From 2f7d90a45969491a08d1c0c2ed14677b14c7cae6 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 23 2020 22:50:38 +0000 Subject: import openscap-1.3.2-6.el8 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fc9c1e0 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/openscap-1.3.2.tar.gz diff --git a/.openscap.metadata b/.openscap.metadata new file mode 100644 index 0000000..2413801 --- /dev/null +++ b/.openscap.metadata @@ -0,0 +1 @@ +5fe71454faff8cdcbd0e13e7c7343daf04069ca9 SOURCES/openscap-1.3.2.tar.gz diff --git a/SOURCES/01-add-test-fix-type-anaconda.patch b/SOURCES/01-add-test-fix-type-anaconda.patch new file mode 100644 index 0000000..a1c2b73 --- /dev/null +++ b/SOURCES/01-add-test-fix-type-anaconda.patch @@ -0,0 +1,36 @@ +From 712000a675103393045fde191856ce1dd306f1ca Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= +Date: Mon, 13 Jan 2020 17:28:09 +0100 +Subject: [PATCH] Add a test to check --fix-type Anaconda + +There should be 2 equal ways of generating Anaconda remediations: +"oscap xccdf generate fix --fix-type anaconda" and +"oscap xccdf generate fix --template urn:redhat:anaconda:pre" +Both commands should give the same output. +This tests a fix for https://bugzilla.redhat.com/show_bug.cgi?id=1736850 +introduced by b1448ec95a957a76eb8be6d439531c532d97ff3c +--- + .../API/XCCDF/unittests/test_report_anaconda_fixes.sh | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/tests/API/XCCDF/unittests/test_report_anaconda_fixes.sh b/tests/API/XCCDF/unittests/test_report_anaconda_fixes.sh +index d4e86e657..650f3d75b 100755 +--- a/tests/API/XCCDF/unittests/test_report_anaconda_fixes.sh ++++ b/tests/API/XCCDF/unittests/test_report_anaconda_fixes.sh +@@ -23,6 +23,16 @@ grep -v "$line1" $result | grep -v "$line2" | grep -v "$line3" + [ "`grep -v "$line1" $result | grep -v "$line2" | sed 's/\W//g'`"x == x ] + :> $result + ++# use --fix-type instead of URN template to generate the same fix ++$OSCAP xccdf generate fix --fix-type anaconda \ ++ --output $result $srcdir/${name}.xccdf.xml 2>&1 > $stderr ++[ -f $stderr ]; [ ! -s $stderr ]; :> $stderr ++grep "$line1" $result ++grep "$line2" $result ++grep -v "$line1" $result | grep -v "$line2" | grep -v "$line3" ++[ "`grep -v "$line1" $result | grep -v "$line2" | sed 's/\W//g'`"x == x ] ++:> $result ++ + $OSCAP xccdf generate fix --template urn:redhat:anaconda:pre \ + --profile xccdf_moc.elpmaxe.www_profile_1 \ + --output $result $srcdir/${name}.xccdf.xml 2>&1 > $stderr diff --git a/SOURCES/02-do-not-use-keyword-operator-as-a-function-parameter.patch b/SOURCES/02-do-not-use-keyword-operator-as-a-function-parameter.patch new file mode 100644 index 0000000..e6dbdca --- /dev/null +++ b/SOURCES/02-do-not-use-keyword-operator-as-a-function-parameter.patch @@ -0,0 +1,38 @@ +From 0ba7c9423f64a88ceef50318f1a382059484f737 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= +Date: Wed, 15 Jan 2020 13:54:45 +0100 +Subject: [PATCH] Do not use C++ keyword operator as a function parameter name +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes SCAP Workbench build. + +Addressing: +[ 37%] Building CXX object CMakeFiles/scap-workbench.dir/scap-workbench_autogen/mocs_compilation.cpp.o +In file included from /usr/local/include/openscap/xccdf_policy.h:39, + from /home/jcerny/work/git/scap-workbench/include/TailoringDockWidgets.h:31, + from /home/jcerny/work/git/scap-workbench/build/scap-workbench_autogen/6YEA5652QU/moc_TailoringDockWidgets.cpp:10, + from /home/jcerny/work/git/scap-workbench/build/scap-workbench_autogen/mocs_compilation.cpp:18: +/usr/local/include/openscap/oval_definitions.h:1676:117: error: declaration of ‘operator,’ as parameter + 1676 | restriction *oval_variable_possible_restriction_new(oval_operator_t operator, const char *hint); + | ^ + +Fixes: #1462 +--- + src/OVAL/public/oval_definitions.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/OVAL/public/oval_definitions.h b/src/OVAL/public/oval_definitions.h +index ea9d3aaf8..b5fe77154 100644 +--- a/src/OVAL/public/oval_definitions.h ++++ b/src/OVAL/public/oval_definitions.h +@@ -1669,7 +1669,7 @@ OSCAP_API void oval_variable_possible_value_iterator_free(struct oval_variable_p + * @param hint A short description of what the value means or represents. + * @memberof oval_variable_possible_restriction + */ +-OSCAP_API struct oval_variable_possible_restriction *oval_variable_possible_restriction_new(oval_operator_t operator, const char *hint); ++OSCAP_API struct oval_variable_possible_restriction *oval_variable_possible_restriction_new(oval_operator_t, const char *); + + + /** diff --git a/SOURCES/03-fix-cmake-test-for-libcap-xattr-h.patch b/SOURCES/03-fix-cmake-test-for-libcap-xattr-h.patch new file mode 100644 index 0000000..6ea2560 --- /dev/null +++ b/SOURCES/03-fix-cmake-test-for-libcap-xattr-h.patch @@ -0,0 +1,48 @@ +From 3fbf36004eec55b9a88916559029332d7f356bae Mon Sep 17 00:00:00 2001 +From: Gabe +Date: Wed, 15 Jan 2020 15:02:32 -0700 +Subject: [PATCH] Fix case where CMake couldn't find libacl or xattr.h + +--- + CMakeLists.txt | 2 +- + cmake/FindACL.cmake | 6 +++--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 720d8d8eb..fe20992a5 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -238,7 +238,7 @@ cmake_dependent_option(OPENSCAP_PROBE_INDEPENDENT_XMLFILECONTENT "Independent xm + # UNIX PROBES + cmake_dependent_option(OPENSCAP_PROBE_UNIX_DNSCACHE "Unix dnscache probe" ON "ENABLE_PROBES_UNIX" OFF) + cmake_dependent_option(OPENSCAP_PROBE_UNIX_FILE "Unix file probe" ON "ENABLE_PROBES_UNIX" OFF) +-cmake_dependent_option(OPENSCAP_PROBE_UNIX_FILEEXTENDEDATTRIBUTE "Unix fileextendedattribute probe" ON "ENABLE_PROBES_UNIX; (HAVE_SYS_XATTR_H OR HAVE_ATTR_XATTR_H)" OFF) ++cmake_dependent_option(OPENSCAP_PROBE_UNIX_FILEEXTENDEDATTRIBUTE "Unix fileextendedattribute probe" ON "ENABLE_PROBES_UNIX; HAVE_SYS_XATTR_H OR HAVE_ATTR_XATTR_H" OFF) + cmake_dependent_option(OPENSCAP_PROBE_UNIX_GCONF "Unix gconf probe" ON "ENABLE_PROBES_UNIX; GCONF_FOUND" OFF) + cmake_dependent_option(OPENSCAP_PROBE_UNIX_INTERFACE "Unix interface probe" ON "ENABLE_PROBES_UNIX" OFF) + cmake_dependent_option(OPENSCAP_PROBE_UNIX_PASSWORD "Unix password probe" ON "ENABLE_PROBES_UNIX" OFF) +diff --git a/cmake/FindACL.cmake b/cmake/FindACL.cmake +index 1753b0dd3..2d4a3027c 100644 +--- a/cmake/FindACL.cmake ++++ b/cmake/FindACL.cmake +@@ -8,17 +8,17 @@ + include(LibFindMacros) + + # Use pkg-config to get hints about paths +-libfind_pkg_check_modules(ACL_PKGCONF acl) ++libfind_pkg_check_modules(ACL_PKGCONF libacl) + + # Include dir + find_path(ACL_INCLUDE_DIR +- NAMES acl/libacl.h ++ NAMES "acl/libacl.h sys/libacl.h" + PATHS ${ACL_PKGCONF_INCLUDE_DIRS} + ) + + # Finally the library itself + find_library(ACL_LIBRARY +- NAMES acl ++ NAMES libacl + PATHS ${ACL_PKGCONF_LIBRARY_DIRS} + ) + diff --git a/SOURCES/04-oscap-podman-detect-ambiguous-targets.patch b/SOURCES/04-oscap-podman-detect-ambiguous-targets.patch new file mode 100644 index 0000000..ed3b9ff --- /dev/null +++ b/SOURCES/04-oscap-podman-detect-ambiguous-targets.patch @@ -0,0 +1,56 @@ +From 532a6c77f388d2e06ec12338df9ea97d955f5edc Mon Sep 17 00:00:00 2001 +From: Matus Marhefka +Date: Thu, 16 Jan 2020 15:39:37 +0100 +Subject: [PATCH] utils/oscap-podman: Detect ambiguous scan target + +In case that a container image and a running container have the same +name, `oscap-podman` scans container image and a running container is +skipped. This might be unexpected and might cause a confusion for user. +Therefore, this commit adds a code which detects such situation and +rather informs user about ambiguous scan target and terminates. +In such cases the unique container image/container ID should be used +for specifying the target of the scan. +--- + utils/oscap-podman | 23 ++++++++++++++++++----- + 1 file changed, 18 insertions(+), 5 deletions(-) + +diff --git a/utils/oscap-podman b/utils/oscap-podman +index 272afd988..32ec0cfcb 100755 +--- a/utils/oscap-podman ++++ b/utils/oscap-podman +@@ -65,17 +65,30 @@ if grep -q "\-\-remediate" <<< "$@"; then + die + fi + ++IMAGE_NAME=$(podman image exists "$1" \ ++ && podman image inspect --format "{{.Id}} {{.RepoTags}}" "$1") ++CONTAINER_NAME=$(podman container exists "$1" \ ++ && podman container inspect --format "{{.Id}} {{.Name}}" "$1") ++ ++if [ -n "$IMAGE_NAME" ] && [ -n "$CONTAINER_NAME" ]; then ++ echo "Ambiguous target, container image and container with the same name detected: '$1'." >&2 ++ echo "Please rather use an unique ID to specify the target of the scan." >&2 ++ die ++fi ++ + # Check if the target of scan is image or container. + CLEANUP=0 +-if podman images | grep -q $1; then ++if [ -n "$IMAGE_NAME" ]; then + ID=$(podman create $1) || die +- IMG_NAME=$(podman images --format "{{.ID}} ({{.Repository}}:{{.Tag}})" | grep -m1 $1) +- TARGET="podman-image://$IMG_NAME" ++ TARGET="podman-image://$IMAGE_NAME" + CLEANUP=1 +-else ++elif [ -n "$CONTAINER_NAME" ]; then + # If the target was not found in images we suppose it is a container. + ID=$1 +- TARGET="podman-container://$1" ++ TARGET="podman-container://$CONTAINER_NAME" ++else ++ echo "Target of the scan not found: '$1'." >&2 ++ die + fi + + # podman init creates required files such as: /run/.containerenv - we don't care about output and exit code diff --git a/SOURCES/openscap-1.3.2-covscan_ux_fix.patch b/SOURCES/openscap-1.3.2-covscan_ux_fix.patch new file mode 100644 index 0000000..637aaf6 --- /dev/null +++ b/SOURCES/openscap-1.3.2-covscan_ux_fix.patch @@ -0,0 +1,389 @@ +From 47a2662bccb8e6f2f192acf46c26d862fe3bbcfb Mon Sep 17 00:00:00 2001 +From: Evgeny Kolesnikov +Date: Fri, 17 Jan 2020 10:24:07 +0100 +Subject: [PATCH 1/2] Covscan fixes + +Error: FORWARD_NULL (CWE-476): [#def17] +xccdf_policy_remediate.c:383: var_compare_op: Comparing "rr" to null implies that "rr" might be null. +xccdf_policy_remediate.c:384: var_deref_model: Passing null pointer "rr" to "_rule_add_info_message", which dereferences it. + +Error: FORWARD_NULL (CWE-476): [#def18] +test_fsdev_is_local_fs.c:35: assign_zero: Assigning: "ment.mnt_fsname" = "NULL". +test_fsdev_is_local_fs.c:37: var_deref_model: Passing "&ment" to "is_local_fs", which dereferences null "ment.mnt_fsname". +--- + src/OVAL/probes/fsdev.c | 4 ++++ + src/XCCDF_POLICY/xccdf_policy_remediate.c | 12 ++++++++++-- + 2 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/src/OVAL/probes/fsdev.c b/src/OVAL/probes/fsdev.c +index bd8e52fbf..a6b36f5e0 100644 +--- a/src/OVAL/probes/fsdev.c ++++ b/src/OVAL/probes/fsdev.c +@@ -97,6 +97,10 @@ static int is_local_fs(struct mntent *ment) + return 0; + } + ++ if (ment->mnt_fsname == NULL) { ++ return 0; ++ } ++ + s = ment->mnt_fsname; + /* If the fsname begins with "//", it is probably CIFS. */ + if (s[0] == '/' && s[1] == '/') +diff --git a/src/XCCDF_POLICY/xccdf_policy_remediate.c