commit yast2-security for openSUSE:Leap:15.2
Hello community, here is the log from the commit of package yast2-security for openSUSE:Leap:15.2 checked in at 2020-04-08 12:47:51 Comparing /work/SRC/openSUSE:Leap:15.2/yast2-security (Old) and /work/SRC/openSUSE:Leap:15.2/.yast2-security.new.3248 (New) Package is "yast2-security" Wed Apr 8 12:47:51 2020 rev:31 rq:79 version:4.2.12 Changes: --- /work/SRC/openSUSE:Leap:15.2/yast2-security/yast2-security.changes 2020-02-27 06:41:26.257601393 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.yast2-security.new.3248/yast2-security.changes 2020-04-08 12:47:53.290327476 +0200 @@ -1,0 +2,7 @@ +Tue Mar 31 17:41:17 UTC 2020 - Knut Anderssen + +- Apply sysctl changes to the running system when the YaST sysctl + configuration file is modified (bsc#1167234) +- 4.2.12 + +--- Old: yast2-security-4.2.11.tar.bz2 New: yast2-security-4.2.12.tar.bz2 Other differences: -- ++ yast2-security.spec ++ --- /var/tmp/diff_new_pack.bwEJr4/_old 2020-04-08 12:47:53.678327671 +0200 +++ /var/tmp/diff_new_pack.bwEJr4/_new 2020-04-08 12:47:53.682327674 +0200 @@ -17,7 +17,7 @@ Name: yast2-security -Version:4.2.11 +Version:4.2.12 Release:0 Summary:YaST2 - Security Configuration License:GPL-2.0-only ++ yast2-security-4.2.11.tar.bz2 -> yast2-security-4.2.12.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-4.2.11/package/yast2-security.changes new/yast2-security-4.2.12/package/yast2-security.changes --- old/yast2-security-4.2.11/package/yast2-security.changes2020-02-21 10:22:33.0 +0100 +++ new/yast2-security-4.2.12/package/yast2-security.changes2020-04-02 16:38:52.0 +0200 @@ -1,4 +1,11 @@ --- +Tue Mar 31 17:41:17 UTC 2020 - Knut Anderssen + +- Apply sysctl changes to the running system when the YaST sysctl + configuration file is modified (bsc#1167234) +- 4.2.12 + +--- Mon Feb 3 16:02:35 CET 2020 - sch...@suse.de - Using SysctlConfig class: Handle sysctl entries in different diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-4.2.11/package/yast2-security.spec new/yast2-security-4.2.12/package/yast2-security.spec --- old/yast2-security-4.2.11/package/yast2-security.spec 2020-02-21 10:22:33.0 +0100 +++ new/yast2-security-4.2.12/package/yast2-security.spec 2020-04-02 16:38:52.0 +0200 @@ -17,7 +17,7 @@ Name: yast2-security -Version:4.2.11 +Version:4.2.12 Release:0 Group: System/YaST License:GPL-2.0-only diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-4.2.11/src/modules/Security.rb new/yast2-security-4.2.12/src/modules/Security.rb --- old/yast2-security-4.2.11/src/modules/Security.rb 2020-02-21 10:22:33.0 +0100 +++ new/yast2-security-4.2.12/src/modules/Security.rb 2020-04-02 16:38:52.0 +0200 @@ -591,18 +591,9 @@ end end - if written && !sysctl_config.conflict? -sysctl_config.save - end - - # enable sysrq? - sysrq = Integer(@Settings.fetch("kernel.sysrq", "0")) rescue nil - if sysrq != nil -SCR.Execute( - path(".target.bash"), - "echo #{sysrq} > /proc/sys/kernel/sysrq" -) - end + # In case of modified, always write the changes (bsc#1167234) + sysctl_config.save if written + written end # Write local PolicyKit configuration @@ -620,8 +611,21 @@ end end -# Ensures that file permissions and PolicyKit privileges are applied -def apply_new_settings +# Apply sysctl settings from all the sysctl configuration files +def apply_sysctl_changes + # Reports if there are conflict when the configuration is applied + sysctl_config.conflict? + + Yast::Execute.on_target("/usr/sbin/sysctl", "--system") +end + +# Ensures that sysctl changes, file permissions and PolicyKit privileges +# are applied +# +# @param sysctl [Boolean] whether sysctl changes should be applied or not +def apply_new_settings(sysctl: false) + # Apply sysctl changes to the running system (bsc#1167234) + apply_sysctl_changes if sysctl # apply all current permissions as they are now # (what SuSEconfig --module permissions would have done) SCR.Execute(path(".target.bash"), "/usr/bin/chkstat --system") @@ -707,12
