commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2024-06-03 17:43:27 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.24587 (New) Package is "scap-security-guide" Mon Jun 3 17:43:27 2024 rev:35 rq:1178138 version:0.1.73 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2024-02-14 23:19:01.772881956 +0100 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.24587/scap-security-guide.changes 2024-06-03 17:43:32.155194338 +0200 @@ -1,0 +2,9 @@ +Fri May 31 07:52:33 UTC 2024 - Rumen Chikov + +- updated to 0.1.73 (jsc#ECO-3319) + - CMP 2417: Implement PCI-DSS v4.0 outline for OpenShift (#11651) + - Update all RHEL ANSSI BP028 profiles to be aligned with configuration recommendations version 2.0 + - Generate rule references from control files (#11540) + - Initial implementation of STIG V1R1 profile for Ubuntu 22.04 LTS (#11820) + +--- Old: v0.1.72.tar.gz New: v0.1.73.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.i77eZN/_old 2024-06-03 17:43:33.807254712 +0200 +++ /var/tmp/diff_new_pack.i77eZN/_new 2024-06-03 17:43:33.807254712 +0200 @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.72 +Version:0.1.73 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause @@ -137,11 +137,15 @@ SUSE supported in this version of scap-security-guide: - DISA STIG profile for SUSE Linux Enterprise Server 12 and 15 +- ANSSI-BP-028 profile for SUSE Linux Enterprise Server 12 and 15 - PCI-DSS profile for SUSE Linux Enterprise Server 12 and 15 - HIPAA profile for SUSE Linux Enterprise Server 12 and 15 +- CIS profile for SUSE Linux Enterprise Server 12 and 15 +- Hardening for Public Cloud Image of SUSE Linux Enterprise Server for SAP Applications 15 +- Public Cloud Hardening for SUSE Linux Enterprise 15 -Other profiles, like the CIS profile, are community supplied and -not officially supported by SUSE. +Other profiles, like the Standard System Security Profile for SUSE Linux Enterprise 12 and 15, +are community supplied and not officially supported by SUSE. %package redhat Summary:XCCDF files for RHEL, CentOS, Fedora and ScientificLinux ++ v0.1.72.tar.gz -> v0.1.73.tar.gz ++ /work/SRC/openSUSE:Factory/scap-security-guide/v0.1.72.tar.gz /work/SRC/openSUSE:Factory/.scap-security-guide.new.24587/v0.1.73.tar.gz differ: char 13, line 1
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2024-01-10 21:53:20 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.21961 (New) Package is "scap-security-guide" Wed Jan 10 21:53:20 2024 rev:33 rq:1137951 version:0.1.71 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2023-12-21 23:39:32.496570854 +0100 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.21961/scap-security-guide.changes 2024-01-10 21:53:34.622977766 +0100 @@ -8,0 +9,2 @@ +- removed left over file + 0001-Revert-fix-aide-remediations-add-crontabs.patch upstreamed in 0.1.69 Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.gkCrjP/_old 2024-01-10 21:53:35.138996558 +0100 +++ /var/tmp/diff_new_pack.gkCrjP/_new 2024-01-10 21:53:35.142996704 +0100 @@ -1,7 +1,7 @@ # # spec file for package scap-security-guide # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2023-10-19 22:49:44 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1945 (New) Package is "scap-security-guide" Thu Oct 19 22:49:44 2023 rev:30 rq:1118850 version:0.1.70 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2023-08-03 17:30:40.180085325 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1945/scap-security-guide.changes 2023-10-19 22:52:08.648931318 +0200 @@ -1,0 +2,9 @@ +Tue Oct 17 14:44:03 UTC 2023 - Marcus Meissner + +- updated to 0.1.70 (jsc#ECO-3319) + - Add openembedded distro support (#10793) + - Remove DRAFT wording for OpenShift STIG (#11100) + - Remove test-function-check_playbook_file_removed_and_added test (#10982) + - scap-security-guide: Add Poky support (#11046) + +--- Old: v0.1.69.tar.gz New: v0.1.70.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.FRkrXZ/_old 2023-10-19 22:52:09.252953226 +0200 +++ /var/tmp/diff_new_pack.FRkrXZ/_new 2023-10-19 22:52:09.256953370 +0200 @@ -42,13 +42,14 @@ %endif Name: scap-security-guide -Version:0.1.69 +Version:0.1.70 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause Group: Productivity/Security URL:https://github.com/ComplianceAsCode/content %if "%{_vendor}" == "debbuild" +Packager: SUSE Security Team %endif Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz @@ -211,6 +212,7 @@ -DSSG_PRODUCT_OL8=ON \ -DSSG_PRODUCT_OL9=ON \ -DSSG_PRODUCT_OPENSUSE=ON \ +-DSSG_PRODUCT_OPENEMBEDDED=OFF \ -DSSG_PRODUCT_RHCOS4=ON \ -DSSG_PRODUCT_RHEL7=ON \ -DSSG_PRODUCT_RHEL8=ON \ ++ v0.1.69.tar.gz -> v0.1.70.tar.gz ++ /work/SRC/openSUSE:Factory/scap-security-guide/v0.1.69.tar.gz /work/SRC/openSUSE:Factory/.scap-security-guide.new.1945/v0.1.70.tar.gz differ: char 50, line 1
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2023-08-03 17:30:31 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.22712 (New) Package is "scap-security-guide" Thu Aug 3 17:30:31 2023 rev:29 rq:1102115 version:0.1.69 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2023-07-27 16:53:17.118653912 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.22712/scap-security-guide.changes 2023-08-03 17:30:40.180085325 +0200 @@ -1,0 +2,15 @@ +Wed Aug 2 13:49:20 UTC 2023 - Marcus Meissner + +- updated to 0.1.69 (jsc#ECO-3319) + - Introduce a JSON build manifest (#10761) + - Introduce a script to compare ComplianceAsCode versions (#10768) + - Introduce CCN profiles for RHEL9 (#10860) + - Map rules to components (#10609) + - products/anolis23: supports Anolis OS 23 (#10548) + - Render components to HTML (#10709) + - Store rendered control files (#10656) + - Test and use rules to components mapping (#10693) + - Use distributed product properties (#10554) +- 0001-Revert-fix-aide-remediations-add-crontabs.patch: removed, upstream + +--- Old: 0001-Revert-fix-aide-remediations-add-crontabs.patch v0.1.68.tar.gz New: v0.1.69.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.q5qJd7/_old 2023-08-03 17:30:42.068096751 +0200 +++ /var/tmp/diff_new_pack.q5qJd7/_new 2023-08-03 17:30:42.076096799 +0200 @@ -42,18 +42,15 @@ %endif Name: scap-security-guide -Version:0.1.68 +Version:0.1.69 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause Group: Productivity/Security URL:https://github.com/ComplianceAsCode/content %if "%{_vendor}" == "debbuild" -Packager: SUSE Security Team %endif Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz -# upstream fix, will be in 0.69 -Patch1: 0001-Revert-fix-aide-remediations-add-crontabs.patch # explicit require what is needed by the detection logic in the scripts Requires: coreutils @@ -192,7 +189,6 @@ %prep %setup -q -n content-%version -%autopatch -p1 %build cd build @@ -234,6 +230,7 @@ -DSSG_PRODUCT_WRLINUX8=OFF \ -DSSG_PRODUCT_WRLINUX1019=OFF \ -DSSG_PRODUCT_ANOLIS8=OFF \ + -DSSG_PRODUCT_ANOLIS23=OFF \ ../ make ++ v0.1.68.tar.gz -> v0.1.69.tar.gz ++ /work/SRC/openSUSE:Factory/scap-security-guide/v0.1.68.tar.gz /work/SRC/openSUSE:Factory/.scap-security-guide.new.22712/v0.1.69.tar.gz differ: char 22, line 1
