From 731e806bbf5f9414b7ff11076bc0bdaa7301b8ca22a5d84eac3a421aaa3b9086 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 13 Feb 2024 16:29:31 +0000 Subject: [PATCH 1/3] Accepting request 1146455 from home:msmeissn:branches:security - updated to 0.1.72 (jsc#ECO-3319) - ANSSI BP 028 profile for debian12 (#11368) - Building on Windows (#11406) - Control for BSI APP.4.4 (#11342) - update to CIS RHEL 7 and RHEL 8 profiles aligning them with the latest benchmarks - various fixes to SLE profiles - removed ssg-fix-journald.patch: fixed upstream OBS-URL: https://build.opensuse.org/request/show/1146455 OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=105 --- scap-security-guide.changes | 11 ++++++ scap-security-guide.spec | 4 +- ssg-fix-journald.patch | 78 ------------------------------------- v0.1.71.tar.gz | 3 -- v0.1.72.tar.gz | 3 ++ 5 files changed, 15 insertions(+), 84 deletions(-) delete mode 100644 ssg-fix-journald.patch delete mode 100644 v0.1.71.tar.gz create mode 100644 v0.1.72.tar.gz diff --git a/scap-security-guide.changes b/scap-security-guide.changes index 256bed2..477f8a0 100644 --- a/scap-security-guide.changes +++ b/scap-security-guide.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue Feb 13 16:02:47 UTC 2024 - Marcus Meissner + +- updated to 0.1.72 (jsc#ECO-3319) + - ANSSI BP 028 profile for debian12 (#11368) + - Building on Windows (#11406) + - Control for BSI APP.4.4 (#11342) + - update to CIS RHEL 7 and RHEL 8 profiles aligning them with the latest benchmarks + - various fixes to SLE profiles +- removed ssg-fix-journald.patch: fixed upstream + ------------------------------------------------------------------- Tue Dec 19 11:04:09 UTC 2023 - Marcus Meissner diff --git a/scap-security-guide.spec b/scap-security-guide.spec index b38f3f1..c188ea8 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -42,7 +42,7 @@ %endif Name: scap-security-guide -Version: 0.1.71 +Version: 0.1.72 Release: 0 Summary: XCCDF files for SUSE Linux and openSUSE License: BSD-3-Clause @@ -52,7 +52,6 @@ URL: https://github.com/ComplianceAsCode/content Packager: SUSE Security Team %endif Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz -Patch0: ssg-fix-journald.patch # explicit require what is needed by the detection logic in the scripts Requires: coreutils @@ -191,7 +190,6 @@ Note that the included profiles are community supplied and not officially suppor %prep %setup -q -n content-%version -%autopatch -p1 %build cd build diff --git a/ssg-fix-journald.patch b/ssg-fix-journald.patch deleted file mode 100644 index 0855636..0000000 --- a/ssg-fix-journald.patch +++ /dev/null @@ -1,78 +0,0 @@ -Index: content-0.1.70/linux_os/guide/system/logging/journald/journald_compress/rule.yml -=================================================================== ---- content-0.1.70.orig/linux_os/guide/system/logging/journald/journald_compress/rule.yml -+++ content-0.1.70/linux_os/guide/system/logging/journald/journald_compress/rule.yml -@@ -43,16 +43,6 @@ ocil: |- - 
-     Compress=yes
-
--{{%- if product == "sle15" %}} --template: -- name: systemd_dropin_configuration -- vars: -- component: journald -- master_cfg_file: /etc/systemd/journald.conf -- dropin_dir: /etc/systemd/journal.d/ -- param: Compress -- value: yes --{{% else %}} - template: - name: shell_lineinfile - vars: -@@ -60,4 +50,3 @@ template: - parameter: Compress - value: yes - no_quotes: 'true' --{{% endif -%}} -Index: content-0.1.70/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml -=================================================================== ---- content-0.1.70.orig/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml -+++ content-0.1.70/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml -@@ -44,16 +44,6 @@ ocil: |- - ForwardToSyslog=yes - - --{{%- if product == "sle15" %}} --template: -- name: systemd_dropin_configuration -- vars: -- component: journald -- master_cfg_file: /etc/systemd/journald.conf -- dropin_dir: /etc/systemd/journal.d/ -- param: ForwardToSyslog -- value: yes --{{% else %}} - template: - name: shell_lineinfile - vars: -@@ -61,4 +51,3 @@ template: - parameter: ForwardToSyslog - value: yes - no_quotes: 'true' --{{% endif -%}} -Index: content-0.1.70/linux_os/guide/system/logging/journald/journald_storage/rule.yml -=================================================================== ---- content-0.1.70.orig/linux_os/guide/system/logging/journald/journald_storage/rule.yml -+++ content-0.1.70/linux_os/guide/system/logging/journald/journald_storage/rule.yml -@@ -43,16 +43,6 @@ ocil: |- - Storage=persistent - - --{{%- if product == "sle15" %}} --template: -- name: systemd_dropin_configuration -- vars: -- component: journald -- master_cfg_file: /etc/systemd/journald.conf -- dropin_dir: /etc/systemd/journal.d/ -- param: Storage -- value: persistent --{{% else %}} - template: - name: shell_lineinfile - vars: -@@ -60,4 +50,3 @@ template: - parameter: Storage - value: persistent - no_quotes: 'true' --{{% endif -%}} diff --git a/v0.1.71.tar.gz b/v0.1.71.tar.gz deleted file mode 100644 index 5a4f344..0000000 --- a/v0.1.71.