diff --git a/.gitignore b/.gitignore index 62a5441..3b0414e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/openscap-1.3.10.tar.gz +openscap-1.4.1.tar.gz diff --git a/.openscap.metadata b/.openscap.metadata deleted file mode 100644 index 21a4bdf..0000000 --- a/.openscap.metadata +++ /dev/null @@ -1 +0,0 @@ -35917d469c9f490a098958a9b70de12a212472f0 SOURCES/openscap-1.3.10.tar.gz diff --git a/SPECS/openscap.spec b/openscap.spec similarity index 53% rename from SPECS/openscap.spec rename to openscap.spec index 7abcc56..f6fdc27 100644 --- a/SPECS/openscap.spec +++ b/openscap.spec @@ -1,16 +1,31 @@ Name: openscap -Version: 1.3.10 -Release: 2%{?dist} +Version: 1.4.1 +Release: 1%{?dist} +Epoch: 1 Summary: Set of open source libraries enabling integration of the SCAP line of standards -Group: System Environment/Libraries -License: LGPLv2+ +License: LGPL-2.1-or-later URL: http://www.open-scap.org/ +VCS: https://github.com/OpenSCAP/openscap Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz + +%global common_description %{expand: +OpenSCAP is a set of open source libraries providing an easier path +for integration of the SCAP line of standards. SCAP is a line of standards +managed by NIST with the goal of providing a standard language +for the expression of Computer Network Defense related information.} + +BuildRequires: systemd-rpm-macros +BuildRequires: make BuildRequires: cmake >= 2.6 -BuildRequires: swig libxml2-devel libxslt-devel perl-generators perl-XML-Parser +BuildRequires: cmake-rpm-macros +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: swig +BuildRequires: libxml2-devel +BuildRequires: libxslt-devel BuildRequires: rpm-devel -BuildRequires: libgcrypt-devel -BuildRequires: pcre-devel +BuildRequires: nss-devel +BuildRequires: pcre2-devel BuildRequires: libacl-devel BuildRequires: libselinux-devel BuildRequires: libcap-devel @@ -18,20 +33,17 @@ BuildRequires: libblkid-devel BuildRequires: bzip2-devel BuildRequires: asciidoc BuildRequires: openldap-devel -BuildRequires: GConf2-devel BuildRequires: glib2-devel BuildRequires: dbus-devel BuildRequires: libyaml-devel -BuildRequires: xmlsec1-devel xmlsec1-openssl-devel -%if %{?_with_check:1}%{!?_with_check:0} -BuildRequires: perl-XML-XPath -BuildRequires: bzip2 -%endif +BuildRequires: xmlsec1-devel +BuildRequires: xmlsec1-openssl-devel +BuildRequires: procps-devel +BuildRequires: python3-devel + Requires: bash Requires: bzip2-libs Requires: dbus -Requires: libyaml -Requires: GConf2 Requires: glib2 Requires: libacl Requires: libblkid @@ -39,130 +51,72 @@ Requires: libcap Requires: libselinux Requires: openldap Requires: popt -# RHEL8 has procps-ng, which provides procps Requires: procps -Requires: xmlsec1 xmlsec1-openssl -Requires(post): /sbin/ldconfig -Requires(postun): /sbin/ldconfig -Obsoletes: python2-openscap -Obsoletes: openscap-content-sectool -Obsoletes: openscap-extra-probes -Obsoletes: openscap-extra-probes-sql +Requires: xmlsec1 +Requires: xmlsec1-openssl -%description -OpenSCAP is a set of open source libraries providing an easier path -for integration of the SCAP line of standards. SCAP is a line of standards -managed by NIST with the goal of providing a standard language -for the expression of Computer Network Defense related information. - -%package devel -Summary: Development files for %{name} -Group: Development/Libraries -Requires: %{name}%{?