commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-10-15 13:43:38
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.3486 (New)
Package is "permissions"
Thu Oct 15 13:43:38 2020 rev:145 rq:840211 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-10-04
17:30:10.952238434 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.3486/permissions.changes
2020-10-15 13:43:44.369137504 +0200
@@ -1,0 +2,7 @@
+Thu Oct 08 09:19:32 UTC 2020 - matthias.gerst...@suse.com
+
+- Update to version 20201008:
+ * cleanup now useless /usr/lib entries after move to /usr/libexec
(bsc#1171164)
+ * drop (f)ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)
+
+---
Old:
permissions-20200930.tar.xz
New:
permissions-20201008.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.Zp2ufh/_old 2020-10-15 13:43:45.077137781 +0200
+++ /var/tmp/diff_new_pack.Zp2ufh/_new 2020-10-15 13:43:45.081137782 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION_DATE 20200930
+%define VERSION_DATE 20201008
Name: permissions
Version:%{VERSION_DATE}.%{suse_version}
++ _servicedata ++
--- /var/tmp/diff_new_pack.Zp2ufh/_old 2020-10-15 13:43:45.121137798 +0200
+++ /var/tmp/diff_new_pack.Zp2ufh/_new 2020-10-15 13:43:45.125137799 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 95fac00b09c116dc9c3f07cbfb4f952700df59ce
\ No newline at end of file
+ 92eac1c845a2b647cc1aeb6c862fc6c93cc50b3d
\ No newline at end of file
++ permissions-20200930.tar.xz -> permissions-20201008.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200930/etc/permissions
new/permissions-20201008/etc/permissions
--- old/permissions-20200930/etc/permissions2020-09-30 10:39:10.0
+0200
+++ new/permissions-20201008/etc/permissions2020-10-08 11:17:56.0
+0200
@@ -86,7 +86,6 @@
/etc/sysconfig/network/providers/ root:root 700
# utempter
-/usr/lib/utempter/utempter root:utmp 2755
/usr/libexec/utempter/utempter root:utmp 2755
#
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200930/profiles/permissions.easy
new/permissions-20201008/profiles/permissions.easy
--- old/permissions-20200930/profiles/permissions.easy 2020-09-30
10:39:10.0 +0200
+++ new/permissions-20201008/profiles/permissions.easy 2020-10-08
11:17:56.0 +0200
@@ -81,7 +81,6 @@
/sbin/pccardctl root:trusted 4755
# libgnomesu (#75823, #175616)
-/usr/lib/libgnomesu/gnomesu-pam-backend root:root 4755
/usr/libexec/libgnomesu/gnomesu-pam-backend root:root 4755
#
@@ -89,8 +88,6 @@
#
/usr/bin/clockdiff root:root 0755
+capabilities cap_net_raw=p
-/usr/bin/ping root:root 0755
- +capabilities cap_net_raw=p
# mtr
/usr/sbin/mtr-packetroot:root 0755
+capabilities cap_net_raw=ep
@@ -109,7 +106,6 @@
#
# setuid needed on the text console to set the terminal content on ctrl-o
# #66112
-/usr/lib/mc/cons.saver root:root 4755
/usr/libexec/mc/cons.saver root:root 4755
@@ -132,21 +128,13 @@
#
# amanda
#
-/usr/lib/amanda/calcsizeroot:amanda 4750
/usr/libexec/amanda/calcsizeroot:amanda 4750
-/usr/lib/amanda/rundump root:amanda 4750
/usr/libexec/amanda/rundump root:amanda 4750
-/usr/lib/amanda/runtar root:amanda 4750
/usr/libexec/amanda/runtar root:amanda 4750
-/usr/lib/amanda/killpgrproot:amanda 4750
/usr/libexec/amanda/killpgrproot:amanda 4750
-/usr/lib/amanda/ambind root:amanda 4750
/usr/libexec/amanda/ambind root:amanda 4750
-/usr/lib/amanda/application/ambsdtarroot:amanda 4750
/usr/libexec/amanda/application/ambsdtarroot
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-10-04 17:30:04
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.4249 (New)
Package is "permissions"
Sun Oct 4 17:30:04 2020 rev:144 rq:838733 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-09-14
12:02:27.131571858 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.4249/permissions.changes
2020-10-04 17:30:10.952238434 +0200
@@ -1,0 +2,6 @@
+Wed Sep 30 09:26:44 UTC 2020 - matthias.gerst...@suse.com
+
+- Update to version 20200930:
+ * whitelist Xorg setuid-root wrapper (bsc#1175867)
+
+---
Old:
permissions-20200909.tar.xz
New:
permissions-20200930.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.okJUdt/_old 2020-10-04 17:30:11.712239162 +0200
+++ /var/tmp/diff_new_pack.okJUdt/_new 2020-10-04 17:30:11.712239162 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION_DATE 20200909
+%define VERSION_DATE 20200930
Name: permissions
Version:%{VERSION_DATE}.%{suse_version}
++ _servicedata ++
--- /var/tmp/diff_new_pack.okJUdt/_old 2020-10-04 17:30:11.776239224 +0200
+++ /var/tmp/diff_new_pack.okJUdt/_new 2020-10-04 17:30:11.776239224 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 26cac6fa0260d8c1f80c5d0c522f381d3bea
\ No newline at end of file
+ 95fac00b09c116dc9c3f07cbfb4f952700df59ce
\ No newline at end of file
++ permissions-20200909.tar.xz -> permissions-20200930.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200909/profiles/permissions.easy
new/permissions-20200930/profiles/permissions.easy
--- old/permissions-20200909/profiles/permissions.easy 2020-09-09
08:37:43.0 +0200
+++ new/permissions-20200930/profiles/permissions.easy 2020-09-30
10:39:10.0 +0200
@@ -366,3 +366,6 @@
# physlock (bsc#1175720, not suited for world access)
/usr/bin/physlock root:trusted 04750
+
+# xorg-x11-server (bsc#1175867)
+/usr/bin/Xorg.wrap root:root 4755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200909/profiles/permissions.paranoid
new/permissions-20200930/profiles/permissions.paranoid
--- old/permissions-20200909/profiles/permissions.paranoid 2020-09-09
08:37:43.0 +0200
+++ new/permissions-20200930/profiles/permissions.paranoid 2020-09-30
10:39:10.0 +0200
@@ -368,3 +368,6 @@
# physlock (bsc#1175720, not suited for world access)
/usr/bin/physlock root:root 0755
+
+# xorg-x11-server (bsc#1175867)
+/usr/bin/Xorg.wrap root:root 0755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200909/profiles/permissions.secure
new/permissions-20200930/profiles/permissions.secure
--- old/permissions-20200909/profiles/permissions.secure2020-09-09
08:37:43.0 +0200
+++ new/permissions-20200930/profiles/permissions.secure2020-09-30
10:39:10.0 +0200
@@ -404,3 +404,6 @@
# physlock (bsc#1175720, not suited for world access)
/usr/bin/physlock root:root 0755
+
+# xorg-x11-server (bsc#1175867)
+/usr/bin/Xorg.wrap root:root 4755
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-09-14 12:02:03
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.4249 (New)
Package is "permissions"
Mon Sep 14 12:02:03 2020 rev:143 rq:833221 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-09-08
22:55:21.647754496 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.4249/permissions.changes
2020-09-14 12:02:27.131571858 +0200
@@ -1,0 +2,6 @@
+Wed Sep 09 10:00:18 UTC 2020 - matthias.gerst...@suse.com
+
+- Update to version 20200909:
+ * screen: remove /run/uscreens covered by systemd-tmpfiles (bsc#1171879)
+
+---
Old:
permissions-20200904.tar.xz
New:
permissions-20200909.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.eLW3Cz/_old 2020-09-14 12:02:29.711574510 +0200
+++ /var/tmp/diff_new_pack.eLW3Cz/_new 2020-09-14 12:02:29.711574510 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION_DATE 20200904
+%define VERSION_DATE 20200909
Name: permissions
Version:%{VERSION_DATE}.%{suse_version}
++ _servicedata ++
--- /var/tmp/diff_new_pack.eLW3Cz/_old 2020-09-14 12:02:29.763574564 +0200
+++ /var/tmp/diff_new_pack.eLW3Cz/_new 2020-09-14 12:02:29.763574564 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 8a15e29e48acae7266010212096761ba54065fba
\ No newline at end of file
+ 26cac6fa0260d8c1f80c5d0c522f381d3bea
\ No newline at end of file
++ permissions-20200904.tar.xz -> permissions-20200909.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200904/profiles/permissions.easy
new/permissions-20200909/profiles/permissions.easy
--- old/permissions-20200904/profiles/permissions.easy 2020-09-04
12:48:56.0 +0200
+++ new/permissions-20200909/profiles/permissions.easy 2020-09-09
08:37:43.0 +0200
@@ -15,13 +15,6 @@
#
#
-# Directories
-#
-
-# for screen's session sockets:
-/run/uscreens/ root:root 1777
-
-#
# /etc
#
/etc/crontabroot:root 600
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200904/profiles/permissions.paranoid
new/permissions-20200909/profiles/permissions.paranoid
--- old/permissions-20200904/profiles/permissions.paranoid 2020-09-04
12:48:56.0 +0200
+++ new/permissions-20200909/profiles/permissions.paranoid 2020-09-09
08:37:43.0 +0200
@@ -32,13 +32,6 @@
# in your system.
#
-# Directories
-#
-# for screen's session sockets:
-/run/uscreens/ root:trusted 1775
-
-
-#
# /etc
#
/etc/crontabroot:root 600
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200904/profiles/permissions.secure
new/permissions-20200909/profiles/permissions.secure
--- old/permissions-20200904/profiles/permissions.secure2020-09-04
12:48:56.0 +0200
+++ new/permissions-20200909/profiles/permissions.secure2020-09-09
08:37:43.0 +0200
@@ -54,12 +54,6 @@
# in your system.
#
-# Directories
-#
-# for screen's session sockets:
-/run/uscreens/ root:root 1777
-
-#
# /etc
#
/etc/crontabroot:root 600
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-09-08 22:55:18
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.3399 (New)
Package is "permissions"
Tue Sep 8 22:55:18 2020 rev:142 rq:832056 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-08-31
16:47:25.108272046 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.3399/permissions.changes
2020-09-08 22:55:21.647754496 +0200
@@ -1,0 +2,7 @@
+Fri Sep 04 10:57:51 UTC 2020 - matthias.gerst...@suse.com
+
+- Update to version 20200904:
+ * Add /usr/libexec for cockpit-session as new path
+ * physlock: whitelist with tight restrictions (bsc#1175720)
+
+---
Old:
permissions-20200826.tar.xz
New:
permissions-20200904.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.ussFb6/_old 2020-09-08 22:55:22.479754912 +0200
+++ /var/tmp/diff_new_pack.ussFb6/_new 2020-09-08 22:55:22.483754915 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION_DATE 20200826
+%define VERSION_DATE 20200904
Name: permissions
Version:%{VERSION_DATE}.%{suse_version}
++ _servicedata ++
--- /var/tmp/diff_new_pack.ussFb6/_old 2020-09-08 22:55:22.535754940 +0200
+++ /var/tmp/diff_new_pack.ussFb6/_new 2020-09-08 22:55:22.539754942 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 4d0b7f3f806b4a5f39c61a90fa36de6c6bb6ed9a
\ No newline at end of file
+ 8a15e29e48acae7266010212096761ba54065fba
\ No newline at end of file
++ permissions-20200826.tar.xz -> permissions-20200904.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200826/profiles/permissions.easy
new/permissions-20200904/profiles/permissions.easy
--- old/permissions-20200826/profiles/permissions.easy 2020-08-26
14:32:45.0 +0200
+++ new/permissions-20200904/profiles/permissions.easy 2020-09-04
12:48:56.0 +0200
@@ -362,6 +362,7 @@
# setuid bit for cockpit (bsc#1169614)
/usr/lib/cockpit-session
root:cockpit-wsinstance 4750
+/usr/libexec/cockpit-session
root:cockpit-wsinstance 4750
# binary that launches texlive tools with group "mktex" (bsc#1171686)
/usr/lib/mktex/public root:mktex 2755
@@ -369,3 +370,6 @@
# enlightenment privileged desktop operations (bsc#1169238)
/usr/lib64/enlightenment/utils/enlightenment_system root:root 4755
+
+# physlock (bsc#1175720, not suited for world access)
+/usr/bin/physlock root:trusted 04750
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200826/profiles/permissions.paranoid
new/permissions-20200904/profiles/permissions.paranoid
--- old/permissions-20200826/profiles/permissions.paranoid 2020-08-26
14:32:45.0 +0200
+++ new/permissions-20200904/profiles/permissions.paranoid 2020-09-04
12:48:56.0 +0200
@@ -364,6 +364,7 @@
# setuid bit for cockpit (bsc#1169614)
/usr/lib/cockpit-session
root:cockpit-wsinstance 0750
+/usr/libexec/cockpit-session
root:cockpit-wsinstance 0750
# binary that launches texlive tools with group "mktex" (bsc#1171686)
/usr/lib/mktex/public root:mktex 0755
@@ -371,3 +372,6 @@
# enlightenment privileged desktop operations (bsc#1169238)
/usr/lib64/enlightenment/utils/enlightenment_system root:root 0755
+
+# physlock (bsc#1175720, not suited for world access)
+/usr/bin/physlock root:root 0755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200826/profiles/permissions.secure
new/permissions-20200904/profiles/permissions.secure
--- old/permissions-20200826/profiles/permissions.secure2020-08-26
14:32:45.0 +0200
+++ new/permissions-20200904/profiles/permissions.secure2020-09-04
12:48:56.0 +0200
@@ -399,6 +399,7 @@
# setuid bit for cockpit (bsc#1169614)
/usr/lib/cockpit-session
root:cockpit-wsinstance 4750
+/usr/libexec/cockpit-session
root:cockpit-wsinstance 4750
# binary that launches texlive tools with group "mktex" (bsc#1171686)
/usr/lib/mktex/public root:mktex 2755
@@ -406,3 +407,6 @@
# enlightenment pr
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-08-31 16:47:18
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.3399 (New)
Package is "permissions"
Mon Aug 31 16:47:18 2020 rev:141 rq:829800 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-08-17
12:00:02.310515648 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.3399/permissions.changes
2020-08-31 16:47:25.108272046 +0200
@@ -1,0 +2,11 @@
+Wed Aug 26 12:33:11 UTC 2020 - malte.kr...@suse.com
+
+- Update to version 20200826:
+ * mtr-packet: stop requiring dialout group
+ * etc/permissions: fix mtr permission
+ * list_permissions: improve output format
+ * list_permissions: support globbing in --path argument
+ * list_permissions: implement simplifications suggested in PR#92
+ * list_permissions: new tool for better path configuration overview
+
+---
Old:
permissions-20200811.tar.xz
New:
permissions-20200826.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.hrRaOF/_old 2020-08-31 16:47:25.980272468 +0200
+++ /var/tmp/diff_new_pack.hrRaOF/_new 2020-08-31 16:47:25.984272470 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION_DATE 20200811
+%define VERSION_DATE 20200826
Name: permissions
Version:%{VERSION_DATE}.%{suse_version}
++ _servicedata ++
--- /var/tmp/diff_new_pack.hrRaOF/_old 2020-08-31 16:47:26.024272490 +0200
+++ /var/tmp/diff_new_pack.hrRaOF/_new 2020-08-31 16:47:26.024272490 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- a42371988f74c07914cc681f29d8a85b1f043d27
\ No newline at end of file
+ 4d0b7f3f806b4a5f39c61a90fa36de6c6bb6ed9a
\ No newline at end of file
++ permissions-20200811.tar.xz -> permissions-20200826.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200811/profiles/permissions.easy
new/permissions-20200826/profiles/permissions.easy
--- old/permissions-20200811/profiles/permissions.easy 2020-08-11
13:56:21.0 +0200
+++ new/permissions-20200826/profiles/permissions.easy 2020-08-26
14:32:45.0 +0200
@@ -98,8 +98,8 @@
+capabilities cap_net_raw=p
/usr/bin/ping root:root 0755
+capabilities cap_net_raw=p
-# mtr is linked against ncurses. For dialout only.
-/usr/sbin/mtr root:dialout 0750
+# mtr
+/usr/sbin/mtr-packetroot:root 0755
+capabilities cap_net_raw=ep
# exim
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200811/profiles/permissions.paranoid
new/permissions-20200826/profiles/permissions.paranoid
--- old/permissions-20200811/profiles/permissions.paranoid 2020-08-11
13:56:21.0 +0200
+++ new/permissions-20200826/profiles/permissions.paranoid 2020-08-26
14:32:45.0 +0200
@@ -113,8 +113,8 @@
#
/usr/bin/clockdiff root:root 0755
/usr/bin/ping root:root 0755
-# mtr is linked against ncurses.
-/usr/sbin/mtr root:dialout 0750
+# mtr
+/usr/sbin/mtr-packetroot:root 0755
# exim
/usr/sbin/exim root:root 0755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200811/profiles/permissions.secure
new/permissions-20200826/profiles/permissions.secure
--- old/permissions-20200811/profiles/permissions.secure2020-08-11
13:56:21.0 +0200
+++ new/permissions-20200826/profiles/permissions.secure2020-08-26
14:32:45.0 +0200
@@ -139,8 +139,8 @@
+capabilities cap_net_raw=p
/usr/bin/ping root:root 0755
+capabilities cap_net_raw=p
-# mtr is linked against ncurses. no suid bit, for root only:
-/usr/sbin/mtr root:dialout 0750
+# mtr
+/usr/sbin/mtr-packetroot:root 0755
# exim
/usr/sbin/exim root:root 4755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200811/tools/list_permissions.py
new/permissions-20200826/tools/list_permissions
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-08-17 11:59:54
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.3399 (New)
Package is "permissions"
Mon Aug 17 11:59:54 2020 rev:140 rq:825923 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-07-30
09:55:43.799066906 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.3399/permissions.changes
2020-08-17 12:00:02.310515648 +0200
@@ -1,0 +2,7 @@
+Tue Aug 11 12:06:30 UTC 2020 - matthias.gerst...@suse.com
+
+- Update to version 20200811:
+ * regtest: support new getcap output format in libcap-2.42
+ * regtest: print individual test case errors to stderr
+
+---
Old:
permissions-20200727.tar.xz
New:
permissions-20200811.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.hJQGPw/_old 2020-08-17 12:00:03.522516324 +0200
+++ /var/tmp/diff_new_pack.hJQGPw/_new 2020-08-17 12:00:03.526516325 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION_DATE 20200727
+%define VERSION_DATE 20200811
Name: permissions
Version:%{VERSION_DATE}.%{suse_version}
++ _servicedata ++
--- /var/tmp/diff_new_pack.hJQGPw/_old 2020-08-17 12:00:03.574516353 +0200
+++ /var/tmp/diff_new_pack.hJQGPw/_new 2020-08-17 12:00:03.574516353 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 9cbf693925f263969f510e34bf03ee64abb06245
\ No newline at end of file
+ a42371988f74c07914cc681f29d8a85b1f043d27
\ No newline at end of file
++ permissions-20200727.tar.xz -> permissions-20200811.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200727/tests/regtest.py
new/permissions-20200811/tests/regtest.py
--- old/permissions-20200727/tests/regtest.py 2020-07-27 13:48:55.0
+0200
+++ new/permissions-20200811/tests/regtest.py 2020-08-11 13:56:21.0
+0200
@@ -694,7 +694,8 @@
if test.getNumErrors() != 0:
color_printer.setRed()
- print(test.getName(), "encountered",
test.getNumErrors(), "errors")
+ sys.stdout.flush()
+ print(test.getName(), "encountered",
test.getNumErrors(), "errors", file = sys.stderr)
if test.getNumWarnings() != 0:
color_printer.setYellow()
tests_warned += 1
@@ -1048,27 +1049,38 @@
shell = False,
)
- # getcap uses a '+' to indicate capability types, while
- # permissions uses '=', so adjust accordingly
- expected_caps = ','.join(caps).replace('=', '+')
+ expected_caps = ','.join(caps)
actual_caps = ""
- # output is something like "/path/to/file = cap_stuff+letters"
+ # until libcap-2.32 the output format looked like this:
+ #
+ # /usr/bin/ping = cap_net_raw+ep
+ #
+ # starting from libcap-2.42 it looks like this:
+ #
+ # /usr/bin/ping cap_net_raw=p
+ #
+ # see bsc#1175076 comment 2.
+ # So let's be agnostic to the output format.
+
for line in getcap_out.decode('utf8').splitlines():
- # be prudent about possible spaces or equals in paths,
- # even though it should never occur in our test
- # environment
- parts = line.split('=')
- if len(parts) < 2:
+ if not line.startswith(path):
continue
- cap_path = '='.join(parts[:-1]).strip()
- if cap_path != path:
- # not for our file
- continue
+ line = line[len(path):].strip()
+ parts = line.split()
- actual_caps = parts[-1].strip()
- break
+ if len(parts) == 2 and parts[0] == '=':
+ # the old output format:
+ # getcap uses a '+' to indicate capability
+ # types, while permissions uses '=', so adjust
+ # accordingly
+
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-07-30 09:55:40
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.3592 (New)
Package is "permissions"
Thu Jul 30 09:55:40 2020 rev:139 rq:822971 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-07-15
11:13:53.324935511 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.3592/permissions.changes
2020-07-30 09:55:43.799066906 +0200
@@ -1,0 +2,9 @@
+Mon Jul 27 12:18:04 UTC 2020 - matthias.gerst...@suse.com
+
+- Update to version 20200727:
+ * etc/permissions: remove static /var/spool/* dirs
+ * etc/permissions: remove outdated entries
+ * etc/permissions: remove unnecessary static dirs and devices
+ * screen: remove now unused /var/run/uscreens
+
+---
Old:
permissions-20200710.tar.xz
New:
permissions-20200727.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.rEoXNX/_old 2020-07-30 09:55:45.931067332 +0200
+++ /var/tmp/diff_new_pack.rEoXNX/_new 2020-07-30 09:55:45.935067333 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION_DATE 20200710
+%define VERSION_DATE 20200727
Name: permissions
Version:%{VERSION_DATE}.%{suse_version}
++ _servicedata ++
--- /var/tmp/diff_new_pack.rEoXNX/_old 2020-07-30 09:55:45.971067340 +0200
+++ /var/tmp/diff_new_pack.rEoXNX/_new 2020-07-30 09:55:45.971067340 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 8c1d3398d1f446ac3f27b293ab9d69ad73aaea6d
\ No newline at end of file
+ 9cbf693925f263969f510e34bf03ee64abb06245
\ No newline at end of file
++ permissions-20200710.tar.xz -> permissions-20200727.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200710/etc/permissions
new/permissions-20200727/etc/permissions
--- old/permissions-20200710/etc/permissions2020-07-10 11:44:15.0
+0200
+++ new/permissions-20200727/etc/permissions2020-07-27 13:48:55.0
+0200
@@ -38,35 +38,17 @@
# root directories:
#
-/ root:root 755
-/root/ root:root 700
/tmp/ root:root 1777
/tmp/.X11-unix/ root:root 1777
/tmp/.ICE-unix/ root:root 1777
-/dev/ root:root 755
-/bin/ root:root 755
-/sbin/ root:root 755
-/lib/ root:root 755
-/etc/ root:root 755
-/home/ root:root 755
-/boot/ root:root 755
-/opt/ root:root 755
-/usr/ root:root 755
#
# /var:
#
/var/tmp/ root:root 1777
-/var/log/ root:root 755
-/var/spool/ root:root 755
/var/spool/mqueue/ root:root 700
-/var/spool/news/news:news 775
-/var/spool/voice/ root:root 755
/var/spool/mail/root:root 1777
-/var/adm/ root:root 755
-/var/adm/backup/root:root 700
-/var/cache/ root:root 755
/var/run/nscd/socket root:root 666
/run/nscd/socket root:root 666
@@ -81,24 +63,10 @@
/run/utmp root:utmp 664
#
-# some device files
-#
-
-/dev/zero root:root 666
-/dev/null root:root 666
-/dev/full root:root
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-07-15 11:12:57
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.3060 (New)
Package is "permissions"
Wed Jul 15 11:12:57 2020 rev:138 rq:819968 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-06-24
15:47:30.992079239 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.3060/permissions.changes
2020-07-15 11:13:53.324935511 +0200
@@ -1,0 +2,41 @@
+Fri Jul 10 09:50:04 UTC 2020 - matthias.gerst...@suse.com
+
+- Update to version 20200710:
+ * Revert "etc/permissions: remove entries for bind-chrootenv". This
+currently conflicts with the way the CheckSUIDPermissions rpmlint-check is
+implemented.
+
+---
+Tue Jul 7 15:56:02 UTC 2020 - Callum Farmer
+
+- Removed dbus-libexec.patch: contained in upstream
+
+---
+Tue Jul 07 13:25:40 UTC 2020 - matthias.gerst...@suse.com
+
+- Update to version 20200624:
+ * rework permissions.local text (boo#1173221)
+ * dbus-1: adjust to new libexec dir location (bsc#1171164)
+ * permission profiles: reinstate kdesud for kde5
+ * etc/permissions: remove entries for bind-chrootenv
+ * etc/permissions: remove traceroute entry
+ * VirtualBox: remove outdated entry which is only a symlink any more
+ * /bin/su: remove path refering to symlink
+ * etc/permissions: remove legacy RPM directory entries
+ * /etc/permissions: remove outdated sudo directories
+ * singularity: remove outdated setuid-binary entries
+ * chromium: remove now unneeded chrome_sandbox entry (bsc#1163588)
+ * dbus-1: remove deprecated alternative paths
+ * PolicyKit: remove outdated entries last used in SLE-11
+ * pcp: remove no longer needed / conflicting entries
+ * gnats: remove entries for package removed from Factory
+ * kdelibs4: remove entries for package removed from Factory
+ * v4l-base: remove entries for package removed from Factory
+ * mailman: remove entries for package deleted from Factory
+ * gnome-pty-helper: remove dead entry no longer part of the vte package
+ * gnokii: remove entries for package no longer in Factory
+ * xawtv (v4l-conf): correct group ownership in easy profile
+ * systemd-journal: remove unnecessary profile entries
+ * thttp: make makeweb entry usable in the secure profile (bsc#1171580)
+
+---
Old:
dbus-libexec.patch
permissions-20200526.tar.xz
New:
permissions-20200710.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.V7av5q/_old 2020-07-15 11:13:56.784938935 +0200
+++ /var/tmp/diff_new_pack.V7av5q/_new 2020-07-15 11:13:56.784938935 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION_DATE 20200526
+%define VERSION_DATE 20200710
Name: permissions
Version:%{VERSION_DATE}.%{suse_version}
@@ -28,7 +28,6 @@
URL:http://github.com/openSUSE/permissions
Source: permissions-%{VERSION_DATE}.tar.xz
Source1:fix_version.sh
-Patch0: dbus-libexec.patch
BuildRequires: gcc-c++
BuildRequires: libcap-devel
BuildRequires: libcap-progs
@@ -41,7 +40,7 @@
Provides: aaa_base:%{_datadir}/permissions
%prep
-%autosetup -p1 -n permissions-%{VERSION_DATE}
+%autosetup -n permissions-%{VERSION_DATE}
%build
make %{?_smp_mflags} CFLAGS="-W -Wall %{optflags}" FSCAPS_DEFAULT_ENABLED=0
++ _servicedata ++
--- /var/tmp/diff_new_pack.V7av5q/_old 2020-07-15 11:13:56.816938967 +0200
+++ /var/tmp/diff_new_pack.V7av5q/_new 2020-07-15 11:13:56.816938967 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 19a5eb449122601ea1f4053b575028d1895fedbb
\ No newline at end of file
+ 8c1d3398d1f446ac3f27b293ab9d69ad73aaea6d
\ No newline at end of file
++ permissions-20200526.tar.xz -> permissions-20200710.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200526/etc/permissions
new/permissions-20200710/etc/permissions
--- old/permissions-20200526/etc/permissions2020-05-26 14:54:31.0
+0200
+++ new/permissions-20200710/etc/permissions2020-07-10 11:44:15.0
+0200
@@ -69,8 +69,6 @@
/var/cache/ root:root 755
/var/run/nscd/socket root:root 666
/run/nscd/socket root:root 666
-/var/run/sudo/
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-06-24 15:47:27
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.2956 (New)
Package is "permissions"
Wed Jun 24 15:47:27 2020 rev:137 rq:815295 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-06-11
14:41:13.444703391 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.2956/permissions.changes
2020-06-24 15:47:30.992079239 +0200
@@ -1,0 +2,8 @@
+Tue Jun 16 13:23:23 UTC 2020 - malte.kr...@suse.com
+
+- dbus-1: adjust to new libexec dir location (bsc#1171164). This is
+ temporarily done through the patch in dbus-libexec.patch because
+ we are not completely certain the stability of current git.