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2023-07-27 16:53:01 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.32662 (New) Package is "scap-security-guide" Thu Jul 27 16:53:01 2023 rev:28 rq:1101012 version:0.1.68 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2023-06-16 16:56:37.854339857 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.32662/scap-security-guide.changes 2023-07-27 16:53:17.118653912 +0200 @@ -1,0 +2,6 @@ +Thu Jul 27 06:58:41 UTC 2023 - Marcus Meissner + +- 0001-Revert-fix-aide-remediations-add-crontabs.patch: + revert patch that breaks the SLE hardening (bsc#1213691) + +--- New: 0001-Revert-fix-aide-remediations-add-crontabs.patch Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.ayDZct/_old 2023-07-27 16:53:17.762657551 +0200 +++ /var/tmp/diff_new_pack.ayDZct/_new 2023-07-27 16:53:17.770657596 +0200 @@ -52,6 +52,8 @@ Packager: SUSE Security Team %endif Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz +# upstream fix, will be in 0.69 +Patch1: 0001-Revert-fix-aide-remediations-add-crontabs.patch # explicit require what is needed by the detection logic in the scripts Requires: coreutils @@ -190,6 +192,7 @@ %prep %setup -q -n content-%version +%autopatch -p1 %build cd build ++ 0001-Revert-fix-aide-remediations-add-crontabs.patch ++ >From 8f31dae05cc55de178f3038587ca0d6ff5d12b69 Mon Sep 17 00:00:00 2001 From: Eduardo Barretto Date: Thu, 29 Jun 2023 12:14:35 +0200 Subject: [PATCH] Revert "fix: aide/remediations: add crontabs" This reverts commit ac8389e3ddab599f6f5bf7465636817fb8dbbf3e. Fixes #10725 --- .../aide/aide_periodic_cron_checking/ansible/shared.yml | 6 +++--- .../aide/aide_periodic_cron_checking/bash/shared.sh | 1 - .../aide/aide_periodic_cron_checking/bash/ubuntu.sh | 1 - .../aide/aide_scan_notification/ansible/shared.yml | 6 +++--- .../aide/aide_scan_notification/bash/shared.sh | 1 - 5 files changed, 6 insertions(+), 9 deletions(-) diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/ansible/shared.yml index 7d4063bda2..d60c2e5464 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/ansible/shared.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/ansible/shared.yml @@ -5,10 +5,10 @@ # disruption = low - name: "Ensure AIDE is installed" package: -name: - - aide - - crontabs +name: "{{ item }}" state: present + with_items: +- aide - name: Set cron package name - RedHat set_fact: diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh index a4dac78100..dfa5c1b6c8 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh @@ -1,7 +1,6 @@ # platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle {{{ bash_package_install("aide") }}} -{{{ bash_package_install("crontabs") }}} if ! grep -q "{{{ aide_bin_path }}} --check" /etc/crontab ; then echo "05 4 * * * root {{{ aide_bin_path }}} --check" >> /etc/crontab diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/ubuntu.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/ubuntu.sh index 00bd493ac7..719fd764af 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/ubuntu.sh +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/ubuntu.sh @@ -1,7 +1,6 @@ # platform = multi_platform_ubuntu {{{ bash_package_install("aide") }}} -{{{ bash_package_install("crontabs") }}} # AiDE usually adds its own cron jobs to /etc/cron.daily. If script is there, this rule is
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2023-06-16 16:55:37 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.15902 (New) Package is "scap-security-guide" Fri Jun 16 16:55:37 2023 rev:27 rq:1093441 version:0.1.68 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2023-02-07 18:48:59.835103349 +0100 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.15902/scap-security-guide.changes 2023-06-16 16:56:37.854339857 +0200 @@ -1,0 +2,19 @@ +Thu Jun 15 15:40:16 UTC 2023 - Marcus Meissner + +- updated to 0.1.68 (jsc#ECO-3319) + - Bump OL8 STIG version to V1R6 + - Introduce a Product class, make the project work with it + - Introduce Fedora and Firefox CaC profiles for common workstation users + - OL7 DISA STIG v2r11 update + - Publish rendered policy artifacts + - Update ANSSI BP-028 to version 2.0 +- updated to 0.1.67 (jsc#ECO-3319) + - Add utils/controlrefcheck.py + - RHEL 9 STIG Update Q1 2023 + - Include warning for NetworkManager keyfiles in RHEL9 + - OL7 stig v2r10 update + - Bump version of OL8 STIG to V1R5 +- various enhancements to SLE profiles +- scap-security-guide-UnicodeEncodeError-character-fix.patch: fixed upstream + +--- Old: scap-security-guide-UnicodeEncodeError-character-fix.patch v0.1.66.tar.gz New: v0.1.68.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.R4uzqG/_old 2023-06-16 16:56:38.846345710 +0200 +++ /var/tmp/diff_new_pack.R4uzqG/_new 2023-06-16 16:56:38.850345733 +0200 @@ -1,7 +1,7 @@ # # spec file for package scap-security-guide # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.66 +Version:0.1.68 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause @@ -52,7 +52,6 @@ Packager: SUSE Security Team %endif Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz -Patch0: scap-security-guide-UnicodeEncodeError-character-fix.patch # explicit require what is needed by the detection logic in the scripts Requires: coreutils @@ -190,8 +189,7 @@ Note that the included profiles are community supplied and not officially supported by SUSE.. %prep -%setup -n content-%version -%patch0 -p0 +%setup -q -n content-%version %build cd build ++ v0.1.66.tar.gz -> v0.1.68.tar.gz ++ /work/SRC/openSUSE:Factory/scap-security-guide/v0.1.66.tar.gz /work/SRC/openSUSE:Factory/.scap-security-guide.new.15902/v0.1.68.tar.gz differ: char 16, line 1
