diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8e966a6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/openscap-1.3.0.tar.gz diff --git a/.openscap.metadata b/.openscap.metadata new file mode 100644 index 0000000..04c832b --- /dev/null +++ b/.openscap.metadata @@ -0,0 +1 @@ +2270bbc8e399f4a1f7a450b394086ed2506a8abd SOURCES/openscap-1.3.0.tar.gz diff --git a/SOURCES/add_rhel8_cpe.patch b/SOURCES/add_rhel8_cpe.patch new file mode 100644 index 0000000..63a70a8 --- /dev/null +++ b/SOURCES/add_rhel8_cpe.patch @@ -0,0 +1,75 @@ +From f600c0d3768d824be658c66ff49c34918d160f5a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= +Date: Thu, 9 Aug 2018 04:20:42 -0400 +Subject: [PATCH] Add RHEL8 CPE to OpenSCAP CPE dictionary + +--- + cpe/openscap-cpe-dict.xml | 4 ++++ + cpe/openscap-cpe-oval.xml | 22 ++++++++++++++++++++++ + 2 files changed, 26 insertions(+) + +diff --git a/cpe/openscap-cpe-dict.xml b/cpe/openscap-cpe-dict.xml +index 6c44333bb..b97245b38 100644 +--- a/cpe/openscap-cpe-dict.xml ++++ b/cpe/openscap-cpe-dict.xml +@@ -17,6 +17,10 @@ + Red Hat Enterprise Linux 7 + oval:org.open-scap.cpe.rhel:def:7 + ++ ++ Red Hat Enterprise Linux 8 ++ oval:org.open-scap.cpe.rhel:def:8 ++ + + Oracle Linux 5 + oval:org.open-scap.cpe.ol:def:5 +diff --git a/cpe/openscap-cpe-oval.xml b/cpe/openscap-cpe-oval.xml +index bb338de7e..4be890041 100644 +--- a/cpe/openscap-cpe-oval.xml ++++ b/cpe/openscap-cpe-oval.xml +@@ -68,6 +68,19 @@ + + + ++ ++ ++ Red Hat Enterprise Linux 8 ++ ++ Red Hat Enterprise Linux 8 ++ ++ ++ The operating system installed on the system is Red Hat Enterprise Linux 8 ++ ++ ++ ++ ++ + + + Oracle Linux 5 +@@ -620,6 +633,11 @@ + + + ++ ++ ++ ++ + + +@@ -921,6 +939,10 @@ + ^redhat-release + ^7[^\d] + ++ ++ ^redhat-release ++ ^8[^\d] ++ + + ^centos-release + ^5 +-- +2.17.0 + diff --git a/SOURCES/fix_oscap_ssh_sudo.patch b/SOURCES/fix_oscap_ssh_sudo.patch new file mode 100644 index 0000000..10e7c77 --- /dev/null +++ b/SOURCES/fix_oscap_ssh_sudo.patch @@ -0,0 +1,33 @@ +diff --git a/utils/oscap-ssh b/utils/oscap-ssh +index ee6eb9c81..6d60a369e 100755 +--- a/utils/oscap-ssh ++++ b/utils/oscap-ssh +@@ -115,6 +115,11 @@ function scp_retreive_from_temp_dir { + scp -o ControlPath="$MASTER_SOCKET" -P "$SSH_PORT" $SSH_ADDITIONAL_OPTIONS "$SSH_HOST:$REMOTE_TEMP_DIR/$1" "$2" + } + ++function first_argument_is_sudo { ++ [ "$1" == "sudo" ] || [ "$1" == "--sudo" ] ++ return $? ++} ++ + function sanity_check_arguments { + if [ $# -lt 1 ]; then + echo "No arguments provided." +@@ -123,7 +128,7 @@ function sanity_check_arguments { + elif [ "$1" == "-h" ] || [ "$1" == "--help" ]; then + usage + die +- elif [ "$1" == "sudo" ] || [ "$1" == "--sudo" ]; then ++ elif first_argument_is_sudo "$@"; then + OSCAP_SUDO="sudo" + # force pseudo-tty allocation so that users can type their password if necessary + SSH_TTY_ALLOCATION_OPTION="-t" +@@ -155,6 +160,7 @@ function check_oscap_arguments { + } + + sanity_check_arguments "$@" ++first_argument_is_sudo "$@" && shift + + SSH_HOST="$1" + SSH_PORT="$2" diff --git a/SOURCES/fix_procps_tests.patch b/SOURCES/fix_procps_tests.patch new file mode 100644 index 0000000..d926da3 --- /dev/null +++ b/SOURCES/fix_procps_tests.patch @@ -0,0 +1,21 @@ +diff --git a/tests/probes/sysctl/test_sysctl_probe_all.sh b/tests/probes/sysctl/test_sysctl_probe_all.sh +index 073d332ee..4325612a3 100755 +--- a/tests/probes/sysctl/test_sysctl_probe_all.sh ++++ b/tests/probes/sysctl/test_sysctl_probe_all.sh +@@ -28,6 +28,16 @@ sysctl -aN --deprecated 2> /dev/null | tr "/" "." | sort -u > "$sysctlNames" + + grep unix-sys:name "$result" | sed -E 's;.*>(.*)<.*;\1;g' | sort > "$ourNames" + ++# If procps_ver > 3.3.12 we need to filter *stable_secret and vm.stat_refresh ++# options from the sysctl output, for more details see ++# https://github.com/OpenSCAP/openscap/issues/1152. ++procps_ver=$(rpm -q procps-ng --qf="%{version}") ++lowest_ver=$(echo -e "3.3.12\n$procps_ver" | sort -V | head -n1) ++if [ "$procps_ver" != "$lowest_ver" ]; then ++ sed -i '/net.ipv6.conf.