_isa} = %{version}-%{release} -Requires: libxml2-devel -Requires: pkgconfig -BuildRequires: doxygen - -%description devel -The %{name}-devel package contains libraries and header files for -developing applications that use %{name}. - -%package python3 -Summary: Python 3 bindings for %{name} -Group: Development/Libraries -Requires: %{name}%{?_isa} = %{version}-%{release} -BuildRequires: python3-devel - -%description python3 -The %{name}-python3 package contains the bindings so that %{name} -libraries can be used by python3. +%description %{common_description} %package scanner Summary: OpenSCAP Scanner Tool (oscap) -Group: Applications/System -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} Requires: libcurl >= 7.12.0 BuildRequires: libcurl-devel >= 7.12.0 -Obsoletes: openscap-selinux -Obsoletes: openscap-selinux-compat %description scanner The %{name}-scanner package contains oscap command-line tool. The oscap is configuration and vulnerability scanner, capable of performing compliance checking using SCAP content. +%{common_description} %package utils Summary: OpenSCAP Utilities -Group: Applications/System -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} Requires: rpmdevtools rpm-build -Requires: %{name}-scanner%{?_isa} = %{version}-%{release} -Requires: bash +Requires: %{name}-scanner%{?_isa} = %{epoch}:%{version}-%{release} %description utils The %{name}-utils package contains command-line tools build on top of OpenSCAP library. Historically, openscap-utils included oscap tool which is now separated to %{name}-scanner sub-package. +%{common_description} %package engine-sce Summary: Script Check Engine plug-in for OpenSCAP -Group: Applications/System -Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} %description engine-sce The Script Check Engine is non-standard extension to SCAP protocol. This engine allows content authors to avoid OVAL language and write their assessment commands using a scripting language (Bash, Perl, Python, Ruby, ...). - -%package engine-sce-devel -Summary: Development files for %{name}-engine-sce -Group: Development/Libraries -Requires: %{name}-devel%{?_isa} = %{version}-%{release} -Requires: %{name}-engine-sce%{?_isa} = %{version}-%{release} -Requires: pkgconfig - -%description engine-sce-devel -The %{name}-engine-sce-devel package contains libraries and header files -for developing applications that use %{name}-engine-sce. +%{common_description} %prep %autosetup -p1 -mkdir build %build -cd build -%cmake -DENABLE_PERL=OFF \ - -DENABLE_DOCS=ON \ - -DENABLE_OSCAP_UTIL_DOCKER=OFF \ - -DENABLE_OSCAP_UTIL_CHROOT=ON \ - -DENABLE_OSCAP_UTIL_PODMAN=ON \ - -DENABLE_OSCAP_UTIL_VM=ON \ - -DENABLE_OSCAP_REMEDIATE_SERVICE=OFF \ - -DOPENSCAP_PROBE_LINUX_DPKGINFO=OFF \ - .. -make %{?_smp_mflags} +%cmake \ + -DWITH_CRYPTO=nss \ + -DENABLE_DOCS=ON \ + -DENABLE_PERL=OFF \ + -DENABLE_PYTHON3=OFF \ + -DENABLE_OSCAP_UTIL_DOCKER=OFF \ + -DENABLE_OSCAP_REMEDIATE_SERVICE=OFF \ + -DOPENSCAP_PROBE_LINUX_DPKGINFO=OFF \ + -DOPENSCAP_ENABLE_SHA1=OFF \ + -DOPENSCAP_ENABLE_MD5=OFF +%cmake_build make docs -%check -%if %{?_with_check:1}%{!?_with_check:0} -ctest -V %{?