by encache Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 11 11:11:02 2010 +0100 [probes] removed ncache code Author: Steve Grubb <sgrubb@redhat.com> Date: Wed Mar 10 11:06:52 2010 -0500 [probes] find_files: remove another sprintf Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 11 11:07:06 2010 +0100 [probes] process: put Linux specific code between #ifdefs Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Mar 10 17:49:26 2010 +0100 extend the api to enable results evaluation separately from xml exporting Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Mar 10 18:02:24 2010 +0100 include probe public api documentation Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Mar 10 17:40:56 2010 +0100 remove oval_result.c Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Mar 10 17:36:52 2010 +0100 remove oval_errno.h Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Mar 10 17:21:05 2010 +0100 add missing copyright and authorship Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Mar 10 10:37:26 2010 +0100 [probes] fixed usage of assume_d in encache.c Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Mar 9 17:42:46 2010 +0100 XCCDF Policy API step #2 Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Mar 9 17:41:29 2010 +0100 Added XCCDF Policy API step #1 Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 9 15:16:40 2010 +0100 fix "--disable-shared" build Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 9 14:52:05 2010 +0100 [probes] Utilize the element name cache; Fixing Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 9 14:14:12 2010 +0100 update probe compile list status Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 9 14:05:25 2010 +0100 add man page to tarball and fedora spec file Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Mar 9 14:10:45 2010 +0100 [probes] element name cache API Author: Steve Grubb <sgrubb@redhat.com> Date: Mon Mar 8 16:37:36 2010 -0500 [probes] inetlisteningservers: finalize regex support Author: Steve Grubb <sgrubb@redhat.com> Date: Mon Mar 8 13:20:33 2010 -0500 [probes] Finalize proces, password, and shadow probes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Mar 8 10:58:25 2010 +0100 xccdf: remove useless functions from public API Author: Steve Grubb <sgrubb@redhat.com> Date: Sat Mar 6 08:52:22 2010 -0500 Speed up find_files function a little Author: Steve Grubb <sgrubb@redhat.com> Date: Sat Mar 6 08:47:49 2010 -0500 Fix some autotools issues Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat Mar 6 13:14:36 2010 +0100 [OVAL/probes] handle xsi:nil value in oval_value_to_sexp Author: Steve Grubb <sgrubb@redhat.com> Date: Fri Mar 5 15:50:42 2010 -0500 [probes] new probe: process Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Mar 5 18:37:38 2010 +0100 [SEAP] use non-blocking locking in __seap_debug_log Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Mar 5 02:53:52 2010 +0100 [tests] runlevel_B: changed expected results of few tests Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Mar 5 02:38:32 2010 +0100 [probes] runlevel: return start & kill value as a boolean Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Mar 5 02:25:46 2010 +0100 [probes] runlevel: minor corrections Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Mar 5 01:47:47 2010 +0100 [probes] probe-main: create threads in detached state Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 4 21:56:24 2010 +0100 [probes] added several #ifdefs around OS specific code Author: Steve Grubb <sgrubb@redhat.com> Date: Thu Mar 4 14:32:59 2010 -0500 [probes] new probe: shadow Author: Steve Grubb <sgrubb@redhat.com> Date: Thu Mar 4 13:40:33 2010 -0500 [probes] new probe: password Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 4 18:11:11 2010 +0100 [probes] uname: added missing call to fclose Author: Steve Grubb <sgrubb@redhat.com> Date: Thu Mar 4 11:11:36 2010 -0500 [probes] new probe: uname Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Mar 4 17:38:57 2010 +0100 [PATCH 5/5] xccdf: public header cleanup Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Mar 4 17:38:30 2010 +0100 [PATCH 4/5] cce + common: @relates -> @memberof Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Mar 4 17:38:04 2010 +0100 [PATCH 3/5] xccdf: replace pointer to benchmark with a function Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Mar 4 17:37:29 2010 +0100 [PATCH 2/5] xccdf: correct oscap_text properties Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Mar 4 17:37:04 2010 +0100 [PATCH 1/5] xccdf: requires + conflicts getters Author: Steve Grubb <sgrubb@redhat.com> Date: Thu Mar 4 08:55:05 2010 -0500 [probes] inetlisteningservers: added missing header file Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 2 16:48:08 2010 +0100 common: add oscap_stringlist Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 2 16:05:33 2010 +0100 xccdf: set_value -> setvalue + getters, dump Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 2 15:42:50 2010 +0100 xccdf: remove auxdict (historical) Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 2 15:18:47 2010 +0100 More xccdf changes * getters for refine-rule, refine-value, set-value * constructors of the above * remarks parsing Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Mar 2 13:22:01 2010 +0100 xccdf: minor fixes Author: Steve Grubb <sgrubb@redhat.com> Date: Wed Mar 3 14:57:23 2010 -0500 update for inetlisteners probe Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Mar 4 02:37:26 2010 +0100 [SEAP] Added sparse buffer API Author: Steve Grubb <sgrubb@redhat.com> Date: Wed Mar 3 15:59:26 2010 +0100 [OVAL] add inetlisteningserver probe Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Mar 3 12:09:44 2010 +0100 [OVAL] more rpminfo test corrections Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Mar 2 12:52:06 2010 +0100 [OVAL] tests: add missing "xmlns" attributes Author: Steve Grubb <sgrubb@redhat.com> Date: Mon Mar 1 14:04:05 2010 -0500 Use uname as the primary host name source Author: Steve Grubb <sgrubb@redhat.com> Date: Mon Mar 1 13:24:12 2010 -0500 fixed system info probe Author: Steve Grubb <sgrubb@redhat.com> Date: Mon Mar 1 10:40:41 2010 -0500 add man page for util Author: Steve Grubb <sgrubb@redhat.com> Date: Mon Mar 1 10:20:09 2010 -0500 fix a memory leak Author: Steve Grubb <sgrubb@redhat.com> Date: Mon Mar 1 10:12:03 2010 -0500 fix a couple uninitialized variables Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Mar 1 13:03:36 2010 +0100 xccdf: code cleanup Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Mar 1 12:58:16 2010 +0100 xccdf: do not dereference IDs Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Mar 1 11:40:56 2010 +0100 no not compile oscap-scan with OVAL disabled Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Mar 1 13:02:08 2010 +0100 [OVAL] rpminfo test corrections Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Feb 26 14:16:09 2010 +0100 new release Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Feb 26 13:58:08 2010 +0100 rename oscap_cli to oscap_scan Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Feb 26 13:44:13 2010 +0100 another leak in oscap_cli Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Feb 26 13:25:41 2010 +0100 Fixed oval_cli leaks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Feb 26 13:04:22 2010 +0100 [probes] rpminfo: working pattern match support Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Feb 26 13:03:43 2010 +0100 [common] assume.h: one more substitution level in __XCA Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Feb 26 12:50:46 2010 +0100 do NOT compile XCCDF by default Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Feb 26 12:39:14 2010 +0100 [autotools] fixing sequence of building Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Feb 25 15:00:57 2010 +0100 xccdf_reference Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Feb 25 17:10:04 2010 +0100 correct the results of several runlevel_probe tests Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Feb 25 16:49:12 2010 +0100 use correct test type in tests/OVAL/probes/test_probes_runlevel_[AB].xml.sh Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Feb 26 01:02:32 2010 +0100 [probes] rpminfo: initial support for the pattern match operation Author: Steve Grubb <sgrubb@redhat.com> Date: Fri Feb 26 00:49:31 2010 +0100 fix a couple memory leaks & cleanup Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Feb 25 19:17:34 2010 +0100 [tests] assume.h: don't show __builtin_expect in messages Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Feb 25 19:13:18 2010 +0100 [utils] compile oscap_cli with curl_cflags Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Feb 25 12:52:09 2010 +0100 create utils "infrastructure" for apps Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Feb 25 10:28:43 2010 +0100 [common] Moved assume.h to private headers Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Feb 24 17:09:28 2010 +0100 make test_probes generate system_info Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Feb 25 10:04:45 2010 +0100 [common] added assume() macro Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Feb 25 10:03:06 2010 +0100 [OVAL] public/oval_probe.h documentation Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Feb 24 16:58:45 2010 +0100 Bindings fix #1 Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Feb 24 16:02:17 2010 +0100 xccdf_warning Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Feb 24 13:31:52 2010 +0100 port XCCDF to oscap_text Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Feb 24 14:18:10 2010 +0100 oscap_text updates * reimplementation (remove encoding and wchar) * new interface stub * split headers * move some xml handling funcs from xccdf/ to common/ Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Feb 24 11:25:08 2010 +0100 implement missing test resolution mechanisms Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Feb 24 10:43:00 2010 +0100 remove "operator" c++ reserved keyword from public header Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Feb 24 11:12:09 2010 +0100 minor fix in Makefile.am Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Feb 23 17:34:39 2010 +0100 implement state operator attribute Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Feb 23 18:01:18 2010 +0100 update NEWS file Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Feb 23 17:26:59 2010 +0100 [SEAP] added c++ related ifdefs to public headers Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Feb 23 16:10:19 2010 +0100 resolve a compiler warning Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Feb 23 16:50:48 2010 +0100 print nicer configure status Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Feb 23 13:35:40 2010 +0100 get rid of "namespace" it's C++ reserved name Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Feb 23 13:15:55 2010 +0100 [probes] runlevel: minor adjustments Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Feb 23 13:14:11 2010 +0100 [tests] added ifdefs into assume.h Author: Pierre Chifflier <chifflier@edenwall.com> Date: Tue Feb 23 11:20:25 2010 +0100 Implement the dpkginfo probe Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Feb 22 12:50:06 2010 +0100 add forgotten initialization Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Feb 22 11:23:03 2010 +0100 oscap_cli: Fixed result/syschar naming Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Feb 22 11:09:51 2010 +0100 fix "operation" -> "operator" typo Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Feb 19 14:05:15 2010 +0100 New OSCAP CLI Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Feb 19 14:04:08 2010 +0100 Renamed oval_probes.c -> oscap_cli.c Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Feb 18 17:15:36 2010 +0100 sysdata were not added to the system characteristics model Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Feb 18 11:20:50 2010 +0100 Changed