Merge branch 'maint-1.3'

 Conflicts:
	CMakeLists.txt
	release_tools/versions.sh

Author: jan-cerny

.travis.yml

@@ -33,11 +33,8 @@ matrix:
         - export CC=gcc-7 GCOV=gcov-7
         - cd build
       script:
-        - CFLAGS="--coverage -ftest-coverage -fprofile-arcs" LDFLAGS=-lgcov cmake -DCMAKE_BUILD_TYPE=Debug ../
+        - cmake -DCMAKE_BUILD_TYPE=Debug ../
         - build-wrapper-linux-x86-64 --out-dir bw-output make all || true  # Will always fail builds on forked repositories.
-        - make all
-        - CTEST_OUTPUT_ON_FAILURE=1 ctest || { test "$SEND_COVERAGE_EVEN_IF_TESTS_FAIL" = yes && curl -s https://codecov.io/bash > cov.sh && bash cov.sh -x "$GCOV"; }
-        - bash ../tests/recursively_generate_gcov.sh . || true  # Failures that occur here are harmless
         - cd .. && sonar-scanner || true  # Will always fail builds on forked repositories.
       after_success:
         - curl -s https://codecov.io/bash > cov.sh && bash cov.sh -x "$GCOV"
@@ -46,7 +43,7 @@ matrix:
       before_install:
         - brew update
         - brew upgrade python
-        - brew install doxygen --with-graphviz
+        - brew install doxygen
         - brew install opendbx
         - brew install popt
         - brew install swig

CMakeLists.txt

@@ -26,7 +26,7 @@ endif()
 set(LT_CURRENT 25)
 
 ## increment any time the source changes; set 0 to if you increment CURRENT
-set(LT_REVISION 0)
+set(LT_REVISION 1)
 
 ## increment if any interfaces have been added; set to 0
 ## if any interfaces have been changed or removed. removal has
@@ -123,6 +123,9 @@ endif()
 find_package(PythonInterp 3)
 find_package(PythonLibs 3)
 
+set(PREFERRED_PYTHON_PATH "${PYTHON_EXECUTABLE}")
+set(PYTHON3_PATH "${PYTHON_EXECUTABLE}")
+
 find_package(RPM)
 if(RPM_FOUND)
 	check_library_exists("${RPM_LIBRARY}" rpmReadConfigFiles "" HAVE_RPMREADCONFIGFILES)
@@ -286,6 +289,7 @@ endif()
 cmake_dependent_option(ENABLE_OSCAP_UTIL_AS_RPM "enable the scap-as-rpm utility, this lets you package SCAP data as RPMs" ON "NOT WIN32" OFF)
 cmake_dependent_option(ENABLE_OSCAP_UTIL_SSH "enables the oscap-ssh utility, this lets you scan remote machines over ssh" ON "NOT WIN32" OFF)
 cmake_dependent_option(ENABLE_OSCAP_UTIL_VM "enables the oscap-vm utility, this lets you scan VMs and VM storage images" ON "NOT WIN32" OFF)
+cmake_dependent_option(ENABLE_OSCAP_UTIL_PODMAN "enables the oscap-podman utility, this lets you scan Podman containers and container images" ON "NOT WIN32" OFF)
 cmake_dependent_option(ENABLE_OSCAP_UTIL_CHROOT "enables the oscap-chroot utility, this lets you scan entire chroots using offline scanning" ON "NOT WIN32" OFF)
 
 # ---------- TEST-SUITE SWITCHES
@@ -352,6 +356,7 @@ message(STATUS "oscap-docker: ${ENABLE_OSCAP_UTIL_DOCKER}")
 message(STATUS "scap-as-rpm: ${ENABLE_OSCAP_UTIL_AS_RPM}")
 message(STATUS "oscap-ssh: ${ENABLE_OSCAP_UTIL_SSH}")
 message(STATUS "oscap-vm: ${ENABLE_OSCAP_UTIL_VM}")
+message(STATUS "oscap-podman: ${ENABLE_OSCAP_UTIL_PODMAN}")
 message(STATUS "oscap-chroot: ${ENABLE_OSCAP_UTIL_CHROOT}")
 message(STATUS " ")
 
