From c36700dc75bfb63ca2e0f7f12bb3ad9dfa810152d0192aa7759de12c6c9b2305 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 1 Dec 2014 12:33:36 +0000 Subject: [PATCH 1/5] Accepting request 263389 from home:Ledest:bashisms fix bashism in oscap-scan.cron script OBS-URL: https://build.opensuse.org/request/show/263389 OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=115 --- openscap-1.1.0-fix-bashisms.patch | 12 ++++++++++++ openscap.changes | 7 +++++++ openscap.spec | 2 ++ 3 files changed, 21 insertions(+) create mode 100644 openscap-1.1.0-fix-bashisms.patch diff --git a/openscap-1.1.0-fix-bashisms.patch b/openscap-1.1.0-fix-bashisms.patch new file mode 100644 index 0000000..178fd6a --- /dev/null +++ b/openscap-1.1.0-fix-bashisms.patch @@ -0,0 +1,12 @@ +diff -Ndur openscap-1.1.0/docs/oscap-scan.cron openscap-1.1.0-fix-bashisms/docs/oscap-scan.cron +--- openscap-1.1.0/docs/oscap-scan.cron 2011-08-17 15:55:37.000000000 +0300 ++++ openscap-1.1.0-fix-bashisms/docs/oscap-scan.cron 2014-11-29 03:09:36.518411860 +0200 +@@ -7,7 +7,7 @@ + + #OPTIONS="oval eval --report /var/log/oscap-scan.html.log --results /var/log/oscap-scan.xml.log /usr/share/openscap/scap-fedora14-oval.xml" + PROG="/usr/bin/oscap" +-if [ x"$OPTIONS" == "x" ] ++if [ -z "$OPTIONS" ] + then + logger "OpenSCAP security scan: NOT CONFIGURED. (Cron job)" + exit 0 diff --git a/openscap.changes b/openscap.changes index 6851777..ffa1825 100644 --- a/openscap.changes +++ b/openscap.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sat Nov 29 01:11:00 UTC 2014 - Led + +- fix bashism in oscap-scan.cron script +- add patches: + * openscap-1.1.0-fix-bashisms.patch + ------------------------------------------------------------------- Wed Sep 3 12:09:10 UTC 2014 - meissner@suse.com diff --git a/openscap.spec b/openscap.spec index fce4c53..58899d6 100644 --- a/openscap.spec +++ b/openscap.spec @@ -32,6 +32,7 @@ Source2: sysconfig.oscap-scan Source3: scap-yast2sec-xccdf.xml Source4: scap-yast2sec-oval.xml Patch0: fix-missing-include.dif +Patch1: openscap-1.1.0-fix-bashisms.patch Url: http://www.open-scap.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libacl-devel @@ -141,6 +142,7 @@ commonly used and require additional dependencies. %prep %setup -q %patch0 -p1 +%patch1 -p1 %build From f503b7ad65b4328d7adc7db669ac1101de4b7c506dbb827dff6050421eb72f37 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 1 Dec 2014 12:39:14 +0000 Subject: [PATCH 2/5] - openscap-1.1.1 update - Hint towards `oscap info` when profile is not found in oscap tool - HTML report changes: - Source OVAL results from ARF if available - Highlight notchecked rules, treat them as rules that need attention - HTML guide changes: - Variable Substitution improvements - Show benchmark title - Show info about selected profile - Avoid cdf12:notice, show only its contents - bugfixes: - improved handling of fqdn in XCCDF - memory leaks - static analysis fixes OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=116 --- openscap-1.1.0.tar.gz | 3 --- openscap-1.1.0.tar.gz.sha1sum | 1 - openscap-1.1.1.tar.gz | 3 +++ openscap-1.1.1.tar.gz.sha1sum | 1 + openscap.changes | 18 ++++++++++++++++++ openscap.spec | 2 +- 6 files changed, 23 insertions(+), 5 deletions(-) delete mode 100644 openscap-1.1.0.tar.gz delete mode 100644 openscap-1.1.0.tar.gz.sha1sum create mode 100644 openscap-1.1.1.tar.gz create mode 100644 openscap-1.1.1.tar.gz.sha1sum diff --git a/openscap-1.1.0.tar.gz b/openscap-1.1.0.tar.gz deleted file mode 100644 index 756bdb6..0000000 --- a/openscap-1.1.