[openscap/f15] upgrade

Thu Oct 13 08:38:13 UTC 2011

commit 238de75af6931915484e0f10f3afe5ac00d0dbbb
Author: Peter Vrabec <pvrabec at redhat.com>
Date:   Thu Oct 13 10:37:53 2011 +0200

    upgrade

 .gitignore                   |    1 +
 openscap-0.8.0-example.patch |   70 ++++++++++++++++++++++++++++++++++++++++++
 openscap.spec                |   38 +++++++++++++++++++++--
 sources                      |    2 +-
 4 files changed, 107 insertions(+), 4 deletions(-)
---

diff --git a/.gitignore b/.gitignore
index 045627f..e944f46 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ openscap-0.6.0.tar.gz
 /openscap-0.7.2.tar.gz
 /openscap-0.7.3.tar.gz
 /openscap-0.7.4.tar.gz
+/openscap-0.8.0.tar.gz
diff --git a/openscap-0.8.0-example.patch b/openscap-0.8.0-example.patch
new file mode 100644
index 0000000..87eaebf
--- /dev/null
+++ b/openscap-0.8.0-example.patch
@@ -0,0 +1,70 @@
+diff --git a/dist/fedora/scap-fedora14-xccdf.xml b/dist/fedora/scap-fedora14-xccdf.xml
+index 91080aa..ee63a51 100644
+--- a/dist/fedora/scap-fedora14-xccdf.xml
++++ b/dist/fedora/scap-fedora14-xccdf.xml
+@@ -11,10 +11,11 @@
+  resolved="1"
+  id="scap-fedora14-xccdf.xml"
+  xml:lang="en">
+-  <status date="2010-09-11">draft</status>
+-  <title>Guide to the Secure Configuration of Fedora Linux</title>
+-  <description>This guide has been created to assist IT professionals, in effectively securing systems with Fedora Linux.</description>
+-  <version>0.6.3</version>
++  <status date="2011-10-12">draft</status>
++  <title>Example of SCAP Security Guidance</title>
++  <description>This example security guidance has been created to demonstrate SCAP functionality
++on Linux.</description>
++  <version>0.1</version>
+   <model system="urn:xccdf:scoring:default" />
+   <model system="urn:xccdf:scoring:flat" />
+   <!-- ==================================================================================================== -->
+@@ -25,9 +26,11 @@
+   <!-- Each defines the set of XCCDF rules that are applicable for that guidance as well as specific values -->
+   <!-- to be used when determining complinace.                                                              -->
+   <!--                                                                                                      -->
+-  <Profile id="F14-Desktop" abstract="false">
+-    <title xml:lang="en">Fedora 14 desktop settings</title>
+-    <description xml:lang="en">This profile selects security controls that conform to default Fedora 14 configuration.</description>
++  <Profile id="F14-Default" abstract="false">
++    <title xml:lang="en">Default install settings</title>
++    <description xml:lang="en">This profile is an example policy that simply checks if some of Fedora 14 default
++install settings have been modified. It is not comprehensive nor checks security hardening. It is just for testing
++purposes.</description>
+     <select idref="rule-2.1.1.1.1.a" selected="false" />	<!-- DONE -->		<!-- Separate Partition or Logical Volume for /tmp -->
+     <select idref="rule-2.1.1.1.1.b" selected="false"/>		<!-- DONE -->		<!-- Minimum size of /tmp -->
+     <select idref="rule-2.1.1.1.2.a" selected="false" />	<!-- DONE -->		<!-- Separate Partition or Logical Volume for /var -->
+diff --git a/dist/rhel6/scap-rhel6-xccdf.xml b/dist/rhel6/scap-rhel6-xccdf.xml
+index 272edb2..82180f7 100644
+--- a/dist/rhel6/scap-rhel6-xccdf.xml
++++ b/dist/rhel6/scap-rhel6-xccdf.xml
+@@ -1,22 +1,18 @@
+ <?xml version="1.0" encoding="UTF-8"?>
+ <Benchmark xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="RHEL-6" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 xccdf-1.1.4.xsd" resolved="0" xml:lang="en-US">
+-  <status date="2011-04-13">draft</status>
+-  <title xml:lang="en-US">Guidance for Securing Red Hat Enterprise Linux 6</title>
+-  <description xml:lang="en-US">This guide has been created to assist IT professionals in effectively securing
+-		systems running Red Hat Enterprise Linux</description>
++  <status date="2011-10-12">draft</status>
++  <title xml:lang="en-US">Example of SCAP Security Guidance</title>
++  <description xml:lang="en-US">This example security guidance has been created to demonstrate SCAP functionality
++on Linux.</description>
+   <platform idref="cpe:/o:redhat:enterprise_linux:6"/>
+   <version>0.2</version>
+   <model system="urn:xccdf:scoring:default"/>
+   <model system="urn:xccdf:scoring:flat"/>
+   <Profile id="RHEL6-Default">
+-    <title xml:lang="en-US">RHEL 6 Profile For Default Installation</title>
+-    <description xml:lang="en-US">XCCDF profile for evaluation of RHEL 6 updates.
+-			This profile is designed for evaluation of default configuration of a 
+-			fresh installation of RHEL 6 system. It should be executed for every 
+-			RHEL 6 update. Additional security hardening of the system should be 
+-			done prior to deploying it in a production environment.
+-			All enabled XCCDF rules should pass.
+-		</description>
++    <title xml:lang="en-US">Default install settings</title>
++    <description xml:lang="en-US">This profile is an example policy that simply checks if some of RHEL6 default
++install settings have been modified. It is not comprehensive nor checks security hardening. It is just for testing
++purposes.</description>
+     <select idref="rule-1005" selected="true"/>
+     <select idref="rule-1007" selected="true"/>
+     <select idref="rule-1008" selected="true"/>
diff --git a/openscap.spec b/openscap.spec
index d50569f..eb35fb0 100644
--- a/openscap.spec
+++ b/openscap.spec
@@ -2,7 +2,7 @@
 %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
 
 Name:           openscap
-Version:        0.7.4
+Version:        0.8.0
 Release:        1%{?dist}
 Summary:        Set of open source libraries enabling integration of the SCAP line of standards
 Group:          System Environment/Libraries
@@ -10,13 +10,15 @@ License:        LGPLv2+
 URL:            http://www.open-scap.org/
 Source0:        http://www.open-scap.org/download/%{name}-%{version}.tar.gz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Patch1:         openscap-0.8.0-example.patch
 BuildRequires:  swig libxml2-devel libxslt-devel perl-XML-Parser
 BuildRequires:  rpm-devel
 BuildRequires:  libgcrypt-devel
 BuildRequires:  pcre-devel
 BuildRequires:  libacl-devel
-BuildRequires:  libselinux-devel
+BuildRequires:  libselinux-devel libcap-devel
 BuildRequires:  libblkid-devel
+BuildRequires:  libnl-devel
 Requires(post):   /sbin/ldconfig
 Requires(postun): /sbin/ldconfig
 
@@ -76,7 +78,8 @@ Group:          Applications/System
 Requires:       %{name} = %{version}-%{release}
 
 %description    content
-SCAP content for Fedora delivered by Open-SCAP project.
+Example of SCAP content for Fedora. Please note that this content
+is for testing purposes only.
 
 
 %package        extra-probes
@@ -84,6 +87,7 @@ Summary:        SCAP probes
 Group:          Applications/System
 Requires:       %{name} = %{version}-%{release}
 BuildRequires:  openldap-devel
+BuildRequires:  GConf2-devel
 #BuildRequires:  opendbx - for sql
 
 %description    extra-probes
@@ -93,6 +97,7 @@ commonly used and require additional dependencies.
 
 %prep
 %setup -q
+%patch1 -p1 -b .example
 
 %build
 %ifarch sparc64
@@ -110,6 +115,11 @@ make %{?_smp_mflags}
 # Remove shebang from bash-completion script
 sed -i '/^#!.*bin/,+1 d' dist/bash_completion.d/oscap
 
+%check
+#to run make check use "--with check"
+%if %{?_with_check:1}%{!?_with_check:0}
+make check
+%endif
 
 %install
 rm -rf $RPM_BUILD_ROOT
@@ -162,16 +172,22 @@ fi
 %{_libexecdir}/openscap/probe_environmentvariable58
 %{_libexecdir}/openscap/probe_family
 %{_libexecdir}/openscap/probe_file
+%{_libexecdir}/openscap/probe_fileextendedattribute
 %{_libexecdir}/openscap/probe_filehash
 %{_libexecdir}/openscap/probe_filehash58
+%{_libexecdir}/openscap/probe_iflisteners
 %{_libexecdir}/openscap/probe_inetlisteningservers
 %{_libexecdir}/openscap/probe_interface
 %{_libexecdir}/openscap/probe_partition
 %{_libexecdir}/openscap/probe_password
 %{_libexecdir}/openscap/probe_process
+%{_libexecdir}/openscap/probe_process58
+%{_libexecdir}/openscap/probe_routingtable
 %{_libexecdir}/openscap/probe_rpminfo
+%{_libexecdir}/openscap/probe_rpmverify
 %{_libexecdir}/openscap/probe_runlevel
 %{_libexecdir}/openscap/probe_selinuxboolean
+%{_libexecdir}/openscap/probe_selinuxsecuritycontext
 %{_libexecdir}/openscap/probe_shadow
 %{_libexecdir}/openscap/probe_sysctl
 %{_libexecdir}/openscap/probe_system_info
@@ -221,14 +237,30 @@ fi
 
 %files extra-probes
 %{_libexecdir}/openscap/probe_ldap57
+%{_libexecdir}/openscap/probe_gconf
 
 %changelog
+* Tue Oct 11 2011 Peter Vrabec <pvrabec at redhat.com> 0.8.0-1
+- upgrade
+
 * Mon Jul 25 2011 Peter Vrabec <pvrabec at redhat.com> 0.7.4-1
 - upgrade
 
+* Thu Jul 21 2011 Petr Sabata <contyk at redhat.com> - 0.7.3-3
+- Perl mass rebuild
+
+* Wed Jul 20 2011 Petr Sabata <contyk at redhat.com> - 0.7.3-2
+- Perl mass rebuild
+
 * Fri Jun 24 2011 Peter Vrabec <pvrabec at redhat.com> 0.7.3-1
 - upgrade
 
+* Fri Jun 17 2011 Marcela Mašláňová <mmaslano at redhat.com> - 0.7.2-3
+- Perl mass rebuild
+
+* Fri Jun 10 2011 Marcela Mašláňová <mmaslano at redhat.com> - 0.7.2-2
+- Perl 5.14 mass rebuild
+
 * Wed Apr 20 2011 Peter Vrabec <pvrabec at redhat.com> 0.7.2-1
 - upgrade
 
diff --git a/sources b/sources
index 9efca34..f0e8563 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-7bd74ac9358e5ec3f858d3a082e9eb41  openscap-0.7.4.tar.gz
+7d98c3afb062804849fa8ba7e040e3f9  openscap-0.8.0.tar.gz
