diff --git a/.gitignore b/.gitignore
index d729017..da07050 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/openscap-1.0.3.tar.gz
+SOURCES/openscap-1.1.1.tar.gz
diff --git a/.openscap.metadata b/.openscap.metadata
index e6a802d..abacda5 100644
--- a/.openscap.metadata
+++ b/.openscap.metadata
@@ -1 +1 @@
-cb1110e23b2ff7a7816b035ded1ad2db2fd40e88 SOURCES/openscap-1.0.3.tar.gz
+f0658393740c21c100f8b7f325699c5de1c41225 SOURCES/openscap-1.1.1.tar.gz
diff --git a/SOURCES/bz1159289-aebc254a-Export-var_check-in-OVAL-object.patch b/SOURCES/bz1159289-aebc254a-Export-var_check-in-OVAL-object.patch
new file mode 100644
index 0000000..a3d53ad
--- /dev/null
+++ b/SOURCES/bz1159289-aebc254a-Export-var_check-in-OVAL-object.patch
@@ -0,0 +1,31 @@
+From aebc254a4e6993ef79a549c2f71b5a6a4eb3ed01 Mon Sep 17 00:00:00 2001
+From: Martin Preisler <mpreisle@redhat.com>
+Date: Mon, 3 Nov 2014 19:49:06 +0100
+Subject: [PATCH] Export var_check in OVAL object when var_ref is present
+
+Fixes validation issues with schematron, such as:
+
+oval:mil.disa.fso.redhat.rhel6:obj:3184 - a var_ref has been supplied for the
+ind-def:pattern entity so a var_check should also be provided
+---
+ src/OVAL/oval_objectContent.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/OVAL/oval_objectContent.c b/src/OVAL/oval_objectContent.c
+index ee59e86..eb59c25 100644
+--- a/src/OVAL/oval_objectContent.c
++++ b/src/OVAL/oval_objectContent.c
+@@ -403,7 +403,9 @@ xmlNode *oval_object_content_to_dom(struct oval_object_content *content, xmlDoc
+ struct oval_entity *entity = oval_object_content_get_entity(content);
+ content_node = oval_entity_to_dom(entity, doc, parent);
+ oval_check_t check = oval_object_content_get_varCheck(content);
+- if (check != OVAL_CHECK_ALL)
++ oval_entity_varref_type_t vtype = oval_entity_get_varref_type(entity);
++
++ if (check != OVAL_CHECK_ALL || vtype != OVAL_ENTITY_VARREF_NONE)
+ xmlNewProp(content_node, BAD_CAST "var_check", BAD_CAST oval_check_get_text(check));
+ }
+ break;
+--
+1.9.3
+
diff --git a/SOURCES/bz1165139-c51c17bc-Set-async-thread-cancelation.patch b/SOURCES/bz1165139-c51c17bc-Set-async-thread-cancelation.patch
new file mode 100644
index 0000000..8389c77
--- /dev/null
+++ b/SOURCES/bz1165139-c51c17bc-Set-async-thread-cancelation.patch
@@ -0,0 +1,38 @@
+From c51c17bc6fd7373b07cad6156af0809f703a1db0 Mon Sep 17 00:00:00 2001
+From: Daniel Kopecek <dkopecek@redhat.com>
+Date: Tue, 6 Jan 2015 16:23:14 +0100
+Subject: [PATCH] Set async thread cancelation before entering probe_main
+
+Set thread cancelation type to PTHREAD_CANCEL_ASYNCHRONOUS to prevent
+the code in probe_main to defer the cancelation for too long.
+
+Related: rhbz#1165139
+---
+ src/OVAL/probes/probe/worker.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/OVAL/probes/probe/worker.c b/src/OVAL/probes/probe/worker.c
+index 949d65f..f9c9f17 100644
+--- a/src/OVAL/probes/probe/worker.c
++++ b/src/OVAL/probes/probe/worker.c
+@@ -939,10 +939,16 @@ SEXP_t *probe_worker(probe_t *probe, SEAP_msg_t *msg_in, int *ret)
+
+ pctx.probe_in = probe_in;
+ pctx.probe_out = probe_out;
++
+ /*
+- * Run the main function of the probe implementation
++ * Run the main function of the probe implementation. Set thread
++ * cancelation type to ASYNC to prevent the code in probe_main to
++ * defer the cancelation for too long.
+ */
++ int __unused_oldstate;
++ pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, &__unused_oldstate);
+ *ret = probe_main(&pctx, probe->probe_arg);
++ pthread_setcanceltype(PTHREAD_CANCEL_DEFERRED, &__unused_oldstate);
+
+ /*
+ * Synchronize
+--
+1.9.3
+
diff --git a/SOURCES/bz1182242-0e3c7e68-Export-var_check-together.patch b/SOURCES/bz1182242-0e3c7e68-Export-var_check-together.patch
new file mode 100644
index 0000000..28f0c02
--- /dev/null
+++ b/SOURCES/bz1182242-0e3c7e68-Export-var_check-together.patch
@@ -0,0 +1,28 @@
+From 0e3c7e6833630d55d00ac3e91cdb2ae067fabcb6 Mon Sep 17 00:00:00 2001
+From: Martin Preisler <mpreisle@redhat.com>
+Date: Fri, 16 Jan 2015 15:57:31 +0100
+Subject: [PATCH] Export @var_check together with @var_ref for objects
+
+Addresses rhbz#1182242 and rhbz#1159289.
