Compare commits
No commits in common. "c8" and "a10s" have entirely different histories.
1
.fmf/version
Normal file
1
.fmf/version
Normal file
@ -0,0 +1 @@
|
|||||||
|
1
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/openscap-1.3.10.tar.gz
|
/openscap-1.4.*.tar.gz
|
||||||
|
@ -1 +0,0 @@
|
|||||||
35917d469c9f490a098958a9b70de12a212472f0 SOURCES/openscap-1.3.10.tar.gz
|
|
137
0001-Add-AlmaLinux-to-CPE-dictionary.patch
Normal file
137
0001-Add-AlmaLinux-to-CPE-dictionary.patch
Normal file
@ -0,0 +1,137 @@
|
|||||||
|
From 8052b221a046c479c2cbb44c297191eb0d701e89 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Lukoshko <alukoshko@almalinux.org>
|
||||||
|
Date: Thu, 26 Sep 2024 11:42:20 +0000
|
||||||
|
Subject: [PATCH] Add AlmaLinux to CPE dictionary
|
||||||
|
|
||||||
|
---
|
||||||
|
cpe/openscap-cpe-dict.xml | 14 +++++--
|
||||||
|
cpe/openscap-cpe-oval.xml | 78 +++++++++++++++++++++++++++++++--------
|
||||||
|
2 files changed, 73 insertions(+), 19 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cpe/openscap-cpe-dict.xml b/cpe/openscap-cpe-dict.xml
|
||||||
|
index 6c93b79..93a90c8 100644
|
||||||
|
--- a/cpe/openscap-cpe-dict.xml
|
||||||
|
+++ b/cpe/openscap-cpe-dict.xml
|
||||||
|
@@ -1,7 +1,15 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<cpe-list xmlns="http://cpe.mitre.org/dictionary/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
- <cpe-item name="cpe:/o:linux:linux_kernel:-">
|
||||||
|
- <title xml:lang="en-us">Linux</title>
|
||||||
|
- <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.linux:def:1</check>
|
||||||
|
+ <cpe-item name="cpe:/o:almalinux:almalinux:8">
|
||||||
|
+ <title xml:lang="en-us">AlmaLinux 8</title>
|
||||||
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.almalinux:def:8</check>
|
||||||
|
+ </cpe-item>
|
||||||
|
+ <cpe-item name="cpe:/o:almalinux:almalinux:9">
|
||||||
|
+ <title xml:lang="en-us">AlmaLinux 9</title>
|
||||||
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.almalinux:def:9</check>
|
||||||
|
+ </cpe-item>
|
||||||
|
+ <cpe-item name="cpe:/o:almalinux:almalinux:10">
|
||||||
|
+ <title xml:lang="en-us">AlmaLinux 10</title>
|
||||||
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.almalinux:def:10</check>
|
||||||
|
</cpe-item>
|
||||||
|
</cpe-list>
|
||||||
|
diff --git a/cpe/openscap-cpe-oval.xml b/cpe/openscap-cpe-oval.xml
|
||||||
|
index 99bed4a..3935c38 100644
|
||||||
|
--- a/cpe/openscap-cpe-oval.xml
|
||||||
|
+++ b/cpe/openscap-cpe-oval.xml
|
||||||
|
@@ -12,34 +12,80 @@
|
||||||
|
<oval:timestamp>2012-11-22T15:00:00+01:00</oval:timestamp>
|
||||||
|
</generator>
|
||||||
|
<definitions>
|
||||||
|
- <definition class="inventory" id="oval:org.open-scap.cpe.linux:def:1" version="1">
|
||||||
|
+ <definition class="inventory" id="oval:org.open-scap.cpe.almalinux:def:8" version="1">
|
||||||
|
<metadata>
|
||||||
|
- <title>Red Hat Enterprise Linux</title>
|
||||||
|
+ <title>AlmaLinux 8</title>
|
||||||
|
<affected family="unix">
|
||||||
|
- <platform>Linux</platform>
|
||||||
|
+ <platform>AlmaLinux 8</platform>
|
||||||
|
</affected>
|
||||||
|
- <reference ref_id="cpe:/o:linux:linux_kernel:-" source="CPE"/>
|
||||||
|
- <description>The operating system installed is Linux</description>
|
||||||
|
+ <reference ref_id="cpe:/o:almalinux:almalinux:8" source="CPE"/>
|
||||||
|
+ <description>The operating system installed on the system is AlmaLinux 8</description>
|
||||||
|
</metadata>
|
||||||
|
<criteria>
|
||||||
|
- <criterion comment="Linux is installed" test_ref="oval:org.open-scap.cpe.linux:tst:1"/>
|
||||||
|
+ <criterion comment="AlmaLinux 8 is installed" test_ref="oval:org.open-scap.cpe.almalinux:tst:8"/>
|
||||||
|
+ </criteria>
|
||||||
|
+ </definition>
|
||||||
|
+ <definition class="inventory" id="oval:org.open-scap.cpe.almalinux:def:9" version="1">
|
||||||
|
+ <metadata>
|
||||||
|
+ <title>AlmaLinux 9</title>
|
||||||
|
+ <affected family="unix">
|
||||||
|
+ <platform>AlmaLinux 9</platform>
|
||||||
|
+ </affected>
|
||||||
|
+ <reference ref_id="cpe:/o:almalinux:almalinux:9" source="CPE"/>
|
||||||
|
+ <description>The operating system installed on the system is AlmaLinux 9</description>
|
||||||
|
+ </metadata>
|
||||||
|
+ <criteria>
|
||||||
|
+ <criterion comment="AlmaLinux 9 is installed" test_ref="oval:org.open-scap.cpe.almalinux:tst:9"/>
|
||||||
|
+ </criteria>
|
||||||
|
+ </definition>
|
||||||
|
+ <definition class="inventory" id="oval:org.open-scap.cpe.almalinux:def:10" version="1">
|
||||||
|
+ <metadata>
|
||||||
|
+ <title>AlmaLinux 10</title>
|
||||||
|
+ <affected family="unix">
|
||||||
|
+ <platform>AlmaLinux 10</platform>
|
||||||
|
+ </affected>
|
||||||
|
+ <reference ref_id="cpe:/o:almalinux:almalinux:10" source="CPE"/>
|
||||||
|
+ <description>The operating system installed on the system is AlmaLinux 10</description>
|
||||||
|
+ </metadata>
|
||||||
|
+ <criteria>
|
||||||
|
+ <criterion comment="AlmaLinux 10 is installed" test_ref="oval:org.open-scap.cpe.almalinux:tst:10"/>
|
||||||
|
</criteria>
|
||||||
|
</definition>
|
||||||
|
</definitions>
|
||||||
|
<tests>
|
||||||
|
- <family_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.linux:tst:1" version="1" check="only one"
|
||||||
|
- comment="Installed operating system is part of the Unix family."