*stable_secret$/d' "$sysctlNames" ++ sed -i '/.*vm.stat_refresh/d' "$sysctlNames" ++fi ++ + diff "$sysctlNames" "$ourNames" + + # remove oscap error message related to permissions from stderr diff --git a/SOURCES/fix_unresolved_symbols_in_SCE_library.patch b/SOURCES/fix_unresolved_symbols_in_SCE_library.patch new file mode 100644 index 0000000..e0643bb --- /dev/null +++ b/SOURCES/fix_unresolved_symbols_in_SCE_library.patch @@ -0,0 +1,35 @@ +From ff1ca9b23d1437da34bb5ed86cb610ac6b5461e5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= +Date: Mon, 15 Oct 2018 14:19:37 +0200 +Subject: [PATCH] Ensure there are no unresolved symbols in libopenscap_sce.so + +After installing the library to /usr/lib64/ oscap wasn't able to find +SCE plugin and SCE was not shown in list of plugins in `oscap -V`. That +was because the `libopenscap_sce.so` library could not be loaded because +it contained unresolved symbol `__oscap_seterr`. We need to add +`error.c` and its dependencies to make sure `ldd` doesn't report any +unresolved symbols. +--- + src/SCE/CMakeLists.txt | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/SCE/CMakeLists.txt b/src/SCE/CMakeLists.txt +index 1e0285804..e07c454d1 100644 +--- a/src/SCE/CMakeLists.txt ++++ b/src/SCE/CMakeLists.txt +@@ -3,9 +3,12 @@ file(GLOB_RECURSE SCE_PUBLIC_HEADERS "public/*.h") + + add_library(openscap_sce SHARED + ${SCE_SOURCES} ++ "${CMAKE_SOURCE_DIR}/src/common/error.c" ++ "${CMAKE_SOURCE_DIR}/src/common/err_queue.c" + "${CMAKE_SOURCE_DIR}/src/common/list.c" + "${CMAKE_SOURCE_DIR}/src/common/oscap_string.c" + "${CMAKE_SOURCE_DIR}/src/common/oscap_buffer.c" ++ "${CMAKE_SOURCE_DIR}/src/common/util.c" + ) + target_include_directories(openscap_sce PUBLIC public) + set_target_properties(openscap_sce PROPERTIES VERSION ${SONAME} SOVERSION ${SOVERSION}) +-- +2.14.4 + diff --git a/SOURCES/manpage_update_modify.patch b/SOURCES/manpage_update_modify.patch new file mode 100644 index 0000000..dfc839e --- /dev/null +++ b/SOURCES/manpage_update_modify.patch @@ -0,0 +1,119 @@ +diff --git a/utils/oscap.8 b/utils/oscap.8 +index 2cec5e6c8..55110689e 100644 +--- a/utils/oscap.8 ++++ b/utils/oscap.8 +@@ -1,4 +1,4 @@ +-.TH OSCAP "8" "March 2017" "Red Hat" "System Administration Utilities" ++.TH OSCAP "8" "October 2018" "Red Hat" "System Administration Utilities" + + .SH NAME + oscap \- OpenSCAP command line tool +@@ -15,7 +15,7 @@ OpenSCAP tool claims to provide capabilities of Authenticated Configuration Scan + .SH GENERAL OPTIONS + .TP + \fB\-V, -\-version\fR +-Print supported SCAP specification, location of schema files, schematron files, CPE files, probes and supported OVAL objects. ++Print supported SCAP specifications, location of schema files, schematron files, CPE files, probes and supported OVAL objects. + Displays a list of inbuilt CPE names. + .TP + \fB\-h, \-\-help\fR +@@ -48,7 +48,7 @@ Common Vulnerabilities and Exposures + .TP + [\fIoptions\fR] any-scap-file.xml + .RS +-This module prints information about SCAP content in a file specified on a command line. It determines SCAP content type, specification version, date of creation, date of import and so on. Info module doesn't require any additional opperation switch. ++This module prints information about SCAP content in a file specified on a command line. It determines SCAP content type, specification version, date of creation, date of import and so on. Info module doesn't require any additional operation switch. + + For XCCDF or Datastream files, info module prints out IDs of incorporated profiles, components, and datastreams. These IDs can be used to specify the target for evaluation. Use options --profile, --xccdf-id (or --oval-id), and --datastream-id respectively. + .PP +@@ -118,7 +118,8 @@ Writes results to a given FILE in Asset Reporting Format. It is recommended to u + .TP + \fB\-\-stig-viewer FILE\fR + .RS +-Writes XCCDF results into FILE in a format readable by DISA STIG Viewer. See \fIhttp://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx\f. ++Writes