[Bug 1851682] Re: oscap is broken in ubuntu 19.10

Sat May 9 00:22:24 UTC 2020

Because the focal change wasn't picked up before 20.04 LTS's release,
groovy will probably need a fix, too, before these packages can be
released.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1851682

Title:
  oscap is broken in ubuntu 19.10

Status in openscap package in Ubuntu:
  Confirmed
Status in openscap source package in Bionic:
  New
Status in openscap source package in Eoan:
  New
Status in openscap source package in Focal:
  Confirmed

Bug description:
  [Impact]

  The bug causes oscap to fail to run with OVAL files produced by the
  Ubuntu Security team.

  This is the upstream issue:
  https://github.com/OpenSCAP/openscap/issues/1367

  The fix is simple and I've tested in under bionic, eoan, and focal.

  The patch corrects an typo or copy/paste error in the original code.
  https://github.com/OpenSCAP/openscap/commit/5e5bc61c1fc6a6556665aa5689a62d6bc6487c74

  [Test Case]

  This can be reproduced on eoan and focal by following the instructions
  for using ubuntu security oval data here: https://people.canonical.com
  /~ubuntu-security/oval/

  The bug does not manifest directly in bionic but if you include
  libopenscap8 in a snap based on core18, the version of oscap in the
  snap will produce the same behavior when you run the snap on eoan or
  focal

  [Regression Potential]

  The potential for regression seems low in this case. I've built the
  deb locally for bionic, eoan, and focal and smoke tested in in VMs
  using the ubuntu security OVAL files and the test file from the
  comment below
  https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1851682/comments/2

  If a regression were to exist, it would likely manifest itself with a
  runtime error much like the original problem.

  ############################################
  ORIGINAL BUG REPORT BELOW
  ###########################################
  oscap segfaults while trying to check using ubuntu-security definitions:

  The command:
  oscap oval eval --report /tmp/oscap_report.html /var/tmp/com.ubuntu.eoan.cve.oval.xml

  Segfault:
  ...
  Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
  Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
  Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
  Probe with PID=26379 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178]
  Probe with PID=26379 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182]
  Unable to close probe sd [../../../src/OVAL/oval_probe_ext.c:424]
  Unable to receive a message from probe [../../../src/OVAL/oval_probe_ext.c:579]
  Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
  Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
  Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
  Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
  Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
  Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
  Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
  Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
  Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
  Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]
  Probe with PID=26393 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178]
  Probe with PID=26393 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182]
  Unable to close probe sd [../../../src/OVAL/oval_probe_ext.c:424]
  Unable to receive a message from probe [../../../src/OVAL/oval_probe_ext.c:579]
  Invalid oval result type: -1. [../../../../src/OVAL/results/oval_resultTest.c:179]

  The OVAL definitions are taken directly from
  https://people.canonical.com/~ubuntu-
  security/oval/com.ubuntu.eoan.cve.oval.xml

  Version:
  oscap --version
  OpenSCAP command line tool (oscap) 1.2.16
  Copyright 2009--2017 Red Hat Inc., Durham, North Carolina.

  ==== Supported specifications ====
  XCCDF Version: 1.2
  OVAL Version: 5.11.1
  CPE Version: 2.3
  CVSS Version: 2.0
  CVE Version: 2.0
  Asset Identification Version: 1.1
  Asset Reporting Format Version: 1.1
  CVRF Version: 1.1

  ==== Capabilities added by auto-loaded plugins ====
  SCE Version: 1.0 (from libopenscap_sce.so.8)

  ==== Paths ====
  Schema files: /usr/share/openscap/schemas
  Default CPE files: /usr/share/openscap/cpe
  Probes: /usr/lib/x86_64-linux-gnu/openscap

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1851682/+subscriptions