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4d6934227e059094245db09cac897fbfe64fd1bae65835b2741e102168cb3525 -size 13720567 diff --git a/openscap-1.1.0.tar.gz.sha1sum b/openscap-1.1.0.tar.gz.sha1sum deleted file mode 100644 index 1f50540..0000000 --- a/openscap-1.1.0.tar.gz.sha1sum +++ /dev/null @@ -1 +0,0 @@ -84e5d2df9d6f32ad59db9e22973970a3bbbbd3b2 openscap-1.1.0.tar.gz diff --git a/openscap-1.1.1.tar.gz b/openscap-1.1.1.tar.gz new file mode 100644 index 0000000..19e2b5e --- /dev/null +++ b/openscap-1.1.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:510489099242f655bdff9f8f6641692ed0d035bf05f00f4ed8072b2e028aaf99 +size 13722034 diff --git a/openscap-1.1.1.tar.gz.sha1sum b/openscap-1.1.1.tar.gz.sha1sum new file mode 100644 index 0000000..e7e2beb --- /dev/null +++ b/openscap-1.1.1.tar.gz.sha1sum @@ -0,0 +1 @@ +f0658393740c21c100f8b7f325699c5de1c41225 openscap-1.1.1.tar.gz diff --git a/openscap.changes b/openscap.changes index ffa1825..17e6e4d 100644 --- a/openscap.changes +++ b/openscap.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Mon Dec 1 12:38:45 UTC 2014 - meissner@suse.com + +- openscap-1.1.1 update + - Hint towards `oscap info` when profile is not found in oscap tool + - HTML report changes: + - Source OVAL results from ARF if available + - Highlight notchecked rules, treat them as rules that need attention + - HTML guide changes: + - Variable Substitution improvements + - Show benchmark title + - Show info about selected profile + - Avoid cdf12:notice, show only its contents + - bugfixes: + - improved handling of fqdn in XCCDF + - memory leaks + - static analysis fixes + ------------------------------------------------------------------- Sat Nov 29 01:11:00 UTC 2014 - Led diff --git a/openscap.spec b/openscap.spec index 58899d6..fba5ad4 100644 --- a/openscap.spec +++ b/openscap.spec @@ -20,7 +20,7 @@ %define with_bindings 0 Name: openscap -Version: 1.1.0 +Version: 1.1.1 Release: 1.0 Source: https://fedorahosted.org/releases/o/p/openscap/%name-%version.tar.gz Source5: https://fedorahosted.org/releases/o/p/openscap/%name-%version.tar.gz.sha1sum From 85a3903be364435f5f6c2a1d40b792fc358296aeaf6f511296405bd55ba317f4 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 2 Dec 2014 12:45:22 +0000 Subject: [PATCH 3/5] - openscap-1.2.0 update - new features - native support of bzip2ed SCAP files (file extension needs to be '.xml.bz2') - improved performance on huge XML documents, especially DataStreams - minimized use of temp files to absolute minimum - added OVAL-5.11 release candidate schemas - API changes - overall 50 new symbols added to public API - introduced oscap_source abstraction for input files - further info: http://isimluk.livejournal.com/4859.html - all the parsers converted to use oscap_source abstraction - introduced ds_sds_session, high level API for playing with Source DataStreams - introduced cpe_session, abstraction to approach multiple CPE resources - introduced ds_rds_session, high level API for playing with Result DataStreams (ARF files) - deprecated dozens of API calls dependent on filepath - introduced API for waivers (xccdf:override) and modification of ARF - initial support for waivers in HTML Report - dozens of small improvements - maintenance - dozens of small fixes - dozens of memory leaks (whole test suite is now leak free) - updated gnulib - Remove unused build require on libnl-1_1 according to the OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=117 --- openscap-1.1.1.tar.gz | 3 --- openscap-1.1.1.tar.gz.sha1sum | 1 - openscap-1.2.0.tar.gz | 3 +++ openscap-1.2.0.tar.gz.sha1sum | 1 + openscap.changes | 29 ++++++++++++++++++++++++++++- openscap.spec | 2 +- 6 files changed, 33 insertions(+), 6 deletions(-) delete mode 100644 openscap-1.1.1.tar.gz delete mode 100644 openscap-1.1.1.tar.gz.sha1sum create mode 100644 openscap-1.2.0.tar.gz create mode 100644 openscap-1.2.0.tar.gz.sha1sum diff --git a/openscap-1.1.1.tar.gz b/openscap-1.1.1.tar.gz deleted file mode 100644 index 19e2b5e..0000000 --- a/openscap-1.1.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:510489099242f655bdff9f8f6641692ed0d035bf05f00f4ed8072b2e028aaf99 -size 13722034 diff --git a/openscap-1.1.1.tar.gz.sha1sum b/openscap-1.1.1.tar.gz.sha1sum deleted file mode 100644 index e7e2beb..0000000 --- a/openscap-1.1.1.tar.gz.sha1sum +++ /dev/null @@ -1 +0,0 @@ -f0658393740c21c100f8b7f325699c5de1c41225 openscap-1.1.1.tar.gz diff --git a/openscap-1.2.0.tar.gz b/openscap-1.2.0.tar.gz new file mode 100644 index 0000000..88a4021 --- /dev/null +++ b/openscap-1.2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:88329ebf23e7c7d063cdb5615fe1f68b18fb436a0df81307c5acc3b5963d7cec +size 14308605 diff --git a/openscap-1.2.0.tar.gz.sha1sum b/openscap-1.2.0.tar.gz.sha1sum new file mode 100644 index 0000000..3046eff --- /dev/null +++ b/openscap-1.2.0.tar.gz.sha1sum @@ -0,0 +1 @@ +9046880db1e171a93de49492c89667c9310b763a openscap-1.2.0.tar.gz diff --git a/openscap.changes b/openscap.changes index 17e6e4d..0d7f465 100644 --- a/openscap.changes +++ b/openscap.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Tue Dec 2 12:44:35 UTC 2014 - meissner@suse.com + +- openscap-1.2.0 update + - new features + - native support of bzip2ed SCAP files (file extension needs to be '.xml.bz2') + - improved performance on huge XML documents, especially DataStreams + - minimized use of temp files to absolute minimum + - added OVAL-5.11 release candidate schemas + - API changes + - overall 50 new symbols added to public API + - introduced oscap_source abstraction for input files + - further info: http://isimluk.livejournal.com/4859.html + - all the parsers converted to use oscap_source abstraction + - introduced ds_sds_session, high level API for playing with Source DataStreams + - introduced cpe_session, abstraction to approach multiple CPE resources + - introduced ds_rds_session, high level API for playing with Result DataStreams + (ARF files) + - deprecated dozens of API calls dependent on filepath + - introduced API for waivers (xccdf:override) and modification of ARF + - initial support for waivers in HTML Report + - dozens of small improvements + - maintenance + - dozens of small fixes + - dozens of memory leaks (whole test suite is now leak free) + - updated gnulib + ------------------------------------------------------------------- Mon Dec 1 12:38:45 UTC 2014 - meissner@suse.com @@ -50,7 +77,7 @@ Wed Jul 2 12:41:39 UTC 2014 - meissner@suse.com ------------------------------------------------------------------- Thu Jun 19 14:19:09 UTC 2014 - crrodriguez@opensuse.org -- Remove unused build require on libnl-1_1 according to the +- Remove unused build require on