** Patch added: "rev1 rebase debdiff over sid" https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1931618/+attachment/5503887/+files/openscap-1.3.4.sid-to-impish-rev1.debdiff
** Description changed: In the interest of long-term maintainability ahead of Ubuntu 22.04 release, the Security team would like to propose rebasing to upstream OpenSCAP 1.3.4 release as has presently landed in Debian. Upstream, OpenSCAP is a Red Hat maintained project. Version 1.2.x (as currently present in Ubuntu releases) aligns with RHEL 7. Version 1.3.x has shipped in RHEL 8 and is currently in Fedora ELN (slated for RHEL 9). Since RHEL 7 has left active feature development, it makes sense for new Ubuntu releases to move to the active 1.3.x version. Additionally, 1.3.x features several enhancements and bug fixes over the 1.2.x branch. Debian has picked up OpenSCAP 1.3.4 prior to the recent upstream 1.3.5 release. While these changes are helpful (including SCAP 1.3 which brings in mandatory OVAL 5.11.x support), we feel it is more important to follow Debian's lead in this instance. Additionally, even older 1.2.x versions of OpenSCAP support OVAL 5.11.x content in SCAP 1.2 content, making this a lower concern. Changes over Debian's 1.3.4 include: - - Shipping autotailor, a utility to tailor XCCDF files (changing variables and selecting/deselecting rules in an XCCDF profile), including manpage. - - Shipping helper function oscap-run-sce-script that was missed in packaging. This utility helps when SCE content is shipped without executable permissions. - - Pulling in the dpkg verison comparison patches from Hirsute. + - Shipping autotailor, a utility to tailor XCCDF files (changing variables and selecting/deselecting rules in an XCCDF profile), including manpage. + - Shipping helper function oscap-run-sce-script that was missed in packaging. This utility helps when SCE content is shipped without executable permissions. + - Pulling in the dpkg verison comparison patches from Hirsute. Note that the dpkg version comparison patches have landed upstream in the 1.3.5 release and so should eventually be dropped were we to rebase in the future. All other hirsute patches have been dropped as they have been picked up by this release. + This rebase has been sanity-tested against building ComplianceAsCode/content and no errors reported. At this time, the Security team does not have any Impish content and thus cannot test scanner functionality against this release. + + Thanks, Alex ** Description changed: In the interest of long-term maintainability ahead of Ubuntu 22.04 release, the Security team would like to propose rebasing to upstream OpenSCAP 1.3.4 release as has presently landed in Debian. Upstream, OpenSCAP is a Red Hat maintained project. Version 1.2.x (as currently present in Ubuntu releases) aligns with RHEL 7. Version 1.3.x has shipped in RHEL 8 and is currently in Fedora ELN (slated for RHEL 9). Since RHEL 7 has left active feature development, it makes sense for new Ubuntu releases to move to the active 1.3.x version. Additionally, 1.3.x features several enhancements and bug fixes over the 1.2.x branch. Debian has picked up OpenSCAP 1.3.4 prior to the recent upstream 1.3.5 release. While these changes are helpful (including SCAP 1.3 which brings in mandatory OVAL 5.11.x support), we feel it is more important to follow Debian's lead in this instance. Additionally, even older 1.2.x versions of OpenSCAP support OVAL 5.11.x content in SCAP 1.2 content, making this a lower concern. Changes over Debian's 1.3.4 include: - Shipping autotailor, a utility to tailor XCCDF files (changing variables and selecting/deselecting rules in an XCCDF profile), including manpage. - Shipping helper function oscap-run-sce-script that was missed in packaging. This utility helps when SCE content is shipped without executable permissions. - Pulling in the dpkg verison comparison patches from Hirsute. Note that the dpkg version comparison patches have landed upstream in the 1.3.5 release and so should eventually be dropped were we to rebase in the future. All other hirsute patches have been dropped as they have been picked up by this release. + This rebase has been sanity-tested against building + ComplianceAsCode/content and no errors reported. At this time, the + Security team does not have any Impish content and thus cannot test + scanner functionality against this release. - This rebase has been sanity-tested against building ComplianceAsCode/content and no errors reported. At this time, the Security team does not have any Impish content and thus cannot test scanner functionality against this release. + + A PPA containing this build can be found here: https://launchpad.net/~cipherboy/+archive/ubuntu/scap/+build/21682204 Thanks, Alex -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1931618 Title: openscap 1.3.4 rebase+merge from sid To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1931618/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
