Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2019-11-23 23:14:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.26869 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "permissions" Sat Nov 23 23:14:49 2019 rev:128 rq:749269 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-10-11 15:10:36.617209826 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.26869/permissions.changes 2019-11-23 23:14:54.078759179 +0100 @@ -1,0 +2,13 @@ +Mon Nov 18 09:52:14 UTC 2019 - [email protected] + +- Update to version 20191118: + * whitelist ksysguard network helper (bsc#1151190) + +------------------------------------------------------------------- +Tue Nov 12 12:45:12 UTC 2019 - [email protected] + +- Update to version 20191112: + * fix syntax of paranoid profile + * fix squid permissions (bsc#1093414, CVE-2019-3688) + +------------------------------------------------------------------- Old: ---- permissions-20190913.tar.xz New: ---- permissions-20191118.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ permissions.spec ++++++ --- /var/tmp/diff_new_pack.9o5cWI/_old 2019-11-23 23:14:54.614759236 +0100 +++ /var/tmp/diff_new_pack.9o5cWI/_new 2019-11-23 23:14:54.618759237 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,7 +16,7 @@ # -%define VERSION 20190913 +%define VERSION 20191118 Name: permissions Version: %{VERSION} @@ -25,7 +25,7 @@ # Maintained in github by the security team. License: GPL-2.0-or-later Group: Productivity/Security -Url: http://github.com/openSUSE/permissions +URL: http://github.com/openSUSE/permissions Source: permissions-%{version}.tar.xz Source1: fix_version.sh BuildRequires: libcap-devel @@ -88,7 +88,7 @@ %post config %{fillup_only -n security} # apply all potentially changed permissions -%{_bindir}/chkstat --system || exit 0 +%{_bindir}/chkstat --system || : %package -n chkstat Summary: SUSE Linux Default Permissions tool ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.9o5cWI/_old 2019-11-23 23:14:54.650759240 +0100 +++ /var/tmp/diff_new_pack.9o5cWI/_new 2019-11-23 23:14:54.650759240 +0100 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/openSUSE/permissions.git</param> - <param name="changesrevision">dae6a13e2ed283d181b99d4dc14bcd7d5c2b89d3</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">352142ec492b76beb495b46bc64f159af5635c8a</param></service></servicedata> \ No newline at end of file ++++++ permissions-20190913.tar.xz -> permissions-20191118.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20190913/profiles/permissions.easy new/permissions-20191118/profiles/permissions.easy --- old/permissions-20190913/profiles/permissions.easy 2019-09-13 11:54:23.000000000 +0200 +++ new/permissions-20191118/profiles/permissions.easy 2019-11-18 10:50:27.000000000 +0100 @@ -68,7 +68,7 @@ # squid changes from bnc#891268 /var/cache/squid/ squid:root 0750 /var/log/squid/ squid:root 0750 -/usr/sbin/pinger squid:root 0750 +/usr/sbin/pinger root:squid 0750 +capabilities cap_net_raw=ep /usr/sbin/basic_pam_auth root:shadow 2750 @@ -393,3 +393,7 @@ # nagios (bsc#1028975) /var/spool/nagios/ nagios:nagcmd 2775 + +# ksysguard network helper (bsc#1151190) +/usr/libexec/ksysguard/ksgrd_network_helper root:root 0755 + +capabilities cap_net_raw=ep diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20190913/profiles/permissions.paranoid new/permissions-20191118/profiles/permissions.paranoid --- old/permissions-20190913/profiles/permissions.paranoid 2019-09-13 11:54:23.000000000 +0200 +++ new/permissions-20191118/profiles/permissions.paranoid 2019-11-18 10:50:27.000000000 +0100 @@ -85,7 +85,7 @@ # /quid changes from bnc#891268 /var/cache/squid/ squid:root 0750 /var/log/squid/ squid:root 0750 -/usr/sbin/pinger squid:root 0750 +/usr/sbin/pinger root:squid 0750 /usr/sbin/basic_pam_auth root:shadow 0750 @@ -361,7 +361,7 @@ # gvfs (bsc#1065864) /usr/lib/gvfs/gvfsd-nfs root:root 0755 - + # icinga2 (bsc#1069410) /run/icinga2/cmd/ icinga:icingagmd 0750 @@ -397,3 +397,6 @@ # nagios (bsc#1028975) /var/spool/nagios/ nagios:nagcmd 0770 + +# ksysguard network helper (bsc#1151190) +/usr/libexec/ksysguard/ksgrd_network_helper root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20190913/profiles/permissions.secure new/permissions-20191118/profiles/permissions.secure --- old/permissions-20190913/profiles/permissions.secure 2019-09-13 11:54:23.000000000 +0200 +++ new/permissions-20191118/profiles/permissions.secure 2019-11-18 10:50:27.000000000 +0100 @@ -109,7 +109,7 @@ # squid changes from bnc#891268 /var/cache/squid/ squid:root 0750 /var/log/squid/ squid:root 0750 -/usr/sbin/pinger squid:root 0750 +/usr/sbin/pinger root:squid 0750 +capabilities cap_net_raw=ep /usr/sbin/basic_pam_auth root:shadow 2750 @@ -433,3 +433,7 @@ # nagios (bsc#1028975) /var/spool/nagios/ nagios:nagcmd 2775 + +# ksysguard network helper (bsc#1151190) +/usr/libexec/ksysguard/ksgrd_network_helper root:root 0755 + +capabilities cap_net_raw=ep
