commit yast2-security for openSUSE:Leap:15.2
Hello community,
here is the log from the commit of package yast2-security for
openSUSE:Leap:15.2 checked in at 2020-04-08 12:47:51
Comparing /work/SRC/openSUSE:Leap:15.2/yast2-security (Old)
and /work/SRC/openSUSE:Leap:15.2/.yast2-security.new.3248 (New)
Package is "yast2-security"
Wed Apr 8 12:47:51 2020 rev:31 rq:79 version:4.2.12
Changes:
--- /work/SRC/openSUSE:Leap:15.2/yast2-security/yast2-security.changes
2020-02-27 06:41:26.257601393 +0100
+++
/work/SRC/openSUSE:Leap:15.2/.yast2-security.new.3248/yast2-security.changes
2020-04-08 12:47:53.290327476 +0200
@@ -1,0 +2,7 @@
+Tue Mar 31 17:41:17 UTC 2020 - Knut Anderssen
+
+- Apply sysctl changes to the running system when the YaST sysctl
+ configuration file is modified (bsc#1167234)
+- 4.2.12
+
+---
Old:
yast2-security-4.2.11.tar.bz2
New:
yast2-security-4.2.12.tar.bz2
Other differences:
--
++ yast2-security.spec ++
--- /var/tmp/diff_new_pack.bwEJr4/_old 2020-04-08 12:47:53.678327671 +0200
+++ /var/tmp/diff_new_pack.bwEJr4/_new 2020-04-08 12:47:53.682327674 +0200
@@ -17,7 +17,7 @@
Name: yast2-security
-Version:4.2.11
+Version:4.2.12
Release:0
Summary:YaST2 - Security Configuration
License:GPL-2.0-only
++ yast2-security-4.2.11.tar.bz2 -> yast2-security-4.2.12.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-security-4.2.11/package/yast2-security.changes
new/yast2-security-4.2.12/package/yast2-security.changes
--- old/yast2-security-4.2.11/package/yast2-security.changes2020-02-21
10:22:33.0 +0100
+++ new/yast2-security-4.2.12/package/yast2-security.changes2020-04-02
16:38:52.0 +0200
@@ -1,4 +1,11 @@
---
+Tue Mar 31 17:41:17 UTC 2020 - Knut Anderssen
+
+- Apply sysctl changes to the running system when the YaST sysctl
+ configuration file is modified (bsc#1167234)
+- 4.2.12
+
+---
Mon Feb 3 16:02:35 CET 2020 - sch...@suse.de
- Using SysctlConfig class: Handle sysctl entries in different
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-security-4.2.11/package/yast2-security.spec
new/yast2-security-4.2.12/package/yast2-security.spec
--- old/yast2-security-4.2.11/package/yast2-security.spec 2020-02-21
10:22:33.0 +0100
+++ new/yast2-security-4.2.12/package/yast2-security.spec 2020-04-02
16:38:52.0 +0200
@@ -17,7 +17,7 @@
Name: yast2-security
-Version:4.2.11
+Version:4.2.12
Release:0
Group: System/YaST
License:GPL-2.0-only
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-security-4.2.11/src/modules/Security.rb
new/yast2-security-4.2.12/src/modules/Security.rb
--- old/yast2-security-4.2.11/src/modules/Security.rb 2020-02-21
10:22:33.0 +0100
+++ new/yast2-security-4.2.12/src/modules/Security.rb 2020-04-02
16:38:52.0 +0200
@@ -591,18 +591,9 @@
end
end
- if written && !sysctl_config.conflict?
-sysctl_config.save
- end
-
- # enable sysrq?
- sysrq = Integer(@Settings.fetch("kernel.sysrq", "0")) rescue nil
- if sysrq != nil
-SCR.Execute(
- path(".target.bash"),
- "echo #{sysrq} > /proc/sys/kernel/sysrq"
-)
- end
+ # In case of modified, always write the changes (bsc#1167234)
+ sysctl_config.save if written
+ written
end
# Write local PolicyKit configuration
@@ -620,8 +611,21 @@
end
end
-# Ensures that file permissions and PolicyKit privileges are applied
-def apply_new_settings
+# Apply sysctl settings from all the sysctl configuration files
+def apply_sysctl_changes
+ # Reports if there are conflict when the configuration is applied
+ sysctl_config.conflict?