XCCDF results into FILE in a format readable by DISA STIG Viewer. See \fIhttp://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx\fR. ++This option should be used to generate results for DISA STIG Viewer older than 2.6. To use DISA STIG Viewer 2.6 or newer, use \fB\-\-results\fR instead. + .RE + .TP + \fB\-\-thin-results\fR +@@ -133,7 +134,7 @@ Don't provide system characteristics in OVAL/ARF result files. + .TP + \fB\-\-report FILE\fR + .RS +-Write HTML report into FILE. You also have to specify --results for this feature to work. Please see --oval-results to enable additional information in the report. ++Write HTML report into FILE. Add \fB\-\-oval-results\fR to enable detailed information in the report. + .RE + .TP + \fB\-\-oval-results\fR +@@ -228,12 +233,13 @@ Writes results to a given FILE in Asset Reporting Format. It is recommended to u + .TP + \fB\-\-stig-viewer FILE\fR + .RS +-Writes XCCDF results into FILE in a format readable by DISA STIG Viewer. See \fIhttp://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx\f. ++Writes XCCDF results into FILE in a format readable by DISA STIG Viewer. See \fIhttp://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx\fR. ++This option should be used to generate results for DISA STIG Viewer older than 2.6. To use DISA STIG Viewer 2.6 or newer, use \fB\-\-results\fR instead. + .RE + .TP + \fB\-\-report FILE\fR + .RS +-Write HTML report into FILE. You also have to specify --results for this feature to work. ++Write HTML report into FILE. Add \fB\-\-oval-results\fR to enable detailed information in the report. + .RE + .TP + \fB\-\-oval-results\fR +@@ -250,6 +256,11 @@ After evaluation is finished, each loaded check engine plugin is asked to export + .RS + Generate OVAL Variables documents which contain external variables' values that were provided to the OVAL checking engine during evaluation. The filename format is '\fIoriginal-oval-definitions-filename\fR-\fIsession-index\fR.variables-\fIvariables-index\fR.xml'. + .RE ++.TP ++\fB\-\-progress\fR ++.RS ++Switch to sparse output suitable for progress reporting. Format of the output is "$rule_id:$result\\n". ++.RE + .RE + .TP + .B resolve\fR -o output-file xccdf-file +@@ -315,18 +326,21 @@ Available submodules: + .TP + .B \fBguide\fR [\fIoptions\fR] xccdf-file + .RS +-Generate a formatted document containing a security guide from a XCCDF Benchmark. Unless the --output option is specified it will be written to the standard output. Without profile being set only groups (not rules) will be included in the output. ++Generate a HTML document containing a security guide from an XCCDF Benchmark. Unless the --output option is specified it will be written to the standard output. Without profile being set only groups (not rules) will be included in the output. + .TP + \fB\-\-output FILE\fR + Write the guide to this file instead of standard output. + .TP + \fB\-\-hide-profile-info\fR + Information on chosen profile (e.g. rules selected by the profile) will be excluded from the document. ++.TP ++\fB\-\-benchmark-id ID\fR ++Selects a component ref from any datastream that references a component with XCCDF Benchmark such that its @id attribute matches given string exactly. + .RE + .TP + .B \fBreport\fR [\fIoptions\fR] xccdf-file + .RS +-Generate a document containing results of a XCCDF Benchmark execution. Unless the --output option is specified it will be written to the standard output. ID of the TestResult element to visualise defaults to the most recent result (according to the end-time attribute). ++Generate a HTML document containing results of an XCCDF Benchmark execution. Unless the --output option is specified it will be written to the standard output. + .TP + \fB\-\-output FILE\fR + Write the report to this file instead of standard output. +@@ -417,19 +431,14 @@ Write OVAL Results into file. + Create human readable (HTML) report from OVAL Results. + .TP + \fB\-\-datastream-id ID\fR +-.RS + Uses a datastream with