10 files changed, 662 insertions, 0 deletions
diff --git a/app-forensics/ovaldi/Manifest b/app-forensics/ovaldi/Manifest
new file mode 100644
index 000000000000..785080481eae
--- /dev/null
+++ b/app-forensics/ovaldi/Manifest
@@ -0,0 +1,11 @@
+AUX disable-acl.patch 1407 BLAKE2B b07fcebacbfea8698f1b7714552e7ecab1abe4327424ade1c4bc532b033abb06f7269822f0b287974764eef57ee989791adefd07e7358f25023916c2e5072c0c SHA512 7df8444f33bc23baf6327fc7fa6fe40329fffd71185ab663f192921bab00d93e360c5ea539318554e42c63da5dbef781ece84e795b46a7ac65dcb694ebb47a35
+AUX ovaldi-5.10.1.4-disable-selinux-probes.patch 3928 BLAKE2B b1d3a1bd11e07d618a1a71e169e2d86dc3953ecea81b8edc49538557f0a7c7add0c754a78573333e9e7cd2f14c57e8429435d5c6ed9caef62b8e85b7b063c3f2 SHA512 e9d6f2bab3fd5d6fbb2b6bc6dc881bfb22c873c8856dc9da7c01d2992f74479177d82529df84b186da285aed8d943919b9bbbe59d7d1e0788c42351a3f895217
+AUX ovaldi-5.10.1.4-strnicmp.patch 292 BLAKE2B aa35f44875a75ba1a4d3ee02dc8a37892822e4576bf678858d7af901d1f945366fa353839aa595f3ad8cb09a2fd7485d072eca4318fcd2ab36ab8ee665ee2db7 SHA512 498ce005a56cbe16377653a25da783e96fc7871cb114d19e3695579263403ecb3a917abe637965bc6ee62dd36e927ad564c83d253b3a6467651e9ad57f9bf1f1
+AUX ovaldi-5.10.1.4-xerces3.patch 13354 BLAKE2B 87bcfe0e17150d7bf9831ce9ca2c821e9d3adcce403177247d52af0f0fea440f45c6d7a7b79a5a6a7f24850ccef0f72e941f34f50ea9500656fd20ef6bb702dd SHA512 4f31d9b7fdbd31fb3228da1d3c637ff8a205395754fd9a27375a33b18d954bfb29b7365e7134e7ae8c93e867dba980f5a18255872d6c64e03f449b32349d2a99
+AUX ovaldi-5.10.1.7-disable-acl.patch 1231 BLAKE2B 2f434497f12b52be3f18a4a35dc9b22dc6c93c5c3db9c0a46ef4a85753c6262f553b9c4aabddf55ff534f99f43b7667f65e758111a570e4102ca1a27cc03ce15 SHA512 e71a2899b0eb0a9abd6ba2a3a00ef67d6480597defa3390cfd4706e801aa6383c7a6ff5e02e4472b5a707bab35f398b6b9d00377adbd82673b6cf5c9961370a8
+AUX ovaldi-5.10.1.7-disable_RetrieveSelinuxDomainLabel.patch 834 BLAKE2B 8e4cc626d97ee2f80c40913b09550693437ac6cc9b3ad0491962b8c3b78cd6e060ba4c5c0f3bc18be10348ec31fcd9e0e35108bb80425764a7d4f75412b8f0b0 SHA512 f05a797252a2006384f450afd2c0c2b8cd894abc2409b21a3df9cec57af39ff81dc2b007b0e3c460e3ce85855a1b37fe18b5a4b79408969019332300d0c1ed47
+DIST ovaldi-5.10.1.4-src.tar.bz2 14868251 BLAKE2B a85d4d1b80226dd4059d206b471788b1417224dea54ba0b5813dda3427543195b9fb5505e4f9d5db4655acb36385a84ff23556c281189558bf1a637f5a122262 SHA512 d7926a7416fe90013e203b333390e33d51c3eb0caa6ebba69dd593791a8377ac38f5db72fcff2d1ab2dd39a0f5d1b0d2a0d08f906d3e26740288532a27debb47
+DIST ovaldi-5.10.1.7-src.tar.bz2 20391784 BLAKE2B 7e2c719f0819f967c6aee533bb881c29ffac756461460d73e3231f1cffd254d88a26e716f0334d023daa7fa6f9c314bf7a42b6c13e2a90daa558e589d135479c SHA512 22c373436889b03ffb5d479bd322703bbd8b5b335f116a3b38a3d206ddaaf3115961ab89597c3907b6e5d745eb302a042c135c73cde0eaae10e51f5d6e3e55ec
+EBUILD ovaldi-5.10.1.4.ebuild 2979 BLAKE2B 8f71272ae8fb64603e3761c7874c2a0292b654cf421561a6d2669ee95c59fea12c9af033fdb7ca47f0135a76a95f5e42f2d85896bbc5bdbb8e8da16a10a2195d SHA512 3cbd6a919cc0285edefec12a41ae85b10104a8c1d49c419fdb95740489982726a551c8539cae7e63101ed6634cc07508176c65fb7aa0cf73d7253211695200f4
+EBUILD ovaldi-5.10.1.7.ebuild 2921 BLAKE2B f1687f68049b3e91906b22fdd1318a95cf2be41537c535c5ea91ad2b92ffe2ada68e5ad137d83db7d302c20945304b2b2cb98aa1b73baed08dfb3cfb634579b6 SHA512 b33110d8e78206d1ff2e3bc9d710ca70fa54b6dd7c9dca3b5c76ea85ea6b582ef8ccff245aa9d7ddcd50f7b8d95866b212cd16d21722f88ac30aa8be79b124d0
+MISC metadata.xml 244 BLAKE2B f0c285271b149f90fc80cca808366c27dc0e3da036e71b3d5754c33dabfc1e7df9ca340dbf729365f3b38961b165370d511075eebf6c0ce910134378d0c2b03d SHA512 3c0bc0d2a893195113f085b69d5e6d1ac5a6916bde0f04fb319c020badf81472b79d1430d6ba2cd123265334510498a27a3c38bfdc230bf5fbbfab65d5aa4d48
diff --git a/app-forensics/ovaldi/files/disable-acl.patch b/app-forensics/ovaldi/files/disable-acl.patch
new file mode 100644
index 000000000000..49ea42c80558
--- /dev/null
+++ b/app-forensics/ovaldi/files/disable-acl.patch
@@ -0,0 +1,23 @@
+--- src/probes/unix/FileProbe.cpp.old	2013-01-14 16:28:33.000000000 +0100
++++ src/probes/unix/FileProbe.cpp	2013-01-14 16:30:33.000000000 +0100
+@@ -427,19 +427,8 @@
+ 	   5) If a file doesn't have an ACL, or it matches the standard UNIX permissions, the value will be 'false' (this is covered by acl_extended_file() - thank you openscap)
+ 	   6) If a file has an ACL, the value will be 'true'.