@@ -491,7 +496,13 @@ add_subdirectory("schemas")
 add_subdirectory("xsl")
 add_subdirectory("cpe")
 add_subdirectory("swig")
-configure_file("run.in" "run" @ONLY)
+configure_file("run.in" ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/run @ONLY)
+configure_file("oscap_wrapper.in" ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/oscap_wrapper @ONLY)
+file(
+	COPY "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/run" "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/oscap_wrapper"
+	DESTINATION ${CMAKE_BINARY_DIR}
+	FILE_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+)
 
 if(NOT WIN32)
 	# pkgconfig file
@@ -526,14 +537,16 @@ set(CPACK_SOURCE_IGNORE_FILES
 	"~$"
 	"\\\\CMakeLists.txt.user"
 )
-set(CPACK_GENERATOR WIX)
+if(WIN32)
+	set(CPACK_GENERATOR WIX)
+	set(CPACK_WIX_PATCH_FILE "${CMAKE_SOURCE_DIR}/wix_patch.xml")
+endif()
 set(CPACK_PACKAGE_NAME "OpenSCAP")
 set(CPACK_PACKAGE_VENDOR "OpenSCAP Project")
 set(CPACK_PACKAGE_VERSION_MAJOR "${OPENSCAP_VERSION_MAJOR}")
 set(CPACK_PACKAGE_VERSION_MINOR "${OPENSCAP_VERSION_MINOR}")
 set(CPACK_PACKAGE_VERSION_PATCH "${OPENSCAP_VERSION_PATCH}")
 set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/lgpl-2.1.rtf")
-set(CPACK_WIX_PATCH_FILE "${CMAKE_SOURCE_DIR}/wix_patch.xml")
 set(CPACK_PACKAGE_CHECKSUM SHA512)
 
 include(CPack)

NEWS

@@ -1,3 +1,49 @@
+openscap-1.3.1                                                  12-06-2018
+  - New features
+    - Support for SCAP 1.3 Source Datastreams (evaluating, XML schemas,
+      validation)
+    - Introduced `oscap-podman` -- a tool for SCAP evaluation of Podman
+      images and containers (rhbz#1642373)
+    - Tailoring files are included in ARF result files (#902)
+    - OVAL details are always shown in HTML report, users do not have to
+      provide `--oval-results` on command line
+    - HTML report displays OVAL test details also for OVAL tests included
+      from other OVAL definitions using `extend_definition` (#916, #954)
+    - OVAL test IDs are shown in HTML report
+    - Rule IDs are shown in HTML guide (#1293)
+    - Added `block_size` in Linux `partition_state` defined in OVAL 5.11.2
+    - Added `oscap_wrapper` that can be used to comfortably execute custom
+      compiled oscap tool
+  - Maintenance, bug fixes
+    - Remote filesystems mounted using `autofs` direct maps are not
+      recognized as local filesystems (rhbz#1655943)
+    - SCAP source datastreams containing remote components can be
+      evaluated without downloading remote data (rhbz#1709423)
+    - Fixed duplicated variables in generated Ansible Playbooks
+    - Fixed trailing whitespace characters in Ansible Playbooks
+    - Correctly handle multiline profile titles and profile descriptions
+      in generated Ansible Playbooks (#1112)
+    - Fixed STIG Viewer output (--stig-viewer) to handle multiple rules
+      that have the same STIG ID
+    - Fixed incorrect displaying of OVAL test results in HTML report
+    - Fixed segmentation fault in offline mode caused by usage of `chroot`
+      file descriptor after closing (rhbz#1636431)
+    - Fixed textfilecontent54 probe to not ignore `max_depth`, `recurse`,
+      `recurse_direction` and `recurse_file_system` attributes of
+      `behaviors` element when `filepath` element is given (rhbz#1655943)
+    - Added CMake policies (CMP0078 and CMP0086) related to UseSWIG
+    - Added RHEL 8 CPE, Fedora 31 CPE, Oracle Linux 8 CPE
+    - Fedora CPEs fixed to work also on Fedora >= 30
+    - Fixed segmentation fault in CVRF module (rhbz#1642283)
+    - Fixed unresolved symbols in libopenscap_sce.so
+    - Fixed memory leaks in Windows registry probe (#1269)
+    - Fixed many GCC compiler warnings
+    - Removed dead code from `fsdev` module
+    - Many new test cases in upstream test suite
+    - Refactoring
+    - Updated Developer Guide
+    - Updated manual pages
+
 openscap-1.3.0                                                  09-10-2018
   - New features
     - Introduced a virtual '(all)' profile selecting all rules

