Compare commits

..

No commits in common. "a9-beta" and "c8" have entirely different histories.
a9-beta ... c8

4 changed files with 231 additions and 238 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/openscap-1.3.7.tar.gz SOURCES/openscap-1.3.10.tar.gz

View File

@ -1 +1 @@
238acbe6e18162b54cbdd0083c52511c00faa268 SOURCES/openscap-1.3.7.tar.gz 35917d469c9f490a098958a9b70de12a212472f0 SOURCES/openscap-1.3.10.tar.gz

View File

@ -1,70 +0,0 @@
diff -Naur openscap-1.3.3.orig/cpe/openscap-cpe-oval.xml openscap-1.3.3.alma/cpe/openscap-cpe-oval.xml
--- openscap-1.3.3.orig/cpe/openscap-cpe-oval.xml 2020-04-30 11:50:09.000000000 +0300
+++ openscap-1.3.3.alma/cpe/openscap-cpe-oval.xml 2021-03-22 13:12:12.069413537 +0300
@@ -133,6 +133,19 @@
<criterion comment="Oracle Linux 8 is installed" test_ref="oval:org.open-scap.cpe.ol:tst:8"/>
</criteria>
</definition>
+ <definition class="inventory" id="oval:org.open-scap.cpe.almalinux:def:8" version="1">
+ <metadata>
+ <title>AlmaLinux 8</title>
+ <affected family="unix">
+ <platform>AlmaLinux 8</platform>
+ </affected>
+ <reference ref_id="cpe:/o:almalinux:almalinux:8" source="CPE"/>
+ <description>The operating system installed on the system is AlmaLinux 8</description>
+ </metadata>
+ <criteria>
+ <criterion comment="AlmaLinux 8 is installed" test_ref="oval:org.open-scap.cpe.almalinux:tst:8"/>
+ </criteria>
+ </definition>
<definition class="inventory" id="oval:org.open-scap.cpe.rhel:def:1005" version="1">
<metadata>
<title>Community Enterprise Operating System 5</title>
@@ -828,6 +841,11 @@
<object object_ref="oval:org.open-scap.cpe.oraclelinux-release:obj:1"/>
<state state_ref="oval:org.open-scap.cpe.ol:ste:8"/>
</rpminfo_test>
+ <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.almalinux:tst:8" version="1" check="at least one" comment="almalinux-release is version 8"
+ xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+ <object object_ref="oval:org.open-scap.cpe.almalinux-release:obj:1"/>
+ <state state_ref="oval:org.open-scap.cpe.almalinux:ste:8"/>
+ </rpminfo_test>
<rpmverifyfile_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.rhel:tst:1005" version="1" check="at least one" comment="centos-release is version 5"
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:org.open-scap.cpe.redhat-release:obj:3"/>
@@ -1165,6 +1183,9 @@
<rpminfo_object id="oval:org.open-scap.cpe.oraclelinux-release:obj:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<name>oraclelinux-release</name>
</rpminfo_object>
+ <rpminfo_object id="oval:org.open-scap.cpe.almalinux-release:obj:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+ <name>almalinux-release</name>
+ </rpminfo_object>
<registry_object id="oval:org.open-scap.cpe.windows:obj:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" >
<hive>HKEY_LOCAL_MACHINE</hive>
<key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key>
@@ -1233,6 +1254,10 @@
<name operation="pattern match">^oraclelinux-release</name>
<version operation="pattern match">^8</version>
</rpminfo_state>
+ <rpminfo_state id="oval:org.open-scap.cpe.almalinux:ste:8" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+ <name operation="pattern match">^almalinux-release</name>
+ <version operation="pattern match">^8</version>
+ </rpminfo_state>
<rpminfo_state id="oval:org.open-scap.cpe.fedora:ste:16" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<version operation="pattern match">^16$</version>
</rpminfo_state>
