Ubuntu
openscap package

OpenSCAP Error: Unable to open file: '/usr/share/openscap/cpe/openscap-cpe-dict.xml' [../../../src/source/oscap_source.c:284]

  1. Xenial (16.04)
  2. Bug #1845216
Bug #1845216 reported by Nobuto Murata
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openscap (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Undecided
Unassigned
Disco
Fix Released
Undecided
Unassigned
Eoan
Fix Released
Undecided
Unassigned

Bug Description

[Impact]
The impact is fairly low because the problem can be mitigated by copying or linking a default cpe dictionary into place after installing. This prevents the error:

$ sudo ln -s /usr/share/scap-security-guide/ssg-ubuntu1604-cpe-dictionary.xml /usr/share/openscap/cpe/openscap-cpe-dict.xml

However, it would be better if it just worked correctly without requiring any manual steps after installation.

[Test Case]
The original description provides good instructions for reproducing under bionic:
$ sudo apt install libopenscap8 ssg-debderived
$ oscap info /usr/share/scap-security-guide/ssg-ubuntu1604-ds.xml
<snip>
OpenSCAP Error: Unable to open file: '/usr/share/openscap/cpe/openscap-cpe-dict.xml' [../../../src/source/oscap_source.c:284]
Failed to add default CPE to newly created CPE Session. [../../../src/CPE/cpe_session.c:58]
<snip>

[Regression Potential]
The likelyhood of a regression seems very low since this change provides a default cpe dictionary with the installation instead of requiring that one be manually copied into place after installation. In the event that this default cpe dictionary does somehow causes a regression, it could be mitigated by explicitly specifying a cpe dictionary rather than relying on the default or copying a new file over the default (which is basically what has to be done now to make the current oscap work correctly).

----- Original description ----
/usr/share/openscap/cpe/openscap-cpe-dict.xml is included in later versions such as 1.2.16-2:
https://packages.debian.org/buster/amd64/libopenscap8/filelist

How to reproduce with Ubuntu 18.04 LTS:

$ sudo apt install libopenscap8 ssg-debderived

$ oscap info /usr/share/scap-security-guide/ssg-ubuntu1604-ds.xml
Document type: Source Data Stream
Imported: 2017-08-11T09:18:08

...
Dictionaries:
        Ref-Id: scap_org.open-scap_cref_output--ssg-ubuntu1604-cpe-dictionary.xml
OpenSCAP Error: Unable to open file: '/usr/share/openscap/cpe/openscap-cpe-dict.xml' [../../../src/source/oscap_source.c:284]
Failed to add default CPE to newly created CPE Session. [../../../src/CPE/cpe_session.c:58]

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: libopenscap8 1.2.15-1build1
ProcVersionSignature: User Name 4.15.0-58.64-generic 4.15.18
Uname: Linux 4.15.0-58-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
Date: Tue Sep 24 14:13:09 2019
ProcEnviron:
 TERM=screen-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=C.UTF-8
 SHELL=/bin/bash
SourcePackage: openscap
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
Nobuto Murata (nobuto) wrote :
Revision history for this message
Nobuto Murata (nobuto) wrote :
Marc Deslauriers (mdeslaur)
Changed in openscap (Ubuntu Xenial):
status: New → Confirmed
Changed in openscap (Ubuntu Bionic):
status: New → Confirmed
Marc Deslauriers (mdeslaur)
Changed in openscap (Ubuntu Disco):
status: New → Fix Released
Changed in openscap (Ubuntu Eoan):
status: New → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :
Mark Morlino (markmorlino)
description: updated
Marc Deslauriers (mdeslaur)
Changed in openscap (Ubuntu Xenial):
status: Confirmed → In Progress
Changed in openscap (Ubuntu Bionic):
status: Confirmed → In Progress
Revision history for this message
Robie Basak (racb) wrote : Please test proposed package

Hello Nobuto, or anyone else affected,

Accepted openscap into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openscap/1.2.15-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in openscap (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic
Changed in openscap (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed-xenial
Revision history for this message
Robie Basak (racb) wrote :

Hello Nobuto, or anyone else affected,

Accepted openscap into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openscap/1.2.8-1ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Mark Morlino (markmorlino) wrote :

Hi @racb

Revision history for this message
Mark Morlino (markmorlino) wrote :

Hi Robie,

I tested the -proposed packages on on xenial and bionic and it appears to have resolved the original bug.
I did some other testing by using oscap to run the oval files from https://people.canonical.com/~ubuntu-security/oval/ and I did not encounter any issues.

Mark Morlino (markmorlino)
tags: added: verification-done-bionic verification-done-xenial
removed: verification-needed-bionic verification-needed-xenial
tags: added: verification-done
removed: verification-needed
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for openscap has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openscap - 1.2.8-1ubuntu0.2

---------------
openscap (1.2.8-1ubuntu0.2) xenial; urgency=medium

  * debian/patches/010-install-cpe-oval.patch: properly install CPE OVAL
    files. (LP: #1845216)

 -- Marc Deslauriers <email address hidden> Fri, 04 Oct 2019 10:26:11 -0400

Changed in openscap (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openscap - 1.2.15-1ubuntu0.1

---------------
openscap (1.2.15-1ubuntu0.1) bionic; urgency=medium

  * debian/patches/010-install-cpe-oval.patch: properly install CPE OVAL
    files. (LP: #1845216)

 -- Marc Deslauriers <email address hidden> Fri, 04 Oct 2019 10:23:11 -0400

Changed in openscap (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.