|
|
160b6f |
%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
|
|
|
160b6f |
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
|
|
|
160b6f |
|
|
|
160b6f |
%define relabel_files() \
|
|
|
160b6f |
restorecon -R /usr/bin/oscap /usr/libexec/openscap; \
|
|
|
160b6f |
|
|
|
160b6f |
Name: openscap
|
|
|
7c0ddc |
Version: 1.2.17
|
|
|
7c0ddc |
Release: 2%{?dist}
|
|
|
160b6f |
Summary: Set of open source libraries enabling integration of the SCAP line of standards
|
|
|
160b6f |
Group: System Environment/Libraries
|
|
|
160b6f |
License: LGPLv2+
|
|
|
160b6f |
URL: http://www.open-scap.org/
|
|
|
b1f2c6 |
Source0: https://github.com/OpenSCAP/openscap/releases/download/%{version}/%{name}-%{version}.tar.gz
|
|
|
7c0ddc |
Patch1: openscap-1.2.17-filehash58_probe_test.patch
|
|
|
160b6f |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
160b6f |
BuildRequires: swig libxml2-devel libxslt-devel perl-XML-Parser
|
|
|
160b6f |
BuildRequires: rpm-devel
|
|
|
160b6f |
BuildRequires: libgcrypt-devel
|
|
|
160b6f |
BuildRequires: pcre-devel
|
|
|
160b6f |
BuildRequires: libacl-devel
|
|
|
160b6f |
BuildRequires: libselinux-devel libcap-devel
|
|
|
160b6f |
BuildRequires: libblkid-devel
|
|
|
160b6f |
BuildRequires: bzip2-devel
|
|
|
160b6f |
%if %{?_with_check:1}%{!?_with_check:0}
|
|
|
160b6f |
BuildRequires: perl-XML-XPath
|
|
|
160b6f |
%endif
|
|
|
160b6f |
Requires(post): /sbin/ldconfig
|
|
|
160b6f |
Requires(postun): /sbin/ldconfig
|
|
|
160b6f |
|
|
|
160b6f |
%description
|
|
|
160b6f |
OpenSCAP is a set of open source libraries providing an easier path
|
|
|
160b6f |
for integration of the SCAP line of standards. SCAP is a line of standards
|
|
|
160b6f |
managed by NIST with the goal of providing a standard language
|
|
|
160b6f |
for the expression of Computer Network Defense related information.
|
|
|
160b6f |
|
|
|
160b6f |
%package devel
|
|
|
160b6f |
Summary: Development files for %{name}
|
|
|
160b6f |
Group: Development/Libraries
|
|
|
160b6f |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
160b6f |
Requires: libxml2-devel
|
|
|
160b6f |
Requires: pkgconfig
|
|
|
160b6f |
|
|
|
160b6f |
%description devel
|
|
|
160b6f |
The %{name}-devel package contains libraries and header files for
|
|
|
160b6f |
developing applications that use %{name}.
|
|
|
160b6f |
|
|
|
160b6f |
%package python
|
|
|
160b6f |
Summary: Python bindings for %{name}
|
|
|
160b6f |
Group: Development/Libraries
|
|
|
160b6f |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
160b6f |
BuildRequires: python-devel
|
|
|
160b6f |
|
|
|
160b6f |
%description python
|
|
|
160b6f |
The %{name}-python package contains the bindings so that %{name}
|
|
|
160b6f |
libraries can be used by python.
|
|
|
160b6f |
|
|
|
160b6f |
%package scanner
|
|
|
160b6f |
Summary: OpenSCAP Scanner Tool (oscap)
|
|
|
160b6f |
Group: Applications/System
|
|
|
160b6f |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
160b6f |
Requires: libcurl >= 7.12.0
|
|
|
160b6f |
BuildRequires: libcurl-devel >= 7.12.0
|
|
|
160b6f |
Obsoletes: openscap-selinux
|
|
|
160b6f |
|
|
|
160b6f |
%description scanner
|
|
|
160b6f |
The %{name}-scanner package contains oscap command-line tool. The oscap
|
|
|
160b6f |
is configuration and vulnerability scanner, capable of performing
|
|
|
160b6f |
compliance checking using SCAP content.