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2023-02-07 18:48:50 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.4462 (New) Package is "scap-security-guide" Tue Feb 7 18:48:50 2023 rev:26 rq:1063457 version:0.1.66 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-12-12 17:42:16.233985631 +0100 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.4462/scap-security-guide.changes 2023-02-07 18:48:59.835103349 +0100 @@ -1,0 +2,12 @@ +Mon Feb 6 15:03:31 UTC 2023 - Marcus Meissner + +- updated to 0.1.66 (jsc#ECO-3319) + Â - Ubuntu 22.04 CIS + Â - OL7 stig v2r9 update + Â - Bump OL8 STIG version to V1R4 + Â - Update RHEL7 STIG to V3R10 + Â - Update RHEL8 STIG to V1R9 + Â - Introduce CIS RHEL9 profiles +- also various SUSE profile fixes were done + +--- Old: v0.1.65.tar.gz New: v0.1.66.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.V1RsuH/_old 2023-02-07 18:49:00.627107605 +0100 +++ /var/tmp/diff_new_pack.V1RsuH/_new 2023-02-07 18:49:00.635107649 +0100 @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.65 +Version:0.1.66 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause ++ v0.1.65.tar.gz -> v0.1.66.tar.gz ++ /work/SRC/openSUSE:Factory/scap-security-guide/v0.1.65.tar.gz /work/SRC/openSUSE:Factory/.scap-security-guide.new.4462/v0.1.66.tar.gz differ: char 15, line 1
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-12-12 17:40:08 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1835 (New) Package is "scap-security-guide" Mon Dec 12 17:40:08 2022 rev:25 rq:1042353 version:0.1.65 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-12-03 10:03:49.231301642 +0100 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1835/scap-security-guide.changes 2022-12-12 17:42:16.233985631 +0100 @@ -1,0 +2,11 @@ +Mon Dec 5 10:44:15 UTC 2022 - Marcus Meissner + +- updated to 0.1.65 (jsc#ECO-3319) + - Introduce cui profile for OL9 + - Remove Support for OVAL 5.10 + - Rename account_passwords_pam_faillock_audit + - CI ansible hardening and rename of existing Bash hardening + - Update contributors list for v0.1.65 release + - various SUSE profile specific fixes + +--- Old: v0.1.64.tar.gz New: v0.1.65.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.qOFLGY/_old 2022-12-12 17:42:16.873989230 +0100 +++ /var/tmp/diff_new_pack.qOFLGY/_new 2022-12-12 17:42:16.877989253 +0100 @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.64 +Version:0.1.65 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause @@ -55,14 +55,13 @@ Patch0: scap-security-guide-UnicodeEncodeError-character-fix.patch # explicit require what is needed by the detection logic in the scripts +Requires: coreutils +Requires: findutils Requires: gawk -Requires: sed Requires: grep -Requires: findutils -Requires: coreutils -Requires: zypper +Requires: sed Requires: sudo - +Requires: zypper BuildRequires: cmake @@ -233,6 +232,7 @@ -DSSG_PRODUCT_EKS=OFF \ -DSSG_PRODUCT_WRLINUX8=OFF \ -DSSG_PRODUCT_WRLINUX1019=OFF \ + -DSSG_PRODUCT_ANOLIS8=OFF \ ../ make ++ v0.1.64.tar.gz -> v0.1.65.tar.gz ++ /work/SRC/openSUSE:Factory/scap-security-guide/v0.1.64.tar.gz /work/SRC/openSUSE:Factory/.scap-security-guide.new.1835/v0.1.65.tar.gz differ: char 33, line 1
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-12-03 10:03:34 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1835 (New) Package is "scap-security-guide" Sat Dec 3 10:03:34 2022 rev:24 rq:1039608 version:0.1.64 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-10-06 07:42:33.356734303 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1835/scap-security-guide.changes 2022-12-03 10:03:49.231301642 +0100 @@ -1,0 +2,5 @@ +Fri Nov 25 13:16:15 UTC 2022 - Marcus Meissner + +- require sudo, as remediations touch sudo config or use sudo. + +--- Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.FJYW6p/_old 2022-12-03 10:03:49.767304621 +0100 +++ /var/tmp/diff_new_pack.FJYW6p/_new 2022-12-03 10:03:49.771304643 +0100 @@ -61,6 +61,7 @@ Requires: findutils Requires: coreutils Requires: zypper +Requires: sudo BuildRequires: cmake
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-10-06 07:42:23 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.2275 (New) Package is "scap-security-guide" Thu Oct 6 07:42:23 2022 rev:23 rq:1008181 version:0.1.64 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-10-01 17:44:26.405810193 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.2275/scap-security-guide.changes 2022-10-06 07:42:33.356734303 +0200 @@ -1,0 +2,5 @@ +Wed Oct 5 09:21:53 UTC 2022 - Marcus Meissner + +- enable ubuntu 2204 build + +--- Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.RvjQM2/_old 2022-10-06 07:42:33.860735425 +0200 +++ /var/tmp/diff_new_pack.RvjQM2/_new 2022-10-06 07:42:33.868735443 +0200 @@ -226,6 +226,7 @@ -DSSG_PRODUCT_UBUNTU1604=ON \ -DSSG_PRODUCT_UBUNTU1804=ON \ -DSSG_PRODUCT_UBUNTU2004=ON \ +-DSSG_PRODUCT_UBUNTU2204=ON \ -DSSG_PRODUCT_UOS20=OFF \ -DSSG_PRODUCT_VSEL=OFF \ -DSSG_PRODUCT_EKS=OFF \
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-10-01 17:44:00 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.2275 (New) Package is "scap-security-guide" Sat Oct 1 17:44:00 2022 rev:22 rq:1007411 version:0.1.64 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-09-21 14:44:08.578029528 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.2275/scap-security-guide.changes 2022-10-01 17:44:26.405810193 +0200 @@ -1,0 +2,11 @@ +Sat Oct 1 08:56:49 UTC 2022 - Marcus Meissner + +- updated to 0.1.64 (jsc#ECO-3319) + - Introduce ol9 stig profile + - Introduce Ol9 anssi profiles + - Update RHEL8 STIG to V1R7 + - Introduce e8 profile for OL9 + - Update RHEL7 STIG to V3R8 + - some SUSE profile fixes + +--- Old: v0.1.63.tar.gz New: v0.1.64.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.MJtck4/_old 2022-10-01 17:44:27.029811328 +0200 +++ /var/tmp/diff_new_pack.MJtck4/_new 2022-10-01 17:44:27.033811336 +0200 @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.63 +Version:0.1.64 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause @@ -212,6 +212,7 @@ -DSSG_PRODUCT_OCP4=OFF \ -DSSG_PRODUCT_OL7=ON \ -DSSG_PRODUCT_OL8=ON \ +-DSSG_PRODUCT_OL9=ON \ -DSSG_PRODUCT_OPENSUSE=ON \ -DSSG_PRODUCT_RHCOS4=ON \ -DSSG_PRODUCT_RHEL7=ON \ ++ v0.1.63.tar.gz -> v0.1.64.tar.gz ++ /work/SRC/openSUSE:Factory/scap-security-guide/v0.1.63.tar.gz /work/SRC/openSUSE:Factory/.scap-security-guide.new.2275/v0.1.64.tar.gz differ: char 15, line 1
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-09-21 14:43:08 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.2083 (New) Package is "scap-security-guide" Wed Sep 21 14:43:08 2022 rev:21 rq:1005139 version:0.1.63 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-08-03 21:16:45.335451138 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.2083/scap-security-guide.changes 2022-09-21 14:44:08.578029528 +0200 @@ -1,0 +2,6 @@ +Wed Sep 21 08:24:30 UTC 2022 - Marcus Meissner + +- Added several RPM requires that are needed by the SUSE remediation + scripts. (e.g. awk is not necessary installed) + +--- Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.utza5s/_old 2022-09-21 14:44:09.106030906 +0200 +++ /var/tmp/diff_new_pack.utza5s/_new 2022-09-21 14:44:09.106030906 +0200 @@ -53,6 +53,16 @@ %endif Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz Patch0: scap-security-guide-UnicodeEncodeError-character-fix.patch + +# explicit require what is needed by the detection logic in the scripts +Requires: gawk +Requires: sed +Requires: grep +Requires: findutils +Requires: coreutils +Requires: zypper + + BuildRequires: cmake %if "%{_vendor}" == "debbuild"