+ 	*/
+-	
+-	int hasExtendedAcl = acl_extended_file(filePath.c_str());
+-	if(hasExtendedAcl > -1){ // behavior 4, 5, and 6
+-          item->AppendElement(new ItemEntity("has_extended_acl",Common::ToString(hasExtendedAcl),OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_EXISTS,0));
+-	}else{
+-	  if(errno == EOPNOTSUPP){ // behavior 3
+-	    item->AppendElement(new ItemEntity("has_extended_acl","",OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_DOES_NOT_EXIST,0));
+-          }else{ // behavior 2
+-	    item->AppendElement(new ItemEntity("has_extended_acl","",OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_ERROR,0));
+-            item->AppendMessage(new OvalMessage(string("Error reading ACL data: ") + strerror(errno)));
+-          }
+-	}
+ 
++	item->AppendElement(new ItemEntity("has_extended_acl","",OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_NOT_COLLECTED,0));
+ # else
+ 	// behavior 1
+ 	item->AppendElement(new ItemEntity("has_extended_acl","",OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_NOT_COLLECTED,0));
diff --git a/app-forensics/ovaldi/files/ovaldi-5.10.1.4-disable-selinux-probes.patch b/app-forensics/ovaldi/files/ovaldi-5.10.1.4-disable-selinux-probes.patch
new file mode 100644
index 000000000000..b9d02d763c61
--- /dev/null
+++ b/app-forensics/ovaldi/files/ovaldi-5.10.1.4-disable-selinux-probes.patch
@@ -0,0 +1,84 @@
+--- src/probes/unix/Process58Probe.cpp.old	2013-01-14 16:05:18.000000000 +0100
++++ src/probes/unix/Process58Probe.cpp	2013-01-14 16:06:16.000000000 +0100
+@@ -29,8 +29,8 @@
+ //****************************************************************************************//
+ 
+ #ifdef LINUX
+-#  include <selinux/selinux.h>
+-#  include <selinux/context.h>
++/*#  include <selinux/selinux.h>
++#  include <selinux/context.h>*/
+ #  include <sys/capability.h>
+ #  include <SecurityContextGuard.h>
+ #endif
+@@ -328,7 +328,7 @@
+ 	pid_t sessionId;
+ 	uid_t loginuid;
+ 	uint64_t effCap, *effCapp=&effCap;
+-	string selinuxDomainLabel;
++/*	string selinuxDomainLabel;*/
+ 
+ 	Process58Probe::ProcStatus statStatus, statusStatus, ttyStatus, loginuidStatus;
+ 
+@@ -423,10 +423,10 @@
+ 	}
+ 
+ 	// this one doesn't require reading anything in /proc
+-	if (!RetrieveSelinuxDomainLabel(pid, &selinuxDomainLabel, &errMsg)) {
++/*	if (!RetrieveSelinuxDomainLabel(pid, &selinuxDomainLabel, &errMsg)) {
+ 		item->AppendMessage(new OvalMessage(errMsg, OvalEnum::LEVEL_ERROR));
+ 		item->SetStatus(OvalEnum::STATUS_ERROR);
+-	}
++	}*/
+ 
+ 	// The Linux start time is represented as the number of jiffies (1/100 sec)
+ 	// that the application was started after the last system reboot.  To get an
+@@ -522,10 +522,10 @@
+ 		// aren't any.