b/src/XCCDF_POLICY/xccdf_policy_remediate.c +index 389a7d1bd..f59737727 100644 +--- a/src/XCCDF_POLICY/xccdf_policy_remediate.c ++++ b/src/XCCDF_POLICY/xccdf_policy_remediate.c +@@ -380,7 +380,11 @@ static inline int _xccdf_fix_decode_xml(struct xccdf_fix *fix, char **result) + #if defined(unix) || defined(__unix__) || defined(__unix) + static inline int _xccdf_fix_execute(struct xccdf_rule_result *rr, struct xccdf_fix *fix) + { +- if (fix == NULL || rr == NULL || oscap_streq(xccdf_fix_get_content(fix), NULL)) { ++ if (rr == NULL) { ++ return 1; ++ } ++ ++ if (fix == NULL || oscap_streq(xccdf_fix_get_content(fix), NULL)) { + _rule_add_info_message(rr, "No fix available."); + return 1; + } +@@ -481,7 +485,11 @@ static inline int _xccdf_fix_execute(struct xccdf_rule_result *rr, struct xccdf_ + #else + static inline int _xccdf_fix_execute(struct xccdf_rule_result *rr, struct xccdf_fix *fix) + { +- if (fix == NULL || rr == NULL || oscap_streq(xccdf_fix_get_content(fix), NULL)) { ++ if (rr == NULL) { ++ return 1; ++ } ++ ++ if (fix == NULL || oscap_streq(xccdf_fix_get_content(fix), NULL)) { + _rule_add_info_message(rr, "No fix available."); + return 1; + } else { + +From 7bccc09eabd30e0581cf0fdf4f20fa481db12e91 Mon Sep 17 00:00:00 2001 +From: Evgeny Kolesnikov +Date: Fri, 17 Jan 2020 11:04:13 +0100 +Subject: [PATCH 2/2] Covscan fixes (SHELLCHECK), small refactoring in Shell + wrappers + +Error: SHELLCHECK_WARNING: +warning: die references arguments, but none are ever passed. [SC2120] + +Error: SHELLCHECK_WARNING: +warning: Use 'cd ... || exit' or 'cd ... || return' in case cd fails. [SC2164] + +Error: SHELLCHECK_WARNING: +warning: Declare and assign separately to avoid masking return values. [SC2155] +--- + utils/oscap-chroot | 20 ++++++++++++-------- + utils/oscap-podman | 42 +++++++++++++++++++++--------------------- + utils/oscap-ssh | 39 ++++++++++++++++++++++----------------- + utils/oscap-vm | 19 +++++++++++-------- + 4 files changed, 66 insertions(+), 54 deletions(-) + +diff --git a/utils/oscap-chroot b/utils/oscap-chroot +index 6518d7a2c..318f55a91 100755 +--- a/utils/oscap-chroot ++++ b/utils/oscap-chroot +@@ -25,6 +25,13 @@ function die() + exit 1 + } + ++function invalid() ++{ ++ echo -e "$*\n" >&2 ++ usage ++ exit 1 ++} ++ + function usage() + { + echo "oscap-chroot -- Tool for offline SCAP evaluation of filesystems mounted in arbitrary paths." +@@ -74,26 +81,23 @@ function usage() + } + + if [ $# -lt 1 ]; then +- echo "No arguments provided." +- usage +- die ++ invalid "No arguments provided." + elif [ "$1" == "-h" ] || [ "$1" == "--help" ]; then + usage +- die ++ exit 0 + elif [ "$#" -gt 1 ]; then + true + else +- echo "Invalid arguments provided." +- usage +- die ++ invalid "Invalid arguments provided." + fi + + # Learn more at https://www.redhat.com/archives/open-scap-list/2013-July/msg00000.html + export OSCAP_PROBE_ROOT +-OSCAP_PROBE_ROOT="$(cd "$1"; pwd)" ++OSCAP_PROBE_ROOT="$(cd "$1" && pwd)" || die "Invalid CHROOT_PATH argument." + export OSCAP_EVALUATION_TARGET="chroot://$OSCAP_PROBE_ROOT" + shift 1 + + oscap "$@" + EXIT_CODE=$? ++ + exit $EXIT_CODE +diff --git a/utils/oscap-podman b/utils/oscap-podman +index 32ec0cfcb..6b9f4a3de 100755 +--- a/utils/oscap-podman ++++ b/utils/oscap-podman +@@ -16,13 +16,19 @@ + # License along with this library; if not, write to the Free Software + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +- + function die() + { + echo "$*" >&2 + exit 1 + } + ++function invalid() ++{ ++ echo -e "$*\n" >&2 ++ usage ++ exit 1 ++} ++ + function usage() + { + echo "oscap-podman -- Tool for SCAP evaluation of Podman images and containers." +@@ -39,30 +45,24 @@ function usage() + OSCAP_BINARY=oscap + + if [ $# -lt 1 ]; then +- echo "No arguments provided." +- usage +- die ++ invalid "No arguments provided." + elif [ "$1" == "-h" ] || [ "$1" == "--help" ]; then + usage +- die ++ exit 0 + elif [[ "$1" == --oscap=* ]] && [ $# -gt 2 ]; then + OSCAP_BINARY=${1#"--oscap="} + shift + elif [ "$#" -gt 1 ]; then + true + else +- echo "Invalid arguments provided." +- usage +- die ++ invalid "Invalid arguments provided." + fi + + if [ $(id -u) -ne 0 ]; then +- echo "This script cannot run in rootless mode." >&2 +- die ++ die "This script cannot run in rootless mode." + fi + if grep -q "\-\-remediate" <<< "$@"; then +- echo "This script does not support '--remediate' option." >&2 +- die ++ die "This script does not support '--remediate' option." + fi + + IMAGE_NAME=$(podman image exists "$1" \ +@@ -72,14 +72,13 @@ CONTAINER_NAME=$(podman container exists "$1" \ + + if [ -n "$IMAGE_NAME" ] && [ -n "$CONTAINER_NAME" ]; then + echo "Ambiguous target, container image and container with the same name detected: '$1'." >&2 +- echo "Please rather use an unique ID to specify the target of the scan." >&2 +- die ++ die "Please rather use an unique ID to specify the target of the scan." + fi + + # Check if the target of scan is image or container. + CLEANUP=0 + if [ -n "$IMAGE_NAME" ]; then +- ID=$(podman create $1) || die ++ ID=$(podman create $1) || die "Unable to create a container." + TARGET="podman-image://$IMAGE_NAME" + CLEANUP=1 + elif [ -n "$CONTAINER_NAME" ]; then +@@ -87,14 +86,13 @@ elif [ -n "$CONTAINER_NAME" ]; then + ID=$1 + TARGET="podman-container://$CONTAINER_NAME" + else +- echo "Target of the scan not found: '$1'." >&2 +- die ++ die "Target of the scan not found: '$1'." + fi + + # podman init creates required files such as: /run/.containerenv - we don't care about output and exit code + podman init $ID &> /dev/null || true + +-DIR=$(podman mount $ID) || die ++DIR=$(podman mount $ID) || die "Failed to mount." + + if [ ! -f "$DIR/run/.containerenv" ]; then + # ubi8-init image does not create .containerenv when running podman init, but we need to make sure that the file is there +@@ -105,14 +103,16 @@ for VAR in `podman inspect $ID --format '{{join .Config.Env " "}}'`; do + eval "export OSCAP_OFFLINE_$VAR" + done + +-export OSCAP_PROBE_ROOT="$(cd "$DIR"; pwd)" ++export OSCAP_PROBE_ROOT ++OSCAP_PROBE_ROOT="$(cd "$DIR" && pwd)" || die "Unable to change current directory to OSCAP_PROBE_ROOT (DIR)." + export OSCAP_EVALUATION_TARGET="$TARGET" + shift 1 + + $OSCAP_BINARY "$@" + EXIT_CODE=$? +-podman umount $ID > /dev/null || die ++ ++podman umount $ID > /dev/null || die "Failed to unmount." + if [ $CLEANUP -eq 1 ]; then +- podman rm $ID > /dev/null || die ++ podman rm $ID > /dev/null || die "Failed to clean up." + fi + exit $EXIT_CODE +diff --git a/utils/oscap-ssh b/utils/oscap-ssh +index 08c8bcd2b..cd3600180 100755 +--- a/utils/oscap-ssh ++++ b/utils/oscap-ssh +@@ -22,9 +22,12 @@ function die() + exit 1 + } + +-hash ssh 2> /dev/null || die "Cannot find ssh, please install the OpenSSH client." +-hash scp 2> /dev/null || die "Cannot find scp, please install the OpenSSH client." +-hash mktemp 2> /dev/null || die "Cannot find mktemp, please install coreutils." ++function invalid() ++{ ++ echo -e "$*\n" >&2 ++ usage ++ exit 1 ++} + + function usage() + { +@@ -87,10 +90,6 @@ function usage() + echo "See \`man oscap\` to learn more about semantics of these options." + } + +-OSCAP_SUDO="" +-# SSH_ADDITIONAL_OPTIONS may be defined in the calling shell +-SSH_TTY_ALLOCATION_OPTION="" +- + # $1, $2, ... SSH options (pass them as separate arguments) + function ssh_execute_with_options { + ssh -o ControlPath="$MASTER_SOCKET" $SSH_ADDITIONAL_OPTIONS "$@" -p "$SSH_PORT" "$SSH_HOST" +@@ -118,22 +117,20 @@ function scp_retreive_from_temp_dir { + # Returns: String, where individual command components are double-quoted, so they are not interpreted by the shell. + # For example, an array ('-p' '(all)') will be transformed to "\"-p\" \"(all)\"", so after the shell expansion, it will end up as "-p" "(all)". + function command_array_to_string { +- eval "printf '\"%s\" ' \"\${$1[@]}\"" ++ eval "printf '\"%s\" ' \"\${$1[@]}\"" + } + + function first_argument_is_sudo { +- [ "$1" == "sudo" ] || [ "$1" == "--sudo" ] +- return $? ++ [ "$1" == "sudo" ] || [ "$1" == "--sudo" ] ++ return $? + } + + function sanity_check_arguments { + if [ $# -lt 1 ]; then +- echo "No arguments provided." +- usage +- die ++ invalid "No arguments provided." + elif [ "$1" == "-h" ] || [ "$1" == "--help" ]; then + usage +- die ++ exit 0 + elif first_argument_is_sudo "$@"; then + OSCAP_SUDO="sudo" + # force pseudo-tty allocation so that users can type their password if necessary +@@ -141,9 +138,7 @@ function sanity_check_arguments { + shift + fi + if [ $# -lt 2 ]; then +- echo "Missing ssh host and ssh port." +- usage +- die ++ invalid "Missing ssh host and ssh port." + fi + } + +@@ -165,6 +160,16 @@ function check_oscap_arguments { + fi + } + ++ ++hash ssh 2> /dev/null || die "Cannot find ssh, please install the OpenSSH client." ++hash scp 2> /dev/null || die "Cannot find scp, please install the OpenSSH client." ++hash mktemp 2> /dev/null || die "Cannot find mktemp, please install coreutils." ++ ++ ++OSCAP_SUDO="" ++# SSH_ADDITIONAL_OPTIONS may be defined in the calling shell ++SSH_TTY_ALLOCATION_OPTION="" ++ + sanity_check_arguments "$@" + first_argument_is_sudo "$@" && shift + +diff --git a/utils/oscap-vm b/utils/oscap-vm +index 02f8c6396..6557eb3a7 100755 +--- a/utils/oscap-vm ++++ b/utils/oscap-vm +@@ -22,6 +22,13 @@ function die() + exit 1 + } + ++function invalid() ++{ ++ echo -e "$*\n" >&2 ++ usage ++ exit 1 ++} ++ + function usage() + { + echo "oscap-vm -- Tool for offline SCAP evaluation of virtual machines." +@@ -76,12 +83,10 @@ function usage() + OSCAP_BINARY=oscap + + if [ $# -lt 1 ]; then +- echo "No arguments provided." +- usage +- die ++ invalid "No arguments provided." + elif [ "$1" == "-h" ] || [ "$1" == "--help" ]; then + usage +- die ++ exit 0 + elif [[ "$1" == --oscap=* ]] && [ $# -gt 3 ]; then + OSCAP_BINARY=${1#"--oscap="} + shift +@@ -90,9 +95,7 @@ elif [ "$1" == "image" ] && [ $# -gt 2 ]; then + elif [ "$1" == "domain" ] && [ $# -gt 2 ]; then + true + else +- echo "Invalid arguments provided." +- usage +- die ++ invalid "Invalid arguments provided." + fi + + hash guestmount 2> /dev/null || die "Cannot find guestmount, please install libguestfs utilities." +@@ -128,7 +131,7 @@ fi + + # Learn more at https://www.redhat.com/archives/open-scap-list/2013-July/msg00000.html + export OSCAP_PROBE_ROOT +-OSCAP_PROBE_ROOT="$(cd "$MOUNTPOINT"; pwd)" ++OSCAP_PROBE_ROOT="$(cd "$MOUNTPOINT" && pwd)" || die "Unable to change current directory to OSCAP_PROBE_ROOT (MOUNTPOINT)." + export OSCAP_EVALUATION_TARGET="oscap-vm $1 $2" + shift 2 + diff --git a/SOURCES/openscap-1.3.3-fix-cmake-findacl.patch b/SOURCES/openscap-1.3.3-fix-cmake-findacl.patch new file mode 100644 index 0000000..e5c00b3 --- /dev/null +++ b/SOURCES/openscap-1.3.3-fix-cmake-findacl.patch @@ -0,0 +1,45 @@ +From 4982aa3da7ae00cd3656db7f47ac3706e85ab7d4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= +Date: Thu, 23 Jan 2020 16:24:37 +0100 +Subject: [PATCH] Fix FindACL.cmake + +find_path parameter `NAMES` values should be separated. According to +https://cmake.org/cmake/help/latest/command/find_path.html it should be: +`NAMES name1 [name2 ...]