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-08-03 21:16:33 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1533 (New) Package is "scap-security-guide" Wed Aug 3 21:16:33 2022 rev:20 rq:992448 version:0.1.63 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-07-18 18:33:17.729702706 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1533/scap-security-guide.changes 2022-08-03 21:16:45.335451138 +0200 @@ -1,0 +2,17 @@ +Sat Jul 30 13:59:29 UTC 2022 - Marcus Meissner + +- updated to 0.1.63 (jsc#ECO-3319) + - multiple bugfixes in SUSE profiles + - Expand project guidelines + - Add Draft OCP4 STIG profile + - Add anssi_bp28_intermediary profile + - add products/uos20 to support UnionTech OS Server 20 + - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles + - Remove WRLinux Products + - Update CIS RHEL8 Benchmark for v2.0.0 +- removed fix-bash-template.patch: fixed upstream +- Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149) +- Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163) +- Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122) + +--- Old: fix-bash-template.patch v0.1.62.tar.gz New: v0.1.63.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.3mBAvP/_old 2022-08-03 21:16:46.247453531 +0200 +++ /var/tmp/diff_new_pack.3mBAvP/_new 2022-08-03 21:16:46.251453542 +0200 @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.62 +Version:0.1.63 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause @@ -53,8 +53,6 @@ %endif Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz Patch0: scap-security-guide-UnicodeEncodeError-character-fix.patch -# upstream d9aa7a49d135be60e1a6f9d2ce4e29560482b3d0 and 3485c8298957b24d97a563079fd648004a92822b -Patch1: fix-bash-template.patch BuildRequires: cmake %if "%{_vendor}" == "debbuild" @@ -184,13 +182,14 @@ %prep %setup -n content-%version %patch0 -p0 -%patch1 -p1 %build cd build cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DCMAKE_INSTALL_MANDIR=%{_mandir} \ -DSSG_PRODUCT_CHROMIUM=OFF \ +-DSSG_PRODUCT_ALINUX2=OFF \ +-DSSG_PRODUCT_ALINUX3=OFF \ -DSSG_PRODUCT_DEBIAN9=ON \ -DSSG_PRODUCT_DEBIAN10=ON \ -DSSG_PRODUCT_DEFAULT=ON \ @@ -216,6 +215,7 @@ -DSSG_PRODUCT_UBUNTU1604=ON \ -DSSG_PRODUCT_UBUNTU1804=ON \ -DSSG_PRODUCT_UBUNTU2004=ON \ +-DSSG_PRODUCT_UOS20=OFF \ -DSSG_PRODUCT_VSEL=OFF \ -DSSG_PRODUCT_EKS=OFF \ -DSSG_PRODUCT_WRLINUX8=OFF \ ++ v0.1.62.tar.gz -> v0.1.63.tar.gz ++ 103317 lines of diff (skipped)
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-07-18 18:33:10 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1523 (New) Package is "scap-security-guide" Mon Jul 18 18:33:10 2022 rev:19 rq:989425 version:0.1.62 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-07-06 15:42:38.566573841 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1523/scap-security-guide.changes 2022-07-18 18:33:17.729702706 +0200 @@ -1,0 +2,5 @@ +Fri Jul 15 11:57:43 UTC 2022 - Julio Gonz??lez Gil + +- Fix the build for RHEL 7 and clones (python-setuptools is used) + +--- Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.gSlOUb/_old 2022-07-18 18:33:18.181703349 +0200 +++ /var/tmp/diff_new_pack.gSlOUb/_new 2022-07-18 18:33:18.185703355 +0200 @@ -68,7 +68,11 @@ BuildRequires: openscap-utils %endif +%if 0%{?rhel} == 7 +BuildRequires: python-setuptools +%else BuildRequires: python3-setuptools +%endif %if 0%{?rhel} == 8 BuildRequires: python3
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-07-06 15:42:24 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1548 (New) Package is "scap-security-guide" Wed Jul 6 15:42:24 2022 rev:18 rq:987136 version:0.1.62 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-06-28 15:23:19.894028303 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1548/scap-security-guide.changes 2022-07-06 15:42:38.566573841 +0200 @@ -1,0 +2,5 @@ +Wed Jul 6 09:26:15 UTC 2022 - Julio Gonz??lez Gil + +- Fix the build for RHEL 9 and clones + +--- Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.l5msba/_old 2022-07-06 15:42:38.990574449 +0200 +++ /var/tmp/diff_new_pack.l5msba/_new 2022-07-06 15:42:38.994574454 +0200 @@ -95,7 +95,7 @@ %if 0%{?rhel} == 7 BuildRequires: python-jinja2 %else -%if 0%{?rhel} == 8 +%if 0%{?rhel} >= 8 BuildRequires: python3-jinja2 %else %if "%{_vendor}" == "debbuild"
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-06-28 15:22:59 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1548 (New) Package is "scap-security-guide" Tue Jun 28 15:22:59 2022 rev:17 rq:985543 version:0.1.62 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-06-10 15:58:02.816857868 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1548/scap-security-guide.changes 2022-06-28 15:23:19.894028303 +0200 @@ -1,0 +2,6 @@ +Mon Jun 27 12:59:21 UTC 2022 - Marcus Meissner + +- fix-bash-template.patch: convert one bash emitter to new jinja method. + (bsc#1200163) + +--- New: fix-bash-template.patch Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.qCsvvS/_old 2022-06-28 15:23:20.902029807 +0200 +++ /var/tmp/diff_new_pack.qCsvvS/_new 2022-06-28 15:23:20.906029814 +0200 @@ -53,6 +53,8 @@ %endif Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz Patch0: scap-security-guide-UnicodeEncodeError-character-fix.patch +# upstream d9aa7a49d135be60e1a6f9d2ce4e29560482b3d0 and 3485c8298957b24d97a563079fd648004a92822b +Patch1: fix-bash-template.patch BuildRequires: cmake %if "%{_vendor}" == "debbuild" @@ -178,6 +180,7 @@ %prep %setup -n content-%version %patch0 -p0 +%patch1 -p1 %build cd build ++ fix-bash-template.patch ++ diff --git a/shared/templates/audit_rules_syscall_events/bash.template b/shared/templates/audit_rules_syscall_events/bash.template index 6532554875..bd5bb94cb9 100644 --- a/shared/templates/audit_rules_syscall_events/bash.template +++ b/shared/templates/audit_rules_syscall_events/bash.template @@ -1,19 +1,20 @@ # platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -# Include source function library. -. /usr/share/scap-security-guide/remediation_functions - # First perform the remediation of the syscall rule # Retrieve hardware architecture of the underlying system [ "$(getconf LONG_BIT)" = "32" ] && RULE_ARCHS=("b32") || RULE_ARCHS=("b32" "b64") for ARCH in "${RULE_ARCHS[@]}" do - PATTERN="-a always,exit -F arch=$ARCH -S {{{ ATTR }}}.