that particular ID from the given datastream collection. If not given the first datastream is used. Only applies if you give source datastream in place of an OVAL file. +-.RE + .TP + \fB\-\-oval-id ID\fR +-.RS + Takes component ref with given ID from checks. This allows to select a particular OVAL component even in cases where there are 2 OVALs in one datastream. +-.RE + .TP + \fB\-\-skip-valid\fR + Do not validate input/output files. + .TP +-.RE + \fB\-\-fetch-remote-resources\fR + Allow download of remote components referenced from Datastream. + .RE diff --git a/SOURCES/manpage_update_remove.patch b/SOURCES/manpage_update_remove.patch new file mode 100644 index 0000000..b7e41e2 --- /dev/null +++ b/SOURCES/manpage_update_remove.patch @@ -0,0 +1,14 @@ +diff --git a/utils/oscap.8 b/utils/oscap.8 +index c7a67f5a9..123c0f97b 100644 +--- a/utils/oscap.8 ++++ b/utils/oscap.8 +@@ -337,9 +337,6 @@ Write the report to this file instead of standard output. + \fB\-\-result-id ID\fR + ID of the XCCDF TestResult from which the report will be generated. + .TP +-\fB\-\-show \fIwhat\fR +-Specify what result types shall be displayed in the result report. The default is to show everything except for rules with results notselected and notapplicable. The \fIwhat\fR part is a comma-separated list of result types to display in addition to the default. If result type is prefixed by a dash '-', it will be excluded from the results. If \fIwhat\fR is prefixed by an equality sign '=', a following list specifies exactly what rule types to include in the report. Result types are: pass, fixed, notchecked, notapplicable, notselected, informational, unknown, error, fail. +-.TP + \fB\-\-oval-template \fItemplate-string\fR + To use the ability to include additional information from OVAL in xccdf result file, a template which will be used to obtain OVAL result file names has to be specified. The template can be either a filename or a string containing wildcard character (percent sign '%'). Wildcard will be replaced by the original OVAL definition file name as referenced from the XCCDF file. This way it is possible to obtain OVAL information even from XCCDF documents referencing several OVAL files. To use this option with results from an XCCDF evaluation, specify \fI%.result.xml\fR as a OVAL file name template. + .TP diff --git a/SOURCES/openscap-1.3.1-swig.patch b/SOURCES/openscap-1.3.1-swig.patch new file mode 100644 index 0000000..be0f2da --- /dev/null +++ b/SOURCES/openscap-1.3.1-swig.patch @@ -0,0 +1,12 @@ +diff --git a/swig/openscap.i b/swig/openscap.i +index ffe0bb87a..ed1dab36c 100644 +--- a/swig/openscap.i ++++ b/swig/openscap.i +@@ -87,7 +87,6 @@ + } + $1[i] = 0; + } else { +- free($1); + PyErr_SetString(PyExc_TypeError,"not a list"); + SWIG_fail; + } diff --git a/SPECS/openscap.spec b/SPECS/openscap.spec new file mode 100644 index 0000000..4e9af61 --- /dev/null +++ b/SPECS/openscap.spec @@ -0,0 +1,636 @@ +Name: openscap +Version: 1.3.0 +Release: 7%{?dist} +Summary: Set of open source libraries enabling integration of the SCAP line of standards +Group: System Environment/Libraries +License: LGPLv2+ +URL: http://www.open-scap.org/ +Source0: https://github.com/OpenSCAP/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz +Patch1: add_rhel8_cpe.patch +Patch2: openscap-1.3.1-swig.patch +Patch3: fix_oscap_ssh_sudo.patch +Patch4: fix_procps_tests.patch +Patch5: manpage_update_modify.patch +Patch6: manpage_update_remove.patch +Patch7: fix_unresolved_symbols_in_SCE_library.patch +BuildRequires: cmake >= 2.6 +BuildRequires: swig libxml2-devel libxslt-devel perl-generators perl-XML-Parser +BuildRequires: rpm-devel +BuildRequires: libgcrypt-devel +BuildRequires: pcre-devel +BuildRequires: libacl-devel +BuildRequires: libselinux-devel libcap-devel +BuildRequires: libblkid-devel +BuildRequires: bzip2-devel +BuildRequires: asciidoc +BuildRequires: openldap-devel +BuildRequires: GConf2-devel +BuildRequires: dbus-devel +%if %{?_with_check:1}%{!?