Merge branch 'maint-1.2' into maint-1.3

 Conflicts:
	src/OVAL/probes/findfile.c
	src/OVAL/probes/fsdev.c
	tests/API/probes/Makefile.am
	tests/DS/Makefile.am

Author: jan-cerny

cpe/openscap-cpe-dict.xml

@@ -121,6 +121,10 @@
             <title xml:lang="en-us">Fedora 30</title>
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.fedora:def:30</check>
       </cpe-item>
+      <cpe-item name="cpe:/o:fedoraproject:fedora:31">
+            <title xml:lang="en-us">Fedora 31</title>
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.fedora:def:31</check>
+      </cpe-item>
       <cpe-item name="cpe:/o:suse:sle">
             <title xml:lang="en-us">SUSE Linux Enterprise all versions</title>
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.sle:def:1</check>

cpe/openscap-cpe-oval.xml

@@ -406,6 +406,20 @@
                         <criterion comment="Fedora 30 is installed" test_ref="oval:org.open-scap.cpe.fedora:tst:30"/>
                   </criteria>
             </definition>
+            <definition class="inventory" id="oval:org.open-scap.cpe.fedora:def:31" version="1">
+                  <metadata>
+                        <title>Fedora 31</title>
+                        <affected family="unix">
+                            <platform>Fedora 31</platform>
+                        </affected>
+                        <reference ref_id="cpe:/o:fedoraproject:fedora:31" source="CPE"/>
+                        <description>The operating system installed on the system is Fedora 31</description>
+                  </metadata>
+                  <criteria>
+                        <criterion comment="Fedora 31 is installed" test_ref="oval:org.open-scap.cpe.fedora:tst:31"/>
+                  </criteria>
+            </definition>
+
 
             <definition class="inventory" id="oval:org.open-scap.cpe.sle:def:1" version="1">
                   <metadata>
@@ -880,6 +894,11 @@
                   <object object_ref="oval:org.open-scap.cpe.fedora-release:obj:2"/>
                   <state state_ref="oval:org.open-scap.cpe.fedora:ste:30"/>
             </rpminfo_test>
+            <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.fedora:tst:31" version="1" check="at least one" comment="fedora-release is version Fedora 31"
+                  xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+                  <object object_ref="oval:org.open-scap.cpe.fedora-release:obj:2"/>
+                  <state state_ref="oval:org.open-scap.cpe.fedora:ste:31"/>
+            </rpminfo_test>
             <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.sles:tst:1" version="1" check="at least one" comment="/etc/sles-release is provided by sles-release package"
                   xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
                   <object object_ref="oval:org.open-scap.cpe.sles-release:obj:1"/>
@@ -1188,6 +1207,9 @@
             <rpminfo_state id="oval:org.open-scap.cpe.fedora:ste:30" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
                   <version operation="pattern match">^30$</version>
             </rpminfo_state>
+            <rpminfo_state id="oval:org.open-scap.cpe.fedora:ste:31" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+                  <version operation="pattern match">^31$</version>
+            </rpminfo_state>
             <rpminfo_state id="oval:org.open-scap.cpe.sles:ste:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
                   <name operation="pattern match">^sles-release</name>
             </rpminfo_state>

src/DS/sds.c

@@ -420,6 +420,7 @@ static int ds_sds_dump_component_by_href(struct ds_sds_session *session, char* x
 			}
 
 			ds_sds_session_remote_resources_progress(session)(true, "WARNING: Skipping '%s' file which is referenced from datastream\n", url);
+			// -2 means that remote resources were not downloaded
 			return -2;
 		}
 
@@ -452,8 +453,12 @@ int ds_sds_dump_component_ref_as(const xmlNodePtr component_ref, struct ds_sds_s
 	xmlFree(xlink_href);
 	xmlFree(cref_id);
 