+
+ Yast::Execute.on_target("/usr/sbin/sysctl", "--system")
+end
+
+# Ensures that sysctl changes, file permissions and PolicyKit privileges
+# are applied
+#
+# @param sysctl [Boolean] whether sysctl changes should be applied or not
+def apply_new_settings(sysctl: false)
+ # Apply sysctl changes to the running system (bsc#1167234)
+ apply_sysctl_changes if sysctl
# apply all current permissions as they are now
# (what SuSEconfig --module permissions would have done)
SCR.Execute(path(".target.bash"), "/usr/bin/chkstat --system")
@@ -707,12
commit yast2-security for openSUSE:Leap:15.2
Hello community,
here is the log from the commit of package yast2-security for
openSUSE:Leap:15.2 checked in at 2020-02-27 06:41:25
Comparing /work/SRC/openSUSE:Leap:15.2/yast2-security (Old)
and /work/SRC/openSUSE:Leap:15.2/.yast2-security.new.26092 (New)
Package is "yast2-security"
Thu Feb 27 06:41:25 2020 rev:30 rq:779097 version:4.2.11
Changes:
--- /work/SRC/openSUSE:Leap:15.2/yast2-security/yast2-security.changes
2020-02-04 17:54:37.844756922 +0100
+++
/work/SRC/openSUSE:Leap:15.2/.yast2-security.new.26092/yast2-security.changes
2020-02-27 06:41:26.257601393 +0100
@@ -1,0 +2,7 @@
+Mon Feb 3 16:02:35 CET 2020 - sch...@suse.de
+
+- Using SysctlConfig class: Handle sysctl entries in different
+ directories (bsc#1151649).
+- 4.2.11
+
+---
Old:
yast2-security-4.2.10.tar.bz2
New:
yast2-security-4.2.11.tar.bz2
Other differences:
--
++ yast2-security.spec ++
--- /var/tmp/diff_new_pack.QwIvhw/_old 2020-02-27 06:41:26.541601986 +0100
+++ /var/tmp/diff_new_pack.QwIvhw/_new 2020-02-27 06:41:26.541601986 +0100
@@ -17,7 +17,7 @@
Name: yast2-security
-Version:4.2.10
+Version:4.2.11
Release:0
Summary:YaST2 - Security Configuration
License:GPL-2.0-only
@@ -34,8 +34,8 @@
BuildRequires: yast2-pam
BuildRequires: rubygem(%{rb_default_ruby_abi}:rspec)
BuildRequires: rubygem(%{rb_default_ruby_abi}:yast-rake) >= 0.2.5
-# CFA::LoginDefsConfig
-BuildRequires: yast2 >= 4.2.39
+# CFA::SysctlConfig
+BuildRequires: yast2 >= 4.2.66
# Unfortunately we cannot move this to macros.yast,
# bcond within macros are ignored by osc/OBS.
%bcond_with yast_run_ci_tests
@@ -45,8 +45,8 @@
# new Pam.ycp API
Requires: yast2-pam >= 2.14.0
-# CFA::LoginDefsConfig
-Requires: yast2 >= 4.2.39
+# CFA::SysctlConfig
+Requires: yast2 >= 4.2.66
Requires: yast2-ruby-bindings >= 1.0.0
Provides: y2c_sec
++ yast2-security-4.2.10.tar.bz2 -> yast2-security-4.2.11.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-security-4.2.10/package/yast2-security.changes
new/yast2-security-4.2.11/package/yast2-security.changes
--- old/yast2-security-4.2.10/package/yast2-security.changes2020-01-23
14:16:01.0 +0100
+++ new/yast2-security-4.2.11/package/yast2-security.changes2020-02-21
10:22:33.0 +0100
@@ -1,4 +1,11 @@
---
+Mon Feb 3 16:02:35 CET 2020 - sch...@suse.de
+
+- Using SysctlConfig class: Handle sysctl entries in different
+ directories (bsc#1151649).