_smp_mflags} -%endif - %install -cd build -%make_install +%cmake_install -find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' +find %{buildroot} -name '*.la' -exec rm -f {} ';' # fix python shebangs -pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm +%{__python3} %{_rpmconfigdir}/redhat/pathfix.py -i %{__python3} -p -n %{buildroot}%{_bindir}/scap-as-rpm -%clean -rm -rf $RPM_BUILD_ROOT - -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig +%ldconfig_scriptlets %files %doc AUTHORS NEWS README.md @@ -176,279 +130,284 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/openscap/schemas/* %{_datadir}/openscap/xsl/* %{_datadir}/openscap/cpe/* +%exclude %{_libdir}/libopenscap.so +%exclude %{_libdir}/pkgconfig/*.pc +%exclude %{_includedir}/openscap +%exclude %{_pkgdocdir}/html/ -%files python3 -%{python3_sitearch}/* - -%files devel -%doc %{_pkgdocdir}/html/ -%{_libdir}/libopenscap.so -%{_libdir}/pkgconfig/*.pc -%{_includedir}/openscap -%exclude %{_includedir}/openscap/sce_engine_api.h - -%files engine-sce-devel -%{_libdir}/libopenscap_sce.so -%{_includedir}/openscap/sce_engine_api.h +%files engine-sce +%{_libdir}/libopenscap_sce.so.* +%exclude %{_libdir}/libopenscap_sce.so %files scanner -%{_mandir}/man8/oscap.8.gz +%{_mandir}/man8/oscap.8* %{_bindir}/oscap -%{_mandir}/man8/oscap-chroot.8.gz +%{_mandir}/man8/oscap-chroot.8* %{_bindir}/oscap-chroot %{_sysconfdir}/bash_completion.d %files utils %doc docs/oscap-scan.cron -%{_mandir}/man8/oscap-ssh.8.gz -%{_bindir}/oscap-ssh -%{_mandir}/man8/oscap-podman.8.gz -%{_bindir}/oscap-podman -%{_mandir}/man8/oscap-vm.8.gz -%{_bindir}/oscap-vm -%{_mandir}/man8/scap-as-rpm.8.gz -%{_bindir}/scap-as-rpm -%{_mandir}/man8/autotailor.8.gz -%{_bindir}/autotailor +%{_mandir}/man8/* +%exclude %{_mandir}/man8/oscap.8* +%exclude %{_mandir}/man8/oscap-chroot.8* +%{_bindir}/* +%exclude %{_bindir}/oscap +%exclude %{_bindir}/oscap-chroot -%files engine-sce -%{_libdir}/libopenscap_sce.so.* -%{_bindir}/oscap-run-sce-script %changelog -* Mon Apr 08 2024 Jan Černý - 1.3.10-2 -- Explicitely disable dpkginfo probe +* Wed Jan 08 2025 Jan Černý - 1:1.4.1-1 +- Upgrade to the latest upstream release +- Introduce the 'oscap-im' tool -* Tue Apr 02 2024 Jan Černý - 1.3.10-1 -- Rebase to the latest upstream version (RHEL-31221) -- Add ability to define a limit of collected items (RHEL-11925) -- Add option --references that can select rules based on their reference (RHEL-1479) +* Tue Oct 29 2024 Troy Dawson - 1:1.4.0-3 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 -* Fri Jul 14 2023 Evgenii Kolesnikov - 1.3.8-1 -- Upgrade to the latest upstream release (rhbz#2217441) -- Add offline support for sysctl probe (rhbz#2185791) -- Fix systemd* probes unit enumeration (rhbz#2219533) +* Tue Aug 20 2024 Jan Černý - 1:1.4.0-2 +- Fix filehash58 probe on s390x architecture -* Fri Jan 27 2023 Jan Černý - 1.3.7-1 -- Upgrade to the latest upstream release (rhbz#2159290) -- Fix error when processing OVAL filters (rhbz#2126882) -- Don't emit xmlfilecontent items if XPath doesn't match (rhbz#2139060) +* Thu Aug 01 2024 Jan Černý - 1:1.4.0-1 +- Update to the latest upstream release (RHEL-53981) +- Remove openscap-devel, openscap-engine-sce-devel and openscap-python3 subpackages -* Thu Jul 21 2022 Jan Černý - 1.3.6-4 -- Fix potential invalid scan results in OpenSCAP (rhbz#2111040) -- Remove oscap-remediate service (rhbz#2111360) +* Mon Jun 24 