diff -Naur openscap-1.3.5/cpe/openscap-cpe-dict.xml openscap-1.3.5.alma/cpe/openscap-cpe-dict.xml
--- openscap-1.3.5/cpe/openscap-cpe-dict.xml 2021-04-23 13:39:58.000000000 +0300
+++ openscap-1.3.5.alma/cpe/openscap-cpe-dict.xml 2021-10-10 10:02:27.000000000 +0300
@@ -37,6 +37,10 @@
<title xml:lang="en-us">Community Enterprise Operating System 8</title>
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.centos:def:8</check>
</cpe-item>
+ <cpe-item name="cpe:/o:almalinux:almalinux:8">
+ <title xml:lang="en-us">AlmaLinux 8</title>
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.almalinux:def:8</check>
+ </cpe-item>
<cpe-item name="cpe:/o:fedoraproject:fedora:32">
<title xml:lang="en-us">Fedora 32</title>
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.fedora:def:32</check>

View File

@ -1,19 +1,12 @@
Name: openscap Name: openscap
Version: 1.3.7 Version: 1.3.10
Release: 1%{?dist}.alma Release: 2%{?dist}
Epoch: 1
Summary: Set of open source libraries enabling integration of the SCAP line of standards Summary: Set of open source libraries enabling integration of the SCAP line of standards
Group: System Environment/Libraries
License: LGPLv2+ License: LGPLv2+
URL: http://www.open-scap.org/ URL: http://www.open-scap.org/
Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
# Add AlmaLinux definitions
Patch1000: openscap-1.3.5-almalinux.patch
BuildRequires: make
BuildRequires: cmake >= 2.6 BuildRequires: cmake >= 2.6
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: swig libxml2-devel libxslt-devel perl-generators perl-XML-Parser BuildRequires: swig libxml2-devel libxslt-devel perl-generators perl-XML-Parser
BuildRequires: rpm-devel BuildRequires: rpm-devel
BuildRequires: libgcrypt-devel BuildRequires: libgcrypt-devel
@ -25,6 +18,7 @@ BuildRequires: libblkid-devel
BuildRequires: bzip2-devel BuildRequires: bzip2-devel
BuildRequires: asciidoc BuildRequires: asciidoc
BuildRequires: openldap-devel BuildRequires: openldap-devel
BuildRequires: GConf2-devel
BuildRequires: glib2-devel BuildRequires: glib2-devel
BuildRequires: dbus-devel BuildRequires: dbus-devel
BuildRequires: libyaml-devel BuildRequires: libyaml-devel
@ -37,6 +31,7 @@ Requires: bash
Requires: bzip2-libs Requires: bzip2-libs
Requires: dbus Requires: dbus
Requires: libyaml Requires: libyaml
Requires: GConf2
Requires: glib2 Requires: glib2
Requires: libacl Requires: libacl
Requires: libblkid Requires: libblkid
@ -44,9 +39,15 @@ Requires: libcap
Requires: libselinux Requires: libselinux
Requires: openldap Requires: openldap
Requires: popt Requires: popt
# We have procps-ng, which provides procps # RHEL8 has procps-ng, which provides procps
Requires: procps Requires: procps
Requires: xmlsec1 xmlsec1-openssl Requires: xmlsec1 xmlsec1-openssl
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
Obsoletes: python2-openscap
Obsoletes: openscap-content-sectool
Obsoletes: openscap-extra-probes
Obsoletes: openscap-extra-probes-sql
%description %description
OpenSCAP is a set of open source libraries providing an easier path OpenSCAP is a set of open source libraries providing an easier path
@ -56,7 +57,8 @@ for the expression of Computer Network Defense related information.
%package devel %package devel
Summary: Development files for %{name} Summary: Development files for %{name}
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: libxml2-devel Requires: libxml2-devel
Requires: pkgconfig Requires: pkgconfig
BuildRequires: doxygen BuildRequires: doxygen
@ -67,7 +69,8 @@ developing applications that use %{name}.