` + +find_library parameter `NAMES` either should not contain `lib` or should +contain both `lib` and `.so.` The documentation at +https://cmake.org/cmake/help/latest/command/find_library.html says: Each +library name given to the `NAMES` option is first considered as a +library file name and then considered with platform-specific prefixes +(e.g. `lib`) and suffixes (e.g. `.so`). + +This bug caused that even if cmake reported that libacl was found, the +library wasn't linked to the built `libopenscap.so`. Also, +`HAVE_ACL_EXTENDED_FILE`, `HAVE_ACL_LIBACL_H` and `HAVE_SYS_ACL_H` were +undefined in `config.h`, which caused some guarded pieces of code to not +compile, which means features missing. +--- + cmake/FindACL.cmake | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/cmake/FindACL.cmake b/cmake/FindACL.cmake +index 2d4a3027c..a41f2c13a 100644 +--- a/cmake/FindACL.cmake ++++ b/cmake/FindACL.cmake +@@ -12,13 +12,13 @@ libfind_pkg_check_modules(ACL_PKGCONF libacl) + + # Include dir + find_path(ACL_INCLUDE_DIR +- NAMES "acl/libacl.h sys/libacl.h" ++ NAMES "acl/libacl.h" "sys/libacl.h" + PATHS ${ACL_PKGCONF_INCLUDE_DIRS} + ) + + # Finally the library itself + find_library(ACL_LIBRARY +- NAMES libacl ++ NAMES acl + PATHS ${ACL_PKGCONF_LIBRARY_DIRS} + ) + diff --git a/SPECS/openscap.spec b/SPECS/openscap.spec new file mode 100644 index 0000000..c1e87db --- /dev/null +++ b/SPECS/openscap.spec @@ -0,0 +1,705 @@ +Name: openscap +Version: 1.3.2 +Release: 6%{?dist} +Summary: Set of open source libraries enabling integration of the SCAP line of standards +Group: System Environment/Libraries +License: LGPLv2+ +URL: http://www.open-scap.org/ +Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz +# PATCHES FOR 1.3.2 +Patch1: 01-add-test-fix-type-anaconda.patch +Patch2: 02-do-not-use-keyword-operator-as-a-function-parameter.patch +Patch3: 03-fix-cmake-test-for-libcap-xattr-h.patch +Patch4: 04-oscap-podman-detect-ambiguous-targets.patch +Patch5: openscap-1.3.2-covscan_ux_fix.patch +Patch6: openscap-1.3.3-fix-cmake-findacl.patch +# END PATCHES FOR 1.3.2 +BuildRequires: cmake >= 2.6 +BuildRequires: swig libxml2-devel libxslt-devel perl-generators perl-XML-Parser +BuildRequires: rpm-devel +BuildRequires: libgcrypt-devel +BuildRequires: pcre-devel +BuildRequires: libacl-devel +BuildRequires: libselinux-devel +BuildRequires: libcap-devel +BuildRequires: libblkid-devel +BuildRequires: bzip2-devel +BuildRequires: asciidoc +BuildRequires: openldap-devel +BuildRequires: GConf2-devel +BuildRequires: glib2-devel +BuildRequires: dbus-devel +%if %{?_with_check:1}%{!?_with_check:0} +BuildRequires: perl-XML-XPath +BuildRequires: bzip2 +%endif +Requires: bash +Requires: bzip2-libs +Requires: dbus +Requires: GConf2 +Requires: glib2 +Requires: libacl +Requires: libblkid +Requires: libcap +Requires: libselinux +Requires: openldap +Requires: popt +# RHEL8 has procps-ng, which provides procps +Requires: procps +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig +Obsoletes: python2-openscap +Obsoletes: openscap-content-sectool +Obsoletes: openscap-extra-probes +Obsoletes: openscap-extra-probes-sql + +%description +OpenSCAP is a set of open source libraries providing an easier path +for integration of the SCAP line of standards. SCAP is a line of standards +managed by NIST with the goal of providing a standard language +for the expression of Computer Network Defense related information. + +%package devel +Summary: Development files for %{name} +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: libxml2-devel +Requires: pkgconfig +BuildRequires: doxygen + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + +%package python3 +Summary: Python 3 bindings for %{name} +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +BuildRequires: python3-devel + +%description python3 +The %{name}-python3 package contains the bindings so that %{name} +libraries can be used by python3. + +%package scanner +Summary: OpenSCAP Scanner Tool (oscap) +Group: Applications/System +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: libcurl >= 7.12.0 +BuildRequires: libcurl-devel >= 7.12.0 +Obsoletes: openscap-selinux +Obsoletes: openscap-selinux-compat + +%description scanner +The %{name}-scanner package contains oscap command-line tool. The oscap +is configuration and vulnerability scanner, capable of performing +compliance checking using SCAP content. + +%package utils +Summary: OpenSCAP Utilities +Group: Applications/System +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: rpmdevtools rpm-build +Requires: %{name}-scanner%{?_isa} = %{version}-%{release} +Requires: bash + +%description utils +The %{name}-utils package contains command-line tools build on top +of OpenSCAP library. Historically, openscap-utils included oscap +tool which is now separated to %{name}-scanner sub-package. + +%package engine-sce +Summary: Script Check Engine plug-in for OpenSCAP +Group: Applications/System +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description engine-sce +The Script Check Engine is non-standard extension to SCAP protocol. This +engine allows content authors to avoid OVAL language and write their assessment +commands using a scripting language (Bash, Perl, Python, Ruby, ...). + +%package engine-sce-devel +Summary: Development files for %{name}-engine-sce +Group: Development/Libraries +Requires: %{name}-devel%{?