+- run chkstat test suite during RPM build
+
+---
New:
dbus-libexec.patch
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.zEw5jq/_old 2020-06-24 15:47:32.040083757 +0200
+++ /var/tmp/diff_new_pack.zEw5jq/_new 2020-06-24 15:47:32.044083772 +0200
@@ -28,17 +28,20 @@
URL:http://github.com/openSUSE/permissions
Source: permissions-%{VERSION_DATE}.tar.xz
Source1:fix_version.sh
+Patch0: dbus-libexec.patch
BuildRequires: gcc-c++
BuildRequires: libcap-devel
BuildRequires: libcap-progs
BuildRequires: tclap
+# test suite
+BuildRequires: python3-base
Requires: chkstat
Requires: permissions-config
Recommends: permissions-doc
Provides: aaa_base:%{_datadir}/permissions
%prep
-%setup -q -n permissions-%{VERSION_DATE}
+%autosetup -p1 -n permissions-%{VERSION_DATE}
%build
make %{?_smp_mflags} CFLAGS="-W -Wall %{optflags}" FSCAPS_DEFAULT_ENABLED=0
@@ -46,9 +49,8 @@
%install
%make_install fillupdir=%{_fillupdir}
-# regression tests disabled for the moment, needs adjustment for the new
/usr/share world
-#%check
-#tests/regtest.py
+%check
+tests/regtest.py --skip-make > /dev/null
%description
Permission settings of files and directories depending on the local
++ dbus-libexec.patch ++
Index: permissions-20200526/profiles/permissions.easy
===
--- permissions-20200526.orig/profiles/permissions.easy
+++ permissions-20200526/profiles/permissions.easy
@@ -267,6 +267,7 @@
/lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 4750
# dbus-1 in /usr #1056764)
/usr/lib/dbus-1/dbus-daemon-launch-helper root:messagebus 4750
+/usr/libexec/dbus-1/dbus-daemon-launch-helper root:messagebus 4750
/usr/lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 4750
# policycoreutils (#440596)
Index: permissions-20200526/profiles/permissions.paranoid
===
--- permissions-20200526.orig/profiles/permissions.paranoid
+++ permissions-20200526/profiles/permissions.paranoid
@@ -278,6 +278,7 @@
/lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 0750
# dbus-1 in /usr #1056764)
/usr/lib/dbus-1/dbus-daemon-launch-helper root:messagebus 0750
+/usr/libexec/dbus-1/dbus-daemon-launch-helper root:messagebus 0750
/usr/lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 0750
# policycoreutils (#440596)
Index: permissions-20200526/profiles/permissions.secure
===
--- permissions-20200526.orig/profiles/permissions.secure
+++ permissions-20200526/profiles/permissions.secure
@@ -308,6 +308,7 @@
/lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 4750
# dbus-1 in /usr #1056764)
/usr/lib/dbus-1/dbus-daemon-launch-helper root:messagebus 4750
+/usr/libexec/dbus-1/dbus-daemon-launch-helper root:messagebus 4750
/usr/lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 4750
# policycoreutils (#440596)
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-06-11 14:40:46
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.3606 (New)
Package is "permissions"
Thu Jun 11 14:40:46 2020 rev:136 rq:810755 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-05-29
21:35:33.506325063 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.3606/permissions.changes
2020-06-11 14:41:13.444703391 +0200
@@ -1,0 +2,6 @@
+Tue May 26 13:03:52 UTC 2020 - matthias.gerst...@suse.com
+
+- Update to version 20200526:
+ * profiles: add entries for enlightenment (bsc#1171686)
+
+---
Old:
permissions-20200520.tar.xz
New:
permissions-20200526.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.6r5ZUr/_old 2020-06-11 14:41:14.584706776 +0200
+++ /var/tmp/diff_new_pack.6r5ZUr/_new 2020-06-11 14:41:14.584706776 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION_DATE 20200520
+%define VERSION_DATE 20200526
Name: permissions
Version:%{VERSION_DATE}.%{suse_version}
++ _servicedata ++
--- /var/tmp/diff_new_pack.6r5ZUr/_old 2020-06-11 14:41:14.620706883 +0200
+++ /var/tmp/diff_new_pack.6r5ZUr/_new 2020-06-11 14:41:14.620706883 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- d6344d0fa65aa85c9da0c9a9df00f21a7ddc95b3
\ No newline at end of file
+ 19a5eb449122601ea1f4053b575028d1895fedbb
\ No newline at end of file
++ permissions-20200520.tar.xz -> permissions-20200526.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200520/profiles/permissions.easy
new/permissions-20200526/profiles/permissions.easy
--- old/permissions-20200520/profiles/permissions.easy 2020-05-20
10:39:07.0 +0200
+++ new/permissions-20200526/profiles/permissions.easy 2020-05-26
14:54:31.0 +0200
@@ -451,3 +451,6 @@
# binary that launches texlive tools with group "mktex" (bsc#1171686)
/usr/lib/mktex/public root:mktex 2755
/usr/libexec/mktex/public root:mktex 2755
+
+# enlightenment privileged desktop operations (bsc#1169238)
+/usr/lib64/enlightenment/utils/enlightenment_system root:root 4755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200520/profiles/permissions.paranoid
new/permissions-20200526/profiles/permissions.paranoid
--- old/permissions-20200520/profiles/permissions.paranoid 2020-05-20
10:39:07.0 +0200
+++ new/permissions-20200526/profiles/permissions.paranoid 2020-05-26
14:54:31.0 +0200
@@ -451,3 +451,6 @@
# binary that launches texlive tools with group "mktex" (bsc#1171686)
/usr/lib/mktex/public root:mktex 0755
/usr/libexec/mktex/public root:mktex 0755
+
+# enlightenment privileged desktop operations (bsc#1169238)
+/usr/lib64/enlightenment/utils/enlightenment_system root:root 0755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200520/profiles/permissions.secure
new/permissions-20200526/profiles/permissions.secure
--- old/permissions-20200520/profiles/permissions.secure2020-05-20
10:39:07.0 +0200
+++ new/permissions-20200526/profiles/permissions.secure2020-05-26
14:54:31.0 +0200
@@ -488,3 +488,6 @@
# binary that launches texlive tools with group "mktex" (bsc#1171686)
/usr/lib/mktex/public root:mktex 2755
/usr/libexec/mktex/public root:mktex 2755
+
+# enlightenment privileged desktop operations (bsc#1169238)
+/usr/lib64/enlightenment/utils/enlightenment_system root:root 4755
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-05-29 21:19:46
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.3606 (New)
Package is "permissions"
Fri May 29 21:19:46 2020 rev:135 rq:807568 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-05-12
22:25:31.175016360 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.3606/permissions.changes
2020-05-29 21:35:33.506325063 +0200
@@ -1,0 +2,34 @@
+Wed May 20 09:02:14 UTC 2020 - matthias.gerst...@suse.com
+
+- Update to version 20200520:
+ * permissions fixed profile: utempter: reinstate libexec compatibility entry
+
+---
+Tue May 19 09:14:38 UTC 2020 - matthias.gerst...@suse.com
+
+- Update to version 20200519:
+ * chkstat: fix sign conversion warnings on 32-bit architectures
+ * chkstat: allow simultaneous use of `--set` and `--system`
+ * regtest: adjust TestUnkownOwnership test to new warning output behaviour
+
+---
+Mon May 18 12:06:10 UTC 2020 - malte.kr...@suse.com
+
+- Update to version 20200518:
+ * whitelist texlive public binary (bsc#1171686)
+
+---
+Fri May 15 09:49:48 UTC 2020 - matthias.gerst...@suse.com
+
+- Update to version 20200514:
+ * fixed permissions: adjust to new libexec dir location (bsc#1171164)
+(affects utempter path)
+
+---
+Wed May 13 12:09:17 UTC 2020 - matthias.gerst...@suse.com
+
+- Update to version 20200513:
+ * major rewrite of the chkstat tool
+ * setuid bit for cockpit (bsc#1169614)
+
+---
Old:
permissions-20200506.tar.xz
New:
permissions-20200520.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.tekRUj/_old 2020-05-29 21:35:34.138326944 +0200
+++ /var/tmp/diff_new_pack.tekRUj/_new 2020-05-29 21:35:34.142326956 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION_DATE 20200506
+%define VERSION_DATE 20200520
Name: permissions
Version:%{VERSION_DATE}.%{suse_version}
@@ -31,6 +31,7 @@
BuildRequires: gcc-c++
BuildRequires: libcap-devel
BuildRequires: libcap-progs
+BuildRequires: tclap
Requires: chkstat
Requires: permissions-config
Recommends: permissions-doc
++ _servicedata ++
--- /var/tmp/diff_new_pack.tekRUj/_old 2020-05-29 21:35:34.178327063 +0200
+++ /var/tmp/diff_new_pack.tekRUj/_new 2020-05-29 21:35:34.178327063 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 8c6029212030ca9c4fc90a60ff26411acd64a565
\ No newline at end of file
+ d6344d0fa65aa85c9da0c9a9df00f21a7ddc95b3
\ No newline at end of file
++ permissions-20200506.tar.xz -> permissions-20200520.tar.xz ++
3745 lines of diff (skipped)
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-05-12 22:25:21
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.2738 (New)
Package is "permissions"
Tue May 12 22:25:21 2020 rev:134 rq:801106 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-03-30
22:50:52.947755978 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.2738/permissions.changes
2020-05-12 22:25:31.175016360 +0200
@@ -1,0 +2,7 @@
+Thu May 07 09:50:15 UTC 2020 - malte.kr...@suse.com
+
+- Update to version 20200506:
+ * add whitelist for files in /usr/lib to be also allowed in
+/usr/libexec (bsc#1171164)
+
+---
Old:
permissions-20200324.tar.xz
New:
permissions-20200506.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.svhQ1u/_old 2020-05-12 22:25:34.263022805 +0200
+++ /var/tmp/diff_new_pack.svhQ1u/_new 2020-05-12 22:25:34.263022805 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION_DATE 20200324
+%define VERSION_DATE 20200506
Name: permissions
Version:%{VERSION_DATE}.%{suse_version}
++ _servicedata ++
--- /var/tmp/diff_new_pack.svhQ1u/_old 2020-05-12 22:25:34.303022889 +0200
+++ /var/tmp/diff_new_pack.svhQ1u/_new 2020-05-12 22:25:34.303022889 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 5a8f6ce8743fba27666b634dda7a099e027b2edf
\ No newline at end of file
+ 8c6029212030ca9c4fc90a60ff26411acd64a565
\ No newline at end of file
++ permissions-20200324.tar.xz -> permissions-20200506.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200324/profiles/permissions.easy
new/permissions-20200506/profiles/permissions.easy
--- old/permissions-20200324/profiles/permissions.easy 2020-03-24
12:57:25.0 +0100
+++ new/permissions-20200506/profiles/permissions.easy 2020-05-06
13:37:10.0 +0200
@@ -112,6 +112,7 @@
# libgnomesu (#75823, #175616)
/usr/lib/libgnomesu/gnomesu-pam-backend root:root 4755
+/usr/libexec/libgnomesu/gnomesu-pam-backend root:root 4755
#
# networking (need root for the privileged socket)
@@ -143,6 +144,7 @@
# setuid needed on the text console to set the terminal content on ctrl-o
# #66112
/usr/lib/mc/cons.saver root:root 4755
+/usr/libexec/mc/cons.saver root:root 4755
#
@@ -179,13 +181,21 @@
# amanda
#
/usr/lib/amanda/calcsizeroot:amanda 4750
+/usr/libexec/amanda/calcsizeroot:amanda 4750
/usr/lib/amanda/rundump root:amanda 4750
+/usr/libexec/amanda/rundump root:amanda 4750
/usr/lib/amanda/runtar root:amanda 4750
+/usr/libexec/amanda/runtar root:amanda 4750
/usr/lib/amanda/killpgrproot:amanda 4750
+/usr/libexec/amanda/killpgrproot:amanda 4750
/usr/lib/amanda/ambind root:amanda 4750
+/usr/libexec/amanda/ambind root:amanda 4750
/usr/lib/amanda/application/ambsdtarroot:amanda 4750
+/usr/libexec/amanda/application/ambsdtarroot:amanda 4750
/usr/lib/amanda/application/amgtar root:amanda 4750
+/usr/libexec/amanda/application/amgtar root:amanda 4750
/usr/lib/amanda/application/amstar root:amanda 4750
+/usr/libexec/amanda/application/amstar root:amanda 4750
#
@@ -205,13 +215,17 @@
# for operation. (#67032, #594393)
#
/usr/lib/news/bin/rnews news:uucp 4550
+/usr/libexec/news/bin/rnews news:uucp 4550
/usr/lib/news/bin/inews news:news 2555
+/usr/libexec/news/bin/inews news:news 2555
/usr/lib/news/bin/innbind root:news 4550
+/usr/libexec/news/bin/innbind root:news 4550
#
# sendfax
#
/usr/lib/mgetty+sendfax/faxq-helper fax:root 4755
+/usr/libexec/mgetty+sendfax/faxq-helper fax:root 4755
/var/spool/f
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-03-30 22:50:49
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.3160 (New)
Package is "permissions"
Mon Mar 30 22:50:49 2020 rev:133 rq:787823 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-03-06
21:23:24.365419871 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new.3160/permissions.changes
2020-03-30 22:50:52.947755978 +0200
@@ -1,0 +2,15 @@
+Tue Mar 24 12:52:07 UTC 2020 - jseg...@suse.de
+
+- Update to version 20200324:
+ * whitelist s390-tools setgid bit on log directory (bsc#1167163)
+ * whitelist WMP (bsc#1161335)
+ * regtest: improve readability of path variables by using literals
+ * regtest: adjust test suite to new path locations in /usr/share/permissions
+ * regtest: only catch explicit FileNotFoundError
+ * regtest: provide valid home directory in /root
+ * regtest: mount permissions src repository in /usr/src/permissions
+ * regtest: move initialialization of TestBase paths into the prepare()
function
+ * chkstat: suppport new --config-root command line option
+ * fix spelling of icingacmd group
+
+---
Old:
permissions-20200228.tar.xz
New:
permissions-20200324.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.26hX2r/_old 2020-03-30 22:50:53.531756297 +0200
+++ /var/tmp/diff_new_pack.26hX2r/_new 2020-03-30 22:50:53.535756298 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION_DATE 20200228
+%define VERSION_DATE 20200324
Name: permissions
Version:%{VERSION_DATE}.%{suse_version}
++ _servicedata ++
--- /var/tmp/diff_new_pack.26hX2r/_old 2020-03-30 22:50:53.567756316 +0200
+++ /var/tmp/diff_new_pack.26hX2r/_new 2020-03-30 22:50:53.567756316 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- bfa5f7c7437b3fa939b0a88007e2d1cc6de605c9
\ No newline at end of file
+ 5a8f6ce8743fba27666b634dda7a099e027b2edf
\ No newline at end of file
++ permissions-20200228.tar.xz -> permissions-20200324.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200228/profiles/permissions.easy
new/permissions-20200324/profiles/permissions.easy
--- old/permissions-20200228/profiles/permissions.easy 2020-02-28
09:49:05.0 +0100
+++ new/permissions-20200324/profiles/permissions.easy 2020-03-24
12:57:25.0 +0100
@@ -351,7 +351,7 @@
+capabilities cap_net_bind_service=ep
# icinga2 (bsc#1069410)
-/run/icinga2/cmd/ icinga:icingagmd 2750
+/run/icinga2/cmd/ icinga:icingacmd 2750
# fping (bsc#1047921)
/usr/sbin/fpingroot:root
0755
@@ -397,3 +397,9 @@
# mariadb auth_pam_tool (bsc#1160285)
/usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_toolroot:root 4755
/usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool root:root 4755
+
+# Workload Memory Protection (bsc#1161335)
+/usr/lib/sapwmp/sapwmp-capture root:sapsys4750
+
+# s390-tools log directory for ts-shell (bsc#1167163)
+/var/log/ts-shell/ root:ts-shell 2770
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200228/profiles/permissions.paranoid
new/permissions-20200324/profiles/permissions.paranoid
--- old/permissions-20200228/profiles/permissions.paranoid 2020-02-28
09:49:05.0 +0100
+++ new/permissions-20200324/profiles/permissions.paranoid 2020-03-24
12:57:25.0 +0100
@@ -358,7 +358,7 @@
/usr/lib/gvfs/gvfsd-nfs root:root 0755
# icinga2 (bsc#1069410)
-/run/icinga2/cmd/ icinga:icingagmd 0750
+/run/icinga2/cmd/ icinga:icingacmd 0750
# fping (bsc#1047921)
/usr/sbin/fping root:root 0755
@@ -400,3 +400,9 @@
# mariadb auth_pam_tool (bsc#1160285)
/usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_toolroot:root 0755
/usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool root:root 0755
+
+# Workload Memory Protection (bsc#1161335)
+/usr/lib/sapwmp/sapwmp-capture root:sapsys0750
+
+# s390-tools log directory for ts-shell (bsc#1167163)
+/var/log/ts-shell/ root:ts
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-03-06 21:23:21
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.26092 (New)
Package is "permissions"
Fri Mar 6 21:23:21 2020 rev:132 rq:780979 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-02-21
16:40:25.925802159 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new.26092/permissions.changes
2020-03-06 21:23:24.365419871 +0100
@@ -1,0 +2,55 @@
+Fri Feb 28 12:00:44 UTC 2020 - malte.kr...@suse.com
+
+- Update to version 20200228:
+ * chkstat: fix readline() on platforms with unsigned char
+
+---
+Thu Feb 27 12:29:29 UTC 2020 - malte.kr...@suse.com
+
+- Update to version 20200227:
+ * remove capability whitelisting for radosgw
+ * whitelist ceph log directory (bsc#1150366)
+ * adjust testsuite to post CVE-2020-8013 link handling
+ * testsuite: add option to not mount /proc
+ * do not follow symlinks that are the final path element: CVE-2020-8013
+ * add a test for symlinked directories
+ * fix relative symlink handling
+ * include cpp compat headers, not C headers
+ * Move permissions and permissions.* except .local to /usr/share/permissions
+ * regtest: fix the static PATH list which was missing /usr/bin
+ * regtest: also unshare the PID namespace to support /proc mounting
+ * regtest: bindMount(): explicitly reject read-only recursive mounts
+ * Makefile: force remove upon clean target to prevent bogus errors
+ * regtest: by default automatically (re)build chkstat before testing
+ * regtest: add test for symlink targets
+ * regtest: make capability setting tests optional
+ * regtest: fix capability assertion helper logic
+ * regtests: add another test case that catches set*id or caps in
world-writable sub-trees
+ * regtest: add another test that catches when privilege bits are set for
special files
+ * regtest: add test case for user owned symlinks
+ * regtest: employ subuid and subgid feature in user namespace
+ * regtest: add another test case that covers unknown user/group config
+ * regtest: add another test that checks rejection of insecure mixed-owner
paths
+ * regtest: add test that checks for rejection of world-writable paths
+ * regtest: add test for detection of unexpected parent directory ownership
+ * regtest: add further helper functions, allow access to main instance
+ * regtest: introduce some basic coloring support to improve readability
+ * regtest: sort imports, another piece of rationale
+ * regtest: add capability test case
+ * regtest: improve error flagging of test cases and introduce warnings
+ * regtest: support caps
+ * regtest: add a couple of command line parameter test cases
+ * regtest: add another test that checks whether the default profile works
+ * regtests: add tests for correct application of local profiles
+ * regtest: add further test cases that test correct profile application
+ * regtest: simplify test implementation and readability
+ * regtest: add helpers for permissions.d per package profiles
+ * regtest: support read-only bind mounts, also bind-mount permissions repo
+ * tests: introduce a regression test suite for chkstat
+ * Makefile: allow to build test version programmatically
+ * README.md: add basic readme file that explains the repository's purpose
+ * chkstat: change and harmonize coding style
+ * chkstat: switch to C++ compilation unit
+- add suse_version to end of permissions package version
+
+---
Old:
permissions-20200213.tar.xz
New:
permissions-20200228.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.Us6QpT/_old 2020-03-06 21:23:24.849420138 +0100
+++ /var/tmp/diff_new_pack.Us6QpT/_new 2020-03-06 21:23:24.853420141 +0100
@@ -16,26 +16,28 @@
#
-%define VERSION 20200213
+%define VERSION_DATE 20200228
Name: permissions
-Version:%{VERSION}
+Version:%{VERSION_DATE}.%{suse_version}
Release:0
Summary:SUSE Linux Default Permissions
# Maintained in github by the security team.
License:GPL-2.0-or-later
Group: Productivity/Security
URL:http://github.com/openSUSE/permissions
-Source: permissions-%{version}.tar.xz
+Source: permissions-%{VERSION_DATE}.tar.xz
Source1:fix_version.sh
+BuildRequires: gcc-c++
BuildRequires: libcap-devel
+BuildRequires: libcap-progs
Requires: chkstat
Requires: permissions-config
Recommends: permissions-doc
-P
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-02-21 16:39:57
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.26092 (New)
Package is "permissions"
Fri Feb 21 16:39:57 2020 rev:131 rq:774158 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-02-13
10:10:56.484319996 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new.26092/permissions.changes
2020-02-21 16:40:25.925802159 +0100
@@ -1,0 +2,9 @@
+Thu Feb 13 12:10:41 UTC 2020 - malte.kr...@suse.com
+
+- Update to version 20200213:
+ * remove obsolete/broken entries for rcp/rsh/rlogin
+ * chkstat: handle symlinks in final path elements correctly
+ * Revert "Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)""
+ * Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)"
+
+---
Old:
permissions-20200204.tar.xz
New:
permissions-20200213.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.ab2Abo/_old 2020-02-21 16:40:26.481803270 +0100
+++ /var/tmp/diff_new_pack.ab2Abo/_new 2020-02-21 16:40:26.485803279 +0100
@@ -1,7 +1,7 @@
#
# spec file for package permissions
#
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,7 +16,7 @@
#
-%define VERSION 20200204
+%define VERSION 20200213
Name: permissions
Version:%{VERSION}
++ _servicedata ++
--- /var/tmp/diff_new_pack.ab2Abo/_old 2020-02-21 16:40:26.513803334 +0100
+++ /var/tmp/diff_new_pack.ab2Abo/_new 2020-02-21 16:40:26.513803334 +0100
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 402e7433e5b8114ea2e591ed6a8eadca8936127d
\ No newline at end of file
+ 8676fc316fb0b9eb56ad9d354b8cafb8b1f2f258
\ No newline at end of file
++ permissions-20200204.tar.xz -> permissions-20200213.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200204/profiles/permissions.easy
new/permissions-20200213/profiles/permissions.easy
--- old/permissions-20200204/profiles/permissions.easy 2020-02-04
13:19:11.0 +0100
+++ new/permissions-20200213/profiles/permissions.easy 2020-02-13
13:07:21.0 +0100
@@ -122,9 +122,6 @@
# mtr is linked against ncurses. For dialout only.
/usr/sbin/mtr root:dialout 0750
+capabilities cap_net_raw=ep
-/usr/bin/rcproot:root 4755
-/usr/bin/rlogin root:root 4755
-/usr/bin/rshroot:root 4755
# exim
/usr/sbin/exim root:root 4755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200204/profiles/permissions.paranoid
new/permissions-20200213/profiles/permissions.paranoid
--- old/permissions-20200204/profiles/permissions.paranoid 2020-02-04
13:19:11.0 +0100
+++ new/permissions-20200213/profiles/permissions.paranoid 2020-02-13
13:07:21.0 +0100
@@ -135,9 +135,6 @@
/usr/bin/ping root:root 0755
# mtr is linked against ncurses.
/usr/sbin/mtr root:dialout 0750
-/usr/bin/rcproot:root 0755
-/usr/bin/rlogin root:root 0755
-/usr/bin/rshroot:root 0755
# exim
/usr/sbin/exim root:root 0755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20200204/profiles/permissions.secure
new/permissions-20200213/profiles/permissions.secure
--- old/permissions-20200204/profiles/permissions.secure2020-02-04
13:19:11.0 +0100
+++ new/permissions-20200213/profiles/permissions.secure2020-02-13
13:07:21.0 +0100
@@ -162,9 +162,6 @@
+capabilities cap_net_raw=p
# mtr is linked against ncurses. no suid bit, for root only:
/usr/sbin/mtr root:dialout 0750
-/usr/bin/rcproot:root 4755
-/usr/bin/rlogin
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-02-13 10:10:50
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.26092 (New)
Package is "permissions"
Thu Feb 13 10:10:50 2020 rev:130 rq:769971 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-12-07
15:13:59.239807746 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new.26092/permissions.changes
2020-02-13 10:10:56.484319996 +0100
@@ -1,0 +2,17 @@
+Tue Feb 04 12:20:43 UTC 2020 - matthias.gerst...@suse.com
+
+- Update to version 20200204:
+ * mariadb: settings for new auth_pam_tool (bsc#1160285)
+ * chkstat:
+- add read-only fallback when /proc is not mounted (bsc#1160764)
+- capability handling fixes (bsc#1161779)
+- better error message when refusing to fix dir perms (#32)
+
+---
+Mon Jan 27 11:58:17 UTC 2020 - malte.kr...@suse.com
+
+- Update to version 20200127:
+ * fix paths of ksysguard whitelisting
+ * fix zero-termination of error message for overly long paths
+
+---
Old:
permissions-20191205.tar.xz
New:
permissions-20200204.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.08lMlz/_old 2020-02-13 10:10:57.008320300 +0100
+++ /var/tmp/diff_new_pack.08lMlz/_new 2020-02-13 10:10:57.012320302 +0100
@@ -1,7 +1,7 @@
#
# spec file for package permissions
#
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,7 +16,7 @@
#
-%define VERSION 20191205
+%define VERSION 20200204
Name: permissions
Version:%{VERSION}
++ _servicedata ++
--- /var/tmp/diff_new_pack.08lMlz/_old 2020-02-13 10:10:57.044320321 +0100
+++ /var/tmp/diff_new_pack.08lMlz/_new 2020-02-13 10:10:57.044320321 +0100
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 530cade2a85b318e8cb35261f3d2da5223c11af2
\ No newline at end of file
+ 402e7433e5b8114ea2e591ed6a8eadca8936127d
\ No newline at end of file
++ permissions-20191205.tar.xz -> permissions-20200204.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20191205/Makefile
new/permissions-20200204/Makefile
--- old/permissions-20191205/Makefile 2019-12-05 15:28:14.0 +0100
+++ new/permissions-20200204/Makefile 2020-02-04 13:19:11.0 +0100
@@ -19,6 +19,7 @@
CPPFLAGS += -DFSCAPS_DEFAULT_ENABLED=$(FSCAPS_DEFAULT_ENABLED)
all: src/chkstat
+ @if grep -o -P '\t' src/chkstat.c ; then echo "error: chkstat.c mixes
tabs and spaces!" ; touch src/chkstat.c ; exit 1 ; fi ; :
install: all
@for i in $(bindir) $(man8dir) $(man5dir) $(fillupdir) $(sysconfdir)
$(zypp_commit_plugins); \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20191205/profiles/permissions.easy
new/permissions-20200204/profiles/permissions.easy
--- old/permissions-20191205/profiles/permissions.easy 2019-12-05
15:28:14.0 +0100
+++ new/permissions-20200204/profiles/permissions.easy 2020-02-04
13:19:11.0 +0100
@@ -395,5 +395,11 @@
/var/spool/nagios/ nagios:nagcmd 2775
# ksysguard network helper (bsc#1151190)
-/usr/libexec/ksysguard/ksgrd_network_helper root:root 0755
+/usr/lib/libexec/ksysguard/ksgrd_network_helper root:root
0755
+capabilities cap_net_raw=ep
+/usr/lib64/libexec/ksysguard/ksgrd_network_helper root:root
0755
+ +capabilities cap_net_raw=ep
+
+# mariadb auth_pam_tool (bsc#1160285)
+/usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_toolroot:root 4755
+/usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool root:root 4755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20191205/profiles/permissions.paranoid
new/permissions-20200204/profiles/permissions.paranoid
--- old/permissions-20191205/profiles/permissions.paranoid 2019-12-05
15:28:14.0 +0100
+++ new/permissions-20200204/profiles/permissions.paranoid 2020-02-04
13:19:11.0 +0100
@@ -398,4 +398,9 @@
/var/spool/nagios/ nagios:nagcmd 0770
# ksysguard network helper (bsc#1151190)
-/usr/libexec/ksysguard/ksg
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2019-12-07 15:12:21
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.4691 (New)
Package is "permissions"
Sat Dec 7 15:12:21 2019 rev:129 rq:754442 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-11-23
23:14:54.078759179 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new.4691/permissions.changes
2019-12-07 15:13:59.239807746 +0100
@@ -1,0 +2,13 @@
+Thu Dec 05 14:31:49 UTC 2019 - malte.kr...@suse.com
+
+- Update to version 20191205:
+ * fix privilege escalation through untrusted symlinks (bsc#1150734,
+CVE-2019-3690)
+
+---
+Wed Nov 27 12:47:23 UTC 2019 - matthias.gerst...@suse.com
+
+- Update to version 20191122:
+ * faxq-helper: correct "secure" permission for trusted group (bsc#1157498)
+
+---
Old:
permissions-20191118.tar.xz
New:
permissions-20191205.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.8ca8Z3/_old 2019-12-07 15:14:04.111807056 +0100
+++ /var/tmp/diff_new_pack.8ca8Z3/_new 2019-12-07 15:14:04.119807054 +0100
@@ -1,7 +1,7 @@
#
# spec file for package permissions
#
-# Copyright (c) 2019 SUSE LLC.