oval_definition_supported to oval_definition_model_supported Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Feb 16 10:14:58 2010 +0100 Added support functions Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Feb 18 11:49:25 2010 +0100 initial draft of oval content for Fedora12 Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Feb 17 17:31:11 2010 +0100 first part of corrections to 'check' and 'check_existence' attributes processing Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Feb 15 12:18:31 2010 +0100 changing oval_probe_sysinf_eval() interface Author: Ondrej Moris <omoris@redhat.com> Date: Fri Feb 12 17:29:47 2010 +0100 file / rpminfo probe test extended Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Feb 11 17:40:01 2010 +0100 error.h documentation + show common on title page Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Feb 12 13:54:45 2010 +0100 [probes] file: pass correct callback arg to find_files Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Feb 12 13:38:12 2010 +0100 [probes] file: use op equals as default operation Author: Ondrej Moris <omoris@redhat.com> Date: Fri Feb 12 10:38:40 2010 +0100 new file probe test content Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Feb 11 15:34:59 2010 +0100 oscap_export_target_new_* adjustments Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Feb 11 11:44:57 2010 +0100 remove _oval_syschar_model_probe_sysinfo() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Feb 11 13:05:14 2010 +0100 [OVAL] fixed error handling in oval_probe_comm Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Feb 10 17:48:44 2010 +0100 use OSCAP_EINVARG in oscap_import_source_new_file Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Feb 8 21:16:10 2010 +0100 XCCDF documentation update Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Feb 8 14:30:55 2010 +0100 XCCDF docs: @relates -> @memberof Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Feb 8 14:29:27 2010 +0100 add CVE class diagram Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Feb 8 12:55:50 2010 +0100 CPE + CVE: @relates -> @memberof Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Feb 5 12:06:11 2010 +0100 add textfilecontent type to the probe lookup table Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Feb 5 11:25:47 2010 +0100 fixing double free Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Feb 4 16:27:43 2010 +0100 CPE documentation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Feb 3 19:52:01 2010 +0100 CPE URI proper percent-encoding implementation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Feb 3 18:22:06 2010 +0100 CPE: correct XML attributes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Feb 2 18:24:34 2010 +0100 CVE fixes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Feb 2 17:59:28 2010 +0100 CPE platform expression setter reimplementation Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Feb 3 16:58:18 2010 +0100 fix OVAL xor operator Author: Ondrej Moris <omoris@redhat.com> Date: Wed Feb 3 11:44:13 2010 +0100 probes tests corrections Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Feb 3 16:00:19 2010 +0100 add definition model class diagram Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Feb 2 18:08:34 2010 +0100 tweak sysinfo test Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Feb 3 11:19:18 2010 +0100 add system char. and result model class diagrams Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Feb 2 16:01:06 2010 +0100 CPE language expressions support * port expressions to oscap_list * provide manipulation functions Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Feb 2 16:00:38 2010 +0100 CPE test fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Feb 2 17:06:47 2010 +0100 [probes] fixed probe_ent_getstatus; implemented probe_itement_setstatus Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Feb 2 17:06:39 2010 +0100 [SEAP] implemented SEXP_unref Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Feb 2 16:50:26 2010 +0100 fixing another OVAL leaks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Feb 2 15:28:13 2010 +0100 [probes] implemented probe_ent_getstatus Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Feb 2 14:11:21 2010 +0100 [tests] fixed assume() Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Feb 2 12:30:26 2010 +0100 remove wrong assert Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Feb 2 12:43:02 2010 +0100 fixing leaks in OVAL Author: Ondrej Moris <omoris@redhat.com> Date: Tue Feb 2 08:40:33 2010 +0100 textfilecontent54 probe draft test added Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Feb 1 14:06:00 2010 +0100 fixing leak in oval_object2sexp (oval_sexp.c:391) Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Feb 1 14:18:01 2010 +0100 [SEAP] fixed double-free; call abort if pqueue isn't empty Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Feb 1 13:53:29 2010 +0100 [SEAP] do something instead of nothing in SEXP_psetup_free Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Feb 1 13:09:40 2010 +0100 [SEAP] fixed leak in SEAP_packet_recv Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Feb 1 13:01:19 2010 +0100 [common] fixed debug code Author: Ondrej Moris <omoris@redhat.com> Date: Thu Jan 28 12:13:44 2010 +0100 runlevel probe tests + some minor corrections Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jan 26 13:01:59 2010 +0100 [common] debug.c: added oscap_dlprintf; fixed debug level checking Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jan 25 16:46:16 2010 +0100 [OVAL] Use oscap_seterr in oval_probe_object_eval & friends Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jan 25 10:16:22 2010 +0100 remove deprecated log mechanism from tests Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat Jan 23 11:59:15 2010 +0100 [tests] assume.h: use __builtin_expect if available Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jan 22 14:48:27 2010 +0100 remove deprecated log mechanism Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jan 22 14:40:32 2010 +0100 finish OVAL documentation changes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jan 21 16:59:13 2010 +0100 [tests] added assume() macro implementation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jan 20 19:16:44 2010 +0100 Common documentation update Author: Ondrej Moris <omoris@redhat.com> Date: Tue Jan 19 10:25:55 2010 +0100 rpminfo probe test added, some minor corrections Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jan 19 18:25:56 2010 +0100 style + fixes of oval_definition documentation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jan 19 12:31:46 2010 +0100 fixed typo in configure.ac Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jan 19 12:25:50 2010 +0100 [probes] file: set proper entity status Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jan 19 12:24:07 2010 +0100 [common] text.c: portability workarounds Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Mon Jan 18 15:46:18 2010 +0100 XCCDF internationalization and setters impl. Author: Spencer Shimko <sshimko@tresys.com> Date: Mon Jan 18 14:09:26 2010 +0100 RHEL/CentOS 5 support for systeminfo and rpminfo Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jan 18 10:55:53 2010 +0100 fixing typo in Makefile.am Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jan 18 14:05:23 2010 +0100 [probes] rpminfo: fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jan 18 13:53:27 2010 +0100 [probes] rpminfo: set 'name' entity status Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Jan 15 15:47:08 2010 +0100 Fixed SWIG deprecation warning Author: Spencer Shimko <sshimko@tresys.com> Date: Fri Jan 15 10:27:52 2010 +0100 Added Python implementation example and single rpminfo test. Updated Makefile.am Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Fri Jan 15 10:46:17 2010 +0100 further characterization of the XCCDF API Author: Ondrej Moris <omoris@redhat.com> Date: Thu Jan 14 12:27:19 2010 +0100 revision, correction, extension Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jan 13 11:29:03 2010 +0100 update structure of probes doxygen documentation Author: theinric <theinric@wrabco.englab.brq.redhat.com> Date: Tue Jan 12 12:57:04 2010 +0100 fix hostname processing in system_info probe Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jan 11 12:01:01 2010 +0100 fix leaks and uninitialized variable Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Jan 7 16:15:49 2010 +0100 Fixed multiple cpe matching SEGFAULT & added cpe_match test to cpe lang Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Jan 7 15:32:54 2010 +0100 Fixed substitution from python sequence to C arrays for cpe_name and oval_syschar_model Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Jan 5 11:40:49 2010 +0100 [oval] fixing uninitialized variable Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jan 4 18:04:36 2010 +0100 add flag processing for collected objects Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jan 4 15:43:05 2010 +0100 [SEAP] Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jan 4 15:25:36 2010 +0100 [tests] new test: test_seap_split Author: Ondrej Moris <omoris@redhat.com> Date: Mon Jan 4 14:07:15 2010 +0100 distcheck paths corrected Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jan 4 11:34:03 2010 +0100 increase release number in configure.ac Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jan 4 13:20:28 2010 +0100 [probes] Fixed typo in the previous commit Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jan 4 13:17:29 2010 +0100 [probes] Fixed S-exp -> OVAL translation of boolean values Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Dec 23 22:25:19 2009 +0100 indent sources Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Dec 22 23:01:52 2009 +0100 OVAL: Small fixes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Dec 23 11:44:14 2009 +0100 [SEAP] use larger recv/send buffer Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Dec 23 11:27:26 2009 +0100 [OVAL] fixed oval_probe_cmd_obj_eval Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Dec 23 10:44:52 2009 +0100 [SEAP] Added datatype_set_nth; Workaround for boolean types; Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 22 17:34:45 2009 +0100 example update Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 22 16:48:34 2009 +0100 fix paths -> make distcheck works Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 22 12:22:48 2009 +0100 oval fixes Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Dec 21 18:46:29 2009 +0100 Fixed cpe_lang; changed error prefix; fixed oval warnings Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Dec 21 18:06:16 2009 +0100 oval fixes Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Dec 21 14:46:00 2009 +0100 OVAL: fixed export, asserts and warnings Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Dec 21 11:49:15 2009 +0100 OVAL: remove errno Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Dec 21 14:33:47 2009 +0100 [OVAL] include missing header file Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Dec 21 13:24:50 2009 +0100 don't use reserved names as api func(). arg. Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Dec 21 11:04:28 2009 +0100 OVAL error,assert,logging chages #1 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Dec 18 17:09:02 2009 +0100 Fixed invalid reads in string_subcstr Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Dec 18 17:25:49 2009 +0100 [oval] uninitialized variable fix Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Dec 18 13:52:47 2009 +0100 exampe update Author: Ondrej Moris <omoris@redhat.com> Date: Thu Dec 17 23:29:29 2009 +0100 testing report clarified Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Dec 17 17:37:00 2009 +0100 solve swig issues with C99,sync C and bindings API Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Wed Dec 16 16:55:39 2009 +0100 oscap_import/export in OVAL Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Dec 16 13:09:07 2009 +0100 correct oval state attributes' type Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Dec 16 11:15:09 2009 +0100 fixing test_sysinfo.c Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Dec 16 10:56:28 2009 +0100 provide valid rpminfo.xml Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Dec 16 09:51:42 2009 +0100 [SEAP] Don't emit debug messages in SEXP_VALIDATE Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Dec 16 09:48:00 2009 +0100 [probes] Extra checks in probe-main.c Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Dec 15 18:21:59 2009 +0100 fix bug in object filters processing Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 15 18:27:02 2009 +0100 update example; new test_probes2 Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 15 15:17:11 2009 +0100 adjust to new constructors Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Tue Dec 15 13:19:45 2009 +0100 OVAL lock implementation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Dec 15 13:29:17 2009 +0100 [SEAP] Fixing Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Dec 15 11:15:58 2009 +0100 - Added new OSCAP error codes - Added error propagation to oscap_*alloc - Fixed malloc calls in list.h -> oscap_*alloc now - Added error propagation to CVE, CPE, CVSS - Added logging in debug mode to error constructor Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Dec 15 10:53:43 2009 +0100 update bindings Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Dec 14 16:22:12 2009 +0100 fix segfault in variable processing Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Dec 14 10:45:15 2009 +0100 [tests] fixing typos in Makefile.am Author: Ondrej Moris <omoris@redhat.com> Date: Mon Dec 14 09:45:46 2009 +0100 definition reference source setting corrected Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Dec 14 09:15:54 2009 +0100 [probes] Fixing, updates, etc. Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Dec 11 17:40:26 2009 +0100 bindings fix Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Dec 11 14:10:16 2009 +0100 Added __attribute__nonnull__ macro to common Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Dec 11 11:20:05 2009 +0100 Removed assert macro from CVSS Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Dec 11 11:13:35 2009 +0100 Fixed assert macro & fixed cpeuri asserions Author: Ondrej Moris <omoris@redhat.com> Date: Fri Dec 11 10:47:01 2009 +0100 tests/Makefile.am corrected Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Dec 10 16:57:40 2009 +0100 add missing variable initialization Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Dec 10 15:32:01 2009 +0100 fix test_probes_tc02 test Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Thu Dec 10 14:10:09 2009 +0100 Locking and validating OVAL API instances Author: Ondrej Moris <omoris@redhat.com> Date: Wed Dec 9 16:31:05 2009 +0100 CCE and CVSS test added, CPE tests updated, xml comparing revisited, CVSS base/enviromental score computation corrected Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Dec 9 17:26:29 2009 +0100 fixing typos in OVAL documentation Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Wed Dec 9 14:25:39 2009 +0100 SPI functions + documentation Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Dec 8 17:08:15 2009 +0100 Added asserts as __attribute__nonnull__ macro Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Dec 9 11:15:51 2009 +0100 define oscap_dprintf even if NDEBUG Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Dec 8 18:08:49 2009 +0100 [tests] test for the common/error API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Dec 8 16:55:09 2009 +0100 [common] oscap_seterr & friends Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Dec 7 17:55:23 2009 +0100 [common] added oscap_dprintf Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Dec 7 17:44:23 2009 +0100 [SEAP] fixed mutex locking in __seap_debuglog Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Dec 7 17:40:26 2009 +0100 fixing default PATH_DIR Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Dec 7 13:01:09 2009 +0100 Fixed copy-paste error value->part string in CPE dict Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Dec 3 16:35:27 2009 +0100 [tests] Make tests more portable Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Dec 3 14:44:57 2009 +0100 XCCDF refactoring Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Dec 2 18:48:13 2009 +0100 Added implementation of counting CVSS score on cvss_entry & test on this feature Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Dec 1 15:40:18 2009 +0100 Move static strings to mamcros Author: Ondrej Moris <omoris@redhat.com> Date: Tue Dec 1 11:22:04 2009 +0100 OVAL tests update Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Tue Dec 1 14:08:03 2009 +0100 add missing files Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Nov 27 16:19:36 2009 +0100 fixing bindings Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Nov 27 14:07:05 2009 +0100 Fixed iterator macro Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Nov 27 13:58:06 2009 +0100 Partialy fixed XML metadata GETTINS macro; Exporting functions parameters are constant now Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Nov 27 13:32:40 2009 +0100 - Added item_metadata_new in CPE Dict (fixed SIGSEGV) - Removed model freeing from exporting functions Now user takes care of freeing models - Added xmlns to CPE Dict and lang models - Added tests to test xmlns Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Nov 27 11:18:06 2009 +0100 - Redefine xml_metadata to cover oscap_list manipulation - Add XMLNS import/export to CVE - Add more documentation Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Nov 26 14:30:48 2009 +0100 update tests/OVAL/test_probes.c Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Wed Nov 25 17:55:05 2009 +0100 fixing variables parsing issues Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Nov 25 12:57:57 2009 +0100 change several oval sexp processing functions' prototypes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Nov 24 17:42:50 2009 +0100 More remove functions Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Nov 24 08:44:44 2009 +0100 Added XCCDF to testing suite Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Nov 24 08:32:07 2009 +0100 XCCDF small changes Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Nov 24 08:31:51 2009 +0100 Added functions description in documentation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Nov 23 17:04:13 2009 +0100 Remove support for iterators + funcs for CPE dict Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Nov 23 10:57:18 2009 +0100 Added CCE & CVSS to test suite Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Nov 20 17:19:30 2009 +0100 Split documentation for CVE, CPE, CVSS Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Nov 20 14:36:31 2009 +0100 Added documentation for CVE and CVSS Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Nov 20 13:30:55 2009 +0100 Added CVE simple test; Fixed <entry/> element parsing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Nov 18 02:09:17 2009 +0100 [OVAL] Probe context update, refactoring, etc. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Nov 16 12:02:40 2009 +0100 [OVAL+probes] Initial implementation of probe context Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Nov 12 17:26:09 2009 +0100 Added XCCDF missing prototypes Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Fri Nov 13 10:23:42 2009 +0100 update to variable processing Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Nov 12 15:47:42 2009 +0100 - Added checking encoding in CPE - Fixed cpelang tests {6,7} Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Nov 12 14:28:56 2009 +0100 bump release number in configure.ac Sorry, I messed up, and I pushed out an earlier version tagged as 0.5.5. Please use tag 0.5.5-REAL instead of 0.5.5. Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Nov 12 13:22:02 2009 +0100 do not run test_cpelang_tc0{6,7} Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Thu Nov 12 11:10:01 2009 +0100 fixing segfault Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Nov 11 18:09:47 2009 +0100 fixing CPE tests and add sys_info test again Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Nov 11 17:17:17 2009 +0100 fix include dir Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Nov 11 16:57:17 2009 +0100 Fixed test failed - added cpe_testexpr_get_next Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Nov 11 16:33:29 2009 +0100 add model free() functions into example Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Nov 11 15:11:42 2009 +0100 - Fix prototypes in common - Fix CVE cp-error in cve_entry macro - Fix CVE problems Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Nov 11 16:09:57 2009 +0100 Fixing: compiler warnings Author: Ondrej Moris <omoris@redhat.com> Date: Wed Nov 11 15:32:42 2009 +0100 new testing engine, CPE Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Nov 11 14:44:02 2009 +0100 Added missing prototypes to CVSS; Fix prototypes in CVE Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Nov 11 14:37:13 2009 +0100 Clear CCE code; Add missing prototypes Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Nov 11 14:35:12 2009 +0100 Fix function/structures declarations; Code clear; Added missing prototypes Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Wed Nov 11 14:46:51 2009 +0100 draft of Local Variable evaluation Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Nov 11 14:18:33 2009 +0100 fix issues that come up with -Wmissing-prototypes Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Nov 11 10:08:49 2009 +0100 add -Wmissing-prototypes, fix double declarations Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Nov 10 22:59:23 2009 +0100 [tests] test_sysinfo: don't free sysint objects Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Nov 10 22:51:42 2009 +0100 Fixing Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Nov 10 18:50:08 2009 +0100 provide examples that demonstrate simple lib usage Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Nov 10 17:38:04 2009 +0100 Bindings fixes Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Nov 10 14:32:36 2009 +0100 Header fixes (not all included) Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Nov 10 14:50:27 2009 +0100 [tests] test_sysinfo: print interfaces Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Nov 10 14:42:27 2009 +0100 [OVAL] oval_sysinfo_probe: interface info processing Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Nov 10 12:08:26 2009 +0100 small fixes Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Nov 10 11:49:44 2009 +0100 Move cvsscalc to cvss & added private functions from CVE Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Nov 10 11:15:01 2009 +0100 Changes on public API in CVE; Added missing free functions Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Tue Nov 10 11:28:03 2009 +0100 Integrating oval_sysinfo_probe Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Nov 9 17:33:51 2009 +0100 struct testexpr -> .h Author: Maros Barabas <mbarabas@redhat.com> Date: Mon Nov 9 17:08:06 2009 +0100 Added parse and export private functions to CVE Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Nov 9 14:24:28 2009 +0100 [probes] system_info: return only one item + debug stuff Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Nov 9 14:01:44 2009 +0100 [probes] Added debug stuff Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Nov 9 13:33:12 2009 +0100 Fixing #3 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Nov 9 13:25:22 2009 +0100 [tests] added oval_sysinfo_probe test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Nov 9 13:24:51 2009 +0100 Fixing #2 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Nov 9 10:51:40 2009 +0100 Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Nov 9 10:36:59 2009 +0100 [OVAL] oval_sysinfo_probe Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun Nov 8 15:56:59 2009 +0100 rename exampes -> tests Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun Nov 8 15:44:13 2009 +0100 single module for bindings Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Nov 6 16:53:47 2009 +0100 fix many xmlChar <-> (char *) conversions Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Nov 6 14:06:08 2009 +0100 Added oscap_strsep; Removed declaration of variable within for statement in CPE Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Fri Nov 6 15:23:38 2009 +0100 Defensive code: oval_enumerations Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Nov 5 13:49:44 2009 +0100 change documentation of oval_results_model_new() Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Thu Nov 5 11:27:00 2009 +0100 segfault - defensive dode + doxygen update Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Nov 4 14:11:10 2009 +0100 Don't check for the presence of libnl on non-Linux systems Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Nov 3 17:01:20 2009 +0100 add system_info probe Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Tue Nov 3 15:32:28 2009 +0100 addresing lot of the TODO's Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Nov 3 13:30:20 2009 +0100 Fixed the fixing fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Nov 3 13:27:09 2009 +0100 [SEAP] Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Nov 3 13:23:17 2009 +0100 [SEAP] Update Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Oct 23 14:08:31 2009 +0200 Fix cpe_dict_model_add_vendor function name in header Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 26 13:52:20 2009 +0100 Removed probe.c, probe.h Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 26 13:51:25 2009 +0100 [OVAL] fixed typo Author: Peter Vrabec <pvrabec@gmail.com> Date: Fri Oct 23 20:27:23 2009 +0200 make distcheck works Author: Peter Vrabec <pvrabec@gmail.com> Date: Fri Oct 23 19:10:33 2009 +0200 fix bindings for XCCDF, CCE, CVE, CVSS Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Oct 23 16:17:33 2009 +0200 fix OVAL bindings Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Oct 23 13:00:45 2009 +0200 dict_model_items -> dict_model_platforms; deleted cpe_dict_model_add_vendor Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Oct 23 13:02:54 2009 +0200 swig/OVAL/oval.i bindings change Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Oct 23 12:46:44 2009 +0200 cpe fixes Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Oct 23 12:20:44 2009 +0200 Last documentation fix Author: Tomas Heinrich <heinrich.tomas@gmail.com> Date: Fri Oct 23 11:23:51 2009 +0200 improve doxygen documentation Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Oct 23 11:48:16 2009 +0200 Fixed CPE documentation; Fixed XML file validation Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Oct 23 11:14:29 2009 +0200 Fixed groups in CPE Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Oct 23 11:03:50 2009 +0200 Added documentation for CPE Language private header Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Oct 23 11:51:43 2009 +0200 makefile.am fixes Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Oct 23 09:42:25 2009 +0200 make examples work with "public" Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Oct 22 17:39:13 2009 +0200 Fixing bindings Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Oct 22 17:30:27 2009 +0200 [bindings] fixed oval.i Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Oct 22 17:00:53 2009 +0200 fixing CPE - again Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Oct 22 16:58:29 2009 +0200 Added documentation for cpedict public and private API Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 22 17:02:25 2009 +0200 XCCDF/public for XCCDF public headers Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Oct 22 16:59:43 2009 +0200 [probes] moved public header to public/ Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 22 16:43:31 2009 +0200 CVE/public for CVE public headers Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Oct 22 16:28:48 2009 +0200 removed oval_testing_probe.c Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Oct 22 16:27:20 2009 +0200 [OVAL] api/ -> public/ Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Oct 21 13:56:18 2009 +0200 prevent double-slash occurences in find_files() Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 22 16:13:21 2009 +0200 CCE/public for CCE public headers Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Oct 22 15:51:42 2009 +0200 [probes] rpminfo fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Oct 22 15:49:19 2009 +0200 Fixing #2 Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 22 15:38:27 2009 +0200 CVSS/public for CVSS public headers Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Oct 22 15:36:51 2009 +0200 [probes] added _probe-api.h Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Oct 22 15:15:18 2009 +0200 Added documentation for cpedict public and private API Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 22 15:14:02 2009 +0200 common/public for public headers Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Oct 22 13:02:46 2009 +0200 CPE lang: some set + add funcs, fixes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Oct 22 11:51:20 2009 +0200 fix import / export allocation + examples Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Oct 22 11:32:30 2009 +0200 Fixing Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Oct 21 18:02:44 2009 +0200 removed private includings; added missing cpe_platform_get_expr function Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Oct 21 17:46:45 2009 +0200 - Added oscap_import_source and oscap_export_target structures - Fixed name refactoring changes - Fixed CPE bindings - Fixed cpedit public parse function Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 21 17:39:52 2009 +0200 openscap-devel interface fixes Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 21 14:38:58 2009 +0200 use probes/* examples again Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Oct 20 20:13:19 2009 +0200 Add *_add_* functions to CPE dictionary Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Oct 20 19:12:31 2009 +0200 Export oscap_title via the public API. Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Oct 20 18:34:18 2009 +0200 Add setters for string members of CPE dictionary Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Oct 20 18:33:17 2009 +0200 Make cpe name use accessor macros. Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Oct 20 18:32:55 2009 +0200 Add accessor macros Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Oct 20 14:07:46 2009 +0200 CPE header files tweaks Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Oct 20 18:15:37 2009 +0200 add doxygen documentation to findfile.[ch], sexp-manip.[ch] Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 21 02:15:56 2009 +0200 [probes] xmlfilecontent: fixed reference leaks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 21 01:55:29 2009 +0200 [probes] file: disk access serialization Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 20 17:32:41 2009 +0200 [SEAP] 32 <-> 64 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 20 17:30:37 2009 +0200 [examples] Fixed test_probes.c Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Oct 20 13:03:56 2009 +0200 Fix the fix. Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Oct 19 14:11:42 2009 +0200 CPE name set functions Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Oct 16 18:59:52 2009 +0200 Setter macros Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Oct 16 18:53:34 2009 +0200 CPE fixes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 20 12:57:29 2009 +0200 [OVAL+SEAP] Fixing Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Oct 20 12:21:02 2009 +0200 Add free & new functions to public API; name refactoring Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Tue Oct 20 10:23:04 2009 +0200 Update method names to reflect coding conventions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 20 09:42:00 2009 +0200 [SEAP] Makefile.am fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 20 09:39:09 2009 +0200 [SEAP] fixed some reference leaks, added macro for controling message id width (bits) Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 20 09:32:01 2009 +0200 [probes] file: removed debug stuff Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Oct 19 17:34:27 2009 +0200 add doxygen documentation to probe-api.[ch], probe-entcmp.[ch] Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 19 16:58:33 2009 +0200 disable debug flags by default Author: Maros Barabas <mbarabas@redhat.com> Date: Sun Oct 18 17:12:28 2009 +0200 fixed memory addressing through xml substructure Author: Maros Barabas <mbarabas@redhat.com> Date: Sun Oct 18 15:07:13 2009 +0200 Added public functions for cpe_lang; Split private and static functions in cpe_lang_priv; Small fixes in cpe_dict Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat Oct 17 23:35:05 2009 +0200 [probes] file: optimization Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Oct 16 17:32:20 2009 +0200 Added public functions for cpe_dict; Split private and static functions in cpe_dict_priv; Repaired CPE dict example Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Oct 16 16:46:23 2009 +0200 [SEAP] SEXP_sizeof fix Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Oct 16 16:35:28 2009 +0200 fix sexp reference types in probe_varref_create_ctx() Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Oct 16 15:59:50 2009 +0200 fix bug in textfilecontent54 probe Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Oct 16 16:03:23 2009 +0200 [SEAP] SEXP_sizeof Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Oct 16 15:53:22 2009 +0200 fix permissions on header file Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Oct 16 15:18:56 2009 +0200 Added references parse/export; Added free functions; Fixed memory leaks; Cleaning Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Oct 16 15:03:08 2009 +0200 [probes] file: update Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Oct 16 15:02:48 2009 +0200 [probes] fixed reference leaks in findfile.c Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Oct 16 12:12:00 2009 +0200 sexp -> syschar translation fixes. - temporary hack to return item exist status - implement item type lookup Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Oct 15 19:05:26 2009 +0200 Added export functions for dict Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Oct 15 21:35:25 2009 +0200 [SEAP] fixed SEXP_rawval_list_copy Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Thu Oct 15 16:34:11 2009 +0200 Skip XML generation of unknown sysdata subtype Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Oct 15 13:54:03 2009 +0200 Removed old generating macros to allow compilation Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Oct 15 11:39:45 2009 +0200 add varref support to probe_ent_getval() Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Oct 14 18:36:28 2009 +0200 fix leaks in textfilecontent54 probe Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Oct 15 09:54:55 2009 +0200 Added export functions to cpelang Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Oct 15 11:13:19 2009 +0200 [examples] test_syschar fix #2 Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Oct 14 18:09:50 2009 +0200 prevent segfault in textfilecontent54 probe Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 14 16:31:07 2009 +0200 add oval_varModel.c file Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 14 15:55:42 2009 +0200 [probes] Fixing Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Oct 14 12:59:43 2009 +0200 fix leaks in textfilecontent54 