From 6b0dc278c230fe0bf46269332a33a1783bd62775 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Tue, 21 May 2024 09:40:45 +0200 Subject: [PATCH] Rebase to new upstream version 0.1.73 Resolves: RHEL-36733 Resolves: RHEL-30346 Resolves: RHEL-26071 Resolves: RHEL-17202 Resolves: RHEL-1814 Resolves: RHEL-2244 --- .gitignore | 1 + gating.yaml | 1 - ...-profiles-not-in-good-shape-for-RHEL.patch | 54 ------------------- scap-security-guide.spec | 16 +++--- sources | 2 +- 5 files changed, 12 insertions(+), 62 deletions(-) delete mode 100644 hide-profiles-not-in-good-shape-for-RHEL.patch diff --git a/.gitignore b/.gitignore index 9b029aa..c59f473 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ SOURCES/scap-security-guide-0.1.66.tar.bz2 /scap-security-guide-0.1.66.tar.bz2 /scap-security-guide-0.1.69.tar.bz2 /scap-security-guide-0.1.72.tar.bz2 +/scap-security-guide-0.1.73.tar.bz2 diff --git a/gating.yaml b/gating.yaml index d88a5bf..fbfe118 100644 --- a/gating.yaml +++ b/gating.yaml @@ -4,5 +4,4 @@ product_versions: decision_context: osci_compose_gate rules: - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.ci-beaker.functional} - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation} diff --git a/hide-profiles-not-in-good-shape-for-RHEL.patch b/hide-profiles-not-in-good-shape-for-RHEL.patch deleted file mode 100644 index 40a7a28..0000000 --- a/hide-profiles-not-in-good-shape-for-RHEL.patch +++ /dev/null @@ -1,54 +0,0 @@ -From e0f62e3828b9deda102f247b3789f68aeb4e518d Mon Sep 17 00:00:00 2001 -From: Marcus Burghardt -Date: Fri, 16 Feb 2024 12:07:36 +0100 -Subject: [PATCH] Hide profiles not in good shape for RHEL - -There are some profiles introduced long time ago but no longer -maintained. For compatibility purposes they are not removed from -datastream but are now hidden for RHEL8 to prevent people from -using them. ---- - products/rhel8/profiles/cjis.profile | 2 ++ - products/rhel8/profiles/rht-ccp.profile | 2 ++ - products/rhel8/profiles/standard.profile | 2 ++ - 3 files changed, 6 insertions(+) - -diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile -index 30843b692e..c44c63516f 100644 ---- a/products/rhel8/profiles/cjis.profile -+++ b/products/rhel8/profiles/cjis.profile -@@ -1,5 +1,7 @@ - documentation_complete: true - -+hidden: true -+ - metadata: - version: 5.4 - SMEs: -diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile -index 01133a9bde..3f6cb751c9 100644 ---- a/products/rhel8/profiles/rht-ccp.profile -+++ b/products/rhel8/profiles/rht-ccp.profile -@@ -1,5 +1,7 @@ - documentation_complete: true - -+hidden: true -+ - title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)' - - description: |- -diff --git a/products/rhel8/profiles/standard.profile b/products/rhel8/profiles/standard.profile -index 11d72da2d9..79b491113a 100644 ---- a/products/rhel8/profiles/standard.profile -+++ b/products/rhel8/profiles/standard.profile -@@ -1,5 +1,7 @@ - documentation_complete: true - -+hidden: true -+ - title: 'Standard System Security Profile for Red Hat Enterprise Linux 8' - - description: |- --- -2.43.1 - diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 138ce60..98a5c45 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -5,8 +5,8 @@ # global _default_patch_fuzz 2 # Normally shouldn't be needed as patches should apply cleanly Name: scap-security-guide -Version: 0.1.72 -Release: 2%{?dist} +Version: 0.1.73 +Release: 1%{?dist} Summary: Security guidance and baselines in SCAP formats License: BSD-3-Clause Group: Applications/System @@ -14,8 +14,6 @@ URL: https://github.com/ComplianceAsCode/content/ Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2 # Include tarball with last released rhel6 content Source1: %{_static_rhel6_content}.tar.bz2 -# Patch hides cjis, rht-ccp and standard profiles for RHEL8 -Patch0: hide-profiles-not-in-good-shape-for-RHEL.patch BuildArch: noarch @@ -23,8 +21,7 @@ BuildRequires: libxslt BuildRequires: expat BuildRequires: openscap-scanner >= 1.2.5 BuildRequires: cmake >= 2.8 -# To get python3 inside the buildroot require its path explicitly in BuildRequires -BuildRequires: /usr/bin/python3 +BuildRequires: python3-devel BuildRequires: python%{python3_pkgversion} BuildRequires: python%{python3_pkgversion}-jinja2 BuildRequires: python%{python3_pkgversion}-PyYAML @@ -122,6 +119,13 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name %endif %changelog +* Tue May 21 2024 Jan Černý - 0.1.73-1 +- Rebase scap-security-guide package to version 0.1.73 (RHEL-36733) +- Change crypto policy used in the CUI profile to FIPS (RHEL-30346) +- Fix file path identification in Rsyslog configuration (RHEL-17202) +- Use a correct chrony server address in STIG profile (RHEL-1814) +- Don't BuildRequire /usr/bin/python3 (RHEL-2244) + * Fri Feb 16 2024 Marcus Burghardt - 0.1.72-2 - Unlist profiles no longer maintained in RHEL8. diff --git a/sources b/sources index 0e257f2..2adf907 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2) = c12b1210a7829578d2b32c22950a9f93913ae4981efb31304aea04d43791eb86c75bb5cdc4ceb35741bcb00306db44a5734a03bd0578f1d255917d590e840260 -SHA512 (scap-security-guide-0.1.72.tar.bz2) = 2b3fb7ff4d7f69796968afc61049753bce9f2cd5bc57ecc41f9ea17dbd2bb8c278a6e02ef98e34b1561dd38e55498ba2ba92079dbdc4ef5848186964cefbd92a +SHA512 (scap-security-guide-0.1.73.tar.bz2) = 8750aeb61378d7729e00e4bcfb17d1463d97192801ef6707593ec639dfef2abba6669b9d1b8f71958f7d24f6c66f308f1587d731dd4e63878f91266232883ad7