appveyor.yml

@@ -2,6 +2,7 @@ version: master-{build}
 branches:
   only:
   - master
+  - maint-1.3
 image: Visual Studio 2017
 configuration: Release
 clone_folder: c:\projects\openscap

config.h.in

@@ -126,6 +126,10 @@
 #cmakedefine OPENSCAP_PROBE_WINDOWS_REGISTRY
 #cmakedefine OPENSCAP_PROBE_WINDOWS_WMI57
 
+#cmakedefine PREFERRED_PYTHON_PATH "@PREFERRED_PYTHON_PATH@"
+#cmakedefine PYTHON2_PATH "@PYTHON2_PATH@"
+#cmakedefine PYTHON3_PATH "@PYTHON3_PATH@"
+
 #include "oscap_platforms.h"
 #include "compat.h"
 

cpe/openscap-cpe-dict.xml

@@ -17,6 +17,10 @@
             <title xml:lang="en-us">Red Hat Enterprise Linux 7</title>
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.rhel:def:7</check>
       </cpe-item>
+      <cpe-item name="cpe:/o:redhat:enterprise_linux:8">
+            <title xml:lang="en-us">Red Hat Enterprise Linux 8</title>
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.rhel:def:8</check>
+      </cpe-item>
       <cpe-item name="cpe:/o:oracle:linux:5">
             <title xml:lang="en-us">Oracle Linux 5</title>
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.ol:def:5</check>
@@ -29,6 +33,10 @@
             <title xml:lang="en-us">Oracle Linux 7</title>
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.ol:def:7</check>
       </cpe-item>
+      <cpe-item name="cpe:/o:oracle:linux:8">
+            <title xml:lang="en-us">Oracle Linux 8</title>
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.ol:def:8</check>
+      </cpe-item>
       <cpe-item name="cpe:/o:centos:centos:5">
             <title xml:lang="en-us">Community Enterprise Operating System 5</title>
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.rhel:def:1005</check>
@@ -113,6 +121,10 @@
             <title xml:lang="en-us">Fedora 30</title>
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.fedora:def:30</check>
       </cpe-item>
+      <cpe-item name="cpe:/o:fedoraproject:fedora:31">
+            <title xml:lang="en-us">Fedora 31</title>
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.fedora:def:31</check>
+      </cpe-item>
       <cpe-item name="cpe:/o:suse:sle">
             <title xml:lang="en-us">SUSE Linux Enterprise all versions</title>
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.sle:def:1</check>

cpe/openscap-cpe-oval.xml

@@ -68,6 +68,19 @@
                          </criteria>
                   </criteria>
             </definition>
+            <definition class="inventory" id="oval:org.open-scap.cpe.rhel:def:8" version="1">
+                  <metadata>
+                        <title>Red Hat Enterprise Linux 8</title>
+                        <affected family="unix">
+                              <platform>Red Hat Enterprise Linux 8</platform>
+                        </affected>
+                        <reference ref_id="cpe:/o:redhat:enterprise_linux:8" source="CPE"/>
+                        <description>The operating system installed on the system is Red Hat Enterprise Linux 8</description>
+                  </metadata>
+                  <criteria>
+                        <criterion comment="Red Hat Enterprise Linux 8 is installed" test_ref="oval:org.open-scap.cpe.rhel:tst:8"/>
+                  </criteria>
+            </definition>
             <definition class="inventory" id="oval:org.open-scap.cpe.ol:def:5" version="1">
                   <metadata>
                         <title>Oracle Linux 5</title>
@@ -107,6 +120,19 @@
                         <criterion comment="Oracle Linux 7 is installed" test_ref="oval:org.open-scap.cpe.ol:tst:7"/>
                   </criteria>
             </definition>
+            <definition class="inventory" id="oval:org.open-scap.cpe.ol:def:8" version="1">
+                  <metadata>
+                        <title>Oracle Linux 8</title>
+                        <affected family="unix">
+                              <platform>Oracle Linux 8</platform>
+                        </affected>
+                        <reference ref_id="cpe:/o:oracle:linux:8" source="CPE"/>
+                        <description>The operating system installed on the system is Oracle Linux 8</description>
+                  </metadata>
+                  <criteria>
+                        <criterion comment="Oracle Linux 8 is installed" test_ref="oval:org.open-scap.cpe.ol:tst:8"/>
+                  </criteria>
+            </definition>
             <definition class="inventory" id="oval:org.open-scap.cpe.rhel:def:1005" version="1">
                   <metadata>
                         <title>Community Enterprise Operating System 5</title>
@@ -380,6 +406,20 @@
                         <criterion comment="Fedora 30 is installed" test_ref="oval:org.open-scap.cpe.fedora:tst:30"/>
                   </criteria>
             </definition>
+            <definition class="inventory" id="oval:org.open-scap.cpe.fedora:def:31" version="1">
+                  <metadata>
+                        <title>Fedora 31</title>
+                        <affected family="unix">
+                            <platform>Fedora 31</platform>
+                        </affected>
+                        <reference ref_id="cpe:/o:fedoraproject:fedora:31" source="CPE"/>
+                        <description>The operating system installed on the system is Fedora 31</description>
+                  </metadata>
+                  <criteria>
+                        <criterion comment="Fedora 31 is installed" test_ref="oval:org.open-scap.cpe.fedora:tst:31"/>
+                  </criteria>
+            </definition>
+
 
