Hello community, here is the log from the commit of package rpmlint for openSUSE:Factory checked in at 2018-10-12 13:08:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rpmlint (Old) and /work/SRC/openSUSE:Factory/.rpmlint.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rpmlint" Fri Oct 12 13:08:58 2018 rev:305 rq:640594 version:1.10 Changes: -------- --- /work/SRC/openSUSE:Factory/rpmlint/rpmlint.changes 2018-10-02 19:42:35.154127143 +0200 +++ /work/SRC/openSUSE:Factory/.rpmlint.new/rpmlint.changes 2018-10-12 13:08:58.667446407 +0200 @@ -1,0 +2,11 @@ +Mon Oct 08 11:06:11 UTC 2018 - [email protected] + +- Update to version master: + * security checks: add link to openSUSE wiki to error message details + +------------------------------------------------------------------- +Fri Oct 5 16:27:31 UTC 2018 - [email protected] + +- whitelist NetworkManager-fortisslvpn (bsc#1109938) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rpmlint-tests.spec ++++++ --- /var/tmp/diff_new_pack.UJLbA6/_old 2018-10-12 13:09:00.391443948 +0200 +++ /var/tmp/diff_new_pack.UJLbA6/_new 2018-10-12 13:09:00.395443943 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # icecream 0 ++++++ rpmlint.spec ++++++ --- /var/tmp/diff_new_pack.UJLbA6/_old 2018-10-12 13:09:00.407443925 +0200 +++ /var/tmp/diff_new_pack.UJLbA6/_new 2018-10-12 13:09:00.411443920 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.UJLbA6/_old 2018-10-12 13:09:00.491443805 +0200 +++ /var/tmp/diff_new_pack.UJLbA6/_new 2018-10-12 13:09:00.495443799 +0200 @@ -3,4 +3,4 @@ <param name="url">https://github.com/openSUSE/rpmlint-tests.git</param> <param name="changesrevision">88daa4ecc60c092a31c0d3839ef936ddc16503ff</param></service><service name="tar_scm"> <param name="url">https://github.com/openSUSE/rpmlint-checks.git</param> - <param name="changesrevision">4015553df03d74e0908c9f9acdb586c5dbfeb37c</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">c9793b1845fd3a6f9f7c84acd2ba0dc56cbb0d89</param></service></servicedata> \ No newline at end of file ++++++ config ++++++ --- /var/tmp/diff_new_pack.UJLbA6/_old 2018-10-12 13:09:00.531443748 +0200 +++ /var/tmp/diff_new_pack.UJLbA6/_new 2018-10-12 13:09:00.531443748 +0200 @@ -1065,7 +1065,9 @@ "xpra.conf", # iwd (bsc#1108037) "net.connman.iwd.service", - "iwd-dbus.conf" + "iwd-dbus.conf", + # NetworkManager-fortisslvpn (bsc#1109938) + "nm-fortisslvpn-service.conf" )) setOption("PAMModules.WhiteList", ( ++++++ rpmlint-checks-master.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-checks-master/CheckDBUSServices.py new/rpmlint-checks-master/CheckDBUSServices.py --- old/rpmlint-checks-master/CheckDBUSServices.py 2018-07-03 14:28:05.000000000 +0200 +++ new/rpmlint-checks-master/CheckDBUSServices.py 2018-10-08 13:04:59.000000000 +0200 @@ -52,5 +52,7 @@ 'suse-dbus-unauthorized-service', """The package installs a DBUS system service file. If the package is intended for inclusion in any SUSE product please open a bug -report to request review of the service by the security team.""", +report to request review of the service by the security team. Please +refer to https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs +for more information.""", ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-checks-master/CheckPAMModules.py new/rpmlint-checks-master/CheckPAMModules.py --- old/rpmlint-checks-master/CheckPAMModules.py 2018-07-03 14:28:05.000000000 +0200 +++ new/rpmlint-checks-master/CheckPAMModules.py 2018-10-08 13:04:59.000000000 +0200 @@ -45,5 +45,6 @@ 'suse-pam-unauthorized-module', """The package installs a PAM module. If the package is intended for inclusion in any SUSE product please open a bug -report to request review of the service by the security team.""", +report to request review of the service by the security team. +Please refer to https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs""";, ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-checks-master/CheckPolkitPrivs.py new/rpmlint-checks-master/CheckPolkitPrivs.py --- old/rpmlint-checks-master/CheckPolkitPrivs.py 