Hello community, here is the log from the commit of package lynis for openSUSE:Factory checked in at 2020-06-19 17:25:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lynis (Old) and /work/SRC/openSUSE:Factory/.lynis.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lynis" Fri Jun 19 17:25:33 2020 rev:38 rq:815892 version:3.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/lynis/lynis.changes 2019-11-20 10:30:09.522597214 +0100 +++ /work/SRC/openSUSE:Factory/.lynis.new.3606/lynis.changes 2020-06-19 17:26:24.144420149 +0200 @@ -1,0 +2,28 @@ +Thu Jun 18 12:17:36 UTC 2020 - Robert Frohl <rfr...@suse.com> + +- Update to 3.0.0 + * Security issues + - CVE-2020-13882: incorrect Access Control because of a TOCTOU race condition (boo#1173141). + - CVE-2019-13033: local disclosure of license key when data is uploaded (boo#1173142). + * Breaking change: Non-interactive by default + - Lynis now runs non-interactive by default, to be more in line with the Unix + philosophy. So the previously used '--quick' option is now default, and the tool + will only wait when using the '--wait' option. + * Breaking change: Deprecated options + - Option: -c + - Option: --check-update/--info + - Option: --dump-options + - Option: --license-key + * Breaking change: Profile options + - The format of all profile options are converted (from key:value to key=value). + You may have to update the changes you made in your custom.prf. + * Security + - An important focus area for this release is on security. We added several + measures to further tighten any possible misuse. + * New: DevOps, Forensics, and pentesting mode + - This release adds initial support to allow defining a specialized type of audit + Using the relevant options, the scan will change base on the intended goal. +- Further features, bug fixes and details about the release listed in + https://raw.githubusercontent.com/CISOfy/lynis/3.0.0/CHANGELOG.md + +------------------------------------------------------------------- Old: ---- lynis-2.7.5.tar.gz lynis-2.7.5.tar.gz.asc New: ---- lynis-3.0.0.tar.gz lynis-3.0.0.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lynis.spec ++++++ --- /var/tmp/diff_new_pack.33kROo/_old 2020-06-19 17:26:25.448424005 +0200 +++ /var/tmp/diff_new_pack.33kROo/_new 2020-06-19 17:26:25.448424005 +0200 @@ -1,7 +1,7 @@ # # spec file for package lynis # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # Copyright (c) 2009-2013 Sascha Manns <saigk...@opensuse.org> # # All modifications and additions to the file contributed by third parties @@ -23,12 +23,12 @@ %define _pluginsdir %{_datadir}/lynis/plugins %define _dbdir %{_datadir}/lynis/db Name: lynis -Version: 2.7.5 +Version: 3.0.0 Release: 0 Summary: Security and System auditing tool License: GPL-3.0-only Group: System/Monitoring -Url: https://cisofy.com/lynis/ +URL: https://cisofy.com/lynis/ Source0: https://cisofy.com/files/%{name}-%{version}.tar.gz Source2: tests_binary_rpath Source3: tests_file_permissionsDB ++++++ lynis-2.7.5.tar.gz -> lynis-3.0.0.tar.gz ++++++ ++++ 16616 lines of diff (skipped)