+- 4.2.11
+
+---
Thu Jan 23 13:04:04 UTC 2020 - Steffen Winterfeldt
- don't use /bin/systemctl compat symlink (bsc#1160890)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-security-4.2.10/package/yast2-security.spec
new/yast2-security-4.2.11/package/yast2-security.spec
--- old/yast2-security-4.2.10/package/yast2-security.spec 2020-01-23
14:16:01.0 +0100
+++ new/yast2-security-4.2.11/package/yast2-security.spec 2020-02-21
10:22:33.0 +0100
@@ -17,7 +17,7 @@
Name: yast2-security
-Version:4.2.10
+Version:4.2.11
Release:0
Group: System/YaST
License:GPL-2.0-only
@@ -34,8 +34,8 @@
BuildRequires: yast2-devtools >= 4.2.2
BuildRequires: rubygem(%{rb_default_ruby_abi}:yast-rake) >= 0.2.5
BuildRequires: rubygem(%{rb_default_ruby_abi}:rspec)
-# CFA::LoginDefsConfig
-BuildRequires: yast2 >= 4.2.39
+# CFA::SysctlConfig
+BuildRequires: yast2 >= 4.2.66
# Unfortunately we cannot move this to macros.yast,
# bcond within macros are ignored by osc/OBS.
%bcond_with yast_run_ci_tests
@@ -45,8 +45,8 @@
# new Pam.ycp API
Requires: yast2-pam >= 2.14.0
-# CFA::LoginDefsConfig
-Requires: yast2 >= 4.2.39
+# CFA::SysctlConfig
+Requires: yast2 >= 4.2.66
Requires: yast2-ruby-bindings >= 1.0.0
Provides: y2c_sec yast2-config-security
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-security-4.2.10/src/data/security/level1.yml
new/yast2-security-4.2.11/src/data/security/level1.yml
--- old/yast2-security-4.2.10/src/data/security/level1.yml 2020-01-23
14:16:01.0 +0100
+++ new/yast2-security-4.2.11/src/data/security/level1.yml 2020-02-21
10:22:33.0 +0100
@@ -34,6 +34,6 @@
USERDEL_POSTCMD: "/usr/sbin/userdel-post.local"
USERDEL_PRECMD: "/usr/sbin/userdel-pre.local"
commit yast2-security for openSUSE:Leap:15.2
Hello community,
here is the log from the commit of package yast2-security for
openSUSE:Leap:15.2 checked in at 2020-02-04 17:54:14
Comparing /work/SRC/openSUSE:Leap:15.2/yast2-security (Old)
and /work/SRC/openSUSE:Leap:15.2/.yast2-security.new.26092 (New)
Package is "yast2-security"
Tue Feb 4 17:54:14 2020 rev:29 rq:768908 version:4.2.10
Changes:
--- /work/SRC/openSUSE:Leap:15.2/yast2-security/yast2-security.changes
2020-01-17 11:58:57.536438503 +0100
+++
/work/SRC/openSUSE:Leap:15.2/.yast2-security.new.26092/yast2-security.changes
2020-02-04 17:54:37.844756922 +0100
@@ -1,0 +2,6 @@
+Thu Jan 23 13:04:04 UTC 2020 - Steffen Winterfeldt
+
+- don't use /bin/systemctl compat symlink (bsc#1160890)
+- 4.2.10
+
+---
Old:
yast2-security-4.2.9.tar.bz2
New:
yast2-security-4.2.10.tar.bz2
Other differences:
--
++ yast2-security.spec ++
--- /var/tmp/diff_new_pack.hkDrjv/_old 2020-02-04 17:54:38.304757200 +0100
+++ /var/tmp/diff_new_pack.hkDrjv/_new 2020-02-04 17:54:38.304757200 +0100
@@ -17,7 +17,7 @@
Name: yast2-security
-Version:4.2.9
+Version:4.2.10
Release:0
Summary:YaST2 - Security Configuration
License:GPL-2.0-only
++ yast2-security-4.2.9.tar.bz2 -> yast2-security-4.2.10.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-security-4.2.9/package/yast2-security.changes