|
|
|
160b6f |
|
|
|
160b6f |
%package utils
|
|
|
160b6f |
Summary: OpenSCAP Utilities
|
|
|
160b6f |
Group: Applications/System
|
|
|
160b6f |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
160b6f |
Requires: rpmdevtools rpm-build
|
|
|
b1f2c6 |
Requires: %{name}-containers = %{version}-%{release}
|
|
|
160b6f |
|
|
|
160b6f |
%description utils
|
|
|
160b6f |
The %{name}-utils package contains command-line tools build on top
|
|
|
160b6f |
of OpenSCAP library. Historically, openscap-utils included oscap
|
|
|
160b6f |
tool which is now separated to %{name}-scanner sub-package.
|
|
|
160b6f |
|
|
|
160b6f |
|
|
|
160b6f |
%package extra-probes
|
|
|
160b6f |
Summary: SCAP probes
|
|
|
160b6f |
Group: Applications/System
|
|
|
160b6f |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
160b6f |
BuildRequires: openldap-devel
|
|
|
160b6f |
BuildRequires: GConf2-devel
|
|
|
160b6f |
#BuildRequires: opendbx - for sql
|
|
|
160b6f |
|
|
|
160b6f |
%description extra-probes
|
|
|
160b6f |
The %{name}-extra-probes package contains additional probes that are not
|
|
|
160b6f |
commonly used and require additional dependencies.
|
|
|
160b6f |
|
|
|
160b6f |
%package engine-sce
|
|
|
160b6f |
Summary: Script Check Engine plug-in for OpenSCAP
|
|
|
160b6f |
Group: Applications/System
|
|
|
160b6f |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
160b6f |
|
|
|
160b6f |
%description engine-sce
|
|
|
160b6f |
The Script Check Engine is non-standard extension to SCAP protocol. This
|
|
|
160b6f |
engine allows content authors to avoid OVAL language and write their assessment
|
|
|
160b6f |
commands using a scripting language (Bash, Perl, Python, Ruby, ...).
|
|
|
160b6f |
|
|
|
160b6f |
%package engine-sce-devel
|
|
|
160b6f |
Summary: Development files for %{name}-engine-sce
|
|
|
160b6f |
Group: Development/Libraries
|
|
|
160b6f |
Requires: %{name}-devel%{?_isa} = %{version}-%{release}
|
|
|
160b6f |
Requires: %{name}-engine-sce%{?_isa} = %{version}-%{release}
|
|
|
160b6f |
Requires: pkgconfig
|
|
|
160b6f |
|
|
|
160b6f |
%description engine-sce-devel
|
|
|
160b6f |
The %{name}-engine-sce-devel package contains libraries and header files
|
|
|
160b6f |
for developing applications that use %{name}-engine-sce.
|
|
|
160b6f |
|
|
|
b1f2c6 |
%package containers
|
|
|
b1f2c6 |
Summary: Utils for scanning containers
|
|
|
b1f2c6 |
Group: Applications/System
|
|
|
b1f2c6 |
Requires: %{name} = %{version}-%{release}
|
|
|
b1f2c6 |
Requires: %{name}-scanner
|
|
|
b1f2c6 |
BuildArch: noarch
|
|
|
b1f2c6 |
|
|
|
b1f2c6 |
%description containers
|
|
|
b1f2c6 |
Tool for scanning Atomic containers.