|
||||||
|
- xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent">
|
||||||
|
- <object object_ref="oval:org.open-scap.cpe.unix:obj:1" />
|
||||||
|
- <state state_ref="oval:org.open-scap.cpe.unix:ste:1" />
|
||||||
|
- </family_test>
|
||||||
|
+ <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.almalinux:tst:8" version="1" check="at least one" comment="almalinux-release is version 8"
|
||||||
|
+ xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
+ <object object_ref="oval:org.open-scap.cpe.almalinux-release:obj:1"/>
|
||||||
|
+ <state state_ref="oval:org.open-scap.cpe.almalinux:ste:8"/>
|
||||||
|
+ </rpminfo_test>
|
||||||
|
+ <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.almalinux:tst:9" version="1" check="at least one" comment="almalinux-release is version 9"
|
||||||
|
+ xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
+ <object object_ref="oval:org.open-scap.cpe.almalinux-release:obj:1"/>
|
||||||
|
+ <state state_ref="oval:org.open-scap.cpe.almalinux:ste:9"/>
|
||||||
|
+ </rpminfo_test>
|
||||||
|
+ <rpminfo_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.almalinux:tst:10" version="1" check="at least one" comment="almalinux-release is version 10"
|
||||||
|
+ xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
+ <object object_ref="oval:org.open-scap.cpe.almalinux-release:obj:1"/>
|
||||||
|
+ <state state_ref="oval:org.open-scap.cpe.almalinux:ste:10"/>
|
||||||
|
+ </rpminfo_test>
|
||||||
|
</tests>
|
||||||
|
<objects>
|
||||||
|
- <family_object id="oval:org.open-scap.cpe.unix:obj:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"/>
|
||||||
|
+ <rpminfo_object id="oval:org.open-scap.cpe.almalinux-release:obj:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
+ <name>almalinux-release</name>
|
||||||
|
+ </rpminfo_object>
|
||||||
|
</objects>
|
||||||
|
<states>
|
||||||
|
- <family_state id="oval:org.open-scap.cpe.unix:ste:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent">
|
||||||
|
- <family>unix</family>
|
||||||
|
- </family_state>
|
||||||
|
+ <rpminfo_state id="oval:org.open-scap.cpe.almalinux:ste:8" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
+ <name operation="pattern match">^almalinux-release</name>
|
||||||
|
+ <version operation="pattern match">^8</version>
|
||||||
|
+ </rpminfo_state>
|
||||||
|
+ <rpminfo_state id="oval:org.open-scap.cpe.almalinux:ste:9" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
+ <name operation="pattern match">^almalinux-release</name>
|
||||||
|
+ <version operation="pattern match">^9</version>
|
||||||
|
+ </rpminfo_state>
|
||||||
|
+ <rpminfo_state id="oval:org.open-scap.cpe.almalinux:ste:10" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
+ <name operation="pattern match">^almalinux.*-release</name>
|
||||||
|
+ <version operation="pattern match">^10</version>
|
||||||
|
+ </rpminfo_state>
|
||||||
|
</states>
|
||||||
|
</oval_definitions>
|
||||||
|
--
|
||||||
|
2.43.5
|
||||||
|
|
7
gating.yaml
Normal file
7
gating.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-10
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/default-hw-tier1.functional}
|
||||||
|
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/custom-hw-tier1.functional}
|
31
openscap-1.4.1-PR2154-filehash58.patch
Normal file
31
openscap-1.4.1-PR2154-filehash58.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
From 106ffad93e3145747b9d6ea2a4872ed1bdc5f595 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||||||
|
Date: Tue, 20 Aug 2024 08:18:15 +0200
|
||||||
|
Subject: [PATCH] Fix a cast
|
||||||
|
|
||||||
|
The size_t is implementation-dependent data type, it shouldn't be
|
||||||
|
cast to unsigned int.
|
||||||
|
Fixes failing test probes/filehash58/test_probes_filehash58.sh
|
||||||
|
on s390x architecture.
|
||||||
|
---
|
||||||
|
src/OVAL/probes/crapi/digest.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/OVAL/probes/crapi/digest.c b/src/OVAL/probes/crapi/digest.c
|
||||||
|
index 96f638d4a..2fc1c6998 100644
|
||||||
|
--- a/src/OVAL/probes/crapi/digest.c
|
||||||
|
+++ b/src/OVAL/probes/crapi/digest.c
|
||||||
|
@@ -252,7 +252,9 @@ static int crapi_digest_update(struct crapi_digest_ctx *ctx, void *bptr, size_t
|
||||||
|
static int crapi_digest_fini(struct crapi_digest_ctx *ctx, crapi_alg_t alg)
|
||||||
|
{
|
||||||
|
#if defined(HAVE_NSS3)
|
||||||
|
- HASH_End (ctx->ctx, ctx->dst, (unsigned int *)ctx->size, *ctx->size);
|
||||||
|
+ unsigned int result_len;
|
||||||
|
+ HASH_End(ctx->ctx, ctx->dst, &result_len, *ctx->size);
|
||||||
|
+ *ctx->size = result_len;
|
||||||
|
HASH_Destroy (ctx->ctx);
|
||||||
|
#elif defined(HAVE_GCRYPT)
|
||||||
|
void *buffer;
|
||||||
|
--
|
||||||
|
2.46.0
|
||||||
|
|
@ -1,16 +1,32 @@
|
|||||||
Name: openscap
|
Name: openscap
|
||||||
Version: 1.3.10
|
Version: 1.4.0
|
||||||
Release: 2%{?dist}
|
Release: 2%{?dist}.alma.1
|
||||||
|
Epoch: 1
|
||||||
Summary: Set of open source libraries enabling integration of the SCAP line of standards
|
Summary: Set of open source libraries enabling integration of the SCAP line of standards
|
||||||
Group: System Environment/Libraries
|
License: LGPL-2.1-or-later
|
||||||
License: LGPLv2+
|
|
||||||
URL: http://www.open-scap.org/
|
URL: http://www.open-scap.org/
|
||||||
|
VCS: https://github.com/OpenSCAP/openscap
|
||||||
Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
|
Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
|
||||||
|
Patch1: openscap-1.4.1-PR2154-filehash58.patch
|
||||||
|
|
||||||
|
%global common_description %{expand:
|
||||||
|
OpenSCAP is a set of open source libraries providing an easier path
|
||||||
|
for integration of the SCAP line of standards. SCAP is a line of standards
|
||||||
|
managed by NIST with the goal of providing a standard language
|
||||||
|
for the expression of Computer Network Defense related information.}
|
||||||
|
|
||||||
|
BuildRequires: systemd-rpm-macros
|
||||||
|
BuildRequires: make
|
||||||
BuildRequires: cmake >= 2.6
|
BuildRequires: cmake >= 2.6
|
||||||
BuildRequires: swig libxml2-devel libxslt-devel perl-generators perl-XML-Parser
|
BuildRequires: cmake-rpm-macros
|
||||||
|
BuildRequires: gcc
|
||||||
|
BuildRequires: gcc-c++
|
||||||
|
BuildRequires: swig
|
||||||
|
BuildRequires: libxml2-devel
|
||||||
|
BuildRequires: libxslt-devel
|
||||||
BuildRequires: rpm-devel
|
BuildRequires: rpm-devel
|
||||||
BuildRequires: libgcrypt-devel
|
BuildRequires: nss-devel
|
||||||
BuildRequires: pcre-devel
|
BuildRequires: pcre2-devel
|
||||||
BuildRequires: libacl-devel