libnl-1_1 according to the changelog, it stopped beign used in 2010 - libattr is also unused. diff --git a/openscap.spec b/openscap.spec index fba5ad4..7581365 100644 --- a/openscap.spec +++ b/openscap.spec @@ -20,7 +20,7 @@ %define with_bindings 0 Name: openscap -Version: 1.1.1 +Version: 1.2.0 Release: 1.0 Source: https://fedorahosted.org/releases/o/p/openscap/%name-%version.tar.gz Source5: https://fedorahosted.org/releases/o/p/openscap/%name-%version.tar.gz.sha1sum From e68db1f763c8a207cbf92500536f9f7d0cfc02f98478cc1927336d985aae6721 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 2 Dec 2014 12:46:26 +0000 Subject: [PATCH 4/5] - openscap-1.1.0-fix-bashisms.patch: upstreamed OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=118 --- openscap-1.1.0-fix-bashisms.patch | 12 ------------ openscap.changes | 1 + openscap.spec | 2 -- 3 files changed, 1 insertion(+), 14 deletions(-) delete mode 100644 openscap-1.1.0-fix-bashisms.patch diff --git a/openscap-1.1.0-fix-bashisms.patch b/openscap-1.1.0-fix-bashisms.patch deleted file mode 100644 index 178fd6a..0000000 --- a/openscap-1.1.0-fix-bashisms.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Ndur openscap-1.1.0/docs/oscap-scan.cron openscap-1.1.0-fix-bashisms/docs/oscap-scan.cron ---- openscap-1.1.0/docs/oscap-scan.cron 2011-08-17 15:55:37.000000000 +0300 -+++ openscap-1.1.0-fix-bashisms/docs/oscap-scan.cron 2014-11-29 03:09:36.518411860 +0200 -@@ -7,7 +7,7 @@ - - #OPTIONS="oval eval --report /var/log/oscap-scan.html.log --results /var/log/oscap-scan.xml.log /usr/share/openscap/scap-fedora14-oval.xml" - PROG="/usr/bin/oscap" --if [ x"$OPTIONS" == "x" ] -+if [ -z "$OPTIONS" ] - then - logger "OpenSCAP security scan: NOT CONFIGURED. (Cron job)" - exit 0 diff --git a/openscap.changes b/openscap.changes index 0d7f465..9f41ab6 100644 --- a/openscap.changes +++ b/openscap.changes @@ -24,6 +24,7 @@ Tue Dec 2 12:44:35 UTC 2014 - meissner@suse.com - dozens of small fixes - dozens of memory leaks (whole test suite is now leak free) - updated gnulib +- openscap-1.1.0-fix-bashisms.patch: upstreamed ------------------------------------------------------------------- Mon Dec 1 12:38:45 UTC 2014 - meissner@suse.com diff --git a/openscap.spec b/openscap.spec index 7581365..2ec44b6 100644 --- a/openscap.spec +++ b/openscap.spec @@ -32,7 +32,6 @@ Source2: sysconfig.oscap-scan Source3: scap-yast2sec-xccdf.xml Source4: scap-yast2sec-oval.xml Patch0: fix-missing-include.dif -Patch1: openscap-1.1.0-fix-bashisms.patch Url: http://www.open-scap.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libacl-devel @@ -142,7 +141,6 @@ commonly used and require additional dependencies. %prep %setup -q %patch0 -p1 -%patch1 -p1 %build From 795d12e3e0f8dc0a25d74c7dc8c54e205029910cc098608ba4356269c7b271ee Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 2 Dec 2014 12:50:29 +0000 Subject: [PATCH 5/5] OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=119 --- openscap.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openscap.spec b/openscap.spec index 2ec44b6..9407f1f 100644 --- a/openscap.spec +++ b/openscap.spec @@ -186,7 +186,7 @@ ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/ %files %defattr(-, root, root) -%doc AUTHORS COPYING ChangeLog NEWS README +%doc AUTHORS COPYING ChangeLog NEWS %dir %{_libexecdir}/openscap %{_libexecdir}/openscap/probe_dnscache %{_libexecdir}/openscap/probe_environmentvariable