|
|
|
b1f2c6 |
|
|
|
b1f2c6 |
|
|
|
160b6f |
%prep
|
|
|
160b6f |
%setup -q
|
|
|
7c0ddc |
%patch1 -p1 -b .filehash58_probe_test
|
|
|
160b6f |
|
|
|
160b6f |
%build
|
|
|
160b6f |
%ifarch sparc64
|
|
|
160b6f |
#sparc64 need big PIE
|
|
|
160b6f |
export CFLAGS="$RPM_OPT_FLAGS -fPIE"
|
|
|
160b6f |
export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
|
|
|
160b6f |
%else
|
|
|
160b6f |
export CFLAGS="$RPM_OPT_FLAGS -fpie"
|
|
|
160b6f |
export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
|
|
|
160b6f |
%endif
|
|
|
160b6f |
|
|
|
160b6f |
%configure --enable-sce
|
|
|
160b6f |
|
|
|
160b6f |
make %{?_smp_mflags}
|
|
|
160b6f |
# Remove shebang from bash-completion script
|
|
|
160b6f |
sed -i '/^#!.*bin/,+1 d' dist/bash_completion.d/oscap
|
|
|
160b6f |
|
|
|
160b6f |
%check
|
|
|
160b6f |
#to run make check use "--with check"
|
|
|
160b6f |
%if %{?_with_check:1}%{!?_with_check:0}
|
|
|
160b6f |
make check
|
|
|
160b6f |
%endif
|
|
|
160b6f |
|
|
|
160b6f |
%install
|
|
|
160b6f |
rm -rf $RPM_BUILD_ROOT
|
|
|
160b6f |
|
|
|
160b6f |
make install INSTALL='install -p' DESTDIR=$RPM_BUILD_ROOT
|
|
|
160b6f |
|
|
|
160b6f |
# remove content for another OS
|
|
|
160b6f |
rm $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-rhel6-oval.xml
|
|
|
160b6f |
rm $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-rhel6-xccdf.xml
|
|
|
160b6f |
rm $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-fedora14-oval.xml
|
|
|
160b6f |
rm $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-fedora14-xccdf.xml
|
|
|
160b6f |
|
|
|
160b6f |
# Remove sectool SCE content which is not distributed along RHEL7
|
|
|
160b6f |
rm $RPM_BUILD_ROOT/%{_datadir}/openscap/sectool-sce/sectool-xccdf.xml
|
|
|
160b6f |
rm $RPM_BUILD_ROOT/%{_datadir}/openscap/sectool-sce/*.sh
|
|
|
160b6f |
rmdir $RPM_BUILD_ROOT/%{_datadir}/openscap/sectool-sce
|
|
|
160b6f |
|
|
|
160b6f |
# bash-completion script
|
|
|
160b6f |
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/bash_completion.d
|
|
|
160b6f |
install -pm 644 dist/bash_completion.d/oscap $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d/oscap
|
|
|
160b6f |
|
|
|
160b6f |
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
|
|
|
160b6f |
|
|
|
160b6f |
%clean
|
|
|
160b6f |
rm -rf $RPM_BUILD_ROOT
|
|
|
160b6f |
|
|
|
160b6f |
%post -p /sbin/ldconfig
|
|
|
160b6f |
|
|
|
160b6f |
%postun -p /sbin/ldconfig
|
|
|
160b6f |
|
|
|
160b6f |
%files
|
|
|
160b6f |
%defattr(-,root,root,-)
|
|
|
160b6f |
%doc AUTHORS COPYING ChangeLog NEWS README.md
|
|
|
160b6f |
%{_libdir}/libopenscap.so.*
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_dnscache
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_environmentvariable
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_environmentvariable58
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_family
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_file
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_fileextendedattribute
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_filehash
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_filehash58
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_iflisteners
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_inetlisteningservers
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_interface
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_partition
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_password
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_process
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_process58
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_routingtable
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_rpminfo
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_rpmverify
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_rpmverifyfile
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_rpmverifypackage
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_runlevel
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_selinuxboolean
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_selinuxsecuritycontext
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_shadow
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_symlink
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_sysctl
