Your message dated Wed, 3 Feb 2021 18:12:47 +0100
with message-id <YBrZjzwJTK95igTX@ackbar>
and subject line [fix] Upgrade to OpenSCAP 1.3.4
has caused the Debian Bug report #932120,
regarding oscap oval eval segfaults
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
932120: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932120
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libopenscap8
Version: 1.2.16-2
Severity: important
With Debian Buster, when I invoke "/bin/oscap oval eval --skip-valid
--results oval-definitions-buster.result.xml
oval-definitions-buster.xml" with the definition file downloaded from
https://www.debian.org/security/oval/oval-definitions-buster.xml the
evaluation fails with lots of segmentation faults in
/usr/lib/x86_64-linux-gnu/openscap/probe_dpkginfo
The following logs appear during execution:
Definition oval:org.debian:def:20177413: false
W: oscap: Can't receive message: 103, Software caused connection abort.
Definition oval:org.debian:def:20177407: error
[...]
Definition oval:org.debian:def:20177377: false
W: oscap: Can't receive message: 4, Interrupted system call.
E: oscap: Can't close sd: 10, No child processes.
E: oscap: Recv: retry limit (0) reached.
Definition oval:org.debian:def:20177376: true
W: oscap: Can't receive message: 4, Interrupted system call.
E: oscap: Can't close sd: 10, No child processes.
E: oscap: Recv: retry limit (0) reached.
Definition oval:org.debian:def:20177375: true
[...]
Can't connect to the probe [../../../src/OVAL/oval_probe_ext.c:468]
Invalid oval result type: -1.
[../../../../src/OVAL/results/oval_resultTest.c:179]
audit log:
type=ANOM_ABEND msg=audit(1563194718.360:317265): auid=0 uid=0 gid=0
ses=8882 pid=16312 comm="probe_worker"
exe="/usr/lib/x86_64-linux-gnu/openscap/probe_dpkginfo" sig=11 res=1
The process exits with return code 1 and no result file is generated.
The attached patch corrects this behaviour and makes the feature usable.
Upstream already has a bug report about the issue here:
https://github.com/OpenSCAP/openscap/issues/1367
Regards
--- a/src/OVAL/probes/unix/linux/dpkginfo-helper.cxx
+++ b/src/OVAL/probes/unix/linux/dpkginfo-helper.cxx
@@ -109,7 +109,7 @@
return reply;
}
-void * dpkginfo_free_reply(struct dpkginfo_reply_t *reply)
+void dpkginfo_free_reply(struct dpkginfo_reply_t *reply)
{
if (reply) {
free(reply->name);
--- a/src/OVAL/probes/unix/linux/dpkginfo-helper.h
+++ b/src/OVAL/probes/unix/linux/dpkginfo-helper.h
@@ -40,7 +40,7 @@
struct dpkginfo_reply_t * dpkginfo_get_by_name(const char *name, int *err);
-void * dpkginfo_free_reply(struct dpkginfo_reply_t *reply);
+void dpkginfo_free_reply(struct dpkginfo_reply_t *reply);
#ifdef __cplusplus
}
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 01 Feb 2021 16:22:30 +0100
Source: openscap
Architecture: source
Version: 1.3.4-1
Distribution: unstable
Urgency: medium
Maintainer: Pierre Chifflier <pol...@debian.org>
Changed-By: Philippe Thierry <phi...@debian.org>
Changes:
openscap (1.3.4-1) unstable; urgency=medium
.
* New upstream version 1.3.4
Checksums-Sha1:
3e24a962748b293ecbc76881171b1f5ea631ef1a 2372 openscap_1.3.4-1.dsc
4cf1857eb506173395ed3065d7c806c56da11bce 14807442 openscap_1.3.4.orig.tar.gz
f39a2d7fb5d8a56652d4117230acc8062dc84922 70780 openscap_1.3.4-1.debian.tar.xz
fd17f3d63c9d66750aa20378b0c898e2c0a96f90 9421 openscap_1.3.4-1_amd64.buildinfo
Checksums-Sha256:
20c6ea5f8947e7b07bba05428e36b271e339a5298139ff8b8b86eaf272c3f556 2372
openscap_1.3.4-1.dsc
ee98f650f028819cfeda786d7e85dcadb74d827d4585f332ca03b217d4d82fb7 14807442
openscap_1.3.4.orig.tar.gz
32fb65eab4e2e29003746bce130e01924dc88625213adc351ff8c3d5ce95b53d 70780
openscap_1.3.4-1.debian.tar.xz
ddeeae19d0825f5215377316a91c82513d29087d0a270af23fc7288a724f3376 9421
openscap_1.3.4-1_amd64.buildinfo
Files:
da24db82dcf17df4f116a56ce33e6887 2372 libs optional openscap_1.3.4-1.dsc
ccab8609d3c08da51cd370ca4f41c5b3 14807442 libs optional
openscap_1.3.4.orig.tar.gz
a7c41264b211d3384c33ece66bf64b36 70780 libs optional
openscap_1.3.4-1.debian.tar.xz
651dde82f4364d9a9ca45cf8170594ca 9421 libs optional
openscap_1.3.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/N321ye0S80G/xoyyJ1XEt+UX28FAmAadNMACgkQyJ1XEt+U
X2+PnBAApXBiqJf4HAu7bEPv44+g8Q+QggLoQTeYiwAXJpSPb+hDR5PeFKG7NwPd
kNLNAmwhFMFRyCA1SWltKymndLC4Z+uq675KUzQbDijA2HcXpml6h8amL3G1hFBw
ZgDncU2I8X3qaolNTLu1m29TNZY5ZsVOVXKlWJV+ep74h8E+oUkNL0oftwEJd4Mr
sHy0mQrNwXHGrcf64YRAkFDmASsKrnfZXsFK6TDZnjoXbqYkz6KtDlKQQyCvJTZY
y/9AHlaExGd6T6wX9gYij4cFpFGYuv+upGuUZPnhjijdDDpO7vsIzo6RUdKuHpIU
NKja77i/Td7MePBJm4vGXTDy9IP040zk2fRuM9L+vfK2313Zza/WNMFdHzj17GQ9
6b7Y9jX1p7UeqgaXG5kwvqOmbF7vCvTkE4cIBAc2zxAZv31HY+JknkQq62rGNXWi
HLQ8muOr9YteC582m0XQ38aVoe6v9YHsH/bB1gF/jOq36ZlVUPVEp7Zykg0TEqvG
1gdFhJ0eqW16rlKhfj9emBWTxtexqMD0ZW1ngw8F4EvQKNLIXF/QFBLEy1wx7QPv
SJxm1k79UxCc00b6hX63RvDXH6FsZKmY05Yy7lkd+2i45cFpYihAvbCBHjEv+Gvt
IoDHK7jR9VSJ2IyIWpvuIGWOsnmc9YcxB+r9WI2A7HJYdThdm8E=
=zHby
-----END PGP SIGNATURE-----
signature.asc
Description: PGP signature
--- End Message ---