commit yast2-security for openSUSE:Leap:15.2
Hello community, here is the log from the commit of package yast2-security for openSUSE:Leap:15.2 checked in at 2020-02-27 06:41:25 Comparing /work/SRC/openSUSE:Leap:15.2/yast2-security (Old) and /work/SRC/openSUSE:Leap:15.2/.yast2-security.new.26092 (New) Package is "yast2-security" Thu Feb 27 06:41:25 2020 rev:30 rq:779097 version:4.2.11 Changes: --- /work/SRC/openSUSE:Leap:15.2/yast2-security/yast2-security.changes 2020-02-04 17:54:37.844756922 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.yast2-security.new.26092/yast2-security.changes 2020-02-27 06:41:26.257601393 +0100 @@ -1,0 +2,7 @@ +Mon Feb 3 16:02:35 CET 2020 - sch...@suse.de + +- Using SysctlConfig class: Handle sysctl entries in different + directories (bsc#1151649). +- 4.2.11 + +--- Old: yast2-security-4.2.10.tar.bz2 New: yast2-security-4.2.11.tar.bz2 Other differences: -- ++ yast2-security.spec ++ --- /var/tmp/diff_new_pack.QwIvhw/_old 2020-02-27 06:41:26.541601986 +0100 +++ /var/tmp/diff_new_pack.QwIvhw/_new 2020-02-27 06:41:26.541601986 +0100 @@ -17,7 +17,7 @@ Name: yast2-security -Version:4.2.10 +Version:4.2.11 Release:0 Summary:YaST2 - Security Configuration License:GPL-2.0-only @@ -34,8 +34,8 @@ BuildRequires: yast2-pam BuildRequires: rubygem(%{rb_default_ruby_abi}:rspec) BuildRequires: rubygem(%{rb_default_ruby_abi}:yast-rake) >= 0.2.5 -# CFA::LoginDefsConfig -BuildRequires: yast2 >= 4.2.39 +# CFA::SysctlConfig +BuildRequires: yast2 >= 4.2.66 # Unfortunately we cannot move this to macros.yast, # bcond within macros are ignored by osc/OBS. %bcond_with yast_run_ci_tests @@ -45,8 +45,8 @@ # new Pam.ycp API Requires: yast2-pam >= 2.14.0 -# CFA::LoginDefsConfig -Requires: yast2 >= 4.2.39 +# CFA::SysctlConfig +Requires: yast2 >= 4.2.66 Requires: yast2-ruby-bindings >= 1.0.0 Provides: y2c_sec ++ yast2-security-4.2.10.tar.bz2 -> yast2-security-4.2.11.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-4.2.10/package/yast2-security.changes new/yast2-security-4.2.11/package/yast2-security.changes --- old/yast2-security-4.2.10/package/yast2-security.changes2020-01-23 14:16:01.0 +0100 +++ new/yast2-security-4.2.11/package/yast2-security.changes2020-02-21 10:22:33.0 +0100 @@ -1,4 +1,11 @@ --- +Mon Feb 3 16:02:35 CET 2020 - sch...@suse.de + +- Using SysctlConfig class: Handle sysctl entries in different + directories (bsc#1151649). +- 4.2.11 + +--- Thu Jan 23 13:04:04 UTC 2020 - Steffen Winterfeldt - don't use /bin/systemctl compat symlink (bsc#1160890) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-4.2.10/package/yast2-security.spec new/yast2-security-4.2.11/package/yast2-security.spec --- old/yast2-security-4.2.10/package/yast2-security.spec 2020-01-23 14:16:01.0 +0100 +++ new/yast2-security-4.2.11/package/yast2-security.spec 2020-02-21 10:22:33.0 +0100 @@ -17,7 +17,7 @@ Name: yast2-security -Version:4.2.10 +Version:4.2.11 Release:0 Group: System/YaST License:GPL-2.0-only @@ -34,8 +34,8 @@ BuildRequires: yast2-devtools >= 4.2.2 BuildRequires: rubygem(%{rb_default_ruby_abi}:yast-rake) >= 0.2.5 BuildRequires: rubygem(%{rb_default_ruby_abi}:rspec) -# CFA::LoginDefsConfig -BuildRequires: yast2 >= 4.2.39 +# CFA::SysctlConfig +BuildRequires: yast2 >= 4.2.66 # Unfortunately we cannot move this to macros.yast, # bcond within macros are ignored by osc/OBS. %bcond_with yast_run_ci_tests @@ -45,8 +45,8 @@ # new Pam.ycp API Requires: yast2-pam >= 2.14.0 -# CFA::LoginDefsConfig -Requires: yast2 >= 4.2.39 +# CFA::SysctlConfig +Requires: yast2 >= 4.2.66 Requires: yast2-ruby-bindings >= 1.0.0 Provides: y2c_sec yast2-config-security diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-4.2.10/src/data/security/level1.yml new/yast2-security-4.2.11/src/data/security/level1.yml --- old/yast2-security-4.2.10/src/data/security/level1.yml 2020-01-23 14:16:01.0 +0100 +++ new/yast2-security-4.2.11/src/data/security/level1.yml 2020-02-21 10:22:33.0 +0100 @@ -34,6 +34,6 @@ USERDEL_POSTCMD: "/usr/sbin/userdel-post.local" USERDEL_PRECMD: "/usr/sbin/userdel-pre.local"