+---
+ src/OVAL/oval_objectContent.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/OVAL/oval_objectContent.c b/src/OVAL/oval_objectContent.c
+index eb59c25..ad620d9 100644
+--- a/src/OVAL/oval_objectContent.c
++++ b/src/OVAL/oval_objectContent.c
+@@ -403,9 +403,8 @@ xmlNode *oval_object_content_to_dom(struct oval_object_content *content, xmlDoc
+ struct oval_entity *entity = oval_object_content_get_entity(content);
+ content_node = oval_entity_to_dom(entity, doc, parent);
+ oval_check_t check = oval_object_content_get_varCheck(content);
+- oval_entity_varref_type_t vtype = oval_entity_get_varref_type(entity);
+
+- if (check != OVAL_CHECK_ALL || vtype != OVAL_ENTITY_VARREF_NONE)
++ if (check != OVAL_CHECK_ALL || xmlHasProp(content_node, BAD_CAST "var_ref"))
+ xmlNewProp(content_node, BAD_CAST "var_check", BAD_CAST oval_check_get_text(check));
+ }
+ break;
+--
+1.9.3
+
diff --git a/SPECS/openscap.spec b/SPECS/openscap.spec
index ea4f52d..3ba2768 100644
--- a/SPECS/openscap.spec
+++ b/SPECS/openscap.spec
@@ -5,13 +5,16 @@
restorecon -R /usr/bin/oscap /usr/libexec/openscap; \
Name: openscap
-Version: 1.0.3
-Release: 2%{?dist}
+Version: 1.1.1
+Release: 3%{?dist}
Summary: Set of open source libraries enabling integration of the SCAP line of standards
Group: System Environment/Libraries
License: LGPLv2+
URL: http://www.open-scap.org/
Source0: http://fedorahosted.org/releases/o/p/openscap/%{name}-%{version}.tar.gz
+Patch0: bz1159289-aebc254a-Export-var_check-in-OVAL-object.patch
+Patch1: bz1165139-c51c17bc-Set-async-thread-cancelation.patch
+Patch2: bz1182242-0e3c7e68-Export-var_check-together.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: swig libxml2-devel libxslt-devel perl-XML-Parser
BuildRequires: rpm-devel
@@ -53,19 +56,31 @@ BuildRequires: python-devel
The %{name}-python package contains the bindings so that %{name}
libraries can be used by python.
-%package utils
-Summary: Openscap utilities
+%package scanner
+Summary: OpenSCAP Scanner Tool (oscap)
Group: Applications/System
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: libcurl >= 7.12.0
-Requires: rpmdevtools rpm-build
BuildRequires: libcurl-devel >= 7.12.0
-%description utils
-The %{name}-utils package contains oscap command-line tool. The oscap
+%description scanner
+The %{name}-scanner package contains oscap command-line tool. The oscap
is configuration and vulnerability scanner, capable of performing
compliance checking using SCAP content.
+%package utils
+Summary: OpenSCAP Utilities
+Group: Applications/System
+Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires: rpmdevtools rpm-build
+Requires: %{name}-scanner%{?_isa} = %{version}-%{release}
+
+%description utils
+The %{name}-utils package contains command-line tools build on top
+of OpenSCAP library. Historically, openscap-utils included oscap
+tool which is now separated to %{name}-scanner sub-package.
+
+
%package extra-probes
Summary: SCAP probes
Group: Applications/System
@@ -114,6 +129,9 @@ This package installs and sets up the SELinux policy security module for opensc
%prep
%setup -q
+%patch0 -p1 -b .bz1159289
+%patch1 -p1 -b .bz1165139
+%patch2 -p1 -b .bz1182242
%build
%ifarch sparc64
@@ -214,6 +232,8 @@ exit 0
%{_libexecdir}/openscap/probe_shadow
%{_libexecdir}/openscap/probe_sysctl
%{_libexecdir}/openscap/probe_system_info
+%{_libexecdir}/openscap/probe_systemdunitdependency
+%{_libexecdir}/openscap/probe_systemdunitproperty
%{_libexecdir}/openscap/probe_textfilecontent
%{_libexecdir}/openscap/probe_textfilecontent54
%{_libexecdir}/openscap/probe_uname
@@ -245,12 +265,19 @@ exit 0
%{_libdir}/libopenscap_sce.so
%{_includedir}/openscap/sce_engine_api.h
+%files scanner
+%{_mandir}/man8/oscap.8.gz
+%{_bindir}/oscap
+%{_sysconfdir}/bash_completion.d
+
%files utils
%defattr(-,root,root,-)
%doc docs/oscap-scan.cron
%{_mandir}/man8/*
+%exclude %{_mandir}/man8/oscap.8.gz
%{_bindir}/*
-%{_sysconfdir}/bash_completion.d
+%exclude %{_bindir}/oscap
+
%files extra-probes
%{_libexecdir}/openscap/probe_ldap57
@@ -265,6 +292,20 @@ exit 0
# %{_mandir}/man8/openscap_selinux.8.*
%changelog
+* Tue Jan 20 2015 Šimon Lukašík <slukasik@redhat.com> - 1.1.1-3
+- USGCB, schematron: var_ref missing when var_check exported (#1182242)
+
+* Thu Jan 08 2015 Šimon Lukašík <slukasik@redhat.com> - 1.1.1-2
+- STIG-generated results contain var_ref without var_check (#1159289)
+- Probes failed to stop by USR1 signal as specified (#1165139)
+
+* Fri Sep 26 2014 Šimon Lukašík <slukasik@redhat.com> - 1.1.1-1
+- upgrade to the latest upstream release
+
+* Wed Sep 03 2014 Šimon Lukašík <slukasik@redhat.com> - 1.1.0-1
+- upgrade
+- introduce openscap-scanner sub-package (#1115105)
+
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.0.3-2
- Mass rebuild 2014-01-24