probe Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Oct 14 14:14:49 2009 +0200 [examples] test_syschar fix Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Oct 13 17:42:31 2009 +0200 simple makefile fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 14 11:29:17 2009 +0200 [probes] removed unreliable debug code, added locking to __seap_debuglog function Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 14 01:42:22 2009 +0200 Fixing #2 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 14 00:52:28 2009 +0200 Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 14 00:50:25 2009 +0200 Added -Wnonnull to CFLAGS Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 13 23:29:12 2009 +0200 [SEAP] Added some function attributes for better bug hunting Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 13 23:23:42 2009 +0200 [probes] probe API: use hard refs rather than soft refs in functions that do not modify their arguments Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 13 17:18:44 2009 +0200 [OVAL] Don't include alloca.h on FreeBSD Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 13 17:11:36 2009 +0200 [probes] don't fetch states if it's not necessary Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Oct 13 16:54:21 2009 +0200 Added cpedict_priv with Reader parsing function Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Oct 13 10:41:46 2009 +0200 Added cpelang_priv with Reader parsing function Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Tue Oct 13 12:35:41 2009 +0200 Implementation of Variable Model + changes in system characteristic model Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 13 16:08:42 2009 +0200 [probes] Fixed reference double free Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 13 16:08:05 2009 +0200 [SEAP] More debbuging output from SEXP_free, SEXP_vfree Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 13 14:56:41 2009 +0200 [probes] fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 13 11:55:16 2009 +0200 [OVAL] fixed some reference leaks in probe-main.c Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Oct 12 17:24:24 2009 +0200 extend var_ref support in probe_worker() Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Oct 12 13:58:39 2009 +0200 adjust paths to probes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 12 12:41:24 2009 +0200 [examples] More file probe tests Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 12 11:24:09 2009 +0200 [SEAP] SEXP_string_cmp (temporary) Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 12 10:19:55 2009 +0200 [examples] Added test for file probe Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 12 10:14:10 2009 +0200 [SEAP] SEXP_number_geti_32, SEXP_number_getu_32, SEXP_number_geti_64, SEXP_number_getu_64 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 12 10:12:30 2009 +0200 [OVAL] More debugging output from oval_object_probe Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 12 10:10:30 2009 +0200 [SEAP] Fixed parsing of an empty string Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Oct 9 10:52:30 2009 +0200 add partial support for var_refs to probe_worker() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Oct 8 16:08:11 2009 +0200 Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Oct 8 15:49:01 2009 +0200 [OVAL] oval_probe.c, oval_probe.h refactoring Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Oct 8 15:47:40 2009 +0200 Define OSCAP_THREAD_SAFE in pthread_cflags Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 7 22:35:21 2009 +0200 [SEAP] SEXP_list_join fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 7 21:51:23 2009 +0200 [SEAP] Implemented SEXP_VALIDATE Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 7 18:50:05 2009 +0200 [examples] Extended sexp_list test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 7 18:49:25 2009 +0200 [SEAP] fixed SEXP_list_join for empty lists Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 7 16:58:58 2009 +0200 [SEAP] Corrected warnings when atomic functions aren't available ; Made several structures 1 byte aligned. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 7 16:52:17 2009 +0200 [probes] runlevel: fixed reference leaks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 7 16:51:36 2009 +0200 [SEAP] Added SEXP_vfree Author: Miloslav Trmač <mitr@redhat.com> Date: Tue Oct 6 18:06:43 2009 +0200 Fix quite a few warnings, many others left Author: Miloslav Trmač <mitr@redhat.com> Date: Tue Oct 6 16:40:59 2009 +0200 Hide most symbols missing from public header files Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Oct 7 12:52:11 2009 +0200 add var_ref support to oval_object_to_sexp() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 7 12:59:55 2009 +0200 mudflap.sh Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 7 11:38:37 2009 +0200 Fixed compilation with -DNDEBUG Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 7 11:37:43 2009 +0200 Added -DNDEBUG to CFLAGS_NODEBUG Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Oct 7 10:12:53 2009 +0200 [SEAP+probes] Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 6 23:15:33 2009 +0200 [probes] Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 6 22:27:35 2009 +0200 [probes] file: removed unneded reference var Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 6 22:18:19 2009 +0200 [probes] file, rpminfo: fixed reference leaks Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 6 16:46:46 2009 +0200 [probes] probe_item_attr_add fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 6 16:46:13 2009 +0200 [OVAL] fixed reference leaks in oval -> s-exp functions Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Oct 6 13:43:15 2009 +0200 Added missing *language* and *deprecated-by-nvd-id* elements Author: Maros Barabas <mbarabas@redhat.com> Date: Tue Oct 6 12:57:42 2009 +0200 Added CPELang corrections; CPEDict dump implementation Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 6 12:41:41 2009 +0200 [SEAP] SEXP_lstack_new fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Oct 6 12:21:48 2009 +0200 [probes] probe_ent_creat, probe_ent_creat1 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 5 14:55:35 2009 +0200 [probes] family_probe: fixed reference leak Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 5 10:09:02 2009 +0200 [SEAP] sch_generic_select fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 5 00:20:49 2009 +0200 [examples] Extended probe API test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 5 00:20:01 2009 +0200 [SEAP+probes] Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Oct 5 00:18:12 2009 +0200 [OVAL] oval_set -> oval_setobject Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Oct 4 21:46:45 2009 +0200 [examples] Added test for probe API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Oct 4 21:05:04 2009 +0200 [SEAP+probes] Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Oct 2 16:41:32 2009 +0200 [examples] sexp_parser test fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Oct 2 16:30:23 2009 +0200 [SEAP] SEXP_list_rest Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Oct 2 16:30:04 2009 +0200 [examples] Enabled the rest of SEAP tests Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Oct 1 14:47:56 2009 +0200 fix var_check and entity_check processing in oval_object_to_sexp() and oval_state_to_sexp() Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Sep 30 18:42:34 2009 +0200 add var_ref support to entcmp functions Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Sep 30 17:19:24 2009 +0200 make distcheck works again Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Sep 30 16:12:48 2009 +0200 [SEAP+probes] Fixing Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Sep 30 14:15:42 2009 +0200 Added CPElang export functions Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Sep 30 12:35:39 2009 +0200 adjust probe-entcmp functions to new naming Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Wed Sep 30 11:43:53 2009 +0200 refactor object_model to definition_model Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Sep 30 11:20:56 2009 +0200 use rpmvercmp() implementation from rpm project Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Sep 29 19:06:18 2009 +0200 update the rest of the probes to new api, fix several things in probe-api Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 29 17:07:00 2009 +0200 fix path to probes in make check target Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 29 14:23:49 2009 +0200 do not install header files into libopenscap dir Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 29 13:32:59 2009 +0200 fix CFLAGS set up for atomic functions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 29 13:06:03 2009 +0200 [probes] probe_obj_getentvals, probe_obj_getval, probe_item_setstatus Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 29 12:49:29 2009 +0200 [SEAP] Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 29 12:48:58 2009 +0200 [probes] Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 29 12:48:33 2009 +0200 [examples] fixed S-exp parser test Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 29 10:39:57 2009 +0200 [examples] fixes Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 29 10:10:17 2009 +0200 [examples] fixes Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 29 09:19:32 2009 +0200 do not include xmlreader.h in oval_results.h Author: barry <barry@barry.(none)> Date: Mon Sep 28 17:10:52 2009 +0200 Bindings after refactoring (OVAL's not working) Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 29 01:32:20 2009 +0200 Build system modification Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 29 01:30:17 2009 +0200 [probes] API update Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 29 01:28:48 2009 +0200 [probes] rpminfo, file, runlevel: update to new API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 29 01:14:02 2009 +0200 [SEAP] Update Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 29 00:56:40 2009 +0200 [OVAL] dummy rpmvercmp Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 29 00:55:17 2009 +0200 [examples/SEAP] New tests Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Sep 25 20:15:39 2009 +0200 Get rid of self-clearing iterators - fix several memory leaks - FOREACH for string iterators - Examples use OSCAP_FOREACH{,_str} Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Sep 25 18:07:31 2009 +0200 Refactoring: enumerations Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Sep 25 16:26:14 2009 +0200 Refactoring: free & get functions Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Sep 25 14:10:15 2009 +0200 Add OSCAP_FOREACH macro Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Fri Sep 25 16:40:55 2009 +0200 bug fix for tested-item generation Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Sep 25 12:22:48 2009 +0200 Port probes to the new API Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Sep 25 12:21:06 2009 +0200 Port examples to the new API + fixes Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Fri Sep 25 11:29:05 2009 +0200 OVAL refactoring + OVAL result bug fixes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Sep 23 16:52:34 2009 +0200 [probes] Update to new API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 22 19:14:25 2009 +0200 Fixed gcc atomic builtins checking Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Sep 22 16:20:24 2009 +0200 check for gcc atomic functions before build Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 22 13:05:27 2009 +0200 Added -march=native to CFLAGS Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 22 12:49:21 2009 +0200 [probes] Use new SEAP API functions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Sep 21 04:02:53 2009 +0200 [SEAP] Memory mgmt. related changes, fixes, etc. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Sep 21 04:02:16 2009 +0200 [SEAP/generic] Added strbuf_fwrite Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Sep 21 03:58:23 2009 +0200 [probes] Small fix in set_eval Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Sep 17 14:29:18 2009 +0200 OVAL documentation Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Wed Sep 16 16:24:20 2009 +0200 Updates to Oval Results model Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Sep 15 14:46:34 2009 +0200 make automake use "silent rules" by default if they are supported Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Sep 14 03:41:37 2009 +0200 [SEAP] New memory mgmt. & related changes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Sep 14 03:41:30 2009 +0200 [SEAP/generic] string buffer API Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Sep 14 03:41:15 2009 +0200 [probes] New API skeleton Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Sep 11 10:10:36 2009 +0200 [SEAP] Part of the new memory management Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Sep 8 17:10:01 2009 +0200 fix regex processing in textfilecontent54 probe Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Sep 7 17:08:00 2009 +0200 fix bugs in oval behaviors entity processing Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Sep 3 15:42:36 2009 +0200 add functions for generating item ids Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Wed Sep 2 16:05:36 2009 +0200 results impl. + definition model change * further the implementation of OVAL results * changes to the oval_definition model * oval_state_content api added * simplified oval_behavior api Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Aug 26 20:23:47 2009 +0200 Syschar memory management fixes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Aug 25 19:35:03 2009 +0200 End of line conversion Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Tue Aug 25 15:07:44 2009 +0200 results updates Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Aug 21 18:14:59 2009 +0200 fix potential crashes Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Fri Aug 21 15:16:39 2009 +0200 Some leak fixes Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Fri Aug 21 15:14:42 2009 +0200 memory management Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Sep 1 14:53:39 2009 +0200 fix bugs in find_files(), test_findfile.c, oval_behavior_to_sexp(), fsdev_search() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Sep 1 11:27:31 2009 +0200 [SEAP+probes] Fixing Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 25 17:54:30 2009 +0200 adjust find_files arg processing Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 25 16:26:08 2009 +0200 add behavior entity processing to oval_object_to_sexp Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 25 15:42:01 2009 +0200 correct arg type Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Aug 20 11:26:21 2009 +0200 SEXP to syschar 'mask' support Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 19 17:29:54 2009 +0200 new release Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 19 12:26:21 2009 +0200 [SEAP+probes] Use thread safe code; Added filename to debug output Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 19 12:13:48 2009 +0200 [common] added bfind Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Aug 17 17:37:54 2009 +0200 add support for POSIX regex Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 17 13:10:39 2009 +0200 [probes] rpminfo probe fix #2 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 17 13:01:24 2009 +0200 [probes] rpminfo probe fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 17 12:53:42 2009 +0200 [probes] rpminfo probe update #2 Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 17 12:49:27 2009 +0200 change "inline" to "static inline" Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 17 12:19:02 2009 +0200 [SEAP+probes] Fixing, updates, etc. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 17 12:18:20 2009 +0200 [probes] file probe fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 17 12:17:48 2009 +0200 [SEAP] pqueue update Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 17 12:15:05 2009 +0200 [probes] rpminfo probe update Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Aug 14 14:27:10 2009 +0200 set default operations for entity comparison Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Aug 14 13:59:58 2009 +0200 proper usage of operation attr. in find_files Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 14 12:38:15 2009 +0200 [SEAP] parser fix Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 13 17:12:36 2009 +0200 init behaviors in {text,xml}filecontent probes Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 13 16:03:02 2009 +0200 findfiles() handle filename value == NULL Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 13 16:28:58 2009 +0200 [probes] file probe fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 13 12:35:32 2009 +0200 [probes] New probe: file Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Aug 12 21:36:23 2009 +0200 Removed test_rpminfo Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 12 18:00:31 2009 +0200 Add family probe Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 12 11:08:30 2009 +0200 call assert on findfiles() arguments Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 11 12:02:24 2009 +0200 add configuration summary at the end of ./configure run Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Aug 10 20:19:51 2009 +0200 Build system modifications Add initial support for automatic probe selection Move rpminfo probe to the linux section Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Aug 10 14:40:06 2009 +0200 make the behaviors entity of textfilecontent54 and xmlfilecontent objects not mandatory Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Aug 10 10:56:26 2009 +0200 Initial SEXP to syschar conversion Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 7 12:40:48 2009 +0200 [SEAP] Added pqueue Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 7 12:39:54 2009 +0200 Changed probe_object prototype Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 7 12:38:13 2009 +0200 Almost working SEXP_OVALset_eval version & friends Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 7 12:32:27 2009 +0200 [SEAP] Fixing, new functions, etc. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 7 12:28:35 2009 +0200 [SEAP] Added sm_memalign function Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Aug 7 12:27:19 2009 +0200 [probe API] Implemented set/get datatype; Added SEXP_OVALelm_name_* functions Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 6 18:06:13 2009 +0200 compile with all probes, temporary solutions until we have automatic detection in configure Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 6 17:11:34 2009 +0200 Fixing #2 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 6 16:45:22 2009 +0200 [SEAP] Fixed include paths in bitmap.c Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 6 16:41:21 2009 +0200 include correct header file in findfile Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 6 16:15:54 2009 +0200 Fixing... Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Aug 6 14:33:40 2009 +0200 findfile optimizations Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 5 17:04:27 2009 +0200 update textfilecontent54 probe Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Aug 5 12:13:46 2009 +0200 add probes to the probe lookup table Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Aug 6 01:47:45 2009 +0200 [SEAP] Fixed invalid whitespace handling Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Aug 5 10:49:00 2009 +0200 new test that calls probe() on simple objects Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Wed Aug 5 09:19:35 2009 +0200 fix consumers that did not create copies, replace malloc_string() by strdup() Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Aug 4 15:54:12 2009 +0200 add rest of the SEXP_OVALset_eval helper functions and fucntions for comparing entities Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Aug 4 14:19:06 2009 +0200 quick fixes to David's patch Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Tue Aug 4 14:17:02 2009 +0200 update oval model heap management Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 3 16:27:55 2009 +0200 [SEAP+probes] Fixing Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 3 14:42:45 2009 +0200 adjust fedora spec file Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 3 14:13:12 2009 +0200 include missing header files in tarball Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 3 13:47:34 2009 +0200 include header file in tarball Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 3 12:14:46 2009 +0200 fix libexec path Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 3 14:01:48 2009 +0200 [SEAP] Fixing #2 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 3 13:32:47 2009 +0200 [SEAP] Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 3 13:02:06 2009 +0200 [SEAP] Make SEAP compilable again Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 3 12:57:42 2009 +0200 [common] Get rid of "dereferencing type-punned pointer" warnings Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 3 12:36:55 2009 +0200 [SEAP] Get rid of "dereferencing type-punned pointer" warnings Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Aug 3 12:20:06 2009 +0200 [SEAP] Refactoring #2 + fixing Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Aug 3 10:19:29 2009 +0200 fix uninitialzed variables Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jul 31 13:14:18 2009 +0200 remove unneeded tests, fix xccdf test Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jul 31 12:44:39 2009 +0200 [SEAP] Fixed Makefile.am Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Fri Jul 31 12:03:46 2009 +0200 several of TODOs Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jul 30 15:12:33 2009 +0200 use common/oscap_alloc funcions in rpminfo probe Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jul 30 14:33:41 2009 +0200 implement oval_value_{bool,float,int} functions Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 28 16:33:00 2009 +0200 add SEXP_OVALset_eval helper function Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jul 28 14:21:10 2009 +0200 System characteristics example + fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 28 15:57:31 2009 +0200 [SEAP] Fix of the previous commit... Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 28 15:44:13 2009 +0200 [SEAP] Define own version of __CONCAT - __XCONCAT Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 28 15:04:20 2009 +0200 SEXP_OVALset_eval rewrite Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 28 15:01:30 2009 +0200 [SEAP] Allow nesting of SEXP_list_foreach & SEXP_sublist_foreach without compiler warnings Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 27 00:40:31 2009 +0200 [SEAP] Initial implementation of SEAP commands Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 27 00:39:18 2009 +0200 Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 27 00:33:58 2009 +0200 [SEAP] Reset errno in strto_* functions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 27 00:31:58 2009 +0200 [SEAP] S-exp parser fix Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Jul 23 16:44:02 2009 +0200 Get rid of nested functions. Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Jul 23 13:30:36 2009 +0200 Fix OVAL compiler warnings. Except for the nested-function-related ones... Author: David Niemoller <David.Niemoller@g2-inc.com> Date: Wed Jul 22 15:08:23 2009 +0200 Populating System Characteristics Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 22 16:31:44 2009 +0200 Fixed compilation of tests Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jul 21 16:53:22 2009 +0200 Use oscap_free also as a function pointer (C[CPV]E, XCCDF). Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 21 16:30:05 2009 +0200 malloc wrapper modification Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 21 14:39:47 2009 +0200 Define the _A(x) macro in malloc wrapper Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jul 21 12:49:04 2009 +0200 Make CCE, CPE, CVE, XCCDF use oscap_{c,re,}alloc and oscap_free. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 21 14:25:12 2009 +0200 Fixed typos/bugs in malloc wrapper Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 21 10:25:41 2009 +0200 New malloc wrapper Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 21 10:24:24 2009 +0200 Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jul 20 21:58:09 2009 +0200 [SEAP] Code refactoring - public/private API split - new malloc wrapper - some bugs fixed Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Jul 16 15:58:43 2009 +0200 Repaired bindings for new API Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Jul 16 12:04:25 2009 +0200 Move string to enum maps to src/common Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jul 15 19:20:54 2009 +0200 Minor tweaks with src/common. * add oscap_cleanup function to oscap.h * add oscap_string_iterator to oscap.h * adjust the code and the examples to use it Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jul 15 18:31:49 2009 +0200 Make XCCDF use src/common/list Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jul 15 14:27:51 2009 +0200 CVSS: API rewrite Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jul 15 13:54:17 2009 +0200 CCE: API rewrite Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jul 14 17:51:34 2009 +0200 CVE: API rewrite Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jul 14 10:07:41 2009 +0200 CPE: API rewrite Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jul 14 10:02:41 2009 +0200 Move some code from XCCDF to src/common. Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Jul 13 19:18:31 2009 +0200 XCCDF: resolve compiler warnings Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Jul 2 12:23:30 2009 +0200 expose xccdf_set_value_delete to the internal API Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Jul 10 14:24:01 2009 +0200 Adjust textfilecontent54 probe for the new probe api Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Jul 15 10:54:29 2009 +0200 [SEAP] strto_* functions for signed ints and doubles Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 14 15:53:26 2009 +0200 Enable debugging by default Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Jul 14 14:56:26 2009 +0200 add xmlfilecontent probe Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 14 03:17:25 2009 +0200 Updated runlevel probe Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 14 03:15:40 2009 +0200 [SEAP] Initial implementation of strto_* functions Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 14 03:11:58 2009 +0200 Nicer debugging output Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 14 03:03:43 2009 +0200 Probe related modifications - better handling of probe_init & probe_fini - started rewriting the probe engine to use threads Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Jul 13 16:58:40 2009 +0200 fix several bugs in find_files causing aborts Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jul 10 17:09:15 2009 +0200 Support for probe_init & probe_fini Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri Jul 10 17:08:20 2009 +0200 Build system modification - compile shared probe sources into libprobe.a Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Jul 9 16:41:45 2009 +0200 fix autotools stuff Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Jul 8 13:52:27 2009 +0200 Add XCCDF bindings Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Jul 8 15:29:39 2009 +0200 Add missing function generators. Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Jul 2 10:06:28 2009 +0200 More XCCDF parsing Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jun 9 15:58:47 2009 +0200 Resolve fixrefs Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Tue Jun 9 15:34:26 2009 +0200 More Rule::check parsing - parse check-import and check-export - parse fixes and fixtexts - parse profile notes - parse complex checks - add an active check property to the rule struct - library cleanup function Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Mon Jun 8 14:52:44 2009 +0200 requires + conflicts Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 7 17:45:31 2009 +0200 probe_object example & fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jul 7 04:56:17 2009 +0200 - Initial implementation of SEAP commands - SEXP API extensions & modifications - Probe API modifications Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jul 2 10:58:13 2009 +0200 findfile.[ch] modifications Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Jun 18 13:51:03 2009 +0200 Added textfilecontent54 probe Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Jun 14 19:48:23 2009 +0200 test_xccdf.sh fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun Jun 14 19:47:46 2009 +0200 probe API modifications Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jun 8 15:13:53 2009 +0200 find_files(): operation=equals for filename Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 5 17:26:19 2009 +0200 find_files fixes * slash add the end of path * callback to setting structure * do not append $ to the path Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Jun 5 11:43:23 2009 +0200 make xccdf_dump.c compile Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Jun 4 22:53:03 2009 +0200 Fixing Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Jun 4 20:26:54 2009 +0200 XCCDF Makefile Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Jun 4 20:09:39 2009 +0200 XCCDF docs update. Adjust internal comments so that Doxygen ignores them. Update documentation title page. Fix include in the XCCDF example. Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Thu Jun 4 18:37:47 2009 +0200 XCCDF Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Jun 3 16:54:04 2009 +0200 find_files use callback to returnd results Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Jun 2 17:15:17 2009 +0200 Fixed bugs in probe API & sexp-output.c Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jun 1 16:14:22 2009 +0200 Merge branch 'devel' of ssh://g-dkopecek@localhost:2222/git/openscap into devel Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jun 1 16:09:54 2009 +0200 Fixing Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Jun 1 15:59:19 2009 +0200 use regular expressions on paths in find_files() Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jun 1 15:44:37 2009 +0200 Recognize SEAP_NDEBUG environment variable Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Jun 1 14:05:57 2009 +0200 Updated runlevel probe Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun May 31 16:55:08 2009 +0200 rpminfo probe update Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun May 31 15:33:04 2009 +0200 Initial support for multiple instances of a element at the same level Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun May 31 03:39:16 2009 +0200 - probe API modifications - SEXP API modifications - Several new functions & fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu May 28 17:03:17 2009 +0200 Merge branch 'devel' of ssh://g-dkopecek@localhost:2222/git/openscap into devel Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu May 28 17:00:52 2009 +0200 SEXP API modifications Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu May 28 16:59:14 2009 +0200 add testsuit for find_file() Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu May 28 13:06:58 2009 +0200 adjust find_file() output Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu May 28 12:34:39 2009 +0200 Fixed SEXP_printfa Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 27 17:20:18 2009 +0200 - Extended test_sexpoval.c - Fixing Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed May 27 17:02:34 2009 +0200 add find_file(), that search directory tree Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed May 27 11:34:47 2009 +0200 Fixed SEXP_strcmp Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 26 17:22:48 2009 +0200 Accept NULL value in SEXP_OVALelm_create Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 26 16:20:28 2009 +0200 Added test for S-exp OVAL functions in probe.c Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 26 16:20:04 2009 +0200 Fixing... Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 26 01:00:56 2009 +0200 - New functions for handling S-exp OVAL objects - Fixed several bugs in SEAP source code Author: Daniel Kopecek <dkopecek@dhcp-lab-166.englab.brq.redhat.com> Date: Wed May 20 15:10:03 2009 +0200 Fixing #2 Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 19 17:05:14 2009 +0200 Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 19 16:48:13 2009 +0200 New probe: runlevel Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 12 17:26:05 2009 +0200 Merge branch 'devel' of ssh://g-dkopecek@localhost:2222/git/openscap into devel Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue May 12 17:18:31 2009 +0200 Merge branch 'devel' of ssh://g-pvrabec@git.et.redhat.com/git/openscap into devel Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue May 12 14:15:02 2009 +0200 Revert "fixed several lint warnings" - because it should have been rebased This reverts commit eabd33a7238b399b1c5f0b4252cf599c895015fe. Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon May 4 13:49:39 2009 +0200 rpminfo: check the number of rpminfo_rep structures Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon May 4 12:51:47 2009 +0200 - Fixed parser test - S-exp parser modifications Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun May 3 13:02:39 2009 +0200 probe_simple_object modifications Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat May 2 19:40:26 2009 +0200 Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat May 2 16:23:30 2009 +0200 - OVAL<->S-exp interface modifications - SEAP modifications - Fixed inconsistencies in rpminfo probe Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat May 2 01:00:06 2009 +0200 - New configure option for enabling/disabling bindings - New S-exp string object manipulation functions - Changes to the OVAL<->S-exp interface Author: Daniel Kopecek <dkopecek@dhcp-lab-166.englab.brq.redhat.com> Date: Fri May 1 19:01:01 2009 +0200 Compile probes after libopenscap.so is available Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 1 14:09:23 2009 +0200 Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 1 13:01:23 2009 +0200 New configure option for enabling/disabling Fedora/RHEL probes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 1 01:48:51 2009 +0200 Re-enabled compilation of bindings Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 1 01:34:04 2009 +0200 - Fixed pthread rwlock initialization - Removed THREAD_SAFE macro definition from SEAP/Makefile.am Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 1 01:09:45 2009 +0200 Fixed typo in configure.ac Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 1 00:49:10 2009 +0200 - Enabled S-exp parser tests - Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 30 23:42:39 2009 +0200 Cleanup of SEAP source code Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 30 14:11:35 2009 +0200 Fixed OVAL/Makefile.am Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 30 14:00:35 2009 +0200 - integrated SEAP and probes into the build system - added probe_simple_object and prototypes of functions for oval<->seap interface Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue May 12 16:54:50 2009 +0200 use perl config module to detect correct paths Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 12 16:20:35 2009 +0200 New configure option: --enable-debug Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue May 12 