2024 Troy Dawson - 1:1.3.10-3 +- Bump release for June 2024 mass rebuild -* Wed Feb 02 2022 Jan Černý - 1.3.6-3 -- Prevent fails of test_ds_misc.sh +* Thu Jun 06 2024 Jan Černý - 1:1.3.10-2 +- Update gating tests -* Mon Jan 31 2022 Jan Černý - 1.3.6-2 +* Tue Apr 02 2024 Jan Černý - 1:1.3.10-1 +- Rebase to the latest upstream version +- Use NSS as cryptography library (RHEL-22013) + +* Sun Jan 21 2024 Michal Ambroz - 1:1.3.9-7 +- add conditionals to be able to rebuild with opendbx/apt even on EPEL+RHEL +- cosmetics: rename patches, add comments, use buildroot macro instead of env +- add explicit build requirement to python3-setuptools, needed for 3.13+ + +* Sun Jan 21 2024 Fedora Release Engineering - 1:1.3.9-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jan 04 2024 Yaakov Selkowitz - 1:1.3.9-5 +- Enable opendbx for SQL probes only in Fedora + +* Wed Jan 03 2024 Florian Weimer - 1:1.3.9-4 +- Fix C compatibility issues + +* Wed Dec 20 2023 Jan Černý - 1:1.3.9-3 +- Fix test test_sysctl_probe_all.sh +- Clean up the repository + +* Thu Nov 23 2023 Michal Ambroz - 1:1.3.9-2 +- adding conditional for apt-devel apt-libs as proposed upstream + +* Thu Nov 23 2023 Michal Ambroz - 1:1.3.9-1 +- bump to 1.3.9 +- provide perl binding + +* Tue Sep 05 2023 Yaakov Selkowitz - 1:1.3.8-6 +- Use pcre2 (#2128342) + +* Thu Jul 20 2023 Fedora Release Engineering - 1:1.3.8-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Tue Jun 27 2023 Python Maint - 1:1.3.8-4 +- Rebuilt for Python 3.12 + +* Tue Jun 27 2023 Evgeny Kolesnikov - 1:1.3.8-3 +- Rebuilt because of xmlsec1 downgrade + +* Mon Jun 26 2023 Python Maint - 1:1.3.8-2 +- Rebuilt for Python 3.12 + +* Tue Jun 20 2023 Evgeny Kolesnikov - 1:1.3.8-1 +- Upgrade to the latest upstream release + +* Thu Jun 15 2023 Python Maint - 1:1.3.7-4 +- Rebuilt for Python 3.12 + +* Fri May 19 2023 Petr Pisar - 1:1.3.7-3 +- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19) + +* Wed Feb 01 2023 Tom Stellard - 1:1.3.7-2 +- Fix implicit function definition warning + +* Thu Jan 26 2023 Jan Černý - 1:1.3.7-1 +- Upgrade to the latest upstream release + +* Thu Jan 19 2023 Fedora Release Engineering - 1:1.3.6-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Mon Oct 17 2022 Jan Černý - 1:1.3.6-11 +- Add systemd-rpm-macros to BuildRequires (rhbz#2126078) + +* Fri Jul 22 2022 Fedora Release Engineering - 1:1.3.6-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Mon Jun 13 2022 Python Maint - 1:1.3.6-9 +- Rebuilt for Python 3.11 + +* Fri Jun 03 2022 Jan Černý - 1:1.3.6-8 +- Rebuild due to changes in tests + +* Tue May 31 2022 Jan Černý - 1:1.3.6-7 +- Rebuild due to changes in tests + +* Tue May 31 2022 Jan Černý - 1:1.3.6-6 +- Update tests due to relocation of RPM database + +* Mon May 30 2022 Jan Černý - 1:1.3.6-5 +- Use correct includes (rhbz#2080210) + +* Fri Feb 4 2022 Evgenii Kolesnikov - 1:1.3.6-4 +- Prevent file permissions errors + +* Tue Feb 1 2022 Evgenii Kolesnikov - 1:1.3.6-3 +- Prevent fails of test_ds_misc.sh (bis) + +* Mon Jan 31 2022 Evgenii Kolesnikov - 1:1.3.6-2 - Fix coverity issues - Prevent fails of test_ds_misc.sh -* Thu Jan 20 2022 Jan Černý - 1.3.6-1 -- Upgrade to the latest upstream release (rhbz#2041781) -- Select and exclude groups of rules on the command line -- The boot-time remediation service for