+# Copyright (c) 2019 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,7 +16,7 @@
#
-%define VERSION 20191118
+%define VERSION 20191205
Name: permissions
Version:%{VERSION}
++ _servicedata ++
--- /var/tmp/diff_new_pack.8ca8Z3/_old 2019-12-07 15:14:04.155807050 +0100
+++ /var/tmp/diff_new_pack.8ca8Z3/_new 2019-12-07 15:14:04.155807050 +0100
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 352142ec492b76beb495b46bc64f159af5635c8a
\ No newline at end of file
+ 530cade2a85b318e8cb35261f3d2da5223c11af2
\ No newline at end of file
++ permissions-20191118.tar.xz -> permissions-20191205.tar.xz ++
1755 lines of diff (skipped)
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2019-11-23 23:14:49
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.26869 (New)
Package is "permissions"
Sat Nov 23 23:14:49 2019 rev:128 rq:749269 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-10-11
15:10:36.617209826 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.26869/permissions.changes
2019-11-23 23:14:54.078759179 +0100
@@ -1,0 +2,13 @@
+Mon Nov 18 09:52:14 UTC 2019 - malte.kr...@suse.com
+
+- Update to version 20191118:
+ * whitelist ksysguard network helper (bsc#1151190)
+
+---
+Tue Nov 12 12:45:12 UTC 2019 - malte.kr...@suse.com
+
+- Update to version 20191112:
+ * fix syntax of paranoid profile
+ * fix squid permissions (bsc#1093414, CVE-2019-3688)
+
+---
Old:
permissions-20190913.tar.xz
New:
permissions-20191118.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.9o5cWI/_old 2019-11-23 23:14:54.614759236 +0100
+++ /var/tmp/diff_new_pack.9o5cWI/_new 2019-11-23 23:14:54.618759237 +0100
@@ -1,7 +1,7 @@
#
# spec file for package permissions
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,7 +16,7 @@
#
-%define VERSION 20190913
+%define VERSION 20191118
Name: permissions
Version:%{VERSION}
@@ -25,7 +25,7 @@
# Maintained in github by the security team.
License:GPL-2.0-or-later
Group: Productivity/Security
-Url:http://github.com/openSUSE/permissions
+URL:http://github.com/openSUSE/permissions
Source: permissions-%{version}.tar.xz
Source1:fix_version.sh
BuildRequires: libcap-devel
@@ -88,7 +88,7 @@
%post config
%{fillup_only -n security}
# apply all potentially changed permissions
-%{_bindir}/chkstat --system || exit 0
+%{_bindir}/chkstat --system || :
%package -n chkstat
Summary:SUSE Linux Default Permissions tool
++ _servicedata ++
--- /var/tmp/diff_new_pack.9o5cWI/_old 2019-11-23 23:14:54.650759240 +0100
+++ /var/tmp/diff_new_pack.9o5cWI/_new 2019-11-23 23:14:54.650759240 +0100
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- dae6a13e2ed283d181b99d4dc14bcd7d5c2b89d3
\ No newline at end of file
+ 352142ec492b76beb495b46bc64f159af5635c8a
\ No newline at end of file
++ permissions-20190913.tar.xz -> permissions-20191118.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20190913/profiles/permissions.easy
new/permissions-20191118/profiles/permissions.easy
--- old/permissions-20190913/profiles/permissions.easy 2019-09-13
11:54:23.0 +0200
+++ new/permissions-20191118/profiles/permissions.easy 2019-11-18
10:50:27.0 +0100
@@ -68,7 +68,7 @@
# squid changes from bnc#891268
/var/cache/squid/ squid:root0750
/var/log/squid/ squid:root0750
-/usr/sbin/pingersquid:root0750
+/usr/sbin/pingerroot:squid0750
+capabilities cap_net_raw=ep
/usr/sbin/basic_pam_authroot:shadow 2750
@@ -393,3 +393,7 @@
# nagios (bsc#1028975)
/var/spool/nagios/ nagios:nagcmd 2775
+
+# ksysguard network helper (bsc#1151190)
+/usr/libexec/ksysguard/ksgrd_network_helper root:root 0755
+ +capabilities cap_net_raw=ep
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20190913/profiles/permissions.paranoid
new/permissions-20191118/profiles/permissions.paranoid
--- old/permissions-20190913/profiles/permissions.paranoid 2019-09-13
11:54:23.0 +0200
+++ new/permissions-20191118/profiles/permissions.paranoid 2019-11-18
10:50:27.0 +0100
@@ -85,7 +85,7 @@
# /quid changes from bnc#891268
/var/cache/squid/ squid:root0750
/var/log/squid/ squid:root0750
-/usr/sbin/pingersquid:root0750
+/usr/sbin/pinger
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2019-10-11 15:09:45
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.2352 (New)
Package is "permissions"
Fri Oct 11 15:09:45 2019 rev:127 rq:734799 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-09-26
20:34:40.359594462 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.2352/permissions.changes
2019-10-11 15:10:36.617209826 +0200
@@ -1,0 +2,9 @@
+Thu Oct 3 12:38:09 UTC 2019 - Tomáš Chvátal
+
+- Add || exit 0 on the scriptlet as it can actually fail in
+ rootless containers with podman. This makes sure the zypper
+ does not abort the container creation.
+ * the actual error looks like:
+/dev/zero: chown: Operation not permitted
+
+---
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.PYQAa3/_old 2019-10-11 15:10:40.733198511 +0200
+++ /var/tmp/diff_new_pack.PYQAa3/_new 2019-10-11 15:10:40.741198489 +0200
@@ -88,7 +88,7 @@
%post config
%{fillup_only -n security}
# apply all potentially changed permissions
-%{_bindir}/chkstat --system
+%{_bindir}/chkstat --system || exit 0
%package -n chkstat
Summary:SUSE Linux Default Permissions tool
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2019-09-26 20:34:38
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.2352 (New)
Package is "permissions"
Thu Sep 26 20:34:38 2019 rev:126 rq:730732 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-09-11
10:24:40.455478892 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.2352/permissions.changes
2019-09-26 20:34:40.359594462 +0200
@@ -1,0 +2,7 @@
+Fri Sep 13 11:19:42 UTC 2019 - jseg...@suse.de
+
+- Update to version 20190913:
+ * setgid bit for nagios directory (bsc#1028975, bsc#1150345)
+- This also restructures the sources for the permission package
+
+---
Old:
permissions-20190830.tar.xz
New:
permissions-20190913.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.jhIuto/_old 2019-09-26 20:34:41.551591276 +0200
+++ /var/tmp/diff_new_pack.jhIuto/_new 2019-09-26 20:34:41.91264 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION 20190830
+%define VERSION 20190913
Name: permissions
Version:%{VERSION}
++ _servicedata ++
--- /var/tmp/diff_new_pack.jhIuto/_old 2019-09-26 20:34:41.635591051 +0200
+++ /var/tmp/diff_new_pack.jhIuto/_new 2019-09-26 20:34:41.651591008 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 081d081dcfaf61710bda34bc21c80c66276119aa
\ No newline at end of file
+ dae6a13e2ed283d181b99d4dc14bcd7d5c2b89d3
\ No newline at end of file
++ permissions-20190830.tar.xz -> permissions-20190913.tar.xz ++
6112 lines of diff (skipped)
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2019-09-11 10:24:38
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.7948 (New)
Package is "permissions"
Wed Sep 11 10:24:38 2019 rev:125 rq:727267 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-07-16
08:28:38.535387305 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.7948/permissions.changes
2019-09-11 10:24:40.455478892 +0200
@@ -1,0 +2,19 @@
+Fri Aug 30 14:20:09 UTC 2019 - malte.kr...@suse.com
+
+- Update to version 20190830:
+ * dumpcap: remove 'other' executable bit because of capabilities
(boo#1148788, CVE-2019-3687)
+
+---
+Thu Aug 29 15:38:28 UTC 2019 - malte.kr...@suse.com
+
+- Update to version 20190829:
+ * add one more missing slash for icinga2
+ * fix more missing slashes for directories
+
+---
+Tue Aug 20 08:56:35 UTC 2019 - malte.kr...@suse.com
+
+- Update to version 20190820:
+ * cron directory permissions: add slashes
+
+---
Old:
permissions-20190711.tar.xz
New:
permissions-20190830.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.NZ6Oad/_old 2019-09-11 10:24:41.471478765 +0200
+++ /var/tmp/diff_new_pack.NZ6Oad/_new 2019-09-11 10:24:41.475478765 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION 20190711
+%define VERSION 20190830
Name: permissions
Version:%{VERSION}
++ _servicedata ++
--- /var/tmp/diff_new_pack.NZ6Oad/_old 2019-09-11 10:24:41.507478761 +0200
+++ /var/tmp/diff_new_pack.NZ6Oad/_new 2019-09-11 10:24:41.507478761 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 5da6a81e38bb74f2090d73208b1a0101a0c5b73b
\ No newline at end of file
+ 081d081dcfaf61710bda34bc21c80c66276119aa
\ No newline at end of file
++ permissions-20190711.tar.xz -> permissions-20190830.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20190711/permissions.easy
new/permissions-20190830/permissions.easy
--- old/permissions-20190711/permissions.easy 2019-07-11 16:16:25.0
+0200
+++ new/permissions-20190830/permissions.easy 2019-08-30 16:19:23.0
+0200
@@ -31,11 +31,11 @@
/var/lib/nfs/rmtab root:root 644
/etc/syslog.confroot:root 644
/etc/ssh/sshd_configroot:root 640
-/etc/cron.d root:root 755
-/etc/cron.daily root:root 755
-/etc/cron.hourlyroot:root 755
-/etc/cron.monthly root:root 755
-/etc/cron.weeklyroot:root 755
+/etc/cron.d/root:root 755
+/etc/cron.daily/root:root 755
+/etc/cron.hourly/ root:root 755
+/etc/cron.monthly/ root:root 755
+/etc/cron.weekly/ root:root 755
#
# suid system programs that need the suid bit to work:
@@ -287,7 +287,7 @@
/sbin/mount.ecryptfs_private root:root 4755
# wireshark (bsc#957624)
-/usr/bin/dumpcap root:wireshark0755
+/usr/bin/dumpcap root:wireshark0750
+capabilities cap_net_raw,cap_net_admin=ep
# singularity (bsc#1028304)
@@ -357,7 +357,7 @@
+capabilities cap_net_bind_service=ep
# icinga2 (bsc#1069410)
-/run/icinga2/cmd icinga:icingagmd 2750
+/run/icinga2/cmd/ icinga:icingagmd 2750
# fping (bsc#1047921)
/usr/sbin/fpingroot:root
0755
@@ -365,7 +365,7 @@
# usbauth (bsc#1066877)
/usr/bin/usbauth-npriv root:usbauth04750
-/usr/lib/usbauth-notifier root:usbauth-notifier
0750
+/usr/lib/usbauth-notifier/ root:usbauth-notifier
0750
/usr/lib/usbauth-notifier/usbauth-notifier root:usbauth027
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2019-07-16 08:28:37
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.1887 (New)
Package is "permissions"
Tue Jul 16 08:28:37 2019 rev:124 rq:714806 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-06-26
16:01:31.675420223 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.1887/permissions.changes
2019-07-16 08:28:38.535387305 +0200
@@ -1,0 +2,13 @@
+Thu Jul 11 14:21:23 UTC 2019 - malte.kr...@suse.com
+
+- Update to version 20190711:
+ * iputils: Add capability permissions for clockdiff (bsc#1140994)
+
+---
+Wed Jul 10 12:29:08 UTC 2019 - opensuse-packag...@opensuse.org
+
+- Update to version 20190710:
+ * iputils/ping: Drop effective capability
+ * iputils/ping6: Remove definitions
+
+---
Old:
permissions-20190521.tar.xz
New:
permissions-20190711.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.2UCpLS/_old 2019-07-16 08:28:38.991387371 +0200
+++ /var/tmp/diff_new_pack.2UCpLS/_new 2019-07-16 08:28:38.991387371 +0200
@@ -12,11 +12,11 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
-%define VERSION 20190521
+%define VERSION 20190711
Name: permissions
Version:%{VERSION}
++ _servicedata ++
--- /var/tmp/diff_new_pack.2UCpLS/_old 2019-07-16 08:28:39.027387376 +0200
+++ /var/tmp/diff_new_pack.2UCpLS/_new 2019-07-16 08:28:39.031387377 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- aafb12397dbea3f9d50d403a05cbf79f869f6fe3
\ No newline at end of file
+ 5da6a81e38bb74f2090d73208b1a0101a0c5b73b
\ No newline at end of file
++ permissions-20190521.tar.xz -> permissions-20190711.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20190521/permissions.easy
new/permissions-20190711/permissions.easy
--- old/permissions-20190521/permissions.easy 2019-05-21 10:40:59.0
+0200
+++ new/permissions-20190711/permissions.easy 2019-07-11 16:16:25.0
+0200
@@ -115,10 +115,10 @@
#
# networking (need root for the privileged socket)
#
+/usr/bin/clockdiff root:root 0755
+ +capabilities cap_net_raw=p
/usr/bin/ping root:root 0755
- +capabilities cap_net_raw=ep
-/usr/bin/ping6 root:root 0755
- +capabilities cap_net_raw=ep
+ +capabilities cap_net_raw=p
# mtr is linked against ncurses. For dialout only.
/usr/sbin/mtr root:dialout 0750
+capabilities cap_net_raw=ep
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20190521/permissions.paranoid
new/permissions-20190711/permissions.paranoid
--- old/permissions-20190521/permissions.paranoid 2019-05-21
10:40:59.0 +0200
+++ new/permissions-20190711/permissions.paranoid 2019-07-11
16:16:25.0 +0200
@@ -131,8 +131,8 @@
#
# networking (need root for the privileged socket)
#
+/usr/bin/clockdiff root:root 0755
/usr/bin/ping root:root 0755
-/usr/bin/ping6 root:root 0755
# mtr is linked against ncurses.
/usr/sbin/mtr root:dialout 0750
/usr/bin/rcproot:root 0755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20190521/permissions.secure
new/permissions-20190711/permissions.secure
--- old/permissions-20190521/permissions.secure 2019-05-21 10:40:59.0
+0200
+++ new/permissions-20190711/permissions.secure 2019-07-11 16:16:25.0
+0200
@@ -156,10 +156,10 @@
#
# networking (need root for the privileged socket)
#
+/usr/bin/clockdiff root:root 0755
+ +capabilities cap_net_raw=p
/usr/bin/ping root:root 0755
- +capabilities cap_net_raw=ep
-/usr/bin/ping6
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2019-06-26 16:01:30
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.4615 (New)
Package is "permissions"
Wed Jun 26 16:01:30 2019 rev:123 rq:709714 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-05-06
13:19:43.108310935 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new.4615/permissions.changes
2019-06-26 16:01:31.675420223 +0200
@@ -1,0 +2,17 @@
+Thu Jun 13 08:57:42 UTC 2019 - meiss...@suse.com
+
+- Update to version 20190521:
+ * singluarity: Add starter-suid for version 3.2.0
+ * adjust settings for amanda to current binary layout
+
+---
+Wed Jun 5 12:02:18 UTC 2019 -
+
+- Move BuildRequires: back to main package
+
+---
+Wed Jun 5 10:38:58 UTC 2019 -
+
+- Moved requires to subpackages (bsc#1137257)
+
+---
Old:
permissions-20190429.tar.xz
New:
permissions-20190521.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.LEQZcY/_old 2019-06-26 16:01:33.443422671 +0200
+++ /var/tmp/diff_new_pack.LEQZcY/_new 2019-06-26 16:01:33.483422726 +0200
@@ -16,7 +16,7 @@
#
-%define VERSION 20190429
+%define VERSION 20190521
Name: permissions
Version:%{VERSION}
@@ -29,9 +29,6 @@
Source: permissions-%{version}.tar.xz
Source1:fix_version.sh
BuildRequires: libcap-devel
-#!BuildIgnore: group(trusted)
-Requires(post): %fillup_prereq
-Requires(pre): group(trusted)
Requires: chkstat
Requires: permissions-config
Recommends: permissions-doc
@@ -72,7 +69,10 @@
Group: Productivity/Security
Version:%{suse_version}_%{VERSION}
Release:0
+Requires(post): %fillup_prereq
Requires(post): chkstat
+#!BuildIgnore: group(trusted)
+Requires(pre): group(trusted)
%description config
The actual permissions configuration files, /etc/permission.*.
++ _servicedata ++
--- /var/tmp/diff_new_pack.LEQZcY/_old 2019-06-26 16:01:33.815423186 +0200
+++ /var/tmp/diff_new_pack.LEQZcY/_new 2019-06-26 16:01:33.827423203 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 938c49d3c1b0820d2a301a8018709efed9a6ce61
\ No newline at end of file
+ aafb12397dbea3f9d50d403a05cbf79f869f6fe3
\ No newline at end of file
++ permissions-20190429.tar.xz -> permissions-20190521.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20190429/permissions.easy
new/permissions-20190521/permissions.easy
--- old/permissions-20190429/permissions.easy 2019-04-29 17:10:17.0
+0200
+++ new/permissions-20190521/permissions.easy 2019-05-21 10:40:59.0
+0200
@@ -180,13 +180,14 @@
#
# amanda
#
-/usr/sbin/amcheck root:amanda 4750
/usr/lib/amanda/calcsizeroot:amanda 4750
/usr/lib/amanda/rundump root:amanda 4750
-/usr/lib/amanda/planner root:amanda 4750
/usr/lib/amanda/runtar root:amanda 4750
-/usr/lib/amanda/dumper root:amanda 4750
/usr/lib/amanda/killpgrproot:amanda 4750
+/usr/lib/amanda/ambind root:amanda 4750
+/usr/lib/amanda/application/ambsdtarroot:amanda 4750
+/usr/lib/amanda/application/amgtar root:amanda 4750
+/usr/lib/amanda/application/amstar root:amanda 4750
#
@@ -298,6 +299,8 @@
/usr/lib/singularity/bin/action-suid root:singularity 4750
/usr/lib/singularity/bin/mount-suidroot:singularity 4750
/usr/lib/singularity/bin/start-suidroot:singularity 4750
+# singularity version 3 (bsc#1128598)
+/usr/lib/singularity/bin/starter-suid root:singularity 4750
/usr/bin/su root:root 4755
/usr/bin/mount root:root 4755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20190429/permissions.paranoid
new/permissions-20190521/permissions.paranoid
--- old/permissions-20190429/permissions.paranoid
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2019-05-06 13:19:38
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.5148 (New)
Package is "permissions"
Mon May 6 13:19:38 2019 rev:122 rq:700154 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-02-19
13:54:52.508726137 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new.5148/permissions.changes
2019-05-06 13:19:43.108310935 +0200
@@ -1,0 +2,30 @@
+Thu May 2 09:46:05 UTC 2019 - jseg...@suse.com
+
+- Fixed versions. Removed set_version from _service file, doesn't
+ work with the new packaging. Call fix_version.sh to set current
+ date as version instead
+- Fixed requires for -config and -zypp-plugin
+
+---
+Tue Apr 30 08:57:37 UTC 2019 - opensuse-packag...@opensuse.org
+
+- Update to version 20190429:
+ * removed entry for /var/cache/man. Conflicts with packaging and man:man is
+the better setting anyway (bsc#1133678)
+ * fixed error in description of permissions.paranoid. Make it clear that this
+is not a usable profile, but intended as a base for own developments
+
+---
+Sat Apr 13 17:12:12 UTC 2019 - Jan Engelhardt
+
+- Fix RPM group, fix hard requirement on documentation.
+ Update description typography.
+
+---
+Thu Apr 11 11:18:36 UTC 2019 - jseg...@suse.com
+
+- Created new subpackages -config, -doc and standalone package chkstat
+ where we can start a better versioning scheme and require it from the
+ original package
+
+---
Old:
permissions-20190212.tar.xz
New:
fix_version.sh
permissions-20190429.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.W95Pli/_old 2019-05-06 13:19:43.568311983 +0200
+++ /var/tmp/diff_new_pack.W95Pli/_new 2019-05-06 13:19:43.572311992 +0200
@@ -16,8 +16,10 @@
#
+%define VERSION 20190429
+
Name: permissions
-Version:20190212
+Version:%{VERSION}
Release:0
Summary:SUSE Linux Default Permissions
# Maintained in github by the security team.
@@ -25,17 +27,16 @@
Group: Productivity/Security
Url:http://github.com/openSUSE/permissions
Source: permissions-%{version}.tar.xz
+Source1:fix_version.sh
BuildRequires: libcap-devel
#!BuildIgnore: group(trusted)
Requires(post): %fillup_prereq
Requires(pre): group(trusted)
+Requires: chkstat
+Requires: permissions-config
+Recommends: permissions-doc
Provides: aaa_base:%{_sysconfdir}/permissions
-%description
-Permission settings of files and directories depending on the local
-security settings. The local security setting (easy, secure, or paranoid)
-can be configured in /etc/sysconfig/security.
-
%prep
%setup -q
@@ -45,25 +46,66 @@
%install
%make_install fillupdir=%{_fillupdir}
-%post
-%{fillup_only -n security}
-# apply all potentially changed permissions
-%{_bindir}/chkstat --system
+%description
+Permission settings of files and directories depending on the local
+security settings. The local security setting ("easy", "secure", or "paranoid")
+can be configured in /etc/sysconfig/security.
+
+This package does not contain files, it just requires the necessary packages.
%files
+
+%package doc
+Summary:SUSE Linux Default Permissions documentation
+Group: Documentation/Man
+Version:%{suse_version}_%{VERSION}
+Release:0
+
+%description doc
+Documentation for the permission files /etc/permissions*.
+
+%files doc
+%{_mandir}/man5/permissions.5%{ext_man}
+
+%package config
+Summary:SUSE Linux Default Permissions config files
+Group: Productivity/Security
+Version:%{suse_version}_%{VERSION}
+Release:0
+Requires(post): chkstat
+
+%description config
+The actual permissions configuration files, /etc/permission.*.
+
+%files config
%config %{_sysconfdir}/permissions
%config %{_sysconfdir}/permissions.easy
%config %{_sysconfdir}/permissions.secure
%config %{_sysconfdir}/permissions.paranoid
%config(noreplace) %{_sysconfdir}/permissions.local
+%{_fillupdir}/sysconfig.security
+
+%post config
+%{fillup_only -n security}
+# apply all potentially changed permissions
+%{_bindir}/chkstat --system
+
+%package -n chkstat
+Summary:SUSE Linux Default Permissions tool
+Group: Productivity/Security
+Version:%{suse_version}_%{VERSION}
+Release:
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2019-02-19 13:54:51 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.28833 (New) Package is "permissions" Tue Feb 19 13:54:51 2019 rev:121 rq:674669 version:20190212 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2018-11-26 10:12:59.726246482 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new.28833/permissions.changes 2019-02-19 13:54:52.508726137 +0100 @@ -1,0 +2,46 @@ +Tue Feb 12 14:29:45 UTC 2019 - jseg...@suse.com + +- Update to version 20190212: + * removed old entry for wodim + * removed old entry for netatalk + * removed old entry for suidperl + * removed old entriy for utempter + * removed old entriy for hostname + * removed old directory entries + * removed old entry for qemu-bridge-helper + * removed old entries for pccardctl + * removed old entries for isdnctrl + * removed old entries for unix(2)_chkpwd + * removed old entries for mount.nfs + * removed old entries for (u)mount + * removed old entry for fileshareset + * removed old entries for KDE + * removed old entry for heartbeat + * removed old entry for gnome-control-center + * removed old entry for pcp + * removed old entry for lpdfilter + * removed old entry for scotty + * removed old entry for ia32el + * removed old entry for squid + * removed old qpopper whitelist + * removed pt_chown entries. Not needed anymore and a bad idea anyway + * removed old majordomo entry + * removed stale entries for old ncpfs tools + * removed old entry for rmtab + * Fixed typo in icinga2 whitelist entry + * New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale +entries for VirtualBox + * Removed whitelist for /usr/bin/su.core. According to comment a temporary +hack introduced 2012 to help moving su from coretuils to util-linux. I +couldn't find it anywhere, so we don't need it anymore + * Remove entry for /usr/bin/yaps. We don't ship it anymore and the group that +is used doesn't exists anymore starting with Leap 15, so it will not work +there anyway. Users using this (old) package can do this individually + * removed entry for /etc/ftpaccess. We currently don't have it anywhere (and +judging from my search this has been the case for quite a while) + * Ensure consistency of entries, otherwise switching between settings becomes +problematic + * Fix spelling of SUSE + * permissions.local: fix typo + +--- Old: permissions-20181116.tar.xz New: permissions-20190212.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.fZetjk/_old 2019-02-19 13:54:53.052725748 +0100 +++ /var/tmp/diff_new_pack.fZetjk/_new 2019-02-19 13:54:53.056725745 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: permissions -Version:20181116 +Version:20190212 Release:0 Summary:SUSE Linux Default Permissions # Maintained in github by the security team. ++ _servicedata ++ --- /var/tmp/diff_new_pack.fZetjk/_old 2019-02-19 13:54:53.104725711 +0100 +++ /var/tmp/diff_new_pack.fZetjk/_new 2019-02-19 13:54:53.104725711 +0100 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - c1107931c09ab5e32fffa7696ab6b09fff553a96 \ No newline at end of file + b3af647ecf37350b62e774e798e2ce4b7f0bff60 \ No newline at end of file ++ permissions-20181116.tar.xz -> permissions-20190212.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20181116/permissions new/permissions-20190212/permissions --- old/permissions-20181116/permissions2018-11-16 16:33:52.0 +0100 +++ new/permissions-20190212/permissions2019-02-12 15:17:25.0 +0100 @@ -8,7 +8,7 @@ # This file is used by chkstat (and indirectly by various RPM scripts) # to check or set the modes and ownerships of files and directories in the installation. # -# There is a set of files with similar meaning in a SuSE installation: +# There is a set of files with similar meaning in a SUSE installation: # /etc/permissions (This file) # /etc/permissions.easy # /etc/permissions.secure @@ -62,14 +62,12 @@ /var/spool/
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2018-11-26 10:12:53
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.19453 (New)
Package is "permissions"
Mon Nov 26 10:12:53 2018 rev:120 rq:649630 version:20181116
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2018-11-05
22:49:54.648471693 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new.19453/permissions.changes
2018-11-26 10:12:59.726246482 +0100
@@ -1,0 +2,13 @@
+Fri Nov 16 15:15:04 UTC 2018 - opensuse-packag...@opensuse.org
+
+- Update to version 20181116:
+ * zypper-plugin: new plugin to fix bsc#1114383
+
+---
+Mon Nov 12 12:14:18 UTC 2018 - opensuse-packag...@opensuse.org
+
+- Update to version 20181112:
+ * singularity: remove -suid binaries that have been dropped since version
+ 2.4 (bsc#1028304)
+
+---
Old:
permissions-20181030.tar.xz
New:
permissions-20181116.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.htom8Y/_old 2018-11-26 10:13:01.522244376 +0100
+++ /var/tmp/diff_new_pack.htom8Y/_new 2018-11-26 10:13:01.522244376 +0100
@@ -17,7 +17,7 @@
Name: permissions
-Version:20181030
+Version:20181116
Release:0
Summary:SUSE Linux Default Permissions
# Maintained in github by the security team.
@@ -61,4 +61,23 @@
%{_mandir}/man8/chkstat.8%{ext_man}
%{_fillupdir}/sysconfig.security
+%package -n permissions-zypp-plugin
+BuildArch: noarch
+Requires: permissions = %version
+Requires: python3-zypp-plugin
+Requires: libzypp(plugin:commit) = 1
+Summary:A zypper commit plugin for calling chkstat
+Group: Productivity/Security
+
+%description -n permissions-zypp-plugin
+This package contains a plugin for zypper that calls `chkstat --system` after
+new packages have been installed. This is helpful for maintaining custom
+entries in /etc/permissions.local.
