- Improved heuristic to distinguish 'local' and 'remote' file systems
- Improved comparison of EntityStateEVRStringType (trac#355)
- Link against librpm (if available) to include rpmvercmp
(on other platforms we fall back to the build-in rpmvercmp)
- Bug fixes
- openscap-0.9.13 / 08-11-2013
- Moved SCE to separate shared library (libopenscap_sce.so)
- Introduction of scap-as-rpm tool
- Improvements of sql and sql57 probes
- Improvements of SELinux policy
- Amendments based on SCAP 1.2 Errata (sp800-126r2-errata-20120409.pdf)
- Minor improvements in state_entity processing
- Introduction of CPE name for Fedora 21 to the internal dictionary
- Added support for ind-def:pid/@xsi:nil (rhbz#1013011)
- Improved error reporting
- Bug fixes
- Changed CPE name regex to be more permissive
- avoided reports from the library to the stdout and stderr
- plugged several memory leaks
- improved xccdf:check-content-refs processing
- misspelling in syslog message (rhbz#1021695)
- fixed OVAL's <field> element processing
- fixes based on static analysers
- test suite is locale independent
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=85
- bugfixes
- Updated to 0.9.10
- bugfixes
- Updated to 0.9.9
- --oval-results also exports CPE OVAL results
- added --benchmark-id to select a component-ref by ID of Benchmark it's pointing to
- OVAL variable_instance processing (or so called value multiset) and the processing
of @variable_instance attribute to OVAL Result Definition, OVAL Result Test and
Collected Objects.
- improved test coverage of OVAL variable processing
- introduced new internal data type: oval_smc
- added support for evaluating OVAL definitions against an RPM database, a.k.a. rpm
database offline mode
- bug fixes and dead code removal
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=81
- added experimental support for offline mode scanning to the OVAL
check engine (i.e. scanning of virtual host disk images)
- improved OVAL variables processing
- bug fixes and dead code removal
- fix-missing-include.dif
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=78
- oscap xccdf remediate (new oscap module which introduces offline
remediation; the remediation based on existing xccdf:testresult file)
- added support for sce into datastream (sce scripts can now be
embedded into the datastream file similarly as oval can)
- improved bash completion and documentation
- bug fixes
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=70
- Embedded CPE dictionary (allows users to ommit --cpe argument)
- improvements of DataStream and CPE processing on RHEL5
- changed API of various functions in cpe_dict, benchmark and
xccdf_policy to use string timestamp instead of time_t [1]
- fixed several issues found by Coverity and cppcheck static code
analysis
- bug fixes
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=63
- rewritten the heuristic for pattern matching on path and filepath
- CPE 2.3 language applicability testing
- new ds_sds_index API providing a datastream overview
- CPEs in source datastreams are automatically registered and used
for XCCDF evaluation
- --cpe option autodetects CPE dictionary and language
- CVE support (validate feed, print CVEs)
- introduced info module
- made "$oscap xccdf generate custom" work again -> man page update
- bug fixes
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=60
- the http in the check-content-ref/@hrefhref support
- the cpedict support
- obsoleted the oscap_reporter
- send start and finish messages to the syslog
- the XCCDF multi-check evaluation support
- "oscap oval validate-xml" autodetect a document type
- bug fixes
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=59
* few public headers were renamed to follow common schema
* cve and cce modules are not build by default -> these modules are not
utilized by oscap tool and thus untested.
* --enable-bindings configure option was split into --enable-python and
support of SCAP datastream support was improved
* plus fixes in OVAL and XCCDF modules. oscap tool reports support of
XCCDF 1.2 and OVAL 5.10.1
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=55
- added rpmverifypackage probe
- added initial support for source and result datastreams
- added xccdf 1.2 dc-status support
- several probes were updated to conform to OVAL 5.10.1
- bug fixes
This release is able to evaluate the DISA STIG content.
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=53
- added XCCDF 1.2 schemas
- changed XCCDF report format
- updated schemas for OVAL 5.10
- added additional OVAL schemas - 5.3, 5.4, 5.5, 5.6, 5.7
- multi version support for XCCDF and OVAL
- a schema version of an imported and exported content is same
- added rpmverifyfile probe
- results are validated only if an OSCAP_FULL_VALIDATION variable is set
- bug fixes
- require libnl-devel on older SUSE version
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=42
- Update to 0.8.1
- introduce Script Check Engine
- Added an OVAL Directives schema to allow for a tool
to supply a set of directives to more easily specify
desired results content.
- Enhanced OVAL Results directives to allow for more flexibility
in allowed results content
- added new OVAL objects(all OVAL 5.8 objects are covered now)
- update dpkgprobe
- all issues reported by coverity are fixed
- add capability to export OVAL Variables from XCCDF
- added cvss score calculator from vector
OBS-URL: https://build.opensuse.org/request/show/107462
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=21