systemd's Offline Update mode +* Thu Jan 20 2022 Evgenii Kolesnikov - 1:1.3.6-1 +- Update to the latest upstream release -* Fri Nov 19 2021 Jan Černý - 1.3.5-10 -- Print warning for local files +* Thu Jan 20 2022 Fedora Release Engineering - 1:1.3.5-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -* Wed Nov 10 2021 Jan Černý - 1.3.5-9 -- Lower memory limits and improve their checking (rhbz#2021851) -- Remove timestamp from the user manual (rhbz#2022364) +* Thu Jul 22 2021 Fedora Release Engineering - 1:1.3.5-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -* Tue Nov 09 2021 Jan Černý - 1.3.5-8 -- Allow local DS components (rhbz#1970529) -- Fix hostname detection in offline scan of UBI 9 images (rhbz#1893888) -- Add an alternative source of hostname (rhbz#1977668) -- Fix oscap-chroot errors in process58_probe caused by empty /proc (rhbz#2008922) +* Fri Jun 25 2021 Jan Černý - 1:1.3.5-5 +- Do not set RPATH (rhbz#1967200) -* Thu Nov 04 2021 Evgenii Kolesnikov - 1.3.5-7 -- Introduce support for Image Builder's Blueprint remediation type (rhbz#2020050) +* Wed Jun 16 2021 Stephen Gallagher - 1:1.3.5-4 +- Skip RPATH check temporarily -* Wed Jul 28 2021 Jan Černý - 1.3.5-6 -- Initialize crypto API only once (rhbz#1959570) +* Fri Jun 04 2021 Python Maint - 1:1.3.5-3 +- Rebuilt for Python 3.10 -* Wed Jul 14 2021 Evgenii Kolesnikov - 1.3.5-5 -- Add 'null' values handling to the yamlfilecontent probe (RHBZ#1981691) +* Mon Apr 26 2021 Jan Černý - 1:1.3.5-2 +- Waive the known issue with hugepages on ppc64/ppc64le -* Tue Jun 01 2021 Jan Černý - 1.3.5-4 -- Replace getlogin by cuserid +* Fri Apr 23 2021 Jan Černý - 1:1.3.5-1 +- Update to the latest upstream release -* Mon May 10 2021 Evgenii Kolesnikov - 1.3.5-3 -- Waive known issue with hugepages in upstream testsuite (RHBZ#1912000) -- Fix issues reported by the coverity scan -- Introduce OSBuild 'blueprint' fix type +* Tue Jan 26 2021 Fedora Release Engineering - 1:1.3.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -* Tue May 04 2021 Evgenii Kolesnikov - 1.3.5-2 -- Fix changelog (add missing 1.3.3-6 entry) +* Wed Dec 09 2020 Jan Černý - 1:1.3.4-3 +- Remove dependency on GConf2 +- Update cmake command -* Thu Apr 29 2021 Evgenii Kolesnikov - 1.3.5-1 -- Upgrade to the latest upstream release (RHBZ#1953092) -- Fix segfault when using --stig-viewer option and latest XML file from DoD (RHBZ#1912000) -- Improve doc about --stig-viewer (RHBZ#1918759) -- Backport an upstream patch adding CentOS CPE (RHBZ#1907935) +* Tue Nov 03 2020 Evgenii Kolesnikov - 1.3.4-2 +- Fix problems uncovered by the Coverity Scan +- Fix field names handling in yamlfilecontent probe -* Wed Nov 25 2020 Evgenii Kolesnikov - 1.3.4-5 -- Add check for non-local GPFS file system into Test Suite (RHBZ#1840578) +* Wed Oct 07 2020 Evgenii Kolesnikov - 1:1.3.4-1 +- Upgrade to the latest upstream release -* Fri Nov 13 2020 Evgenii Kolesnikov - 1.3.4-4 -- Use MALLOC_CHECK_=3 while executing Test Suite (RHBZ#1891770) +* Thu Aug 27 2020 Jan Černý - 1:1.3.3-6 +- Disabled the gconf probe, and removed the gconf dependency. + gconf is a legacy system not used any more, and it blocks testing of oscap-anaconda-addon + as gconf is no longer part of the installation medium for Fedora 32 -* Tue Nov 10 2020 Jan Černý - 1.3.4-3 -- Fix memory allocation (RHBZ#1891770) +* Tue Jul 28 2020 Fedora Release Engineering - 1:1.3.