_isa} = %{version}-%{release} +Requires: %{name}-engine-sce%{?_isa} = %{version}-%{release} +Requires: pkgconfig + +%description engine-sce-devel +The %{name}-engine-sce-devel package contains libraries and header files +for developing applications that use %{name}-engine-sce. + +%prep +%setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +mkdir build + +%build +cd build +%cmake -DENABLE_PERL=OFF \ + -DENABLE_DOCS=ON \ + -DENABLE_OSCAP_UTIL_DOCKER=OFF \ + -DENABLE_OSCAP_UTIL_CHROOT=ON \ + -DENABLE_OSCAP_UTIL_PODMAN=ON \ + -DENABLE_OSCAP_UTIL_VM=ON \ + .. +make %{?_smp_mflags} +make docs + +%check +%if %{?_with_check:1}%{!?_with_check:0} +ctest -V %{?_smp_mflags} +%endif + +%install +cd build +%make_install + +find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' + +# fix python shebangs +pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm + +%clean +rm -rf $RPM_BUILD_ROOT + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%doc AUTHORS NEWS README.md +%license COPYING +%doc %{_pkgdocdir}/manual/ +%dir %{_datadir}/openscap +%dir %{_datadir}/openscap/schemas +%dir %{_datadir}/openscap/xsl +%dir %{_datadir}/openscap/cpe +%{_libdir}/libopenscap.so.* +%{_datadir}/openscap/schemas/* +%{_datadir}/openscap/xsl/* +%{_datadir}/openscap/cpe/* + +%files python3 +%{python3_sitearch}/* + +%files devel +%doc %{_pkgdocdir}/html/ +%{_libdir}/libopenscap.so +%{_libdir}/pkgconfig/*.pc +%{_includedir}/openscap +%exclude %{_includedir}/openscap/sce_engine_api.h + +%files engine-sce-devel +%{_libdir}/libopenscap_sce.so +%{_includedir}/openscap/sce_engine_api.h + +%files scanner +%{_mandir}/man8/oscap.8.gz +%{_bindir}/oscap +%{_mandir}/man8/oscap-chroot.8.gz +%{_bindir}/oscap-chroot +%{_sysconfdir}/bash_completion.d + +%files utils +%doc docs/oscap-scan.cron +%{_mandir}/man8/oscap-ssh.8.gz +%{_bindir}/oscap-ssh +%{_mandir}/man8/oscap-podman.8.gz +%{_bindir}/oscap-podman +%{_mandir}/man8/oscap-vm.8.gz +%{_bindir}/oscap-vm +%{_mandir}/man8/scap-as-rpm.8.gz +%{_bindir}/scap-as-rpm + +%files engine-sce +%{_libdir}/libopenscap_sce.so.* +%{_bindir}/oscap-run-sce-script + +%changelog +* Thu Jan 23 2020 Jan Černý - 1.3.2-6 +- Fix FindACL.cmake + +* Tue Jan 21 2020 Matěj Týč - 1.3.2-5 +- Added more exhaustive package dependencies. +- Added the covscan/UX patch. + +* Mon Jan 20 2020 Evgeny Kolesnikov - 1.3.2-4 +- Added patch: utils/oscap-podman: Detect ambiguous scan target + +* Mon Jan 20 2020 Evgeny Kolesnikov - 1.3.2-3 +- Refined requirements + +* Sun Jan 19 2020 Evgeny Kolesnikov - 1.3.2-2 +- Added patch: Fix case where CMake couldn't find libacl or xattr.h + +* Wed Jan 15 2020 Evgeny Kolesnikov - 1.3.2-1 +- Upgrade to the latest upstream release (rhbz#1778296) +- Offline mode support for environmentvariable58 probe (rhbz#1493614) +- The oscap-docker wrapper is available without Atomic +- Improved support of multi-check rules (report, remediations, console output) (rhbz#1771438) +- Improved HTML report look and feel, including printed version (rhbz#1640839) +- Less clutter in verbose mode output; some warnings and errors demoted to verbose mode levels +- Probe rpmverifyfile uses and returns canonical paths (rhbz#1776308) +- Improved a11y of HTML reports and guides (rhbz#1767382) +- Fixes and improvements for SWIG Python bindings (rhbz#1753603) +- #1403 fixed: Scanner would not apply remediation for multicheck rules (verbosity) +- Fixed URL link mechanism for Red Hat Errata +- New STIG Viewer URI: public.cyber.mil +- Probe selinuxsecuritycontext would not check if SELinux is enabled +- Scanner would provide information about unsupported OVAL objects +- Added more tests for offline mode (probes, remediation) (rhbz#1618489) +- #528 fixed: Eval SCE script when /tmp is in mode noexec +- #1173, RHBZ#1603347 fixed: Double chdir/chroot in probe rpmverifypackage (rhbz#1636431) + +* Wed Dec 18 2019 Vojtech Polasek - 1.3.1-3 +- put back openscap-chroot, openscap-podman and openscap-vm files + +* Fri Nov 01 2019 Vojtech Polasek - 1.3.1-2 +- Fixed XSLT template making rule details in reports accessible for screenreader users (#1767382) + +* Fri Jun 14 2019 Evgeny Kolesnikov - 1.3.1-1 +- Bumped the package release number + +* Thu Jun 13 2019 Evgeny Kolesnikov - 1.3.1-0 +- Upgrade to the latest upstream release (rhbz#1718826) +- Support for SCAP 1.3 Source Datastreams (evaluating, XML schemas, validation) (rhbz#1709429) +- Tailoring files are included in ARF result files +- Remote filesystems mounted using `autofs` direct maps are not recognized as local filesystems (rhbz#1655943) +- Offline scan utilizing rpmverifyfile probe fails in fchdir and aborts (rhbz#1636431) + +* Wed Jan 16 2019 Gabriel Becker - 1.3.0-7 +- Removed oscap-vm binary and manpage files from build as they will not be supported by RHEL-8.0.0. +- Explicitly specify which files should be in openscap-utils subpackage. + +* Mon Jan 14 2019 Gabriel Becker - 1.3.0-6 +- Removed containers package as RHEL-8.0.0 will not support it. +- Removed oscap-chroot binary and manpage from utils package as RHEL-8.0.0 will not support it. + +* Mon Oct 15 2018 Jan Černý - 1.3.0-5 +- Fixed unresolved symbols in SCE library + +* Fri Oct 12 2018 Matěj Týč - 1.3.0-4 +- Fixed a sudo regression in oscap-ssh. +- Updated test to work with newer versions of procps. +- Updated the man page. + +* Tue Oct 09 2018 Matěj Týč - 1.3.0-3 +- Fixed memory error in SWIG (RHBZ#1607014) + +* Tue Oct 09 2018 Jan Černý - 1.3.0-2 +- Drop openscap-perl subpackage (RHBZ#1624396) + +* Mon Oct 08 2018 Jan Černý - 1.3.0-1 +- upgrade to the latest upstream release +- list subpackages removed in 1.3.0_alpha1-1 as obsoleted + +* Fri Aug 10 2018 Jan Černý - 1.3.0_alpha2-1 +- upgrade to the latest upstream release + +* Thu Aug 09 2018 Jan Černý - 1.3.0_alpha1-3 +- Add RHEL8 CPE (until RHEL8 public beta downstream patch only) + +* Fri Jul 27 2018 Jan Černý - 1.3.0_alpha1-2 +- Use AsciiDoc instead of AsciiDoctor (RHBZ#1607541) + +* Fri Jul 20 2018 Jan Černý - 1.3.0_alpha1-1 +- upgrade to the latest upstream release +- change specfile to use CMake +- dropped commands in the spec file that are no longer relevant +- dropped subpackages in the spec file that are no longer relevant + +* Fri May 18 2018 Jan Černý - 1.2.16-5 +- Use pathfix.py instead of a downstream patch to fix shebang + +* Thu May 17 2018 Jan Černý - 1.2.16-4 +- Remove Python 2 dependencies + +* Thu Feb 08 2018 Fedora Release Engineering - 1.2.16-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Jan 12 2018 Iryna Shcherbina - 1.2.16-2 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Tue Nov 14 2017 jcerny@redhat.com - 1.2.16-1 +- upgrade to the latest upstream release + +* Thu Oct 05 2017 Martin Preisler - 1.2.15-2 +- moved oscap-chroot to openscap-scanner because it's a thin wrapper script with no dependencies + +* Fri Aug 25 2017 Jan Černý - 1.2.15-1 +- upgrade to the latest upstream release + +* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek - 1.2.14-9 +- Add Provides for the old name without %%_isa + +* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 1.2.14-8 +- Python 2 binary package renamed to python2-openscap + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 + +* Fri Aug 11 2017 Igor Gnatenko - 1.2.14-7 +- Rebuilt after RPM update (№ 3) + +* Thu Aug 10 2017 Igor Gnatenko - 1.2.14-6 +- Rebuilt for RPM soname bump + +* Thu Aug 10 2017 Igor Gnatenko - 1.2.14-5 +- Rebuilt for RPM soname bump + +* Thu Aug 03 2017 Fedora Release Engineering - 1.2.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 1.2.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sun Jun 04 2017 Jitka Plesnikova - 1.2.14-2 +- Perl 5.26 rebuild + +* Tue Mar 21 2017 Martin Preisler - 1.2.14-1 +- upgrade to the latest upstream release + +* Sat Feb 11 2017 Fedora Release Engineering - 1.2.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jan 05 2017 Martin Preisler - 1.2.13-1 +- upgrade to the latest upstream release + +* Mon Dec 19 2016 Miro Hrončok - 1.2.12-2 +- Rebuild for Python 3.6 + +* Tue Nov 22 2016 Martin Preisler - 1.2.12-1 +- upgrade to the latest upstream release + +* Wed Oct 19 2016 Martin Preisler - 1.2.11-1 +- upgrade to the latest upstream release + +* Tue Jul 19 2016 Fedora Release Engineering - 1.2.10-2 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Tue Jul 12 2016 Martin Preisler - 1.2.10-1 +- upgrade to the latest upstream release + +* Tue May 17 2016 Jitka Plesnikova - 1.2.9-2 +- Perl 5.24 rebuild + +* Fri Apr 22 2016 Martin Preisler - 1.2.9-1 +- upgrade to the latest upstream release + +* Thu Feb 04 2016 Fedora Release Engineering - 1.2.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Jan 18 2016 Šimon Lukašík - 1.2.8-1 +- upgrade to the latest upstream release + +* Thu Dec 03 2015 Šimon Lukašík - 1.2.7-1 +- upgrade to the latest upstream release + +* Tue Nov 10 2015 Fedora Release Engineering - 1.2.6-4 +- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 + +* Tue Oct 13 2015 Zbyněk Moravec - 1.2.6-3 +- fix oscap-docker shebang + +* Wed Oct 07 2015 Šimon Lukašík - 1.2.6-2 +- put oscap-docker to openscap-containers subpackage +- do not require atomic at all + +* Mon Oct 05 2015 Zbyněk Moravec - 1.2.6-1 +- upgrade to the latest upstream release + +* Wed Jul 29 2015 Martin Preisler - 1.2.5-2 +- rebuilt because of librpm and librpmio ABI break + +* Mon Jul 06 2015 Šimon Lukašík - 1.2.5-1 +- upgrade to the latest upstream release + +* Sat Jun 20 2015 Šimon Lukašík - 1.2.4-1 +- upgrade to the latest upstream release. +- Content of selinux package has been purged. + +* Thu Jun 18 2015 Fedora Release Engineering - 1.2.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Jun 06 2015 Jitka Plesnikova - 1.2.3-2 +- Perl 5.22 rebuild + +* Fri May 01 2015 Šimon Lukašík - 1.2.3-1 +- upgrade to the latest upstream release + +* Thu Apr 02 2015 Šimon Lukašík - 1.2.2-1 +- upgrade to the latest upstream release + +* Sat Jan 10 2015 Šimon Lukašík - 1.2.1-1 +- upgrade to the latest upstream release + +* Tue Dec 02 2014 Šimon Lukašík - 1.2.0-1 +- upgrade to the latest upstream release + +* Fri Sep 26 2014 Šimon Lukašík - 1.1.1-1 +- upgrade to the latest upstream release + +* Fri Sep 05 2014 Jitka Plesnikova - 1.1.0-2 +- Perl 5.20 rebuild + +* Wed Sep 03 2014 Šimon Lukašík - 1.1.0-1 +- upgrade + +* Thu Aug 28 2014 Jitka Plesnikova - 1.0.9-4 +- Perl 5.20 rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 1.0.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Jul 01 2014 Šimon Lukašík - 1.0.9-2 +- Extract oscap tool to a separate package (rhbz#1115116) + +* Wed Jun 25 2014 Martin Preisler - 1.0.9-1 +- upgrade + +* Sat Jun 07 2014 Fedora Release Engineering - 1.0.