rpm/openscap
SHA256
1
0
Fork 0
forked from pool/openscap
Code Pull Requests Activity
11106b3f8b
openscap/openscap.changes
Marcus Meissner 11106b3f8b - openscap-1.0.5 update: 
- XCCDF titles and description support xccdf:sub resolution
 - HTML Report lists only applicable cpe platforms
 - TestResult element contains applicable cpe platforms
 - Introduced XCCDF 1.2 schematron validation
 - XCCDF bug fixes
    - tailoring profiles shall regards inherited refine-values (trac#373)
    - rule-result now always includes at least one check
 - Other bug fixes:
    - Dpkginfo probe collects epoch in evr
    - Updated examplary openscap-content based on the latest facts from
      Red Hat Enterprise Linux 6
    - Minor changes

OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=101
2014-03-17 07:13:53 +00:00

393 lines
15 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Mon Mar 17 07:06:35 UTC 2014 - meissner@suse.com
- openscap-1.0.5 update:
- XCCDF titles and description support xccdf:sub resolution
- HTML Report lists only applicable cpe platforms
- TestResult element contains applicable cpe platforms
- Introduced XCCDF 1.2 schematron validation
- XCCDF bug fixes
- tailoring profiles shall regards inherited refine-values (trac#373)
- rule-result now always includes at least one check
- Other bug fixes:
- Dpkginfo probe collects epoch in evr
- Updated examplary openscap-content based on the latest facts from
Red Hat Enterprise Linux 6
- Minor changes
-------------------------------------------------------------------
Fri Feb 14 10:21:47 UTC 2014 - meissner@suse.com
- openscap-1.0.4 update:
- Introduced xccdf_tailoring_remove_profile to API
- OVAL bug fixes
-------------------------------------------------------------------
Tue Jan 14 16:42:51 UTC 2014 - meissner@suse.com
- openscap-1.0.3 update:
- bug fixes
- a few coverity issues
- a few memory leak plugs
- broken comparison of huge integet in OVAL
- fix-return.patch: removed, has upstream fix
-------------------------------------------------------------------
Fri Jan 10 10:25:19 UTC 2014 - meissner@suse.com
- openscap-1.0.2 update:
- XCCDF generate fix now supports tailoring file
- XCCDF bug fixes
- Generate guide points to RHSA pages (rhbz#1018291)
- Generate report ommits remediation when assesment passed
(rhbz#1029879)
- $PATH variable is available for SCE checks (rhbz#1026833)
- Tailoring of top-level Group elements via API fixed
- Fix-filtering should not drop fixes (affected SSG)
- Generated fix file is created with sane permissions (trac#362)
- Inherit parent's namespace when exporting oscap_text with HTML
trait
- OVAL bug fixes:
- Handful of xinetd probe fixes
- Handful of process and process58 fixes
- Obsoleted textfilecontent now supports text ent comparisons
- rpm*_item/epoch is reported as '(none)' when needed
- Fixed dozen of flaws in ipv4 and ipv6_address comparison
(CIDR handling)
- Made integer and floating type number parsing much stricter
- Fixed floating point numbers comparisons (trac#366)
- Fixed case-insensitive comparisons
- Item filtering fixes in probes
- Consolidated some of comparisons in results model and probes
(trac#367)
- Other bug fixes:
- Workaround libxml2 bug handling x509 xmldsig (gnomebz#350248)
- Fixed static build (--disable-shared)
- Format assertions (-Werror=format-security) turned on by default
- SCE scripts are notified when parent (oscap) is killed
- oscap info now recognizes all the document types
(adeded: tailoring & CVE)
- Documentation improvements
- Handful of other minor fixes
- fix-return.patch: Fixed a void return
-------------------------------------------------------------------
Mon Dec 2 16:53:56 UTC 2013 - meissner@suse.com
- move the gconf probe to openscap-extra-probes to reduce
dependencies of the core probe set.
-------------------------------------------------------------------
Thu Nov 28 12:57:03 UTC 2013 - meissner@suse.com
- openscap-1.0.1 update:
- versioned interface is used to handle internal SCE plug-in
- build-in gnulib package was updated to current version
- bug fixes:
- selinux_domain_label and posix_capability properties
were reintroduced to OVAL system characteristics model
- selinux_domain_label now collects the domain/type
(not the context)
- oscap oval collect reports progress on stdout (not on the stderr)
- typo in the manual page (rhbz#1032537), and another small
clarification
-------------------------------------------------------------------
Tue Nov 19 12:50:35 UTC 2013 - meissner@suse.com
- openscap-1.0.0 / 19-11-2013
- Improved heuristic to distinguish 'local' and 'remote' file systems
- Improved comparison of EntityStateEVRStringType (trac#355)
- Link against librpm (if available) to include rpmvercmp
(on other platforms we fall back to the build-in rpmvercmp)
- Bug fixes
- openscap-0.9.13 / 08-11-2013
- Moved SCE to separate shared library (libopenscap_sce.so)
- Introduction of scap-as-rpm tool
- Improvements of sql and sql57 probes
- Improvements of SELinux policy
- Amendments based on SCAP 1.2 Errata (sp800-126r2-errata-20120409.pdf)
- Minor improvements in state_entity processing
- Introduction of CPE name for Fedora 21 to the internal dictionary
- Added support for ind-def:pid/@xsi:nil (rhbz#1013011)
- Improved error reporting
- Bug fixes
- Changed CPE name regex to be more permissive
- avoided reports from the library to the stdout and stderr
- plugged several memory leaks
- improved xccdf:check-content-refs processing
- misspelling in syslog message (rhbz#1021695)
- fixed OVAL's <field> element processing
- fixes based on static analysers
- test suite is locale independent
- new library major version 8
-------------------------------------------------------------------
Fri Oct 11 13:10:42 UTC 2013 - meissner@suse.com
- Updated to 0.9.12
- tailoring improvements (@id, version, and benchmark ref attributes)
- XCCDF 1.1 tailoring extension
- improved robustness of CPE dictionary parser and exporter
- and added misc CPE 2.3 elements
- added Fedora 20 to internal CPE dictionary
- updated OVAL's results_to_html stylesheet from Mitre Corporation.
- profiles with duplicate selects (same @idref) now export correctly
- test improvements
- bug fixes
- fixed IPv6 export in TestResult/target-address
- consistently inject target-id-ref into TestResult in ARFs
- improved rpmdb manipulation (rhbz#999903)
- solaris build fixes
- spelling of name of default language fixed (oscap_text related)
- fixed CPE names matching (generalization vs. specialization)
-------------------------------------------------------------------
Wed Jul 17 15:25:53 UTC 2013 - meissner@suse.com
- Updated to 0.9.11
- bugfixes
- Updated to 0.9.10
- bugfixes
- Updated to 0.9.9
- --oval-results also exports CPE OVAL results
- added --benchmark-id to select a component-ref by ID of Benchmark it's pointing to
- OVAL variable_instance processing (or so called value multiset) and the processing
of @variable_instance attribute to OVAL Result Definition, OVAL Result Test and
Collected Objects.
- improved test coverage of OVAL variable processing
- introduced new internal data type: oval_smc
- added support for evaluating OVAL definitions against an RPM database, a.k.a. rpm
database offline mode
- bug fixes and dead code removal
-------------------------------------------------------------------
Mon Jun 17 11:44:21 UTC 2013 - meissner@suse.com
- updated to 0.9.8
- added experimental support for offline mode scanning to the OVAL
check engine (i.e. scanning of virtual host disk images)
- improved OVAL variables processing
- bug fixes and dead code removal
-------------------------------------------------------------------
Sat May 4 15:37:25 UTC 2013 - mc@suse.com
- fix build on SLE11 - possible 64Bit issue
- fix-missing-include.dif
-------------------------------------------------------------------
Mon Apr 29 09:21:35 UTC 2013 - meissner@suse.com
- updated to 0.9.7
- bugfixes
-------------------------------------------------------------------
Thu Apr 25 11:28:31 UTC 2013 - meissner@suse.com
- updated to 0.9.6
- new command-line module added as preview: "oscap ds sds-add"
- improved xccdf:fix processing (support of DataStreams and CPE)
- internal selinux policy preview
- added Fedora 19 to default CPE dictionary
- bug fixes
-------------------------------------------------------------------
Wed Mar 20 10:04:57 UTC 2013 - meissner@suse.com
- updated to 0.9.5
- oscap xccdf remediate (new oscap module which introduces offline
remediation; the remediation based on existing xccdf:testresult file)
- added support for sce into datastream (sce scripts can now be
embedded into the datastream file similarly as oval can)
- improved bash completion and documentation
- bug fixes
- bumped SOVERSION from 2 to 3.
-------------------------------------------------------------------
Wed Feb 27 08:53:37 UTC 2013 - meissner@suse.com
- updated to 0.9.4
- high Level API
- improved Text Substitution Processing
- technical Preview of Online Remediation Execution
(the oscap xccdf eval --remediate)
- improved Library Internal Error Reporting.
- the oscap xccd export-oval-variables now support DataStreams.
- improved documentation
- improved schema files.
- tailoring file support
- profile shadowing support
- bug Fixes
- DOWNGRADED SOVERSION from 3 to 2.
-------------------------------------------------------------------
Tue Jan 8 10:47:53 UTC 2013 - meissner@suse.com
- updated to 0.9.3
- Embedded CPE dictionary (allows users to ommit --cpe argument)
- improvements of DataStream and CPE processing on RHEL5
- changed API of various functions in cpe_dict, benchmark and
xccdf_policy to use string timestamp instead of time_t [1]
- fixed several issues found by Coverity and cppcheck static code
analysis
- bug fixes
- bumped SOVERSION from 2 to 3.
-------------------------------------------------------------------
Mon Nov 19 15:47:21 UTC 2012 - meissner@suse.com
- updated to 0.9.2:
- rewritten the heuristic for pattern matching on path and filepath
- CPE 2.3 language applicability testing
- new ds_sds_index API providing a datastream overview
- CPEs in source datastreams are automatically registered and used
for XCCDF evaluation
- --cpe option autodetects CPE dictionary and language
- CVE support (validate feed, print CVEs)
- introduced info module
- made "$oscap xccdf generate custom" work again -> man page update
- bug fixes
-------------------------------------------------------------------
Thu Oct 25 14:26:53 UTC 2012 - meissner@suse.com
- updated to 0.9.1:
- the http in the check-content-ref/@hrefhref support
- the cpedict support
- obsoleted the oscap_reporter
- send start and finish messages to the syslog
- the XCCDF multi-check evaluation support
- "oscap oval validate-xml" autodetect a document type
- bug fixes
-------------------------------------------------------------------
Fri Sep 28 07:54:36 UTC 2012 - meissner@suse.com
- updated to 0.9.0:
* few public headers were renamed to follow common schema
* cve and cce modules are not build by default -> these modules are not
utilized by oscap tool and thus untested.
* --enable-bindings configure option was split into --enable-python and
support of SCAP datastream support was improved
* plus fixes in OVAL and XCCDF modules. oscap tool reports support of
XCCDF 1.2 and OVAL 5.10.1
- libopenscap.so major version changed from 1 to 2.
-------------------------------------------------------------------
Wed Aug 29 07:56:05 UTC 2012 - meissner@suse.com
- updated to 0.8.5:
- added rpmverifypackage probe
- added initial support for source and result datastreams
- added xccdf 1.2 dc-status support
- several probes were updated to conform to OVAL 5.10.1
- bug fixes
This release is able to evaluate the DISA STIG content.
-------------------------------------------------------------------
Tue Aug 7 12:57:51 UTC 2012 - meissner@suse.com
- updated to 0.8.4
- added OVAL schemas 5.9, 5.10.1
- alloc.h is no more public api
- bug fixes
-------------------------------------------------------------------
Fri Aug 3 09:00:36 UTC 2012 - dmacvicar@suse.de
- Fix schema_version of scap-rhel6-oval.xml (to 5.8)
-------------------------------------------------------------------
Wed Aug 1 09:43:28 UTC 2012 - meissner@suse.com
- Updated to 0.8.3
- added XCCDF 1.2 schemas
- changed XCCDF report format
- updated schemas for OVAL 5.10
- added additional OVAL schemas - 5.3, 5.4, 5.5, 5.6, 5.7
- multi version support for XCCDF and OVAL
- a schema version of an imported and exported content is same
- added rpmverifyfile probe
- results are validated only if an OSCAP_FULL_VALIDATION variable is set
- bug fixes
-------------------------------------------------------------------
Wed Aug 1 09:18:06 UTC 2012 - dmacvicar@suse.de
- add OVAL/XCCDF content based on yast2-security checks
and set them as the default content (using symlinks)
-------------------------------------------------------------------
Sat Jul 28 14:24:46 UTC 2012 - aj@suse.de
- Fix build with missing gets declaration (glibc 2.16)
-------------------------------------------------------------------
Fri Mar 30 16:21:21 CEST 2012 - meissner@suse.de
- Updated to 0.8.2
- XCCDF check-import support
- XSLT transformation for XCCDF 1.1 to 1.2 migration
- SCE reports now optionally use the new check-import functionality
and don't need separate SCE result files
- bug fixes
-------------------------------------------------------------------
Sat Mar 24 10:54:22 UTC 2012 - mc@suse.com
- require libnl-devel on older SUSE version
-------------------------------------------------------------------
Mon Mar 19 15:52:17 UTC 2012 - cfarrell@suse.com
- license update: LGPL-2.1+
There is no GPL-3.0+ in this package. Also, the Fedora spec file states
LGPL-2.1+. This appears to be the correct license
-------------------------------------------------------------------
Wed Feb 29 22:47:20 CET 2012 - meissner@suse.de
- some cleanups to make it factory acceptable
-------------------------------------------------------------------
Tue Feb 28 17:52:44 CET 2012 - mc@suse.de
- Update to 0.8.1
- introduce Script Check Engine
- Added an OVAL Directives schema to allow for a tool
to supply a set of directives to more easily specify
desired results content.
- Enhanced OVAL Results directives to allow for more flexibility
in allowed results content
- added new OVAL objects(all OVAL 5.8 objects are covered now)
- update dpkgprobe
- all issues reported by coverity are fixed
- add capability to export OVAL Variables from XCCDF
- added cvss score calculator from vector
-------------------------------------------------------------------
Fri Apr 29 15:56:23 CEST 2011 - meissner@suse.de
- Updated to 0.7.2
- OVAL 5.7 is supported
- content for Red Hat Enterprise Linux 6.1 - draft
- oscap tool enable user to skip content validation before evaluation
- bugfixes
-------------------------------------------------------------------
Mon Jul 5 00:16:27 UTC 2010 - bitshuffler #suse@irc.freenode.org
- Update to 0.5.12
- Proper subpackages added
-------------------------------------------------------------------
Thu Nov 19 13:50:12 CET 2009 - meissner@suse.de
- initial 0.5.5 import
- open SCAP protocol implementation
View Git Blame Copy Permalink