_with_check:0} +BuildRequires: perl-XML-XPath +BuildRequires: bzip2 +%endif +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig +Obsoletes: python2-openscap +Obsoletes: openscap-content-sectool +Obsoletes: openscap-extra-probes +Obsoletes: openscap-extra-probes-sql + +%description +OpenSCAP is a set of open source libraries providing an easier path +for integration of the SCAP line of standards. SCAP is a line of standards +managed by NIST with the goal of providing a standard language +for the expression of Computer Network Defense related information. + +%package devel +Summary: Development files for %{name} +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: libxml2-devel +Requires: pkgconfig +BuildRequires: doxygen + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + +%package python3 +Summary: Python 3 bindings for %{name} +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +BuildRequires: python3-devel + +%description python3 +The %{name}-python3 package contains the bindings so that %{name} +libraries can be used by python3. + +%package scanner +Summary: OpenSCAP Scanner Tool (oscap) +Group: Applications/System +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: libcurl >= 7.12.0 +BuildRequires: libcurl-devel >= 7.12.0 +Obsoletes: openscap-selinux +Obsoletes: openscap-selinux-compat + +%description scanner +The %{name}-scanner package contains oscap command-line tool. The oscap +is configuration and vulnerability scanner, capable of performing +compliance checking using SCAP content. + +%package utils +Summary: OpenSCAP Utilities +Group: Applications/System +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: rpmdevtools rpm-build +Requires: %{name}-scanner%{?_isa} = %{version}-%{release} + +%description utils +The %{name}-utils package contains command-line tools build on top +of OpenSCAP library. Historically, openscap-utils included oscap +tool which is now separated to %{name}-scanner sub-package. + +%package engine-sce +Summary: Script Check Engine plug-in for OpenSCAP +Group: Applications/System +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description engine-sce +The Script Check Engine is non-standard extension to SCAP protocol. This +engine allows content authors to avoid OVAL language and write their assessment +commands using a scripting language (Bash, Perl, Python, Ruby, ...). + +%package engine-sce-devel +Summary: Development files for %{name}-engine-sce +Group: Development/Libraries +Requires: %{name}-devel%{?_isa} = %{version}-%{release} +Requires: %{name}-engine-sce%{?_isa} = %{version}-%{release} +Requires: pkgconfig + +%description engine-sce-devel +The %{name}-engine-sce-devel package contains libraries and header files +for developing applications that use %{name}-engine-sce. + +%prep +%setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +mkdir build + +%build +cd build +%cmake -DENABLE_PERL=OFF \ + -DENABLE_DOCS=ON \ + -DENABLE_OSCAP_UTIL_DOCKER=OFF \ + -DENABLE_OSCAP_UTIL_CHROOT=OFF \ + -DENABLE_OSCAP_UTIL_VM=OFF \ + .. +make %{?_smp_mflags} +make docs + +%check +%if %{?_with_check:1}%{!?_with_check:0} +ctest -V %{?_smp_mflags} +%endif + +%install +cd build +%make_install + +find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' + +# fix python shebangs +pathfix.py -i %{__python3} -p -n $RPM_BUILD_ROOT%{_bindir}/scap-as-rpm + +%clean +rm -rf $RPM_BUILD_ROOT + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%doc AUTHORS NEWS README.md +%license COPYING +%doc %{_pkgdocdir}/manual/ +%dir %{_datadir}/openscap +%dir %{_datadir}/openscap/schemas +%dir %{_datadir}/openscap/xsl +%dir %{_datadir}/openscap/cpe +%{_libdir}/libopenscap.so.