-	if (ret != 0) {
-
+	if (ret == -2) {
+		// A remote component was not dumped
+		// It should be ok to continue without it
+		free(target_filename_dirname);
+		return 0;
+	} else if (ret != 0) {
 		free(target_filename_dirname);
 		return -1;
 	}

src/OVAL/probes/fsdev.c

@@ -71,58 +71,32 @@ static int fsdev_cmp(const void *a, const void *b)
 	return memcmp(a, b, sizeof(dev_t));
 }
 
-/**
- * Compare two strings.
- */
-static int fsname_cmp(const void *a, const void *b)
-{
-	return strcmp(a, b);
-}
-
-/**
- * Search for a filesystem name in a sorted array using binary search.
- * @param fsname name
- * @param fs_arr sorted array of filesystem names
- * @param fs_cnt number of names in the array
- * @retval 1 if found
- * @retval 0 otherwise
- */
-static int match_fs(const char *fsname, const char **fs_arr, size_t fs_cnt)
-{
-	size_t w, s;
-	int cmp;
-
-	w = fs_cnt;
-	s = 0;
-
-	while (w > 0) {
-		cmp = fsname_cmp(fsname, fs_arr[s + w / 2]);
-		if (cmp > 0) {
-			s += w / 2 + 1;
-			w = w - w / 2 - 1;
-		} else if (cmp < 0) {
-			w = w / 2;
-		} else {
-			return (1);
-		}
-	}
-
-	return (0);
-}
-
 #if defined(OS_LINUX) || defined(OS_AIX)
 
 #define DEVID_ARRAY_SIZE 16
 #define DEVID_ARRAY_ADD  8
 
 #if defined(OS_LINUX)
-static int
-is_local_fs(struct mntent *ment)
+int is_local_fs(struct mntent *ment)
 {
 // todo: would it be usefull to provide the choice during build-time?
 #if 1
 	char *s;
 
+	/*
+	 * When type of the filesystem is autofs, it means the mtab entry
+	 * describes the autofs configuration, which means ment->mnt_fsname
+	 * is a path to the relevant autofs map, eg. /etc/auto.misc. In this
+	 * situation, the following code which analyses ment->mnt_type would
+	 * not work. When the filesystem handled by autofs is mounted, there
+	 * is another different entry in mtab which contains the real block
+	 * special device or remote filesystem in ment->mnt_fsname, and that
+	 * will be parsed in a different call of this function.
+	 */
+	if (!strcmp(ment->mnt_type, "autofs")) {
+		return 0;
+	}
+
 	s = ment->mnt_fsname;
 	/* If the fsname begins with "//", it is probably CIFS. */
 	if (s[0] == '/' && s[1] == '/')
@@ -153,8 +127,7 @@ is_local_fs(struct mntent *ment)
 }
 
 #elif defined(OS_AIX)
-static int
-is_local_fs(struct mntent *ment)
+int is_local_fs(struct mntent *ment)
 {
 	int i;
 	struct vfs_ent *e;
@@ -183,7 +156,7 @@ is_local_fs(struct mntent *ment)
 
 #endif /* OS_AIX */
 
-static fsdev_t *__fsdev_init(fsdev_t * lfs, const char **fs, size_t fs_cnt)
+static fsdev_t *__fsdev_init(fsdev_t *lfs)
 {
 	int e;
 	FILE *fp;
@@ -214,12 +187,8 @@ static fsdev_t *__fsdev_init(fsdev_t * lfs, const char **fs, size_t fs_cnt)
 	i = 0;
 