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f8a71930c5ce2da1ec1fa8ec94dfe63e5809448fa5b27bcb14efd2ffdae93ddd -size 8771631 diff --git a/v0.1.72.tar.gz b/v0.1.72.tar.gz new file mode 100644 index 0000000..915b181 --- /dev/null +++ b/v0.1.72.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:830ffde477f2db60fde1b47159bdd071a118298396a9739c840fe7e7c5018641 +size 10182588 From 6e0ee3582a1ceb3e425d104e85302cc661e347874e987833b0b352afbe2d4494 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 14 Feb 2024 08:05:30 +0000 Subject: [PATCH 2/3] - add openeuler to -redhat package OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=106 --- scap-security-guide.changes | 1 + scap-security-guide.spec | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/scap-security-guide.changes b/scap-security-guide.changes index 477f8a0..f2844ba 100644 --- a/scap-security-guide.changes +++ b/scap-security-guide.changes @@ -17,6 +17,7 @@ Tue Dec 19 11:04:09 UTC 2023 - Marcus Meissner - Add support for Debian 12 - Update PCI-DSS profile for RHEL - lots of bugfixes and improvements for SLE +- add openeuler to -redhat package - removed left over file 0001-Revert-fix-aide-remediations-add-crontabs.patch upstreamed in 0.1.69 diff --git a/scap-security-guide.spec b/scap-security-guide.spec index c188ea8..4083be3 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -49,7 +49,6 @@ License: BSD-3-Clause Group: Productivity/Security URL: https://github.com/ComplianceAsCode/content %if "%{_vendor}" == "debbuild" -Packager: SUSE Security Team %endif Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz @@ -275,6 +274,7 @@ make install DESTDIR=%buildroot %doc %{_datadir}/doc/scap-security-guide/guides/ssg-cs9* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-fedora* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-ol* +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-openeuler* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-rh* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-sl7* %dir %{_datadir}/doc/scap-security-guide/tables/ @@ -290,6 +290,7 @@ make install DESTDIR=%buildroot %{_datadir}/scap-security-guide/*/*cs9* %{_datadir}/scap-security-guide/*/*fedora* %{_datadir}/scap-security-guide/*/*ol* +%{_datadir}/scap-security-guide/*/*openeuler* %{_datadir}/scap-security-guide/*/*rh* %{_datadir}/scap-security-guide/*/*sl7* %dir %{_datadir}/xml/scap/ @@ -299,6 +300,7 @@ make install DESTDIR=%buildroot %{_datadir}/xml/scap/ssg/content/*-cs9* %{_datadir}/xml/scap/ssg/content/*-fedora* %{_datadir}/xml/scap/ssg/content/*-ol* +%{_datadir}/xml/scap/ssg/content/*-openeuler* %{_datadir}/xml/scap/ssg/content/*-rh* %{_datadir}/xml/scap/ssg/content/*-sl7* From 3ac2c23c4445fd584d52b0fefdff22c4829db1da002af8ec4519bd07e898d90e Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 14 Feb 2024 09:47:53 +0000 Subject: [PATCH 3/3] - add openeuler to -redhat package OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=107 --- scap-security-guide.changes | 2 +- scap-security-guide.spec | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/scap-security-guide.changes b/scap-security-guide.changes index f2844ba..55699ce 100644 --- a/scap-security-guide.changes +++ b/scap-security-guide.changes @@ -7,6 +7,7 @@ Tue Feb 13 16:02:47 UTC 2024 - Marcus Meissner - Control for BSI APP.4.4 (#11342) - update to CIS RHEL 7 and RHEL 8 profiles aligning them with the latest benchmarks - various fixes to SLE profiles +- add openeuler to -redhat package - removed ssg-fix-journald.patch: fixed upstream ------------------------------------------------------------------- @@ -17,7 +18,6 @@ Tue Dec 19 11:04:09 UTC 2023 - Marcus Meissner - Add support for Debian 12 - Update PCI-DSS profile for RHEL - lots of bugfixes and improvements for SLE -- add openeuler to -redhat package - removed left over file 0001-Revert-fix-aide-remediations-add-crontabs.patch upstreamed in 0.1.69 diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 4083be3..9f18a4b 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -49,6 +49,7 @@ License: BSD-3-Clause Group: Productivity/Security URL: https://github.com/ComplianceAsCode/content %if "%{_vendor}" == "debbuild" +Packager: SUSE Security Team %endif Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz