diff --git a/1.2.16.tar.gz b/1.2.16.tar.gz
deleted file mode 100644
index 9851dc6..0000000
--- a/1.2.16.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7cc7853faddaa54fea69f642ace6ba561920ca3fd9199ae8f5c322e1281b18fb
-size 12489871
diff --git a/1.2.17.tar.gz b/1.2.17.tar.gz
new file mode 100644
index 0000000..a54160e
--- /dev/null
+++ b/1.2.17.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:877eeb69cf19f8cef9d161fabaa389b0a85477ddaf3be21e9ee3b84d4ca1841b
+size 12517674
diff --git a/openscap.changes b/openscap.changes
index e1349c5..2aef3b1 100644
--- a/openscap.changes
+++ b/openscap.changes
@@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Thu Jun 7 08:46:23 UTC 2018 - meissner@suse.com
+
+- scap-yast2sec-xccdf.xml: remove platform cpe match, as it is impossible
+ to match both opensuse and sles or official suse_linux_enterprise_server
+ names at once. (bsc#1091040)
+
+-------------------------------------------------------------------
+Tue May 29 09:47:16 UTC 2018 - meissner@suse.com
+
+- openscap-1.2.17
+ - New features
+ - HTML Guide user experience improvements
+ - New options in HTML report "Group By" menu
+ - oscap-ssh supports --oval-results (issue #863)
+ - Maintenance
+ - Support comparing state record elements with item
+ - Updated Bash completion
+ - Make Bash role headers consistent with --help output
+ - Fixed problems reported by Coverity (issue #909)
+ - Fixed CVE schema to support 4 to 7 digits CVEs
+ - Fix output of generated bash role missing fix message
+ - Fix oscap-docker to clean up temporary image (RHBZ #1454637)
+ - Fix Ansible remediations generation
+ - Add a newline between ids in xccdf info (issue #968)
+ - Fix unknown subtype handling in oval_subtype_parse (issue #986)
+ - Outsourced the pthreads feature check and setup
+ - Speed up in debug mode
+ - Refactored the Python handling in build scripts
+ - Prevent reading from host in offline mode (issue #1001)
+ - Many probes use OWN offline mode
+ - Improve offline mode logic in OVAL probes
+ - Do not use chroot in system_info probe
+ - Prevent a segfault in oscap_seterr on Solaris
+ - Out of tree build is possible
+ - Use chroot for RPM probes in offline mode
+ - PEP8 accepts lines up to 99 characters
+ - New configure parameter --with-oscap-temp-dir (issue #1016)
+ - Fixed OVAL record elements namespace and SEXP conversion
+ - Removed '\r' characters from help output (issue #1023)
+ - Full Python 3 compatibility
+ - Removed basic Python implementation of oval_probes.c
+ - Added support for Travis CI and Sonar Cloud
+ - Minor fixes inspired by Sonar Cloud
+ - Added Fedora 29 CPE
+ - New tests in upstream test suite (offline mode, Ansible, etc.)
+
-------------------------------------------------------------------
Thu Apr 26 12:56:42 UTC 2018 - meissner@suse.com
@@ -23,7 +70,7 @@ Thu Feb 22 13:41:36 UTC 2018 - meissner@suse.com
-------------------------------------------------------------------
Thu Nov 23 13:44:24 UTC 2017 - rbrown@suse.com
-- Replace references to /var/adm/fillup-templates with new
+- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
-------------------------------------------------------------------
@@ -56,38 +103,38 @@ Tue Nov 14 12:14:41 UTC 2017 - meissner@suse.com
Fri Aug 25 13:41:48 UTC 2017 - meissner@suse.com
- openscap-1.2.15 / 25-08-2017
- - New features
- - short profile names can be used instead of long IDs
- - new option --rule allows to evaluate only a single rule
- - new option --fix-type in "oscap xccdf generate fix" allows choosing
- remediation script type without typing long URL
- - "oscap info" shows profile titles
- - OVAL details in HTML report are easier to read
- - HTML report is smaller because unselected rules are removed
- - HTML report supports NIST 800-171 and CJIS
- - remediation scripts contain headers with useful information
- - remediation scripts report progress when they run
- - basic support for Oracle Linux (CPEs, runlevels)
- - remediation scripts can be generated from datastreams that contain
- multiple XCCDF benchmarks (issue #772)
- - basic support for OVAL 5.11.2 (only schemas, no features)
- - enabled offline RPM database in rpminfo probe (issue #778)
- - added Fedora 28 CPE
- - Maintenance
- - fixed oscap-docker with Docker >= 2.0 (issue #794)
- - fixed behavior of sysctl probe to be consistent with sysctl tool
- - fixed generating remediation scripts (issue #723, #773)
- - severity of tailored rules is not discarded (issue #739)
- - fixed errors in RPM probes initialization
- - oscap-docker shows all warnings reported by oscap (issue #713)
- - small improvements in verbose mode