+
+%files -n permissions-zypp-plugin
+%dir /usr/lib/zypp
+%dir /usr/lib/zypp/plugins
+%dir /usr/lib/zypp/plugins/commit
+/usr/lib/zypp/plugins/commit/permissions.py
+
%changelog
++ _servicedata ++
--- /var/tmp/diff_new_pack.htom8Y/_old 2018-11-26 10:13:01.554244338 +0100
+++ /var/tmp/diff_new_pack.htom8Y/_new 2018-11-26 10:13:01.558244333 +0100
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 2a511608aeccb6f43d94e0086f3878a7465b235a
\ No newline at end of file
+ c1107931c09ab5e32fffa7696ab6b09fff553a96
\ No newline at end of file
++ permissions-20181030.tar.xz -> permissions-20181116.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20181030/Makefile
new/permissions-20181116/Makefile
--- old/permissions-20181030/Makefile 2018-10-30 13:11:09.0 +0100
+++ new/permissions-20181116/Makefile 2018-11-16 16:33:52.0 +0100
@@ -11,6 +11,8 @@
mandir=$(datadir)/man
man8dir=$(mandir)/man8
man5dir=$(mandir)/man5
+zypp_plugins=$(prefix)/lib/zypp/plugins
+zypp_commit_plugins=$(zypp_plugins)/commit
FSCAPS_DEFAULT_ENABLED = 1
CPPFLAGS += -DFSCAPS_DEFAULT_ENABLED=$(FSCAPS_DEFAULT_ENABLED)
@@ -18,12 +20,13 @@
all: chkstat
install: all
- @for i in $(bindir) $(suseconfigdir) $(man8dir) $(man5dir) $(fillupdir)
$(sysconfdir); \
+ @for i in $(bindir) $(suseconfigdir) $(man8dir) $(man5dir) $(fillupdir)
$(sysconfdir) $(zypp_commit_plugins); \
do install -d -m 755 $(DESTDIR)$$i; done
@install -m 755 chkstat $(DESTDIR)$(bindir)
@install -m 644 chkstat.8 $(DESTDIR)$(man8dir)
@install -m 644 permissions.5 $(DESTDIR)$(man5dir)
@install -m 644 sysconfig.security $(DESTDIR)$(fillupdir)
+ @install -m 755 zypper-plugin/permissions.py
$(DESTDIR)$(zypp_commit_plugins)
@for i in permissions{,.local,.easy,.secure,.paranoid}; \
do install -m 644 $$i $(DESTDIR)$(sysconfdir); done
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20181030/permissions.easy
new/permissions-20181116/permissions.easy
--- old/permissions-20181030/permissions.easy 2018-10-30 13:11:09.0
+0100
+++ new/permissions-20181116/permissions.easy 2018-11-16 16:33:52.0
+0100
@@ -341,12 +341,13 @@
+capabilities cap_net_raw,cap_net_admin=ep
# singularity (bsc#1028304)
-/usr/lib/singularity/bin/expand-suid root:singularity 4750
-/usr/lib/singularity/bin/m
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2018-11-05 22:49:49 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Mon Nov 5 22:49:49 2018 rev:119 rq:645523 version:20181030 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2018-08-28 09:19:52.471967860 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2018-11-05 22:49:54.648471693 +0100 @@ -1,0 +2,18 @@ +Tue Oct 30 12:13:21 UTC 2018 - opensuse-packag...@opensuse.org + +- Update to version 20181030: + * capability whitelisting: allow cap_net_bind_service for ns-slapd from 389-ds + +--- +Mon Oct 29 16:59:05 UTC 2018 - opensuse-packag...@opensuse.org + +- Update to version 20181029: + * setuid whitelisting: add fusermount3 (bsc#230) + +--- +Thu Oct 25 16:13:46 UTC 2018 - opensuse-packag...@opensuse.org + +- Update to version 20181025: + * setuid whitelisting: add authbind binary (bsc#251) + +--- Old: permissions-20180827.tar.xz New: permissions-20181030.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.b2oDpz/_old 2018-11-05 22:49:55.184471015 +0100 +++ /var/tmp/diff_new_pack.b2oDpz/_new 2018-11-05 22:49:55.184471015 +0100 @@ -17,7 +17,7 @@ Name: permissions -Version:20180827 +Version:20181030 Release:0 Summary:SUSE Linux Default Permissions # Maintained in github by the security team. ++ _servicedata ++ --- /var/tmp/diff_new_pack.b2oDpz/_old 2018-11-05 22:49:55.232470955 +0100 +++ /var/tmp/diff_new_pack.b2oDpz/_new 2018-11-05 22:49:55.232470955 +0100 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 492fb646f85ecf25c9c13f8c944ff6c6b443e8d8 \ No newline at end of file + 2a511608aeccb6f43d94e0086f3878a7465b235a \ No newline at end of file ++ permissions-20180827.tar.xz -> permissions-20181030.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180827/permissions.easy new/permissions-20181030/permissions.easy --- old/permissions-20180827/permissions.easy 2018-08-27 11:09:15.0 +0200 +++ new/permissions-20181030/permissions.easy 2018-10-30 13:11:09.0 +0100 @@ -444,3 +444,13 @@ # firejail (bsc#1059013) /usr/bin/firejail root:firejail 04750 + +# authbind (bsc#251) +/usr/lib/authbind/helperroot:root 04755 + +# fuse3 (bsc#230) +/usr/bin/fusermount3root:trusted04755 + +# 389-ds (bsc#564) +/usr/sbin/ns-slapd root:dirsrv 0750 + +capabilities cap_net_bind_service=ep diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180827/permissions.paranoid new/permissions-20181030/permissions.paranoid --- old/permissions-20180827/permissions.paranoid 2018-08-27 11:09:15.0 +0200 +++ new/permissions-20181030/permissions.paranoid 2018-10-30 13:11:09.0 +0100 @@ -451,3 +451,12 @@ # firejail (bsc#1059013) /usr/bin/firejail root:firejail 0750 + +# authbind (bsc#251) +/usr/lib/authbind/helperroot:root 0755 + +# fuse3 (bsc#230) +/usr/bin/fusermount3root:trusted0755 + +# 389-ds (bsc#564) +/usr/sbin/ns-slapd root:dirsrv 0750 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180827/permissions.secure new/permissions-20181030/permissions.secure --- old/permissions-20180827/permissions.secure 2018-08-27 11:09:15.0 +0200 +++ new/permissions-20181030/permissions.secure 2018-10-30 13:11:09.0 +0100 @@ -480,3 +480,13 @@ # firejail (bsc#1059013) /usr/bin/firejail root:firejail 04750 + +# authbind (bsc#251) +/usr/lib/authbind/helperroot:root 04755 + +# fuse3 (bsc#230) +/usr/bin/fusermount3root:trusted04750 + +# 389-ds (bsc#564) +/usr/sbin/ns-slapd root:dirsrv 0750 + +capabilities cap_net_bind_service=ep
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2018-08-28 09:19:50 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Tue Aug 28 09:19:50 2018 rev:118 rq:631726 version:20180827 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2018-08-06 11:52:49.097092359 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2018-08-28 09:19:52.471967860 +0200 @@ -1,0 +2,12 @@ +Mon Aug 27 09:12:35 UTC 2018 - opensuse-packag...@opensuse.org + +- Update to version 20180827: + * setuid whitelisting: add firejail binary (bsc#1059013) + +--- +Fri Aug 10 09:22:35 UTC 2018 - opensuse-packag...@opensuse.org + +- Update to version 20180810: + * setuid whitelisting: add lxc-user-nic (bsc#988348) + +--- Old: permissions-20180802.tar.xz New: permissions-20180827.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.YLQcya/_old 2018-08-28 09:19:52.863969107 +0200 +++ /var/tmp/diff_new_pack.YLQcya/_new 2018-08-28 09:19:52.863969107 +0200 @@ -17,7 +17,7 @@ Name: permissions -Version:20180802 +Version:20180827 Release:0 Summary:SUSE Linux Default Permissions # Maintained in github by the security team. ++ _servicedata ++ --- /var/tmp/diff_new_pack.YLQcya/_old 2018-08-28 09:19:52.899969221 +0200 +++ /var/tmp/diff_new_pack.YLQcya/_new 2018-08-28 09:19:52.903969234 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 5dac4a14d414d798dbdffaeb4d1b91560ca3f351 \ No newline at end of file + 492fb646f85ecf25c9c13f8c944ff6c6b443e8d8 \ No newline at end of file ++ permissions-20180802.tar.xz -> permissions-20180827.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180802/permissions.easy new/permissions-20180827/permissions.easy --- old/permissions-20180802/permissions.easy 2018-08-02 18:12:59.0 +0200 +++ new/permissions-20180827/permissions.easy 2018-08-27 11:09:15.0 +0200 @@ -438,3 +438,9 @@ # smc-tools (bsc#1102956) /usr/lib/libsmc-preload.so root:root 04755 /usr/lib64/libsmc-preload.soroot:root 04755 + +# lxc (bsc#988348) +/usr/lib/lxc/lxc-user-nic root:kvm04750 + +# firejail (bsc#1059013) +/usr/bin/firejail root:firejail 04750 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180802/permissions.paranoid new/permissions-20180827/permissions.paranoid --- old/permissions-20180802/permissions.paranoid 2018-08-02 18:12:59.0 +0200 +++ new/permissions-20180827/permissions.paranoid 2018-08-27 11:09:15.0 +0200 @@ -445,3 +445,9 @@ # smc-tools (bsc#1102956) /usr/lib/libsmc-preload.so root:root 0755 /usr/lib64/libsmc-preload.soroot:root 0755 + +# lxc (bsc#988348) +/usr/lib/lxc/lxc-user-nic root:kvm0750 + +# firejail (bsc#1059013) +/usr/bin/firejail root:firejail 0750 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180802/permissions.secure new/permissions-20180827/permissions.secure --- old/permissions-20180802/permissions.secure 2018-08-02 18:12:59.0 +0200 +++ new/permissions-20180827/permissions.secure 2018-08-27 11:09:15.0 +0200 @@ -474,3 +474,9 @@ # smc-tools (bsc#1102956) /usr/lib/libsmc-preload.so root:root 04755 /usr/lib64/libsmc-preload.soroot:root 04755 + +# lxc (bsc#988348) +/usr/lib/lxc/lxc-user-nic root:kvm04750 + +# firejail (bsc#1059013) +/usr/bin/firejail root:firejail 04750
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2018-08-06 11:52:45
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions"
Mon Aug 6 11:52:45 2018 rev:117 rq:627117 version:20180802
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2018-08-02
14:47:38.175192863 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2018-08-06 11:52:49.097092359 +0200
@@ -1,0 +2,6 @@
+Thu Aug 02 16:13:33 UTC 2018 - opensuse-packag...@opensuse.org
+
+- Update to version 20180802:
+ * whitelisting: added smc-tools LD_PRELOAD library (bsc#1102956)
+
+---
Old:
permissions-20180724.tar.xz
New:
permissions-20180802.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.uivIcP/_old 2018-08-06 11:52:49.537093123 +0200
+++ /var/tmp/diff_new_pack.uivIcP/_new 2018-08-06 11:52:49.541093129 +0200
@@ -17,7 +17,7 @@
Name: permissions
-Version:20180724
+Version:20180802
Release:0
Summary:SUSE Linux Default Permissions
# Maintained in github by the security team.
++ _servicedata ++
--- /var/tmp/diff_new_pack.uivIcP/_old 2018-08-06 11:52:49.573093185 +0200
+++ /var/tmp/diff_new_pack.uivIcP/_new 2018-08-06 11:52:49.573093185 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 888ecd1562f4a85dd37a131c52f4a5b132acd085
\ No newline at end of file
+ 5dac4a14d414d798dbdffaeb4d1b91560ca3f351
\ No newline at end of file
++ permissions-20180724.tar.xz -> permissions-20180802.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20180724/mkchanges
new/permissions-20180802/mkchanges
--- old/permissions-20180724/mkchanges 2018-07-24 10:28:19.0 +0200
+++ new/permissions-20180802/mkchanges 1970-01-01 01:00:00.0 +0100
@@ -1,7 +0,0 @@
-#!/bin/sh
-# create log suitable for c&p into rpm changes file
-if [ -z "$1" ]; then
- set -- remotes/origin/master..master
-fi
-# no idea why it always prints those commit lines
-git rev-list --pretty=format:" - %s" "$@" |grep -v ^commit
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20180724/mktar
new/permissions-20180802/mktar
--- old/permissions-20180724/mktar 2018-07-24 10:28:19.0 +0200
+++ new/permissions-20180802/mktar 1970-01-01 01:00:00.0 +0100
@@ -1,11 +0,0 @@
-#!/bin/sh
-set -e
-NAME=permissions
-VERSION=
-LAST_COMMIT=(`git rev-list --timestamp HEAD^..HEAD`)
-DATE=`date +%Y.%m.%d.%H%M -d "1970-01-01 00:00 UTC $LAST_COMMIT seconds"`
-vers="${VERSION:+${VERSION}_}$DATE"
-pfx="$NAME-$vers"
-fn="$pfx".tar.bz2
-git archive --prefix="$pfx"/ HEAD | bzip2 > $fn
-echo "version $vers -> $fn"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20180724/obs/mkchanges
new/permissions-20180802/obs/mkchanges
--- old/permissions-20180724/obs/mkchanges 2018-07-24 10:28:19.0
+0200
+++ new/permissions-20180802/obs/mkchanges 1970-01-01 01:00:00.0
+0100
@@ -1,11 +0,0 @@
-#!/bin/sh
-# create log suitable for c&p into rpm changes file
-if [ -z "$1" ]; then
- set -- remotes/origin/master..HEAD
-elif [ "${1%.changes}" != "$1" ]; then
- # parse time stamp of .changes file
- d=`awk 'NR==2{FS=" - ";$0=$0;print $1;exit}' < $1`
- set -- --since="$d" HEAD
-fi
-# no idea why it always prints those commit lines
-git rev-list --pretty=format:"- %s" "$@" |grep -v ^commit
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20180724/obs/mkpackage
new/permissions-20180802/obs/mkpackage
--- old/permissions-20180724/obs/mkpackage 2018-07-24 10:28:19.0
+0200
+++ new/permissions-20180802/obs/mkpackage 1970-01-01 01:00:00.0
+0100
@@ -1,61 +0,0 @@
-#!/bin/bash
-set -e
-shopt -s nullglob
-name="`pwd -P`"
-name=${name##*/}
-name=${name%%.*}
-dstdir="package"
-src="$PWD"
-if [ ! -d "$dstdir/.osc" ]; then
- echo "*** Error: please check out the package:"
- echo "osc branch openSUSE:Factory $name"
- echo "ln -s home\:*\:branches\:*/$name $dstdir"
- exit 1
-fi
-if [ "`git --no-pager diff --name-only|wc -l`" != '0' -o "`git --no-pager diff
--name-only --cached|wc -l`" != 0 ]; then
- echo "*** Error: uncomitted changes"
- echo "run 'git add file' to add files, 'git commit -a' to commit
changes"
- ex
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2018-08-02 14:47:34
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions"
Thu Aug 2 14:47:34 2018 rev:116 rq:625020 version:20180724
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2018-05-13
15:53:17.260115750 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2018-08-02 14:47:38.175192863 +0200
@@ -1,0 +2,7 @@
+Tue Jul 24 08:49:20 UTC 2018 - opensuse-packag...@opensuse.org
+
+- Update to version 20180724:
+ * Fix wrong file path in help string
+ * whitelisting: add spice-gtk usb helper setuid binary (bnc#1101420)
+
+---
Old:
permissions-20180508.tar.xz
New:
permissions-20180724.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.qTOlcY/_old 2018-08-02 14:47:38.755193972 +0200
+++ /var/tmp/diff_new_pack.qTOlcY/_new 2018-08-02 14:47:38.755193972 +0200
@@ -17,11 +17,11 @@
Name: permissions
-Version:20180508
+Version:20180724
Release:0
Summary:SUSE Linux Default Permissions
# Maintained in github by the security team.
-License:GPL-2.0+
+License:GPL-2.0-or-later
Group: Productivity/Security
Url:http://github.com/openSUSE/permissions
Source: permissions-%{version}.tar.xz
++ _servicedata ++
--- /var/tmp/diff_new_pack.qTOlcY/_old 2018-08-02 14:47:38.787194033 +0200
+++ /var/tmp/diff_new_pack.qTOlcY/_new 2018-08-02 14:47:38.791194041 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 15dbfc119c74f7144cbdaea3632a6a2936fe94f4
\ No newline at end of file
+ 888ecd1562f4a85dd37a131c52f4a5b132acd085
\ No newline at end of file
++ permissions-20180508.tar.xz -> permissions-20180724.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20180508/chkstat.c
new/permissions-20180724/chkstat.c
--- old/permissions-20180508/chkstat.c 2018-05-08 08:05:37.0 +0200
+++ new/permissions-20180724/chkstat.c 2018-07-24 10:28:19.0 +0200
@@ -429,7 +429,7 @@
" --noheader don't print intro message\n"
" --fscapsforce use of fscaps\n"
" --no-fscaps disable use of fscaps\n"
-" --systemsystem mode, act according to
/etc/permissions/security\n"
+" --systemsystem mode, act according to /etc/sysconfig/security\n"
" --level LEVEL force use LEVEL (only with --system)\n"
" --examine FILE apply to specified file only\n"
" --files FILELISTread list of files to apply from FILELIST\n"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20180508/permissions.easy
new/permissions-20180724/permissions.easy
--- old/permissions-20180508/permissions.easy 2018-05-08 08:05:37.0
+0200
+++ new/permissions-20180724/permissions.easy 2018-07-24 10:28:19.0
+0200
@@ -432,3 +432,5 @@
/usr/lib/usbauth-notifier root:usbauth-notifier
0750
/usr/lib/usbauth-notifier/usbauth-notifier root:usbauth02755
+# spice-gtk (bsc#1101420)
+/usr/bin/spice-client-glib-usb-acl-helper root:kvm04750
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20180508/permissions.paranoid
new/permissions-20180724/permissions.paranoid
--- old/permissions-20180508/permissions.paranoid 2018-05-08
08:05:37.0 +0200
+++ new/permissions-20180724/permissions.paranoid 2018-07-24
10:28:19.0 +0200
@@ -439,3 +439,5 @@
/usr/lib/usbauth-notifier root:usbauth-notifier
0750
/usr/lib/usbauth-notifier/usbauth-notifier root:usbauth0755
+# spice-gtk (bsc#1101420)
+/usr/bin/spice-client-glib-usb-acl-helper root:kvm0750
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20180508/permissions.secure
new/permissions-20180724/permissions.secure
--- old/permissions-20180508/permissions.secure 2018-05-08 08:05:37.0
+0200
+++ new/permissions-20180724/permissions.secure 2018-07-24 10:28:19.0
+0200
@@ -468,3 +468,5 @@
/usr/lib/usbauth-notifier root:usbauth-notifier
0750
/usr/lib/usbauth-notifier/usbauth-notifier root:usbauth02755
+# spice-gtk (bsc#1101420)
+/u
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2018-05-13 15:53:15 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Sun May 13 15:53:15 2018 rev:115 rq:605257 version:20180508 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2018-01-26 13:35:32.712376145 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2018-05-13 15:53:17.260115750 +0200 @@ -1,0 +2,6 @@ +Tue May 08 06:11:27 UTC 2018 - astie...@suse.com + +- Update to version 20180508: + * Capabilities for usage of Wireshark for non-root (bsc#957624) + +--- Old: permissions-20180125.tar.xz New: permissions-20180508.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.951t2G/_old 2018-05-13 15:53:17.888092833 +0200 +++ /var/tmp/diff_new_pack.951t2G/_new 2018-05-13 15:53:17.892092687 +0200 @@ -17,7 +17,7 @@ Name: permissions -Version:20180125 +Version:20180508 Release:0 Summary:SUSE Linux Default Permissions # Maintained in github by the security team. ++ _servicedata ++ --- /var/tmp/diff_new_pack.951t2G/_old 2018-05-13 15:53:17.984089330 +0200 +++ /var/tmp/diff_new_pack.951t2G/_new 2018-05-13 15:53:17.984089330 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 6aeb4d61dd404e73b221fbe14ba157f42fada5f9 \ No newline at end of file + 15dbfc119c74f7144cbdaea3632a6a2936fe94f4 \ No newline at end of file ++ permissions-20180125.tar.xz -> permissions-20180508.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180125/permissions.easy new/permissions-20180508/permissions.easy --- old/permissions-20180125/permissions.easy 2018-01-25 14:11:22.0 +0100 +++ new/permissions-20180508/permissions.easy 2018-05-08 08:05:37.0 +0200 @@ -336,8 +336,9 @@ # ecryptfs-utils (bnc#740110) /sbin/mount.ecryptfs_private root:root 4755 -# wireshark (not yet) -/usr/bin/dumpcap root:root 0755 +# wireshark (bsc#957624) +/usr/bin/dumpcap root:wireshark0755 + +capabilities cap_net_raw,cap_net_admin=ep # singularity (bsc#1028304) /usr/lib/singularity/bin/expand-suid root:singularity 4750 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180125/permissions.paranoid new/permissions-20180508/permissions.paranoid --- old/permissions-20180125/permissions.paranoid 2018-01-25 14:11:22.0 +0100 +++ new/permissions-20180508/permissions.paranoid 2018-05-08 08:05:37.0 +0200 @@ -353,7 +353,7 @@ # ecryptfs-utils (bnc#740110) /sbin/mount.ecryptfs_privateroot:root 0755 -# wireshark (not yet) +# wireshark (bsc#957624) /usr/bin/dumpcap root:root 0755 # singularity (bsc#1028304) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180125/permissions.secure new/permissions-20180508/permissions.secure --- old/permissions-20180125/permissions.secure 2018-01-25 14:11:22.0 +0100 +++ new/permissions-20180508/permissions.secure 2018-05-08 08:05:37.0 +0200 @@ -376,8 +376,9 @@ # ecryptfs-utils (bnc#740110) /sbin/mount.ecryptfs_privateroot:root 0755 -# wireshark (not yet) -/usr/bin/dumpcap root:root 0755 +# wireshark (bsc#957624) +/usr/bin/dumpcap root:wireshark0750 + +capabilities cap_net_raw,cap_net_admin=ep # singularity (bsc#1028304) /usr/lib/singularity/bin/expand-suid root:singularity 4750
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2018-01-26 13:35:31
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions"
Fri Jan 26 13:35:31 2018 rev:114 rq:569510 version:20180125
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2017-12-06
08:48:13.799738878 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2018-01-26 13:35:32.712376145 +0100
@@ -1,0 +2,13 @@
+Thu Jan 25 12:52:52 UTC 2018 - meiss...@suse.com
+
+- Update to version 20180125:
+ * the eror should be reported for permfiles[i], not argv[i], as these are
not the same files. (bsc#1047247)
+ * make btmp root:utmp (bsc#1050467)
+
+---
+Mon Jan 15 09:56:48 UTC 2018 - krah...@suse.com
+
+- Update to version 20180115:
+ * - polkit-default-privs: usbauth (bsc#1066877)
+
+---
Old:
permissions-20171129.tar.xz
New:
permissions-20180125.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.hFtaHQ/_old 2018-01-26 13:35:33.792325703 +0100
+++ /var/tmp/diff_new_pack.hFtaHQ/_new 2018-01-26 13:35:33.792325703 +0100
@@ -1,7 +1,7 @@
#
# spec file for package permissions
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: permissions
-Version:20171129
+Version:20180125
Release:0
Summary:SUSE Linux Default Permissions
# Maintained in github by the security team.
++ _servicedata ++
--- /var/tmp/diff_new_pack.hFtaHQ/_old 2018-01-26 13:35:33.848323087 +0100
+++ /var/tmp/diff_new_pack.hFtaHQ/_new 2018-01-26 13:35:33.848323087 +0100
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 37fe496b66d03043da61fc1af7cd51f21d4e2000
\ No newline at end of file
+ 6aeb4d61dd404e73b221fbe14ba157f42fada5f9
\ No newline at end of file
++ permissions-20171129.tar.xz -> permissions-20180125.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20171129/chkstat.c
new/permissions-20180125/chkstat.c
--- old/permissions-20171129/chkstat.c 2017-11-29 18:02:04.0 +0100
+++ new/permissions-20180125/chkstat.c 2018-01-25 14:11:22.0 +0100
@@ -33,7 +33,7 @@
#include
#define BAD_LINE() \
- fprintf(stderr, "bad permissions line %s:%d\n", argv[i], lcnt);
+ fprintf(stderr, "bad permissions line %s:%d\n", permfiles[i], lcnt);
struct perm {
struct perm *next;
@@ -787,7 +787,7 @@
{
if ((fp = fopen(permfiles[i], "r")) == 0)
{
- perror(argv[i]);
+ perror(permfiles[i]);
exit(1);
}
lcnt = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20171129/permissions
new/permissions-20180125/permissions
--- old/permissions-20171129/permissions2017-11-29 18:02:04.0
+0100
+++ new/permissions-20180125/permissions2018-01-25 14:11:22.0
+0100
@@ -81,7 +81,7 @@
/var/log/lastlogroot:root 644
/var/log/faillogroot:root 600
/var/log/wtmp root:utmp 664
-/var/log/btmp root:root 600
+/var/log/btmp root:utmp 600
/var/run/utmp root:utmp 664
/run/utmp root:utmp 664
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20171129/permissions.easy
new/permissions-20180125/permissions.easy
--- old/permissions-20171129/permissions.easy 2017-11-29 18:02:04.0
+0100
+++ new/permissions-20180125/permissions.easy 2018-01-25 14:11:22.0
+0100
@@ -426,3 +426,8 @@
/usr/sbin/fpingroot:root
0755
+capabilities cap_net_raw=ep
+# usbauth (bsc#1066877)
+/usr/bin/usbauth-npriv root:usbauth04750
+/usr/lib/usbauth-notifier root:usbauth-notifier
0750
+/usr/lib/usbauth-notifier/us
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2017-12-06 08:48:11
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions"
Wed Dec 6 08:48:11 2017 rev:113 rq:548532 version:20171129
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2017-11-11
14:14:52.633599236 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2017-12-06 08:48:13.799738878 +0100
@@ -1,0 +2,31 @@
+Mon Dec 4 18:45:53 UTC 2017 - ku...@suse.com
+
+- fillup is required for post, not pre installation
+
+---
+Thu Nov 30 08:24:44 UTC 2017 - mplus...@suse.com
+
+- Cleanup spec file with spec-cleaner
+- Drop conditions/definitions related to old distros
+
+---
+Wed Nov 29 17:02:20 UTC 2017 - astie...@suse.com
+
+- Update to version 20171129:
+ * permissions: adding gvfs (bsc#1065864)
+ * Allow setgid incingacmd on directory /run/icinga2/cmd bsc#1069410
+ * Allow fping cap_net_raw (bsc#1047921)
+
+---
+Thu Nov 23 13:41:09 UTC 2017 - rbr...@suse.com
+
+- Replace references to /var/adm/fillup-templates with new
+ %_fillupdir macro (boo#1069468)
+
+---
+Tue Nov 21 14:03:29 UTC 2017 - krah...@suse.com
+
+- Update to version 20171121:
+ * - permissions: adding kwayland (bsc#1062182)
+
+---
Old:
permissions-20171106.tar.xz
New:
permissions-20171129.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.zHN1Sq/_old 2017-12-06 08:48:14.443715301 +0100
+++ /var/tmp/diff_new_pack.zHN1Sq/_new 2017-12-06 08:48:14.443715301 +0100
@@ -14,65 +14,51 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# icecream 0
-BuildRequires: libcap-devel
-
Name: permissions
-Version:20171106
+Version:20171129
Release:0
-Provides: aaa_base:/etc/permissions
-PreReq: %fillup_prereq
Summary:SUSE Linux Default Permissions
# Maintained in github by the security team.
License:GPL-2.0+
Group: Productivity/Security
-%if 0%{?suse_version} >= 1330
-Requires(pre): group(trusted)
-#!BuildIgnore: group(trusted)
-%endif
-Source: permissions-%{version}.tar.xz
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url:http://github.com/openSUSE/permissions
+Source: permissions-%{version}.tar.xz
+BuildRequires: libcap-devel
+#!BuildIgnore: group(trusted)
+Requires(post): %fillup_prereq
+Requires(pre): group(trusted)
+Provides: aaa_base:%{_sysconfdir}/permissions
%description
-Permission settings of files and directories depending on the
-local security settings. The local security setting (easy, secure,
-or paranoid) can be configured in /etc/sysconfig/security.