 	while ((ment = getmntent(fp)) != NULL) {
-		if (fs == NULL) {
-			if (!is_local_fs(ment))
-				continue;
-		} else if (!match_fs(ment->mnt_type, fs, fs_cnt)) {
-				continue;
-		}
+		if (!is_local_fs(ment))
+			continue;
 		if (stat(ment->mnt_dir, &st) != 0)
 			continue;
 		if (i >= lfs->cnt) {
@@ -237,7 +206,7 @@ static fsdev_t *__fsdev_init(fsdev_t * lfs, const char **fs, size_t fs_cnt)
 	return (lfs);
 }
 #elif defined(OS_FREEBSD) || defined(OS_APPLE)
-static fsdev_t *__fsdev_init(fsdev_t * lfs, const char **fs, size_t fs_cnt)
+static fsdev_t *__fsdev_init(fsdev_t *lfs)
 {
 	struct statfs *mntbuf = NULL;
 	struct stat st;
@@ -246,20 +215,11 @@ static fsdev_t *__fsdev_init(fsdev_t * lfs, const char **fs, size_t fs_cnt)
 	lfs->cnt = getmntinfo(&mntbuf, (fs == NULL ? MNT_LOCAL : 0) | MNT_NOWAIT);
 	lfs->ids = malloc(sizeof(dev_t) * lfs->cnt);
 
-	if (fs == NULL) {
-		for (i = 0; i < lfs->cnt; ++i) {
-			if (stat(mntbuf[i].f_mntonname, &st) != 0)
-				continue;
-
-			memcpy(&(lfs->ids[i]), &st.st_dev, sizeof(dev_t));
-		}
-	} else {
-		for (i = 0; i < lfs->cnt; ++i) {
-			if (!match_fs(mntbuf[i].f_fstypename, fs, fs_cnt))
-				continue;
+	for (i = 0; i < lfs->cnt; ++i) {
+		if (stat(mntbuf[i].f_mntonname, &st) != 0)
+			continue;
 
-			memcpy(&(lfs->ids[i]), &st.st_dev, sizeof(dev_t));
-		}
+		memcpy(&(lfs->ids[i]), &st.st_dev, sizeof(dev_t));
 	}
 
 	if (i != lfs->cnt) {
@@ -274,7 +234,7 @@ static fsdev_t *__fsdev_init(fsdev_t * lfs, const char **fs, size_t fs_cnt)
 #define DEVID_ARRAY_SIZE 16
 #define DEVID_ARRAY_ADD  8
 
-static fsdev_t *__fsdev_init(fsdev_t * lfs, const char **fs, size_t fs_cnt)
+static fsdev_t *__fsdev_init(fsdev_t *lfs)
 {
 	int e;
 	FILE *fp;
@@ -304,31 +264,16 @@ static fsdev_t *__fsdev_init(fsdev_t * lfs, const char **fs, size_t fs_cnt)
 	lfs->cnt = DEVID_ARRAY_SIZE;
 	i = 0;
 
-	if (fs == NULL) {
-		while ((getmntent(fp, &mentbuf)) == 0) {
-                        /* TODO: Is this check reliable? */
-                        if (stat (mentbuf.mnt_special, &st) == 0 && (st.st_mode & S_IFCHR)) {
-
-				if (i >= lfs->cnt) {
-					lfs->cnt += DEVID_ARRAY_ADD;
-					lfs->ids = realloc(lfs->ids, sizeof(dev_t) * lfs->cnt);
-				}
+	while ((getmntent(fp, &mentbuf)) == 0) {
+		/* TODO: Is this check reliable? */
+		if (stat(mentbuf.mnt_special, &st) == 0 && (st.st_mode & S_IFCHR)) {
 
-				memcpy(&(lfs->ids[i++]), &st.st_dev, sizeof(dev_t));
+			if (i >= lfs->cnt) {
+				lfs->cnt += DEVID_ARRAY_ADD;
+				lfs->ids = realloc(lfs->ids, sizeof(dev_t) * lfs->cnt);
 			}
-		}
-	} else {
-		while ((getmntent(fp, &mentbuf)) == 0) {
-
-			if (match_fs(mentbuf.mnt_fstype, fs, fs_cnt)) {
 