* +%{_datadir}/openscap/schemas/* +%{_datadir}/openscap/xsl/* +%{_datadir}/openscap/cpe/* + +%files python3 +%{python3_sitearch}/* + +%files devel +%doc %{_pkgdocdir}/html/ +%{_libdir}/libopenscap.so +%{_libdir}/pkgconfig/*.pc +%{_includedir}/openscap +%exclude %{_includedir}/openscap/sce_engine_api.h + +%files engine-sce-devel +%{_libdir}/libopenscap_sce.so +%{_includedir}/openscap/sce_engine_api.h + +%files scanner +%{_mandir}/man8/oscap.8.gz +%{_bindir}/oscap +# RHEL-8.0.0 will not support oscap-chroot. Future releases may include this. Note: remove double % when enabling command. +#%%{_mandir}/man8/oscap-chroot.8.gz +#%%{_bindir}/oscap-chroot +%{_sysconfdir}/bash_completion.d + +%files utils +%doc docs/oscap-scan.cron +%{_mandir}/man8/oscap-ssh.8.gz +%{_bindir}/oscap-ssh +# RHEL-8.0.0 will not support oscap-vm. Future releases may include this. Note: remove double % when enabling command. +#%%{_mandir}/man8/oscap-vm.8.gz +#%%{_bindir}/oscap/oscap-vm +%{_mandir}/man8/scap-as-rpm.8.gz +%{_bindir}/scap-as-rpm + +%files engine-sce +%{_libdir}/libopenscap_sce.so.* + +%changelog +* Wed Jan 16 2019 Gabriel Becker - 1.3.0-7 +- Removed oscap-vm binary and manpage files from build as they will not be supported by RHEL-8.0.0. +- Explicitly specify which files should be in openscap-utils subpackage. + +* Mon Jan 14 2019 Gabriel Becker - 1.3.0-6 +- Removed containers package as RHEL-8.0.0 will not support it. +- Removed oscap-chroot binary and manpage from utils package as RHEL-8.0.0 will not support it. + +* Mon Oct 15 2018 Jan Černý - 1.3.0-5 +- Fixed unresolved symbols in SCE library + +* Fri Oct 12 2018 Matěj Týč - 1.3.0-4 +- Fixed a sudo regression in oscap-ssh. +- Updated test to work with newer versions of procps. +- Updated the man page. + +* Tue Oct 09 2018 Matěj Týč - 1.3.0-3 +- Fixed memory error in SWIG (RHBZ#1607014) + +* Tue Oct 09 2018 Jan Černý - 1.3.0-2 +- Drop openscap-perl subpackage (RHBZ#1624396) + +* Mon Oct 08 2018 Jan Černý - 1.3.0-1 +- upgrade to the latest upstream release +- list subpackages removed in 1.3.0_alpha1-1 as obsoleted + +* Fri Aug 10 2018 Jan Černý - 1.3.0_alpha2-1 +- upgrade to the latest upstream release + +* Thu Aug 09 2018 Jan Černý - 1.3.0_alpha1-3 +- Add RHEL8 CPE (until RHEL8 public beta downstream patch only) + +* Fri Jul 27 2018 Jan Černý - 1.3.0_alpha1-2 +- Use AsciiDoc instead of AsciiDoctor (RHBZ#1607541) + +* Fri Jul 20 2018 Jan Černý - 1.3.0_alpha1-1 +- upgrade to the latest upstream release +- change specfile to use CMake +- dropped commands in the spec file that are no longer relevant +- dropped subpackages in the spec file that are no longer relevant + +* Fri May 18 2018 Jan Černý - 1.2.16-5 +- Use pathfix.py instead of a downstream patch to fix shebang + +* Thu May 17 2018 Jan Černý - 1.2.16-4 +- Remove Python 2 dependencies + +* Thu Feb 08 2018 Fedora Release Engineering - 1.2.16-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Jan 12 2018 Iryna Shcherbina - 1.2.16-2 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Tue Nov 14 2017 jcerny@redhat.com - 1.2.16-1 +- upgrade to the latest upstream release + +* Thu Oct 05 2017 Martin Preisler - 1.2.15-2 +- moved oscap-chroot to openscap-scanner because it's a thin wrapper script with no dependencies + +* Fri Aug 25 2017 Jan Černý - 1.2.15-1 +- upgrade to the latest upstream release + +* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek - 1.2.14-9 +- Add Provides for the old name without %%_isa + +* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 1.2.14-8 +- Python 2 binary package renamed to python2-openscap + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 + +* Fri Aug 11 2017 Igor Gnatenko - 1.2.14-7 +- Rebuilt after RPM update (№ 3) + +* Thu Aug 10 2017 Igor Gnatenko - 1.2.14-6 +- Rebuilt for RPM soname bump + +* Thu Aug 10 2017 Igor Gnatenko - 1.2.14-5 +- Rebuilt for RPM soname bump + +* Thu Aug 03 2017 Fedora Release Engineering - 1.2.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 1.2.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sun Jun 04 2017 Jitka Plesnikova - 1.2.14-2 +- Perl 5.26 rebuild + +* Tue Mar 21 2017 Martin Preisler - 1.2.14-1 +- upgrade to the latest upstream release + +* Sat Feb 11 2017 Fedora Release Engineering - 1.2.