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -* Thu Oct 29 2020 Evgenii Kolesnikov - 1.3.3-6 -- Enable profile composition with a specific platform (RHBZ#1896676) -- Enable YAML probe to work with sets of values (RHBZ#1895715) +* Tue Jul 14 2020 Tom Stellard - 1:1.3.3-4 +- Update spec file to use new cmake macros +- https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds -* Mon Oct 26 2020 Evgenii Kolesnikov - 1.3.4-2 -- Fix problems uncovered by the Coverity Scan (RHBZ#1887794) +* Tue May 26 2020 Miro Hrončok - 1:1.3.3-3 +- Rebuilt for Python 3.9 -* Wed Oct 14 2020 Evgenii Kolesnikov - 1.3.4-1 -- Upgrade to the latest upstream release (RHBZ#1887794) -- Treat GPFS as a remote file system (RHBZ#1840578, RHBZ#1840579) -- Fixed the most problematic memory issues that were causing OOM situations - for systems with large amount of files (RHBZ#1824152) -- Proper handling of OVALs with circular dependencies between definitions (RHBZ#1812476) +* Mon May 04 2020 Jan Černý - 1:1.3.3-2 +- Add libyaml-devel as a dependency to enable yamlfilecontent probe -* Wed Aug 19 2020 Jan Černý - 1.3.3-5 -- Detect remote file systems correctly (RHBZ#1870087) +* Thu Apr 30 2020 Jan Černý - 1:1.3.3-1 +- Upgrade to the latest upstream release -* Mon Aug 03 2020 Jan Černý - 1.3.3-4 -- Fix memory leaks in rpmverifyfile probe (RHBZ#1861301) +* Thu Apr 09 2020 Matěj Týč - 1:1.3.2-5 +- Made the spec file requirements section copy-paste of the RHEL8 section. +- Cleaned the spec file up from ancient obsoletes. -* Tue Jul 21 2020 Matěj Týč - 1.3.3-3 -- Added support for fetching remote content with compression (RHBZ#1855708) +* Wed Jan 29 2020 Fedora Release Engineering - 1:1.3.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -* Thu Jun 25 2020 Matěj Týč - 1.3.3-2 -- Prevent unwanted recursion that could crash the scanner (RHBZ#1686370) +* Mon Jan 27 2020 Jan Černý - 1:1.3.2-3 +- Fix duplicate global variables (RHBZ#1793914) -* Mon May 04 2020 Evgeny Kolesnikov - 1.3.3-1 -- Upgrade to the latest upstream release (rhbz#1829761) -- Added a Python script that can be used for CLI tailoring (autotailor) -- Added timezone to XCCDF TestResult start/end time -- Added yamlfilecontent independent probe (proposal/draft implementation) -- Added ability to generate `machineconfig` fix -- Introduced `urn:xccdf:fix:script:kubernetes` fix type in XCCDF -- Fixed filepath pattern matching in offline mode in textfilecontent58 probe -- Fixed #170: The rpmverifyfile probe can't verify files from '/bin' directory -- Fixed #1512: Severity refinement lost in generated guide -- Fixed #1453: Pointer lost in Swig API -- The data system_info probe return for offline and online modes is consistent and actual -- Evaluation Characteristics of the XCCDF report are now consistent with OVAL entities - from system_info probe +* Wed Jan 15 2020 Jan Černý - 1:1.3.2-2 +- Do not use C++ keyword operator as a function parameter name -* Fri Mar 27 2020 Jan Černý - 1.3.2-9 -- Generate HTML guides from tailored profiles (RHBZ#1743835) +* Tue Jan 14 2020 Jan Černý - 1:1.3.2-1 +- Upgrade to the latest upstream release -* Wed Mar 18 2020 Jan Černý - 1.3.2-8 -- Fix tests for rpmverifyfileprobe (RHBZ#1814726) +* Thu Oct 03 2019 Miro Hrončok - 