{"diffoscope-json-version": 1, "source1": "/srv/reproducible-results/rbuild-debian/r-b-build.QqFMbGIy/b1/scap-security-guide_0.1.78-1_arm64.changes", "source2": "/srv/reproducible-results/rbuild-debian/r-b-build.QqFMbGIy/b2/scap-security-guide_0.1.78-1_arm64.changes", "unified_diff": null, "details": [{"source1": "Files", "source2": "Files", "unified_diff": "@@ -1,6 +1,6 @@\n \n  9ba708400d9478b0e7b2967ff9944aee 153564 admin optional ssg-applications_0.1.78-1_all.deb\n  532111b3db0ce4886d0faa619666125b 32876 admin optional ssg-base_0.1.78-1_all.deb\n  a5083fde718989b0ace1e497373c6749 2380448 admin optional ssg-debderived_0.1.78-1_all.deb\n  65e6defd051759671bb2320f5dd7b1ec 2586744 admin optional ssg-debian_0.1.78-1_all.deb\n- 54e79bd81b41a249b35b79fb27eae2ce 39973256 admin optional ssg-nondebian_0.1.78-1_all.deb\n+ 61c2595615beca19a130ecdd870c60fe 39973268 admin optional ssg-nondebian_0.1.78-1_all.deb\n"}, {"source1": "ssg-nondebian_0.1.78-1_all.deb", "source2": "ssg-nondebian_0.1.78-1_all.deb", "unified_diff": null, "details": [{"source1": "file list", "source2": "file list", "unified_diff": "@@ -1,3 +1,3 @@\n -rw-r--r--   0        0        0        4 2025-09-12 08:13:30.000000 debian-binary\n -rw-r--r--   0        0        0    18848 2025-09-12 08:13:30.000000 control.tar.xz\n--rw-r--r--   0        0        0 39954216 2025-09-12 08:13:30.000000 data.tar.xz\n+-rw-r--r--   0        0        0 39954228 2025-09-12 08:13:30.000000 data.tar.xz\n"}, {"source1": "control.tar.xz", "source2": "control.tar.xz", "unified_diff": null, "details": [{"source1": "control.tar", "source2": "control.tar", "unified_diff": null, "details": [{"source1": "./md5sums", "source2": "./md5sums", "unified_diff": null, "details": [{"source1": "./md5sums", "source2": "./md5sums", "comments": ["Files differ"], "unified_diff": null}]}]}]}, {"source1": "data.tar.xz", "source2": "data.tar.xz", "unified_diff": null, "details": [{"source1": "data.tar", "source2": "data.tar", "unified_diff": null, "details": [{"source1": "./usr/share/doc/ssg-nondebian/table-ol7-nistrefs-stig.html", "source2": "./usr/share/doc/ssg-nondebian/table-ol7-nistrefs-stig.html", "has_internal_linenos": true, "unified_diff": "@@ -8559,18 +8559,18 @@\n 000216e0: 6b0a 616e 6420 7573 6520 7468 6520 696e  k.and use the in\n 000216f0: 666f 726d 6174 696f 6e20 746f 2070 6f74  formation to pot\n 00021700: 656e 7469 616c 6c79 2063 6f6d 7072 6f6d  entially comprom\n 00021710: 6973 6520 7468 6520 696e 7465 6772 6974  ise the integrit\n 00021720: 7920 6f66 2074 6865 2073 7973 7465 6d20  y of the system \n 00021730: 616e 640a 6e65 7477 6f72 6b28 7329 2e0a  and.network(s)..\n 00021740: 2020 3c2f 7464 3e0a 2020 3c74 643e 7661    </td>.  <td>va\n-00021750: 725f 736e 6d70 645f 726f 5f73 7472 696e  r_snmpd_ro_strin\n-00021760: 673d 6368 616e 6765 6d65 726f 3c62 722f  g=changemero<br/\n-00021770: 3e76 6172 5f73 6e6d 7064 5f72 775f 7374  >var_snmpd_rw_st\n-00021780: 7269 6e67 3d63 6861 6e67 656d 6572 773c  ring=changemerw<\n+00021750: 725f 736e 6d70 645f 7277 5f73 7472 696e  r_snmpd_rw_strin\n+00021760: 673d 6368 616e 6765 6d65 7277 3c62 722f  g=changemerw<br/\n+00021770: 3e76 6172 5f73 6e6d 7064 5f72 6f5f 7374  >var_snmpd_ro_st\n+00021780: 7269 6e67 3d63 6861 6e67 656d 6572 6f3c  ring=changemero<\n 00021790: 2f74 643e 0a3c 2f74 723e 0a3c 7472 3e0a  /td>.</tr>.<tr>.\n 000217a0: 2020 3c74 643e 5343 2d35 3c2f 7464 3e0a    <td>SC-5</td>.\n 000217b0: 2020 3c74 643e 4e2f 413c 2f74 643e 0a20    <td>N/A</td>. \n 000217c0: 203c 7464 3e43 6f6e 6669 6775 7265 204b   <td>Configure K\n 000217d0: 6572 6e65 6c20 746f 2052 6174 6520 4c69  ernel to Rate Li\n 000217e0: 6d69 7420 5365 6e64 696e 6720 6f66 2044  mit Sending of D\n 000217f0: 7570 6c69 6361 7465 2054 4350 2041 636b  uplicate TCP Ack\n", "details": [{"source1": "html2text {}", "source2": "html2text {}", "unified_diff": "@@ -2893,16 +2893,16 @@\n                                                                               network management\n                                                                               protocol (SNMP)\n                                                                               community strings\n                                                                               must be changed to\n                                   Edit /etc/snmp/snmpd.conf, remove or change maintain security.