%package python3 %package python3
Summary: Python 3 bindings for %{name} Summary: Python 3 bindings for %{name}
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
BuildRequires: python3-devel BuildRequires: python3-devel
%description python3 %description python3
@ -76,9 +79,12 @@ libraries can be used by python3.
%package scanner %package scanner
Summary: OpenSCAP Scanner Tool (oscap) Summary: OpenSCAP Scanner Tool (oscap)
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} Group: Applications/System
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: libcurl >= 7.12.0 Requires: libcurl >= 7.12.0
BuildRequires: libcurl-devel >= 7.12.0 BuildRequires: libcurl-devel >= 7.12.0
Obsoletes: openscap-selinux
Obsoletes: openscap-selinux-compat
%description scanner %description scanner
The %{name}-scanner package contains oscap command-line tool. The oscap The %{name}-scanner package contains oscap command-line tool. The oscap
@ -87,9 +93,10 @@ compliance checking using SCAP content.
%package utils %package utils
Summary: OpenSCAP Utilities Summary: OpenSCAP Utilities
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} Group: Applications/System
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: rpmdevtools rpm-build Requires: rpmdevtools rpm-build
Requires: %{name}-scanner%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-scanner%{?_isa} = %{version}-%{release}
Requires: bash Requires: bash
%description utils %description utils
@ -99,7 +106,8 @@ tool which is now separated to %{name}-scanner sub-package.
%package engine-sce %package engine-sce
Summary: Script Check Engine plug-in for OpenSCAP Summary: Script Check Engine plug-in for OpenSCAP
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} Group: Applications/System
Requires: %{name}%{?_isa} = %{version}-%{release}
%description engine-sce %description engine-sce
The Script Check Engine is non-standard extension to SCAP protocol. This The Script Check Engine is non-standard extension to SCAP protocol. This
@ -108,8 +116,9 @@ commands using a scripting language (Bash, Perl, Python, Ruby, ...).
%package engine-sce-devel %package engine-sce-devel
Summary: Development files for %{name}-engine-sce Summary: Development files for %{name}-engine-sce
Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release} Group: Development/Libraries
Requires: %{name}-engine-sce%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-devel%{?_isa} = %{version}-%{release}
Requires: %{name}-engine-sce%{?_isa} = %{version}-%{release}
Requires: pkgconfig Requires: pkgconfig
%description engine-sce-devel %description engine-sce-devel
@ -118,20 +127,20 @@ for developing applications that use %{name}-engine-sce.
%prep %prep
%autosetup -p1 %autosetup -p1
mkdir build
%build %build
# gconf is a legacy system not used any more, and it blocks testing of oscap-anaconda-addon cd build
# as gconf is no longer part of the installation medium %cmake -DENABLE_PERL=OFF \
%cmake \
-DENABLE_DOCS=ON \ -DENABLE_DOCS=ON \
-DENABLE_PERL=OFF \
-DENABLE_OSCAP_UTIL_DOCKER=OFF \ -DENABLE_OSCAP_UTIL_DOCKER=OFF \
-DENABLE_OSCAP_UTIL_CHROOT=ON \
-DENABLE_OSCAP_UTIL_PODMAN=ON \
-DENABLE_OSCAP_UTIL_VM=ON \
-DENABLE_OSCAP_REMEDIATE_SERVICE=OFF \ -DENABLE_OSCAP_REMEDIATE_SERVICE=OFF \
-DOPENSCAP_PROBE_UNIX_GCONF=OFF \ -DOPENSCAP_PROBE_LINUX_DPKGINFO=OFF \
-DOPENSCAP_ENABLE_SHA1=OFF \ ..