+ 		item->AppendElement(new ItemEntity("posix_capability", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_ERROR));
+ 
+-	if (selinuxDomainLabel.empty())
++/*	if (selinuxDomainLabel.empty())
+ 		item->AppendElement(new ItemEntity("selinux_domain_label", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_ERROR));
+ 	else
+-		item->AppendElement(new ItemEntity("selinux_domain_label", selinuxDomainLabel));
++		item->AppendElement(new ItemEntity("selinux_domain_label", selinuxDomainLabel));*/
+ 
+ 	if (statStatus == PROC_OK)
+ 		item->AppendElement(new ItemEntity("session_id", Common::ToString(sessionId), OvalEnum::DATATYPE_INTEGER));
+@@ -740,7 +740,7 @@
+ 											   capMap[capEnum]));
+ 	}
+ }
+-
++/*
+ bool Process58Probe::RetrieveSelinuxDomainLabel(pid_t pid, string *label, string *err) {
+ 	security_context_t sctx;
+ 	int ec = getpidcon(pid, &sctx);
+@@ -763,7 +763,7 @@
+ 	*label = tmp;
+ 	return true;
+ }
+-
++*/
+ #elif defined SUNOS
+ 
+ void Process58Probe::GetPSInfo(string command, string pidStr, ItemVector* items) {
+@@ -830,7 +830,7 @@
+ 	item->AppendElement(new ItemEntity("exec_shield", "", OvalEnum::DATATYPE_BOOLEAN, OvalEnum::STATUS_NOT_COLLECTED));
+ 	item->AppendElement(new ItemEntity("loginuid", "", OvalEnum::DATATYPE_INTEGER, OvalEnum::STATUS_NOT_COLLECTED));
+  	item->AppendElement(new ItemEntity("posix_capability", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_NOT_COLLECTED));
+- 	item->AppendElement(new ItemEntity("selinux_domain_label", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_NOT_COLLECTED));
++/* 	item->AppendElement(new ItemEntity("selinux_domain_label", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_NOT_COLLECTED));*/
+ 	item->AppendElement(new ItemEntity("session_id", Common::ToString(info.pr_sid), OvalEnum::DATATYPE_INTEGER));
+ 
+ 	items->push_back(item);
+@@ -988,7 +988,7 @@
+ 	item->AppendElement(new ItemEntity("exec_shield", "", OvalEnum::DATATYPE_BOOLEAN, OvalEnum::STATUS_NOT_COLLECTED));
+ 	item->AppendElement(new ItemEntity("loginuid", "", OvalEnum::DATATYPE_INTEGER, OvalEnum::STATUS_NOT_COLLECTED));
+ 	item->AppendElement(new ItemEntity("posix_capability", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_NOT_COLLECTED));
+-	item->AppendElement(new ItemEntity("selinux_domain_label", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_NOT_COLLECTED));
++/*	item->AppendElement(new ItemEntity("selinux_domain_label", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_NOT_COLLECTED));*/
+ 	item->AppendElement(new ItemEntity("session_id", "", OvalEnum::DATATYPE_INTEGER, OvalEnum::STATUS_NOT_COLLECTED));
+     
+     items->push_back(item);
diff --git a/app-forensics/ovaldi/files/ovaldi-5.10.1.4-strnicmp.patch b/app-forensics/ovaldi/files/ovaldi-5.10.1.4-strnicmp.patch
new file mode 100644
index 000000000000..fc127efd3cdb
--- /dev/null
+++ b/app-forensics/ovaldi/files/ovaldi-5.10.1.4-strnicmp.patch
@@ -0,0 +1,11 @@
+--- src/Main.h.old	2010-10-22 14:59:13.000000000 +0200
++++ src/Main.h	2010-10-22 14:59:38.000000000 +0200
+@@ -38,7 +38,7 @@
+ #endif
+ 
+ #ifdef LINUX
+-#  define STRNICMP strnicmp
++#  define STRNICMP strncasecmp
+ #elif defined SUNOS
+ #  define STRNICMP strncasecmp
+ #elif defined DARWIN
diff --git a/app-forensics/ovaldi/files/ovaldi-5.10.1.4-xerces3.patch b/app-forensics/ovaldi/files/ovaldi-5.10.1.4-xerces3.patch
new file mode 100644
index 000000000000..9350029312c4
--- /dev/null
+++ b/app-forensics/ovaldi/files/ovaldi-5.10.1.4-xerces3.patch
@@ -0,0 +1,283 @@
+--- src/XmlProcessor.h.old	2011-08-18 14:35:41.608703233 +0200
++++ src/XmlProcessor.h	2011-08-18 14:39:21.835597094 +0200
+@@ -38,14 +38,17 @@
+ #include <string>
+ 
+ //	required xerces	includes
+-#include <xercesc/dom/DOMBuilder.hpp>
+ #include <xercesc/dom/DOMDocument.hpp>
+ #include <xercesc/dom/DOMErrorHandler.hpp>
+ #include <xercesc/dom/DOMError.hpp>
+ 
+ // for entity resolver
+-#include <xercesc/dom/DOMEntityResolver.hpp>
+-#include <xercesc/dom/DOMInputSource.hpp>
++
++#include <xercesc/dom/DOMImplementationRegistry.hpp>
++#include <xercesc/dom/DOMLSParser.hpp>
++#include <xercesc/sax/EntityResolver.hpp>
++#include <xercesc/sax/InputSource.hpp>
++#include <xercesc/sax2/SAX2XMLReader.hpp>
+ 
+ #include "Exception.h"
+ 
+@@ -53,12 +56,14 @@
+ 	This class extends the default DOMEntityResolver and implments the resolve entity method 
+ 	to support 
+ */
+-class DataDirResolver : public xercesc::DOMEntityResolver {
++class DataDirResolver : public xercesc::EntityResolver {
+ public:
+ 	/**
+      *     
+ 	*/
+-	xercesc::DOMInputSource *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI);
++//	xercesc::DOMInputSource *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI);
++	xercesc::InputSource *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId);
++	xercesc::DOMLSInput *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI);
+ };
+ 
+ /**
+@@ -144,7 +149,7 @@
+ 	 * owns the documents it builds.  Users must manually destroy
+ 	 * those documents.