-
-
-Authors:
-
-Werner Fink
-Roman Drahtmüller
-Michael Schröder
-Ludwig Nussel
+Permission settings of files and directories depending on the local
+security settings. The local security setting (easy, secure, or paranoid)
+can be configured in /etc/sysconfig/security.
%prep
%setup -q
%build
-make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0
+make %{?_smp_mflags} CFLAGS="-W -Wall %{optflags}" FSCAPS_DEFAULT_ENABLED=0
%install
-make DESTDIR="$RPM_BUILD_ROOT" install
+%make_install fillupdir=%{_fillupdir}
%post
%{fillup_only -n security}
# apply all potentially changed permissions
-/usr/bin/chkstat --system
+%{_bindir}/chkstat --system
%files
-%defattr(-,root,root,-)
-%config /etc/permissions
-%config /etc/permissions.easy
-%config /etc/permissions.secure
-%config /etc/permissions.paranoid
-%config(noreplace) /etc/permissions.local
+%config %{_sysconfdir}/permissions
+%config %{_sysconfdir}/permissions.easy
+%config %{_sysconfdir}/permissions.secure
+%config %{_sysconfdir}/permissions.paranoid
+%config(noreplace) %{_sysconfdir}/permissions.local
%{_bindir}/chkstat
-%{_mandir}/man5/permissions.5*
-%{_mandir}/man8/chkstat.8*
-/var/adm/fillup-templates/sysconfig.security
+%{_mandir}/man5/permissions.5%{ext_man}
+%{_mandir}/man8/chkstat.8%{ext_man}
+%{_fillupdir}/sysconfig.security
%changelog
++ _servicedata ++
--- /var/tmp/diff_new_pack.zHN1Sq/_old 2017-12-06 08:48:14.487713690 +0100
+++ /var/tmp/diff_new_pack.zHN1Sq/_new 2017-12-06 08:48:14.491713543 +0100
@@ -1,4 +1,4 @@
https://
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2017-11-11 14:14:50 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Sat Nov 11 14:14:50 2017 rev:112 rq:539346 version:20171106 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2017-10-29 20:23:36.592998327 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2017-11-11 14:14:52.633599236 +0100 @@ -1,0 +2,6 @@ +Mon Nov 06 15:55:58 UTC 2017 - ee...@suse.com + +- Update to version 20171106: + * Allow setuid root for singularity (group only) bsc#1028304 + +--- Old: permissions-20171025.tar.xz New: permissions-20171106.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.OFCQC9/_old 2017-11-11 14:14:53.957550709 +0100 +++ /var/tmp/diff_new_pack.OFCQC9/_new 2017-11-11 14:14:53.961550562 +0100 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:20171025 +Version:20171106 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ _servicedata ++ --- /var/tmp/diff_new_pack.OFCQC9/_old 2017-11-11 14:14:54.017548510 +0100 +++ /var/tmp/diff_new_pack.OFCQC9/_new 2017-11-11 14:14:54.017548510 +0100 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 53286c7c2256d31aa9c4eb9a81ccaeef01206c46 \ No newline at end of file + 73fce42f13a75d8e1a572f366bcebd7a8a0ecbeb \ No newline at end of file ++ permissions-20171025.tar.xz -> permissions-20171106.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20171025/permissions.easy new/permissions-20171106/permissions.easy --- old/permissions-20171025/permissions.easy 2017-10-25 17:48:29.0 +0200 +++ new/permissions-20171106/permissions.easy 2017-11-06 16:55:37.0 +0100 @@ -346,6 +346,7 @@ /usr/lib/singularity/bin/action-suid root:singularity 4750 /usr/lib/singularity/bin/export-suid root:singularity 4750 /usr/lib/singularity/bin/import-suid root:singularity 4750 +/usr/lib/singularity/bin/start-suidroot:singularity 4750 # # XXX: / -> /usr merge and sbin -> bin merge diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20171025/permissions.paranoid new/permissions-20171106/permissions.paranoid --- old/permissions-20171025/permissions.paranoid 2017-10-25 17:48:29.0 +0200 +++ new/permissions-20171106/permissions.paranoid 2017-11-06 16:55:37.0 +0100 @@ -363,6 +363,7 @@ /usr/lib/singularity/bin/action-suid root:singularity 0750 /usr/lib/singularity/bin/export-suid root:singularity 0750 /usr/lib/singularity/bin/import-suid root:singularity 0750 +/usr/lib/singularity/bin/start-suidroot:singularity 0750 # # XXX: / -> /usr merge and sbin -> bin merge diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20171025/permissions.secure new/permissions-20171106/permissions.secure --- old/permissions-20171025/permissions.secure 2017-10-25 17:48:29.0 +0200 +++ new/permissions-20171106/permissions.secure 2017-11-06 16:55:37.0 +0100 @@ -386,6 +386,7 @@ /usr/lib/singularity/bin/action-suid root:singularity 4750 /usr/lib/singularity/bin/export-suid root:singularity 4750 /usr/lib/singularity/bin/import-suid root:singularity 4750 +/usr/lib/singularity/bin/start-suidroot:singularity 4750 # # XXX: / -> /usr merge and sbin -> bin merge
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2017-10-29 20:23:30 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Sun Oct 29 20:23:30 2017 rev:111 rq:536588 version:20171025 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2017-10-01 16:59:19.139773837 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2017-10-29 20:23:36.592998327 +0100 @@ -1,0 +2,6 @@ +Wed Oct 25 15:51:45 UTC 2017 - jseg...@suse.com + +- Update to version 20171025: + * Stricter permissions on cron directories (paranoid) and stricter permissions on sshd_config (secure/paranoid) + +--- Old: permissions-20170928.tar.xz New: permissions-20171025.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.sZuzAT/_old 2017-10-29 20:23:37.252974276 +0100 +++ /var/tmp/diff_new_pack.sZuzAT/_new 2017-10-29 20:23:37.260973984 +0100 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:20170928 +Version:20171025 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ _servicedata ++ --- /var/tmp/diff_new_pack.sZuzAT/_old 2017-10-29 20:23:37.296972673 +0100 +++ /var/tmp/diff_new_pack.sZuzAT/_new 2017-10-29 20:23:37.296972673 +0100 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - d2c8045c05a2b230f41c335f003ca63d988c942b \ No newline at end of file + 53286c7c2256d31aa9c4eb9a81ccaeef01206c46 \ No newline at end of file ++ permissions-20170928.tar.xz -> permissions-20171025.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170928/permissions.paranoid new/permissions-20171025/permissions.paranoid --- old/permissions-20170928/permissions.paranoid 2017-09-28 12:45:42.0 +0200 +++ new/permissions-20171025/permissions.paranoid 2017-10-25 17:48:29.0 +0200 @@ -47,6 +47,12 @@ /etc/rmtab root:root 600 /var/lib/nfs/rmtab root:root 600 /etc/syslog.confroot:root 600 +/etc/ssh/sshd_configroot:root 600 +/etc/cron.d root:root 700 +/etc/cron.daily root:root 700 +/etc/cron.hourlyroot:root 700 +/etc/cron.monthly root:root 700 +/etc/cron.weeklyroot:root 700 # # suid system programs that need the suid bit to work: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170928/permissions.secure new/permissions-20171025/permissions.secure --- old/permissions-20170928/permissions.secure 2017-09-28 12:45:42.0 +0200 +++ new/permissions-20171025/permissions.secure 2017-10-25 17:48:29.0 +0200 @@ -70,6 +70,7 @@ /etc/rmtab root:root 644 /var/lib/nfs/rmtab root:root 644 /etc/syslog.confroot:root 600 +/etc/ssh/sshd_configroot:root 600 # # suid system programs that need the suid bit to work:
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2017-10-01 16:59:17 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Sun Oct 1 16:59:17 2017 rev:110 rq:529130 version:20170928 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2017-09-25 13:50:38.516907440 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2017-10-01 16:59:19.139773837 +0200 @@ -1,0 +2,12 @@ +Thu Sep 28 10:48:31 UTC 2017 - astie...@suse.com + +- Update to version 20170928: + * Fix invalid syntax bsc#1048645 bsc#1060738 + +--- +Wed Sep 27 14:50:11 UTC 2017 - pgaj...@suse.com + +- Update to version 20170927: + * fix typos in manpages + +--- Old: permissions-20170922.tar.xz New: permissions-20170928.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.v5rIso/_old 2017-10-01 16:59:19.723691691 +0200 +++ /var/tmp/diff_new_pack.v5rIso/_new 2017-10-01 16:59:19.723691691 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:20170922 +Version:20170928 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ _servicedata ++ --- /var/tmp/diff_new_pack.v5rIso/_old 2017-10-01 16:59:19.775684377 +0200 +++ /var/tmp/diff_new_pack.v5rIso/_new 2017-10-01 16:59:19.775684377 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 15ece10fa35f4b3677bcbd7aed9ccf525ffe0a67 \ No newline at end of file + d2c8045c05a2b230f41c335f003ca63d988c942b \ No newline at end of file ++ permissions-20170922.tar.xz -> permissions-20170928.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170922/chkstat.8 new/permissions-20170928/chkstat.8 --- old/permissions-20170922/chkstat.8 2017-09-22 15:53:38.0 +0200 +++ new/permissions-20170928/chkstat.8 2017-09-28 12:45:42.0 +0200 @@ -26,7 +26,7 @@ is a tool to check and set file permissions. .PP chkstat can either operate in system mode or on individually -specified permission files. In system mode /etc/permissions/security +specified permission files. In system mode, \fI/etc/sysconfig/security\fR determines which level to use and whether to actually apply permission changes. .PP @@ -53,7 +53,7 @@ .TP .IR \-\-fscaps,\ \-\-no\-fscaps Enable or disable use of fscaps. In system mode the setting of -PERMISSIONS_FSCAPS determines whether fscaps are on or off when this +\fIPERMISSIONS_FSCAPS\fR determines whether fscaps are on or off when this option is not set. .TP .IR \-\-examine\ file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170922/permissions.5 new/permissions-20170928/permissions.5 --- old/permissions-20170922/permissions.5 2017-09-22 15:53:38.0 +0200 +++ new/permissions-20170928/permissions.5 2017-09-28 12:45:42.0 +0200 @@ -21,7 +21,7 @@ \- The third column specifies the file mode\. .br \- The special value \fB+capabilities\fR in the first column extends -the information of the previous line with with file capabilites. +the information of the previous line with file capabilites. .br .SH "FILES" .sp @@ -44,5 +44,5 @@ Written by Ludwig Nussel .sp .SH "REPORTING BUGS" -Report bugs to https://bugzilla\.novell\.com/ +Report bugs to https://bugzilla\.suse\.com/ .sp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170922/permissions.easy new/permissions-20170928/permissions.easy --- old/permissions-20170922/permissions.easy 2017-09-22 15:53:38.0 +0200 +++ new/permissions-20170928/permissions.easy 2017-09-28 12:45:42.0 +0200 @@ -341,10 +341,10 @@ # singularity (bsc#1028304) /usr/lib/singularity/bin/expand-suid root:singularity 4750 -/usr/lib/singularity/bin/mount-suidroot:singularity 4750 -/usr/lib/singularity/bin/create-suid root:singularity 4750 -/usr/lib/singularity/bin/action-suid root:singularity 4750 -/usr/lib/singularity/bin/export-suid root:singularity 4750 +/usr/lib/singularity/bin/mount-suidroot:singularity 4750 +/usr/lib/singularity/bin/create-suid root:singularity 4750 +/usr/lib/singularity/bin/action-suid
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2017-09-25 13:50:36 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Mon Sep 25 13:50:36 2017 rev:109 rq:528303 version:20170922 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2017-09-15 21:02:58.173921411 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2017-09-25 13:50:38.516907440 +0200 @@ -1,0 +2,6 @@ +Fri Sep 22 14:00:15 UTC 2017 - astie...@suse.com + +- Update to version 20170922: + * Allow setuid root for singularity (group only) bsc#1028304 + +--- Old: permissions-20170913.tar.xz New: permissions-20170922.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.8sExxs/_old 2017-09-25 13:50:39.388784768 +0200 +++ /var/tmp/diff_new_pack.8sExxs/_new 2017-09-25 13:50:39.392784205 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:20170913 +Version:20170922 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ _servicedata ++ --- /var/tmp/diff_new_pack.8sExxs/_old 2017-09-25 13:50:39.428779141 +0200 +++ /var/tmp/diff_new_pack.8sExxs/_new 2017-09-25 13:50:39.428779141 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 0826e4862f152b8169d87f0e0e4593fb35ab8529 \ No newline at end of file + 15ece10fa35f4b3677bcbd7aed9ccf525ffe0a67 \ No newline at end of file ++ permissions-20170913.tar.xz -> permissions-20170922.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170913/permissions.easy new/permissions-20170922/permissions.easy --- old/permissions-20170913/permissions.easy 2017-09-13 18:52:57.0 +0200 +++ new/permissions-20170922/permissions.easy 2017-09-22 15:53:38.0 +0200 @@ -339,6 +339,14 @@ # wireshark (not yet) /usr/bin/dumpcap root:root 0755 +# singularity (bsc#1028304) +/usr/lib/singularity/bin/expand-suid root:singularity 4750 +/usr/lib/singularity/bin/mount-suidroot:singularity 4750 +/usr/lib/singularity/bin/create-suid root:singularity 4750 +/usr/lib/singularity/bin/action-suid root:singularity 4750 +/usr/lib/singularity/bin/export-suid root:singularity 4750 +/usr/lib/singularity/bin/import-suid root:singularity 4750 + # # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 @@ -387,7 +395,6 @@ /usr/lib/gstreamer-1.0/gst-ptp-helper root:root 0755 +capabilities cap_net_bind_service=ep - # # suexec is only secure if the document root doesn't contain files # writeable by wwwrun. Make sure you have a safe server setup diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170913/permissions.paranoid new/permissions-20170922/permissions.paranoid --- old/permissions-20170913/permissions.paranoid 2017-09-13 18:52:57.0 +0200 +++ new/permissions-20170922/permissions.paranoid 2017-09-22 15:53:38.0 +0200 @@ -350,6 +350,14 @@ # wireshark (not yet) /usr/bin/dumpcap root:root 0755 +# singularity (bsc#1028304) +/usr/lib/singularity/bin/expand-suid root:singularity 0750 +/usr/lib/singularity/bin/mount-suidroot:singularity 0750 +/usr/lib/singularity/bin/create-suid root:singularity 0750 +/usr/lib/singularity/bin/action-suid root:singularity 0750 +/usr/lib/singularity/bin/export-suid root:singularity 0750 +/usr/lib/singularity/bin/import-suid root:singularity 0750 + # # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170913/permissions.secure new/permissions-20170922/permissions.secure --- old/permissions-20170913/permissions.secure 2017-09-13 18:52:57.0 +0200 +++ new/permissions-20170922/permissions.secure 2017-09-22 15:53:38.0 +0200 @@ -378,6 +378,14 @@ # wireshark (not yet) /usr/bin/dumpcap root:root 0755 +# sin
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2017-09-15 21:02:55 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Fri Sep 15 21:02:55 2017 rev:108 rq:526050 version:20170913 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2017-06-23 09:13:18.129355408 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2017-09-15 21:02:58.173921411 +0200 @@ -1,0 +2,13 @@ +Wed Sep 13 16:53:20 UTC 2017 - astie...@suse.com + +- Update to version 20170913: + * Allow setuid for shadow newuidmap, newgidmap bsc#979282, bsc#1048645) + +--- +Wed Sep 06 09:44:00 UTC 2017 - opensuse-packag...@opensuse.org + +- Update to version 20170906: + * permissions - copy dbus-daemon-launch-helper from / to /usr - bsc#1056764 + * permissions: Adding suid bit for VBoxNetNAT (bsc#1033425) + +--- Old: permissions-20170602.tar.xz New: permissions-20170913.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.4Ey1qp/_old 2017-09-15 21:02:58.881822038 +0200 +++ /var/tmp/diff_new_pack.4Ey1qp/_new 2017-09-15 21:02:58.885821478 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:20170602 +Version:20170913 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ _servicedata ++ --- /var/tmp/diff_new_pack.4Ey1qp/_old 2017-09-15 21:02:58.929815301 +0200 +++ /var/tmp/diff_new_pack.4Ey1qp/_new 2017-09-15 21:02:58.929815301 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 1cf8eb193920f201e1d313046bba2271f745bd0e + 0826e4862f152b8169d87f0e0e4593fb35ab8529 \ No newline at end of file ++ permissions-20170602.tar.xz -> permissions-20170913.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170602/permissions.easy new/permissions-20170913/permissions.easy --- old/permissions-20170602/permissions.easy 2017-06-02 12:49:23.0 +0200 +++ new/permissions-20170913/permissions.easy 2017-09-13 18:52:57.0 +0200 @@ -300,6 +300,9 @@ # dbus-1 (#61) /lib/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 /lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 +# dbus-1 in /usr #1056764) +/usr/lib/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 +/usr/lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 # policycoreutils (#440596) /usr/bin/newroleroot:root 4755 @@ -314,6 +317,8 @@ /usr/lib/virtualbox/VBoxNetAdpCtl root:vboxusers4750 # bnc#669055 /usr/lib/virtualbox/VBoxNetDHCP root:vboxusers4750 +# bsc#1033425 +/usr/lib/virtualbox/VBoxNetNAT root:vboxusers4750 # open-vm-tools (bnc#474285) /usr/bin/vmware-user-suid-wrapper root:root 4755 @@ -394,6 +399,6 @@ # /usr/sbin/suexec root:root 0755 -# newgidmap / newuidmap (bsc#979282) -/usr/bin/newgidmap root:shadow 0755 -/usr/bin/newuidmap root:shadow 0755 +# newgidmap / newuidmap (bsc#979282, bsc#1048645) +/usr/bin/newgidmap root:shadow 4755 +/usr/bin/newuidmap root:shadow 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170602/permissions.paranoid new/permissions-20170913/permissions.paranoid --- old/permissions-20170602/permissions.paranoid 2017-06-02 12:49:23.0 +0200 +++ new/permissions-20170913/permissions.paranoid 2017-09-13 18:52:57.0 +0200 @@ -310,6 +310,9 @@ # dbus-1 (#61) /lib/dbus-1/dbus-daemon-launch-helper root:messagebus 0750 /lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 0750 +# dbus-1 in /usr #1056764) +/usr/lib/dbus-1/dbus-daemon-launch-helper root:messagebus 0750 +/usr/lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 0750 # policycoreutils (#440596) /usr/bin/newroleroot:root 0755 @@ -324,6 +327,9 @@ /usr/lib/virtualbox/VBoxNetAdpCtl
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2017-06-23 09:13:16
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions"
Fri Jun 23 09:13:16 2017 rev:107 rq:501683 version:20170602
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2016-08-16
13:00:51.0 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2017-06-23 09:13:18.129355408 +0200
@@ -1,0 +2,19 @@
+Wed Jun 7 10:58:37 UTC 2017 - dims...@opensuse.org
+
+- BuildIgnore group(trusted): we don't really care for this group
+ in the buildroot and do not want to get system-users into the
+ bootstrap cycle as we can avoid it.
+
+---
+Sat Jun 3 07:21:24 UTC 2017 - meiss...@suse.com
+
+- Require: group(trusted), as we are handing it out to some unsuspecting
+ binaries and it is no longer default. (bsc#1041159 for fuse, also cronie,
etc)
+
+---
+Fri Jun 2 10:55:09 UTC 2017 - meiss...@suse.com
+
+- Update to version 20170602:
+ * make /etc/ppp owned by root:root. The group dialout usage is no longer used
+
+---
Old:
permissions-20160807.tar.xz
New:
permissions-20170602.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.dKzaR3/_old 2017-06-23 09:13:18.789262168 +0200
+++ /var/tmp/diff_new_pack.dKzaR3/_new 2017-06-23 09:13:18.793261603 +0200
@@ -1,7 +1,7 @@
#
# spec file for package permissions
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,14 +20,18 @@
BuildRequires: libcap-devel
Name: permissions
-Version:20160807
+Version:20170602
Release:0
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
Summary:SUSE Linux Default Permissions
+# Maintained in github by the security team.
License:GPL-2.0+
Group: Productivity/Security
-# Maintained in github by the security team.
+%if 0%{?suse_version} >= 1330
+Requires(pre): group(trusted)
+#!BuildIgnore: group(trusted)
+%endif
Source: permissions-%{version}.tar.xz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url:http://github.com/openSUSE/permissions
++ _servicedata ++
--- /var/tmp/diff_new_pack.dKzaR3/_old 2017-06-23 09:13:18.837255387 +0200
+++ /var/tmp/diff_new_pack.dKzaR3/_new 2017-06-23 09:13:18.837255387 +0200
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 8ee9ae34fc10f290b5cd4b3295004704cde86a5a
\ No newline at end of file
+ 1cf8eb193920f201e1d313046bba2271f745bd0e
++ permissions-20160807.tar.xz -> permissions-20170602.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-20160807/permissions
new/permissions-20170602/permissions
--- old/permissions-20160807/permissions2016-08-07 14:03:19.0
+0200
+++ new/permissions-20170602/permissions2017-06-02 12:49:23.0
+0200
@@ -116,7 +116,7 @@
/etc/opiekeys root:root 600
-/etc/ppp/ root:dialout 750
+/etc/ppp/ root:root 750
/etc/ppp/chap-secrets root:root 600
/etc/ppp/pap-secretsroot:root 600
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2016-08-16 13:00:50 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2016-05-26 23:52:54.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2016-08-16 13:00:51.0 +0200 @@ -1,0 +2,18 @@ +Sun Aug 07 12:00:00 UTC 2016 - meiss...@suse.com + +- Update to version 20160807: + * suexec2 is a symlink, no need for permissions handling + +--- +Tue Aug 02 08:47:53 UTC 2016 - meiss...@suse.com + +- Update to version 20160802: + * list the newuidmap and newgidmap, currently 0755 until review is done (bsc#979282) + * root:shadow 0755 for newuidmap/newgidmap + +--- +Tue Aug 2 08:29:32 UTC 2016 - krah...@suse.com + +- adding qemu-bridge-helper mode 04750 (bsc#988279) + +--- Old: permissions-20160413.tar.xz New: permissions-20160807.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.P1TlEZ/_old 2016-08-16 13:00:52.0 +0200 +++ /var/tmp/diff_new_pack.P1TlEZ/_new 2016-08-16 13:00:52.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:20160413 +Version:20160807 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ _servicedata ++ --- /var/tmp/diff_new_pack.P1TlEZ/_old 2016-08-16 13:00:52.0 +0200 +++ /var/tmp/diff_new_pack.P1TlEZ/_new 2016-08-16 13:00:52.0 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - a0d1ad1352f3badc255dcc46a41901461af2e5f5 \ No newline at end of file + 8ee9ae34fc10f290b5cd4b3295004704cde86a5a \ No newline at end of file ++ permissions-20160413.tar.xz -> permissions-20160807.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20160413/permissions.easy new/permissions-20160807/permissions.easy --- old/permissions-20160413/permissions.easy 2016-05-23 10:39:00.0 +0200 +++ new/permissions-20160807/permissions.easy 2016-08-07 14:03:19.0 +0200 @@ -362,8 +362,10 @@ /usr/bin/readcdroot:root 755 /usr/bin/cdda2wav root:root 755 -# qemu-bridge-helper has no special privileges currently (bnc#765948) -/usr/lib/qemu-bridge-helperroot:root 755 +# qemu-bridge-helper (bnc#765948, bsc#988279) +/usr/lib/qemu-bridge-helperroot:kvm04750 +/usr/lib64/qemu-bridge-helper root:kvm04750 + # systemd-journal (bnc#888151) /var/log/journal/ root:systemd-journal 2755 @@ -388,6 +390,10 @@ # https://bugzilla.novell.com/show_bug.cgi?id=263789 # http://httpd.apache.org/docs/trunk/suexec.html # You need to override this in permissions.local. +# suexec2 is a symlink for now, leave as-is # -/usr/sbin/suexec2 root:root 0755 /usr/sbin/suexec root:root 0755 + +# newgidmap / newuidmap (bsc#979282) +/usr/bin/newgidmap root:shadow 0755 +/usr/bin/newuidmap root:shadow 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20160413/permissions.paranoid new/permissions-20160807/permissions.paranoid --- old/permissions-20160413/permissions.paranoid 2016-05-23 10:39:00.0 +0200 +++ new/permissions-20160807/permissions.paranoid 2016-08-07 14:03:19.0 +0200 @@ -372,6 +372,8 @@ # qemu-bridge-helper has no special privileges currently (bnc#765948) /usr/lib/qemu-bridge-helperroot:root 755 +/usr/lib64/qemu-bridge-helper root:root 755 + # systemd-journal (bnc#888151) /var/log/journal/ root:systemd-journal 2755 @@ -394,6 +396,10 @@ # https://bugzilla.novell.com/show_bug.cgi?id=263789 # http://httpd.apache.org/docs/trunk/suexec.html # You need to override this in permissions.local. +# suexec2 is a symlink for now, leave as-is # -/usr/sbin/suexec2
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2016-05-26 23:52:53
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions"
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2016-01-16
11:55:51.0 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2016-05-26 23:52:54.0 +0200
@@ -1,0 +2,17 @@
+Mon May 23 09:15:22 UTC 2016 - dims...@opensuse.org
+
+- Introduce _service to easier update the package. For simplicity,
+ change the version from .mm.dd to mmdd (which is eactly
+ %cd in the _service defintion). Upgrading is no problem.