|
BuildRequires: libacl-devel
|
||||||
BuildRequires: libselinux-devel
|
BuildRequires: libselinux-devel
|
||||||
BuildRequires: libcap-devel
|
BuildRequires: libcap-devel
|
||||||
@ -18,20 +34,17 @@ BuildRequires: libblkid-devel
|
|||||||
BuildRequires: bzip2-devel
|
BuildRequires: bzip2-devel
|
||||||
BuildRequires: asciidoc
|
BuildRequires: asciidoc
|
||||||
BuildRequires: openldap-devel
|
BuildRequires: openldap-devel
|
||||||
BuildRequires: GConf2-devel
|
|
||||||
BuildRequires: glib2-devel
|
BuildRequires: glib2-devel
|
||||||
BuildRequires: dbus-devel
|
BuildRequires: dbus-devel
|
||||||
BuildRequires: libyaml-devel
|
BuildRequires: libyaml-devel
|
||||||
BuildRequires: xmlsec1-devel xmlsec1-openssl-devel
|
BuildRequires: xmlsec1-devel
|
||||||
%if %{?_with_check:1}%{!?_with_check:0}
|
BuildRequires: xmlsec1-openssl-devel
|
||||||
BuildRequires: perl-XML-XPath
|
BuildRequires: procps-devel
|
||||||
BuildRequires: bzip2
|
BuildRequires: python3-devel
|
||||||
%endif
|
|
||||||
Requires: bash
|
Requires: bash
|
||||||
Requires: bzip2-libs
|
Requires: bzip2-libs
|
||||||
Requires: dbus
|
Requires: dbus
|
||||||
Requires: libyaml
|
|
||||||
Requires: GConf2
|
|
||||||
Requires: glib2
|
Requires: glib2
|
||||||
Requires: libacl
|
Requires: libacl
|
||||||
Requires: libblkid
|
Requires: libblkid
|
||||||
@ -39,130 +52,75 @@ Requires: libcap
|
|||||||
Requires: libselinux
|
Requires: libselinux
|
||||||
Requires: openldap
|
Requires: openldap
|
||||||
Requires: popt
|
Requires: popt
|
||||||
# RHEL8 has procps-ng, which provides procps
|
|
||||||
Requires: procps
|
Requires: procps
|
||||||
Requires: xmlsec1 xmlsec1-openssl
|
Requires: xmlsec1
|
||||||
Requires(post): /sbin/ldconfig
|
Requires: xmlsec1-openssl
|
||||||
Requires(postun): /sbin/ldconfig
|
|
||||||
Obsoletes: python2-openscap
|
|
||||||
Obsoletes: openscap-content-sectool
|
|
||||||
Obsoletes: openscap-extra-probes
|
|
||||||
Obsoletes: openscap-extra-probes-sql
|
|
||||||
|
|
||||||
%description
|
# AlmaLinux patches
|
||||||
OpenSCAP is a set of open source libraries providing an easier path
|
Patch1000: 0001-Add-AlmaLinux-to-CPE-dictionary.patch
|
||||||
for integration of the SCAP line of standards. SCAP is a line of standards
|
|
||||||
managed by NIST with the goal of providing a standard language
|
|
||||||
for the expression of Computer Network Defense related information.
|
|
||||||
|
|
||||||
%package devel
|
%description %{common_description}
|
||||||
Summary: Development files for %{name}
|
|
||||||
Group: Development/Libraries
|
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
||||||
Requires: libxml2-devel
|
|
||||||
Requires: pkgconfig
|
|
||||||
BuildRequires: doxygen
|
|
||||||
|
|
||||||
%description devel
|
|
||||||
The %{name}-devel package contains libraries and header files for
|
|
||||||
developing applications that use %{name}.
|
|
||||||
|
|
||||||
%package python3
|
|
||||||
Summary: Python 3 bindings for %{name}
|
|
||||||
Group: Development/Libraries
|
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
||||||
BuildRequires: python3-devel
|
|
||||||
|
|
||||||
%description python3
|
|
||||||
The %{name}-python3 package contains the bindings so that %{name}
|
|
||||||
libraries can be used by python3.
|
|
||||||
|
|
||||||
%package scanner
|
%package scanner
|
||||||
Summary: OpenSCAP Scanner Tool (oscap)
|
Summary: OpenSCAP Scanner Tool (oscap)
|
||||||
Group: Applications/System
|
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
||||||
Requires: libcurl >= 7.12.0
|
Requires: libcurl >= 7.12.0
|
||||||
BuildRequires: libcurl-devel >= 7.12.0
|
BuildRequires: libcurl-devel >= 7.12.0
|
||||||
Obsoletes: openscap-selinux
|
|
||||||
Obsoletes: openscap-selinux-compat
|
|
||||||
|
|
||||||
%description scanner
|
%description scanner
|
||||||
The %{name}-scanner package contains oscap command-line tool. The oscap
|
The %{name}-scanner package contains oscap command-line tool. The oscap
|
||||||
is configuration and vulnerability scanner, capable of performing
|
is configuration and vulnerability scanner, capable of performing
|
||||||
compliance checking using SCAP content.
|
compliance checking using SCAP content.
|
||||||
|
%{common_description}
|
||||||
|
|
||||||
%package utils
|
%package utils
|
||||||
Summary: OpenSCAP Utilities
|
Summary: OpenSCAP Utilities
|
||||||
Group: Applications/System
|
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
||||||
Requires: rpmdevtools rpm-build
|
Requires: rpmdevtools rpm-build
|
||||||
Requires: %{name}-scanner%{?_isa} = %{version}-%{release}
|
Requires: %{name}-scanner%{?_isa} = %{epoch}:%{version}-%{release}
|
||||||
Requires: bash
|
|
||||||
|
|
||||||
%description utils
|
%description utils
|
||||||
The %{name}-utils package contains command-line tools build on top
|
The %{name}-utils package contains command-line tools build on top
|
||||||
of OpenSCAP library. Historically, openscap-utils included oscap
|
of OpenSCAP library. Historically, openscap-utils included oscap
|
||||||
tool which is now separated to %{name}-scanner sub-package.
|
tool which is now separated to %{name}-scanner sub-package.
|
||||||
|
%{common_description}
|
||||||
|
|
||||||
%package engine-sce
|
%package engine-sce
|
||||||
Summary: Script Check Engine plug-in for OpenSCAP
|
Summary: Script Check Engine plug-in for OpenSCAP
|
||||||
Group: Applications/System
|
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
||||||
|
|
||||||
%description engine-sce
|
%description engine-sce
|
||||||
The Script Check Engine is non-standard extension to SCAP protocol. This
|
The Script Check Engine is non-standard extension to SCAP protocol. This
|
||||||
engine allows content authors to avoid OVAL language and write their assessment
|
engine allows content authors to avoid OVAL language and write their assessment
|
||||||
commands using a scripting language (Bash, Perl, Python, Ruby, ...).
|
commands using a scripting language (Bash, Perl, Python, Ruby, ...).
|
||||||
|
%{common_description}
|
||||||
%package engine-sce-devel
|
|
||||||
Summary: Development files for %{name}-engine-sce
|
|
||||||
Group: Development/Libraries
|
|
||||||
Requires: %{name}-devel%{?_isa} = %{version}-%{release}
|
|
||||||
Requires: %{name}-engine-sce%{?_isa} = %{version}-%{release}
|
|
||||||
Requires: pkgconfig
|
|
||||||
|
|
||||||
%description engine-sce-devel
|
|
||||||
The %{name}-engine-sce-devel package contains libraries and header files
|
|
||||||
for developing applications that use %{name}-engine-sce.