-				if (i >= lfs->cnt) {
-					lfs->cnt += DEVID_ARRAY_ADD;
-					lfs->ids = realloc(lfs->ids, sizeof(dev_t) * lfs->cnt);
-				}
-
-				memcpy(&(lfs->ids[i++]), &st.st_dev, sizeof(dev_t));
-			}
+			memcpy(&(lfs->ids[i++]), &st.st_dev, sizeof(dev_t));
 		}
 	}
 
@@ -341,7 +286,7 @@ static fsdev_t *__fsdev_init(fsdev_t * lfs, const char **fs, size_t fs_cnt)
 }
 #endif
 
-fsdev_t *fsdev_init(const char **fs, size_t fs_cnt)
+fsdev_t *fsdev_init()
 {
 	fsdev_t *lfs;
 
@@ -350,7 +295,7 @@ fsdev_t *fsdev_init(const char **fs, size_t fs_cnt)
 	if (lfs == NULL)
 		return (NULL);
 
-	if (__fsdev_init(lfs, fs, fs_cnt) == NULL)
+	if (__fsdev_init(lfs) == NULL)
 		return (NULL);
 
         if (lfs->ids != NULL && lfs->cnt > 1)
@@ -364,53 +309,6 @@ static inline int isfschar(int c)
 	return (isalpha(c) || isdigit(c) || c == '-' || c == '_');
 }
 
-fsdev_t *fsdev_strinit(const char *fs_names)
-{
-	fsdev_t *lfs;
-	char *pstr, **fs_arr;
-	size_t fs_cnt;
-	int state, e;
-
-	pstr = strdup(fs_names);
-	state = 0;
-	fs_arr = NULL;
-	fs_cnt = 0;
-
-	while (*pstr != '\0') {
-		switch (state) {
-		case 0:
-			if (isfschar(*pstr)) {
-				state = 1;
-				++fs_cnt;
-				fs_arr = realloc(fs_arr, sizeof(char *) * fs_cnt);
-				fs_arr[fs_cnt - 1] = pstr;
-			}
-
-			++pstr;
-
-			break;
-		case 1:
-			if (!isfschar(*pstr) && *pstr != '\0') {
-				state = 0;
-				*pstr = '\0';
-				++pstr;
-			}
-			break;
-		}
-	}
-
-	if (fs_arr != NULL && fs_cnt > 0)
-		qsort(fs_arr, fs_cnt, sizeof(char *), fsname_cmp);
-
-	lfs = fsdev_init((const char **)fs_arr, fs_cnt);
-	e = errno;
-	free(fs_arr);
-	errno = e;
-	free(pstr);
-
-	return (lfs);
-}
-
 void fsdev_free(fsdev_t * lfs)
 {
 	if (lfs != NULL) {

src/OVAL/probes/fsdev.h

@@ -35,6 +35,10 @@
 #include <sys/stat.h>
 #include "oscap_export.h"
 
+#if defined(__linux__) || defined(_AIX)
+#include <mntent.h>
+#endif
+
 /**
  * Filesystem device structure.
  */
@@ -47,13 +51,7 @@ typedef struct {
  * Initialize the fsdev_t structure from an array of filesystem
  * names.
  */
-fsdev_t *fsdev_init(const char **fs, size_t fs_cnt);
-
-/**
- * Initialize the fsdev_t structure from a string containing filesystem
- * names.
- */
-fsdev_t *fsdev_strinit(const char *fs_names);
+fsdev_t *fsdev_init(void);
 
 /**
  * Free the fsdev_t structure.
@@ -87,4 +85,14 @@ int fsdev_path(fsdev_t *lfs, const char *path);
  */
 int fsdev_fd(fsdev_t *lfs, int fd);
 
+#if defined(__linux__) || defined(_AIX)
+/**
+ * Detemines whether a given mtab entry is a local file system.
+ * @param ment Structure returned by getmntent (see `man 3 getmntent`).
+ * @retval 1 if local
+ * @retval 0 otherwise
+ */
+int is_local_fs(struct mntent *ment);
+#endif
+
 #endif				/* FSDEV_H */