openSUSE Recommended Update: Recommended update for openscap ______________________________________________________________________________ Announcement ID: openSUSE-RU-2021:0011-1 Rating: moderate References: #1154380 #1155258 #1178301 #1180456 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for openscap fixes the following issues: OpenSCAP was updated to 1.3.4. - add CPE dict entries for openSUSE Leap 15.1 and 15.2 - add dbus-1-devel buildrequires to enable systemd tests (bsc#1178301) openscap 1.3.4: * New features - Add support for FreeBSD - Make use of HTTP header content-encoding: gzip if available - Improved yamlfilecontent: updated yaml-filter, extend the schema and probe to be able to work with a set of values in maps * Maintenance, bug fixes - A lot of memory leaks have been plugged - Refactored rpmverifyfile probe and fixed memory leak - Fixed SEGFAULT caused by recursive and circular dependencies between OVAL definitions - Fixed DOM representation of the profile platform - Test suit: better portability, more granularity in results, inclusion of memory-related tests - Compatibility with uClibc - Local and remote file system detection method was improved - Make the report a valid HTML5 document - openscap: DISA STIG Viewer URL reference changed (bsc#1180456) openscap 1.3.3: Notable improvements in this release: - a Python script that can be used for CLI tailoring (autotailor) (thank you, Mat��j T����); - timezone for XCCDF TestResult start and end time (thank you, Jan ��ern��); - new yamlfilecontent independent probe (draft implementation), see the proposal https://github.com/OVAL-Community/OVAL/issues/91 for additional information. There are other changes as well, here is the list: - Introduced `urn:xccdf:fix:script:kubernetes` fix type in XCCDF; - Added ability to generate `machineconfig` fix; - Detect ambiguous scan target (utils/oscap-podman); - Fixed #170: The rpmverifyfile probe can't verify files from '/bin' directory; - The data system_info probe return for offline and online modes is consistent and actual; - Prevent crashes when complicated regexes are executed in textfilecontent58 probe; - Fixed #1512: Severity refinement lost in generated guide; - Fixed #1453: Pointer lost in Swig API; - Evaluation Characteristics of the XCCDF report are now consistent with OVAL entities; from system_info probe; - Fixed filepath pattern matching in offline mode in textfilecontent58 probe; - Fixed infinite recursion in systemdunitdependency probe; - Fixed the case when CMake couldn't find libacl or xattr.h. This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-11=1 Package List: - openSUSE Leap 15.2 (x86_64): libopenscap25-1.3.4-lp152.2.3.1 libopenscap25-debuginfo-1.3.4-lp152.2.3.1 libopenscap_sce25-1.3.4-lp152.2.3.1 libopenscap_sce25-debuginfo-1.3.4-lp152.2.3.1 openscap-1.3.4-lp152.2.3.1 openscap-content-1.3.4-lp152.2.3.1 openscap-debuginfo-1.3.4-lp152.2.3.1 openscap-debugsource-1.3.4-lp152.2.3.1 openscap-devel-1.3.4-lp152.2.3.1 openscap-docker-1.3.4-lp152.2.3.1 openscap-utils-1.3.4-lp152.2.3.1 openscap-utils-debuginfo-1.3.4-lp152.2.3.1 References: https://bugzilla.suse.com/1154380 https://bugzilla.suse.com/1155258 https://bugzilla.suse.com/1178301 https://bugzilla.suse.com/1180456