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -p1
|
%autosetup -p1
|
||||||
mkdir build
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
cd build
|
%cmake \
|
||||||
%cmake -DENABLE_PERL=OFF \
|
-DWITH_CRYPTO=nss \
|
||||||
-DENABLE_DOCS=ON \
|
-DENABLE_DOCS=ON \
|
||||||
|
-DENABLE_PERL=OFF \
|
||||||
|
-DENABLE_PYTHON3=OFF \
|
||||||
-DENABLE_OSCAP_UTIL_DOCKER=OFF \
|
-DENABLE_OSCAP_UTIL_DOCKER=OFF \
|
||||||
-DENABLE_OSCAP_UTIL_CHROOT=ON \
|
|
||||||
-DENABLE_OSCAP_UTIL_PODMAN=ON \
|
|
||||||
-DENABLE_OSCAP_UTIL_VM=ON \
|
|
||||||
-DENABLE_OSCAP_REMEDIATE_SERVICE=OFF \
|
-DENABLE_OSCAP_REMEDIATE_SERVICE=OFF \
|
||||||
-DOPENSCAP_PROBE_LINUX_DPKGINFO=OFF \
|
-DOPENSCAP_PROBE_LINUX_DPKGINFO=OFF \
|
||||||
..
|
-DOPENSCAP_ENABLE_SHA1=OFF \
|
||||||
make %{?_smp_mflags}
|
-DOPENSCAP_ENABLE_MD5=OFF
|
||||||
|
%cmake_build
|
||||||
make docs
|
make docs
|
||||||
|
|
||||||
%check
|
|
||||||
%if %{?_with_check:1}%{!?_with_check:0}
|
|
||||||
ctest -V %{?_smp_mflags}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
cd build
|
%cmake_install
|
||||||
%make_install
|
|
||||||
|
|
||||||
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
|
find %{buildroot} -name '*.la' -exec rm -f {} ';'
|
||||||
|
|
||||||
# fix python shebangs
|
# fix python shebangs
|
||||||
pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm
|
%{__python3} %{_rpmconfigdir}/redhat/pathfix.py -i %{__python3} -p -n %{buildroot}%{_bindir}/scap-as-rpm
|
||||||
|
|
||||||
%clean
|
%ldconfig_scriptlets
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
|
|
||||||
%post -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%postun -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%doc AUTHORS NEWS README.md
|
%doc AUTHORS NEWS README.md
|
||||||
@ -176,279 +134,279 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_datadir}/openscap/schemas/*
|
%{_datadir}/openscap/schemas/*
|
||||||
%{_datadir}/openscap/xsl/*
|
%{_datadir}/openscap/xsl/*
|
||||||
%{_datadir}/openscap/cpe/*
|
%{_datadir}/openscap/cpe/*
|
||||||
|
%exclude %{_libdir}/libopenscap.so
|
||||||
|
%exclude %{_libdir}/pkgconfig/*.pc
|
||||||
|
%exclude %{_includedir}/openscap
|
||||||
|
%exclude %{_pkgdocdir}/html/
|
||||||
|
|
||||||
%files python3
|
%files engine-sce
|
||||||
%{python3_sitearch}/*
|
%{_libdir}/libopenscap_sce.so.*
|
||||||
|
%exclude %{_libdir}/libopenscap_sce.so
|
||||||
%files devel
|
|
||||||
%doc %{_pkgdocdir}/html/
|
|
||||||
%{_libdir}/libopenscap.so
|
|
||||||
%{_libdir}/pkgconfig/*.pc
|
|
||||||
%{_includedir}/openscap
|
|
||||||
%exclude %{_includedir}/openscap/sce_engine_api.h
|
|
||||||
|
|
||||||
%files engine-sce-devel
|
|
||||||
%{_libdir}/libopenscap_sce.so
|
|
||||||
%{_includedir}/openscap/sce_engine_api.h
|
|
||||||
|
|
||||||
%files scanner
|
%files scanner
|
||||||
%{_mandir}/man8/oscap.8.gz
|
%{_mandir}/man8/oscap.8*
|
||||||
%{_bindir}/oscap
|
%{_bindir}/oscap
|
||||||
%{_mandir}/man8/oscap-chroot.8.gz
|
%{_mandir}/man8/oscap-chroot.8*
|
||||||
%{_bindir}/oscap-chroot
|
%{_bindir}/oscap-chroot
|
||||||
%{_sysconfdir}/bash_completion.d
|
%{_sysconfdir}/bash_completion.d
|
||||||
|
|
||||||
%files utils
|
%files utils
|
||||||
%doc docs/oscap-scan.cron
|
%doc docs/oscap-scan.cron
|
||||||
%{_mandir}/man8/oscap-ssh.8.gz
|
%{_mandir}/man8/*
|
||||||
%{_bindir}/oscap-ssh
|
%exclude %{_mandir}/man8/oscap.8*
|
||||||
%{_mandir}/man8/oscap-podman.8.gz
|
%exclude %{_mandir}/man8/oscap-chroot.8*
|
||||||
%{_bindir}/oscap-podman
|
%{_bindir}/*
|
||||||
%{_mandir}/man8/oscap-vm.8.gz
|
%exclude %{_bindir}/oscap
|
||||||
%{_bindir}/oscap-vm
|
%exclude %{_bindir}/oscap-chroot
|
||||||
%{_mandir}/man8/scap-as-rpm.8.gz
|
|
||||||
%{_bindir}/scap-as-rpm
|
|
||||||
%{_mandir}/man8/autotailor.8.gz
|
|
||||||
%{_bindir}/autotailor
|
|
||||||
|
|
||||||
%files engine-sce
|
|
||||||
%{_libdir}/libopenscap_sce.so.*
|
|
||||||
%{_bindir}/oscap-run-sce-script
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Apr 08 2024 Jan Černý <jcerny@redhat.com> - 1.3.10-2
|
* Tue Sep 03 2024 Eduard Abdullin <eabdullin@almalinux.org> - 1:1.4.0-2.alma.1
|
||||||
- Explicitely disable dpkginfo probe
|
- Add AlmaLinux definitions
|
||||||
|
|
||||||
* Tue Apr 02 2024 Jan Černý <jcerny@redhat.com> - 1.3.10-1
|
* Tue Aug 20 2024 Jan Černý <jcerny@redhat.com> - 1:1.4.0-2
|
||||||
- Rebase to the latest upstream version (RHEL-31221)
|
- Fix filehash58 probe on s390x architecture
|
||||||
- Add ability to define a limit of collected items (RHEL-11925)
|
|
||||||
- Add option --references that can select rules based on their reference (RHEL-1479)
|
|
||||||
|
|
||||||
* Fri Jul 14 2023 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.8-1
|
* Thu Aug 01 2024 Jan Černý <jcerny@redhat.com> - 1:1.4.0-1
|
||||||
- Upgrade to the latest upstream release (rhbz#2217441)
|
- Update to the latest upstream release (RHEL-53981)
|
||||||
- Add offline support for sysctl probe (rhbz#2185791)
|
- Remove openscap-devel, openscap-engine-sce-devel and openscap-python3 subpackages
|
||||||
- Fix systemd* probes unit enumeration (rhbz#2219533)
|
|
||||||
|
|
||||||
* Fri Jan 27 2023 Jan Černý <jcerny@redhat.com> - 1.3.7-1
|
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1:1.3.10-3
|
||||||
- Upgrade to the latest upstream release (rhbz#2159290)
|
- Bump release for June 2024 mass rebuild
|
||||||
- Fix error when processing OVAL filters (rhbz#2126882)
|
|
||||||
- Don't emit xmlfilecontent items if XPath doesn't match (rhbz#2139060)
|
|
||||||
|
|
||||||
* Thu Jul 21 2022 Jan Černý <jcerny@redhat.com> - 1.3.6-4
|
* Thu Jun 06 2024 Jan Černý <jcerny@redhat.com> - 1:1.3.10-2
|
||||||
- Fix potential invalid scan results in OpenSCAP (rhbz#2111040)
|
- Update gating tests
|
||||||
- Remove oscap-remediate service (rhbz#2111360)
|
|
||||||
|
|
||||||
* Wed Feb 02 2022 Jan Černý <jcerny@redhat.com> - 1.3.6-3
|
* Tue Apr 02 2024 Jan Černý <jcerny@redhat.com> - 1:1.3.10-1
|
||||||
- Prevent fails of test_ds_misc.sh
|
- Rebase to the latest upstream version
|
||||||
|
- Use NSS as cryptography library (RHEL-22013)
|
||||||
|
|
||||||
* Mon Jan 31 2022 Jan Černý <jcerny@redhat.com> - 1.3.6-2
|
* Sun Jan 21 2024 Michal Ambroz <rebus _AT seznam.cz> - 1:1.3.9-7
|
||||||
|
- add conditionals to be able to rebuild with opendbx/apt even on EPEL+RHEL
|
||||||
|
- cosmetics: rename patches, add comments, use buildroot macro instead of env
|
||||||
|
- add explicit build requirement to python3-setuptools, needed for 3.13+
|
||||||
|
|
||||||
|
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.9-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jan 04 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 1:1.3.9-5
|
||||||
|
- Enable opendbx for SQL probes only in Fedora
|
||||||
|
|
||||||
|
* Wed Jan 03 2024 Florian Weimer <fweimer@redhat.com> - 1:1.3.9-4
|
||||||
|
- Fix C compatibility issues
|
||||||
|
|
||||||
|
* Wed Dec 20 2023 Jan Černý <jcerny@redhat.com> - 1:1.3.9-3
|
||||||
|
- Fix test test_sysctl_probe_all.sh
|
||||||
|
- Clean up the repository
|
||||||
|
|
||||||
|
* Thu Nov 23 2023 Michal Ambroz <rebus _AT seznam.cz> - 1:1.3.9-2
|
||||||
|
- adding conditional for apt-devel apt-libs as proposed upstream
|
||||||
|
|
||||||
|
* Thu Nov 23 2023 Michal Ambroz <rebus _AT seznam.cz> - 1:1.3.9-1
|
||||||
|
- bump to 1.3.9
|
||||||
|
- provide perl binding
|
||||||
|
|
||||||
|
* Tue Sep 05 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 1:1.3.8-6
|
||||||
|
- Use pcre2 (#2128342)
|
||||||
|
|
||||||
|
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.8-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jun 27 2023 Python Maint <python-maint@redhat.com> - 1:1.3.8-4
|
||||||
|
- Rebuilt for Python 3.12
|
||||||
|
|
||||||
|
* Tue Jun 27 2023 Evgeny Kolesnikov <ekolesni@redhat.com> - 1:1.3.8-3
|
||||||
|
- Rebuilt because of xmlsec1 downgrade
|
||||||
|
|
||||||
|
* Mon Jun 26 2023 Python Maint <python-maint@redhat.com> - 1:1.3.8-2
|
||||||
|
- Rebuilt for Python 3.12
|
||||||
|
|
||||||
|
* Tue Jun 20 2023 Evgeny Kolesnikov <ekolesni@redhat.com> - 1:1.3.8-1
|
||||||
|
- Upgrade to the latest upstream release
|
||||||
|
|
||||||
|
* Thu Jun 15 2023 Python Maint <python-maint@redhat.com> - 1:1.3.7-4
|
||||||
|
- Rebuilt for Python 3.12
|
||||||
|
|
||||||
|
* Fri May 19 2023 Petr Pisar <ppisar@redhat.com> - 1:1.3.7-3
|
||||||
|
- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19)
|
||||||
|
|
||||||
|
* Wed Feb 01 2023 Tom Stellard <tstellar@redhat.com> - 1:1.3.7-2
|
||||||
|
- Fix implicit function definition warning
|
||||||
|
|
||||||
|
* Thu Jan 26 2023 Jan Černý <jcerny@redhat.com> - 1:1.3.7-1
|
||||||
|
- Upgrade to the latest upstream release
|
||||||
|
|
||||||
|
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.6-12
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Oct 17 2022 Jan Černý <jcerny@redhat.com> - 1:1.3.6-11
|
||||||
|
- Add systemd-rpm-macros to BuildRequires (rhbz#2126078)
|
||||||
|
|
||||||
|
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.6-10
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 1:1.3.6-9
|
||||||
|
- Rebuilt for Python 3.11
|
||||||
|
|
||||||
|
* Fri Jun 03 2022 Jan Černý <jcerny@redhat.com> - 1:1.3.6-8
|
||||||
|
- Rebuild due to changes in tests
|
||||||
|
|
||||||
|
* Tue May 31 2022 Jan Černý <jcerny@redhat.com> - 1:1.3.6-7
|
||||||
|
- Rebuild due to changes in tests
|
||||||
|
|
||||||
|
* Tue May 31 2022 Jan Černý <jcerny@redhat.com> - 1:1.3.6-6
|
||||||
|
- Update tests due to relocation of RPM database
|
||||||
|
|
||||||
|
* Mon May 30 2022 Jan Černý <jcerny@redhat.com> - 1:1.3.6-5
|
||||||
|
- Use correct includes (rhbz#2080210)
|
||||||
|
|
||||||
|
* Fri Feb 4 2022 Evgenii Kolesnikov <ekolesni@redhat.com> - 1:1.3.6-4
|
||||||
|
- Prevent file permissions errors
|
||||||
|
|
||||||
|
* Tue Feb 1 2022 Evgenii Kolesnikov <ekolesni@redhat.com> - 1:1.3.6-3
|
||||||
|
- Prevent fails of test_ds_misc.sh (bis)
|
||||||
|
|
||||||
|
* Mon Jan 31 2022 Evgenii Kolesnikov <ekolesni@redhat.com> - 1:1.3.6-2
|
||||||
- Fix coverity issues
|
- Fix coverity issues
|
||||||
- Prevent fails of test_ds_misc.sh
|
- Prevent fails of test_ds_misc.sh
|
||||||
|
|
||||||
* Thu Jan 20 2022 Jan Černý <jcerny@redhat.com> - 1.3.6-1
|
* Thu Jan 20 2022 Evgenii Kolesnikov <ekolesni@redhat.com> - 1:1.3.6-1
|
||||||
- Upgrade to the latest upstream release (rhbz#2041781)
|
- Update to the latest upstream release
|
||||||
- Select and exclude groups of rules on the command line
|
|
||||||
- The boot-time remediation service for systemd's Offline Update mode
|
|
||||||
|
|
||||||
* Fri Nov 19 2021 Jan Černý <jcerny@redhat.com> - 1.3.5-10
|
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.5-7
|
||||||
- Print warning for local files
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||||
|
|
||||||
* Wed Nov 10 2021 Jan Černý <jcerny@redhat.com> - 1.3.5-9
|
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.5-6
|
||||||
- Lower memory limits and improve their checking (rhbz#2021851)
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||||
- Remove timestamp from the user manual (rhbz#2022364)
|
|
||||||
|
|
||||||