+ 	 */
+-	xercesc::DOMBuilder *parserWithCallerAdoption;
++	xercesc::DOMLSParser *parserWithCallerAdoption;
+ 
+ 	/**
+ 	 * This parser doesn't have user-adoption switched on, so it
+@@ -156,7 +161,7 @@
+ 	 * appear to ever be switched off.  So to make sure this isn't
+ 	 * leaking memory, I have created separate parsers.
+ 	 */
+-	xercesc::DOMBuilder *parser;
++	xercesc::DOMLSParser *parser;
+ 
+ 	/** The entity resolver for both parsers. */
+ 	DataDirResolver resolver;
+--- src/probes/independent/XmlFileContentProbe.cpp.old	2010-10-22 14:49:22.000000000 +0200
++++ src/probes/independent/XmlFileContentProbe.cpp	2010-10-22 14:51:39.000000000 +0200
+@@ -419,12 +419,24 @@
+     return new DummyEntityResolver::DoNothingBinInputStream();
+ }
+ 
++#if XERCES_VERSION_MAJOR < 3
+ unsigned int DummyEntityResolver::DoNothingBinInputStream::curPos() const
++#else
++const XMLCh* DummyEntityResolver::DoNothingBinInputStream::getContentType() const
++{
++    return NULL;
++}
++XMLFilePos DummyEntityResolver::DoNothingBinInputStream::curPos() const
++#endif
+ {
+     return 0;
+ }
+ 
++#if XERCES_VERSION_MAJOR < 3
+ unsigned int DummyEntityResolver::DoNothingBinInputStream::readBytes(XMLByte *const /*toFill*/, const unsigned int /*maxToRead*/)
++#else
++XMLSize_t DummyEntityResolver::DoNothingBinInputStream::readBytes(XMLByte *const toFill, XMLSize_t maxToRead)
++#endif
+ {
+     return 0;
+ }
+--- src/probes/independent/XmlFileContentProbe.h.old	2010-10-22 14:55:47.000000000 +0200
++++ src/probes/independent/XmlFileContentProbe.h	2010-10-22 14:57:00.000000000 +0200
+@@ -134,8 +134,14 @@
+     class DoNothingBinInputStream : public BinInputStream
+     {
+     public:
++#if XERCES_VERSION_MAJOR < 3
+         virtual unsigned int curPos() const;
+         virtual unsigned int readBytes(XMLByte *const toFill, const unsigned int maxToRead);
++#else
++	virtual XMLFilePos curPos() const;
++	virtual const XMLCh* getContentType() const;
++	virtual XMLSize_t readBytes(XMLByte *const toFill, XMLSize_t maxToRead);
++#endif
+     };
+ };
+ 
+--- src/XmlCommon.cpp.old
++++ src/XmlCommon.cpp
+@@ -546,7 +546,11 @@ void XmlCommon::AddSchemaLocation(XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument *do
+ string XmlCommon::GetNamespace(DOMElement *element) {
+ 
+ 	string xmlns = "";
++#if XERCES_VERSION_MAJOR < 3
+ 	xmlns = XmlCommon::ToString(element->getTypeInfo()->getNamespace());
++#else
++	xmlns = XmlCommon::ToString(element->getSchemaTypeInfo()->getTypeNamespace());
++#endif
+ 	if (xmlns.compare("") == 0) {
+ 		xmlns = "";
+ 	}
+--- src/XmlProcessor.cpp.old	2013-01-14 15:16:14.000000000 +0100
++++ src/XmlProcessor.cpp	2013-01-14 15:19:20.000000000 +0100
+@@ -35,7 +35,6 @@
+ // for dom Writer
+ #include <xercesc/dom/DOMImplementation.hpp>
+ #include <xercesc/dom/DOMImplementationLS.hpp>
+-#include <xercesc/dom/DOMWriter.hpp>
+ #include <xercesc/framework/StdOutFormatTarget.hpp>
+ #include <xercesc/framework/LocalFileFormatTarget.hpp>
+ #include <xercesc/util/XMLUni.hpp>
+@@ -50,11 +49,26 @@
+ using namespace std;
+ using namespace xercesc;
+ 
++#if XERCES_VERSION_MAJOR < 3
++#define SetParameter(serializer,n,v) if (serializer->canSetFeature(n,v)) serializer->setFeature(n,v)
++#else
++#define SetParameter(serializer,n,v) if (serializer->getDomConfig()->canSetParameter(n,v)) serializer->getDomConfig()->setParameter(n,v)
++#endif
++
+ //****************************************************************************************//
+ //			DataDirResolver Class                                   					  //	
+ //****************************************************************************************//
+-
++#if XERCES_VERSION_MAJOR < 3
+ DOMInputSource* DataDirResolver::resolveEntity (const XMLCh *const /*publicId*/, const XMLCh *const systemId, const XMLCh *const /*baseURI*/) {
++#else
++InputSource* DataDirResolver::resolveEntity(const XMLCh* publicId, const XMLCh* systemId)
++{
++	return NULL;
++	//return DataDirResolver::resolveEntity (publicId, systemId, NULL);
++}
++
++DOMLSInput* DataDirResolver::resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI) {
++#endif
+ 	string path = "";
+ 	size_t last;
+ 	string schemapath = Common::GetSchemaPath();
+@@ -127,7 +141,7 @@
+ 		parserWithCallerAdoption = makeParser(schemaLocation);
+ 		// add one extra feature on this parser to prevent it from
+ 		// taking ownership of its documents.