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jan 05 2017 Martin Preisler - 1.2.13-1 +- upgrade to the latest upstream release + +* Mon Dec 19 2016 Miro Hrončok - 1.2.12-2 +- Rebuild for Python 3.6 + +* Tue Nov 22 2016 Martin Preisler - 1.2.12-1 +- upgrade to the latest upstream release + +* Wed Oct 19 2016 Martin Preisler - 1.2.11-1 +- upgrade to the latest upstream release + +* Tue Jul 19 2016 Fedora Release Engineering - 1.2.10-2 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Tue Jul 12 2016 Martin Preisler - 1.2.10-1 +- upgrade to the latest upstream release + +* Tue May 17 2016 Jitka Plesnikova - 1.2.9-2 +- Perl 5.24 rebuild + +* Fri Apr 22 2016 Martin Preisler - 1.2.9-1 +- upgrade to the latest upstream release + +* Thu Feb 04 2016 Fedora Release Engineering - 1.2.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Jan 18 2016 Šimon Lukašík - 1.2.8-1 +- upgrade to the latest upstream release + +* Thu Dec 03 2015 Šimon Lukašík - 1.2.7-1 +- upgrade to the latest upstream release + +* Tue Nov 10 2015 Fedora Release Engineering - 1.2.6-4 +- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 + +* Tue Oct 13 2015 Zbyněk Moravec - 1.2.6-3 +- fix oscap-docker shebang + +* Wed Oct 07 2015 Šimon Lukašík - 1.2.6-2 +- put oscap-docker to openscap-containers subpackage +- do not require atomic at all + +* Mon Oct 05 2015 Zbyněk Moravec - 1.2.6-1 +- upgrade to the latest upstream release + +* Wed Jul 29 2015 Martin Preisler - 1.2.5-2 +- rebuilt because of librpm and librpmio ABI break + +* Mon Jul 06 2015 Šimon Lukašík - 1.2.5-1 +- upgrade to the latest upstream release + +* Sat Jun 20 2015 Šimon Lukašík - 1.2.4-1 +- upgrade to the latest upstream release. +- Content of selinux package has been purged. + +* Thu Jun 18 2015 Fedora Release Engineering - 1.2.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Jun 06 2015 Jitka Plesnikova - 1.2.3-2 +- Perl 5.22 rebuild + +* Fri May 01 2015 Šimon Lukašík - 1.2.3-1 +- upgrade to the latest upstream release + +* Thu Apr 02 2015 Šimon Lukašík - 1.2.2-1 +- upgrade to the latest upstream release + +* Sat Jan 10 2015 Šimon Lukašík - 1.2.1-1 +- upgrade to the latest upstream release + +* Tue Dec 02 2014 Šimon Lukašík - 1.2.0-1 +- upgrade to the latest upstream release + +* Fri Sep 26 2014 Šimon Lukašík - 1.1.1-1 +- upgrade to the latest upstream release + +* Fri Sep 05 2014 Jitka Plesnikova - 1.1.0-2 +- Perl 5.20 rebuild + +* Wed Sep 03 2014 Šimon Lukašík - 1.1.0-1 +- upgrade + +* Thu Aug 28 2014 Jitka Plesnikova - 1.0.9-4 +- Perl 5.20 rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 1.0.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Jul 01 2014 Šimon Lukašík - 1.0.9-2 +- Extract oscap tool to a separate package (rhbz#1115116) + +* Wed Jun 25 2014 Martin Preisler - 1.0.9-1 +- upgrade + +* Sat Jun 07 2014 Fedora Release Engineering - 1.0.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Mar 26 2014 Šimon Lukašík - 1.0.8-1 +- upgrade + +* Thu Mar 20 2014 Šimon Lukašík - 1.0.7-1 +- upgrade + +* Wed Mar 19 2014 Šimon Lukašík - 1.0.6-1 +- upgrade + +* Fri Mar 14 2014 Šimon Lukašík - 1.0.5-1 +- upgrade + +* Thu Feb 13 2014 Šimon Lukašík - 1.0.4-1 +- upgrade + +* Tue Jan 14 2014 Šimon Lukašík - 1.0.3-1 +- upgrade +- This upstream release addresses: #1052142 + +* Fri Jan 10 2014 Šimon Lukašík - 1.0.2-1 +- upgrade +- This upstream release addresses: #1018291, #1029879, #1026833 + +* Thu Nov 28 2013 Šimon Lukašík - 1.0.1-1 +- upgrade + +* Tue Nov 26 2013 Šimon Lukašík - 1.0.0-3 +- expand LT_CURRENT_MINUS_AGE correctly + +* Thu Nov 21 2013 Šimon Lukašík - 1.0.0-2 +- dlopen libopenscap_sce.so.