* Tue Nov 09 2021 Jan Černý <jcerny@redhat.com> - 1.3.5-8
|
* Fri Jun 25 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-5
|
||||||
- Allow local DS components (rhbz#1970529)
|
- Do not set RPATH (rhbz#1967200)
|
||||||
- Fix hostname detection in offline scan of UBI 9 images (rhbz#1893888)
|
|
||||||
- Add an alternative source of hostname (rhbz#1977668)
|
|
||||||
- Fix oscap-chroot errors in process58_probe caused by empty /proc (rhbz#2008922)
|
|
||||||
|
|
||||||
* Thu Nov 04 2021 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.5-7
|
* Wed Jun 16 2021 Stephen Gallagher <sgallagh@redhat.com> - 1:1.3.5-4
|
||||||
- Introduce support for Image Builder's Blueprint remediation type (rhbz#2020050)
|
- Skip RPATH check temporarily
|
||||||
|
|
||||||
* Wed Jul 28 2021 Jan Černý <jcerny@redhat.com> - 1.3.5-6
|
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 1:1.3.5-3
|
||||||
- Initialize crypto API only once (rhbz#1959570)
|
- Rebuilt for Python 3.10
|
||||||
|
|
||||||
* Wed Jul 14 2021 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.5-5
|
* Mon Apr 26 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-2
|
||||||
- Add 'null' values handling to the yamlfilecontent probe (RHBZ#1981691)
|
- Waive the known issue with hugepages on ppc64/ppc64le
|
||||||
|
|
||||||
* Tue Jun 01 2021 Jan Černý <jcerny@redhat.com> - 1.3.5-4
|
* Fri Apr 23 2021 Jan Černý <jcerny@redhat.com> - 1:1.3.5-1
|
||||||
- Replace getlogin by cuserid
|
- Update to the latest upstream release
|
||||||
|
|
||||||
* Mon May 10 2021 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.5-3
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.4-4
|
||||||
- Waive known issue with hugepages in upstream testsuite (RHBZ#1912000)
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
- Fix issues reported by the coverity scan
|
|
||||||
- Introduce OSBuild 'blueprint' fix type
|
|
||||||
|
|
||||||
* Tue May 04 2021 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.5-2
|
* Wed Dec 09 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.4-3
|
||||||
- Fix changelog (add missing 1.3.3-6 entry)
|
- Remove dependency on GConf2
|
||||||
|
- Update cmake command
|
||||||
|
|
||||||
* Thu Apr 29 2021 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.5-1
|
* Tue Nov 03 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-2
|
||||||
- Upgrade to the latest upstream release (RHBZ#1953092)
|
- Fix problems uncovered by the Coverity Scan
|
||||||
- Fix segfault when using --stig-viewer option and latest XML file from DoD (RHBZ#1912000)
|
- Fix field names handling in yamlfilecontent probe
|
||||||
- Improve doc about --stig-viewer (RHBZ#1918759)
|
|
||||||
- Backport an upstream patch adding CentOS CPE (RHBZ#1907935)
|
|
||||||
|
|
||||||
* Wed Nov 25 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-5
|
* Wed Oct 07 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1:1.3.4-1
|
||||||
- Add check for non-local GPFS file system into Test Suite (RHBZ#1840578)
|
- Upgrade to the latest upstream release
|
||||||
|
|
||||||
* Fri Nov 13 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-4
|
* Thu Aug 27 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.3-6
|
||||||
- Use MALLOC_CHECK_=3 while executing Test Suite (RHBZ#1891770)
|
- Disabled the gconf probe, and removed the gconf dependency.
|
||||||
|
gconf is a legacy system not used any more, and it blocks testing of oscap-anaconda-addon
|
||||||
|
as gconf is no longer part of the installation medium for Fedora 32
|
||||||
|
|
||||||
* Tue Nov 10 2020 Jan Černý <jcerny@redhat.com> - 1.3.4-3
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.3-5
|
||||||
- Fix memory allocation (RHBZ#1891770)
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
* Thu Oct 29 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.3-6
|
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 1:1.3.3-4
|
||||||
- Enable profile composition with a specific platform (RHBZ#1896676)
|
- Update spec file to use new cmake macros
|
||||||
- Enable YAML probe to work with sets of values (RHBZ#1895715)
|
- https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
|
||||||
|
|
||||||
* Mon Oct 26 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-2
|
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1:1.3.3-3
|
||||||
- Fix problems uncovered by the Coverity Scan (RHBZ#1887794)
|
- Rebuilt for Python 3.9
|
||||||
|
|
||||||
* Wed Oct 14 2020 Evgenii Kolesnikov <ekolesni@redhat.com> - 1.3.4-1
|
* Mon May 04 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.3-2
|
||||||
- Upgrade to the latest upstream release (RHBZ#1887794)
|
- Add libyaml-devel as a dependency to enable yamlfilecontent probe
|
||||||
- Treat GPFS as a remote file system (RHBZ#1840578, RHBZ#1840579)
|
|
||||||
- Fixed the most problematic memory issues that were causing OOM situations
|
|
||||||
for systems with large amount of files (RHBZ#1824152)
|
|
||||||
- Proper handling of OVALs with circular dependencies between definitions (RHBZ#1812476)
|
|
||||||
|
|
||||||
* Wed Aug 19 2020 Jan Černý <jcerny@redhat.com> - 1.3.3-5
|
* Thu Apr 30 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.3-1
|
||||||
- Detect remote file systems correctly (RHBZ#1870087)
|
- Upgrade to the latest upstream release
|
||||||
|
|
||||||
* Mon Aug 03 2020 Jan Černý <jcerny@redhat.com> - 1.3.3-4
|
* Thu Apr 09 2020 Matěj Týč <matyc@redhat.com> - 1:1.3.2-5
|
||||||
- Fix memory leaks in rpmverifyfile probe (RHBZ#1861301)
|
- Made the spec file requirements section copy-paste of the RHEL8 section.
|
||||||
|
- Cleaned the spec file up from ancient obsoletes.
|
||||||
|
|
||||||
* Tue Jul 21 2020 Matěj Týč <matyc@redhat.com> - 1.3.3-3
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.2-4
|
||||||
- Added support for fetching remote content with compression (RHBZ#1855708)
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
* Thu Jun 25 2020 Matěj Týč <matyc@redhat.com> - 1.3.3-2
|
* Mon Jan 27 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.2-3
|
||||||
- Prevent unwanted recursion that could crash the scanner (RHBZ#1686370)
|
- Fix duplicate global variables (RHBZ#1793914)
|
||||||
|
|
||||||
* Mon May 04 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.3-1
|
* Wed Jan 15 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.2-2
|
||||||
- Upgrade to the latest upstream release (rhbz#1829761)
|
- Do not use C++ keyword operator as a function parameter name
|
||||||
- Added a Python script that can be used for CLI tailoring (autotailor)
|
|
||||||
- Added timezone to XCCDF TestResult start/end time
|
|
||||||
- Added yamlfilecontent independent probe (proposal/draft implementation)
|
|
||||||
- Added ability to generate `machineconfig` fix
|
|
||||||
- Introduced `urn:xccdf:fix:script:kubernetes` fix type in XCCDF
|
|
||||||
- Fixed filepath pattern matching in offline mode in textfilecontent58 probe
|
|
||||||
- Fixed #170: The rpmverifyfile probe can't verify files from '/bin' directory
|
|
||||||
- Fixed #1512: Severity refinement lost in generated guide
|
|
||||||
- Fixed #1453: Pointer lost in Swig API
|
|
||||||
- The data system_info probe return for offline and online modes is consistent and actual
|
|
||||||
- Evaluation Characteristics of the XCCDF report are now consistent with OVAL entities
|
|
||||||
from system_info probe
|
|
||||||
|
|
||||||
* Fri Mar 27 2020 Jan Černý <jcerny@redhat.com> - 1.3.2-9
|
* Tue Jan 14 2020 Jan Černý <jcerny@redhat.com> - 1:1.3.2-1
|
||||||
- Generate HTML guides from tailored profiles (RHBZ#1743835)
|
- Upgrade to the latest upstream release
|
||||||
|
|
||||||
* Wed Mar 18 2020 Jan Černý <jcerny@redhat.com> - 1.3.2-8
|
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1:1.3.1-4
|
||||||
- Fix tests for rpmverifyfileprobe (RHBZ#1814726)
|
- Rebuilt for Python 3.8.0rc1 (#1748018)
|
||||||
|
|
||||||
* Thu Mar 12 2020 Jan Černý <jcerny@redhat.com> - 1.3.2-7
|
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1:1.3.1-3
|
||||||
- Fix segmentation fault in systemdunitdependency_probe (RHBZ#1793050)
|
- Rebuilt for Python 3.8
|
||||||
- Fix crash in textfilecontent probe (RHBZ#1686467)
|
|
||||||
- Do not drop empty lines from Ansible remediations (RHBZ#1795563)
|
|
||||||
- Fix oscap-ssh --sudo (RHBZ#1803116)
|
|
||||||
- Remove useless warnings (RHBZ#1764139)
|
|
||||||
|
|
||||||
* Thu Jan 23 2020 Jan Černý <jcerny@redhat.com> - 1.3.2-6
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.3.1-2
|
||||||
- Fix FindACL.cmake
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
* Tue Jan 21 2020 Matěj Týč <matyc@redhat.com> - 1.3.2-5
|
* Thu Jun 13 2019 Jan Černý <jcerny@redhat.com> - 1:1.3.1-1
|
||||||
- Added more exhaustive package dependencies.
|
|
||||||
- Added the covscan/UX patch.
|
|
||||||
|
|
||||||
* Mon Jan 20 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.2-4
|
|
||||||
- Added patch: utils/oscap-podman: Detect ambiguous scan target
|
|
||||||
|
|
||||||
* Mon Jan 20 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.2-3
|
|
||||||
- Refined requirements
|
|
||||||
|
|
||||||
* Sun Jan 19 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.2-2
|
|
||||||
- Added patch: Fix case where CMake couldn't find libacl or xattr.h
|
|
||||||
|
|
||||||
* Wed Jan 15 2020 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.2-1
|
|
||||||
- Upgrade to the latest upstream release (rhbz#1778296)
|
|
||||||
- Offline mode support for environmentvariable58 probe (rhbz#1493614)
|
|
||||||
- The oscap-docker wrapper is available without Atomic
|
|
||||||
- Improved support of multi-check rules (report, remediations, console output) (rhbz#1771438)
|
|
||||||
- Improved HTML report look and feel, including printed version (rhbz#1640839)
|
|
||||||
- Less clutter in verbose mode output; some warnings and errors demoted to verbose mode levels
|
|
||||||
- Probe rpmverifyfile uses and returns canonical paths (rhbz#1776308)
|
|
||||||
- Improved a11y of HTML reports and guides (rhbz#1767382)
|
|
||||||
- Fixes and improvements for SWIG Python bindings (rhbz#1753603)
|
|
||||||
- #1403 fixed: Scanner would not apply remediation for multicheck rules (verbosity)
|
|
||||||
- Fixed URL link mechanism for Red Hat Errata
|
|
||||||
- New STIG Viewer URI: public.cyber.mil
|
|
||||||
- Probe selinuxsecuritycontext would not check if SELinux is enabled
|
|
||||||
- Scanner would provide information about unsupported OVAL objects
|
|
||||||
- Added more tests for offline mode (probes, remediation) (rhbz#1618489)
|
|
||||||
- #528 fixed: Eval SCE script when /tmp is in mode noexec
|
|
||||||
- #1173, RHBZ#1603347 fixed: Double chdir/chroot in probe rpmverifypackage (rhbz#1636431)
|
|
||||||
|
|
||||||
* Wed Dec 18 2019 Vojtech Polasek <vpolasek@redhat.com> - 1.3.1-3
|
|
||||||
- put back openscap-chroot, openscap-podman and openscap-vm files
|
|
||||||
|
|
||||||
* Fri Nov 01 2019 Vojtech Polasek <vpolasek@redhat.com> - 1.3.1-2
|
|
||||||
- Fixed XSLT template making rule details in reports accessible for screenreader users (#1767382)
|
|
||||||
|
|
||||||
* Fri Jun 14 2019 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.1-1
|
|
||||||
- Bumped the package release number
|
|
||||||
|
|
||||||
* Thu Jun 13 2019 Evgeny Kolesnikov <ekolesni@redhat.com> - 1.3.1-0
|
|
||||||
- Upgrade to the latest upstream release (rhbz#1718826)
|
|
||||||
- Support for SCAP 1.3 Source Datastreams (evaluating, XML schemas, validation) (rhbz#1709429)
|
|
||||||
- Tailoring files are included in ARF result files
|
|
||||||
- Remote filesystems mounted using `autofs` direct maps are not recognized as local filesystems (rhbz#1655943)
|
|
||||||
- Offline scan utilizing rpmverifyfile probe fails in fchdir and aborts (rhbz#1636431)
|
|
||||||
|
|
||||||
* Wed Jan 16 2019 Gabriel Becker <ggasparb@redhat.com> - 1.3.0-7
|
|
||||||
- Removed oscap-vm binary and manpage files from build as they will not be supported by RHEL-8.0.0.