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_system_info
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_systemdunitdependency
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_systemdunitproperty
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_textfilecontent
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_textfilecontent54
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_uname
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_variable
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_xinetd
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_xmlfilecontent
|
|
|
160b6f |
%dir %{_datadir}/openscap
|
|
|
160b6f |
%dir %{_datadir}/openscap/schemas
|
|
|
160b6f |
%dir %{_datadir}/openscap/xsl
|
|
|
160b6f |
%dir %{_datadir}/openscap/cpe
|
|
|
160b6f |
%{_datadir}/openscap/schemas/*
|
|
|
160b6f |
%{_datadir}/openscap/xsl/*
|
|
|
160b6f |
%{_datadir}/openscap/cpe/*
|
|
|
160b6f |
|
|
|
160b6f |
%files python
|
|
|
160b6f |
%defattr(-,root,root,-)
|
|
|
160b6f |
%{python_sitearch}/*
|
|
|
160b6f |
|
|
|
160b6f |
%files devel
|
|
|
160b6f |
%defattr(-,root,root,-)
|
|
|
160b6f |
%doc docs/{html,examples}/
|
|
|
160b6f |
%{_libdir}/libopenscap.so
|
|
|
160b6f |
%{_libdir}/pkgconfig/*.pc
|
|
|
160b6f |
%{_includedir}/openscap
|
|
|
160b6f |
%exclude %{_includedir}/openscap/sce_engine_api.h
|
|
|
160b6f |
|
|
|
160b6f |
%files engine-sce-devel
|
|
|
160b6f |
%defattr(-,root,root,-)
|
|
|
160b6f |
%{_libdir}/libopenscap_sce.so
|
|
|
160b6f |
%{_includedir}/openscap/sce_engine_api.h
|
|
|
160b6f |
|
|
|
160b6f |
%files scanner
|
|
|
160b6f |
%{_bindir}/oscap
|
|
|
b1f2c6 |
%{_mandir}/man8/oscap.8.gz
|
|
|
b1f2c6 |
%{_bindir}/oscap-chroot
|
|
|
b1f2c6 |
%{_mandir}/man8/oscap-chroot.8.gz
|
|
|
160b6f |
%{_sysconfdir}/bash_completion.d
|
|
|
160b6f |
|
|
|
160b6f |
%files utils
|
|
|
160b6f |
%defattr(-,root,root,-)
|
|
|
160b6f |
%doc docs/oscap-scan.cron
|
|
|
160b6f |
%{_mandir}/man8/*
|
|
|
160b6f |
%exclude %{_mandir}/man8/oscap.8.gz
|
|
|
b1f2c6 |
%exclude %{_mandir}/man8/oscap-docker.8.gz
|
|
|
b1f2c6 |
%exclude %{_mandir}/man8/oscap-chroot.8.gz
|
|
|
160b6f |
%{_bindir}/*
|
|
|
160b6f |
%exclude %{_bindir}/oscap
|
|
|
b1f2c6 |
%exclude %{_bindir}/oscap-docker
|
|
|
b1f2c6 |
%exclude %{_bindir}/oscap-chroot
|
|
|
160b6f |
|
|
|
160b6f |
|
|
|
160b6f |
%files extra-probes
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_ldap57
|
|
|
160b6f |
%{_libexecdir}/openscap/probe_gconf
|
|
|
160b6f |
|
|
|
160b6f |
%files engine-sce
|
|
|
160b6f |
%{_libdir}/libopenscap_sce.so.*
|
|
|
160b6f |
|
|
|
b1f2c6 |
%files containers
|
|
|
b1f2c6 |
%defattr(-,root,root,-)
|
|
|
b1f2c6 |
%{_bindir}/oscap-docker
|
|
|
b1f2c6 |
%{_mandir}/man8/oscap-docker.8.gz
|
|
|
b1f2c6 |
%{python_sitelib}/oscap_docker_python/*
|
|
|
b1f2c6 |
|
|
|
b1f2c6 |
|
|
|
160b6f |
%changelog
|
|
|
7c0ddc |
* Tue Aug 14 2018 Matěj Týč <matyc@redhat.com> - 1.2.17-2
|
|
|
7c0ddc |
- Patched to include tests for filehash58 probe.
|
|
|
7c0ddc |
|
|
|
7c0ddc |
* Wed Jul 11 2018 Matěj Týč <matyc@redhat.com> - 1.2.17-1
|
|
|
7c0ddc |
- Rebased to the 1.2.17 upstream release (#1564900).
|
|
|
7c0ddc |
- Fixed the offline scanning (#1547107, #1556988).
|
|
|
7c0ddc |
- HTML Guide user experience improvements.
|
|
|
7c0ddc |
- New options in HTML report "Group By" menu.
|
|
|
7c0ddc |
- oscap-ssh supports --oval-results.
|
|
|
7c0ddc |
- For more news, see https://github.com/OpenSCAP/openscap/releases/tag/1.2.17
|
|
|
2e5fa3 |
|
|
|
b1f2c6 |
* Tue Feb 06 2018 Watson Yuuma Sato <wsato@redhat.com> - 1.2.16-6
|
|
|
b1f2c6 |
- Cleanup temporary images created by oscap-docker (#1454637)
|
|
|
b1f2c6 |
|
|
|
b1f2c6 |
* Tue Jan 23 2018 Jan Černý <jcerny@redhat.com> - 1.2.16-5
|
|
|
b1f2c6 |
- Revert warnings by default in oscap tool (#1537089)
|
|
|
b1f2c6 |
|
|
|
b1f2c6 |
* Mon Jan 15 2018 Watson Yuuma Sato <wsato@redhat.com> - 1.2.16-4
|
|
|
b1f2c6 |
- Fix requirement on openscap-containers
|
|
|
b1f2c6 |
|
|
|
b1f2c6 |
* Tue Jan 09 2018 Watson Yuuma Sato <wsato@redhat.com> - 1.2.16-3
|
|
|
b1f2c6 |
- Update bash completion (#1505517)
|
|
|
b1f2c6 |
- Align bash role header with output of help command (#1439813)
|
|
|
b1f2c6 |
|
|
|
b1f2c6 |
* Mon Nov 20 2017 Matěj Týč <matyc@redhat.com> - 1.2.16-2
|
|
|
b1f2c6 |
- moved oscap-docker to newly created openscap-containers.