\n                                   the default community strings of public and If the service is\n                                   private. This profile configures new read-  running with the\n-        N/ Ensure Default SNMP    only community string to changemero and     default             var_snmpd_ro_string=changemero\n-IA-5(e) A  Password Is Not Used   read-write community string to changemerw.  authenticators,     var_snmpd_rw_string=changemerw\n+        N/ Ensure Default SNMP    only community string to changemero and     default             var_snmpd_rw_string=changemerw\n+IA-5(e) A  Password Is Not Used   read-write community string to changemerw.  authenticators,     var_snmpd_ro_string=changemero\n                                   Once the default community strings have     then anyone can\n                                   been changed, restart the SNMP service:     gather data about\n                                   $ sudo systemctl restart snmpd              the system and the\n                                                                               network and use the\n                                                                               information to\n                                                                               potentially\n                                                                               compromise the\n"}]}, {"source1": "./usr/share/doc/ssg-nondebian/table-ol7-nistrefs-stig_gui.html", "source2": "./usr/share/doc/ssg-nondebian/table-ol7-nistrefs-stig_gui.html", "has_internal_linenos": true, "unified_diff": "@@ -8560,19 +8560,19 @@\n 000216f0: 6f72 6b0a 616e 6420 7573 6520 7468 6520  ork.and use the \n 00021700: 696e 666f 726d 6174 696f 6e20 746f 2070  information to p\n 00021710: 6f74 656e 7469 616c 6c79 2063 6f6d 7072  otentially compr\n 00021720: 6f6d 6973 6520 7468 6520 696e 7465 6772  omise the integr\n 00021730: 6974 7920 6f66 2074 6865 2073 7973 7465  ity of the syste\n 00021740: 6d20 616e 640a 6e65 7477 6f72 6b28 7329  m and.network(s)\n 00021750: 2e0a 2020 3c2f 7464 3e0a 2020 3c74 643e  ..  </td>.  <td>\n-00021760: 7661 725f 736e 6d70 645f 726f 5f73 7472  var_snmpd_ro_str\n-00021770: 696e 673d 6368 616e 6765 6d65 726f 3c62  ing=changemero<b\n-00021780: 722f 3e76 6172 5f73 6e6d 7064 5f72 775f  r/>var_snmpd_rw_\n+00021760: 7661 725f 736e 6d70 645f 7277 5f73 7472  var_snmpd_rw_str\n+00021770: 696e 673d 6368 616e 6765 6d65 7277 3c62  ing=changemerw<b\n+00021780: 722f 3e76 6172 5f73 6e6d 7064 5f72 6f5f  r/>var_snmpd_ro_\n 00021790: 7374 7269 6e67 3d63 6861 6e67 656d 6572  string=changemer\n-000217a0: 773c 2f74 643e 0a3c 2f74 723e 0a3c 7472  w</td>.</tr>.<tr\n+000217a0: 6f3c 2f74 643e 0a3c 2f74 723e 0a3c 7472  o</td>.</tr>.<tr\n 000217b0: 3e0a 2020 3c74 643e 5343 2d35 3c2f 7464  >.  <td>SC-5</td\n 000217c0: 3e0a 2020 3c74 643e 4e2f 413c 2f74 643e  >.  <td>N/A</td>\n 000217d0: 0a20 203c 7464 3e43 6f6e 6669 6775 7265  .  <td>Configure\n 000217e0: 204b 6572 6e65 6c20 746f 2052 6174 6520   Kernel to Rate \n 000217f0: 4c69 6d69 7420 5365 6e64 696e 6720 6f66  Limit Sending of\n 00021800: 2044 7570 6c69 6361 7465 2054 4350 2041   Duplicate TCP A\n 00021810: 636b 6e6f 776c 6564 676d 656e 7473 3c2f  cknowledgments</\n", "details": [{"source1": "html2text {}", "source2": "html2text {}", "unified_diff": "@@ -2893,16 +2893,16 @@\n                                                                               network management\n                                                                               protocol (SNMP)\n                                                                               community strings\n                                                                               must be changed to\n                                   Edit /etc/snmp/snmpd.conf, remove or change maintain security.\n                                   the default community strings of public and If the service is\n                                   private. This profile configures new read-  running with the\n-        N/ Ensure Default SNMP    only community string to changemero and     default             var_snmpd_ro_string=changemero\n-IA-5(e) A  Password Is Not Used   read-write community string to changemerw.  authenticators,     var_snmpd_rw_string=changemerw\n+        N/ Ensure Default SNMP    only community string to changemero and     default             var_snmpd_rw_string=changemerw\n+IA-5(e) A  Password Is Not Used   read-write community string to changemerw.  