+-		parserWithCallerAdoption->setFeature(XMLUni::fgXercesUserAdoptsDOMDocument, true);
++		SetParameter(parserWithCallerAdoption, XMLUni::fgXercesUserAdoptsDOMDocument, true);
+ 
+     } catch (const XMLException& toCatch) {
+         string errMsg = "Error:  An error occured durring initialization of the xml utilities:\n";
+@@ -156,32 +170,40 @@
+ 	XMLPlatformUtils::Terminate();
+ }
+ 
+-DOMBuilder *XmlProcessor::makeParser(const string &schemaLocation) {
++DOMLSParser *XmlProcessor::makeParser(const string &schemaLocation) {
+     // Instantiate the DOM parser.
+ 	static const XMLCh gLS[] = { chLatin_L, chLatin_S, chNull };
+ 	DOMImplementation *impl = DOMImplementationRegistry::getDOMImplementation(gLS);
+ 
+-	DOMBuilder *parser = ((DOMImplementationLS*)impl)->createDOMBuilder(DOMImplementationLS::MODE_SYNCHRONOUS, 0);
++#if XERCES_VERSION_MAJOR < 3
++	DOMLSParser *parser = ((DOMImplementationLS*)impl)->createDOMLSParser(DOMImplementationLS::MODE_SYNCHRONOUS, 0);
++#else
++	DOMLSParser *parser = ((DOMImplementationLS*)impl)->createLSParser(DOMImplementationLS::MODE_SYNCHRONOUS, 0);
++#endif
+ 
+ 	///////////////////////////////////////////////////////
+ 	//	Set features on the builder
+ 	///////////////////////////////////////////////////////
+ 
+-	parser->setFeature(XMLUni::fgDOMComments, false); // Discard Comment nodes in the document. 
+-	parser->setFeature(XMLUni::fgDOMDatatypeNormalization, true); // Let the validation process do its datatype normalization that is defined in the used schema language.  
+-	parser->setFeature(XMLUni::fgDOMNamespaces, true); //  Perform Namespace processing
+-	parser->setFeature(XMLUni::fgDOMValidation, true); // Report all validation errors.  
+-	parser->setFeature(XMLUni::fgXercesSchema, true); //  Enable the parser's schema support.
+-	parser->setFeature(XMLUni::fgXercesSchemaFullChecking, true); //  Enable full schema constraint checking, including checking which may be time-consuming or memory intensive. Currently, particle unique attribution constraint checking and particle derivation restriction checking are controlled by this option.  
+-	parser->setFeature(XMLUni::fgXercesValidationErrorAsFatal, true); //  The parser will treat validation error as fatal and will exit  
+-	parser->setFeature(XMLUni::fgXercesDOMHasPSVIInfo, true); // Enable storing of PSVI information in element and attribute nodes.
++	SetParameter(parser, XMLUni::fgDOMComments, false); // Discard Comment nodes in the document. 
++	SetParameter(parser, XMLUni::fgDOMDatatypeNormalization, true); // Let the validation process do its datatype normalization that is defined in the used schema language.  
++	SetParameter(parser, XMLUni::fgDOMNamespaces, true); //  Perform Namespace processing
++	SetParameter(parser, XMLUni::fgDOMValidate, true); // Report all validation errors.  
++	SetParameter(parser, XMLUni::fgXercesSchema, true); //  Enable the parser's schema support.
++	SetParameter(parser, XMLUni::fgXercesSchemaFullChecking, true); //  Enable full schema constraint checking, including checking which may be time-consuming or memory intensive. Currently, particle unique attribution constraint checking and particle derivation restriction checking are controlled by this option.  
++	SetParameter(parser, XMLUni::fgXercesValidationErrorAsFatal, true); //  The parser will treat validation error as fatal and will exit  
++	SetParameter(parser, XMLUni::fgXercesDOMHasPSVIInfo, true); // Enable storing of PSVI information in element and attribute nodes.
+ 
+ 	///////////////////////////////////////////////////////
+ //****************************************************************************************//
+ //			The following code was added to handle air-gap operation					  //	
+ //****************************************************************************************//
+ 	/* Look for XML schemas in local directory instead of Internet */
++#if XERCES_VERSION_MAJOR < 3
+ 	parser->setEntityResolver (&resolver);
++#else
++	parser->getDomConfig()->setParameter(XMLUni::fgXercesEntityResolver, &resolver);
++#endif
+ //****************************************************************************************//
+ //			End of air-gap code															  //	
+ //****************************************************************************************//
+@@ -189,7 +211,11 @@
+ 	///////////////////////////////////////////////////////
+ 	//	Add an Error Handler
+ 	///////////////////////////////////////////////////////
++#if XERCES_VERSION_MAJOR < 3
+ 	parser->setErrorHandler(&errHandler);
++#else
++	parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, &errHandler);
++#endif
+ 
+ 	// Fix a schema location if possible, so instance documents don't
+ 	// have to set the schemaLocation attribute.  And if they do, this
+@@ -197,7 +223,7 @@
+ 	// overriding of the value in instance documents.