-DOPENSCAP_ENABLE_MD5=OFF \ make %{?_smp_mflags}
-DGCONF_LIBRARY=
%cmake_build
make docs make docs
%check %check
@ -140,14 +149,20 @@ ctest -V %{?_smp_mflags}
%endif %endif
%install %install
%cmake_install cd build
%make_install
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
# fix python shebangs # fix python shebangs
pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm
%ldconfig_scriptlets %clean
rm -rf $RPM_BUILD_ROOT
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files %files
%doc AUTHORS NEWS README.md %doc AUTHORS NEWS README.md
@ -201,190 +216,239 @@ pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm
%{_bindir}/oscap-run-sce-script %{_bindir}/oscap-run-sce-script
%changelog %changelog
* Wed Mar 29 2023 Eduard Abdullin <eabdullin@almalinux.org> - 1:1.3.7-1.alma * Mon Apr 08 2024 Jan Černý <jcerny@redhat.com> - 1.3.10-2
- Add AlmaLinux definitions - Explicitely disable dpkginfo probe
* Fri Jan 27 2023 Jan Černý <jcerny@redhat.com> - 1:1.3.7-1 * Tue Apr 02 2024 Jan Černý <jcerny@redhat.com> - 1.3.10-1
- Upgrade to the latest upstream release (rhbz#2159286) - Rebase to the latest upstream version (RHEL-31221)
- Fix error when processing OVAL filters (rhbz#2126883) - Add ability to define a limit of collected items (RHEL-11925)
- Don't emit xmlfilecontent items if XPath doesn't match (rhbz#2138884) - Add option --references that can select rules based on their reference (RHEL-1479)
* Thu Jul 21 2022 Jan Černý <jcerny@redhat.com> - 1:1.3.6-4 * Fri Jul 14 2023 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.8-1
- Fix potential invalid scan results in OpenSCAP (rhbz#2109485) - Upgrade to the latest upstream release (rhbz#2217441)
- Remove oscap-remediate service (rhbz#2111358) - Add offline support for sysctl probe (rhbz#2185791)
- Fix systemd* probes unit enumeration (rhbz#2219533)
* Mon Feb 07 2022 Jan Černý <jcerny@redhat.com> - 1:1.3.6-3 * Fri Jan 27 2023 Jan Černý <jcerny@redhat.com> - 1.3.7-1
- Prevent file permission errors (rhbz#2048571) - Upgrade to the latest upstream release (rhbz#2159290)
- Fix error when processing OVAL filters (rhbz#2126882)
- Don't emit xmlfilecontent items if XPath doesn't match (rhbz#2139060)
* Thu Jul 21 2022 Jan Černý <jcerny@redhat.com> - 1.3.6-4
- Fix potential invalid scan results in OpenSCAP (rhbz#2111040)
- Remove oscap-remediate service (rhbz#2111360)
* Wed Feb 02 2022 Jan Černý <jcerny@redhat.com> - 1.3.6-3
- Prevent fails of test_ds_misc.sh
* Mon Jan 31 2022 Jan Černý <jcerny@redhat.com> - 1.3.6-2 * Mon Jan 31 2022 Jan Černý <jcerny@redhat.com> - 1.3.6-2
- Fix coverity issues - Fix coverity issues
- Prevent fails of test_ds_misc.sh - Prevent fails of test_ds_misc.sh
* Thu Jan 20 2022 Jan Černý <jcerny@redhat.com> - 1:1.3.6-1 * Thu Jan 20 2022 Jan Černý <jcerny@redhat.com> - 1.3.6-1
- Upgrade to the latest upstream release (rhbz#2041782) - Upgrade to the latest upstream release (rhbz#2041781)
- Select and exclude groups of rules on the command line (rhbz#2020580, rhbz#2020581) - Select and exclude groups of rules on the command line
- The boot-time remediation service for systemd's Offline Update mode - The boot-time remediation service for systemd's Offline Update mode
* Fri Nov 19 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-13 * Fri Nov 19 2021 Jan Černý <jcerny@redhat.com> - 1.3.5-10
- Print warning for local files - Print warning for local files
* Tue Nov 09 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-12 * Wed Nov 10 2021 Jan Černý <jcerny@redhat.com> - 1.3.5-9
- Allow using local files instead of remote resources (rhbz#2015518) - Lower memory limits and improve their checking (rhbz#2021851)
- Add an alternative source of hostname (rhbz#2021509) - Remove timestamp from the user manual (rhbz#2022364)
- Lower memory limits and improve their checking (rhbz#2022362)
* Thu Nov 04 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-11 * Tue Nov 09 2021 Jan Černý <jcerny@redhat.com> - 1.3.5-8