2018-07-03 14:28:05.000000000 +0200 +++ new/rpmlint-checks-master/CheckPolkitPrivs.py 2018-10-08 13:04:59.000000000 +0200 @@ -146,24 +146,29 @@ check = PolkitCheck() +AUDIT_BUG_URL = "https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs"; + addDetails( 'polkit-unauthorized-file', """If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the -security team""", +security team. Please refer to {} for more information""".format(AUDIT_BUG_URL), 'polkit-unauthorized-privilege', """The package allows unprivileged users to carry out privileged operations without authentication. This could cause security problems if not done carefully. If the package is intended for inclusion in any SUSE product please open a bug report to request -review of the package by the security team""", +review of the package by the security team. Please refer to {} +for more information.""".format(AUDIT_BUG_URL), 'polkit-untracked-privilege', """The privilege is not listed in /etc/polkit-default-privs.* -which makes it harder for admins to find. If the package is intended -for inclusion in any SUSE product please open a bug report to -request review of the package by the security team""", +which makes it harder for admins to find. Furthermore polkit +authorization checks can easily introduce security issues. If the +package is intended for inclusion in any SUSE product please open +a bug report to request review of the package by the security team. +Please refer to {} for more information.""".format(AUDIT_BUG_URL), 'polkit-cant-acquire-privilege', """Usability can be improved by allowing users to acquire privileges diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rpmlint-checks-master/CheckSUIDPermissions.py new/rpmlint-checks-master/CheckSUIDPermissions.py --- old/rpmlint-checks-master/CheckSUIDPermissions.py 2018-07-03 14:28:05.000000000 +0200 +++ new/rpmlint-checks-master/CheckSUIDPermissions.py 2018-10-08 13:04:59.000000000 +0200 @@ -239,22 +239,26 @@ check = SUIDCheck() +AUDIT_BUG_URL = "https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs"; + addDetails( 'permissions-unauthorized-file', """If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the -security team""", +security team. Please refer to {} for more +information.""".format(AUDIT_BUG_URL), 'permissions-symlink', """permissions handling for symlinks is useless. Please contact [email protected] to remove the entry.""", [email protected] to remove the entry. Please refer to {} for more +information.""".format(AUDIT_BUG_URL), 'permissions-dir-without-slash', """the entry in the permissions file refers to a directory. Please contact [email protected] to append a slash to the entry in order to -avoid security problems.""", +avoid security problems. Please refer to {} for more information.""".format(AUDIT_BUG_URL), 'permissions-file-as-dir', """the entry in the permissions file refers to a directory but the package actually contains a file. Please contact [email protected] to -remove the slash.""", +remove the slash. Please refer to {} for more information.""".format(AUDIT_BUG_URL), 'permissions-incorrect', """please use the %attr macro to set the correct permissions.""", 'permissions-incorrect-owner', @@ -262,15 +266,17 @@ 'permissions-file-setuid-bit', """If the package is intended for inclusion in any SUSE product please open a bug report to request review of the program by the -security team""", +security team. Please refer to {} for more information.""".format(AUDIT_BUG_URL), 'permissions-directory-setuid-bit', """If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the -security team""", +security team. Please refer to {} for more +information.""".format(AUDIT_BUG_URL), 'permissions-world-writable', """If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the -security team""", +security team. Please refer to {} for more +information.""".format(AUDIT_BUG_URL), 'permissions-fscaps', """Packaging file capabilities is currently not supported. Please use normal permissions instead. You may contact the security team to