1:1.3.1-4 +- Rebuilt for Python 3.8.0rc1 (#1748018) -* Thu Mar 12 2020 Jan Černý - 1.3.2-7 -- Fix segmentation fault in systemdunitdependency_probe (RHBZ#1793050) -- Fix crash in textfilecontent probe (RHBZ#1686467) -- Do not drop empty lines from Ansible remediations (RHBZ#1795563) -- Fix oscap-ssh --sudo (RHBZ#1803116) -- Remove useless warnings (RHBZ#1764139) +* Mon Aug 19 2019 Miro Hrončok - 1:1.3.1-3 +- Rebuilt for Python 3.8 -* Thu Jan 23 2020 Jan Černý - 1.3.2-6 -- Fix FindACL.cmake +* Thu Jul 25 2019 Fedora Release Engineering - 1:1.3.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -* Tue Jan 21 2020 Matěj Týč - 1.3.2-5 -- Added more exhaustive package dependencies. -- Added the covscan/UX patch. - -* Mon Jan 20 2020 Evgeny Kolesnikov - 1.3.2-4 -- Added patch: utils/oscap-podman: Detect ambiguous scan target - -* Mon Jan 20 2020 Evgeny Kolesnikov - 1.3.2-3 -- Refined requirements - -* Sun Jan 19 2020 Evgeny Kolesnikov - 1.3.2-2 -- Added patch: Fix case where CMake couldn't find libacl or xattr.h - -* Wed Jan 15 2020 Evgeny Kolesnikov - 1.3.2-1 -- Upgrade to the latest upstream release (rhbz#1778296) -- Offline mode support for environmentvariable58 probe (rhbz#1493614) -- The oscap-docker wrapper is available without Atomic -- Improved support of multi-check rules (report, remediations, console output) (rhbz#1771438) -- Improved HTML report look and feel, including printed version (rhbz#1640839) -- Less clutter in verbose mode output; some warnings and errors demoted to verbose mode levels -- Probe rpmverifyfile uses and returns canonical paths (rhbz#1776308) -- Improved a11y of HTML reports and guides (rhbz#1767382) -- Fixes and improvements for SWIG Python bindings (rhbz#1753603) -- #1403 fixed: Scanner would not apply remediation for multicheck rules (verbosity) -- Fixed URL link mechanism for Red Hat Errata -- New STIG Viewer URI: public.cyber.mil -- Probe selinuxsecuritycontext would not check if SELinux is enabled -- Scanner would provide information about unsupported OVAL objects -- Added more tests for offline mode (probes, remediation) (rhbz#1618489) -- #528 fixed: Eval SCE script when /tmp is in mode noexec -- #1173, RHBZ#1603347 fixed: Double chdir/chroot in probe rpmverifypackage (rhbz#1636431) - -* Wed Dec 18 2019 Vojtech Polasek - 1.3.1-3 -- put back openscap-chroot, openscap-podman and openscap-vm files - -* Fri Nov 01 2019 Vojtech Polasek - 1.3.1-2 -- Fixed XSLT template making rule details in reports accessible for screenreader users (#1767382) - -* Fri Jun 14 2019 Evgeny Kolesnikov - 1.3.1-1 -- Bumped the package release number - -* Thu Jun 13 2019 Evgeny Kolesnikov - 1.3.1-0 -- Upgrade to the latest upstream release (rhbz#1718826) -- Support for SCAP 1.3 Source Datastreams (evaluating, XML schemas, validation) (rhbz#1709429) -- Tailoring files are included in ARF result files -- Remote filesystems mounted using `autofs` direct maps are not recognized as local filesystems (rhbz#1655943) -- Offline scan utilizing rpmverifyfile probe fails in fchdir and aborts (rhbz#1636431) - -* Wed Jan 16 2019 Gabriel Becker - 1.3.0-7 -- Removed oscap-vm binary and manpage files from build as they will not be supported by RHEL-8.0.0. -- Explicitly specify which files should be in openscap-utils subpackage. - -* Mon Jan 14 2019 Gabriel Becker - 1.3.0-6 -- Removed containers package as RHEL-8.0.0 will not support it. -- Removed oscap-chroot binary and manpage from utils package as RHEL-8.0.0 will not support it. - -* Mon Oct 15 2018 Jan Černý - 1.3.0-5 -- Fixed unresolved symbols in SCE library - -* Fri Oct 12 2018 Matěj Týč - 1.3.0-4 -- Fixed a sudo regression in oscap-ssh. -- Updated test to work with newer versions of procps. -- Updated the man page. - -* Tue Oct 09 2018 Matěj Týč - 1.3.0-3 -- Fixed memory error in SWIG (RHBZ#1607014) - -* Tue Oct 09 2018 Jan Černý - 1.3.0-2 -- Drop openscap-perl subpackage (RHBZ#1624396) - -* Mon Oct 08 2018 Jan Černý - 1.3.0-1 -- upgrade to the latest upstream release -- list subpackages removed in 1.3.0_alpha1-1 as obsoleted - -* Fri Aug 10 2018 Jan Černý - 1.3.0_alpha2-1 +* Thu Jun 13 2019 Jan Černý - 1:1.3.1-1 - upgrade to the latest upstream release -* Thu Aug 09 2018 Jan Černý - 1.3.0_alpha1-3 -- Add RHEL8 CPE (until RHEL8 public beta downstream patch only) +* Mon Jun 10 2019 Igor Gnatenko - 1:1.3.0-7 +- Rebuild for RPM 4.15 -* Fri Jul 27 2018 Jan Černý - 1.3.0_alpha1-2 -- Use AsciiDoc instead of AsciiDoctor (RHBZ#1607541) +* Mon Jun 10 2019 Igor Gnatenko - 1:1.3.0-6 +- Rebuild for RPM 4.15 -* Fri Jul 20 2018 Jan Černý - 1.3.0_alpha1-1 +* Sat Jun 01 2019 Jitka Plesnikova - 1:1.3.0-5 +- Perl 5.30 rebuild + +* Mon May 20 2019 Jan Černý - 1.3.0-4 +- Upgrade the Epoch to align with F30 + +* Fri Feb 01 2019 Fedora Release Engineering - 1.3.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Oct 19 2018 Matěj Týč - 1.3.0-2 +- Removed the openscap-perl package to be on par with RHEL. + +* Tue Oct 09 2018 Jan Černý - 1.3.0-1 +- upgrade to the latest upstream release + +* Mon Sep 10 2018 Jan Černý - 1.3.0_alpha2-2 +- List subpackages removed in 1.3.0_alpha1-1 as obsoleted (RHBZ#1626801) + +* Mon Aug 13 2018 Jan Černý - 1.3.0_alpha2-1 +- upgrade to the latest upstream release + +* Wed Jul 25 2018 Jan Černý - 1.3.0_alpha1-2 +- removed python2-openscap subpackage + +* Wed Jul 18 2018 Jan Černý - 1.3.0_alpha1-1 - upgrade to the latest upstream release - change specfile to use CMake - dropped commands in the spec file that are no longer relevant - dropped subpackages in the spec file that are no longer relevant -* Fri May 18 2018 Jan Černý - 1.2.16-5 -- Use pathfix.py instead of a downstream patch to fix shebang +* Fri Jul 13 2018 Fedora Release Engineering - 1.2.17-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -* Thu May 17 2018 Jan Černý - 1.2.16-4 -- Remove Python 2 dependencies +* Tue Jul 03 2018 Petr Pisar - 1.2.17-4 +- Perl 5.28 rebuild + +* Fri Jun 29 2018 Jitka Plesnikova - 1.2.17-3 +- Perl 5.28 rebuild + +* Tue Jun 19 2018 Miro Hrončok - 1.2.17-2 +- Rebuilt for Python 3.7 + +* Tue May 29 2018 Jan Černý - 1.2.17-1 +- upgrade to the latest upstream release * Thu Feb 08 2018 Fedora Release Engineering - 1.2.16-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild @@ -832,3 +791,4 @@ rm -rf $RPM_BUILD_ROOT * Thu Jan 15 2009 Tomas Heinrich 0.1.1-1 - Initial rpm + diff --git a/sources b/sources new file mode 100644 index 0000000..c659c51 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (openscap-1.4.1.tar.gz) = 07ebff512200e81bfaac5975e300bf9c72ac8a621e593245eb78d176e2208c36c18b2c6e70ab37dc49996b6903ce88e908187c6978168fc2ee8fa9cad689c877