From f76816eb61e691e0d5a453a38875cece29f7c7f9 Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Wed, 22 Oct 2025 13:43:26 +0300
Subject: [PATCH 1/2] Remove support for opensuse leap 42

---
 products/opensuse/product.yml                 | 15 -------
 .../oval/installed_OS_is_opensuse_leap42.xml  | 30 -------------
 tests/data/product_stability/opensuse.yml     | 44 +++++++------------
 3 files changed, 16 insertions(+), 73 deletions(-)
 delete mode 100644 shared/applicability/oval/installed_OS_is_opensuse_leap42.xml

diff --git a/products/opensuse/product.yml b/products/opensuse/product.yml
index 773a607e007..4739fd61b6f 100644
--- a/products/opensuse/product.yml
+++ b/products/opensuse/product.yml
@@ -13,21 +13,6 @@ init_system: "systemd"
 
 cpes_root: "../../shared/applicability"
 cpes:
-  - opensuse-42.1:
-      name: "cpe:/o:opensuse:leap:42.1"
-      title: "openSUSE Leap 42.1"
-      check_id: installed_OS_is_opensuse_leap42
-
-  - opensuse-42.2:
-      name: "cpe:/o:opensuse:leap:42.2"
-      title: "openSUSE Leap 42.2"
-      check_id: installed_OS_is_opensuse_leap42
-
-  - opensuse-42.3:
-      name: "cpe:/o:opensuse:leap:42.3"
-      title: "openSUSE Leap 42.3"
-      check_id: installed_OS_is_opensuse_leap42
-
   - opensuse-15:
       name: "cpe:/o:opensuse:leap:15.0"
       title: "openSUSE Leap 15.0"
diff --git a/shared/applicability/oval/installed_OS_is_opensuse_leap42.xml b/shared/applicability/oval/installed_OS_is_opensuse_leap42.xml
deleted file mode 100644
index f21d16e5053..00000000000
--- a/shared/applicability/oval/installed_OS_is_opensuse_leap42.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<def-group>
-  <definition class="inventory" id="installed_OS_is_opensuse_leap42" version="1">
-    <metadata>
-      <title>openSUSE Leap 42</title>
-      <affected family="unix">
-        <platform>multi_platform_all</platform>
-      </affected>
-      <reference ref_id="cpe:/o:opensuse:leap:42.1" source="CPE" />
-      <reference ref_id="cpe:/o:opensuse:leap:42.2" source="CPE" />
-      <reference ref_id="cpe:/o:opensuse:leap:42.3" source="CPE" />
-      <description>The operating system installed on the system is openSUSE Leap 42.</description>
-    </metadata>
-    <criteria operator="AND">
-      <extend_definition comment="openSUSE is installed" definition_ref="installed_OS_is_opensuse" />
-      <criterion comment="openSUSE Leap 42 is installed" test_ref="test_opensuse_leap42_installed" />
-    </criteria>
-  </definition>
-
-  <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="openSUSE Leap 42 is installed" id="test_opensuse_leap42_installed" version="1">