*" - GROUP="perm_mod" - FULL_RULE="-a always,exit -F arch=$ARCH -S {{{ ATTR }}} -F auid>={{{ auid }}} -F auid!=4294967295 -F key=perm_mod" + # FULL_RULE="-a always,exit -F arch=$ARCH -S {{{ ATTR }}} -F auid>={{{ auid }}} -F auid!=4294967295 -F key=perm_mod" + ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH" + SYSCALL="{{{ ATTR }}}" + SYSCALL_GROUPING="{{{ ATTR }}}" + AUID_FILTERS="-F auid>={{{ auid }}} -F auid!=4294967295" + KEY="perm_mod" + OTHER_FILTERS="" # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' - fix_audit_syscall_rule "augenrules" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE" - fix_audit_syscall_rule "auditctl" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE" + {{{ bash_fix_audit_syscall_rule("augenrules","$ACTION_ARCH_FILTERS", "$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") }}} + {{{ bash_fix_audit_syscall_rule("auditctl", "$ACTION_ARCH_FILTERS", "$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") }}} done
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-06-10 15:57:40 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1548 (New) Package is "scap-security-guide" Fri Jun 10 15:57:40 2022 rev:16 rq:981542 version:0.1.62 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-05-31 15:48:31.128033494 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1548/scap-security-guide.changes 2022-06-10 15:58:02.816857868 +0200 @@ -1,0 +2,6 @@ +Thu Jun 9 15:31:50 UTC 2022 - Marcus Meissner + +- add python3-setuptools for all builds (so it is also used on debian + and centos flavors) + +--- Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.Hr3QDP/_old 2022-06-10 15:58:03.312858470 +0200 +++ /var/tmp/diff_new_pack.Hr3QDP/_new 2022-06-10 15:58:03.316858474 +0200 @@ -66,12 +66,13 @@ BuildRequires: openscap-utils %endif +BuildRequires: python3-setuptools + %if 0%{?rhel} == 8 BuildRequires: python3 %endif %if 0%{?suse_version} -BuildRequires: python3-setuptools BuildRequires: python3-xml %endif
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-05-31 15:47:23 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1548 (New) Package is "scap-security-guide" Tue May 31 15:47:23 2022 rev:15 rq:979906 version:0.1.62 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-04-11 23:50:35.066152598 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1548/scap-security-guide.changes 2022-05-31 15:48:31.128033494 +0200 @@ -1,0 +2,8 @@ +Mon May 30 12:48:54 UTC 2022 - Marcus Meissner + +- updated to 0.1.62 (jsc#ECO-3319) + - Update rhel8 stig to v1r6 + - OL7 STIG v2r7 update + - Initial definition of ANSSI BP28 minmal profile for SLE + +--- Old: v0.1.61.tar.gz New: v0.1.62.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.LZ4ktW/_old 2022-05-31 15:48:31.628033826 +0200 +++ /var/tmp/diff_new_pack.LZ4ktW/_new 2022-05-31 15:48:31.632033829 +0200 @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.61 +Version:0.1.62 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause @@ -71,8 +71,8 @@ %endif %if 0%{?suse_version} -BuildRequires: python3-xml BuildRequires: python3-setuptools +BuildRequires: python3-xml %endif %if 0%{?rhel} == 7 @@ -120,6 +120,15 @@ Language), CPE (Common Platform Enumeration) and DS (Data Stream) files to run a compliance test on SLE12, SLE15 and openSUSE +SUSE supported in this version of scap-security-guide: + +- DISA STIG profile for SUSE Linux Enterprise Server 12 and 15 +- PCI-DSS profile for SUSE Linux Enterprise Server 12 and 15 +- HIPAA profile for SUSE Linux Enterprise Server 12 and 15 + +Other profiles, like the CIS profile, are community supplied and +not officially supported by SUSE. + %package redhat Summary:XCCDF files for RHEL, CentOS, Fedora and ScientificLinux Group: Productivity/Security @@ -135,6 +144,8 @@ Language), CPE (Common Platform Enumeration) and DS (Data Stream) files to run a compliance test on various Redhat products, CentOS, Oracle Linux, Fedora and ScientificLinux. +Note that the included profiles are community supplied and not officially supported by SUSE.. + %package debian Summary:XCCDF files for Debian Group: Productivity/Security @@ -147,6 +158,8 @@ Language), CPE (Common Platform Enumeration) and DS (Data Stream) files to run a compliance test on Debian. +Note that the included profiles are community supplied and not officially supported by SUSE.. + %package ubuntu Summary:XCCDF files for Ubuntu Group: Productivity/Security @@ -159,6 +172,7 @@ Language), CPE (Common Platform Enumeration) and DS (Data Stream) files to run a compliance test on Ubuntu. +Note that the included profiles are community supplied and not officially supported by SUSE.. %prep %setup -n content-%version ++ v0.1.61.tar.gz -> v0.1.62.tar.gz ++ 233799 lines of diff (skipped)
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-04-11 23:49:07 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1900 (New) Package is "scap-security-guide" Mon Apr 11 23:49:07 2022 rev:14 rq:969149 version:0.1.61 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-02-22 21:19:14.094297737 +0100 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1900/scap-security-guide.changes 2022-04-11 23:50:35.066152598 +0200 @@ -1,0 +2,8 @@ +Mon Apr 4 08:40:40 UTC 2022 - Marcus Meissner + +- updated to 0.1.61 (jsc#ECO-3319) + - Stop building PCI-DSS-centric XCCDF benchmark for RHEL 7 + - Introduce OL9 product + - Implement handling of logical expressions in platform definitions + +--- Old: v0.1.60.tar.gz New: v0.1.61.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.6O3qrs/_old 2022-04-11 23:50:36.738133522 +0200 +++ /var/tmp/diff_new_pack.6O3qrs/_new 2022-04-11 23:50:36.742133477 +0200 @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.60 +Version:0.1.61 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause @@ -72,6 +72,7 @@ %if 0%{?suse_version} BuildRequires: python3-xml +BuildRequires: python3-setuptools %endif %if 0%{?rhel} == 7 ++ v0.1.60.tar.gz -> v0.1.61.tar.gz ++ 143067 lines of diff (skipped)
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-02-22 21:18:30 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1958 (New) Package is "scap-security-guide" Tue Feb 22 21:18:30 2022 rev:13 rq:956819 version:0.1.60 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-01-29 20:59:59.167519495 +0100 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1958/scap-security-guide.changes 2022-02-22 21:19:14.094297737 +0100 @@ -1,0 +2,5 @@ +Tue Feb 22 15:19:07 UTC 2022 - Marcus Meissner + +- bump disk size constraints to 7gb to avoid occasional disk fulls failures. + +--- Other differences: -- ++ _constraints ++ --- /var/tmp/diff_new_pack.soB8H6/_old 2022-02-22 21:19:14.898297885 +0100 +++ /var/tmp/diff_new_pack.soB8H6/_new 2022-02-22 21:19:14.902297887 +0100 @@ -1,7 +1,7 @@ - 6 + 7