authenticators,     var_snmpd_ro_string=changemero\n                                   Once the default community strings have     then anyone can\n                                   been changed, restart the SNMP service:     gather data about\n                                   $ sudo systemctl restart snmpd              the system and the\n                                                                               network and use the\n                                                                               information to\n                                                                               potentially\n                                                                               compromise the\n"}]}, {"source1": "./usr/share/doc/ssg-nondebian/table-ol8-nistrefs-ospp.html", "source2": "./usr/share/doc/ssg-nondebian/table-ol8-nistrefs-ospp.html", "unified_diff": "@@ -4076,15 +4076,15 @@\n <tt>RekeyLimit</tt>.\n   </td>\n   <td xml:lang=\"en-US\">\n By decreasing the limit based on the amount of data and enabling\n time-based limit, effects of potential attacks against\n encryption keys are limited.\n   </td>\n-  <td>var_ssh_client_rekey_limit_time=1hour<br/>var_ssh_client_rekey_limit_size=1G</td>\n+  <td>var_ssh_client_rekey_limit_size=1G<br/>var_ssh_client_rekey_limit_time=1hour</td>\n </tr>\n <tr>\n   <td></td>\n   <td>N/A</td>\n   <td>SSH client uses strong entropy to seed (for CSH like shells)</td>\n   <td xml:lang=\"en-US\">\n To set up SSH client to use entropy from a high-quality source, make sure\n@@ -4139,15 +4139,15 @@\n <pre>RekeyLimit <tt>1G</tt> <tt>1hour</tt></pre>\n   </td>\n   <td xml:lang=\"en-US\">\n By decreasing the limit based on the amount of data and enabling\n time-based limit, effects of potential attacks against\n encryption keys are limited.\n   </td>\n-  <td>var_rekey_limit_time=1hour<br/>var_rekey_limit_size=1G</td>\n+  <td>var_rekey_limit_size=1G<br/>var_rekey_limit_time=1hour</td>\n </tr>\n <tr>\n   <td></td>\n   <td>N/A</td>\n   <td>SSH server uses strong entropy to seed</td>\n   <td xml:lang=\"en-US\">\n To set up SSH server to use entropy from a high-quality source, edit the <tt>/etc/sysconfig/sshd</tt> file.\n", "details": [{"source1": "html2text {}", "source2": "html2text {}", "unified_diff": "@@ -3343,16 +3343,16 @@\n                                                                                                                   options, which can\n                                                                                                                   help protect\n                                                                                                                   programs which use\n                                                                                                                   it.\n                          The RekeyLimit parameter specifies how often the session key is renegotiated, both in    By decreasing the\n                          terms of amount of data that may be transmitted and the time elapsed. To decrease the    limit based on the\n         Configure        default limits, put line RekeyLimit 1G 1hour to file /etc/ssh/ssh_config.d/02-rekey-     amount of data and\n-     N/ session          limit.conf. Make sure that there is no other RekeyLimit configuration preceding the      enabling time-based var_ssh_client_rekey_limit_time=1hour\n-     A  renegotiation    include directive in the main config file /etc/ssh/ssh_config. Check also other files in limit, effects of   var_ssh_client_rekey_limit_size=1G\n+     N/ session          limit.conf. Make sure that there is no other RekeyLimit configuration preceding the      enabling time-based var_ssh_client_rekey_limit_size=1G\n+     A  renegotiation    include directive in the main config file /etc/ssh/ssh_config. Check also other files in limit, effects of   var_ssh_client_rekey_limit_time=1hour\n         for SSH client   /etc/ssh/ssh_config.d directory. Files are processed according to lexicographical order  potential attacks\n                          of file names. Make sure that there is no file processed before 02-rekey-limit.conf      against encryption\n                          containing definition of RekeyLimit.                                                     keys are limited.\n                                                                                                                   Some SSH\n                                                                                                                   implementations use\n                                                                                                                   the openssl library\n                                                                                                                   for entropy, which\n@@ -3403,16 +3403,16 @@\n                                                                                                                   generator used by\n                                                                                                                   SSH would be known\n                                                                                                                   to potential\n                                                                                                                   attackers.\n                                                                                                                   By decreasing the\n                          The RekeyLimit parameter specifies how often the session key of the is renegotiated,     limit based on the\n         Force frequent   both in terms of amount of data that may be transmitted and the time elapsed.            amount of data and\n-     N/ session key      To decrease the default limits, add or correct the following line in /etc/ssh/           enabling time-based var_rekey_limit_time=1hour\n-     A  renegotiation    sshd_config:                                                                             limit, effects of   var_rekey_limit_size=1G\n+     N/ session key      To decrease the default limits, add or correct the following line in /etc/ssh/           enabling time-based var_rekey_limit_size=1G\n+     A  renegotiation    sshd_config:                                                                             limit, effects of   var_rekey_limit_time=1hour\n                          RekeyLimit 1G 1hour                                                                      potential attacks\n                                                                                                                   against encryption\n                                                                                                                   keys are limited.\n                                                                                                                   SSH implementation\n                                                                                                                   in Oracle Linux 8\n                                                                                                                   uses the openssl\n                                                                                                                   library, which\n"}]}, {"source1": "./usr/share/doc/ssg-nondebian/table-rhel8-nistrefs-ospp.html", "source2": "./usr/share/doc/ssg-nondebian/table-rhel8-nistrefs-ospp.html", "unified_diff": "@@ -4146,15 +4146,15 @@\n <pre>RekeyLimit <tt>1G</tt> <tt>1hour</tt></pre>\n   </td>\n   <td xml:lang=\"en-US\">\n By decreasing the limit based on the amount of data and enabling\n time-based limit, effects of potential attacks against\n encryption keys are limited.\n   </td>\n-  <td>var_rekey_limit_time=1hour<br/>var_rekey_limit_size=1G</td>\n+  <td>var_rekey_limit_size=1G<br/>var_rekey_limit_time=1hour</td>\n </tr>\n <tr>\n   <td></td>\n   <td>CCE-82462-3</td>\n   <td>SSH server uses strong entropy to seed</td>\n   <td xml:lang=\"en-US\">\n To set up SSH server to use entropy from a high-quality source, edit the <tt>/etc/sysconfig/sshd</tt> file.\n", "details": [{"source1": "html2text {}", "source2": "html2text {}", "unified_diff": "@@ -3418,16 +3418,16 @@\n                                                                                                                       generator used by\n                                                                                                                       SSH would be known\n                                                                                                                       to potential\n                                                                                                                       attackers.\n                                                                                                                       By decreasing the\n                              The RekeyLimit parameter specifies how often the session key of the is renegotiated,     limit based on the\n      CCE-   Force frequent   both in terms of amount of data that may be transmitted and the time elapsed.            