- - standard C operations are used instead of custom OpenSCAP operations
- - fixed compiler warnings
- - fixed missing header files
- - fixed resource leaks (issue #715)
- - fixed pkgconfig file (RHBZ #1414777)
- - refactoring
- - documentation fixes and improvements
+ - New features
+ - short profile names can be used instead of long IDs
+ - new option --rule allows to evaluate only a single rule
+ - new option --fix-type in "oscap xccdf generate fix" allows choosing
+ remediation script type without typing long URL
+ - "oscap info" shows profile titles
+ - OVAL details in HTML report are easier to read
+ - HTML report is smaller because unselected rules are removed
+ - HTML report supports NIST 800-171 and CJIS
+ - remediation scripts contain headers with useful information
+ - remediation scripts report progress when they run
+ - basic support for Oracle Linux (CPEs, runlevels)
+ - remediation scripts can be generated from datastreams that contain
+ multiple XCCDF benchmarks (issue #772)
+ - basic support for OVAL 5.11.2 (only schemas, no features)
+ - enabled offline RPM database in rpminfo probe (issue #778)
+ - added Fedora 28 CPE
+ - Maintenance
+ - fixed oscap-docker with Docker >= 2.0 (issue #794)
+ - fixed behavior of sysctl probe to be consistent with sysctl tool
+ - fixed generating remediation scripts (issue #723, #773)
+ - severity of tailored rules is not discarded (issue #739)
+ - fixed errors in RPM probes initialization
+ - oscap-docker shows all warnings reported by oscap (issue #713)
+ - small improvements in verbose mode
+ - standard C operations are used instead of custom OpenSCAP operations
+ - fixed compiler warnings
+ - fixed missing header files
+ - fixed resource leaks (issue #715)
+ - fixed pkgconfig file (RHBZ #1414777)
+ - refactoring
+ - documentation fixes and improvements
-------------------------------------------------------------------
Fri Apr 7 09:35:00 UTC 2017 - jengelh@inai.de
@@ -277,24 +324,24 @@ Tue Jan 19 10:22:08 UTC 2016 - meissner@suse.com
Thu Dec 3 13:06:14 UTC 2015 - meissner@suse.com
- openscap 1.2.7 release
- - New features
- - OVAL 5.11.1 fully supported
- - oscap-vm - tool for offline scanning of virtual machines
- - verbose mode
- - added SLED, SLES and OpenSUSE CPE names
- - show profile description in HTML report and guide
- - group rules by PCI DSS identifier in HTML report
- - preliminary support for Ansible Playbooks within xccdf:fix
- - added "How to contribute" and "Versioning" documents
- - Maintenance
- - using bziped RHSA documents in oscap-docker
- - fixed errors of sysctl probe
- - fixed skip-valid option (issue #203)
- - fixed segmentation faults in SCE content reporting (issue #231)
- - fixed tracebacks of scap-as-rpm
- - fixed invalid memory reads in rpmverifyfile probe (issue #212)
- - updated README and user manual
- - many small bugfixes and new tests
+ - New features
+ - OVAL 5.11.1 fully supported
+ - oscap-vm - tool for offline scanning of virtual machines
+ - verbose mode
+ - added SLED, SLES and OpenSUSE CPE names
+ - show profile description in HTML report and guide
+ - group rules by PCI DSS identifier in HTML report
+ - preliminary support for Ansible Playbooks within xccdf:fix
+ - added "How to contribute" and "Versioning" documents
+ - Maintenance
+ - using bziped RHSA documents in oscap-docker
+ - fixed errors of sysctl probe
+ - fixed skip-valid option (issue #203)
+ - fixed segmentation faults in SCE content reporting (issue #231)
+ - fixed tracebacks of scap-as-rpm
+ - fixed invalid memory reads in rpmverifyfile probe (issue #212)
+ - updated README and user manual
+ - many small bugfixes and new tests
- openscap-new-inventory.patch: upstreamed
- fix-missing-include.dif: refreshed, 1 hunk upstream
diff --git a/openscap.spec b/openscap.spec
index 7333102..b3f9c29 100644
--- a/openscap.spec
+++ b/openscap.spec
@@ -25,7 +25,7 @@
%define with_bindings 0
Name: openscap
-Version: 1.2.16
+Version: 1.2.17
Release: 1.0
Source: https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz
Source2: sysconfig.oscap-scan
@@ -293,7 +293,11 @@ ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml %{buildroot}/%{_datadir}/ope
%files docker
%defattr(-, root, root)
+%if 0%{?suse_version} >= 1500
+%{python3_sitelib}/oscap_docker_python
+%else
%{python_sitelib}/oscap_docker_python
+%endif
%{_bindir}/oscap-docker
%if 0%{?with_bindings}
diff --git a/scap-yast2sec-xccdf.xml b/scap-yast2sec-xccdf.xml
index be4c10e..f060fac 100644
--- a/scap-yast2sec-xccdf.xml
+++ b/scap-yast2sec-xccdf.xml
@@ -12,7 +12,6 @@
hardening of your system, as well as the configuration through the syctl
settings.
-
1