|
|
||||||
- Explicitly specify which files should be in openscap-utils subpackage.
|
|
||||||
|
|
||||||
* Mon Jan 14 2019 Gabriel Becker <ggasparb@redhat.com> - 1.3.0-6
|
|
||||||
- Removed containers package as RHEL-8.0.0 will not support it.
|
|
||||||
- Removed oscap-chroot binary and manpage from utils package as RHEL-8.0.0 will not support it.
|
|
||||||
|
|
||||||
* Mon Oct 15 2018 Jan Černý <jcerny@redhat.com> - 1.3.0-5
|
|
||||||
- Fixed unresolved symbols in SCE library
|
|
||||||
|
|
||||||
* Fri Oct 12 2018 Matěj Týč <matyc@redhat.com> - 1.3.0-4
|
|
||||||
- Fixed a sudo regression in oscap-ssh.
|
|
||||||
- Updated test to work with newer versions of procps.
|
|
||||||
- Updated the man page.
|
|
||||||
|
|
||||||
* Tue Oct 09 2018 Matěj Týč <matyc@redhat.com> - 1.3.0-3
|
|
||||||
- Fixed memory error in SWIG (RHBZ#1607014)
|
|
||||||
|
|
||||||
* Tue Oct 09 2018 Jan Černý <jcerny@redhat.com> - 1.3.0-2
|
|
||||||
- Drop openscap-perl subpackage (RHBZ#1624396)
|
|
||||||
|
|
||||||
* Mon Oct 08 2018 Jan Černý <jcerny@redhat.com> - 1.3.0-1
|
|
||||||
- upgrade to the latest upstream release
|
|
||||||
- list subpackages removed in 1.3.0_alpha1-1 as obsoleted
|
|
||||||
|
|
||||||
* Fri Aug 10 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha2-1
|
|
||||||
- upgrade to the latest upstream release
|
- upgrade to the latest upstream release
|
||||||
|
|
||||||
* Thu Aug 09 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-3
|
* Mon Jun 10 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:1.3.0-7
|
||||||
- Add RHEL8 CPE (until RHEL8 public beta downstream patch only)
|
- Rebuild for RPM 4.15
|
||||||
|
|
||||||
* Fri Jul 27 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-2
|
* Mon Jun 10 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:1.3.0-6
|
||||||
- Use AsciiDoc instead of AsciiDoctor (RHBZ#1607541)
|
- Rebuild for RPM 4.15
|
||||||
|
|
||||||
* Fri Jul 20 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-1
|
* Sat Jun 01 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:1.3.0-5
|
||||||
|
- Perl 5.30 rebuild
|
||||||
|
|
||||||
|
* Mon May 20 2019 Jan Černý <jcerny@redhat.com> - 1.3.0-4
|
||||||
|
- Upgrade the Epoch to align with F30
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Oct 19 2018 Matěj Týč <matyc@redhat.com> - 1.3.0-2
|
||||||
|
- Removed the openscap-perl package to be on par with RHEL.
|
||||||
|
|
||||||
|
* Tue Oct 09 2018 Jan Černý <jcerny@redhat.com> - 1.3.0-1
|
||||||
|
- upgrade to the latest upstream release
|
||||||
|
|
||||||
|
* Mon Sep 10 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha2-2
|
||||||
|
- List subpackages removed in 1.3.0_alpha1-1 as obsoleted (RHBZ#1626801)
|
||||||
|
|
||||||
|
* Mon Aug 13 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha2-1
|
||||||
|
- upgrade to the latest upstream release
|
||||||
|
|
||||||
|
* Wed Jul 25 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-2
|
||||||
|
- removed python2-openscap subpackage
|
||||||
|
|
||||||
|
* Wed Jul 18 2018 Jan Černý <jcerny@redhat.com> - 1.3.0_alpha1-1
|
||||||
- upgrade to the latest upstream release
|
- upgrade to the latest upstream release
|
||||||
- change specfile to use CMake
|
- change specfile to use CMake
|
||||||
- dropped commands in the spec file that are no longer relevant
|
- dropped commands in the spec file that are no longer relevant
|
||||||
- dropped subpackages in the spec file that are no longer relevant
|
- dropped subpackages in the spec file that are no longer relevant
|
||||||
|
|
||||||
* Fri May 18 2018 Jan Černý <jcerny@redhat.com> - 1.2.16-5
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.17-5
|
||||||
- Use pathfix.py instead of a downstream patch to fix shebang
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
* Thu May 17 2018 Jan Černý <jcerny@redhat.com> - 1.2.16-4
|
* Tue Jul 03 2018 Petr Pisar <ppisar@redhat.com> - 1.2.17-4
|
||||||
- Remove Python 2 dependencies
|
- Perl 5.28 rebuild
|
||||||
|
|
||||||
|
* Fri Jun 29 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1.2.17-3
|
||||||
|
- Perl 5.28 rebuild
|
||||||
|
|
||||||
|
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1.2.17-2
|
||||||
|
- Rebuilt for Python 3.7
|
||||||
|
|
||||||
|
* Tue May 29 2018 Jan Černý <jcerny@redhat.com> - 1.2.17-1
|
||||||
|
- upgrade to the latest upstream release
|
||||||
|
|
||||||
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-3
|
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-3
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
12
plans/ci.fmf
Normal file
12
plans/ci.fmf
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
summary: CI test plan
|
||||||
|
/default-hw-tier1:
|
||||||
|
plan:
|
||||||
|
import:
|
||||||
|
url: https://pkgs.devel.redhat.com/git/tests/openscap
|
||||||
|
name: /plans/gating/default-hw-tier1
|
||||||
|
|
||||||
|
/custom-hw-tier1:
|
||||||
|
plan:
|
||||||
|
import:
|
||||||
|
url: https://pkgs.devel.redhat.com/git/tests/openscap
|
||||||
|
name: /plans/gating/custom-hw-tier1
|
Loading…
Reference in New Issue
Block a user