|
|
|
b1f2c6 |
- moved man of oscap-chroot to oscap-scanner.
|
|
|
b1f2c6 |
|
|
|
b1f2c6 |
* Tue Nov 14 2017 Matěj Týč <matyc@redhat.com> - 1.2.16-1
|
|
|
b1f2c6 |
- upgrade to the latest upstream release
|
|
|
b1f2c6 |
- moved oscap-chroot to openscap-scanner because it's a thin wrapper script with no dependencies
|
|
|
b1f2c6 |
|
|
|
b1f2c6 |
* Mon Aug 28 2017 Jan Černý <jcerny@redhat.com> - 1.2.15-1
|
|
|
b1f2c6 |
- upgrade to the latest upstream release
|
|
|
b1f2c6 |
- short profile names can be used instead of long IDs
|
|
|
b1f2c6 |
- new option --rule allows to evaluate only a single rule
|
|
|
b1f2c6 |
- new option --fix-type in "oscap xccdf generate fix" allows choosing
|
|
|
b1f2c6 |
remediation script type without typing long URL
|
|
|
b1f2c6 |
- "oscap info" shows profile titles
|
|
|
b1f2c6 |
- OVAL details in HTML report are easier to read
|
|
|
b1f2c6 |
- HTML report is smaller because unselected rules are removed
|
|
|
b1f2c6 |
- HTML report supports NIST 800-171 and CJIS
|
|
|
b1f2c6 |
- remediation scripts contain headers with useful information (#1439813)
|
|
|
b1f2c6 |
- remediation scripts report progress when they run
|
|
|
b1f2c6 |
- basic support for Oracle Linux (CPEs, runlevels)
|
|
|
b1f2c6 |
- remediation scripts can be generated from datastreams that contain
|
|
|
b1f2c6 |
multiple XCCDF benchmarks
|
|
|
b1f2c6 |
- basic support for OVAL 5.11.2 (only schemas, no features)
|
|
|
b1f2c6 |
- enabled offline RPM database in rpminfo probe
|
|
|
b1f2c6 |
- added Fedora 28 CPE
|
|
|
b1f2c6 |
- fixed oscap-docker with Docker >= 2.0
|
|
|
b1f2c6 |
- fixed behavior of sysctl probe to be consistent with sysctl tool
|
|
|
b1f2c6 |
- fixed generating remediation scripts
|
|
|
b1f2c6 |
- severity of tailored rules is not discarded
|
|
|
b1f2c6 |
- fixed errors in RPM probes initialization
|
|
|
b1f2c6 |
- oscap-docker shows all warnings reported by oscap
|
|
|
b1f2c6 |
- fixed pkgconfig file
|
|
|
160b6f |
|
|
|
160b6f |
* Fri May 19 2017 Martin Preisler <mpreisle@redhat.com> - 1.2.14-2
|
|
|
160b6f |
- RPM probes to return not applicable on non-rpm systems (#1447629)
|
|
|
160b6f |
- fixed sysctl tests on s390x architecture (#1447649)
|
|
|
160b6f |
- Revert warning by default in oscap tool, our message categories are not ready for it (#1447341)
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Mar 21 2017 Jan Černý <jcerny@redhat.com> - 1.2.14-1
|
|
|
160b6f |
- Upgrade to the latest upstream release
|
|
|
160b6f |
- Detailed information about ARF files in 'oscap info'
|
|
|
160b6f |
- Generating remediation scripts from ARF
|
|
|
160b6f |
- HTML report UX improvements
|
|
|
160b6f |
- Fixed CPE dictionary to identify RHEVH as RHEL7 (#1420038)
|
|
|
160b6f |
- Fixed systemd probes crashes inside containers (#1431186)
|
|
|
160b6f |
- Fixed output on terminals with white background (#1365911)
|
|
|
160b6f |
- Error handling in oscap-vm (#1391754)
|
|
|
160b6f |
- Fixed SCE stderr stalling (#1420811)
|
|
|
160b6f |
- Fixed absolute filepath parsing in OVAL (#1312831, #1312824)
|
|
|
160b6f |
- Fixed segmentation faults in RPM probes (#1414303, #1414312)
|
|
|
160b6f |
- Fixed missing header in result-oriented Ansible remediations
|
|
|
160b6f |
|
|
|
160b6f |
* Thu Jan 05 2017 Martin Preisler <mpreisle@redhat.com> - 1.2.13-1
|
|
|
160b6f |
- Upgrade to the latest upstream release
|
|
|
160b6f |
- Added --thin-results CLI override to oscap xccdf eval
|
|
|
160b6f |
- Added --without-syschar CLI override to oscap xccdf eval
|
|
|
160b6f |
- Remediations are not filtered by applicability
|
|
|
160b6f |
- Fixed segmentation faults in XCCDF and OVAL processing
|
|
|
160b6f |
- Added a warning on generating an ARF from XCCDF 1.1
|
|
|
160b6f |
|
|
|
160b6f |
* Wed Nov 16 2016 Martin Preisler <mpreisle@redhat.com> - 1.2.12-1
|
|
|
160b6f |
- Upgrade to the latest upstream release
|
|
|
160b6f |
- improved HTML report by referencing links
|
|
|
160b6f |
- fixed validity errors in ARF files
|
|
|
160b6f |
- fixed CVE parsing
|
|
|
160b6f |
- fixed injecting xccdf:check-content-ref references in ARF results
|
|
|
160b6f |