+
+---
+Mon May 23 09:00:11 UTC 2016 - meiss...@suse.com
+
+- chage only needs read rights to /etc/shadow, so setgid shadow is sufficient
(bsc#975352)
+
+---
+Wed Mar 30 11:14:41 UTC 2016 - meiss...@suse.com
+
+- permissions: adding gstreamer ptp file caps (bsc#960173)
+
+---
Old:
permissions-2016.01.15.1451.tar.bz2
New:
_service
_servicedata
permissions-20160413.tar.xz
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.SdlGKq/_old 2016-05-26 23:52:55.0 +0200
+++ /var/tmp/diff_new_pack.SdlGKq/_new 2016-05-26 23:52:55.0 +0200
@@ -20,7 +20,7 @@
BuildRequires: libcap-devel
Name: permissions
-Version:2016.01.15.1451
+Version:20160413
Release:0
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
@@ -28,7 +28,7 @@
License:GPL-2.0+
Group: Productivity/Security
# Maintained in github by the security team.
-Source: permissions-%{version}.tar.bz2
+Source: permissions-%{version}.tar.xz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url:http://github.com/openSUSE/permissions
++ _service ++
https://github.com/openSUSE/permissions.git
git
%cd
enable
*.tar
xz
++ _servicedata ++
https://github.com/openSUSE/permissions.git
a0d1ad1352f3badc255dcc46a41901461af2e5f5
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2016-01-16 11:55:50 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2015-10-06 13:23:19.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2016-01-16 11:55:51.0 +0100 @@ -1,0 +2,16 @@ +Fri Jan 15 14:19:44 UTC 2016 - meiss...@suse.com + +- the apache folks renamed suexec2 to suexec with symlink. adjust both (bsc#962060) + +--- +Tue Jan 12 14:30:01 UTC 2016 - meiss...@suse.com + +- pinger needs to be squid:root, not root:squid (there is no squid group) bsc#961363 + +--- +Thu Oct 29 09:40:30 UTC 2015 - meiss...@suse.com + +- add suexec with 0755 to all standard profiles. this can and should be overridden in permissions.local if you need it setuid root. bsc#951765 bsc#263789 +- added missing / to the squid specific directories (bsc#950557) + +--- Old: permissions-2015.09.28.1626.tar.bz2 New: permissions-2016.01.15.1451.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.tokRE3/_old 2016-01-16 11:55:52.0 +0100 +++ /var/tmp/diff_new_pack.tokRE3/_new 2016-01-16 11:55:52.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2015.09.28.1626 +Version:2016.01.15.1451 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2015.09.28.1626.tar.bz2 -> permissions-2016.01.15.1451.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2015.09.28.1626/permissions.easy new/permissions-2016.01.15.1451/permissions.easy --- old/permissions-2015.09.28.1626/permissions.easy2015-09-28 16:26:23.0 +0200 +++ new/permissions-2016.01.15.1451/permissions.easy2016-01-15 14:51:59.0 +0100 @@ -77,9 +77,9 @@ /usr/sbin/pam_auth root:shadow 4755 # squid changes from bnc#891268 -/var/cache/squidsquid:root0750 -/var/log/squid squid:root0750 -/usr/sbin/pingerroot:squid0750 +/var/cache/squid/ squid:root0750 +/var/log/squid/ squid:root0750 +/usr/sbin/pingersquid:root0750 +capabilities cap_net_raw=ep /usr/sbin/basic_pam_authroot:shadow 2750 @@ -375,3 +375,13 @@ # radosgw (bsc#943471) /usr/bin/radosgw root:www0750 +capabilities cap_net_bind_service=ep +# +# suexec is only secure if the document root doesn't contain files +# writeable by wwwrun. Make sure you have a safe server setup +# before setting the setuid bit! See also +# https://bugzilla.novell.com/show_bug.cgi?id=263789 +# http://httpd.apache.org/docs/trunk/suexec.html +# You need to override this in permissions.local. +# +/usr/sbin/suexec2 root:root 0755 +/usr/sbin/suexec root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2015.09.28.1626/permissions.local new/permissions-2016.01.15.1451/permissions.local --- old/permissions-2015.09.28.1626/permissions.local 2015-09-28 16:26:23.0 +0200 +++ new/permissions-2016.01.15.1451/permissions.local 2016-01-15 14:51:59.0 +0100 @@ -35,6 +35,7 @@ # http://httpd.apache.org/docs/trunk/suexec.html # #/usr/sbin/suexec2root:root 4755 +#/usr/sbin/suexec root:root 4755 # setuid bit on Xorg is only needed if no display manager, ie startx # is used. Beware of CVE-2010-2240. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2015-10-06 13:23:17 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2015-06-11 08:20:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2015-10-06 13:23:19.0 +0200 @@ -1,0 +2,10 @@ +Mon Sep 28 14:27:19 UTC 2015 - meiss...@suse.com + +- adjusted radosgw to root:www mode 0750 (bsc#943471) + +--- +Mon Sep 28 13:35:10 UTC 2015 - meiss...@suse.com + +- radosgw can get capability cap_bind_net_service (bsc#943471) + +--- Old: permissions-2015.05.21.1505.tar.bz2 New: permissions-2015.09.28.1626.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.q52yJX/_old 2015-10-06 13:23:20.0 +0200 +++ /var/tmp/diff_new_pack.q52yJX/_new 2015-10-06 13:23:20.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2015.05.21.1505 +Version:2015.09.28.1626 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2015.05.21.1505.tar.bz2 -> permissions-2015.09.28.1626.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2015.05.21.1505/permissions.easy new/permissions-2015.09.28.1626/permissions.easy --- old/permissions-2015.05.21.1505/permissions.easy2015-05-21 15:05:41.0 +0200 +++ new/permissions-2015.09.28.1626/permissions.easy2015-09-28 16:26:23.0 +0200 @@ -372,4 +372,6 @@ /usr/lib/iouyaproot:iouyap 0750 +capabilities cap_net_raw,cap_net_admin=ep - +# radosgw (bsc#943471) +/usr/bin/radosgw root:www0750 + +capabilities cap_net_bind_service=ep diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2015.05.21.1505/permissions.paranoid new/permissions-2015.09.28.1626/permissions.paranoid --- old/permissions-2015.05.21.1505/permissions.paranoid2015-05-21 15:05:41.0 +0200 +++ new/permissions-2015.09.28.1626/permissions.paranoid2015-09-28 16:26:23.0 +0200 @@ -379,3 +379,5 @@ #iouyap (bnc#904060) /usr/lib/iouyaproot:iouyap 0750 +# radosgw (bsc#943471) +/usr/bin/radosgw root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2015.05.21.1505/permissions.secure new/permissions-2015.09.28.1626/permissions.secure --- old/permissions-2015.05.21.1505/permissions.secure 2015-05-21 15:05:41.0 +0200 +++ new/permissions-2015.09.28.1626/permissions.secure 2015-09-28 16:26:23.0 +0200 @@ -407,3 +407,6 @@ #iouyap (bnc#904060) /usr/lib/iouyaproot:iouyap 0750 +# radosgw (bsc#943471) +/usr/bin/radosgw root:www0750 + +capabilities cap_net_bind_service=ep
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-12-10 23:43:44 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-11-10 22:15:20.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-12-10 23:43:12.0 +0100 @@ -1,0 +2,5 @@ +Wed Dec 3 16:36:54 UTC 2014 - krah...@suse.com + +- Added iouyap capabilities (bnc#904060) + +--- Old: permissions-2014.11.05.1706.tar.bz2 New: permissions-2014.12.03.1512.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.i5V0Lz/_old 2014-12-10 23:43:13.0 +0100 +++ /var/tmp/diff_new_pack.i5V0Lz/_new 2014-12-10 23:43:13.0 +0100 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2014.11.05.1706 +Version:2014.12.03.1512 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2014.11.05.1706.tar.bz2 -> permissions-2014.12.03.1512.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.11.05.1706/permissions.easy new/permissions-2014.12.03.1512/permissions.easy --- old/permissions-2014.11.05.1706/permissions.easy2014-11-05 17:06:34.0 +0100 +++ new/permissions-2014.12.03.1512/permissions.easy2014-12-03 15:12:07.0 +0100 @@ -373,3 +373,8 @@ # systemd-journal (bnc#888151) /var/log/journal/ root:systemd-journal 2755 +#iouyap (bnc#904060) +/usr/lib/iouyaproot:iouyap 0750 + +capabilities cap_net_raw,cap_net_admin=ep + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.11.05.1706/permissions.paranoid new/permissions-2014.12.03.1512/permissions.paranoid --- old/permissions-2014.11.05.1706/permissions.paranoid2014-11-05 17:06:34.0 +0100 +++ new/permissions-2014.12.03.1512/permissions.paranoid2014-12-03 15:12:07.0 +0100 @@ -381,3 +381,6 @@ # systemd-journal (bnc#888151) /var/log/journal/ root:systemd-journal 2755 +#iouyap (bnc#904060) +/usr/lib/iouyaproot:iouyap 0750 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.11.05.1706/permissions.secure new/permissions-2014.12.03.1512/permissions.secure --- old/permissions-2014.11.05.1706/permissions.secure 2014-11-05 17:06:34.0 +0100 +++ new/permissions-2014.12.03.1512/permissions.secure 2014-12-03 15:12:07.0 +0100 @@ -409,3 +409,6 @@ # systemd-journal (bnc#888151) /var/log/journal/ root:systemd-journal 2755 +#iouyap (bnc#904060) +/usr/lib/iouyaproot:iouyap 0750 + -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2014-11-10 22:15:19
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions"
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-08-29
17:42:28.0 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2014-11-10 22:15:20.0 +0100
@@ -1,0 +2,7 @@
+Wed Nov 5 16:07:01 UTC 2014 - meiss...@suse.com
+
+- %{_bindir}/get_printing_ticket turned to mode 700, setuid root no longer
needed (bnc#685093)
+- permissions: incorporating squid changes from bnc#891268
+- hint that chkstat --system --set needs to be run after editing bnc#895647
+
+---
Old:
permissions-2014.08.26.1452.tar.bz2
New:
permissions-2014.11.05.1706.tar.bz2
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.nZIeXs/_old 2014-11-10 22:15:21.0 +0100
+++ /var/tmp/diff_new_pack.nZIeXs/_new 2014-11-10 22:15:21.0 +0100
@@ -20,7 +20,7 @@
BuildRequires: libcap-devel
Name: permissions
-Version:2014.08.26.1452
+Version:2014.11.05.1706
Release:0
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
++ permissions-2014.08.26.1452.tar.bz2 ->
permissions-2014.11.05.1706.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2014.08.26.1452/permissions.easy
new/permissions-2014.11.05.1706/permissions.easy
--- old/permissions-2014.08.26.1452/permissions.easy2014-08-26
14:52:59.0 +0200
+++ new/permissions-2014.11.05.1706/permissions.easy2014-11-05
17:06:34.0 +0100
@@ -76,6 +76,14 @@
# from the squid package
/usr/sbin/pam_auth root:shadow 4755
+# squid changes from bnc#891268
+/var/cache/squidsquid:root0750
+/var/log/squid squid:root0750
+/usr/sbin/pingerroot:squid0750
+ +capabilities cap_net_raw=ep
+/usr/sbin/basic_pam_authroot:shadow 2750
+
+
# still to be converted to utempter
/usr/lib/gnome-pty-helper root:utmp 2755
@@ -137,9 +145,9 @@
/usr/sbin/change-passwd root:root 4755
#
-# smb printing with kerberos authentication (#177114)
+# smb printing with kerberos authentication (bnc#177114) (bnc#685093)
#
-/usr/bin/get_printing_ticketroot:lp 4750
+/usr/bin/get_printing_ticketroot:lp 0700
#
# networking (need root for the privileged socket)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2014.08.26.1452/permissions.local
new/permissions-2014.11.05.1706/permissions.local
--- old/permissions-2014.08.26.1452/permissions.local 2014-08-26
14:52:59.0 +0200
+++ new/permissions-2014.11.05.1706/permissions.local 2014-11-05
17:06:34.0 +0100
@@ -1,6 +1,10 @@
#
# /etc/permissions.local
#
+# After editing this file run
+# chkstat --system --set
+# to apply the changes.
+#
# This file is used by chkstat (and indirectly by various RPM package scripts)
# to check or set the modes and ownerships of files and directories in
# the installation.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2014.08.26.1452/permissions.paranoid
new/permissions-2014.11.05.1706/permissions.paranoid
--- old/permissions-2014.08.26.1452/permissions.paranoid2014-08-26
14:52:59.0 +0200
+++ new/permissions-2014.11.05.1706/permissions.paranoid2014-11-05
17:06:34.0 +0100
@@ -91,6 +91,13 @@
# from the squid package
/usr/sbin/pam_auth root:shadow 0755
+# squid changes from bnc#891268
+/var/cache/squidsquid:root0750
+/var/log/squid squid:root0750
+/usr/sbin/pingerroot:squid0750
+/usr/sbin/basic_pam_authroot:shadow 0750
+
+
# still to be converted to utempter
/usr/lib/gnome-pty-helper root:utmp 0755
@@ -153,9 +160,9 @@
/usr/sbin/change-passwd root:root 0755
#
-
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2014-08-29 17:42:18
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions"
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-08-03
15:35:36.0 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2014-08-29 17:42:28.0 +0200
@@ -1,0 +2,6 @@
+Tue Aug 26 13:00:07 UTC 2014 - meiss...@suse.com
+
+- Do not applies permissions from backup files (~ / .rpmsave / .rpmnew)
(bnc#893370)
+- do not mention SuSEconfig anymore, long dead (bnc#843083)
+
+---
Old:
permissions-2014.08.01.1324.tar.bz2
New:
permissions-2014.08.26.1452.tar.bz2
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.keKqUa/_old 2014-08-29 17:42:30.0 +0200
+++ /var/tmp/diff_new_pack.keKqUa/_new 2014-08-29 17:42:30.0 +0200
@@ -20,7 +20,7 @@
BuildRequires: libcap-devel
Name: permissions
-Version:2014.08.01.1324
+Version:2014.08.26.1452
Release:0
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
++ permissions-2014.08.01.1324.tar.bz2 ->
permissions-2014.08.26.1452.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2014.08.01.1324/chkstat.c
new/permissions-2014.08.26.1452/chkstat.c
--- old/permissions-2014.08.01.1324/chkstat.c 2014-08-01 13:24:53.0
+0200
+++ new/permissions-2014.08.26.1452/chkstat.c 2014-08-26 14:52:59.0
+0200
@@ -351,6 +351,13 @@
char* p;
if (!strcmp("..", d->d_name) || !strcmp(".", d->d_name))
continue;
+
+ /* filter out backup files */
+ if ((strlen(d->d_name)>2) && (d->d_name[strlen(d->d_name)-1] == '~'))
+ continue;
+ if (strstr(d->d_name,".rpmnew") || strstr(d->d_name,".rpmsave"))
+ continue;
+
ensure_array((void**)&files, &nfiles);
if ((p = strchr(d->d_name, '.')))
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2014.08.01.1324/permissions
new/permissions-2014.08.26.1452/permissions
--- old/permissions-2014.08.01.1324/permissions 2014-08-01 13:24:53.0
+0200
+++ new/permissions-2014.08.26.1452/permissions 2014-08-26 14:52:59.0
+0200
@@ -5,8 +5,8 @@
#
# Author: Roman Drahtmueller , 2001
#
-# This file is used by SuSEconfig and chkstat to check or set the modes
-# and ownerships of files and directories in the installation.
+# This file is used by chkstat (and indirectly by various RPM scripts)
+# to check or set the modes and ownerships of files and directories in the
installation.
#
# There is a set of files with similar meaning in a SuSE installation:
# /etc/permissions (This file)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2014.08.01.1324/permissions.local
new/permissions-2014.08.26.1452/permissions.local
--- old/permissions-2014.08.01.1324/permissions.local 2014-08-01
13:24:53.0 +0200
+++ new/permissions-2014.08.26.1452/permissions.local 2014-08-26
14:52:59.0 +0200
@@ -1,8 +1,9 @@
#
# /etc/permissions.local
#
-# This file is used by SuSEconfig and chkstat to check or set the modes
-# and ownerships of files and directories in the installation.
+# This file is used by chkstat (and indirectly by various RPM package scripts)
+# to check or set the modes and ownerships of files and directories in
+# the installation.
#
# In particular, this file will not be touched during an upgrade of the
# installation. It is designed to be a placeholder for local
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-08-03 15:35:35 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-07-25 09:08:55.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-08-03 15:35:36.0 +0200 @@ -1,0 +2,5 @@ +Fri Aug 1 11:25:40 UTC 2014 - meiss...@suse.com + +- append a / to /var/log/journal so the framework makes sure it is a directory bnc#888151 + +--- Old: permissions-2014.07.23.1321.tar.bz2 New: permissions-2014.08.01.1324.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.FZLYvY/_old 2014-08-03 15:35:37.0 +0200 +++ /var/tmp/diff_new_pack.FZLYvY/_new 2014-08-03 15:35:37.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2014.07.23.1321 +Version:2014.08.01.1324 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2014.07.23.1321.tar.bz2 -> permissions-2014.08.01.1324.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.07.23.1321/permissions.easy new/permissions-2014.08.01.1324/permissions.easy --- old/permissions-2014.07.23.1321/permissions.easy2014-07-23 13:21:34.0 +0200 +++ new/permissions-2014.08.01.1324/permissions.easy2014-08-01 13:24:53.0 +0200 @@ -363,5 +363,5 @@ /usr/lib/qemu-bridge-helperroot:root 755 # systemd-journal (bnc#888151) -/var/log/journalroot:systemd-journal 2755 +/var/log/journal/ root:systemd-journal 2755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.07.23.1321/permissions.paranoid new/permissions-2014.08.01.1324/permissions.paranoid --- old/permissions-2014.07.23.1321/permissions.paranoid2014-07-23 13:21:34.0 +0200 +++ new/permissions-2014.08.01.1324/permissions.paranoid2014-08-01 13:24:53.0 +0200 @@ -372,5 +372,5 @@ /usr/lib/qemu-bridge-helperroot:root 755 # systemd-journal (bnc#888151) -/var/log/journalroot:systemd-journal 2755 +/var/log/journal/ root:systemd-journal 2755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.07.23.1321/permissions.secure new/permissions-2014.08.01.1324/permissions.secure --- old/permissions-2014.07.23.1321/permissions.secure 2014-07-23 13:21:34.0 +0200 +++ new/permissions-2014.08.01.1324/permissions.secure 2014-08-01 13:24:53.0 +0200 @@ -399,5 +399,5 @@ /usr/lib/qemu-bridge-helperroot:root 755 # systemd-journal (bnc#888151) -/var/log/journalroot:systemd-journal 2755 +/var/log/journal/ root:systemd-journal 2755 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-07-25 09:08:51 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-07-02 15:18:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-07-25 09:08:55.0 +0200 @@ -1,0 +2,11 @@ +Wed Jul 23 11:38:42 UTC 2014 - meiss...@suse.com + +- make innbind mode 4550 (bnc#876287) +- permissions: Adding systemd-journal directory (bnc#888151) + +--- +Mon Jul 21 13:31:48 UTC 2014 - krah...@suse.com + +- permissions: Adding new kdesud path for KDE5 (bnc#872276) + +--- Old: permissions-2014.06.30.1743.tar.bz2 New: permissions-2014.07.23.1321.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.HZMXus/_old 2014-07-25 09:08:56.0 +0200 +++ /var/tmp/diff_new_pack.HZMXus/_new 2014-07-25 09:08:56.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2014.06.30.1743 +Version:2014.07.23.1321 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2014.06.30.1743.tar.bz2 -> permissions-2014.07.23.1321.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.06.30.1743/permissions.easy new/permissions-2014.07.23.1321/permissions.easy --- old/permissions-2014.06.30.1743/permissions.easy2014-06-30 17:43:17.0 +0200 +++ new/permissions-2014.07.23.1321/permissions.easy2014-07-23 13:21:34.0 +0200 @@ -209,6 +209,9 @@ /opt/kde3/bin/kdesudroot:nogroup 2755 /usr/lib/kde4/libexec/kdesudroot:nogroup 2755 /usr/lib64/kde4/libexec/kdesud root:nogroup 2755 +/usr/lib/libexec/kf5/kdesud root:nogroup 2755 +/usr/lib64/libexec/kf5/kdesud root:nogroup 2755 + # used for getting proxy settings from dhcp /opt/kde3/bin/kpac_dhcp_helper root:root 4755 # used to distract the oom killer @@ -252,7 +255,7 @@ # /usr/lib/news/bin/rnews news:uucp 4550 /usr/lib/news/bin/inews news:news 2555 -/usr/lib/news/bin/innbind root:news 4554 +/usr/lib/news/bin/innbind root:news 4550 # # sendfax @@ -358,3 +361,7 @@ # qemu-bridge-helper has no special privileges currently (bnc#765948) /usr/lib/qemu-bridge-helperroot:root 755 + +# systemd-journal (bnc#888151) +/var/log/journalroot:systemd-journal 2755 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.06.30.1743/permissions.paranoid new/permissions-2014.07.23.1321/permissions.paranoid --- old/permissions-2014.06.30.1743/permissions.paranoid2014-06-30 17:43:17.0 +0200 +++ new/permissions-2014.07.23.1321/permissions.paranoid2014-07-23 13:21:34.0 +0200 @@ -219,6 +219,9 @@ /opt/kde3/bin/kdesudroot:nogroup 0755 /usr/lib/kde4/libexec/kdesudroot:nogroup 0755 /usr/lib64/kde4/libexec/kdesud root:nogroup 0755 +/usr/lib/libexec/kf5/kdesud root:nogroup 0755 +/usr/lib64/libexec/kf5/kdesud root:nogroup 0755 + # used for getting proxy settings from dhcp /opt/kde3/bin/kpac_dhcp_helper root:root 0755 # used to distract the oom killer @@ -367,3 +370,7 @@ # qemu-bridge-helper has no special privileges currently (bnc#765948) /usr/lib/qemu-bridge-helperroot:root 755 + +# systemd-journal (bnc#888151) +/var/log/journalroot:systemd-journal 2755 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.06.30.1743/permissions.secure new/permissions-2014.07.23.1321/permissions.secure --- old/permissions-2014.06.30.1743/permissions.secure 2014-06-30 17:43:17.0 +0200 +++ new/permissions-2014.07.23.1321/perm
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-07-02 15:18:20 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-06-18 22:04:26.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-07-02 15:18:21.0 +0200 @@ -1,0 +2,5 @@ +Tue Jul 1 11:19:57 UTC 2014 - meiss...@suse.com + +- vlock_main lost its permission checking, so remove from here. + +--- Old: permissions-2014.06.16.1345.tar.bz2 New: permissions-2014.06.30.1743.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.23DP7S/_old 2014-07-02 15:18:22.0 +0200 +++ /var/tmp/diff_new_pack.23DP7S/_new 2014-07-02 15:18:22.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2014.06.16.1345 +Version:2014.06.30.1743 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2014.06.16.1345.tar.bz2 -> permissions-2014.06.30.1743.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.06.16.1345/permissions new/permissions-2014.06.30.1743/permissions --- old/permissions-2014.06.16.1345/permissions 2014-06-16 13:45:27.0 +0200 +++ new/permissions-2014.06.30.1743/permissions 2014-06-30 17:43:17.0 +0200 @@ -179,8 +179,6 @@ # wodim is not allowed setuid root as cd burning does not strictly require # it (bnc#882035) /usr/bin/wodim root:root 0755 -# vlock is not allowed setuid root as code is unproven quality (bnc#882035) -/usr/sbin/vlock-mainroot:root 0755 # we no longer make rpm build dirs 1777 /usr/src/packages/SOURCES/ root:root 0755 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-06-18 22:04:25 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-04-16 07:25:05.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-06-18 22:04:26.0 +0200 @@ -1,0 +2,10 @@ +Mon Jun 16 11:46:15 UTC 2014 - meiss...@suse.com + +- opiesu,wodim,vlock-main have no setuid root. (bnc#882035) + +--- +Thu Jun 5 08:10:33 UTC 2014 - meiss...@suse.com + +- tighten /etc/crontab to be always mode 600, even in easy (bnc#867799) + +--- Old: permissions-2014.04.15.1621.tar.bz2 New: permissions-2014.06.16.1345.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.1YSqpB/_old 2014-06-18 22:04:27.0 +0200 +++ /var/tmp/diff_new_pack.1YSqpB/_new 2014-06-18 22:04:27.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2014.04.15.1621 +Version:2014.06.16.1345 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2014.04.15.1621.tar.bz2 -> permissions-2014.06.16.1345.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.04.15.1621/permissions new/permissions-2014.06.16.1345/permissions --- old/permissions-2014.04.15.1621/permissions 2014-04-15 16:21:15.0 +0200 +++ new/permissions-2014.06.16.1345/permissions 2014-06-16 13:45:27.0 +0200 @@ -174,6 +174,14 @@ /var/lib/named/dev/null root:root 0666 /var/lib/named/dev/random root:root 0666 +# opiesu is not allowed setuid root as code quality is bad (bnc#882035) +/usr/bin/opiesuroot:root 0755 +# wodim is not allowed setuid root as cd burning does not strictly require +# it (bnc#882035) +/usr/bin/wodim root:root 0755 +# vlock is not allowed setuid root as code is unproven quality (bnc#882035) +/usr/sbin/vlock-mainroot:root 0755 + # we no longer make rpm build dirs 1777 /usr/src/packages/SOURCES/ root:root 0755 /usr/src/packages/BUILD/root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.04.15.1621/permissions.easy new/permissions-2014.06.16.1345/permissions.easy --- old/permissions-2014.04.15.1621/permissions.easy2014-04-15 16:21:15.0 +0200 +++ new/permissions-2014.06.16.1345/permissions.easy2014-06-16 13:45:27.0 +0200 @@ -24,7 +24,7 @@ # # /etc # -/etc/crontabroot:root 644 +/etc/crontabroot:root 600 /etc/exportsroot:root 644 /etc/fstab root:root 644 # we don't package it -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-04-16 07:25:04 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-03-27 06:15:20.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-04-16 07:25:05.0 +0200 @@ -1,0 +2,5 @@ +Tue Apr 15 14:24:36 UTC 2014 - meiss...@suse.com + +- duplicate /var/run entries to /run (bnc#873708) + +--- Old: permissions-2014.03.24.1202.tar.bz2 New: permissions-2014.04.15.1621.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.2iXgbt/_old 2014-04-16 07:25:08.0 +0200 +++ /var/tmp/diff_new_pack.2iXgbt/_new 2014-04-16 07:25:08.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2014.03.24.1202 +Version:2014.04.15.1621 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2014.03.24.1202.tar.bz2 -> permissions-2014.04.15.1621.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.03.24.1202/permissions new/permissions-2014.04.15.1621/permissions --- old/permissions-2014.03.24.1202/permissions 2014-03-24 12:02:32.0 +0100 +++ new/permissions-2014.04.15.1621/permissions 2014-04-15 16:21:15.0 +0200 @@ -71,7 +71,9 @@ /var/cache/man/ man:root 755 /var/yp/root:root 755 /var/run/nscd/socket root:root 666 +/run/nscd/socket root:root 666 /var/run/sudo/ root:root 700 +/run/sudo/ root:root 700 # # login tracking @@ -81,6 +83,7 @@ /var/log/wtmp root:utmp 664 /var/log/btmp root:root 600 /var/run/utmp root:utmp 664 +/run/utmp root:utmp 664 # # some device files diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.03.24.1202/permissions.easy new/permissions-2014.04.15.1621/permissions.easy --- old/permissions-2014.03.24.1202/permissions.easy2014-03-24 12:02:32.0 +0100 +++ new/permissions-2014.04.15.1621/permissions.easy2014-04-15 16:21:15.0 +0200 @@ -19,6 +19,7 @@ # for screen's session sockets: /var/run/uscreens/ root:root 1777 +/run/uscreens/ root:root 1777 # # /etc diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.03.24.1202/permissions.paranoid new/permissions-2014.04.15.1621/permissions.paranoid --- old/permissions-2014.03.24.1202/permissions.paranoid2014-03-24 12:02:32.0 +0100 +++ new/permissions-2014.04.15.1621/permissions.paranoid2014-04-15 16:21:15.0 +0200 @@ -33,6 +33,7 @@ # # for screen's session sockets: /var/run/uscreens/ root:trusted 1775 +/run/uscreens/ root:trusted 1775 # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.03.24.1202/permissions.secure new/permissions-2014.04.15.1621/permissions.secure --- old/permissions-2014.03.24.1202/permissions.secure 2014-03-24 12:02:32.0 +0100 +++ new/permissions-2014.04.15.1621/permissions.secure 2014-04-15 16:21:15.0 +0200 @@ -57,6 +57,7 @@ # # for screen's session sockets: /var/run/uscreens/ root:root 1777 +/run/uscreens/ root:root 1777 # # /etc -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-03-27 06:15:19 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-10-29 09:33:32.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-03-27 06:15:20.0 +0100 @@ -1,0 +2,6 @@ +Mon Mar 24 10:31:20 UTC 2014 - krah...@suse.com + +- permissions: incorporating capability for mtr, removing +s from ping + (bnc#865351) + +--- Old: permissions-2013.10.28.1145.tar.bz2 New: permissions-2014.03.24.1202.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.lNrYUk/_old 2014-03-27 06:15:21.0 +0100 +++ /var/tmp/diff_new_pack.lNrYUk/_new 2014-03-27 06:15:21.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2013.10.28.1145 +Version:2014.03.24.1202 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2013.10.28.1145.tar.bz2 -> permissions-2014.03.24.1202.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.10.28.1145/permissions.easy new/permissions-2014.03.24.1202/permissions.easy --- old/permissions-2013.10.28.1145/permissions.easy2013-10-28 11:45:26.0 +0100 +++ new/permissions-2014.03.24.1202/permissions.easy2014-03-24 12:02:32.0 +0100 @@ -143,12 +143,13 @@ # # networking (need root for the privileged socket) # -/usr/bin/ping root:root 4755 +/usr/bin/ping root:root 0755 +capabilities cap_net_raw=ep -/usr/bin/ping6 root:root 4755 +/usr/bin/ping6 root:root 0755 +capabilities cap_net_raw=ep # mtr is linked against ncurses. For dialout only. -/usr/sbin/mtr root:dialout 4750 +/usr/sbin/mtr root:dialout 0750 + +capabilities cap_net_raw=ep /usr/bin/rcproot:root 4755 /usr/bin/rlogin root:root 4755 /usr/bin/rshroot:root 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.10.28.1145/permissions.paranoid new/permissions-2014.03.24.1202/permissions.paranoid --- old/permissions-2013.10.28.1145/permissions.paranoid2013-10-28 11:45:26.0 +0100 +++ new/permissions-2014.03.24.1202/permissions.paranoid2014-03-24 12:02:32.0 +0100 @@ -162,7 +162,7 @@ /usr/bin/ping root:root 0755 /usr/bin/ping6 root:root 0755 # mtr is linked against ncurses. -/usr/sbin/mtr root:dialout 0755 +/usr/sbin/mtr root:dialout 0750 /usr/bin/rcproot:root 0755 /usr/bin/rlogin root:root 0755 /usr/bin/rshroot:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.10.28.1145/permissions.secure new/permissions-2014.03.24.1202/permissions.secure --- old/permissions-2013.10.28.1145/permissions.secure 2013-10-28 11:45:26.0 +0100 +++ new/permissions-2014.03.24.1202/permissions.secure 2014-03-24 12:02:32.0 +0100 @@ -181,12 +181,12 @@ # # networking (need root for the privileged socket) # -/usr/bin/ping root:root 4755 +/usr/bin/ping root:root 0755 +capabilities cap_net_raw=ep -/usr/bin/ping6 root:root
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2013-10-29 09:33:31
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions"
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-08-23
11:05:49.0 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2013-10-29 09:33:32.0 +0100
@@ -1,0 +2,6 @@
+Mon Oct 28 10:46:48 UTC 2013 - meiss...@suse.com
+
+- GIT repo moved to GITHUB.