- Initialize crypto API only once (rhbz#2020044) - Allow local DS components (rhbz#1970529)
- Add support for Blueprint remediations (rhbz#2020052) - Fix hostname detection in offline scan of UBI 9 images (rhbz#1893888)
- Add an alternative source of hostname (rhbz#1977668)
- Fix oscap-chroot errors in process58_probe caused by empty /proc (rhbz#2008922)
* Mon Nov 01 2021 Evgenii Kolesnikov <ekolesni@redhat.com> - 1:1.3.5-10 * Thu Nov 04 2021 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.5-7
- Fix process58 probe errors when scanning minimalist filesystem in offline mode (rhbz#2019054) - Introduce support for Image Builder's Blueprint remediation type (rhbz#2020050)
* Mon Nov 01 2021 Matej Tyc <matyc@redhat.com> - 1:1.3.5-9 * Wed Jul 28 2021 Jan Černý <jcerny@redhat.com> - 1.3.5-6
- Fix bad handling of HTTP error code (rhbz#2002733) - Initialize crypto API only once (rhbz#1959570)
* Fri Aug 27 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-8 * Wed Jul 14 2021 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.5-5
- Revert Epoch removal - Add 'null' values handling to the yamlfilecontent probe (RHBZ#1981691)
* Tue Aug 24 2021 Evgenii Kolesnikov <ekolesni@redhat.com> - 1:1.3.5-7 * Tue Jun 01 2021 Jan Černý <jcerny@redhat.com> - 1.3.5-4
- Update package spec file - Replace getlogin by cuserid
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.3.5-6 * Mon May 10 2021 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.5-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Waive known issue with hugepages in upstream testsuite (RHBZ#1912000)
Related: rhbz#1991688 - Fix issues reported by the coverity scan
- Introduce OSBuild 'blueprint' fix type
* Thu Jul 22 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-5 * Tue May 04 2021 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.5-2
- Remove support for SHA-1 and MD5 (rhbz#1936619) - Fix changelog (add missing 1.3.3-6 entry)
- Fix coverity findings (rhbz#1938830)
* Tue Jun 29 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-4 * Thu Apr 29 2021 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.5-1
- Fix failing test tests/API/XCCDF/unittests/test_profile_selection_by_suffix.sh - Upgrade to the latest upstream release (RHBZ#1953092)
- Add 'null' yamlfilecontent values handling - Fix segfault when using --stig-viewer option and latest XML file from DoD (RHBZ#1912000)
- Improve doc about --stig-viewer (RHBZ#1918759)
- Backport an upstream patch adding CentOS CPE (RHBZ#1907935)
* Mon Jun 28 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-3 * Wed Nov 25 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-5
- Do not set RPATH on built binaries - Add check for non-local GPFS file system into Test Suite (RHBZ#1840578)
- Fix UBI9 scan (rhbz#1953610)
- Fix failing rpminspect xml test
* Thu May 20 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-2 * Fri Nov 13 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-4
- Remove containers subpackage - Use MALLOC_CHECK_=3 while executing Test Suite (RHBZ#1891770)
* Fri Apr 23 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-1 * Tue Nov 10 2020 Jan Černý <jcerny@redhat.com> - 1.3.4-3
- Update to the latest upstream release - Fix memory allocation (RHBZ#1891770)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.3.4-4 * Thu Oct 29 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.3-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Enable profile composition with a specific platform (RHBZ#1896676)
- Enable YAML probe to work with sets of values (RHBZ#1895715)
* Wed Dec 09 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.4-3 * Mon Oct 26 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-2
- Remove dependency on GConf2 - Fix problems uncovered by the Coverity Scan (RHBZ#1887794)
- Update cmake command
* Tue Nov 03 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-2 * Wed Oct 14 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-1
