- Update to version 1.3.7:
* openscap-1.3.7
* Bump soname from 25.5.0 to 25.5.1
* Bump version to openscap-1.3.7
* Fix typos in docs
* Remove a check for suspicious files
* Add debian_evr_string tests to CMakeLists
* Add a few unittests for debian_evr_string
* Remove To be done
* Move release guide to upstream
- add 0005-rename-requires-reqs-for-C-20-compatibility.patch
- rename patches
openscap-opensuse-cpe.patch to 0001-Add-openSUSE-cpe-links.patch
openscap-suse-cpe.patch to 0002-Add-SUSE-cpe-links.patch
openscap-docker-add-suse.patch to 0003-Use-openSUSE-SUSE-cpe-links.patch
oscap-remediate.service.in.patch to 0004-oscap-remediate-is-located-in-bindir.patch
- drop 0001-Use-correct-includes.patch (upstream)
OBS-URL: https://build.opensuse.org/request/show/1075011
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=281
- openscap 1.3.3. Notable improvements in this release:
- a Python script that can be used for CLI tailoring (autotailor) (thank you, Matěj Týč);
- timezone for XCCDF TestResult start and end time (thank you, Jan Černý);
- new yamlfilecontent independent probe (draft implementation),
see the proposal https://github.com/OVAL-Community/OVAL/issues/91
for additional information.
There are other changes as well, here is the list:
- Introduced `urn:xccdf:fix:script:kubernetes` fix type in XCCDF;
- Added ability to generate `machineconfig` fix;
- Detect ambiguous scan target (utils/oscap-podman);
- Fixed#170: The rpmverifyfile probe can't verify files from '/bin' directory;
- The data system_info probe return for offline and online modes is consistent and actual;
- Prevent crashes when complicated regexes are executed in textfilecontent58 probe;
- Fixed#1512: Severity refinement lost in generated guide;
- Fixed#1453: Pointer lost in Swig API;
- Evaluation Characteristics of the XCCDF report are now consistent with OVAL entities;
from system_info probe;
- Fixed filepath pattern matching in offline mode in textfilecontent58 probe;
- Fixed infinite recursion in systemdunitdependency probe;
- Fixed the case when CMake couldn't find libacl or xattr.h.
- dropped 0001-Do-not-use-C-keyword-operator-as-a-function-paramete.patch: upstream
OBS-URL: https://build.opensuse.org/request/show/799976
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=248
- the test suite and build scripts were improved to support Debian 10
- offline mode has received some love with a set of dedicated tests and various fixes in OVAL probes;
- the oscap-docker wrapper is no longer dependent on Atomic
- Python binding are now more robust
- HTML reports and guides, generated by the scanner, are now more accessible for non-visual rendering agents
- Support of multi-check rules has been improved across the whole workflow
There are other changes as well, here is the list:
* New features
- Offline mode support for environmentvariable58 probe
- The oscap-docker wrapper is available without Atomic
+ Maintenance, bug fixes
- Improved support of multi-check rules (report, remediations, console output)
- Improved HTML report look and feel, including printed version
- Less clutter in verbose mode output; some warnings and errors demoted to verbose mode levels
- Probe rpmverifyfile uses and returns canonical paths
- Improved a11y of HTML reports and guides
- Fixes and improvements for SWIG Python bindings
- #1403 fixed: Scanner would not apply remediation for multicheck rules (verbosity)
- Fixed URL link mechanism for Red Hat Errata
- New STIG Viewer URI: public.cyber.mil
- Probe selinuxsecuritycontext would not check if SELinux is enabled
- Scanner would provide information about unsupported OVAL objects
- Added more tests for offline mode (probes, remediation)
- #528 fixed: Eval SCE script when /tmp is in mode noexec
- #1173, RHBZ#1603347 fixed: Double chdir/chroot in probe rpmverifypackage
OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=242