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-01-29 20:59:27 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1898 (New) Package is "scap-security-guide" Sat Jan 29 20:59:27 2022 rev:12 rq:949739 version:0.1.60 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2021-12-02 02:26:33.092338129 +0100 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1898/scap-security-guide.changes 2022-01-29 20:59:59.167519495 +0100 @@ -1,0 +2,8 @@ +Thu Jan 27 13:43:18 UTC 2022 - Marcus Meissner + +- updated to 0.1.60 (jsc#ECO-3319) + - New draft stig profile v1r1 for OL8 + - New product Amazon EKS platform and initial CIS profiles + - New product CentOS Stream 9, as a derivative from RHEL9 product + +--- Old: v0.1.59.tar.gz New: v0.1.60.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.Eg7Ks2/_old 2022-01-29 20:59:59.831515031 +0100 +++ /var/tmp/diff_new_pack.Eg7Ks2/_new 2022-01-29 20:59:59.835515005 +0100 @@ -1,7 +1,7 @@ # # spec file for package scap-security-guide # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.59 +Version:0.1.60 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause @@ -194,6 +194,7 @@ -DSSG_PRODUCT_UBUNTU1804=ON \ -DSSG_PRODUCT_UBUNTU2004=ON \ -DSSG_PRODUCT_VSEL=OFF \ + -DSSG_PRODUCT_EKS=OFF \ -DSSG_PRODUCT_WRLINUX8=OFF \ -DSSG_PRODUCT_WRLINUX1019=OFF \ ../ @@ -234,10 +235,11 @@ %license LICENSE %endif %dir %{_datadir}/doc/scap-security-guide/guides/ +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-centos* +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-cs9* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-fedora* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-ol* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-rh* -%doc %{_datadir}/doc/scap-security-guide/guides/ssg-centos* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-sl7* %dir %{_datadir}/doc/scap-security-guide/tables/ %doc %{_datadir}/doc/scap-security-guide/tables/table-ol* @@ -248,18 +250,20 @@ %dir %{_datadir}/scap-security-guide/tailoring/ %dir %{_datadir}/scap-security-guide/bash/ %dir %{_datadir}/scap-security-guide/kickstart/ +%{_datadir}/scap-security-guide/*/*centos* +%{_datadir}/scap-security-guide/*/*cs9* %{_datadir}/scap-security-guide/*/*fedora* %{_datadir}/scap-security-guide/*/*ol* %{_datadir}/scap-security-guide/*/*rh* %{_datadir}/scap-security-guide/*/*sl7* -%{_datadir}/scap-security-guide/*/*centos* %dir %{_datadir}/xml/scap/ %dir %{_datadir}/xml/scap/ssg/ %dir %{_datadir}/xml/scap/ssg/content/ +%{_datadir}/xml/scap/ssg/content/*-centos* +%{_datadir}/xml/scap/ssg/content/*-cs9* %{_datadir}/xml/scap/ssg/content/*-fedora* %{_datadir}/xml/scap/ssg/content/*-ol* %{_datadir}/xml/scap/ssg/content/*-rh* -%{_datadir}/xml/scap/ssg/content/*-centos* %{_datadir}/xml/scap/ssg/content/*-sl7* %files debian ++ v0.1.59.tar.gz -> v0.1.60.tar.gz ++ 70137 lines of diff (skipped)
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2021-11-30 23:15:52 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.31177 (New) Package is "scap-security-guide" Tue Nov 30 23:15:52 2021 rev:11 rq:934677 version:0.1.59 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2021-10-11 15:32:00.766883015 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.31177/scap-security-guide.changes 2021-12-02 02:26:33.092338129 +0100 @@ -1,0 +2,9 @@ +Sat Nov 27 15:39:12 UTC 2021 - Marcus Meissner + +- updated to 0.1.59 release (jsc#ECO-3319) + - Support for Debian 11 + - NERC CIP profiles for OCP4 and RHCOS + - HIPAA profile for SLE15 + - Delta Tailoring Files for STIG profiles + +--- Old: v0.1.58.tar.gz New: v0.1.59.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.woLcos/_old 2021-12-02 02:26:33.748335864 +0100 +++ /var/tmp/diff_new_pack.woLcos/_new 2021-12-02 02:26:33.752335851 +0100 @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.58 +Version:0.1.59 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause @@ -245,6 +245,7 @@ %dir %{_datadir}/doc/scap-security-guide/ %dir %{_datadir}/scap-security-guide/ %dir %{_datadir}/scap-security-guide/ansible/ +%dir %{_datadir}/scap-security-guide/tailoring/ %dir %{_datadir}/scap-security-guide/bash/ %dir %{_datadir}/scap-security-guide/kickstart/ %{_datadir}/scap-security-guide/*/*fedora* ++ v0.1.58.tar.gz -> v0.1.59.tar.gz ++ 224943 lines of diff (skipped)
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2021-10-11 15:31:10 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.2443 (New) Package is "scap-security-guide" Mon Oct 11 15:31:10 2021 rev:10 rq:924190 version:0.1.58 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2021-09-25 22:51:41.395367849 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.2443/scap-security-guide.changes 2021-10-11 15:32:00.766883015 +0200 @@ -1,0 +2,6 @@ +Wed Oct 6 09:00:15 UTC 2021 - Alexander Bergmann + +- Fix SLE-12 build issue caused by '\xb0' character (bsc#1191431). + - Add scap-security-guide-UnicodeEncodeError-character-fix.patch + +--- New: scap-security-guide-UnicodeEncodeError-character-fix.patch Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.mUGJMQ/_old 2021-10-11 15:32:01.234883765 +0200 +++ /var/tmp/diff_new_pack.mUGJMQ/_new 2021-10-11 15:32:01.238883772 +0200 @@ -52,6 +52,7 @@ Packager: SUSE Security Team %endif Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz +Patch0: scap-security-guide-UnicodeEncodeError-character-fix.patch BuildRequires: cmake %if "%{_vendor}" == "debbuild" @@ -159,7 +160,8 @@ %prep -%autosetup -n content-%version +%setup -n content-%version +%patch0 -p0 %build cd build ++ scap-security-guide-UnicodeEncodeError-character-fix.patch ++ diff -Nurp content-0.1.58-orig/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/bash/shared.sh content-0.1.58/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/bash/shared.sh --- linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/bash/shared.sh 2021-09-24 15:03:29.0 +0200 +++ linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/bash/shared.sh 2021-10-06 14:39:43.949753820 +0200 @@ -3,6 +3,6 @@ {{{ bash_instantiate_variables("var_password_pam_tally2") }}} # Use a non-number regexp to force update of the value of the deny option -{{{ bash_ensure_pam_module_options('/etc/pam.d/common-auth', 'auth', 'required', 'pam_tally2.so', 'deny', '??', "${var_password_pam_tally2}") }}} +{{{ bash_ensure_pam_module_options('/etc/pam.d/common-auth', 'auth', 'required', 'pam_tally2.so', 'deny', 'X', "${var_password_pam_tally2}") }}} {{{ bash_ensure_pam_module_options('/etc/pam.d/common-auth', 'auth', 'required', 'pam_tally2.so', 'onerr', '(fail)', 'fail') }}} {{{ bash_ensure_pam_module_options('/etc/pam.d/common-account', 'account', 'required', 'pam_tally2.so', '', '', '') }}}