- Fix problems uncovered by the Coverity Scan - Upgrade to the latest upstream release (RHBZ#1887794)
- Fix field names handling in yamlfilecontent probe - Treat GPFS as a remote file system (RHBZ#1840578, RHBZ#1840579)
- Fixed the most problematic memory issues that were causing OOM situations
for systems with large amount of files (RHBZ#1824152)
- Proper handling of OVALs with circular dependencies between definitions (RHBZ#1812476)
* Wed Oct 07 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1:1.3.4-1 * Wed Aug 19 2020 Jan Černý <jcerny@redhat.com> - 1.3.3-5
- Upgrade to the latest upstream release - Detect remote file systems correctly (RHBZ#1870087)
* Thu Aug 27 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.3-6 * Mon Aug 03 2020 Jan Černý <jcerny@redhat.com> - 1.3.3-4
- Disabled the gconf probe, and removed the gconf dependency. - Fix memory leaks in rpmverifyfile probe (RHBZ#1861301)
gconf is a legacy system not used any more, and it blocks testing of oscap-anaconda-addon
as gconf is no longer part of the installation medium for Fedora 32
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.3-5 * Tue Jul 21 2020 Matěj Týč <matyc@redhat.com> - 1.3.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - Added support for fetching remote content with compression (RHBZ#1855708)
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 1:1.3.3-4 * Thu Jun 25 2020 Matěj Týč <matyc@redhat.com> - 1.3.3-2
- Update spec file to use new cmake macros - Prevent unwanted recursion that could crash the scanner (RHBZ#1686370)
- https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1:1.3.3-3 * Mon May 04 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.3-1
- Rebuilt for Python 3.9 - Upgrade to the latest upstream release (rhbz#1829761)
- Added a Python script that can be used for CLI tailoring (autotailor)
- Added timezone to XCCDF TestResult start/end time
- Added yamlfilecontent independent probe (proposal/draft implementation)
- Added ability to generate `machineconfig` fix
- Introduced `urn:xccdf:fix:script:kubernetes` fix type in XCCDF
- Fixed filepath pattern matching in offline mode in textfilecontent58 probe
- Fixed #170: The rpmverifyfile probe can't verify files from '/bin' directory
- Fixed #1512: Severity refinement lost in generated guide
- Fixed #1453: Pointer lost in Swig API
- The data system_info probe return for offline and online modes is consistent and actual
- Evaluation Characteristics of the XCCDF report are now consistent with OVAL entities
from system_info probe
* Mon May 04 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.3-2 * Fri Mar 27 2020 Jan Černý <jcerny@redhat.com> - 1.3.2-9
- Add libyaml-devel as a dependency to enable yamlfilecontent probe - Generate HTML guides from tailored profiles (RHBZ#1743835)
* Thu Apr 30 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.3-1 * Wed Mar 18 2020 Jan Černý <jcerny@redhat.com> - 1.3.2-8
- Upgrade to the latest upstream release - Fix tests for rpmverifyfileprobe (RHBZ#1814726)
* Thu Apr 09 2020 Matěj Týč <matyc@redhat.com> - 1:1.3.2-5 * Thu Mar 12 2020 Jan Černý <jcerny@redhat.com> - 1.3.2-7
- Made the spec file requirements section copy-paste of the RHEL8 section. - Fix segmentation fault in systemdunitdependency_probe (RHBZ#1793050)
- Cleaned the spec file up from ancient obsoletes. - Fix crash in textfilecontent probe (RHBZ#1686467)
- Do not drop empty lines from Ansible remediations (RHBZ#1795563)
- Fix oscap-ssh --sudo (RHBZ#1803116)
- Remove useless warnings (RHBZ#1764139)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.2-4 * Thu Jan 23 2020 Jan Černý <jcerny@redhat.com> - 1.3.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - Fix FindACL.cmake
* Mon Jan 27 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.2-3 * Tue Jan 21 2020 Matěj Týč <matyc@redhat.com> - 1.3.2-5
- Fix duplicate global variables (RHBZ#1793914) - Added more exhaustive package dependencies.