commit yast2-security for openSUSE:Leap:15.2
Hello community, here is the log from the commit of package yast2-security for openSUSE:Leap:15.2 checked in at 2020-02-04 17:54:14 Comparing /work/SRC/openSUSE:Leap:15.2/yast2-security (Old) and /work/SRC/openSUSE:Leap:15.2/.yast2-security.new.26092 (New) Package is "yast2-security" Tue Feb 4 17:54:14 2020 rev:29 rq:768908 version:4.2.10 Changes: --- /work/SRC/openSUSE:Leap:15.2/yast2-security/yast2-security.changes 2020-01-17 11:58:57.536438503 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.yast2-security.new.26092/yast2-security.changes 2020-02-04 17:54:37.844756922 +0100 @@ -1,0 +2,6 @@ +Thu Jan 23 13:04:04 UTC 2020 - Steffen Winterfeldt + +- don't use /bin/systemctl compat symlink (bsc#1160890) +- 4.2.10 + +--- Old: yast2-security-4.2.9.tar.bz2 New: yast2-security-4.2.10.tar.bz2 Other differences: -- ++ yast2-security.spec ++ --- /var/tmp/diff_new_pack.hkDrjv/_old 2020-02-04 17:54:38.304757200 +0100 +++ /var/tmp/diff_new_pack.hkDrjv/_new 2020-02-04 17:54:38.304757200 +0100 @@ -17,7 +17,7 @@ Name: yast2-security -Version:4.2.9 +Version:4.2.10 Release:0 Summary:YaST2 - Security Configuration License:GPL-2.0-only ++ yast2-security-4.2.9.tar.bz2 -> yast2-security-4.2.10.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-4.2.9/package/yast2-security.changes new/yast2-security-4.2.10/package/yast2-security.changes --- old/yast2-security-4.2.9/package/yast2-security.changes 2020-01-13 13:52:36.0 +0100 +++ new/yast2-security-4.2.10/package/yast2-security.changes2020-01-23 14:16:01.0 +0100 @@ -1,4 +1,10 @@ --- +Thu Jan 23 13:04:04 UTC 2020 - Steffen Winterfeldt + +- don't use /bin/systemctl compat symlink (bsc#1160890) +- 4.2.10 + +--- Mon Jan 13 12:22:00 UTC 2020 - Josef Reidinger - convert old init.d to systemd (jsc#SLE-10976) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-4.2.9/package/yast2-security.spec new/yast2-security-4.2.10/package/yast2-security.spec --- old/yast2-security-4.2.9/package/yast2-security.spec2020-01-13 13:52:36.0 +0100 +++ new/yast2-security-4.2.10/package/yast2-security.spec 2020-01-23 14:16:01.0 +0100 @@ -17,7 +17,7 @@ Name: yast2-security -Version:4.2.9 +Version:4.2.10 Release:0 Group: System/YaST License:GPL-2.0-only diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-4.2.9/src/modules/Security.rb new/yast2-security-4.2.10/src/modules/Security.rb --- old/yast2-security-4.2.9/src/modules/Security.rb2020-01-13 13:52:36.0 +0100 +++ new/yast2-security-4.2.10/src/modules/Security.rb 2020-01-23 14:16:01.0 +0100 @@ -248,13 +248,13 @@ @sysctl_file = nil @activation_mapping = { -"DHCPD_RUN_CHROOTED" => "/bin/systemctl try-restart dhcpd.service", -"DHCPD_RUN_AS" => "/bin/systemctl try-restart dhcpd.service", +"DHCPD_RUN_CHROOTED" => "/usr/bin/systemctl try-restart dhcpd.service", +"DHCPD_RUN_AS" => "/usr/bin/systemctl try-restart dhcpd.service", # restart sendmail or postfix - whatever is installed -"SMTPD_LISTEN_REMOTE" => "/bin/systemctl try-restart sendmail postfix", -"net.ipv4.tcp_syncookies" => "/bin/systemctl try-restart network", -"net.ipv4.ip_forward" => "/bin/systemctl try-restart network", -"net.ipv6.conf.all.forwarding" => "/bin/systemctl try-restart network" +"SMTPD_LISTEN_REMOTE" => "/usr/bin/systemctl try-restart sendmail postfix", +"net.ipv4.tcp_syncookies" => "/usr/bin/systemctl try-restart network", +"net.ipv4.ip_forward" => "/usr/bin/systemctl try-restart network", +"net.ipv6.conf.all.forwarding" => "/usr/bin/systemctl try-restart network" } @shadow_config = nil
