diff --git a/dist b/dist index 37a6f9cba7a88cbcf8ab13c9187a23e686af9edd..1fe92cf0fdf9c2625d878a2ace258f64c1e8ca44 100644 --- a/dist +++ b/dist @@ -1 +1 @@ -an8_9 +an8_10 diff --git a/download b/download index 9f5c9ebc068987423e0c97f05813e7f4fc20cbee..db0e0a4374f8723e024224bf5681a5c7eaeb4c1d 100644 --- a/download +++ b/download @@ -1,2 +1,2 @@ 219c992603514558e5f6f3d29adaa534 scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2 -28d1e8f00402c11fc0578a047096dee6 scap-security-guide-0.1.72.tar.bz2 +6fbaea66cae3aa3148ad98578dcc603d scap-security-guide-0.1.73.tar.bz2 diff --git a/hide-profiles-not-in-good-shape-for-RHEL.patch b/hide-profiles-not-in-good-shape-for-RHEL.patch deleted file mode 100644 index 40a7a28106794472405ee8f9461d73bb5409b335..0000000000000000000000000000000000000000 --- a/hide-profiles-not-in-good-shape-for-RHEL.patch +++ /dev/null @@ -1,54 +0,0 @@ -From e0f62e3828b9deda102f247b3789f68aeb4e518d Mon Sep 17 00:00:00 2001 -From: Marcus Burghardt -Date: Fri, 16 Feb 2024 12:07:36 +0100 -Subject: [PATCH] Hide profiles not in good shape for RHEL - -There are some profiles introduced long time ago but no longer -maintained. For compatibility purposes they are not removed from -datastream but are now hidden for RHEL8 to prevent people from -using them. ---- - products/rhel8/profiles/cjis.profile | 2 ++ - products/rhel8/profiles/rht-ccp.profile | 2 ++ - products/rhel8/profiles/standard.profile | 2 ++ - 3 files changed, 6 insertions(+) - -diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile -index 30843b692e..c44c63516f 100644 ---- a/products/rhel8/profiles/cjis.profile -+++ b/products/rhel8/profiles/cjis.profile -@@ -1,5 +1,7 @@ - documentation_complete: true - -+hidden: true -+ - metadata: - version: 5.4 - SMEs: -diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile -index 01133a9bde..3f6cb751c9 100644 ---- a/products/rhel8/profiles/rht-ccp.profile -+++ b/products/rhel8/profiles/rht-ccp.profile -@@ -1,5 +1,7 @@ - documentation_complete: true - -+hidden: true -+ - title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)' - - description: |- -diff --git a/products/rhel8/profiles/standard.profile b/products/rhel8/profiles/standard.profile -index 11d72da2d9..79b491113a 100644 ---- a/products/rhel8/profiles/standard.profile -+++ b/products/rhel8/profiles/standard.profile -@@ -1,5 +1,7 @@ - documentation_complete: true - -+hidden: true -+ - title: 'Standard System Security Profile for Red Hat Enterprise Linux 8' - - description: |- --- -2.43.1 - diff --git a/scap-security-guide.spec b/scap-security-guide.spec index f682108834c90f6ffe6a4faab6242dab98b8018a..c8a312a513946c12b3615563f295293caa2cf6b2 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -5,33 +5,30 @@ %global _vpath_builddir build # global _default_patch_fuzz 2 # Normally shouldn't be needed as patches should apply cleanly -Name: scap-security-guide -Version: 0.1.72 -Release: 2%{anolis_release}%{?dist} -Summary: Security guidance and baselines in SCAP formats -License: BSD-3-Clause -Group: Applications/System -URL: https://github.com/ComplianceAsCode/content/ -Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2 +Name: scap-security-guide +Version: 0.1.73 +Release: 1%{anolis_release}%{?dist} +Summary: Security guidance and baselines in SCAP formats +License: BSD-3-Clause +Group: Applications/System +URL: https://github.com/ComplianceAsCode/content/ +Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2 # Include tarball with last released rhel6 content -Source1: %{_static_rhel6_content}.tar.bz2 -# Patch hides cjis, rht-ccp and standard profiles for RHEL8 -Patch0: hide-profiles-not-in-good-shape-for-RHEL.patch - -BuildArch: noarch - -BuildRequires: libxslt -BuildRequires: expat -BuildRequires: openscap-scanner >= 1.2.5 -BuildRequires: cmake >= 2.8 -# To get python3 inside the buildroot require its path explicitly