15:48:38 2009 +0200 - Removed config directory - Added s-exp object validity checking Author: Tomas Heinrich <theinric@redhat.com> Date: Tue May 12 14:30:15 2009 +0200 fixed several lint warnings Author: Tomas Heinrich <theinric@redhat.com> Date: Thu May 7 15:58:18 2009 +0200 fixed several lint warnings Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon May 4 13:53:28 2009 +0200 make distcheck work again Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon May 4 13:49:39 2009 +0200 rpminfo: check the number of rpminfo_rep structures Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon May 4 12:51:47 2009 +0200 - Fixed parser test - S-exp parser modifications Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sun May 3 13:02:39 2009 +0200 probe_simple_object modifications Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat May 2 19:40:26 2009 +0200 Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat May 2 16:23:30 2009 +0200 - OVAL<->S-exp interface modifications - SEAP modifications - Fixed inconsistencies in rpminfo probe Author: Daniel Kopecek <dkopecek@redhat.com> Date: Sat May 2 01:00:06 2009 +0200 - New configure option for enabling/disabling bindings - New S-exp string object manipulation functions - Changes to the OVAL<->S-exp interface Author: Daniel Kopecek <dkopecek@dhcp-lab-166.englab.brq.redhat.com> Date: Fri May 1 19:01:01 2009 +0200 Compile probes after libopenscap.so is available Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 1 14:09:23 2009 +0200 Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 1 13:01:23 2009 +0200 New configure option for enabling/disabling Fedora/RHEL probes Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 1 01:48:51 2009 +0200 Re-enabled compilation of bindings Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 1 01:34:04 2009 +0200 - Fixed pthread rwlock initialization - Removed THREAD_SAFE macro definition from SEAP/Makefile.am Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 1 01:09:45 2009 +0200 Fixed typo in configure.ac Author: Daniel Kopecek <dkopecek@redhat.com> Date: Fri May 1 00:49:10 2009 +0200 - Enabled S-exp parser tests - Fixing Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 30 23:42:39 2009 +0200 Cleanup of SEAP source code Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 30 14:11:35 2009 +0200 Fixed OVAL/Makefile.am Author: Daniel Kopecek <dkopecek@redhat.com> Date: Thu Apr 30 14:00:35 2009 +0200 - integrated SEAP and probes into the build system - added probe_simple_object and prototypes of functions for oval<->seap interface Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Apr 30 13:16:45 2009 +0200 fedora spec file fix Author: Daniel Kopecek <dkopecek@redhat.com> Date: Wed Apr 29 22:22:17 2009 +0200 - rpminfo probe prototype - SEAP modifications Author: Daniel Kopecek <dkopecek@redhat.com> Date: Tue Apr 28 13:58:52 2009 +0200 SEAP protocol modifications, fixes, etc. Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Apr 27 13:51:57 2009 +0200 fixing multiple outputs problem in make Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Apr 23 17:01:04 2009 +0200 install perl binding to right paths - adjust spec file Author: Maros Barabas <mbarabas@redhat.com> Date: Thu Apr 23 10:45:51 2009 +0200 Repaired bindings Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Apr 23 11:04:40 2009 +0200 add Maros Barabas to Authors file Author: Daniel Kopecek <dkopecek@redhat.com> Date: Mon Apr 20 15:08:45 2009 +0200 - Initial support for probes - Imported SEAP source code + tests Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Apr 20 14:29:56 2009 +0200 swig - export proper OVAL api Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Apr 17 14:16:03 2009 +0200 * Added perl bindings * Repaired RHEL5 perl bindings functionality -> added _GNU_SOURCE macro to CCFLAGS Author: Maros Barabas <mbarabas@redhat.com> Date: Wed Apr 15 14:28:08 2009 +0200 Added OVAL python bindings Author: Daniel Kopecek <mildew@paranoiac.(none)> Date: Mon Apr 20 12:09:31 2009 +0200 Fixed runtests.sh Author: Daniel Kopecek <mildew@paranoiac.(none)> Date: Fri Apr 17 14:52:47 2009 +0200 More checks in runtests.sh Author: Daniel Kopecek <mildew@paranoiac.(none)> Date: Fri Apr 17 13:38:53 2009 +0200 Added runtests.sh Author: Peter Vrabec <pvrabec@redhat.com> Date: Thu Apr 9 11:26:41 2009 +0200 update NEWS and spec file Author: Tomas Heinrich <theinric@redhat.com> Date: Wed Apr 8 16:05:22 2009 +0200 OVAL API update and fixes - updated API and example - removed some unneeded code - fixed several datatype names - use 'git log' instead of 'git-log' Author: Peter Vrabec <pvrabec@redhat.com> Date: Wed Apr 8 15:42:12 2009 +0200 fixes on python bindings - link python bindings with already compiled libtool archives - merge cpe into one library Author: Barry <barry@barry.englab.brq.redhat.com> Date: Tue Apr 7 16:39:50 2009 +0200 Repaired ldflags and la_sources in CPE, CCE and CVE Author: Maros Barabas <mbarabas@redhat.com> Date: Fri Apr 3 15:04:39 2009 +0200 Added python bindings Author: Daniel Kopecek <dkopecek@dhcp-lab-166.englab.brq.redhat.com> Date: Tue Apr 7 00:08:42 2009 +0200 distcheck works now Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Apr 6 21:24:19 2009 +0200 OVAL: created a first rough test in examples/OVAL/ Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Apr 3 12:24:02 2009 +0200 OVAL: add license info into every source - add OVAL files to doxygen Author: Tomas Heinrich <theinric@redhat.com> Date: Fri Apr 3 00:36:10 2009 +0200 OVAL: tweaks to sources and Makefile to make OVAL compilable Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Apr 2 22:24:14 2009 +0200 OVAL: update (reformated sources using dos2unix and indent) Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Apr 2 17:54:19 2009 +0200 OVAL: changed directory structure Author: Lukas Kuklinek <lkuklinek@redhat.com> Date: Wed Apr 1 14:54:52 2009 +0200 enhancing Doxygen-generated documentation - added title page - adjusted Doxyfile - divided into modules corresponding to libraries for better navigation - added more accurate CCE documentation - added CPE Language test + sample CPE language XML (in examples/) Author: Tomas Heinrich <theinric@redhat.com> Date: Tue Mar 31 18:03:14 2009 +0200 resolve compiler warnings Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Mar 30 16:08:38 2009 +0200 do not require ChangeLog by autotools Author: Peter Vrabec <pvrabec@redhat.com> Date: Sun Mar 29 13:19:20 2009 +0200 spec file fixes Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Mar 27 17:50:38 2009 +0100 do not link examples with libxml, libpcre! Author: Tomas Heinrich <theinric@redhat.com> Date: Thu Mar 26 15:28:35 2009 +0100 OVAL API update Author: Peter Vrabec <pvrabec@redhat.com> Date: Tue Mar 24 15:32:50 2009 +0100 generate ChangeLog by make dist Author: Daniel Kopecek <mildew@sapropelus.(none)> Date: Mon Mar 23 21:05:31 2009 +0100 - disabled compilation of OVAL - fixed CCE headers installation Author: Daniel Kopecek <mildew@sapropelus.(none)> Date: Mon Mar 23 18:27:34 2009 +0100 Fixed src/CCE/ & examples/ Makefiles Author: Daniel Kopecek <mildew@sapropelus.(none)> Date: Mon Mar 23 17:55:12 2009 +0100 Merge branch 'master' of ssh://g-dkopecek@localhost:2222/git/openscap Author: Daniel Kopecek <mildew@sapropelus.(none)> Date: Mon Mar 23 17:50:47 2009 +0100 Enabled CPE test Author: Tomas Heinrich <theinric@redhat.com> Date: Mon Mar 23 16:34:10 2009 +0100 Corrected test_cvsscalc.py path Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Mar 23 14:43:47 2009 +0100 CVE cleanup - $indent -linux and dos2unix - adjust structure names (lower case + "_") Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Mar 23 14:28:49 2009 +0100 CPE cleanup - $indent -linux and dos2unix - adjust function names (lower case + "_") Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Mar 23 13:44:36 2009 +0100 CCE cleanup - $indent -linux and dos2unix - reduce file list - adjust function names (lower case + "_") Author: Daniel Kopecek <mildew@sapropelus.(none)> Date: Mon Mar 23 13:05:56 2009 +0100 Added input file & wrapper script for the CVE test Author: Daniel Kopecek <mildew@sapropelus.(none)> Date: Mon Mar 23 13:04:35 2009 +0100 Modified & enabled CVE test Author: Daniel Kopecek <mildew@sapropelus.(none)> Date: Mon Mar 23 12:42:43 2009 +0100 Enabled CVSS test Author: Peter Vrabec <pvrabec@redhat.com> Date: Mon Mar 23 10:57:22 2009 +0100 - CCE API changes - hide implementation details - examples update (cce, cpe, cve) - add bit of documentation - fix warnings Author: Peter Vrabec <pvrabec@redhat.com> Date: Fri Mar 20 16:50:59 2009 +0100 autogen.sh install symlinks in ./config adjust existed symlinks in ./config Author: Daniel Kopecek <mildew@sapropelus.(none)> Date: Wed Mar 18 16:44:26 2009 +0100 Enabled compiling of CPE tests Author: Daniel Kopecek <mildew@sapropelus.(none)> Date: Wed Mar 18 15:26:22 2009 +0100 Initial support for make check Author: Peter Vrabec <pvrabec@wrabco.englab.brq.redhat.com> Date: Tue Mar 17 16:58:23 2009 +0100 use flags: "-W -Wall -Wshadow -Wformat -Wundef" Author: mildew <mildew@sapropelus.(none)> Date: Mon Mar 16 15:14:30 2009 +0100 CCE: Applied patch from Lukas Kuklinek <lkuklinek@redhat.com> Author: Daniel Kopecek <mildew@sapropelus.(none)> Date: Mon Mar 16 11:13:12 2009 +0100 configure: show default values Author: Daniel Kopecek <mildew@sapropelus.(none)> Date: Fri Mar 13 12:34:44 2009 +0100 - Fixed swig/cvsscalc* compilation - re-included swig/ in Makefile.am Author: Daniel Kopecek <mildew@sapropelus.(none)> Date: Fri Mar 13 12:34:35 2009 +0100 Added acinclude.m4 which contains AM_CHECK_PYTHON_HEADERS and AC_PROG_SWIG Author: Daniel Kopecek <mildew@sapropelus.(none)> Date: Fri Mar 13 02:43:33 2009 +0100 Fixed public header destination dir Author: Daniel Kopecek <mildew@sapropelus.(none)> Date: Fri Mar 13 01:14:28 2009 +0100 autogen.sh cleanup Note: mildew == Daniel Kopecek Author: mildew <mildew@sapropelus.(none)> Date: Fri Mar 13 01:07:43 2009 +0100 *.{am,ac} fixes Author: mildew <mildew@sapropelus.(none)> Date: Fri Mar 13 00:32:22 2009 +0100 Junk Author: mildew <mildew@sapropelus.(none)> Date: Fri Mar 13 00:21:46 2009 +0100 Excluded examples/ in Makefile.am Author: mildew <mildew@sapropelus.(none)> Date: Fri Mar 13 00:20:25 2009 +0100 Added config dir Author: mildew <mildew@sapropelus.(none)> Date: Fri Mar 13 00:19:52 2009 +0100 Deleted junk Author: mildew <mildew@sapropelus.(none)> Date: Fri Mar 13 00:18:27 2009 +0100 Added configure.ac Author: mildew <mildew@sapropelus.(none)> Date: Fri Mar 13 00:17:22 2009 +0100 OVAL: changed liboval dir to includes Author: mildew <mildew@sapropelus.(none)> Date: Fri Mar 13 00:16:06 2009 +0100 CPE: added cpe.h Author: mildew <mildew@sapropelus.(none)> Date: Fri Mar 13 00:13:44 2009 +0100 Added Makefile.am where needed Author: mildew <mildew@sapropelus.(none)> Date: Thu Mar 12 12:40:44 2009 +0100 New directory structure Author: Peter Vrabec <pvrabec@wrabco.englab.brq.redhat.com> Date: Thu Mar 5 15:24:55 2009 +0100 add autogen.sh to update generated config. files Author: Peter Vrabec <pvrabec@wrabco.englab.brq.redhat.com> Date: Mon Feb 9 17:52:56 2009 +0100 openscap-0.1.2 Author: Peter Vrabec <pvrabec@wrabco.englab.brq.redhat.com> Date: Mon Feb 9 17:40:49 2009 +0100 CPE support autotools and specfile adjust ---- there is mistake in my previous commit comment, I meant CVE not CPE. ` Author: Peter Vrabec <pvrabec@wrabco.englab.brq.redhat.com> Date: Mon Feb 2 16:17:27 2009 +0100 CPE support autotools and specfile adjust Author: Peter Vrabec <pvrabec@wrabco.englab.brq.redhat.com> Date: Fri Jan 16 15:27:38 2009 +0100 * create fedora specfile * adjust autotools configuration * include correct copy of LGPLv2+ Author: Peter Vrabec <pvrabec@pluto.(none)> Date: Sun Jan 11 22:10:07 2009 +0100 cvss library Author: Peter Vrabec <pvrabec@wrabco.englab.brq.redhat.com> Date: Mon Nov 3 17:58:30 2008 +0100 Initial commit
Close