+ 	if (!schemaLocation.empty()) {
+ 		XMLCh *schemaLocationCstr = XMLString::transcode(schemaLocation.c_str());
+-		parser->setProperty(XMLUni::fgXercesSchemaExternalSchemaLocation, schemaLocationCstr);
++		SetParameter(parser, XMLUni::fgXercesSchemaExternalSchemaLocation, schemaLocationCstr);
+ 		XMLString::release(&schemaLocationCstr);
+ 	}
+ 
+@@ -279,23 +305,19 @@
+ 		XMLCh tempStr[100];
+ 		XMLString::transcode("LS", tempStr, 99);
+ 		DOMImplementation *impl = DOMImplementationRegistry::getDOMImplementation(tempStr);
++#if XERCES_VERSION_MAJOR < 3
+ 		DOMWriter *theSerializer = ((DOMImplementationLS*)impl)->createDOMWriter();
++#else
++		DOMLSSerializer *theSerializer = ((DOMImplementationLS*)impl)->createLSSerializer();
++#endif
+ 
+-		// set feature if the serializer supports the feature/mode
+-		if (theSerializer->canSetFeature(XMLUni::fgDOMWRTSplitCdataSections, true))
+-			theSerializer->setFeature(XMLUni::fgDOMWRTSplitCdataSections, true);
+ 
+-		if (theSerializer->canSetFeature(XMLUni::fgDOMWRTDiscardDefaultContent, true))
+-			theSerializer->setFeature(XMLUni::fgDOMWRTDiscardDefaultContent, true);
+-
+-		if (theSerializer->canSetFeature(XMLUni::fgDOMWRTFormatPrettyPrint, true))
+-			theSerializer->setFeature(XMLUni::fgDOMWRTFormatPrettyPrint, true);
+-
+-		if (theSerializer->canSetFeature(XMLUni::fgDOMWRTBOM, false))
+-			theSerializer->setFeature(XMLUni::fgDOMWRTBOM, false);
+-
+-		//if (theSerializer->canSetFeature(XMLUni::fgDOMWRTDiscardDefaultContent, true))
+-		//	theSerializer->setFeature(XMLUni::fgDOMWRTBOM, true);
++		// set feature if the serializer supports the feature/mode
++		SetParameter(theSerializer, XMLUni::fgDOMWRTSplitCdataSections, true);
++		SetParameter(theSerializer, XMLUni::fgDOMWRTDiscardDefaultContent, true);
++		SetParameter(theSerializer, XMLUni::fgDOMWRTFormatPrettyPrint, true);
++		SetParameter(theSerializer, XMLUni::fgDOMWRTBOM, false);
++		//SetParameter(theSerializer, XMLUni::fgDOMWRTBOM, true);
+ 
+ 		//
+ 		// Plug in a format target to receive the resultant
+@@ -313,7 +335,13 @@
+ 		//
+ 		// do the serialization through DOMWriter::writeNode();
+ 		//
++#if XERCES_VERSION_MAJOR < 3
+ 		theSerializer->writeNode(myFormTarget, *doc);
++#else
++		DOMLSOutput *output = ((DOMImplementationLS*)impl)->createLSOutput();
++		output->setByteStream(myFormTarget);
++		theSerializer->write(doc, output);
++#endif
+ 
+ 		theSerializer->release();
+ 		delete myFormTarget;
diff --git a/app-forensics/ovaldi/files/ovaldi-5.10.1.7-disable-acl.patch b/app-forensics/ovaldi/files/ovaldi-5.10.1.7-disable-acl.patch
new file mode 100644
index 000000000000..6d6fbf60178e
--- /dev/null
+++ b/app-forensics/ovaldi/files/ovaldi-5.10.1.7-disable-acl.patch
@@ -0,0 +1,23 @@
+--- src/probes/unix/FileProbe.cpp.old	2014-10-08 09:15:37.000000000 +0200
++++ src/probes/unix/FileProbe.cpp	2014-10-08 09:15:55.000000000 +0200
+@@ -386,18 +386,8 @@
+ 	   6) If a file has an ACL, the value will be 'true'.
+ 	*/
+ 	
+-	int hasExtendedAcl = acl_extended_file(filePath.c_str());
+-	if(hasExtendedAcl > -1){ // behavior 4, 5, and 6
+-          item->AppendElement(new ItemEntity("has_extended_acl",Common::ToString(hasExtendedAcl),OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_EXISTS,0));
+-	}else{
+-	  if(errno == EOPNOTSUPP){ // behavior 3
+-	    item->AppendElement(new ItemEntity("has_extended_acl","",OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_DOES_NOT_EXIST,0));
+-          }else{ // behavior 2
+-	    item->AppendElement(new ItemEntity("has_extended_acl","",OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_ERROR,0));
+-            item->AppendMessage(new OvalMessage(string("Error reading ACL data: ") + strerror(errno)));
+-          }
+-	}
+-
++	// behavior 1
++	item->AppendElement(new ItemEntity("has_extended_acl","",OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_NOT_COLLECTED,0));
+ # else
+ 	// behavior 1
+ 	item->AppendElement(new ItemEntity("has_extended_acl","",OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_NOT_COLLECTED,0));
diff --git a/app-forensics/ovaldi/files/ovaldi-5.10.1.7-disable_RetrieveSelinuxDomainLabel.patch b/app-forensics/ovaldi/files/ovaldi-5.10.1.7-disable_RetrieveSelinuxDomainLabel.patch
new file mode 100644
index 000000000000..11d369022b03
--- /dev/null
+++ b/app-forensics/ovaldi/files/ovaldi-5.10.1.7-disable_RetrieveSelinuxDomainLabel.patch
@@ -0,0 +1,31 @@
+--- src/probes/unix/Process58Probe.cpp.old	2014-10-08 08:56:37.000000000 +0200
++++ src/probes/unix/Process58Probe.cpp	2014-10-08 08:57:58.000000000 +0200
+@@ -743,26 +743,8 @@
+ }
+ 
+ bool Process58Probe::RetrieveSelinuxDomainLabel(pid_t pid, string *label, string *err) {
+-	security_context_t sctx;
+-	int ec = getpidcon(pid, &sctx);
+-	if (ec == -1) {
+-		// getpidcon man page doesn't say errno is set... so we can't get a
+-		// reason for the error.
+-		*err = "getpidcon() failed";
+-		return false;
+-	}
+-
+-	SecurityContextGuard scg(sctx);
+-	ContextGuard cg(sctx);
+-
+-	const char *tmp = context_type_get(cg);
+-	if (!tmp) {
+-		*err = string("context_get_type(")+sctx+"): "+strerror(errno);
+-		return false;
+-	}
+-
+-	*label = tmp;
+-	return true;
++	*err = string("context_get_type(NotImplmented)");
++	return false;
+ }
+ 
+ #elif defined SUNOS
diff --git a/app-forensics/ovaldi/metadata.xml b/app-forensics/ovaldi/metadata.xml
new file mode 100644
index 000000000000..009a7f30aa6f
--- /dev/null
+++ b/app-forensics/ovaldi/metadata.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<!-- maintainer-needed -->
+	<upstream>
+		<remote-id type="sourceforge">ovaldi</remote-id>
+	</upstream>
+</pkgmetadata>
+
diff --git a/app-forensics/ovaldi/ovaldi-5.10.1.4.ebuild b/app-forensics/ovaldi/ovaldi-5.10.1.4.ebuild
new file mode 100644
index 000000000000..c23af38bfe53
--- /dev/null
+++ b/app-forensics/ovaldi/ovaldi-5.10.1.4.ebuild
@@ -0,0 +1,94 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit eutils toolchain-funcs
+
+DESCRIPTION="Free implementation of OVAL"
+HOMEPAGE="http://oval.mitre.org/language/interpreter.html"
+SRC_URI="mirror://sourceforge/${PN}/${P}-src.tar.bz2"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="acl ldap selinux"
+
+CDEPEND="dev-libs/libgcrypt:0
+	dev-libs/libpcre
+	dev-libs/xalan-c
+	dev-libs/xerces-c
+	sys-apps/util-linux
+	sys-libs/libcap
+	acl? ( sys-apps/acl )
+	ldap? ( net-nds/openldap )"
+DEPEND="${CDEPEND}
+	sys-apps/sed"
+RDEPEND="${CDEPEND}
+	selinux? ( sys-libs/libselinux )"
+
+S="${WORKDIR}/${P}-src"
+
+src_prepare() {
+	#Ovaldi do not support xerces 3, but portage have only that
+	epatch "${FILESDIR}"/${P}-xerces3.patch
+	sed -i 's,xercesc::DOMBuilder,xercesc::DOMLSParser,' src/XmlProcessor.h || die
+	sed -i 's,DOMBuilder,DOMLSParser,' src/XmlProcessor.cpp || die
+
+	epatch "${FILESDIR}"/${P}-strnicmp.patch
+
+	if ! use ldap ; then
+		einfo "Disabling LDAP probes"
+		sed -i 's,.*ldap,//&,' src/linux/ProbeFactory.cpp || die
+		sed -i 's,.*LDAP,//&,' src/linux/ProbeFactory.cpp || die
+		sed -i 's/-lldap//' project/linux/Makefile || die
+		sed -i 's/-llber//' project/linux/Makefile || die
+		sed -i 's/.*LDAPProbe.h.*//' src/linux/ProbeFactory.h || die
+		rm src/probes/independent/LDAPProbe.{cpp,h} || die
+	fi
+
+	if ! use acl ; then
+		sed -i 's,.*libacl,//&,' src/probes/unix/FileProbe.h || die
+		epatch "${FILESDIR}"/disable-acl.patch
+		sed -i 's, -lacl , ,' project/linux/Makefile || die
+	fi
+
+	einfo "Disabling rpm probes"
+	sed -i 's/^PACKAGE_RPM/#PACKAGE_RPM/' project/linux/Makefile || die
+
+	# same thing for dpkg, but package dpkg is not sufficient, needs app-arch/apt-pkg that is not on tree
+	einfo "Disabling dpkg probes"
+	sed -i 's/^PACKAGE_DPKG/#PACKAGE_DPKG/' project/linux/Makefile || die
+
+	#Disabling SELinux support
+	if ! use selinux ; then
+		rm src/probes/linux/SelinuxSecurityContextProbe.cpp || die
+		rm src/probes/linux/SelinuxBooleanProbe.cpp || die
+		rm src/probes/linux/SelinuxBooleanProbe.h || die
+		epatch "${FILESDIR}"/${P}-disable-selinux-probes.patch
+		sed -i 's,.*selinux.*,//&,' src/linux/ProbeFactory.cpp || die
+		sed -i 's,.*Selinux.*,//&,' src/linux/ProbeFactory.cpp || die
+		sed -i 's,.*selinux.*,//&,' src/linux/ProbeFactory.h || die
+		sed -i 's,.*Selinux.*,//&,' src/linux/ProbeFactory.h || die
+		sed -i 's,.*SecurityContextGuard.h.*,//&,' src/probes/unix/Process58Probe.cpp || die
+		rm src/linux/SecurityContextGuard.h || die
+		sed -i 's, -lselinux,,' project/linux/Makefile || die
+	fi