in BuildRequires -BuildRequires: /usr/bin/python3 -BuildRequires: python%{python3_pkgversion} -BuildRequires: python%{python3_pkgversion}-jinja2 -BuildRequires: python%{python3_pkgversion}-PyYAML -Requires: xml-common, openscap-scanner >= 1.2.5 -Obsoletes: openscap-content < 0:0.9.13 -Provides: openscap-content +Source1: %{_static_rhel6_content}.tar.bz2 + +BuildArch: noarch + +BuildRequires: libxslt +BuildRequires: expat +BuildRequires: openscap-scanner >= 1.2.5 +BuildRequires: cmake >= 2.8 +BuildRequires: python3-devel +BuildRequires: python%{python3_pkgversion} +BuildRequires: python%{python3_pkgversion}-jinja2 +BuildRequires: python%{python3_pkgversion}-PyYAML +Requires: xml-common, openscap-scanner >= 1.2.5 +Obsoletes: openscap-content < 0:0.9.13 +Provides: openscap-content %description The scap-security-guide project provides a guide for configuration of the @@ -46,9 +43,9 @@ conforms to provided guideline. Refer to scap-security-guide(8) manual page for further information. %package doc -Summary: HTML formatted security guides generated from XCCDF benchmarks -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} +Summary: HTML formatted security guides generated from XCCDF benchmarks +Group: System Environment/Base +Requires: %{name} = %{version}-%{release} %description doc The %{name}-doc package contains HTML formatted documents containing @@ -63,11 +60,11 @@ Requires: %{name} = %{version}-%{release} %description extra The %{name}-extra package contains various situation guidebooks -%if %{defined rhel} +%if ( %{defined rhel} && (! %{defined centos}) ) %package rule-playbooks -Summary: Ansible playbooks per each rule. -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} +Summary: Ansible playbooks per each rule. +Group: System Environment/Base +Requires: %{name} = %{version}-%{release} %description rule-playbooks The %{name}-rule-playbooks package contains individual ansible playbooks per rule. @@ -82,7 +79,7 @@ cd build %cmake \ -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE \ -DSSG_PRODUCT_RHEL7:BOOLEAN=TRUE \ --DSSG_PRODUCT_RHEL8:BOOLEAN=TRUE -DSSG_ROCKY_LINUX_DERIVATIVES_ENABLED:BOOLEAN=TRUE:BOOLEAN=TRUE \ +-DSSG_PRODUCT_RHEL8:BOOLEAN=TRUE \ -DSSG_PRODUCT_FIREFOX:BOOLEAN=TRUE \ -DSSG_PRODUCT_JRE:BOOLEAN=TRUE \ -DSSG_PRODUCT_ANOLIS8:BOOLEAN=TRUE \ @@ -92,7 +89,7 @@ cd build -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF \ %endif -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF \ -%if %{defined rhel} +%if ( %{defined rhel} && (! %{defined centos}) ) -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON \ %endif ../ @@ -122,7 +119,7 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name %doc %{_docdir}/%{name}/LICENSE %doc %{_docdir}/%{name}/README.md %doc %{_docdir}/%{name}/Contributors.md -%if %{defined rhel} +%if ( %{defined rhel} && (! %{defined centos}) ) %exclude %{_datadir}/%{name}/ansible/rule_playbooks %endif @@ -137,17 +134,24 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name %{_datadir}/%{name}/tailoring/rhel* %{_datadir}/xml/scap/ssg/content/ssg-rhel* -%if %{defined rhel} +%if ( %{defined rhel} && (! %{defined centos}) ) %files rule-playbooks %defattr(-,root,root,-) %{_datadir}/%{name}/ansible/rule_playbooks %endif %changelog -* Tue Feb 27 2024 Chang Gao - 0.1.72-2.0.1 +* Mon Jul 22 2024 Chang Gao - 0.1.73-1.0.1 - Add extra package - Add product for Anolis8 (#9770)(Yuqing) +* Tue May 21 2024 Jan Černý - 0.1.73-1 +- Rebase scap-security-guide package to version 0.1.73 (RHEL-36733) +- Change crypto policy used in the CUI profile to FIPS (RHEL-30346) +- Fix file path identification in Rsyslog configuration (RHEL-17202) +- Use a correct chrony server address in STIG profile (RHEL-1814) +- Don't BuildRequire /usr/bin/python3 (RHEL-2244) + * Fri Feb 16 2024 Marcus Burghardt - 0.1.72-2 - Unlist profiles no longer maintained in RHEL8.