+- removed the setuid bit from "eject" (bnc#824406)
+
+---
Old:
permissions-2013.08.22.1339.tar.bz2
New:
permissions-2013.10.28.1145.tar.bz2
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.9cFmDa/_old 2013-10-29 09:33:33.0 +0100
+++ /var/tmp/diff_new_pack.9cFmDa/_new 2013-10-29 09:33:33.0 +0100
@@ -20,16 +20,17 @@
BuildRequires: libcap-devel
Name: permissions
-Version:2013.08.22.1339
+Version:2013.10.28.1145
Release:0
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
Summary:SUSE Linux Default Permissions
License:GPL-2.0+
Group: Productivity/Security
+# Maintained in github by the security team.
Source: permissions-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Url:http://gitorious.org/opensuse/permissions
+Url:http://github.com/openSUSE/permissions
%description
Permission settings of files and directories depending on the
++ permissions-2013.08.22.1339.tar.bz2 ->
permissions-2013.10.28.1145.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2013.08.22.1339/permissions.easy
new/permissions-2013.10.28.1145/permissions.easy
--- old/permissions-2013.08.22.1339/permissions.easy2013-08-22
13:39:35.0 +0200
+++ new/permissions-2013.10.28.1145/permissions.easy2013-10-28
11:45:26.0 +0100
@@ -58,7 +58,6 @@
/sbin/mount.nfs root:root 4755
/bin/mount root:root 4755
/bin/umount root:root 4755
-/usr/bin/eject root:audio4755
#
# #133657
/usr/bin/fusermount root:trusted 4755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2013.08.22.1339/permissions.paranoid
new/permissions-2013.10.28.1145/permissions.paranoid
--- old/permissions-2013.08.22.1339/permissions.paranoid2013-08-22
13:39:35.0 +0200
+++ new/permissions-2013.10.28.1145/permissions.paranoid2013-10-28
11:45:26.0 +0100
@@ -73,7 +73,6 @@
/sbin/mount.nfs root:root 0755
/bin/mount root:root 0755
/bin/umount root:root 0755
-/usr/bin/eject root:audio0750
#
# #133657
/usr/bin/fusermount root:trusted 0755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2013.08.22.1339/permissions.secure
new/permissions-2013.10.28.1145/permissions.secure
--- old/permissions-2013.08.22.1339/permissions.secure 2013-08-22
13:39:35.0 +0200
+++ new/permissions-2013.10.28.1145/permissions.secure 2013-10-28
11:45:26.0 +0100
@@ -96,7 +96,6 @@
/sbin/mount.nfs root:root 0755
/bin/mount root:root 4755
/bin/umount root:root 4755
-/usr/bin/eject root:audio4750
#
# #133657
/usr/bin/fusermount root:trusted 4750
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2013-08-23 11:05:47
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions"
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-08-21
16:47:19.0 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2013-08-23 11:05:49.0 +0200
@@ -1,0 +2,5 @@
+Thu Aug 22 11:40:20 UTC 2013 - meiss...@suse.com
+
+- do not use magic constants for strlen (bnc#834790
+
+---
Old:
permissions-2013.08.21.1452.tar.bz2
New:
permissions-2013.08.22.1339.tar.bz2
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.GsWvQM/_old 2013-08-23 11:05:50.0 +0200
+++ /var/tmp/diff_new_pack.GsWvQM/_new 2013-08-23 11:05:50.0 +0200
@@ -20,7 +20,7 @@
BuildRequires: libcap-devel
Name: permissions
-Version:2013.08.21.1452
+Version:2013.08.22.1339
Release:0
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
++ permissions-2013.08.21.1452.tar.bz2 ->
permissions-2013.08.22.1339.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2013.08.21.1452/chkstat.c
new/permissions-2013.08.22.1339/chkstat.c
--- old/permissions-2013.08.21.1452/chkstat.c 2013-08-21 14:52:46.0
+0200
+++ new/permissions-2013.08.22.1339/chkstat.c 2013-08-22 13:39:35.0
+0200
@@ -282,9 +282,10 @@
//fprintf(stderr, "invalid value for CHECK_PERMISSIONS (must be
'set', 'warn' or 'no')\n");
}
}
- else if (have_fscaps == -1 && !strncmp(p, "PERMISSION_FSCAPS=", 19))
+#define FSCAPSENABLE "PERMISSION_FSCAPS="
+ else if (have_fscaps == -1 && !strncmp(p, FSCAPSENABLE,
strlen(FSCAPSENABLE)))
{
- p+=19;
+ p+=strlen(FSCAPSENABLE);
if (isquote(*p))
++p;
if (!strncmp(p, "yes", 3))
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2013-08-21 16:47:17
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions"
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-06-13
20:27:17.0 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2013-08-21 16:47:19.0 +0200
@@ -1,0 +2,16 @@
+Wed Aug 21 12:53:39 UTC 2013 - meiss...@suse.com
+
+- Chrome sandbox also allowed to be setuid root in secure mode now (bnc#718016)
+
+---
+Fri Aug 16 13:25:56 UTC 2013 - meiss...@suse.com
+
+- use PERMISSION_FSCAPS
+
+---
+Fri Aug 16 13:08:10 UTC 2013 - meiss...@suse.com
+
+- it is PERMISSIONS_FSCAPS (bnc#834790)
+- qemu-bridge-helper has no special privileges currently (bnc#765948)
+
+---
Old:
permissions-2013.06.12.1309.tar.bz2
New:
permissions-2013.08.21.1452.tar.bz2
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.kCqeRs/_old 2013-08-21 16:47:20.0 +0200
+++ /var/tmp/diff_new_pack.kCqeRs/_new 2013-08-21 16:47:20.0 +0200
@@ -20,7 +20,7 @@
BuildRequires: libcap-devel
Name: permissions
-Version:2013.06.12.1309
+Version:2013.08.21.1452
Release:0
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
++ permissions-2013.06.12.1309.tar.bz2 ->
permissions-2013.08.21.1452.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2013.06.12.1309/chkstat.c
new/permissions-2013.08.21.1452/chkstat.c
--- old/permissions-2013.06.12.1309/chkstat.c 2013-06-12 13:09:16.0
+0200
+++ new/permissions-2013.08.21.1452/chkstat.c 2013-08-21 14:52:46.0
+0200
@@ -282,7 +282,7 @@
//fprintf(stderr, "invalid value for CHECK_PERMISSIONS (must be
'set', 'warn' or 'no')\n");
}
}
- else if (have_fscaps == -1 && !strncmp(p, "PERMISSIONS_FSCAPS=", 19))
+ else if (have_fscaps == -1 && !strncmp(p, "PERMISSION_FSCAPS=", 19))
{
p+=19;
if (isquote(*p))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2013.06.12.1309/permissions.easy
new/permissions-2013.08.21.1452/permissions.easy
--- old/permissions-2013.06.12.1309/permissions.easy2013-06-12
13:09:16.0 +0200
+++ new/permissions-2013.08.21.1452/permissions.easy2013-08-21
14:52:46.0 +0200
@@ -354,3 +354,6 @@
# no special privileges are needed for cd reading.
/usr/bin/readcdroot:root
755
/usr/bin/cdda2wav root:root 755
+
+# qemu-bridge-helper has no special privileges currently (bnc#765948)
+/usr/lib/qemu-bridge-helperroot:root 755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2013.06.12.1309/permissions.paranoid
new/permissions-2013.08.21.1452/permissions.paranoid
--- old/permissions-2013.06.12.1309/permissions.paranoid2013-06-12
13:09:16.0 +0200
+++ new/permissions-2013.08.21.1452/permissions.paranoid2013-08-21
14:52:46.0 +0200
@@ -364,3 +364,6 @@
/usr/bin/cdrecord root:root 755
/usr/bin/readcd root:root 755
/usr/bin/cdda2wav root:root 755
+
+# qemu-bridge-helper has no special privileges currently (bnc#765948)
+/usr/lib/qemu-bridge-helperroot:root 755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2013.06.12.1309/permissions.secure
new/permissions-2013.08.21.1452/permissions.secure
--- old/permissions-2013.06.12.1309/permissions.secure 2013-06-12
13:09:16.0 +0200
+++ new/permissions-2013.08.21.1452/permissions.secure 2013-08-21
14:52:46.0 +0200
@@ -358,7 +358,7 @@
/usr/sbin/hawk_invoke root:haclient 4750
# chromium (bnc#718016)
-/usr/lib/chrome_sandbox root:root
0755
+/usr/lib/chrome_sandbox root:root 4755
# ecryptfs-utils (bnc#740110)
/sbin/mount.ecryptfs_privateroot:r
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2013-06-13 20:27:16 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-05-13 15:12:06.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2013-06-13 20:27:17.0 +0200 @@ -1,0 +2,12 @@ +Wed Jun 12 11:10:18 UTC 2013 - meiss...@suse.com + +- utempter helper binary moved in new version to /usr/lib/utempter/utempter (bnc#823302) + +--- +Mon Jun 10 09:46:15 UTC 2013 - meiss...@suse.com + +- cdrtools: allow some filesystem capabilities for more stable CD/DVD + burning in "easy" mode. (bnc#550021) (cap_sys_nice, cap_sys_rawio, + cap_sys_resource, cap_ipc_lock) + +--- Old: permissions-2013.05.08.1626.tar.bz2 New: permissions-2013.06.12.1309.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.9sWKdV/_old 2013-06-13 20:27:18.0 +0200 +++ /var/tmp/diff_new_pack.9sWKdV/_new 2013-06-13 20:27:18.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2013.05.08.1626 +Version:2013.06.12.1309 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2013.05.08.1626.tar.bz2 -> permissions-2013.06.12.1309.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.05.08.1626/permissions new/permissions-2013.06.12.1309/permissions --- old/permissions-2013.05.08.1626/permissions 2013-05-08 16:26:23.0 +0200 +++ new/permissions-2013.06.12.1309/permissions 2013-06-12 13:09:16.0 +0200 @@ -122,6 +122,7 @@ # utempter /usr/sbin/utempter root:utmp 2755 +/usr/lib/utempter/utempter root:utmp 2755 # ensure correct permissions on ssh files to avoid sshd refusing # logins (bnc#398250) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.05.08.1626/permissions.easy new/permissions-2013.06.12.1309/permissions.easy --- old/permissions-2013.05.08.1626/permissions.easy2013-05-08 16:26:23.0 +0200 +++ new/permissions-2013.06.12.1309/permissions.easy2013-06-12 13:09:16.0 +0200 @@ -347,8 +347,10 @@ /usr/bin/pccardctl root:trusted 4755 # cdrecord of cdrtools from Joerg Schilling (bnc#550021) -# not allowed setuid root or any capabilities unless audit bug is resolved -# leave it disabled until it is in the distro to allow their overrides -#/usr/bin/cdrecord root:root 755 -#/usr/bin/readcd root:root 755 -#/usr/bin/cdda2wav root:root 755 +# Please note that additional capabilities are provided only for reliable +# CD/DVD burning and do not cover all use-cases of cdrecord. +/usr/bin/cdrecord root:root 755 + +capabilities cap_sys_resource,cap_sys_nice,cap_ipc_lock,cap_sys_rawio=ep +# no special privileges are needed for cd reading. +/usr/bin/readcdroot:root 755 +/usr/bin/cdda2wav root:root 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.05.08.1626/permissions.paranoid new/permissions-2013.06.12.1309/permissions.paranoid --- old/permissions-2013.05.08.1626/permissions.paranoid2013-05-08 16:26:23.0 +0200 +++ new/permissions-2013.06.12.1309/permissions.paranoid2013-06-12 13:09:16.0 +0200 @@ -359,7 +359,8 @@ /usr/bin/pccardctl root:trusted 0755 # cdrecord of cdrtools from Joerg Schilling (bnc#550021) -# not allowed setuid root or any capabilities unless audit bug is resolved +# in paranoid mode, no provisions are made for reliable cd burning, as admins +# will have very likely prohibited that anyway. /usr/bin/cdrecord root:root 755 /usr/bin/readcd root:root 755 /usr/bin/cdda2wav root:root 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore'
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2013-05-13 15:12:04 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-05-06 10:11:15.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2013-05-13 15:12:06.0 +0200 @@ -1,0 +2,5 @@ +Wed May 8 14:27:12 UTC 2013 - meiss...@suse.com + +- leave out readcd,cdda2wav,cdrecord until it is ready for the distro (bnc#550021) + +--- Old: permissions-2013.05.04.1031.tar.bz2 New: permissions-2013.05.08.1626.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.XvqaV5/_old 2013-05-13 15:12:07.0 +0200 +++ /var/tmp/diff_new_pack.XvqaV5/_new 2013-05-13 15:12:07.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2013.05.04.1031 +Version:2013.05.08.1626 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2013.05.04.1031.tar.bz2 -> permissions-2013.05.08.1626.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.05.04.1031/permissions.easy new/permissions-2013.05.08.1626/permissions.easy --- old/permissions-2013.05.04.1031/permissions.easy2013-05-04 10:31:04.0 +0200 +++ new/permissions-2013.05.08.1626/permissions.easy2013-05-08 16:26:23.0 +0200 @@ -348,6 +348,7 @@ # cdrecord of cdrtools from Joerg Schilling (bnc#550021) # not allowed setuid root or any capabilities unless audit bug is resolved -/usr/bin/cdrecord root:root 755 -/usr/bin/readcdroot:root 755 -/usr/bin/cdda2wav root:root 755 +# leave it disabled until it is in the distro to allow their overrides +#/usr/bin/cdrecord root:root 755 +#/usr/bin/readcd root:root 755 +#/usr/bin/cdda2wav root:root 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.05.04.1031/permissions.secure new/permissions-2013.05.08.1626/permissions.secure --- old/permissions-2013.05.04.1031/permissions.secure 2013-05-04 10:31:04.0 +0200 +++ new/permissions-2013.05.08.1626/permissions.secure 2013-05-08 16:26:23.0 +0200 @@ -387,6 +387,7 @@ # cdrecord of cdrtools from Joerg Schilling (bnc#550021) # not allowed setuid root or any capabilities unless audit bug is resolved -/usr/bin/cdrecord root:root 755 -/usr/bin/readcd root:root 755 -/usr/bin/cdda2wav root:root 755 +# leave it out until it is in the distro +#/usr/bin/cdrecord root:root 755 +#/usr/bin/readcd root:root 755 +#/usr/bin/cdda2wav root:root 755 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2013-05-06 10:11:14 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-01-31 10:28:45.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2013-05-06 10:11:15.0 +0200 @@ -1,0 +2,6 @@ +Sat May 4 08:32:17 UTC 2013 - meiss...@suse.com + +- cdrecord currently has no special permissions approved (bnc#550021) +- append a / + +--- Old: permissions-2013.01.29.1841.tar.bz2 New: permissions-2013.05.04.1031.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.un1aor/_old 2013-05-06 10:11:17.0 +0200 +++ /var/tmp/diff_new_pack.un1aor/_new 2013-05-06 10:11:17.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2013.01.29.1841 +Version:2013.05.04.1031 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2013.01.29.1841.tar.bz2 -> permissions-2013.05.04.1031.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.01.29.1841/permissions.easy new/permissions-2013.05.04.1031/permissions.easy --- old/permissions-2013.01.29.1841/permissions.easy2013-01-29 18:41:57.0 +0100 +++ new/permissions-2013.05.04.1031/permissions.easy2013-05-04 10:31:04.0 +0200 @@ -346,3 +346,8 @@ /usr/sbin/pccardctl root:trusted 4755 /usr/bin/pccardctl root:trusted 4755 +# cdrecord of cdrtools from Joerg Schilling (bnc#550021) +# not allowed setuid root or any capabilities unless audit bug is resolved +/usr/bin/cdrecord root:root 755 +/usr/bin/readcdroot:root 755 +/usr/bin/cdda2wav root:root 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.01.29.1841/permissions.paranoid new/permissions-2013.05.04.1031/permissions.paranoid --- old/permissions-2013.01.29.1841/permissions.paranoid2013-01-29 18:41:57.0 +0100 +++ new/permissions-2013.05.04.1031/permissions.paranoid2013-05-04 10:31:04.0 +0200 @@ -357,3 +357,9 @@ /usr/bin/isdnctrl root:dialout 0755 /usr/sbin/pccardctl root:trusted 0755 /usr/bin/pccardctl root:trusted 0755 + +# cdrecord of cdrtools from Joerg Schilling (bnc#550021) +# not allowed setuid root or any capabilities unless audit bug is resolved +/usr/bin/cdrecord root:root 755 +/usr/bin/readcd root:root 755 +/usr/bin/cdda2wav root:root 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.01.29.1841/permissions.secure new/permissions-2013.05.04.1031/permissions.secure --- old/permissions-2013.01.29.1841/permissions.secure 2013-01-29 18:41:57.0 +0100 +++ new/permissions-2013.05.04.1031/permissions.secure 2013-05-04 10:31:04.0 +0200 @@ -384,3 +384,9 @@ /usr/bin/isdnctrl root:dialout 4750 /usr/sbin/pccardctl root:trusted 4750 /usr/bin/pccardctl root:trusted 4750 + +# cdrecord of cdrtools from Joerg Schilling (bnc#550021) +# not allowed setuid root or any capabilities unless audit bug is resolved +/usr/bin/cdrecord root:root 755 +/usr/bin/readcd root:root 755 +/usr/bin/cdda2wav root:root 755 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2013-01-31 10:28:43 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "meiss...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-12-03 11:18:01.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2013-01-31 10:28:45.0 +0100 @@ -1,0 +2,5 @@ +Tue Jan 29 14:00:08 UTC 2013 - meiss...@suse.com + +- Allow pcp to have stickybit worldwriteable directories + +--- Old: permissions-2012.11.27.1640.tar.bz2 New: permissions-2013.01.29.1841.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.E2LB8o/_old 2013-01-31 10:28:46.0 +0100 +++ /var/tmp/diff_new_pack.E2LB8o/_new 2013-01-31 10:28:46.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2012.11.27.1640 +Version:2013.01.29.1841 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2012.11.27.1640.tar.bz2 -> permissions-2013.01.29.1841.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.11.27.1640/permissions.easy new/permissions-2013.01.29.1841/permissions.easy --- old/permissions-2012.11.27.1640/permissions.easy2012-11-27 16:40:51.0 +0100 +++ new/permissions-2013.01.29.1841/permissions.easy2013-01-29 18:41:57.0 +0100 @@ -271,6 +271,13 @@ /usr/lib/uucp/uucicouucp:uucp 6555 /usr/lib/uucp/uuxqt uucp:uucp 6555 +# pcp (bnc#782967) +/var/lib/pcp/tmp/ root:root 1777 +/var/lib/pcp/tmp/pmdabash/ root:root 1777 +/var/lib/pcp/tmp/mmv/ root:root 1777 +/var/lib/pcp/tmp/pmlogger/ root:root 1777 +/var/lib/pcp/tmp/pmie/ root:root 1777 + # PolicyKit (#295341) /usr/lib/PolicyKit/polkit-set-default-helperpolkituser:root 4755 /usr/lib/PolicyKit/polkit-read-auth-helper root:polkituser 2755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.11.27.1640/permissions.paranoid new/permissions-2013.01.29.1841/permissions.paranoid --- old/permissions-2012.11.27.1640/permissions.paranoid2012-11-27 16:40:51.0 +0100 +++ new/permissions-2013.01.29.1841/permissions.paranoid2013-01-29 18:41:57.0 +0100 @@ -283,6 +283,13 @@ /usr/lib/uucp/uucicouucp:uucp 0555 /usr/lib/uucp/uuxqt uucp:uucp 0555 +# pcp (bnc#782967) +/var/lib/pcp/tmp/ root:root 0755 +/var/lib/pcp/tmp/pmdabash/ root:root 0755 +/var/lib/pcp/tmp/mmv/ root:root 0755 +/var/lib/pcp/tmp/pmlogger/ root:root 0755 +/var/lib/pcp/tmp/pmie/ root:root 0755 + # PolicyKit (#295341) /usr/lib/PolicyKit/polkit-set-default-helperroot:polkituser 0755 /usr/lib/PolicyKit/polkit-read-auth-helper root:polkituser 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.11.27.1640/permissions.secure new/permissions-2013.01.29.1841/permissions.secure --- old/permissions-2012.11.27.1640/permissions.secure 2012-11-27 16:40:51.0 +0100 +++ new/permissions-2013.01.29.1841/permissions.secure 2013-01-29 18:41:57.0 +0100 @@ -309,6 +309,14 @@ /usr/lib/uucp/uucicouucp:uucp 6555 /usr/lib/uucp/uuxqt uucp:uucp 6555 + +# pcp (bnc#782967) +/var/lib/pcp/tmp/ root:root 0755 +/var/lib/pcp/tmp/pmdabash/
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-12-03 11:17:54 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "meiss...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-11-22 17:02:38.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-12-03 11:18:01.0 +0100 @@ -1,0 +2,8 @@ +Tue Nov 27 15:41:16 UTC 2012 - meiss...@suse.com + +- add /usr/bin/dumpcap to watchlist +- make fscaps=1 the default on "" +- added PERMISSION_FSCAPS to the sysconfig/security fillup template. +- /bin/ping(6) was moved to /usr/bin/ping(6) /bin/eject was moved to /usr/bin/eject + +--- Old: permissions-2012.10.15.1348.tar.bz2 New: permissions-2012.11.27.1640.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.1VZ9KD/_old 2012-12-03 11:18:02.0 +0100 +++ /var/tmp/diff_new_pack.1VZ9KD/_new 2012-12-03 11:18:02.0 +0100 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2012.10.15.1348 +Version:2012.11.27.1640 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2012.10.15.1348.tar.bz2 -> permissions-2012.11.27.1640.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.10.15.1348/chkstat.c new/permissions-2012.11.27.1640/chkstat.c --- old/permissions-2012.10.15.1348/chkstat.c 2012-10-15 13:48:16.0 +0200 +++ new/permissions-2012.11.27.1640/chkstat.c 2012-11-27 16:40:51.0 +0100 @@ -298,7 +298,8 @@ p+=2; if (isquote(*p) || !*p) have_fscaps=0; - } + } else + have_fscaps=1; /* default */ } } fclose(fp); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.10.15.1348/permissions.easy new/permissions-2012.11.27.1640/permissions.easy --- old/permissions-2012.10.15.1348/permissions.easy2012-10-15 13:48:16.0 +0200 +++ new/permissions-2012.11.27.1640/permissions.easy2012-11-27 16:40:51.0 +0100 @@ -58,7 +58,7 @@ /sbin/mount.nfs root:root 4755 /bin/mount root:root 4755 /bin/umount root:root 4755 -/bin/eject root:audio4755 +/usr/bin/eject root:audio4755 # # #133657 /usr/bin/fusermount root:trusted 4755 @@ -144,9 +144,9 @@ # # networking (need root for the privileged socket) # -/bin/ping root:root 4755 +/usr/bin/ping root:root 4755 +capabilities cap_net_raw=ep -/bin/ping6 root:root 4755 +/usr/bin/ping6 root:root 4755 +capabilities cap_net_raw=ep # mtr is linked against ncurses. For dialout only. /usr/sbin/mtr root:dialout 4750 @@ -312,11 +312,14 @@ /usr/sbin/hawk_invoke root:haclient 4750 # chromium (bnc#718016) -/usr/lib/chrome_sandbox root:root 4755 +/usr/lib/chrome_sandbox root:root 4755 # ecryptfs-utils (bnc#740110) /sbin/mount.ecryptfs_private root:root 4755 +# wireshark (not yet) +/usr/bin/dumpcap root:root 0755 + # # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 @@ -327,7 +330,6 @@ /usr/bin/mount.nfs root:root 4755 /usr/bin/mount root:root 4755 /usr/bin/umount root:root 4755 -/usr/bin/eject root:audio4755 /usr/sbin/unix_chkpwd root:shadow 4755 /usr/bin/unix_chkpwdroot:shadow 4755 /usr/sbin/unix2_chkpwd root:s
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2012-11-22 17:02:36
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions", Maintainer is "meiss...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-10-16
07:18:36.0 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2012-11-22 17:02:38.0 +0100
@@ -1,0 +2,9 @@
+Wed Nov 21 13:56:34 UTC 2012 - lnus...@suse.de
+
+- apply permissions settings in %post. During initial installation
+ some packages might be installed before the permissions package
+ due to dependency loops so we need to make sure their settings
+ are applied too. Also, on update of the permissions package
+ changed permission settings may need to be applied.
