Hello community, here is the log from the commit of package permissions for openSUSE:Leap:15.2 checked in at 2020-03-20 05:52:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/permissions (Old) and /work/SRC/openSUSE:Leap:15.2/.permissions.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "permissions" Fri Mar 20 05:52:37 2020 rev:43 rq:782206 version:20181224 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/permissions/permissions.changes 2020-03-06 12:35:59.602564484 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.permissions.new.3160/permissions.changes 2020-03-20 05:52:49.224060045 +0100 @@ -1,0 +2,52 @@ +Mon Mar 02 13:16:29 UTC 2020 - [email protected] + +- run testsuite during package build +- Update to version 20181224: + * testsuite: adapt expected behavior to legacy branches + * adjust testsuite to post CVE-2020-8013 link handling + * testsuite: add option to not mount /proc + * do not follow symlinks that are the final path element: CVE-2020-8013, bsc#1163922 + * add a test for symlinked directories + * fix relative symlink handling + * regtest: fix the static PATH list which was missing /usr/bin + * regtest: also unshare the PID namespace to support /proc mounting + * Makefile: force remove upon clean target to prevent bogus errors + * regtest: by default automatically (re)build chkstat before testing + * regtest: add test for symlink targets + * regtest: make capability setting tests optional + * regtest: fix capability assertion helper logic + * regtests: add another test case that catches set*id or caps in world-writable sub-trees + * regtest: add another test that catches when privilege bits are set for special files + * regtest: add test case for user owned symlinks + * regtest: employ subuid and subgid feature in user namespace + * regtest: add another test case that covers unknown user/group config + * regtest: add another test that checks rejection of insecure mixed-owner paths + * regtest: add test that checks for rejection of world-writable paths + * regtest: add test for detection of unexpected parent directory ownership + * regtest: add further helper functions, allow access to main instance + * regtest: introduce some basic coloring support to improve readability + * regtest: sort imports, another piece of rationale + * regtest: add capability test case + * regtest: improve error flagging of test cases and introduce warnings + * regtest: support caps + * regtest: add a couple of command line parameter test cases + * regtest: add another test that checks whether the default profile works + * regtests: add tests for correct application of local profiles + * regtest: add further test cases that test correct profile application + * regtest: simplify test implementation and readability + * regtest: add helpers for permissions.d per package profiles + * regtest: support read-only bind mounts, also bind-mount permissions repo + * tests: introduce a regression test suite for chkstat + +------------------------------------------------------------------- +Fri Feb 28 13:52:12 UTC 2020 - [email protected] + +- Update to version 20181224: + * whitelist WMP (bsc#1161335) + * Makefile: allow to build test version programmatically + * chkstat: handle symlinks in final path elements correctly + * add .gitignore for chkstat binary + * faxq-helper: correct "secure" permission for trusted group (bsc#1157498) + * fix syntax of paranoid profile + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ permissions.spec ++++++ --- /var/tmp/diff_new_pack.rBEWE8/_old 2020-03-20 05:52:49.600060296 +0100 +++ /var/tmp/diff_new_pack.rBEWE8/_new 2020-03-20 05:52:49.600060296 +0100 @@ -26,6 +26,7 @@ Url: http://github.com/openSUSE/permissions Source: permissions-%{version}.tar.xz BuildRequires: libcap-devel +BuildRequires: python3 #!BuildIgnore: group(trusted) Requires(post): %fillup_prereq Requires(pre): group(trusted) @@ -45,6 +46,10 @@ %install %make_install fillupdir=%{_fillupdir} +%check +# we can't test with sanitizers in SLE15, compiler is too old for some of them +tests/regtest.py --skip-make + %post %{fillup_only -n security} # apply all potentially changed permissions ++++++ _service ++++++ --- /var/tmp/diff_new_pack.rBEWE8/_old 2020-03-20 05:52:49.620060309 +0100 +++ /var/tmp/diff_new_pack.rBEWE8/_new 2020-03-20 05:52:49.620060309 +0100 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/openSUSE/permissions.git</param> <param name="scm">git</param> - <param name="versionformat">%cd</param> + <param name="versionformat">20181224</param> <param name="changesgenerate">enable</param> <param name="revision">SLE-15-SP2</param> </service> @@ -10,5 +10,4 @@ <param name="file">*.tar</param> <param name="compression">xz</param> </service> - <service name="set_version" mode="disabled"/> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.rBEWE8/_old 2020-03-20 05:52:49.632060317 +0100 +++ /var/tmp/diff_new_pack.rBEWE8/_new 2020-03-20 05:52:49.632060317 +0100 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/openSUSE/permissions.git</param> - <param name="changesrevision">0ac750474b90d6b35e984c77806ac742ae887160</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">f6ac271477dacbad18f9ebc757825d7696162bfe</param></service></servicedata> \ No newline at end of file ++++++ permissions-20181224.tar.xz ++++++ ++++ 2336 lines of diff (skipped)