-    <linux:object object_ref="obj_opensuse_leap42_installed" />
-    <linux:state state_ref="state_opensuse_leap42_installed" />
-  </linux:rpminfo_test>
-  <linux:rpminfo_state id="state_opensuse_leap42_installed" version="1">
-    <linux:version operation="pattern match">^42.*$</linux:version>
-  </linux:rpminfo_state>
-  <linux:rpminfo_object id="obj_opensuse_leap42_installed" version="1">
-    <linux:name>openSUSE-release</linux:name>
-  </linux:rpminfo_object>
-
-</def-group>
diff --git a/tests/data/product_stability/opensuse.yml b/tests/data/product_stability/opensuse.yml
index c7ed8a6e142..bd49569e2f9 100644
--- a/tests/data/product_stability/opensuse.yml
+++ b/tests/data/product_stability/opensuse.yml
@@ -1,5 +1,5 @@
-aide_also_checks_audispd: 'yes'
-aide_also_checks_rsyslog: 'no'
+aide_also_checks_audispd: "yes"
+aide_also_checks_rsyslog: "no"
 aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide.conf
 audisp_conf_path: /etc/audit
@@ -16,26 +16,14 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: OPENSUSE
 benchmark_root: ../../linux_os/guide
-bootable_containers_supported: 'false'
+bootable_containers_supported: "false"
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:
-- opensuse-42.1:
-    check_id: installed_OS_is_opensuse_leap42
-    name: cpe:/o:opensuse:leap:42.1
-    title: openSUSE Leap 42.1
-- opensuse-42.2:
-    check_id: installed_OS_is_opensuse_leap42
-    name: cpe:/o:opensuse:leap:42.2
-    title: openSUSE Leap 42.2
-- opensuse-42.3:
-    check_id: installed_OS_is_opensuse_leap42
-    name: cpe:/o:opensuse:leap:42.3
-    title: openSUSE Leap 42.3
-- opensuse-15:
-    check_id: installed_OS_is_opensuse_leap15
-    name: cpe:/o:opensuse:leap:15.0
-    title: openSUSE Leap 15.0
+  - opensuse-15:
+      check_id: installed_OS_is_opensuse_leap15
+      name: cpe:/o:opensuse:leap:15.0
+      title: openSUSE Leap 15.0
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
 dynamic_uid_max: 65519
@@ -96,16 +84,16 @@ reference_uris:
   stigid: https://www.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
-sshd_distributed_config: 'false'
-sysctl_remediate_drop_in_file: 'false'
+sshd_distributed_config: "false"
+sysctl_remediate_drop_in_file: "false"
 target_oval_version:
-- 5
-- 11
-target_oval_version_str: '5.11'
+  - 5
+  - 11
+target_oval_version_str: "5.11"
 type: platform
 uid_min: 1000
 xwindows_packages:
-- xorg-x11-server-Xorg
-- xorg-x11-server-common
-- xorg-x11-server-utils
-- xorg-x11-server-Xwayland
+  - xorg-x11-server-Xorg
+  - xorg-x11-server-common
+  - xorg-x11-server-utils
+  - xorg-x11-server-Xwayland