{current-age} explicitly + That allows for SCE to work without openscap-engine-sce-devel + +* Tue Nov 19 2013 Šimon Lukašík - 1.0.0-1 +- upgrade +- package openscap-engine-sce-devel separately + +* Fri Nov 15 2013 Šimon Lukašík - 0.9.13-7 +- do not obsolete openscap-conten just drop it (#1028706) + scap-security-guide will bring the Obsoletes tag + +* Thu Nov 14 2013 Šimon Lukašík - 0.9.13-6 +- only non-noarch packages should be requiring specific architecture + +* Sat Nov 09 2013 Šimon Lukašík 0.9.13-5 +- specify architecture when requiring base package + +* Fri Nov 08 2013 Šimon Lukašík 0.9.13-4 +- specify dependency between engine and devel sub-package + +* Fri Nov 08 2013 Šimon Lukašík 0.9.13-3 +- correct openscap-utils dependencies + +* Fri Nov 08 2013 Šimon Lukašík 0.9.13-2 +- drop openscap-content package (use scap-security-guide instead) + +* Fri Nov 08 2013 Šimon Lukašík 0.9.13-1 +- upgrade + +* Thu Sep 26 2013 Šimon Lukašík 0.9.12-2 +- Start building SQL probes for Fedora + +* Wed Sep 11 2013 Šimon Lukašík 0.9.12-1 +- upgrade + +* Sat Aug 03 2013 Fedora Release Engineering - 0.9.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Jul 18 2013 Petr Lautrbach 0.9.11-1 +- upgrade + +* Wed Jul 17 2013 Petr Pisar - 0.9.10-2 +- Perl 5.18 rebuild + +* Mon Jul 15 2013 Petr Lautrbach 0.9.10-1 +- upgrade + +* Mon Jun 17 2013 Petr Lautrbach 0.9.8-1 +- upgrade + +* Fri Apr 26 2013 Petr Lautrbach 0.9.7-1 +- upgrade +- add openscap-selinux sub-package + +* Wed Apr 24 2013 Petr Lautrbach 0.9.6-1 +- upgrade + +* Wed Mar 20 2013 Petr Lautrbach 0.9.5-1 +- upgrade + +* Mon Mar 04 2013 Petr Lautrbach 0.9.4.1-1 +- upgrade + +* Tue Feb 26 2013 Petr Lautrbach 0.9.4-1 +- upgrade + +* Thu Feb 14 2013 Fedora Release Engineering - 0.9.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Dec 17 2012 Petr Lautrbach 0.9.3-1 +- upgrade + +* Wed Nov 21 2012 Petr Lautrbach 0.9.2-1 +- upgrade + +* Mon Oct 22 2012 Petr Lautrbach 0.9.1-1 +- upgrade + +* Tue Sep 25 2012 Peter Vrabec 0.9.0-1 +- upgrade + +* Mon Aug 27 2012 Petr Lautrbach 0.8.5-1 +- upgrade + +* Tue Aug 07 2012 Petr Lautrbach 0.8.4-1 +- upgrade + +* Tue Jul 31 2012 Petr Lautrbach 0.8.3-2 +- fix Profile and @hidden issue + +* Mon Jul 30 2012 Petr Lautrbach 0.8.3-1 +- upgrade + +* Fri Jul 20 2012 Fedora Release Engineering - 0.8.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jun 08 2012 Petr Pisar - 0.8.2-2 +- Perl 5.16 rebuild + +* Fri Mar 30 2012 Petr Lautrbach 0.8.2-1 +- upgrade + +* Tue Feb 21 2012 Peter Vrabec 0.8.1-1 +- upgrade + +* Fri Feb 10 2012 Petr Pisar - 0.8.0-3 +- Rebuild against PCRE 8.30 + +* Fri Jan 13 2012 Fedora Release Engineering - 0.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Oct 11 2011 Peter Vrabec 0.8.0-1 +- upgrade + +* Mon Jul 25 2011 Peter Vrabec 0.7.4-1 +- upgrade + +* Thu Jul 21 2011 Petr Sabata - 0.7.3-3 +- Perl mass rebuild + +* Wed Jul 20 2011 Petr Sabata - 0.7.3-2 +- Perl mass rebuild + +* Fri Jun 24 2011 Peter Vrabec 0.7.3-1 +- upgrade + +* Fri Jun 17 2011 Marcela Mašláňová - 0.7.2-3 +- Perl mass rebuild + +* Fri Jun 10 2011 Marcela Mašláňová - 0.7.2-2 +- Perl 5.14 mass rebuild + +* Wed Apr 20 2011 Peter Vrabec 0.7.2-1 +- upgrade + +* Fri Mar 11 2011 Peter Vrabec 0.7.1-1 +- upgrade + +* Thu Feb 10 2011 Peter Vrabec 0.7.0-1 +- upgrade + +* Tue Feb 08 2011 Fedora Release Engineering - 0.6.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 31 2011 Peter Vrabec 0.6.8-1 +- upgrade + +* Fri Jan 14 2011 Peter Vrabec 0.6.7-1 +- upgrade + +* Wed Oct 20 2010 Peter Vrabec 0.6.4-1 +- upgrade + +* Tue Sep 14 2010 Peter Vrabec 0.6.3-1 +- upgrade + +* Fri Aug 27 2010 Peter Vrabec 0.6.2-1 +- upgrade + +* Wed Jul 14 2010 Peter Vrabec 0.6.0-1 +- upgrade + +* Wed May 26 2010 Peter Vrabec 0.5.11-1 +- upgrade + +* Fri May 07 2010 Peter Vrabec 0.5.10-1 +- upgrade + +* Fri Apr 16 2010 Peter Vrabec 0.5.9-1 +- upgrade + +* Fri Feb 26 2010 Peter Vrabec 0.5.7-1 +- upgrade +- new utils package + +* Mon Jan 04 2010 Peter Vrabec 0.5.6-1 +- upgrade + +* Tue Sep 29 2009 Peter Vrabec 0.5.3-1 +- upgrade + +* Wed Aug 19 2009 Peter Vrabec 0.5.2-1 +- upgrade + +* Mon Aug 03 2009 Peter Vrabec 0.5.1-2 +- add rpm-devel requirement + +* Mon Aug 03 2009 Peter Vrabec 0.5.1-1 +- upgrade + +* Thu Apr 30 2009 Peter Vrabec 0.3.3-1 +- upgrade + +* Thu Apr 23 2009 Peter Vrabec 0.3.2-1 +- upgrade + +* Sun Mar 29 2009 Peter Vrabec 0.1.4-1 +- upgrade + +* Fri Mar 27 2009 Peter Vrabec 0.1.3-2 +- spec file fixes (#491892) + +* Tue Mar 24 2009 Peter Vrabec 0.1.3-1 +- upgrade + +* Thu Jan 15 2009 Tomas Heinrich 0.1.1-1 +- Initial rpm +