- Added the covscan/UX patch.
* Wed Jan 15 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.2-2 * Mon Jan 20 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.2-4
- Do not use C++ keyword operator as a function parameter name - Added patch: utils/oscap-podman: Detect ambiguous scan target
* Tue Jan 14 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.2-1 * Mon Jan 20 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.2-3
- Upgrade to the latest upstream release - Refined requirements
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1:1.3.1-4 * Sun Jan 19 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.2-2
- Rebuilt for Python 3.8.0rc1 (#1748018) - Added patch: Fix case where CMake couldn't find libacl or xattr.h
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1:1.3.1-3 * Wed Jan 15 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.2-1
- Rebuilt for Python 3.8 - Upgrade to the latest upstream release (rhbz#1778296)
- Offline mode support for environmentvariable58 probe (rhbz#1493614)
- The oscap-docker wrapper is available without Atomic
- Improved support of multi-check rules (report, remediations, console output) (rhbz#1771438)
- Improved HTML report look and feel, including printed version (rhbz#1640839)
- Less clutter in verbose mode output; some warnings and errors demoted to verbose mode levels
- Probe rpmverifyfile uses and returns canonical paths (rhbz#1776308)
- Improved a11y of HTML reports and guides (rhbz#1767382)
- Fixes and improvements for SWIG Python bindings (rhbz#1753603)
- #1403 fixed: Scanner would not apply remediation for multicheck rules (verbosity)
- Fixed URL link mechanism for Red Hat Errata
- New STIG Viewer URI: public.cyber.mil
- Probe selinuxsecuritycontext would not check if SELinux is enabled
- Scanner would provide information about unsupported OVAL objects
- Added more tests for offline mode (probes, remediation) (rhbz#1618489)
- #528 fixed: Eval SCE script when /tmp is in mode noexec
- #1173, RHBZ#1603347 fixed: Double chdir/chroot in probe rpmverifypackage (rhbz#1636431)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.1-2 * Wed Dec 18 2019 Vojtech Polasek <vpolasek@redhat.com> - 1.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - put back openscap-chroot, openscap-podman and openscap-vm files
* Thu Jun 13 2019 Jan Černý <jcerny@redhat.com> - 1:1.3.1-1 * Fri Nov 01 2019 Vojtech Polasek <vpolasek@redhat.com> - 1.3.1-2
- Fixed XSLT template making rule details in reports accessible for screenreader users (#1767382)
* Fri Jun 14 2019 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.1-1
- Bumped the package release number
* Thu Jun 13 2019 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.1-0
- Upgrade to the latest upstream release (rhbz#1718826)
- Support for SCAP 1.3 Source Datastreams (evaluating, XML schemas, validation) (rhbz#1709429)
- Tailoring files are included in ARF result files
- Remote filesystems mounted using `autofs` direct maps are not recognized as local filesystems (rhbz#1655943)
- Offline scan utilizing rpmverifyfile probe fails in fchdir and aborts (rhbz#1636431)
* Wed Jan 16 2019 Gabriel Becker <ggasparb@redhat.com> - 1.3.0-7
- Removed oscap-vm binary and manpage files from build as they will not be supported by RHEL-8.0.0.
- Explicitly specify which files should be in openscap-utils subpackage.