new/yast2-security-4.2.10/package/yast2-security.changes
--- old/yast2-security-4.2.9/package/yast2-security.changes 2020-01-13
13:52:36.0 +0100
+++ new/yast2-security-4.2.10/package/yast2-security.changes2020-01-23
14:16:01.0 +0100
@@ -1,4 +1,10 @@
---
+Thu Jan 23 13:04:04 UTC 2020 - Steffen Winterfeldt
+
+- don't use /bin/systemctl compat symlink (bsc#1160890)
+- 4.2.10
+
+---
Mon Jan 13 12:22:00 UTC 2020 - Josef Reidinger
- convert old init.d to systemd (jsc#SLE-10976)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-security-4.2.9/package/yast2-security.spec
new/yast2-security-4.2.10/package/yast2-security.spec
--- old/yast2-security-4.2.9/package/yast2-security.spec2020-01-13
13:52:36.0 +0100
+++ new/yast2-security-4.2.10/package/yast2-security.spec 2020-01-23
14:16:01.0 +0100
@@ -17,7 +17,7 @@
Name: yast2-security
-Version:4.2.9
+Version:4.2.10
Release:0
Group: System/YaST
License:GPL-2.0-only
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-security-4.2.9/src/modules/Security.rb
new/yast2-security-4.2.10/src/modules/Security.rb
--- old/yast2-security-4.2.9/src/modules/Security.rb2020-01-13
13:52:36.0 +0100
+++ new/yast2-security-4.2.10/src/modules/Security.rb 2020-01-23
14:16:01.0 +0100
@@ -248,13 +248,13 @@
@sysctl_file = nil
@activation_mapping = {
-"DHCPD_RUN_CHROOTED" => "/bin/systemctl try-restart
dhcpd.service",
-"DHCPD_RUN_AS" => "/bin/systemctl try-restart
dhcpd.service",
+"DHCPD_RUN_CHROOTED" => "/usr/bin/systemctl try-restart
dhcpd.service",
+"DHCPD_RUN_AS" => "/usr/bin/systemctl try-restart
dhcpd.service",
# restart sendmail or postfix - whatever is installed
-"SMTPD_LISTEN_REMOTE" => "/bin/systemctl try-restart sendmail
postfix",
-"net.ipv4.tcp_syncookies" => "/bin/systemctl try-restart network",
-"net.ipv4.ip_forward" => "/bin/systemctl try-restart network",
-"net.ipv6.conf.all.forwarding" => "/bin/systemctl try-restart network"
+"SMTPD_LISTEN_REMOTE" => "/usr/bin/systemctl try-restart
sendmail postfix",
+"net.ipv4.tcp_syncookies" => "/usr/bin/systemctl try-restart
network",
+"net.ipv4.ip_forward" => "/usr/bin/systemctl try-restart
network",
+"net.ipv6.conf.all.forwarding" => "/usr/bin/systemctl try-restart
network"
}
@shadow_config = nil
commit yast2-security for openSUSE:Leap:15.2
Hello community,
here is the log from the commit of package yast2-security for
openSUSE:Leap:15.2 checked in at 2020-01-17 11:58:56
Comparing /work/SRC/openSUSE:Leap:15.2/yast2-security (Old)
and /work/SRC/openSUSE:Leap:15.2/.yast2-security.new.26092 (New)
Package is "yast2-security"
Fri Jan 17 11:58:56 2020 rev:28 rq:764553 version:4.2.9
Changes:
--- /work/SRC/openSUSE:Leap:15.2/yast2-security/yast2-security.changes
2020-01-15 16:32:22.448883604 +0100
+++
/work/SRC/openSUSE:Leap:15.2/.yast2-security.new.26092/yast2-security.changes
2020-01-17 11:58:57.536438503 +0100
@@ -1,0 +2,6 @@
+Mon Jan 13 12:22:00 UTC 2020 - Josef Reidinger
+
+- convert old init.d to systemd (jsc#SLE-10976)