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Mar 26 2014 Šimon Lukašík - 1.0.8-1 +- upgrade + +* Thu Mar 20 2014 Šimon Lukašík - 1.0.7-1 +- upgrade + +* Wed Mar 19 2014 Šimon Lukašík - 1.0.6-1 +- upgrade + +* Fri Mar 14 2014 Šimon Lukašík - 1.0.5-1 +- upgrade + +* Thu Feb 13 2014 Šimon Lukašík - 1.0.4-1 +- upgrade + +* Tue Jan 14 2014 Šimon Lukašík - 1.0.3-1 +- upgrade +- This upstream release addresses: #1052142 + +* Fri Jan 10 2014 Šimon Lukašík - 1.0.2-1 +- upgrade +- This upstream release addresses: #1018291, #1029879, #1026833 + +* Thu Nov 28 2013 Šimon Lukašík - 1.0.1-1 +- upgrade + +* Tue Nov 26 2013 Šimon Lukašík - 1.0.0-3 +- expand LT_CURRENT_MINUS_AGE correctly + +* Thu Nov 21 2013 Šimon Lukašík - 1.0.0-2 +- dlopen libopenscap_sce.so.{current-age} explicitly + That allows for SCE to work without openscap-engine-sce-devel + +* Tue Nov 19 2013 Šimon Lukašík - 1.0.0-1 +- upgrade +- package openscap-engine-sce-devel separately + +* Fri Nov 15 2013 Šimon Lukašík - 0.9.13-7 +- do not obsolete openscap-conten just drop it (#1028706) + scap-security-guide will bring the Obsoletes tag + +* Thu Nov 14 2013 Šimon Lukašík - 0.9.13-6 +- only non-noarch packages should be requiring specific architecture + +* Sat Nov 09 2013 Šimon Lukašík 0.9.13-5 +- specify architecture when requiring base package + +* Fri Nov 08 2013 Šimon Lukašík 0.9.13-4 +- specify dependency between engine and devel sub-package + +* Fri Nov 08 2013 Šimon Lukašík 0.9.13-3 +- correct openscap-utils dependencies + +* Fri Nov 08 2013 Šimon Lukašík 0.9.13-2 +- drop openscap-content package (use scap-security-guide instead) + +* Fri Nov 08 2013 Šimon Lukašík 0.9.13-1 +- upgrade + +* Thu Sep 26 2013 Šimon Lukašík 0.9.12-2 +- Start building SQL probes for Fedora + +* Wed Sep 11 2013 Šimon Lukašík 0.9.12-1 +- upgrade + +* Sat Aug 03 2013 Fedora Release Engineering - 0.9.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Jul 18 2013 Petr Lautrbach 0.9.11-1 +- upgrade + +* Wed Jul 17 2013 Petr Pisar - 0.9.10-2 +- Perl 5.18 rebuild + +* Mon Jul 15 2013 Petr Lautrbach 0.9.10-1 +- upgrade + +* Mon Jun 17 2013 Petr Lautrbach 0.9.8-1 +- upgrade + +* Fri Apr 26 2013 Petr Lautrbach 0.9.7-1 +- upgrade +- add openscap-selinux sub-package + +* Wed Apr 24 2013 Petr Lautrbach 0.9.6-1 +- upgrade + +* Wed Mar 20 2013 Petr Lautrbach 0.9.5-1 +- upgrade + +* Mon Mar 04 2013 Petr Lautrbach 0.9.4.1-1 +- upgrade + +* Tue Feb 26 2013 Petr Lautrbach 0.9.4-1 +- upgrade + +* Thu Feb 14 2013 Fedora Release Engineering - 0.9.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Dec 17 2012 Petr Lautrbach 0.9.3-1 +- upgrade + +* Wed Nov 21 2012 Petr Lautrbach 0.9.2-1 +- upgrade + +* Mon Oct 22 2012 Petr Lautrbach 0.9.1-1 +- upgrade + +* Tue Sep 25 2012 Peter Vrabec 0.9.0-1 +- upgrade + +* Mon Aug 27 2012 Petr Lautrbach 0.8.5-1 +- upgrade + +* Tue Aug 07 2012 Petr Lautrbach 0.8.4-1 +- upgrade + +* Tue Jul 31 2012 Petr Lautrbach 0.8.3-2 +- fix Profile and @hidden issue + +* Mon Jul 30 2012 Petr Lautrbach 0.8.3-1 +- upgrade + +* Fri Jul 20 2012 Fedora Release Engineering - 0.8.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jun 08 2012 Petr Pisar - 0.8.2-2 +- Perl 5.16 rebuild + +* Fri Mar 30 2012 Petr Lautrbach 0.8.2-1 +- upgrade + +* Tue Feb 21 2012 Peter Vrabec 0.8.1-1 +- upgrade + +* Fri Feb 10 2012 Petr Pisar - 0.8.0-3 +- Rebuild against PCRE 8.30 + +* Fri Jan 13 2012 Fedora Release Engineering - 0.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Oct 11 2011 Peter Vrabec 0.8.0-1 +- upgrade + +* Mon Jul 25 2011 Peter Vrabec 0.7.4-1 +- upgrade + +* Thu Jul 21 2011 Petr Sabata - 0.7.3-3 +- Perl mass rebuild + +* Wed Jul 20 2011 Petr Sabata - 0.7.3-2 +- Perl mass rebuild + +* Fri Jun 24 2011 Peter Vrabec 0.7.3-1 +- upgrade + +* Fri Jun 17 2011 Marcela Mašláňová - 0.7.2-3 +- Perl mass rebuild + +* Fri Jun 10 2011 Marcela Mašláňová - 0.7.2-2 +- Perl 5.14 mass rebuild + +* Wed Apr 20 2011 Peter Vrabec 0.7.2-1 +- upgrade + +* Fri Mar 11 2011 Peter Vrabec 0.7.1-1 +- upgrade + +* Thu Feb 10 2011 Peter Vrabec 0.7.0-1 +- upgrade + +* Tue Feb 08 2011 Fedora Release Engineering - 0.6.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 31 2011 Peter Vrabec 0.6.8-1 +- upgrade + +* Fri Jan 14 2011 Peter Vrabec 0.6.7-1 +- upgrade + +* Wed Oct 20 2010 Peter Vrabec 0.6.4-1 +- upgrade + +* Tue Sep 14 2010 Peter Vrabec 0.6.3-1 +- upgrade + +* Fri Aug 27 2010 Peter Vrabec 0.6.2-1 +- upgrade + +* Wed Jul 14 2010 Peter Vrabec 0.6.0-1 +- upgrade + +* Wed May 26 2010 Peter Vrabec 0.5.11-1 +- upgrade + +* Fri May 07 2010 Peter Vrabec 0.5.10-1 +- upgrade + +* Fri Apr 16 2010 Peter Vrabec 0.5.9-1 +- upgrade + +* Fri Feb 26 2010 Peter Vrabec 0.5.7-1 +- upgrade +- new utils package + +* Mon Jan 04 2010 Peter Vrabec 0.5.6-1 +- upgrade + +* Tue Sep 29 2009 Peter Vrabec 0.5.3-1 +- upgrade + +* Wed Aug 19 2009 Peter Vrabec 0.5.2-1 +- upgrade + +* Mon Aug 03 2009 Peter Vrabec 0.5.1-2 +- add rpm-devel requirement + +* Mon Aug 03 2009 Peter Vrabec 0.5.1-1 +- upgrade + +* Thu Apr 30 2009 Peter Vrabec 0.3.3-1 +- upgrade + +* Thu Apr 23 2009 Peter Vrabec 0.3.2-1 +- upgrade + +* Sun Mar 29 2009 Peter Vrabec 0.1.4-1 +- upgrade + +* Fri Mar 27 2009 Peter Vrabec 0.1.3-2 +- spec file fixes (#491892) + +* Tue Mar 24 2009 Peter Vrabec 0.1.3-1 +- upgrade + +* Thu Jan 15 2009 Tomas Heinrich 0.1.1-1 +- Initial rpm +