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2021-09-25 22:51:30 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1899 (New) Package is "scap-security-guide" Sat Sep 25 22:51:30 2021 rev:9 rq:921417 version:0.1.58 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2021-08-01 21:52:12.239196054 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1899/scap-security-guide.changes 2021-09-25 22:51:41.395367849 +0200 @@ -1,0 +2,10 @@ +Fri Sep 24 15:16:30 UTC 2021 - Marcus Meissner + +- updated to 0.1.58 release (jsc#ECO-3319) +- Support for Script Checking Engine (SCE) +- Split RHEL 8 CIS profile using new controls file format +- CIS Profiles for SLE12 +- Initial Ubuntu 20.04 STIG Profiles +- Addition of an automated CCE adder + +--- Old: v0.1.57.tar.gz New: v0.1.58.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.WUZNaw/_old 2021-09-25 22:51:41.923368521 +0200 +++ /var/tmp/diff_new_pack.WUZNaw/_new 2021-09-25 22:51:41.927368526 +0200 @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.57 +Version:0.1.58 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause ++ v0.1.57.tar.gz -> v0.1.58.tar.gz ++ 94749 lines of diff (skipped)
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2021-08-01 21:51:50 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1899 (New) Package is "scap-security-guide" Sun Aug 1 21:51:50 2021 rev:8 rq:909618 version:0.1.57 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2021-06-04 00:34:25.313019086 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1899/scap-security-guide.changes 2021-08-01 21:52:12.239196054 +0200 @@ -1,0 +2,9 @@ +Tue Jul 13 14:41:16 UTC 2021 - Marcus Meissner + +- updated to 0.1.57 release (jsc#ECO-3319) + - CIS profile for RHEL 7 is updated + - initial CIS profiles for Ubuntu 20.04 + - Major improvement of RHEL 9 content + - new release process implemented using Github actions + +--- Old: v0.1.56.tar.gz New: _constraints v0.1.57.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.YSqYbn/_old 2021-08-01 21:52:12.675195541 +0200 +++ /var/tmp/diff_new_pack.YSqYbn/_new 2021-08-01 21:52:12.679195536 +0200 @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.56 +Version:0.1.57 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause ++ _constraints ++ 6 ++ v0.1.56.tar.gz -> v0.1.57.tar.gz ++ 169788 lines of diff (skipped)
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2021-06-04 00:34:06 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1898 (New) Package is "scap-security-guide" Fri Jun 4 00:34:06 2021 rev:7 rq:897243 version:0.1.56 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2021-06-01 10:38:29.296917907 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1898/scap-security-guide.changes 2021-06-04 00:34:25.313019086 +0200 @@ -1,0 +2,5 @@ +Wed Jun 2 15:03:42 UTC 2021 - Julio Gonz??lez Gil + +- Specify the maintainer, for deb packages. + +--- Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.IKrKmy/_old 2021-06-04 00:34:25.805019618 +0200 +++ /var/tmp/diff_new_pack.IKrKmy/_new 2021-06-04 00:34:25.805019618 +0200 @@ -49,7 +49,7 @@ Group: Productivity/Security URL:https://github.com/ComplianceAsCode/content %if "%{_vendor}" == "debbuild" -%else +Packager: SUSE Security Team %endif Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz BuildRequires: cmake
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2021-06-01 10:37:22 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1898 (New) Package is "scap-security-guide" Tue Jun 1 10:37:22 2021 rev:6 rq:895670 version:0.1.56 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2021-03-25 14:52:22.340488335 +0100 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1898/scap-security-guide.changes 2021-06-01 10:38:29.296917907 +0200 @@ -1,0 +2,12 @@ +Wed May 26 15:19:40 UTC 2021 - Marcus Meissner + +- updated to 0.1.56 release (jsc#ECO-3319) + - Align ism_o profile with latest ISM SSP (#6878) + - Align RHEL 7 STIG profile with DISA STIG V3R3 + - Creating new RHEL 7 STIG GUI profile (#6863) + - Creating new RHEL 8 STIG GUI profile (#6862) + - Add the RHEL9 product (#6801) + - Initial support for SUSE SLE-15 (#) + - add support for osbuild blueprint remediations (#6970) + +--- Old: v0.1.55git20210323.tar.gz New: v0.1.56.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.dJAVrz/_old 2021-06-01 10:38:31.384921462 +0200 +++ /var/tmp/diff_new_pack.dJAVrz/_new 2021-06-01 10:38:31.388921470 +0200 @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.55git20210323 +Version:0.1.56 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause @@ -51,8 +51,7 @@ %if "%{_vendor}" == "debbuild" %else %endif -#Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz -Source: v%{version}.tar.gz +Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz BuildRequires: cmake %if "%{_vendor}" == "debbuild" @@ -163,7 +162,6 @@ %autosetup -n content-%version %build -mkdir build cd build cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DCMAKE_INSTALL_MANDIR=%{_mandir} \ @@ -184,6 +182,7 @@ -DSSG_PRODUCT_RHCOS4=ON \ -DSSG_PRODUCT_RHEL7=ON \ -DSSG_PRODUCT_RHEL8=ON \ +-DSSG_PRODUCT_RHEL9=ON \ -DSSG_PRODUCT_RHOSP10=ON \ -DSSG_PRODUCT_RHOSP13=ON \ -DSSG_PRODUCT_RHV4=ON \ ++ v0.1.55git20210323.tar.gz -> v0.1.56.tar.gz ++ /work/SRC/openSUSE:Factory/scap-security-guide/v0.1.55git20210323.tar.gz /work/SRC/openSUSE:Factory/.scap-security-guide.new.1898/v0.1.56.tar.gz differ: char 4, line 1