- fixed oscap-docker incompliance reporting (#1387248)
|
|
|
160b6f |
- fixed oscap-docker man page (#1387166)
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Nov 14 2016 Martin Preisler <mpreisle@redhat.com> - 1.2.11-1
|
|
|
160b6f |
- upgrade to the latest upstream release
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Sep 05 2016 Jan Černý <jcerny@redhat.com> - 1.2.10-2
|
|
|
160b6f |
- fix oscap-docker to follow the proxy settings (#1351952)
|
|
|
160b6f |
|
|
|
160b6f |
* Thu Jun 30 2016 Jan Černý <jcerny@redhat.com> - 1.2.10-1
|
|
|
160b6f |
- upgrade to the latest upstream release
|
|
|
160b6f |
|
|
|
160b6f |
* Tue May 31 2016 Martin Preisler <mpreisle@redhat.com> - 1.2.9-7
|
|
|
160b6f |
- fixed dates in the changelog
|
|
|
160b6f |
- changed Release to 7 to avoid conflicts
|
|
|
160b6f |
|
|
|
160b6f |
* Tue May 31 2016 Martin Preisler <mpreisle@redhat.com> - 1.2.9-4
|
|
|
160b6f |
- worked around a change in behavior in argparse between different versions of python2 (#1278147)
|
|
|
160b6f |
|
|
|
160b6f |
* Thu May 05 2016 Martin Preisler <mpreisle@redhat.com> - 1.2.9-3
|
|
|
160b6f |
- fixed loading SDS session multiple times (#1250072)
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Apr 26 2016 Jan Černý <jcerny@redhat.com> - 1.2.9-2
|
|
|
160b6f |
- fix specfile
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Apr 25 2016 Jan Černý <jcerny@redhat.com> - 1.2.9-1
|
|
|
160b6f |
- upgrade to the latest upstream release
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Jul 24 2015 Martin Preisler <mpreisle@redhat.com> - 1.2.5-3
|
|
|
160b6f |
- add a patch for scap-as-rpm to generate SRPM correctly (#1242893)
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Jul 24 2015 Martin Preisler <mpreisle@redhat.com> - 1.2.5-2
|
|
|
160b6f |
- add a patch to support RHSA identifiers in HTML report and guide (#1243808)
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Jul 06 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.5-1
|
|
|
160b6f |
- upgrade to the latest upstream release
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Jun 22 2015 Šimon Lukašík <slukasik@redhat.com> - 1.2.4-1
|
|
|
160b6f |
- upgrade to the latest upstream release
|
|
|
160b6f |
- drop openscap-selinux sub-package
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Jan 20 2015 Šimon Lukašík <slukasik@redhat.com> - 1.1.1-3
|
|
|
160b6f |
- USGCB, schematron: var_ref missing when var_check exported (#1182242)
|
|
|
160b6f |
|
|
|
160b6f |
* Thu Jan 08 2015 Šimon Lukašík <slukasik@redhat.com> - 1.1.1-2
|
|
|
160b6f |
- STIG-generated results contain var_ref without var_check (#1159289)
|
|
|
160b6f |
- Probes failed to stop by USR1 signal as specified (#1165139)
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Sep 26 2014 Šimon Lukašík <slukasik@redhat.com> - 1.1.1-1
|
|
|
160b6f |
- upgrade to the latest upstream release
|
|
|
160b6f |
|
|
|
160b6f |
* Wed Sep 03 2014 Šimon Lukašík <slukasik@redhat.com> - 1.1.0-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
- introduce openscap-scanner sub-package (#1115105)
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.0.3-2
|
|
|
160b6f |
- Mass rebuild 2014-01-24
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Jan 14 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.3-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
- This upstream release addresses: #1052142
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Jan 10 2014 Šimon Lukašík <slukasik@redhat.com> - 1.0.2-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
- This upstream release addresses: #1018291, #1029879, #1026833
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.0.1-2
|
|
|
160b6f |
- Mass rebuild 2013-12-27
|
|
|
160b6f |
|
|
|
160b6f |
* Thu Nov 28 2013 Šimon Lukašík <slukasik@redhat.com> - 1.0.1-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Nov 26 2013 Šimon Lukašík <slukasik@redhat.com> - 1.0.0-3
|
|
|
160b6f |
- expand LT_CURRENT_MINUS_AGE correctly
|
|
|
160b6f |
|
|
|
160b6f |
* Thu Nov 21 2013 Šimon Lukašík <slukasik@redhat.com> - 1.0.0-2
|
|
|
160b6f |
- dlopen libopenscap_sce.so.{current-age} explicitly
