Hello community, here is the log from the commit of package lynis for openSUSE:Factory checked in at 2015-02-18 11:39:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lynis (Old) and /work/SRC/openSUSE:Factory/.lynis.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "lynis" Changes: -------- --- /work/SRC/openSUSE:Factory/lynis/lynis.changes 2014-12-21 12:04:28.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.lynis.new/lynis.changes 2015-02-18 12:09:04.000000000 +0100 @@ -1,0 +2,57 @@ +Tue Feb 17 12:32:20 UTC 2015 - astieger@suse.com + +- lynis 1.6.4: + * New: + + Boot loader detection for AIX + + Detection of getcap and lsvg binary + + Added filesystem_ext to report + + Detect rootsh + * Changes: + + Hide errors when RPM database is faulty and show suggestion instead + + Allow OpenBSD to gather information on listening network ports + + Don't trigger warning for Shellshock when doing segfault test + + Do not run Apache test on OpenBSD and strip control chars + + Extended AIDE test with configuration validation test + + Improved Shellshock test regarding non-Linux support + + Added support for gathering volume groups on AIX + + Properly parse PAM lines and add them to report + + Support for boot loader detection on OpenBSD + + Added uptime detection for OpenBSD systems + + Support for volume groups on AIX + + Redirect errors when searching for readlink binary +- includes changes from 1.6.3: + * New: + + Added tests for Shellshock bash vulnerability + + Added test to determine if Snoopy is used + + New test for qdaemon configuration file + + Test for GRUB boot loader password + + New test for qdaemon printer jobs + + Added ClamXav test for Mac OS X + + Gentoo vulnerable packages test + + New test for qdaemon status + + Gentoo package listing + + Running Lynis without root permissions will start non-privileged scan + + Systemd service and timer example file added + + Added grub2-install to binaries + * Changes: + + Adjustments so insecure SSL protocols are detected in nginx config + + Directories will be skipped when searching for nginx log files + + Only gather unique name servers from /etc/resolv.conf + + Properly detect mod_evasive on Gentoo and others + + Improved swap partition detection in /etc/fstab + + Improvements to kernel detection (e.g. Gentoo) + + Test for built-in security options in YUM + + Improved boot loader detection for GRUB2 + + Split GRUB test into two tests + + Added Mac OS uptime check + + Improved GetHostID function for systems having only ip binary + + Improved testing for symlinked binary directories + + Minor adjustments to log output + + Renamed dev directory to extras +- verify source signature +- adjust permissions of items in /usr/share/lynis/include/consts + to match those requested by main executable +- run spec_cleaner + + +------------------------------------------------------------------- Old: ---- lynis-1.6.2.tar.gz New: ---- lynis-1.6.4.tar.gz lynis-1.6.4.tar.gz.asc lynis.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lynis.spec ++++++ --- /var/tmp/diff_new_pack.LLt4Nl/_old 2015-02-18 12:09:05.000000000 +0100 +++ /var/tmp/diff_new_pack.LLt4Nl/_new 2015-02-18 12:09:05.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package lynis # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2009-2013 Sascha Manns <saigkill@opensuse.org> # # All modifications and additions to the file contributed by third parties @@ -19,20 +19,18 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - -%define _includedir /usr/share/lynis/include -%define _pluginsdir /usr/share/lynis/plugins -%define _dbdir /usr/share/lynis/db -%define _bindir /usr/bin - +%define _includedir %{_datadir}/lynis/include +%define _pluginsdir %{_datadir}/lynis/plugins +%define _dbdir %{_datadir}/lynis/db +%define _bindir %{_prefix}/bin Name: lynis -Version: 1.6.2 -Release: 1 +Version: 1.6.4 +Release: 0 Summary: Security and System auditing tool License: GPL-3.0 Group: System/Monitoring -Url: http://www.rootkit.nl/projects/lynis.html -Source0: http://cisofy.com/files/%{name}-%{version}.tar.gz +Url: https://cisofy.com/lynis/ +Source0: https://cisofy.com/files/%{name}-%{version}.tar.gz Source1: default.prf Source2: tests_binary_rpath Source3: tests_file_permissionsDB @@ -45,6 +43,8 @@ Source10: prepare_for_suse.sh Source11: dbus-whitelist.db.openSUSE_12.2_x86_64 Source12: fileperms.db.openSUSE_12.2_x86_64 +Source13: https://cisofy.com/files/%{name}-%{version}.tar.gz.asc +Source14: https://cisofy.com/files/cisofy-software.pub#/%{name}.keyring # PATCH-OPENSUSE-FIX -- thomas@novell.com - modifying for openSUSE Patch0: %{name}_1.3.5_lynis.diff # PATCH-OPENSUSE-FIX -- thomas@novell.com - modifying for openSUSE @@ -52,13 +52,14 @@ Patch5: %{name}_1.3.6_include-osdetection.diff BuildRequires: gcc-c++ BuildRequires: libxml2-devel -PreReq: %fillup_prereq Requires: bash Requires: cron Requires: findutils Requires: logrotate Requires: netcfg Requires: wget +# FIXME: use proper Requires(pre/post/preun/...) +PreReq: %fillup_prereq BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -72,8 +73,6 @@ Lynis is released as a GPL licensed project and free for everyone to use. -See http://www.rootkit.nl for a full description and documentation. - %prep %setup -q -n %{name} %patch0 @@ -85,35 +84,35 @@ %install # Install Profile (default.prf) -%__install -d %{buildroot}%{_sysconfdir}/%{name} -%__install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/default.prf +install -d %{buildroot}%{_sysconfdir}/%{name} +install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/default.prf # install binary -%__install -d %{buildroot}%{_bindir} -%__install -d %{buildroot}%{_datadir}/%{name} -%__install %{name} %{buildroot}%{_bindir} -%__install %{SOURCE10} %{buildroot}%{_datadir}/%{name} +install -d %{buildroot}%{_bindir} +install -d %{buildroot}%{_datadir}/%{name} +install %{name} %{buildroot}%{_bindir} +install %{SOURCE10} %{buildroot}%{_datadir}/%{name} # install man-page -%__install -d %{buildroot}%{_mandir}/man8 -%__install -pm 644 %{name}.8 %{buildroot}%{_mandir}/man8 +install -d %{buildroot}%{_mandir}/man8 +install -pm 644 %{name}.8 %{buildroot}%{_mandir}/man8 # install functions/includes -%__install -d %{buildroot}%{_includedir} -%__install include/* %{buildroot}%{_includedir} -%__install %{SOURCE2} %{buildroot}%{_includedir} -%__install %{SOURCE3} %{buildroot}%{_includedir} -%__install %{SOURCE4} %{buildroot}%{_includedir} -%__install %{SOURCE5} %{buildroot}%{_includedir} -%__install %{SOURCE6} %{buildroot}%{_includedir} -%__install %{SOURCE7} %{buildroot}%{_includedir} -%__install %{SOURCE8} %{buildroot}%{_includedir} -%__install %{SOURCE9} %{buildroot}%{_includedir} +install -d %{buildroot}%{_includedir} +install include/* %{buildroot}%{_includedir} +install %{SOURCE2} %{buildroot}%{_includedir} +install %{SOURCE3} %{buildroot}%{_includedir} +install %{SOURCE4} %{buildroot}%{_includedir} +install %{SOURCE5} %{buildroot}%{_includedir} +install %{SOURCE6} %{buildroot}%{_includedir} +install %{SOURCE7} %{buildroot}%{_includedir} +install %{SOURCE8} %{buildroot}%{_includedir} +install %{SOURCE9} %{buildroot}%{_includedir} # install plugins -%__install -d %{buildroot}%{_pluginsdir} -%__install -pm 644 plugins/* %{buildroot}%{_pluginsdir} +install -d %{buildroot}%{_pluginsdir} +install -pm 644 plugins/* %{buildroot}%{_pluginsdir} # install database files -%__install -d %{buildroot}%{_dbdir} -%__install -pm 644 db/* %{buildroot}%{_dbdir} -%__install -pm 644 %{SOURCE11} %{buildroot}%{_dbdir}/dbus-whitelist.db -%__install -pm 644 %{SOURCE12} %{buildroot}%{_dbdir}/fileperms.db +install -d %{buildroot}%{_dbdir} +install -pm 644 db/* %{buildroot}%{_dbdir} +install -pm 644 %{SOURCE11} %{buildroot}%{_dbdir}/dbus-whitelist.db +install -pm 644 %{SOURCE12} %{buildroot}%{_dbdir}/fileperms.db #rm %{buildroot}%{_dbdir}/fileperms.db #ln -s $(basename %{SOURCE11}) %{_dbdir}/dbus-whitelist.db #ln -s $(basename %{SOURCE12}) %{_dbdir}/fileperms.db @@ -134,6 +133,7 @@ %dir %{_datadir}/%{name} %dir %{_datadir}/%{name}/db %dir %{_datadir}/%{name}/include +%attr(640,root,root) %{_datadir}/%{name}/include/* %dir %{_datadir}/%{name}/plugins %doc CHANGELOG FAQ LICENSE README %doc %{_mandir}/man8/%{name}.8.* ++++++ lynis-1.6.2.tar.gz -> lynis-1.6.4.tar.gz ++++++ ++++ 4005 lines of diff (skipped) ++++++ lynis_1.3.1_include_consts.diff ++++++ --- /var/tmp/diff_new_pack.LLt4Nl/_old 2015-02-18 12:09:05.000000000 +0100 +++ /var/tmp/diff_new_pack.LLt4Nl/_new 2015-02-18 12:09:05.000000000 +0100 @@ -2,7 +2,7 @@ =================================================================== --- include/consts.orig +++ include/consts -@@ -71,6 +71,7 @@ unset LANG +@@ -72,6 +72,7 @@ unset LANG CHKROOTKITBINARY="" CHKCONFIGBINARY="" FILEVALUE="" ++++++ lynis_1.3.5_lynis.diff ++++++ --- /var/tmp/diff_new_pack.LLt4Nl/_old 2015-02-18 12:09:05.000000000 +0100 +++ /var/tmp/diff_new_pack.LLt4Nl/_new 2015-02-18 12:09:05.000000000 +0100 @@ -2,7 +2,7 @@ =================================================================== --- lynis.orig +++ lynis -@@ -716,7 +716,9 @@ +@@ -707,7 +707,9 @@ webservers ssh snmp databases ldap php squid logging \ insecure_services banners scheduling accounting \ time crypto virtualization mac_frameworks file_integrity hardening_tools tooling \ -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org