* Mon Jan 14 2019 Gabriel Becker <ggasparb@redhat.com> - 1.3.0-6
- Removed containers package as RHEL-8.0.0 will not support it.
- Removed oscap-chroot binary and manpage from utils package as RHEL-8.0.0 will not support it.
* Mon Oct 15 2018 Jan Černý <jcerny@redhat.com> - 1.3.0-5
- Fixed unresolved symbols in SCE library
* Fri Oct 12 2018 Matěj Týč <matyc@redhat.com> - 1.3.0-4
- Fixed a sudo regression in oscap-ssh.
- Updated test to work with newer versions of procps.
- Updated the man page.
* Tue Oct 09 2018 Matěj Týč <matyc@redhat.com> - 1.3.0-3
- Fixed memory error in SWIG (RHBZ#1607014)
* Tue Oct 09 2018 Jan Černý <jcerny@redhat.com> - 1.3.0-2
- Drop openscap-perl subpackage (RHBZ#1624396)
* Mon Oct 08 2018 Jan Černý <jcerny@redhat.com> - 1.3.0-1
- upgrade to the latest upstream release
- list subpackages removed in 1.3.0_alpha1-1 as obsoleted
* Fri Aug 10 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha2-1
- upgrade to the latest upstream release - upgrade to the latest upstream release
* Mon Jun 10 22:13:21 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:1.3.0-7 * Thu Aug 09 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-3
- Rebuild for RPM 4.15 - Add RHEL8 CPE (until RHEL8 public beta downstream patch only)
* Mon Jun 10 15:42:04 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:1.3.0-6 * Fri Jul 27 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-2
- Rebuild for RPM 4.15 - Use AsciiDoc instead of AsciiDoctor (RHBZ#1607541)
* Sat Jun 01 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.3.0-5 * Fri Jul 20 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-1
- Perl 5.30 rebuild
* Mon May 20 2019 Jan Černý <jcerny@redhat.com> - 1.3.0-4
- Upgrade the Epoch to align with F30
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Oct 19 2018 Matěj Týč <matyc@redhat.com> - 1.3.0-2
- Removed the openscap-perl package to be on par with RHEL.
* Tue Oct 09 2018 Jan Černý <jcerny@redhat.com> - 1.3.0-1
- upgrade to the latest upstream release
* Mon Sep 10 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha2-2
- List subpackages removed in 1.3.0_alpha1-1 as obsoleted (RHBZ#1626801)
* Mon Aug 13 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha2-1
- upgrade to the latest upstream release
* Wed Jul 25 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-2
- removed python2-openscap subpackage
* Wed Jul 18 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-1
- upgrade to the latest upstream release - upgrade to the latest upstream release
- change specfile to use CMake - change specfile to use CMake
- dropped commands in the spec file that are no longer relevant - dropped commands in the spec file that are no longer relevant
- dropped subpackages in the spec file that are no longer relevant - dropped subpackages in the spec file that are no longer relevant
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.17-5 * Fri May 18 2018 Jan Černý <jcerny@redhat.com> - 1.2.16-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - Use pathfix.py instead of a downstream patch to fix shebang
* Tue Jul 03 2018 Petr Pisar <ppisar@redhat.com> - 1.2.17-4 * Thu May 17 2018 Jan Černý <jcerny@redhat.com> - 1.2.16-4
- Perl 5.28 rebuild - Remove Python 2 dependencies
* Fri Jun 29 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1.2.17-3
- Perl 5.28 rebuild
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1.2.17-2
- Rebuilt for Python 3.7
* Tue May 29 2018 Jan Černý <jcerny@redhat.com> - 1.2.17-1
- upgrade to the latest upstream release
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-3 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
@ -768,4 +832,3 @@ pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm
* Thu Jan 15 2009 Tomas Heinrich <theinric@redhat.com> 0.1.1-1 * Thu Jan 15 2009 Tomas Heinrich <theinric@redhat.com> 0.1.1-1
- Initial rpm - Initial rpm