             <definition class="inventory" id="oval:org.open-scap.cpe.sle:def:1" version="1">
                   <metadata>
@@ -724,6 +764,11 @@
                   <object object_ref="oval:org.open-scap.cpe.redhat-release:obj:3"/>
                   <state state_ref="oval:org.open-scap.cpe.rhel:ste:7"/>
             </rpmverifyfile_test>
+            <rpmverifyfile_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.rhel:tst:8" version="1" check="at least one" comment="redhat-release is version 8"
+                  xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+                  <object object_ref="oval:org.open-scap.cpe.redhat-release:obj:3"/>
+                  <state state_ref="oval:org.open-scap.cpe.rhel:ste:8"/>
+            </rpmverifyfile_test>
             <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.ol:tst:5" version="1" check="at least one" comment="oraclelinux-release is version 5"
                   xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
                   <object object_ref="oval:org.open-scap.cpe.oraclelinux-release:obj:1"/>
@@ -739,6 +784,11 @@
                   <object object_ref="oval:org.open-scap.cpe.oraclelinux-release:obj:1"/>
                   <state state_ref="oval:org.open-scap.cpe.ol:ste:7"/>
             </rpminfo_test>
+            <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.ol:tst:8" version="1" check="at least one" comment="oraclelinux-release is version 8"
+                  xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+                  <object object_ref="oval:org.open-scap.cpe.oraclelinux-release:obj:1"/>
+                  <state state_ref="oval:org.open-scap.cpe.ol:ste:8"/>
+            </rpminfo_test>
             <rpmverifyfile_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.rhel:tst:1005" version="1" check="at least one" comment="centos-release is version 5"
                   xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
                   <object object_ref="oval:org.open-scap.cpe.redhat-release:obj:3"/>
@@ -844,6 +894,11 @@
                   <object object_ref="oval:org.open-scap.cpe.fedora-release:obj:2"/>
                   <state state_ref="oval:org.open-scap.cpe.fedora:ste:30"/>
             </rpminfo_test>
+            <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.fedora:tst:31" version="1" check="at least one" comment="fedora-release is version Fedora 31"
+                  xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+                  <object object_ref="oval:org.open-scap.cpe.fedora-release:obj:2"/>
+                  <state state_ref="oval:org.open-scap.cpe.fedora:ste:31"/>
+            </rpminfo_test>
             <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.sles:tst:1" version="1" check="at least one" comment="/etc/sles-release is provided by sles-release package"
                   xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
                   <object object_ref="oval:org.open-scap.cpe.sles-release:obj:1"/>
@@ -993,7 +1048,7 @@
                   <lin-def:name>redhat-release</lin-def:name>
             </lin-def:rpminfo_object>
             <lin-def:rpminfo_object id="oval:org.open-scap.cpe.fedora-release:obj:2" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
-                  <lin-def:name>fedora-release</lin-def:name>
+                  <lin-def:name operation="pattern match">^fedora-release.*</lin-def:name>
             </lin-def:rpminfo_object>
             <lin-def:rpmverifyfile_object id="oval:org.open-scap.cpe.redhat-release:obj:3" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
                   <!-- Sadly, OVAL cannot do the right query (rpm -q -whatprovides system-release). Let's check the filename instead. -->
@@ -1063,6 +1118,10 @@
                   <name operation="pattern match">^redhat-release</name>
                   <version operation="pattern match">^7[^\d]</version>
             </rpmverifyfile_state>
+            <rpmverifyfile_state id="oval:org.open-scap.cpe.rhel:ste:8" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+                  <name operation="pattern match">^redhat-release</name>
+                  <version operation="pattern match">^8[^\d]</version>
+            </rpmverifyfile_state>
             <rpmverifyfile_state id="oval:org.open-scap.cpe.rhel:ste:1005" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
                   <name operation="pattern match">^centos-release</name>
                   <version operation="pattern match">^5</version>
@@ -1099,6 +1158,10 @@
                   <name operation="pattern match">^oraclelinux-release</name>
                   <version operation="pattern match">^7</version>
             </rpminfo_state>
+            <rpminfo_state id="oval:org.open-scap.cpe.ol:ste:8" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+                  <name operation="pattern match">^oraclelinux-release</name>
+                  <version operation="pattern match">^8</version>
+            </rpminfo_state>
             <rpminfo_state id="oval:org.open-scap.cpe.fedora:ste:16" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
                   <version operation="pattern match">^16$</version>
             </rpminfo_state>
@@ -1144,6 +1207,9 @@
             <rpminfo_state id="oval:org.open-scap.cpe.fedora:ste:30" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
                   <version operation="pattern match">^30$</version>
             </rpminfo_state>
+            <rpminfo_state id="oval:org.open-scap.cpe.fedora:ste:31" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+                  <version operation="pattern match">^31$</version>
+            </rpminfo_state>
             <rpminfo_state id="oval:org.open-scap.cpe.sles:ste:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
                   <name operation="pattern match">^sles-release</name>
             </rpminfo_state>

docs/developer/developer.adoc

@@ -111,7 +111,7 @@ After building the library you might want to run library self-checks. To do
 that you need to have these additional packages installed:
 
 ----
-wget lua which procps-ng initscripts chkconfig sendmail
+wget lua which procps-ng initscripts chkconfig sendmail bzip2
 ----
 
 and it is also required to have `sendmail` service running on the system: