[scap-security-guide] Rebase to 0.1.4.

Jan Lieskovsky jlieskov at fedoraproject.org
Fri Dec 20 18:01:31 UTC 2013 

commit fda0ca86eff5170bfe7e66f0c9603112bbe019a9
Author: Jan Lieskovsky <jlieskov at redhat.com>
Date:   Fri Dec 20 19:01:21 2013 +0100

    Rebase to 0.1.4.

 .gitignore               |    1 +
 scap-security-guide.spec |   79 +++++++++++++++++++++++++++++++++++++++++-----
 sources                  |    2 +-
 3 files changed, 73 insertions(+), 9 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 49960ed..e0e820e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 /scap-security-guide-0.1-3.tar.gz
+/scap-security-guide-0.1.4.tar.gz
diff --git a/scap-security-guide.spec b/scap-security-guide.spec
index 4a31a5c..0fd2e21 100644
--- a/scap-security-guide.spec
+++ b/scap-security-guide.spec
@@ -5,20 +5,20 @@
 # file one level up - in the main scap-security-guide directory (instead of
 # this one).
 
-%global	fedorassgrelease	3
+%global	fedorassgversion	4
 
 Name:		scap-security-guide
-Version:	0.1
-Release:	%{fedorassgrelease}.1%{?dist}
+Version:	0.1.%{fedorassgversion}
+Release:	1%{?dist}
 Summary:	Security guidance and baselines in SCAP formats
 Group:		Applications/System
 License:	Public Domain
 URL:		https://fedorahosted.org/scap-security-guide/
-Source0:	http://fedorapeople.org/~jlieskov/%{name}-%{version}-%{fedorassgrelease}.tar.gz
+Source0:	http://fedorapeople.org/~jlieskov/%{name}-%{version}.tar.gz
 BuildArch:	noarch
 BuildRequires:	libxslt, expat, python, openscap-utils >= 0.9.1, python-lxml
 Requires:	xml-common, openscap-utils >= 0.9.1
-Obsoletes:      openscap-content < 0:0.9.13
+Obsoletes:	openscap-content < 0:0.9.13
 
 %description
 The scap-security-guide project provides a guide for configuration of the
@@ -32,8 +32,20 @@ scap-workbench GUI tool from scap-workbench package to verify that the system
 conforms to provided guideline. Refer to scap-security-guide(8) manual page for
 further information.
 
+%package	compat
+Summary:	Extra package to ensure compatibility with firstaidkit-plugin-openscap
+License:	Public Domain
+BuildArch:	noarch
+Requires:	xml-common, openscap-utils >= 0.9.1
+Provides:	openscap-content, firstaidkit-plugin-openscap
+
+%description	compat
+This package corrects Provides requirements needed to maintain
+backward-compatibility with openscap-content and firstaidkit-plugin-openscap
+packages.
+
 %prep
-%setup -q -n %{name}-%{version}-%{fedorassgrelease}
+%setup -q -n %{name}-%{version}
 
 %build
 cd Fedora && make dist
@@ -53,9 +65,60 @@ cp -a Fedora/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man
 %lang(en) %{_mandir}/en/man8/scap-security-guide.8.*
 %doc Fedora/LICENSE Fedora/output/ssg-fedora-guide.html
 
+%files compat
+
 %changelog
-* Fri Nov 15 2013 Šimon Lukašík <slukasik at redhat.com> - 0.1-3.1
-- Rebuild to obsolete openscap-content package (#1028706)
+* Fri Dec 20 2013 Jan iankko Lieskovsky <jlieskov at redhat.com> 0.1.4-1
+- Fix remediation for sshd set keepalive (ClientAliveCountMax) and move
+  it to /shared
+- Add shared remediations for sshd disable empty passwords and
+  sshd set idle timeout
+- Shared remediation for sshd disable root login
+- Add empty -compat subpackage to ensure backward-compatibility with
+  openscap-content and firstaidkit-plugin-openscap packages (RH BZ#1040335)
+- OVAL check for sshd disable root login
+- Fix typo in OVAL check for sshd disable empty passwords
+- OVAL check for sshd disable empty passwords
+- Unselect no shelllogin for systemaccounts rule from being run by default
+- Rename XCCDF rules
+- Revert Set up Fedora release name and CPE based on build system properties
+- Shared OVAL check for Verify that Shared Library Files Have Root Ownership
+- Shared OVAL check for Verify that System Executables Have Restrictive Permissions
+- Shared OVAL check for Verify that System Executables Have Root Ownership
+- Shared OVAL check for Verify that Shared Library Files Have Restrictive
+  Permissions
+- Fix remediation for Disable Prelinking rule
+- OVAL check and remediation for sshd's ClientAliveCountMax rule
+- OVAL check for sshd's ClientAliveInterval rule
+- Include descriptions for permissions section, and rules for checking
+  permissions and ownership of shared library files and system executables
+- Disable selected rules by default
+- Add remediation for Disable Prelinking rule
+- Adjust service-enable-macro, service-disable-macro XSLT transforms
+  definition to evaluate to proper systemd syntax
+- Fix service_ntpd_enabled OVAL check make validate to pass again
+- Include patch from Šimon Lukašík to obsolete openscap-content
+  package (RH BZ#1028706)
+- Add OVAL check to test if there's is remote NTP server configured for
+  time data
+- Add system settings section for the guide (to track system wide
+  hardening configurations)
+- Include disable prelink rule and OVAL check for it
+- Initial OVAL check if ntpd service is enabled. Add package_installed
+  OVAL templating directory structure and functionality.
+- Include services section, and XCCDF description for selected ntpd's
+  sshd's service rules
+- Include remediations for login.defs' based password minimum, maximum and
+  warning age rules
+- Include directory structure to support remediations
+- Add SCAP "replace or append pattern value in text file based on variable"
+  remediation script generator
+- Add remediation for "Set Password Minimum Length in login.defs" rule
+
+* Mon Nov 18 2013 Jan iankko Lieskovsky <jlieskov at redhat.com> 0.1.3-1
+- Update versioning scheme - move fedorassgrelease to be part of
+  upstream version. Rename it to fedorassgversion to avoid name collision
+  with Fedora package release.
 
 * Tue Oct 22 2013 Jan iankko Lieskovsky <jlieskov at redhat.com> 0.1-3
 - Add .gitignore for Fedora output directory
diff --git a/sources b/sources
index 101d26c..873584b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-93e71669058b2cb6958dc4946042552d  scap-security-guide-0.1-3.tar.gz
+265b20ec271bc0eb31112d2ce2d07ea0  scap-security-guide-0.1.4.tar.gz

More information about the scm-commits mailing list