|
|
|
160b6f |
That allows for SCE to work without openscap-engine-sce-devel
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Nov 19 2013 Šimon Lukašík <slukasik@redhat.com> - 1.0.0-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
- package openscap-engine-sce-devel separately
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Nov 15 2013 Šimon Lukašík <slukasik@redhat.com> - 0.9.13-7
|
|
|
160b6f |
- do not obsolete openscap-conten just drop it (#1028706)
|
|
|
160b6f |
scap-security-guide will bring the Obsoletes tag
|
|
|
160b6f |
|
|
|
160b6f |
* Thu Nov 14 2013 Šimon Lukašík <slukasik@redhat.com> - 0.9.13-6
|
|
|
160b6f |
- only non-noarch packages should be requiring specific architecture
|
|
|
160b6f |
|
|
|
160b6f |
* Sat Nov 09 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-5
|
|
|
160b6f |
- specify architecture when requiring base package
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Nov 08 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-4
|
|
|
160b6f |
- specify dependency between engine and devel sub-package
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Nov 08 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-3
|
|
|
160b6f |
- correct openscap-utils dependencies
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Nov 08 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-2
|
|
|
160b6f |
- drop openscap-content package (use scap-security-guide instead)
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Nov 08 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.13-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Thu Sep 26 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.12-2
|
|
|
160b6f |
- Start building SQL probes for Fedora
|
|
|
160b6f |
|
|
|
160b6f |
* Wed Sep 11 2013 Šimon Lukašík <slukasik@redhat.com> 0.9.12-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Thu Jul 18 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.11-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Jul 15 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.10-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Jun 17 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.8-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Apr 26 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.7-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
- add openscap-selinux sub-package
|
|
|
160b6f |
|
|
|
160b6f |
* Wed Apr 24 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.6-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Wed Mar 20 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.5-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Mar 04 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.4.1-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Feb 26 2013 Petr Lautrbach <plautrba@redhat.com> 0.9.4-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.3-2
|
|
|
160b6f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Dec 17 2012 Petr Lautrbach <plautrba@redhat.com> 0.9.3-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Wed Nov 21 2012 Petr Lautrbach <plautrba@redhat.com> 0.9.2-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Oct 22 2012 Petr Lautrbach <plautrba@redhat.com> 0.9.1-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Sep 25 2012 Peter Vrabec <pvrabec@redhat.com> 0.9.0-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Aug 27 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.5-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Aug 07 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.4-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Jul 31 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.3-2
|
|
|
160b6f |
- fix Profile and @hidden issue
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Jul 30 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.3-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.2-3
|
|
|
160b6f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Jun 08 2012 Petr Pisar <ppisar@redhat.com> - 0.8.2-2
|
|
|
160b6f |
- Perl 5.16 rebuild