amount of data and\n-     82177- session key      To decrease the default limits, add or correct the following line in /etc/ssh/           enabling time-based var_rekey_limit_time=1hour\n-     7      renegotiation    sshd_config:                                                                             limit, effects of   var_rekey_limit_size=1G\n+     82177- session key      To decrease the default limits, add or correct the following line in /etc/ssh/           enabling time-based var_rekey_limit_size=1G\n+     7      renegotiation    sshd_config:                                                                             limit, effects of   var_rekey_limit_time=1hour\n                              RekeyLimit 1G 1hour                                                                      potential attacks\n                                                                                                                       against encryption\n                                                                                                                       keys are limited.\n                                                                                                                       SSH implementation\n                                                                                                                       in Red Hat\n                                                                                                                       Enterprise Linux 8\n                                                                                                                       uses the openssl\n"}]}, {"source1": "./usr/share/scap-security-guide/tailoring/ol8_stig_delta_tailoring.xml", "source2": "./usr/share/scap-security-guide/tailoring/ol8_stig_delta_tailoring.xml", "unified_diff": null, "details": [{"source1": "./usr/share/scap-security-guide/tailoring/ol8_stig_delta_tailoring.xml", "source2": "./usr/share/scap-security-guide/tailoring/ol8_stig_delta_tailoring.xml", "unified_diff": "@@ -1,10 +1,10 @@\n <?xml version=\"1.0\" encoding=\"utf-8\"?>\n <xccdf-1.2:Tailoring xmlns:xccdf-1.2=\"http://checklists.nist.gov/xccdf/1.2\" id=\"xccdf_content-disa-delta_tailoring_default\">\n-  <xccdf-1.2:version time=\"2025-09-11T20:13:30\">1</xccdf-1.2:version>\n+  <xccdf-1.2:version time=\"2025-09-12T22:13:30\">1</xccdf-1.2:version>\n   <xccdf-1.2:Profile id=\"xccdf_org.ssgproject.content_profile_stig_delta_tailoring\" extends=\"xccdf_org.ssgproject.content_profile_stig\">\n     <xccdf-1.2:title override=\"true\">DISA STIG for Oracle Linux 8</xccdf-1.2:title>\n     <xccdf-1.2:description override=\"true\">This profile contains configuration checks that align to the\n DISA STIG for Oracle Linux 8 V2R4.</xccdf-1.2:description>\n     <xccdf-1.2:select idref=\"xccdf_org.ssgproject.content_rule_account_disable_inactivity_password_auth\" selected=\"false\"/>\n     <xccdf-1.2:select idref=\"xccdf_org.ssgproject.content_rule_account_disable_inactivity_system_auth\" selected=\"false\"/>\n     <xccdf-1.2:select idref=\"xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration\" selected=\"false\"/>\n"}]}, {"source1": "./usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml", "source2": "./usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml", "unified_diff": null, "details": [{"source1": "./usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml", "source2": "./usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml", "unified_diff": "@@ -1,10 +1,10 @@\n <?xml version=\"1.0\" encoding=\"utf-8\"?>\n <xccdf-1.2:Tailoring xmlns:xccdf-1.2=\"http://checklists.nist.gov/xccdf/1.2\" id=\"xccdf_content-disa-delta_tailoring_default\">\n-  <xccdf-1.2:version time=\"2025-09-11T20:13:30\">1</xccdf-1.2:version>\n+  <xccdf-1.2:version time=\"2025-09-12T22:13:30\">1</xccdf-1.2:version>\n   <xccdf-1.2:Profile id=\"xccdf_org.ssgproject.content_profile_stig_delta_tailoring\" extends=\"xccdf_org.ssgproject.content_profile_stig\">\n     <xccdf-1.2:title override=\"true\">DISA STIG for Red Hat Enterprise Linux 8</xccdf-1.2:title>\n     <xccdf-1.2:description override=\"true\">This profile contains configuration checks that align to the\n DISA STIG for Red Hat Enterprise Linux 8 V2R4.\n \n In addition to being applicable to Red Hat Enterprise Linux 8, this\n configuration baseline is applicable to the operating system tier of\n"}]}]}]}]}]}