+- 4.2.9
+
+---
Old:
yast2-security-4.2.8.tar.bz2
New:
yast2-security-4.2.9.tar.bz2
Other differences:
--
++ yast2-security.spec ++
--- /var/tmp/diff_new_pack.LEBV1D/_old 2020-01-17 11:58:57.884438656 +0100
+++ /var/tmp/diff_new_pack.LEBV1D/_new 2020-01-17 11:58:57.888438658 +0100
@@ -1,7 +1,7 @@
#
# spec file for package yast2-security
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: yast2-security
-Version:4.2.8
+Version:4.2.9
Release:0
Summary:YaST2 - Security Configuration
License:GPL-2.0-only
++ yast2-security-4.2.8.tar.bz2 -> yast2-security-4.2.9.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-security-4.2.8/package/yast2-security.changes
new/yast2-security-4.2.9/package/yast2-security.changes
--- old/yast2-security-4.2.8/package/yast2-security.changes 2019-12-12
15:23:51.0 +0100
+++ new/yast2-security-4.2.9/package/yast2-security.changes 2020-01-13
13:52:36.0 +0100
@@ -1,4 +1,10 @@
---
+Mon Jan 13 12:22:00 UTC 2020 - Josef Reidinger
+
+- convert old init.d to systemd (jsc#SLE-10976)
+- 4.2.9
+
+---
Thu Dec 12 12:01:35 CET 2019 - sch...@suse.de
- Added to rnc file: sys_gid_max, sys_gid_min, sys_uid_max,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-security-4.2.8/package/yast2-security.spec
new/yast2-security-4.2.9/package/yast2-security.spec
--- old/yast2-security-4.2.8/package/yast2-security.spec2019-12-12
15:23:51.0 +0100
+++ new/yast2-security-4.2.9/package/yast2-security.spec2020-01-13
13:52:36.0 +0100
@@ -17,7 +17,7 @@
Name: yast2-security
-Version:4.2.8
+Version:4.2.9
Release:0
Group: System/YaST
License:GPL-2.0-only
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-security-4.2.8/src/modules/Security.rb
new/yast2-security-4.2.9/src/modules/Security.rb
--- old/yast2-security-4.2.8/src/modules/Security.rb2019-12-12
15:23:51.0 +0100
+++ new/yast2-security-4.2.9/src/modules/Security.rb2020-01-13
13:52:36.0 +0100
@@ -248,14 +248,13 @@
@sysctl_file = nil
@activation_mapping = {
-"SYSLOG_ON_NO_ERROR" => "/etc/init.d/boot.clock start",
-"DHCPD_RUN_CHROOTED" => "/etc/init.d/dhcpd restart",
-"DHCPD_RUN_AS" => "/etc/init.d/dhcpd restart",
+"DHCPD_RUN_CHROOTED" => "/bin/systemctl try-restart
dhcpd.service",
+"DHCPD_RUN_AS" => "/bin/systemctl try-restart
dhcpd.service",
# restart sendmail or postfix - whatever is installed
-"SMTPD_LISTEN_REMOTE" => "(test -e /etc/init.d/sendmail &&
VERBOSE=false /usr/lib/sendmail.d/update && /etc/init.d/sendmail restart) ||
(test -e /etc/init.d/postfix && /usr/sbin/SuSEconfig.postfix &&
/etc/init.d/postfix restart)",
-"net.ipv4.tcp_syncookies" => "/etc/init.d/boot.ipconfig start",
-"net.ipv4.ip_forward" => "/etc/init.d/boot.ipconfig start",
-"net.ipv6.conf.all.forwarding" => "/etc/init.d/boot.ipconfig start"
+"SMTPD_LISTEN_REMOTE" => "/bin/systemctl try-restart sendmail
postfix",
+"net.ipv4.tcp_syncookies" => "/bin/systemctl try-restart network",
+"net.ipv4.ip_forward" => "/bin/systemctl try-restart network",
+"net.ipv6.conf.all.forwarding" =>
