rpm/openscap
SHA256
1
0
Fork 0
forked from pool/openscap
Code Pull Requests Activity
8144982cda
openscap/openscap.changes

320 lines
12 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Mon Dec 2 16:53:56 UTC 2013 - meissner@suse.com
- move the gconf probe to openscap-extra-probes to reduce
dependencies of the core probe set.
-------------------------------------------------------------------
Thu Nov 28 12:57:03 UTC 2013 - meissner@suse.com
- openscap-1.0.1 update:
- versioned interface is used to handle internal SCE plug-in
- build-in gnulib package was updated to current version
- bug fixes:
- selinux_domain_label and posix_capability properties
were reintroduced to OVAL system characteristics model
- selinux_domain_label now collects the domain/type
(not the context)
- oscap oval collect reports progress on stdout (not on the stderr)
- typo in the manual page (rhbz#1032537), and another small
clarification
-------------------------------------------------------------------
Tue Nov 19 12:50:35 UTC 2013 - meissner@suse.com
- openscap-1.0.0 / 19-11-2013
- Improved heuristic to distinguish 'local' and 'remote' file systems
- Improved comparison of EntityStateEVRStringType (trac#355)
- Link against librpm (if available) to include rpmvercmp
(on other platforms we fall back to the build-in rpmvercmp)
- Bug fixes
- openscap-0.9.13 / 08-11-2013
- Moved SCE to separate shared library (libopenscap_sce.so)
- Introduction of scap-as-rpm tool
- Improvements of sql and sql57 probes
- Improvements of SELinux policy
- Amendments based on SCAP 1.2 Errata (sp800-126r2-errata-20120409.pdf)
- Minor improvements in state_entity processing
- Introduction of CPE name for Fedora 21 to the internal dictionary
- Added support for ind-def:pid/@xsi:nil (rhbz#1013011)
- Improved error reporting
- Bug fixes
- Changed CPE name regex to be more permissive
- avoided reports from the library to the stdout and stderr
- plugged several memory leaks
- improved xccdf:check-content-refs processing
- misspelling in syslog message (rhbz#1021695)
- fixed OVAL's <field> element processing
- fixes based on static analysers
- test suite is locale independent
- new library major version 8
-------------------------------------------------------------------
Fri Oct 11 13:10:42 UTC 2013 - meissner@suse.com
- Updated to 0.9.12
- tailoring improvements (@id, version, and benchmark ref attributes)
- XCCDF 1.1 tailoring extension
- improved robustness of CPE dictionary parser and exporter
- and added misc CPE 2.3 elements
- added Fedora 20 to internal CPE dictionary
- updated OVAL's results_to_html stylesheet from Mitre Corporation.
- profiles with duplicate selects (same @idref) now export correctly
- test improvements
- bug fixes
- fixed IPv6 export in TestResult/target-address
- consistently inject target-id-ref into TestResult in ARFs
- improved rpmdb manipulation (rhbz#999903)
- solaris build fixes
- spelling of name of default language fixed (oscap_text related)
- fixed CPE names matching (generalization vs. specialization)
-------------------------------------------------------------------
Wed Jul 17 15:25:53 UTC 2013 - meissner@suse.com
- Updated to 0.9.11
- bugfixes
- Updated to 0.9.10
- bugfixes
- Updated to 0.9.9
- --oval-results also exports CPE OVAL results
- added --benchmark-id to select a component-ref by ID of Benchmark it's pointing to
- OVAL variable_instance processing (or so called value multiset) and the processing
of @variable_instance attribute to OVAL Result Definition, OVAL Result Test and
Collected Objects.
- improved test coverage of OVAL variable processing
- introduced new internal data type: oval_smc
- added support for evaluating OVAL definitions against an RPM database, a.k.a. rpm
database offline mode
- bug fixes and dead code removal
-------------------------------------------------------------------
Mon Jun 17 11:44:21 UTC 2013 - meissner@suse.com
- updated to 0.9.8
- added experimental support for offline mode scanning to the OVAL
check engine (i.e. scanning of virtual host disk images)
- improved OVAL variables processing
- bug fixes and dead code removal
-------------------------------------------------------------------
Sat May 4 15:37:25 UTC 2013 - mc@suse.com
- fix build on SLE11 - possible 64Bit issue
- fix-missing-include.dif
-------------------------------------------------------------------
Mon Apr 29 09:21:35 UTC 2013 - meissner@suse.com
- updated to 0.9.7
- bugfixes
-------------------------------------------------------------------
Thu Apr 25 11:28:31 UTC 2013 - meissner@suse.com
- updated to 0.9.6
- new command-line module added as preview: "oscap ds sds-add"
- improved xccdf:fix processing (support of DataStreams and CPE)
- internal selinux policy preview
- added Fedora 19 to default CPE dictionary
- bug fixes
-------------------------------------------------------------------
Wed Mar 20 10:04:57 UTC 2013 - meissner@suse.com
- updated to 0.9.5
- oscap xccdf remediate (new oscap module which introduces offline
remediation; the remediation based on existing xccdf:testresult file)
- added support for sce into datastream (sce scripts can now be
embedded into the datastream file similarly as oval can)
- improved bash completion and documentation
- bug fixes
- bumped SOVERSION from 2 to 3.
-------------------------------------------------------------------
Wed Feb 27 08:53:37 UTC 2013 - meissner@suse.com
- updated to 0.9.4
- high Level API
- improved Text Substitution Processing
- technical Preview of Online Remediation Execution
(the oscap xccdf eval --remediate)
- improved Library Internal Error Reporting.
- the oscap xccd export-oval-variables now support DataStreams.
- improved documentation
- improved schema files.
- tailoring file support
- profile shadowing support
- bug Fixes
- DOWNGRADED SOVERSION from 3 to 2.
-------------------------------------------------------------------
Tue Jan 8 10:47:53 UTC 2013 - meissner@suse.com
- updated to 0.9.3
- Embedded CPE dictionary (allows users to ommit --cpe argument)
- improvements of DataStream and CPE processing on RHEL5
- changed API of various functions in cpe_dict, benchmark and
xccdf_policy to use string timestamp instead of time_t [1]
- fixed several issues found by Coverity and cppcheck static code
analysis
- bug fixes
- bumped SOVERSION from 2 to 3.
-------------------------------------------------------------------
Mon Nov 19 15:47:21 UTC 2012 - meissner@suse.com
- updated to 0.9.2:
- rewritten the heuristic for pattern matching on path and filepath
- CPE 2.3 language applicability testing
- new ds_sds_index API providing a datastream overview
- CPEs in source datastreams are automatically registered and used
for XCCDF evaluation
- --cpe option autodetects CPE dictionary and language
- CVE support (validate feed, print CVEs)
- introduced info module
- made "$oscap xccdf generate custom" work again -> man page update
- bug fixes
-------------------------------------------------------------------
Thu Oct 25 14:26:53 UTC 2012 - meissner@suse.com
- updated to 0.9.1:
- the http in the check-content-ref/@hrefhref support
- the cpedict support
- obsoleted the oscap_reporter
- send start and finish messages to the syslog
- the XCCDF multi-check evaluation support
- "oscap oval validate-xml" autodetect a document type
- bug fixes
-------------------------------------------------------------------
Fri Sep 28 07:54:36 UTC 2012 - meissner@suse.com
- updated to 0.9.0:
* few public headers were renamed to follow common schema
* cve and cce modules are not build by default -> these modules are not
utilized by oscap tool and thus untested.
* --enable-bindings configure option was split into --enable-python and
support of SCAP datastream support was improved
* plus fixes in OVAL and XCCDF modules. oscap tool reports support of
XCCDF 1.2 and OVAL 5.10.1
- libopenscap.so major version changed from 1 to 2.
-------------------------------------------------------------------
Wed Aug 29 07:56:05 UTC 2012 - meissner@suse.com
- updated to 0.8.5:
- added rpmverifypackage probe
- added initial support for source and result datastreams
- added xccdf 1.2 dc-status support
- several probes were updated to conform to OVAL 5.10.1
- bug fixes
This release is able to evaluate the DISA STIG content.
-------------------------------------------------------------------
Tue Aug 7 12:57:51 UTC 2012 - meissner@suse.com
- updated to 0.8.4
- added OVAL schemas 5.9, 5.10.1
- alloc.h is no more public api
- bug fixes
-------------------------------------------------------------------
Fri Aug 3 09:00:36 UTC 2012 - dmacvicar@suse.de
- Fix schema_version of scap-rhel6-oval.xml (to 5.8)
-------------------------------------------------------------------
Wed Aug 1 09:43:28 UTC 2012 - meissner@suse.com
- Updated to 0.8.3
- added XCCDF 1.2 schemas
- changed XCCDF report format
- updated schemas for OVAL 5.10
- added additional OVAL schemas - 5.3, 5.4, 5.5, 5.6, 5.7
- multi version support for XCCDF and OVAL
- a schema version of an imported and exported content is same
- added rpmverifyfile probe
- results are validated only if an OSCAP_FULL_VALIDATION variable is set
- bug fixes
-------------------------------------------------------------------
Wed Aug 1 09:18:06 UTC 2012 - dmacvicar@suse.de
- add OVAL/XCCDF content based on yast2-security checks
and set them as the default content (using symlinks)
-------------------------------------------------------------------
Sat Jul 28 14:24:46 UTC 2012 - aj@suse.de
- Fix build with missing gets declaration (glibc 2.16)
-------------------------------------------------------------------
Fri Mar 30 16:21:21 CEST 2012 - meissner@suse.de
- Updated to 0.8.2
- XCCDF check-import support
- XSLT transformation for XCCDF 1.1 to 1.2 migration
- SCE reports now optionally use the new check-import functionality
and don't need separate SCE result files
- bug fixes
-------------------------------------------------------------------
Sat Mar 24 10:54:22 UTC 2012 - mc@suse.com
- require libnl-devel on older SUSE version
-------------------------------------------------------------------
Mon Mar 19 15:52:17 UTC 2012 - cfarrell@suse.com
- license update: LGPL-2.1+
There is no GPL-3.0+ in this package. Also, the Fedora spec file states
LGPL-2.1+. This appears to be the correct license
-------------------------------------------------------------------
Wed Feb 29 22:47:20 CET 2012 - meissner@suse.de
- some cleanups to make it factory acceptable
-------------------------------------------------------------------
Tue Feb 28 17:52:44 CET 2012 - mc@suse.de
- Update to 0.8.1
- introduce Script Check Engine
- Added an OVAL Directives schema to allow for a tool
to supply a set of directives to more easily specify
desired results content.
- Enhanced OVAL Results directives to allow for more flexibility
in allowed results content
- added new OVAL objects(all OVAL 5.8 objects are covered now)
- update dpkgprobe
- all issues reported by coverity are fixed
- add capability to export OVAL Variables from XCCDF
- added cvss score calculator from vector
-------------------------------------------------------------------
Fri Apr 29 15:56:23 CEST 2011 - meissner@suse.de
- Updated to 0.7.2
- OVAL 5.7 is supported
- content for Red Hat Enterprise Linux 6.1 - draft
- oscap tool enable user to skip content validation before evaluation
- bugfixes
-------------------------------------------------------------------
Mon Jul 5 00:16:27 UTC 2010 - bitshuffler #suse@irc.freenode.org
- Update to 0.5.12
- Proper subpackages added
-------------------------------------------------------------------
Thu Nov 19 13:50:12 CET 2009 - meissner@suse.de
- initial 0.5.5 import
- open SCAP protocol implementation
View Git Blame Copy Permalink