commit yast2-security for openSUSE:Leap:15.2
Hello community, here is the log from the commit of package yast2-security for openSUSE:Leap:15.2 checked in at 2020-01-17 11:58:56 Comparing /work/SRC/openSUSE:Leap:15.2/yast2-security (Old) and /work/SRC/openSUSE:Leap:15.2/.yast2-security.new.26092 (New) Package is "yast2-security" Fri Jan 17 11:58:56 2020 rev:28 rq:764553 version:4.2.9 Changes: --- /work/SRC/openSUSE:Leap:15.2/yast2-security/yast2-security.changes 2020-01-15 16:32:22.448883604 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.yast2-security.new.26092/yast2-security.changes 2020-01-17 11:58:57.536438503 +0100 @@ -1,0 +2,6 @@ +Mon Jan 13 12:22:00 UTC 2020 - Josef Reidinger + +- convert old init.d to systemd (jsc#SLE-10976) +- 4.2.9 + +--- Old: yast2-security-4.2.8.tar.bz2 New: yast2-security-4.2.9.tar.bz2 Other differences: -- ++ yast2-security.spec ++ --- /var/tmp/diff_new_pack.LEBV1D/_old 2020-01-17 11:58:57.884438656 +0100 +++ /var/tmp/diff_new_pack.LEBV1D/_new 2020-01-17 11:58:57.888438658 +0100 @@ -1,7 +1,7 @@ # # spec file for package yast2-security # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: yast2-security -Version:4.2.8 +Version:4.2.9 Release:0 Summary:YaST2 - Security Configuration License:GPL-2.0-only ++ yast2-security-4.2.8.tar.bz2 -> yast2-security-4.2.9.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-4.2.8/package/yast2-security.changes new/yast2-security-4.2.9/package/yast2-security.changes --- old/yast2-security-4.2.8/package/yast2-security.changes 2019-12-12 15:23:51.0 +0100 +++ new/yast2-security-4.2.9/package/yast2-security.changes 2020-01-13 13:52:36.0 +0100 @@ -1,4 +1,10 @@ --- +Mon Jan 13 12:22:00 UTC 2020 - Josef Reidinger + +- convert old init.d to systemd (jsc#SLE-10976) +- 4.2.9 + +--- Thu Dec 12 12:01:35 CET 2019 - sch...@suse.de - Added to rnc file: sys_gid_max, sys_gid_min, sys_uid_max, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-4.2.8/package/yast2-security.spec new/yast2-security-4.2.9/package/yast2-security.spec --- old/yast2-security-4.2.8/package/yast2-security.spec2019-12-12 15:23:51.0 +0100 +++ new/yast2-security-4.2.9/package/yast2-security.spec2020-01-13 13:52:36.0 +0100 @@ -17,7 +17,7 @@ Name: yast2-security -Version:4.2.8 +Version:4.2.9 Release:0 Group: System/YaST License:GPL-2.0-only diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-4.2.8/src/modules/Security.rb new/yast2-security-4.2.9/src/modules/Security.rb --- old/yast2-security-4.2.8/src/modules/Security.rb2019-12-12 15:23:51.0 +0100 +++ new/yast2-security-4.2.9/src/modules/Security.rb2020-01-13 13:52:36.0 +0100 @@ -248,14 +248,13 @@ @sysctl_file = nil @activation_mapping = { -"SYSLOG_ON_NO_ERROR" => "/etc/init.d/boot.clock start", -"DHCPD_RUN_CHROOTED" => "/etc/init.d/dhcpd restart", -"DHCPD_RUN_AS" => "/etc/init.d/dhcpd restart", +"DHCPD_RUN_CHROOTED" => "/bin/systemctl try-restart dhcpd.service", +"DHCPD_RUN_AS" => "/bin/systemctl try-restart dhcpd.service", # restart sendmail or postfix - whatever is installed -"SMTPD_LISTEN_REMOTE" => "(test -e /etc/init.d/sendmail && VERBOSE=false /usr/lib/sendmail.d/update && /etc/init.d/sendmail restart) || (test -e /etc/init.d/postfix && /usr/sbin/SuSEconfig.postfix && /etc/init.d/postfix restart)", -"net.ipv4.tcp_syncookies" => "/etc/init.d/boot.ipconfig start", -"net.ipv4.ip_forward" => "/etc/init.d/boot.ipconfig start", -"net.ipv6.conf.all.forwarding" => "/etc/init.d/boot.ipconfig start" +"SMTPD_LISTEN_REMOTE" => "/bin/systemctl try-restart sendmail postfix", +"net.ipv4.tcp_syncookies" => "/bin/systemctl try-restart network", +"net.ipv4.ip_forward" => "/bin/systemctl try-restart network", +"net.ipv6.conf.all.forwarding" =>