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Mar 30 2012 Petr Lautrbach <plautrba@redhat.com> 0.8.2-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Feb 21 2012 Peter Vrabec <pvrabec@redhat.com> 0.8.1-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 0.8.0-3
|
|
|
160b6f |
- Rebuild against PCRE 8.30
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.0-2
|
|
|
160b6f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Oct 11 2011 Peter Vrabec <pvrabec@redhat.com> 0.8.0-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Jul 25 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.4-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Thu Jul 21 2011 Petr Sabata <contyk@redhat.com> - 0.7.3-3
|
|
|
160b6f |
- Perl mass rebuild
|
|
|
160b6f |
|
|
|
160b6f |
* Wed Jul 20 2011 Petr Sabata <contyk@redhat.com> - 0.7.3-2
|
|
|
160b6f |
- Perl mass rebuild
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Jun 24 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.3-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Jun 17 2011 Marcela Mašláňová <mmaslano@redhat.com> - 0.7.2-3
|
|
|
160b6f |
- Perl mass rebuild
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Jun 10 2011 Marcela Mašláňová <mmaslano@redhat.com> - 0.7.2-2
|
|
|
160b6f |
- Perl 5.14 mass rebuild
|
|
|
160b6f |
|
|
|
160b6f |
* Wed Apr 20 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.2-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Mar 11 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.1-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Thu Feb 10 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.0-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.8-2
|
|
|
160b6f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Jan 31 2011 Peter Vrabec <pvrabec@redhat.com> 0.6.8-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Jan 14 2011 Peter Vrabec <pvrabec@redhat.com> 0.6.7-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Wed Oct 20 2010 Peter Vrabec <pvrabec@redhat.com> 0.6.4-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Sep 14 2010 Peter Vrabec <pvrabec@redhat.com> 0.6.3-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Aug 27 2010 Peter Vrabec <pvrabec@redhat.com> 0.6.2-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Wed Jul 14 2010 Peter Vrabec <pvrabec@redhat.com> 0.6.0-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Wed May 26 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.11-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Fri May 07 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.10-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Apr 16 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.9-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Feb 26 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.7-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
- new utils package
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Jan 04 2010 Peter Vrabec <pvrabec@redhat.com> 0.5.6-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Sep 29 2009 Peter Vrabec <pvrabec@redhat.com> 0.5.3-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Wed Aug 19 2009 Peter Vrabec <pvrabec@redhat.com> 0.5.2-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Aug 03 2009 Peter Vrabec <pvrabec@redhat.com> 0.5.1-2
|
|
|
160b6f |
- add rpm-devel requirement
|
|
|
160b6f |
|
|
|
160b6f |
* Mon Aug 03 2009 Peter Vrabec <pvrabec@redhat.com> 0.5.1-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Thu Apr 30 2009 Peter Vrabec <pvrabec@redhat.com> 0.3.3-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Thu Apr 23 2009 Peter Vrabec <pvrabec@redhat.com> 0.3.2-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Sun Mar 29 2009 Peter Vrabec <pvrabec@redhat.com> 0.1.4-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Fri Mar 27 2009 Peter Vrabec <pvrabec@redhat.com> 0.1.3-2
|
|
|
160b6f |
- spec file fixes (#491892)
|
|
|
160b6f |
|
|
|
160b6f |
* Tue Mar 24 2009 Peter Vrabec <pvrabec@redhat.com> 0.1.3-1
|
|
|
160b6f |
- upgrade
|
|
|
160b6f |
|
|
|
160b6f |
* Thu Jan 15 2009 Tomas Heinrich <theinric@redhat.com> 0.1.1-1
|
|
|
160b6f |
- Initial rpm
|
|
|
160b6f |
|