+	# respect CXXFLAGS and CXX
+	sed -i -e '/^CPPFLAGS/s/$(INCDIRS)/$(CXXFLAGS) \0/' project/linux/Makefile || die
+	tc-export CXX
+}
+
+src_compile () {
+	emake -C project/linux
+}
+
+src_install () {
+	# no make install in Makefile
+	dosbin project/linux/Release/ovaldi project/linux/ovaldi.sh
+	dodir /var/log/${PN}
+	insinto /usr/share/${PN}
+	doins xml/*
+	dodoc docs/{README.txt,version.txt}
+	doman docs/ovaldi.1
+}
diff --git a/app-forensics/ovaldi/ovaldi-5.10.1.7.ebuild b/app-forensics/ovaldi/ovaldi-5.10.1.7.ebuild
new file mode 100644
index 000000000000..369b5e03a84f
--- /dev/null
+++ b/app-forensics/ovaldi/ovaldi-5.10.1.7.ebuild
@@ -0,0 +1,93 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit eutils toolchain-funcs
+
+DESCRIPTION="Free implementation of OVAL"
+HOMEPAGE="http://oval.mitre.org/language/interpreter.html"
+SRC_URI="mirror://sourceforge/${PN}/${P}-src.tar.bz2"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="acl ldap selinux"
+
+CDEPEND="dev-libs/libgcrypt:0
+	dev-libs/libpcre
+	dev-libs/xalan-c
+	dev-libs/xerces-c
+	sys-apps/util-linux
+	sys-libs/libcap
+	acl? ( sys-apps/acl )
+	ldap? ( net-nds/openldap )"
+DEPEND="${CDEPEND}
+	sys-apps/sed"
+RDEPEND="${CDEPEND}
+	selinux? ( sys-libs/libselinux )"
+
+S="${WORKDIR}/${P}-src"
+
+src_prepare() {
+	if ! use ldap ; then
+		einfo "Disabling LDAP probes"
+		sed -i 's,.*ldap,//&,' src/linux/ProbeFactory.cpp || die
+		sed -i 's,.*LDAP,//&,' src/linux/ProbeFactory.cpp || die
+		sed -i 's/-lldap//' project/linux/Makefile || die
+		sed -i 's/-llber//' project/linux/Makefile || die
+		sed -i 's/.*LDAPProbe.h.*//' src/linux/ProbeFactory.h || die
+		rm src/probes/independent/LDAPProbe.{cpp,h} || die
+	fi
+
+	if ! use acl ; then
+		sed -i 's,.*libacl,//&,' src/probes/unix/FileProbe.h || die
+		epatch "${FILESDIR}"/${P}-disable-acl.patch
+		sed -i 's, -lacl , ,' project/linux/Makefile || die
+	fi
+
+	einfo "Disabling rpm probes"
+	sed -i 's/^PACKAGE_RPM/#PACKAGE_RPM/' project/linux/Makefile || die
+
+	# same thing for dpkg, but package dpkg is not sufficient, needs app-arch/apt-pkg that is not on tree
+	einfo "Disabling dpkg probes"
+	sed -i 's/^PACKAGE_DPKG/#PACKAGE_DPKG/' project/linux/Makefile || die
+
+	#Disabling SELinux support
+	if ! use selinux ; then
+		rm src/probes/linux/SelinuxSecurityContextProbe.cpp || die
+		rm src/probes/linux/SelinuxBooleanProbe.cpp || die
+		rm src/probes/linux/SelinuxBooleanProbe.h || die
+		epatch "${FILESDIR}"/${P}-disable_RetrieveSelinuxDomainLabel.patch
+		sed -i 's,.*selinux.*,//&,' src/linux/ProbeFactory.cpp || die
+		sed -i 's,.*Selinux.*,//&,' src/linux/ProbeFactory.cpp || die
+		sed -i 's,.*selinux.*.h.*,//&,' src/probes/unix/Process58Probe.cpp || die
+		sed -i 's,.*SecurityContextGuard.h.*,//&,' src/probes/unix/Process58Probe.cpp || die
+		sed -i 's, -lselinux,,' project/linux/Makefile || die
+	fi
+
+	# missing header for realloc and free
+	sed -i 's,#include <unistd.h>,&\n#include <stdlib.h>,' src/linux/NetworkInterfaces.cpp || die
+	sed -i 's,#include <unistd.h>,&\n#include <stdlib.h>,' src/linux/SystemInfo.cpp || die
+
+	# respect CXXFLAGS and CXX
+	sed -i -e '/^CPPFLAGS/s/$(INCDIRS)/$(CXXFLAGS) \0/' project/linux/Makefile || die
+
+	# no such library on linux
+	sed -i 's,-lxalanMsg,,' project/linux/Makefile || die
+	tc-export CXX
+}
+
+src_compile () {
+	emake -C project/linux
+}
+
+src_install () {
+	# no make install in Makefile
+	dosbin project/linux/Release/ovaldi project/linux/ovaldi.sh
+	dodir /var/log/${PN}
+	insinto /usr/share/${PN}
+	doins xml/*
+	dodoc docs/{README.txt,version.txt}
+	doman docs/ovaldi.1
+}