From 8d8e6d676959a38e8f846099467289580107a689 Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Wed, 22 Oct 2025 16:57:28 +0300
Subject: [PATCH 2/2] Update opensuse cpes and add support for leap16 and
 tumbleweed

---
 products/opensuse/product.yml                 | 12 ++++++--
 .../oval/installed_OS_is_opensuse_leap15.xml  |  4 +--
 .../oval/installed_OS_is_opensuse_leap16.xml  | 28 +++++++++++++++++++
 tests/data/product_stability/opensuse.yml     | 12 ++++++--
 4 files changed, 50 insertions(+), 6 deletions(-)
 rename shared/{applicability => checks}/oval/installed_OS_is_opensuse_leap15.xml (85%)
 create mode 100644 shared/checks/oval/installed_OS_is_opensuse_leap16.xml

diff --git a/products/opensuse/product.yml b/products/opensuse/product.yml
index 4739fd61b6f..bb8e0cf2262 100644
--- a/products/opensuse/product.yml
+++ b/products/opensuse/product.yml
@@ -14,6 +14,14 @@ init_system: "systemd"
 cpes_root: "../../shared/applicability"
 cpes:
   - opensuse-15:
-      name: "cpe:/o:opensuse:leap:15.0"
-      title: "openSUSE Leap 15.0"
+      name: "cpe:/o:opensuse:leap:15"
+      title: "openSUSE Leap 15"
       check_id: installed_OS_is_opensuse_leap15
+  - opensuse-16:
+      name: "cpe:/o:opensuse:leap:16"
+      title: "openSUSE Leap 16"
+      check_id: installed_OS_is_opensuse_leap16
+  - opensuse-tumbleweed:
+      name: "cpe:/o:opensuse:tumbleweed"
+      title: "openSUSE Tumbleweed"
+      check_id: installed_OS_is_opensuse
diff --git a/shared/applicability/oval/installed_OS_is_opensuse_leap15.xml b/shared/checks/oval/installed_OS_is_opensuse_leap15.xml
similarity index 85%
rename from shared/applicability/oval/installed_OS_is_opensuse_leap15.xml
rename to shared/checks/oval/installed_OS_is_opensuse_leap15.xml
index 0a674e6c07f..042533ca210 100644
--- a/shared/applicability/oval/installed_OS_is_opensuse_leap15.xml
+++ b/shared/checks/oval/installed_OS_is_opensuse_leap15.xml
@@ -5,11 +5,11 @@
       <affected family="unix">
         <platform>multi_platform_all</platform>
       </affected>
-      <reference ref_id="cpe:/o:opensuse:leap:15.0" source="CPE" />
+      <reference ref_id="cpe:/o:opensuse:leap:15" source="CPE" />
       <description>The operating system installed on the system is openSUSE Leap 15.</description>
     </metadata>
     <criteria operator="AND">
-      <extend_definition comment="openSUSE is installed" definition_ref="installed_OS_is_opensuse" />
+      <extend_definition comment="Installed OS is part of the Unix family" definition_ref="installed_OS_is_part_of_Unix_family" />
       <criterion comment="openSUSE Leap 15 is installed" test_ref="test_opensuse_leap15_installed" />
     </criteria>
   </definition>
diff --git a/shared/checks/oval/installed_OS_is_opensuse_leap16.xml b/shared/checks/oval/installed_OS_is_opensuse_leap16.xml
new file mode 100644
index 00000000000..93519b61988
--- /dev/null
+++ b/shared/checks/oval/installed_OS_is_opensuse_leap16.xml
@@ -0,0 +1,28 @@
+<def-group>
+  <definition class="inventory" id="installed_OS_is_opensuse_leap16" version="1">
+    <metadata>
+      <title>openSUSE Leap 16</title>
+      <affected family="unix">
+        <platform>multi_platform_all</platform>
+      </affected>
+      <reference ref_id="cpe:/o:opensuse:leap:16" source="CPE" />
+      <description>The operating system installed on the system is openSUSE Leap 16.</description>
+    </metadata>
+    <criteria operator="AND">
+      <extend_definition comment="Installed OS is part of the Unix family" definition_ref="installed_OS_is_part_of_Unix_family" />
+      <criterion comment="openSUSE Leap 16 is installed" test_ref="test_opensuse_leap16_installed" />
+    </criteria>
+  </definition>
+
+  <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="openSUSE Leap 16 is installed" id="test_opensuse_leap16_installed" version="1">
+    <linux:object object_ref="obj_opensuse_leap16_installed" />
+    <linux:state state_ref="state_opensuse_leap16_installed" />
+  </linux:rpminfo_test>
+  <linux:rpminfo_state id="state_opensuse_leap16_installed" version="1">
+    <linux:version operation="pattern match">^16.*$</linux:version>
+  </linux:rpminfo_state>
+  <linux:rpminfo_object id="obj_opensuse_leap16_installed" version="1">
+    <linux:name>Leap-release</linux:name>
+  </linux:rpminfo_object>
+
+</def-group>
diff --git a/tests/data/product_stability/opensuse.yml b/tests/data/product_stability/opensuse.yml
index bd49569e2f9..36f1cdb2d0f 100644
--- a/tests/data/product_stability/opensuse.yml
+++ b/tests/data/product_stability/opensuse.yml
@@ -22,8 +22,16 @@ chrony_d_path: /etc/chrony.d/
 cpes:
   - opensuse-15:
       check_id: installed_OS_is_opensuse_leap15
-      name: cpe:/o:opensuse:leap:15.0
-      title: openSUSE Leap 15.0
+      name: cpe:/o:opensuse:leap:15
+      title: openSUSE Leap 15
+  - opensuse-16:
+      check_id: installed_OS_is_opensuse_leap16
+      name: cpe:/o:opensuse:leap:16
+      title: openSUSE Leap 16
+  - opensuse-tumbleweed:
+      check_id: installed_OS_is_opensuse
+      name: cpe:/o:opensuse:tumbleweed
+      title: openSUSE Tumbleweed
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
 dynamic_uid_max: 65519