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2021-03-25 14:52:21 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.2401 (New) Package is "scap-security-guide" Thu Mar 25 14:52:21 2021 rev:5 rq:881077 version:0.1.55git20210323 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2021-03-20 21:26:27.741210864 +0100 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.2401/scap-security-guide.changes 2021-03-25 14:52:22.340488335 +0100 @@ -1,0 +2,8 @@ +Wed Mar 24 13:25:26 UTC 2021 - Marcus Meissner + +- updated to a intermediate GIT snapshot of 20210323 (jsc#ECO-3319) + - initial SLES15 STIG added + - more SLES 12 STIG work + - correct tables and cross references for SLES 12 and 15 STIG + +--- @@ -8,0 +17 @@ +- avoid some non sles12 sp2 available macros. Old: v0.1.55.tar.gz New: v0.1.55git20210323.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.gkZde5/_old 2021-03-25 14:52:25.096491137 +0100 +++ /var/tmp/diff_new_pack.gkZde5/_new 2021-03-25 14:52:25.100491142 +0100 @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.55 +Version:0.1.55git20210323 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause @@ -51,7 +51,8 @@ %if "%{_vendor}" == "debbuild" %else %endif -Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz +#Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz +Source: v%{version}.tar.gz BuildRequires: cmake %if "%{_vendor}" == "debbuild" @@ -162,6 +163,7 @@ %autosetup -n content-%version %build +mkdir build cd build cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DCMAKE_INSTALL_MANDIR=%{_mandir} \ @@ -169,7 +171,6 @@ -DSSG_PRODUCT_DEBIAN9=ON \ -DSSG_PRODUCT_DEBIAN10=ON \ -DSSG_PRODUCT_DEFAULT=ON \ --DSSG_PRODUCT_EAP6=OFF \ -DSSG_PRODUCT_EXAMPLE=OFF \ -DSSG_PRODUCT_FEDORA=ON \ -DSSG_PRODUCT_FIREFOX=OFF \ @@ -181,7 +182,6 @@ -DSSG_PRODUCT_OL8=ON \ -DSSG_PRODUCT_OPENSUSE=ON \ -DSSG_PRODUCT_RHCOS4=ON \ --DSSG_PRODUCT_RHEL6=ON \ -DSSG_PRODUCT_RHEL7=ON \ -DSSG_PRODUCT_RHEL8=ON \ -DSSG_PRODUCT_RHOSP10=ON \ @@ -196,11 +196,11 @@ -DSSG_PRODUCT_WRLINUX8=OFF \ -DSSG_PRODUCT_WRLINUX1019=OFF \ ../ -%make_build +make %install cd build/ -%make_install +make install DESTDIR=%buildroot %files %if "%{_vendor}" != "debbuild"
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2021-03-20 21:25:59 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.2401 (New) Package is "scap-security-guide" Sat Mar 20 21:25:59 2021 rev:4 rq:880138 version:0.1.55 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2021-03-15 10:54:47.353207530 +0100 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.2401/scap-security-guide.changes 2021-03-20 21:26:27.741210864 +0100 @@ -1,0 +2,9 @@ +Fri Mar 19 15:08:35 UTC 2021 - Marcus Meissner + +- updated to 0.1.55 release (jsc#ECO-3319) + - big update of rules used in SLES-12 STIG profile + - Render policy to HTML (#6532) + - Add variable support to yamlfile_value template (#6563) + - Introduce new template for dconf configuration files (#6118) + +--- Old: v0.1.54.tar.gz New: v0.1.55.tar.gz Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.FkgkmQ/_old 2021-03-20 21:26:28.549211810 +0100 +++ /var/tmp/diff_new_pack.FkgkmQ/_new 2021-03-20 21:26:28.553211813 +0100 @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version:0.1.54 +Version:0.1.55 Release:0 Summary:XCCDF files for SUSE Linux and openSUSE License:BSD-3-Clause ++ v0.1.54.tar.gz -> v0.1.55.tar.gz ++ /work/SRC/openSUSE:Factory/scap-security-guide/v0.1.54.tar.gz /work/SRC/openSUSE:Factory/.scap-security-guide.new.2401/v0.1.55.tar.gz differ: char 13, line 1
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2021-03-15 10:54:46 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.2401 (New) Package is "scap-security-guide" Mon Mar 15 10:54:46 2021 rev:3 rq:878597 version:0.1.54 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2021-02-26 22:00:08.699857368 +0100 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.2401/scap-security-guide.changes 2021-03-15 10:54:47.353207530 +0100 @@ -1,0 +2,6 @@ +Fri Mar 12 14:14:10 UTC 2021 - Julio Gonz??lez Gil + +- Add the redhat conflict for packages built on redhat clones + or Fedora + +--- Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.Q7VleS/_old 2021-03-15 10:54:47.997208519 +0100 +++ /var/tmp/diff_new_pack.Q7VleS/_new 2021-03-15 10:54:47.997208519 +0100 @@ -121,6 +121,9 @@ %package redhat Summary:XCCDF files for RHEL, CentOS, Fedora and ScientificLinux Group: Productivity/Security +%if 0%{?fedora} || 0%{?rhel} +Conflicts: scap-security-guide +%endif %description redhat Security Content Automation Protocol (SCAP) Security Guide for Redhat/Fedora/CentOS/OracleLinux/ScientificLinux.
commit scap-security-guide for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2021-02-26 22:00:06 Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.2378 (New) Package is "scap-security-guide" Fri Feb 26 22:00:06 2021 rev:2 rq:875317 version:0.1.54 Changes: --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2021-02-22 14:40:04.836599046 +0100 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.2378/scap-security-guide.changes 2021-02-26 22:00:08.699857368 +0100 @@ -1,0 +2,5 @@ +Fri Feb 26 08:45:24 UTC 2021 - Marcus Meissner + +- remove redhat conflict. + +--- Other differences: -- ++ scap-security-guide.spec ++ --- /var/tmp/diff_new_pack.j7C7zf/_old 2021-02-26 22:00:09.323857915 +0100 +++ /var/tmp/diff_new_pack.j7C7zf/_new 2021-02-26 22:00:09.327857919 +0100 @@ -1,7 +1,7 @@ # -# spec file for package openscap-content-stig +# spec file for package scap-security-guide # -# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,9 +12,10 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # + %if ! (0%{?fedora} || 0%{?rhel} > 5) %if "%{_vendor}" == "debbuild" %global __python /usr/bin/python3 @@ -43,14 +44,12 @@ Name: scap-security-guide Version: 0.1.54 Release: 0 -License: BSD-3-Clause Summary: XCCDF files for SUSE Linux and openSUSE -Url: https://github.com/ComplianceAsCode/content +License:BSD-3-Clause +Group: Productivity/Security +URL:https://github.com/ComplianceAsCode/content %if "%{_vendor}" == "debbuild" -Packager: Uyuni packagers -Group: admin %else -Group: Productivity/Security %endif Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz BuildRequires: cmake @@ -58,8 +57,8 @@ %if "%{_vendor}" == "debbuild" %{!?_licensedir:%global license %%doc} BuildRequires: libopenscap8 -BuildRequires: libxslt1.1 BuildRequires: libxml2-utils +BuildRequires: libxslt1.1 BuildRequires: xsltproc %else BuildRequires: libxslt @@ -102,8 +101,8 @@ %endif %endif -BuildRequires: libxml2 BuildRequires: expat +BuildRequires: libxml2 # not on SLES currently %if 0%{?is_opensuse} || 0%{?fedora} || "%{_vendor}" == "debbuild" BuildRequires: ansible @@ -120,8 +119,8 @@ files to run a compliance test on SLE12, SLE15 and openSUSE %package redhat -Conflicts: scap-security-guide Summary: XCCDF files for RHEL, CentOS, Fedora and ScientificLinux +Group: Productivity/Security %description redhat Security Content Automation Protocol (SCAP) Security Guide for Redhat/Fedora/CentOS/OracleLinux/ScientificLinux. @@ -133,6 +132,7 @@ %package debian Summary: XCCDF files for Debian +Group: Productivity/Security %description debian Security Content Automation Protocol (SCAP) Security Guide for Debian. @@ -144,6 +144,7 @@ %package ubuntu Summary: XCCDF files for Ubuntu +Group: Productivity/Security %description ubuntu Security Content Automation Protocol (SCAP) Security Guide for Ubuntu. @@ -256,7 +257,6 @@ %{_datadir}/xml/scap/ssg/content/*-centos* %{_datadir}/xml/scap/ssg/content/*-sl7* - %files debian %if "%{_vendor}" != "debbuild" %license LICENSE