+
+---
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.33UWCI/_old 2012-11-22 17:02:39.0 +0100
+++ /var/tmp/diff_new_pack.33UWCI/_new 2012-11-22 17:02:39.0 +0100
@@ -55,6 +55,8 @@
%post
%{fillup_only -n security}
+# apply all potentially changed permissions
+/usr/bin/chkstat --system
%files
%defattr(-,root,root,-)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-10-16 07:18:34 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "meiss...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-09-26 10:11:00.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-10-16 07:18:36.0 +0200 @@ -1,0 +2,7 @@ +Mon Oct 15 11:49:04 UTC 2012 - lnus...@suse.de + +- temporarily add su.core. workaround for the migration of su from + coreutils to util-linux needs to be reverted as soon as util-linux + is also in + +--- Old: permissions-2012.09.25.1654.tar.bz2 New: permissions-2012.10.15.1348.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.1f0ZKg/_old 2012-10-16 07:18:37.0 +0200 +++ /var/tmp/diff_new_pack.1f0ZKg/_new 2012-10-16 07:18:37.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2012.09.25.1654 +Version:2012.10.15.1348 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2012.09.25.1654.tar.bz2 -> permissions-2012.10.15.1348.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.09.25.1654/permissions.easy new/permissions-2012.10.15.1348/permissions.easy --- old/permissions-2012.09.25.1654/permissions.easy2012-09-25 16:54:47.0 +0200 +++ new/permissions-2012.10.15.1348/permissions.easy2012-10-15 13:48:16.0 +0200 @@ -321,6 +321,8 @@ # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 /usr/bin/su root:root 4755 +# temporary hack to make the move from coreutils to util-linux work +/usr/bin/su.coreroot:root 4755 /usr/sbin/mount.nfs root:root 4755 /usr/bin/mount.nfs root:root 4755 /usr/bin/mount root:root 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.09.25.1654/permissions.paranoid new/permissions-2012.10.15.1348/permissions.paranoid --- old/permissions-2012.09.25.1654/permissions.paranoid2012-09-25 16:54:47.0 +0200 +++ new/permissions-2012.10.15.1348/permissions.paranoid2012-10-15 13:48:16.0 +0200 @@ -333,6 +333,8 @@ # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 /usr/bin/su root:root 0755 +# temporary hack to make the move from coreutils to util-linux work +/usr/bin/su.coreroot:root 0755 /usr/sbin/mount.nfs root:root 0755 /usr/bin/mount.nfs root:root 0755 /usr/bin/mount root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.09.25.1654/permissions.secure new/permissions-2012.10.15.1348/permissions.secure --- old/permissions-2012.09.25.1654/permissions.secure 2012-09-25 16:54:47.0 +0200 +++ new/permissions-2012.10.15.1348/permissions.secure 2012-10-15 13:48:16.0 +0200 @@ -359,6 +359,8 @@ # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 /usr/bin/su root:root 4755 +# temporary hack to make the move from coreutils to util-linux work +/usr/bin/su.coreroot:root 4755 /usr/sbin/mount.nfs root:root 0755 /usr/bin/mount.nfs root:root 0755 /usr/bin/mount root:root 4755 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2012-09-26 10:10:56
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions", Maintainer is "lnus...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-07-09
10:00:15.0 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2012-09-26 10:11:00.0 +0200
@@ -1,0 +2,5 @@
+Tue Sep 25 14:55:21 UTC 2012 - meiss...@suse.com
+
+- no longer install SuSEconfig.permissions, SuSEconfig is gone.
+
+---
Old:
permissions-2012.07.06.1059.tar.bz2
New:
permissions-2012.09.25.1654.tar.bz2
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.2JHnaf/_old 2012-09-26 10:11:03.0 +0200
+++ /var/tmp/diff_new_pack.2JHnaf/_new 2012-09-26 10:11:03.0 +0200
@@ -20,7 +20,7 @@
BuildRequires: libcap-devel
Name: permissions
-Version:2012.07.06.1059
+Version:2012.09.25.1654
Release:0
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
@@ -66,7 +66,6 @@
%{_bindir}/chkstat
%{_mandir}/man5/permissions.5*
%{_mandir}/man8/chkstat.8*
-/sbin/conf.d/SuSEconfig.permissions
/var/adm/fillup-templates/sysconfig.security
%changelog
++ permissions-2012.07.06.1059.tar.bz2 ->
permissions-2012.09.25.1654.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2012.07.06.1059/Makefile
new/permissions-2012.09.25.1654/Makefile
--- old/permissions-2012.07.06.1059/Makefile2012-07-06 10:59:51.0
+0200
+++ new/permissions-2012.09.25.1654/Makefile2012-09-25 16:54:47.0
+0200
@@ -21,7 +21,6 @@
@for i in $(bindir) $(suseconfigdir) $(man8dir) $(man5dir) $(fillupdir)
$(sysconfdir); \
do install -d -m 755 $(DESTDIR)$$i; done
@install -m 755 chkstat $(DESTDIR)$(bindir)
- @install -m 755 SuSEconfig.permissions $(DESTDIR)$(suseconfigdir)
@install -m 644 chkstat.8 $(DESTDIR)$(man8dir)
@install -m 644 permissions.5 $(DESTDIR)$(man5dir)
@install -m 644 sysconfig.security $(DESTDIR)$(fillupdir)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2012-07-09 10:00:13
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions", Maintainer is "lnus...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-06-01
22:32:34.0 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2012-07-09 10:00:15.0 +0200
@@ -1,0 +2,10 @@
+Fri Jul 6 09:01:18 UTC 2012 - meiss...@suse.com
+
+- enable ecryptfs-utils setuid root mount wrapper (bnc#740110) in .easy
+
+---
+Mon Jun 4 11:37:27 UTC 2012 - lnus...@suse.de
+
+- remove /var/run/vi.recover (bnc#765288)
+
+---
Old:
permissions-2012.06.01.0923.tar.bz2
New:
permissions-2012.07.06.1059.tar.bz2
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.HlqyRT/_old 2012-07-09 10:00:16.0 +0200
+++ /var/tmp/diff_new_pack.HlqyRT/_new 2012-07-09 10:00:16.0 +0200
@@ -14,21 +14,19 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-
-# norootforbuild
# icecream 0
+
BuildRequires: libcap-devel
Name: permissions
-License:GPL-2.0+
-Group: Productivity/Security
-AutoReqProv:on
-Version:2012.06.01.0923
-Release:1
+Version:2012.07.06.1059
+Release:0
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
Summary:SUSE Linux Default Permissions
+License:GPL-2.0+
+Group: Productivity/Security
Source: permissions-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url:http://gitorious.org/opensuse/permissions
++ permissions-2012.06.01.0923.tar.bz2 ->
permissions-2012.07.06.1059.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2012.06.01.0923/permissions
new/permissions-2012.07.06.1059/permissions
--- old/permissions-2012.06.01.0923/permissions 2012-06-01 09:23:33.0
+0200
+++ new/permissions-2012.07.06.1059/permissions 2012-07-06 10:59:51.0
+0200
@@ -58,7 +58,6 @@
#
/var/tmp/ root:root 1777
-/var/tmp/vi.recover/root:root 1777
/var/log/ root:root 755
/var/spool/ root:root 755
/var/spool/mqueue/ root:root 700
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2012.06.01.0923/permissions.easy
new/permissions-2012.07.06.1059/permissions.easy
--- old/permissions-2012.06.01.0923/permissions.easy2012-06-01
09:23:33.0 +0200
+++ new/permissions-2012.07.06.1059/permissions.easy2012-07-06
10:59:51.0 +0200
@@ -314,6 +314,9 @@
# chromium (bnc#718016)
/usr/lib/chrome_sandbox root:root
4755
+# ecryptfs-utils (bnc#740110)
+/sbin/mount.ecryptfs_private root:root 4755
+
#
# XXX: / -> /usr merge and sbin -> bin merge
# XXX: duplicated entries need to be cleaned up before 12.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2012.06.01.0923/permissions.paranoid
new/permissions-2012.07.06.1059/permissions.paranoid
--- old/permissions-2012.06.01.0923/permissions.paranoid2012-06-01
09:23:33.0 +0200
+++ new/permissions-2012.07.06.1059/permissions.paranoid2012-07-06
10:59:51.0 +0200
@@ -326,6 +326,9 @@
# chromium (bnc#718016)
/usr/lib/chrome_sandbox root:root
0755
+# ecryptfs-utils (bnc#740110)
+/sbin/mount.ecryptfs_privateroot:root 0755
+
#
# XXX: / -> /usr merge and sbin -> bin merge
# XXX: duplicated entries need to be cleaned up before 12.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2012.06.01.0923/permissions.secure
new/permissions-2012.07.06.1059/permissions.secure
--- old/permissions-2012.06.01.0923/permissions.secure 2012-06-01
09:23:33.0 +0200
+++ new/permissions-2012.07.06.1059/permissions.secure 2012-07-06
10:59:51.0 +0200
@@ -352,6 +352,9 @@
# chromium (bnc#718016)
/usr/lib/chrome_sandbox
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-06-01 22:31:50 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "lnus...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-06-01 07:22:50.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-06-01 22:32:34.0 +0200 @@ -1,0 +2,6 @@ +Fri Jun 1 07:23:46 UTC 2012 - lnus...@suse.de + +- remove /var/cache/fonts (bnc#764885) +- remove /var/lib/xemacs/lock/ (bnc#764887) + +--- Old: permissions-2012.05.31.1307.tar.bz2 New: permissions-2012.06.01.0923.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.SK5hzN/_old 2012-06-01 22:32:36.0 +0200 +++ /var/tmp/diff_new_pack.SK5hzN/_new 2012-06-01 22:32:36.0 +0200 @@ -24,7 +24,7 @@ License:GPL-2.0+ Group: Productivity/Security AutoReqProv:on -Version:2012.05.31.1307 +Version:2012.06.01.0923 Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2012.05.31.1307.tar.bz2 -> permissions-2012.06.01.0923.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.05.31.1307/permissions new/permissions-2012.06.01.0923/permissions --- old/permissions-2012.05.31.1307/permissions 2012-05-31 13:07:15.0 +0200 +++ new/permissions-2012.06.01.0923/permissions 2012-06-01 09:23:33.0 +0200 @@ -69,7 +69,6 @@ /var/adm/ root:root 755 /var/adm/backup/root:root 700 /var/cache/ root:root 755 -/var/cache/fonts/ root:root 1777 /var/cache/man/ man:root 755 /var/yp/root:root 755 /var/run/nscd/socket root:root 666 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.05.31.1307/permissions.easy new/permissions-2012.06.01.0923/permissions.easy --- old/permissions-2012.05.31.1307/permissions.easy2012-05-31 13:07:15.0 +0200 +++ new/permissions-2012.06.01.0923/permissions.easy2012-06-01 09:23:33.0 +0200 @@ -17,8 +17,6 @@ # Directories # -# lock file for emacs -/var/lib/xemacs/lock/ root:root 1777 # for screen's session sockets: /var/run/uscreens/ root:root 1777 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.05.31.1307/permissions.paranoid new/permissions-2012.06.01.0923/permissions.paranoid --- old/permissions-2012.05.31.1307/permissions.paranoid2012-05-31 13:07:15.0 +0200 +++ new/permissions-2012.06.01.0923/permissions.paranoid2012-06-01 09:23:33.0 +0200 @@ -31,8 +31,6 @@ # # Directories # -# no lock files for emacs: -/var/lib/xemacs/lock/ root:trusted 1775 # for screen's session sockets: /var/run/uscreens/ root:trusted 1775 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.05.31.1307/permissions.secure new/permissions-2012.06.01.0923/permissions.secure --- old/permissions-2012.05.31.1307/permissions.secure 2012-05-31 13:07:15.0 +0200 +++ new/permissions-2012.06.01.0923/permissions.secure 2012-06-01 09:23:33.0 +0200 @@ -55,8 +55,6 @@ # # Directories # -# no lock files for emacs: -/var/lib/xemacs/lock/ root:trusted 1775 # for screen's session sockets: /var/run/uscreens/ root:root 1777 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2012-06-01 07:22:48
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions", Maintainer is "lnus...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-05-25
16:18:08.0 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2012-06-01 07:22:50.0 +0200
@@ -1,0 +2,6 @@
+Thu May 31 11:07:25 UTC 2012 - lnus...@suse.de
+
+- Revert "Use credentials from within the root file system"
+ breaks use of --root option in brp-05-permissions
+
+---
Old:
permissions-2012.05.15.1646.tar.bz2
New:
permissions-2012.05.31.1307.tar.bz2
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.nyyk7t/_old 2012-06-01 07:22:51.0 +0200
+++ /var/tmp/diff_new_pack.nyyk7t/_new 2012-06-01 07:22:51.0 +0200
@@ -24,7 +24,7 @@
License:GPL-2.0+
Group: Productivity/Security
AutoReqProv:on
-Version:2012.05.15.1646
+Version:2012.05.31.1307
Release:1
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
++ permissions-2012.05.15.1646.tar.bz2 ->
permissions-2012.05.31.1307.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2012.05.15.1646/chkstat.c
new/permissions-2012.05.31.1307/chkstat.c
--- old/permissions-2012.05.15.1646/chkstat.c 2012-05-15 16:46:07.0
+0200
+++ new/permissions-2012.05.31.1307/chkstat.c 2012-05-31 13:07:15.0
+0200
@@ -59,128 +59,6 @@
int npermfiles = 0;
char* force_level;
-static struct passwd*
-_getpwuid(uid_t uid)
-{
- char fn[PATH_MAX];
- struct passwd *pwd = 0;
- FILE *fp = 0;
-
- if (!rootl)
-return getpwuid(uid);
-
- // read the passwd from the root instead
- strcpy(fn, root);
- strcpy(fn+rootl, "/etc/passwd");
-
- printf("trying %s\n", fn);
-
- fp = fopen(fn, "r");
- if (!fp)
-goto out;
-
- while ((pwd = fgetpwent(fp)))
-{
- if (pwd->pw_uid == uid)
-goto out;
-}
-
-out:
- if (fp)
-fclose(fp);
- return pwd;
-}
-
-static struct passwd*
-_getpwnam(const char *name)
-{
- char fn[PATH_MAX];
- struct passwd *pwd = 0;
- FILE *fp = 0;
-
- if (!rootl)
-return getpwnam(name);
-
- // read the passwd from the root instead
- strcpy(fn, root);
- strcpy(fn+rootl, "/etc/passwd");
-
- fp = fopen(fn, "r");
- if (!fp)
-goto out;
-
- while ((pwd = fgetpwent(fp)))
-{
- if (strcmp(pwd->pw_name, name) == 0)
-goto out;
-}
-
-out:
- if (fp)
-fclose(fp);
- return pwd;
-}
-
-static struct group*
-_getgrgid(gid_t gid)
-{
- char fn[PATH_MAX];
- struct group *grp = 0;
- FILE *fp = 0;
-
- if (!rootl)
-return getgrgid(gid);
-
- // read the group from the root instead
- strcpy(fn, root);
- strcpy(fn+rootl, "/etc/passwd");
-
- fp = fopen(fn, "r");
- if (!fp)
-goto out;
-
- while ((grp = fgetgrent(fp)))
-{
- if (grp->gr_gid == gid)
-goto out;
-}
-
-out:
- if (fp)
-fclose(fp);
- return grp;
-}
-
-static struct group*
-_getgrnam(const char *name)
-{
- char fn[PATH_MAX];
- struct group *grp = 0;
- FILE *fp = 0;
-
- if (!rootl)
-return getgrnam(name);
-
- // read the group from the root instead
- strcpy(fn, root);
- strcpy(fn+rootl, "/etc/passwd");
-
- fp = fopen(fn, "r");
- if (!fp)
-goto out;
-
- while ((grp = fgetgrent(fp)))
-{
- if (strcmp(grp->gr_name, name) == 0)
-goto out;
-}
-
-out:
- if (fp)
-fclose(fp);
- return grp;
-}
-
struct perm*
add_permlist(char *file, char *owner, char *group, mode_t mode)
{
@@ -1002,8 +880,8 @@
if (!e->mode && !strcmp(e->owner, "unknown"))
{
char uids[16], gids[16];
- pwd = _getpwuid(stb.st_uid);
- grp = _getgrgid(stb.st_gid);
+ pwd = getpwuid(stb.st_uid);
+ grp = getgrgid(stb.st_gid);
if (!pwd)
sprintf(uids, "%d", stb.st_uid);
if (!grp)
@@ -1017,12 +895,12 @@
grp = 0;
continue;
}
- if ((!pwd || strcmp(pwd->pw_name, e->owner)) && (pwd =
_getpwnam(e->owner)) == 0)
+ if ((!pwd || strcmp(pwd->pw_name, e->owner)) && (pwd =
getpwnam(e->owner)) == 0)
{
fprintf(stderr, "%s: unknown user %s\n", e->file+rootl, e->owner);
continue;
}
- if ((!grp || strcmp(grp->gr_name, e->group)) && (grp =
_getgrnam(e->group)) == 0)
+ if ((!grp || strcmp(grp->gr_name, e->group)) && (grp =
getgrnam
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2012-05-25 16:18:06
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions", Maintainer is "lnus...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-02-08
15:41:13.0 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2012-05-25 16:18:08.0 +0200
@@ -1,0 +2,6 @@
+Tue May 15 14:46:22 UTC 2012 - lnus...@suse.de
+
+- print warning when requested to check not listed files
+- Use credentials from within the root file system
+
+---
Old:
permissions-2012.02.08.0914.tar.bz2
New:
permissions-2012.05.15.1646.tar.bz2
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.zSDFuc/_old 2012-05-25 16:18:10.0 +0200
+++ /var/tmp/diff_new_pack.zSDFuc/_new 2012-05-25 16:18:10.0 +0200
@@ -24,7 +24,7 @@
License:GPL-2.0+
Group: Productivity/Security
AutoReqProv:on
-Version:2012.02.08.0914
+Version:2012.05.15.1646
Release:1
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
++ permissions-2012.02.08.0914.tar.bz2 ->
permissions-2012.05.15.1646.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2012.02.08.0914/chkstat.c
new/permissions-2012.05.15.1646/chkstat.c
--- old/permissions-2012.02.08.0914/chkstat.c 2012-02-08 09:14:56.0
+0100
+++ new/permissions-2012.05.15.1646/chkstat.c 2012-05-15 16:46:07.0
+0200
@@ -59,6 +59,128 @@
int npermfiles = 0;
char* force_level;
+static struct passwd*
+_getpwuid(uid_t uid)
+{
+ char fn[PATH_MAX];
+ struct passwd *pwd = 0;
+ FILE *fp = 0;
+
+ if (!rootl)
+return getpwuid(uid);
+
+ // read the passwd from the root instead
+ strcpy(fn, root);
+ strcpy(fn+rootl, "/etc/passwd");
+
+ printf("trying %s\n", fn);
+
+ fp = fopen(fn, "r");
+ if (!fp)
+goto out;
+
+ while ((pwd = fgetpwent(fp)))
+{
+ if (pwd->pw_uid == uid)
+goto out;
+}
+
+out:
+ if (fp)
+fclose(fp);
+ return pwd;
+}
+
+static struct passwd*
+_getpwnam(const char *name)
+{
+ char fn[PATH_MAX];
+ struct passwd *pwd = 0;
+ FILE *fp = 0;
+
+ if (!rootl)
+return getpwnam(name);
+
+ // read the passwd from the root instead
+ strcpy(fn, root);
+ strcpy(fn+rootl, "/etc/passwd");
+
+ fp = fopen(fn, "r");
+ if (!fp)
+goto out;
+
+ while ((pwd = fgetpwent(fp)))
+{
+ if (strcmp(pwd->pw_name, name) == 0)
+goto out;
+}
+
+out:
+ if (fp)
+fclose(fp);
+ return pwd;
+}
+
+static struct group*
+_getgrgid(gid_t gid)
+{
+ char fn[PATH_MAX];
+ struct group *grp = 0;
+ FILE *fp = 0;
+
+ if (!rootl)
+return getgrgid(gid);
+
+ // read the group from the root instead
+ strcpy(fn, root);
+ strcpy(fn+rootl, "/etc/passwd");
+
+ fp = fopen(fn, "r");
+ if (!fp)
+goto out;
+
+ while ((grp = fgetgrent(fp)))
+{
+ if (grp->gr_gid == gid)
+goto out;
+}
+
+out:
+ if (fp)
+fclose(fp);
+ return grp;
+}
+
+static struct group*
+_getgrnam(const char *name)
+{
+ char fn[PATH_MAX];
+ struct group *grp = 0;
+ FILE *fp = 0;
+
+ if (!rootl)
+return getgrnam(name);
+
+ // read the group from the root instead
+ strcpy(fn, root);
+ strcpy(fn+rootl, "/etc/passwd");
+
+ fp = fopen(fn, "r");
+ if (!fp)
+goto out;
+
+ while ((grp = fgetgrent(fp)))
+{
+ if (strcmp(grp->gr_name, name) == 0)
+goto out;
+}
+
+out:
+ if (fp)
+fclose(fp);
+ return grp;
+}
+
struct perm*
add_permlist(char *file, char *owner, char *group, mode_t mode)
{
@@ -770,6 +892,10 @@
if (do_set == -1)
do_set = 0;
+ // add fake list entries for all files to check
+ for (i = 0; i < nchecklist; i++)
+add_permlist(checklist[i], "unknown", "unknown", 0);
+
for (i = 0; i < npermfiles; i++)
{
if ((fp = fopen(permfiles[i], "r")) == 0)
@@ -867,18 +993,36 @@
euid = geteuid();
for (e = permlist; e; e = e->next)
{
- if (use_checklist && !in_checklist(e->file))
+ if (use_checklist && !in_checklist(e->file+rootl))
continue;
if (lstat(e->file, &stb))
continue;
if (S_ISLNK(stb.st_mode))
continue;
- if ((!pwd || strcmp(pwd->pw_name, e->owner)) && (pwd =
getpwnam(e->owner)) == 0)
+ if (!e->mode && !strcmp(e->owner, "unknown"))
+ {
+ char uids[16], gids[16];
+ pwd = _getpwuid(stb.st_uid);
+ grp = _getgrgid(stb.st_gid);
+
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2012-02-08 15:41:09
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions", Maintainer is "lnus...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2011-11-07
14:28:56.0 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2012-02-08 15:41:13.0 +0100
@@ -1,0 +2,11 @@
+Wed Feb 8 08:15:50 UTC 2012 - lnus...@suse.de
+
+- add duplicate entries for / and /usr (bnc#745622)
+
+---
+Tue Feb 7 12:09:17 UTC 2012 - lnus...@suse.de
+
+- add scripts for automatic package sumission
+- drop zypp-refresh-wrapper (bnc#738677)
+
+---
Old:
0001-disable-run-time-fscaps-detection-bnc-728312.diff
permissions-2011.09.23.1037.tar.bz2
New:
permissions-2012.02.08.0914.tar.bz2
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.CeBfIs/_old 2012-02-08 15:41:16.0 +0100
+++ /var/tmp/diff_new_pack.CeBfIs/_new 2012-02-08 15:41:16.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package permissions
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,13 +24,12 @@
License:GPL-2.0+
Group: Productivity/Security
AutoReqProv:on
-Version:2011.09.23.1037
+Version:2012.02.08.0914
Release:1
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
Summary:SUSE Linux Default Permissions
Source: permissions-%{version}.tar.bz2
-Patch0: 0001-disable-run-time-fscaps-detection-bnc-728312.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url:http://gitorious.org/opensuse/permissions
@@ -49,7 +48,6 @@
%prep
%setup -q
-%patch0 -p1
%build
make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0
++ permissions-2011.09.23.1037.tar.bz2 ->
permissions-2012.02.08.0914.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.09.23.1037/Makefile
new/permissions-2012.02.08.0914/Makefile
--- old/permissions-2011.09.23.1037/Makefile2011-09-23 10:37:01.0
+0200
+++ new/permissions-2012.02.08.0914/Makefile2012-02-08 09:14:56.0
+0100
@@ -32,4 +32,7 @@
clean:
/bin/rm chkstat
-.PHONY: all clean
+package:
+ @obs/mkpackage
+
+.PHONY: all clean package
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.09.23.1037/chkstat.8
new/permissions-2012.02.08.0914/chkstat.8
--- old/permissions-2011.09.23.1037/chkstat.8 2011-09-23 10:37:01.0
+0200
+++ new/permissions-2012.02.08.0914/chkstat.8 2012-02-08 09:14:56.0
+0100
@@ -52,8 +52,9 @@
Omit printing the output header lines.
.TP
.IR \-\-fscaps,\ \-\-no\-fscaps
-Force or disable use of fscaps. Default is to automatically
-determine whether the running kernel supports fscaps.
+Enable or disable use of fscaps. In system mode the setting of
+PERMISSIONS_FSCAPS determines whether fscaps are on or off when this
+option is not set.
.TP
.IR \-\-examine\ file
Check permissions for this file instead of all files listed in the permissions
files.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.09.23.1037/chkstat.c
new/permissions-2012.02.08.0914/chkstat.c
--- old/permissions-2011.09.23.1037/chkstat.c 2011-09-23 10:37:01.0
+0200
+++ new/permissions-2012.02.08.0914/chkstat.c 2012-02-08 09:14:56.0
+0100
@@ -54,6 +54,7 @@
char** level;
int do_set = -1;
int default_set = 1;
+int have_fscaps = -1;
char** permfiles = NULL;
int npermfiles = 0;
char* force_level;
@@ -281,6 +282,24 @@
//fprintf(stderr, "invalid value for CHECK_PERMISSIONS (must be
'set', 'warn' or 'no')\n");
}
}
+ else if (have_fscaps == -1 && !strncmp(p, "PERMISSIONS_FSCAPS=", 19))
+ {
+ p+=19;
+ if (isquote(*p))
+ ++p;
+ if (!strncmp(p, "yes", 3))
+ {
+ p+=3;
+ if (isquote(*p) || !*p)
+ have_fscaps=1;
+ }
+ else if (!strncmp(p, "no", 2))
+ {
+ p+=2;
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2011-12-06 18:50:13 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "lnus...@suse.com" Changes: Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.kVEDBP/_old 2011-12-06 19:23:39.0 +0100 +++ /var/tmp/diff_new_pack.kVEDBP/_new 2011-12-06 19:23:39.0 +0100 @@ -21,7 +21,7 @@ BuildRequires: libcap-devel Name: permissions -License:GPLv2+ +License:GPL-2.0+ Group: Productivity/Security AutoReqProv:on Version:2011.09.23.1037 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2011-11-07 14:28:51
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
Package is "permissions", Maintainer is "lnus...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2011-09-26
10:10:13.0 +0200
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2011-11-07 14:28:56.0 +0100
@@ -1,0 +2,5 @@
+Mon Nov 7 09:39:43 UTC 2011 - lnus...@suse.de
+
+- disable run time fscaps detection (bnc#728312)
+
+---
New:
0001-disable-run-time-fscaps-detection-bnc-728312.diff
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.yLcL1T/_old 2011-11-07 14:28:57.0 +0100
+++ /var/tmp/diff_new_pack.yLcL1T/_new 2011-11-07 14:28:57.0 +0100
@@ -30,6 +30,7 @@
PreReq: %fillup_prereq
Summary:SUSE Linux Default Permissions
Source: permissions-%{version}.tar.bz2
+Patch0: 0001-disable-run-time-fscaps-detection-bnc-728312.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url:http://gitorious.org/opensuse/permissions
@@ -48,6 +49,7 @@
%prep
%setup -q
+%patch0 -p1
%build
make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0
++ 0001-disable-run-time-fscaps-detection-bnc-728312.diff ++
>From 94311258bfdf3ad86938bd50aaef4a83ca04eae5 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
Date: Mon, 7 Nov 2011 10:34:38 +0100
Subject: [PATCH] disable run time fscaps detection (bnc#728312)
PERMISSIONS_FSCAPS setting in /etc/sysconfig/security allows to enable
them again.
---
chkstat.8 |5 +++--
chkstat.c | 40
2 files changed, 31 insertions(+), 14 deletions(-)
diff --git a/chkstat.8 b/chkstat.8
index 3492e21..364a237 100644
--- a/chkstat.8
+++ b/chkstat.8
@@ -52,8 +52,9 @@ Opposite of --set, ie warn only but don't make actual changes
Omit printing the output header lines.
.TP
.IR \-\-fscaps,\ \-\-no\-fscaps
-Force or disable use of fscaps. Default is to automatically
-determine whether the running kernel supports fscaps.
+Enable or disable use of fscaps. In system mode the setting of
+PERMISSIONS_FSCAPS determines whether fscaps are on or off when this
+option is not set.
.TP
.IR \-\-examine\ file
Check permissions for this file instead of all files listed in the permissions
files.
diff --git a/chkstat.c b/chkstat.c
index e5c9b15..8682c3e 100644
--- a/chkstat.c
+++ b/chkstat.c
@@ -54,6 +54,7 @@ int nlevel;
char** level;
int do_set = -1;
int default_set = 1;
+int have_fscaps = -1;
char** permfiles = NULL;
int npermfiles = 0;
char* force_level;
@@ -281,6 +282,24 @@ parse_sysconf(const char* file)
//fprintf(stderr, "invalid value for CHECK_PERMISSIONS (must be
'set', 'warn' or 'no')\n");
}
}
+ else if (have_fscaps == -1 && !strncmp(p, "PERMISSIONS_FSCAPS=", 19))
+ {
+ p+=19;
+ if (isquote(*p))
+ ++p;
+ if (!strncmp(p, "yes", 3))
+ {
+ p+=3;
+ if (isquote(*p) || !*p)
+ have_fscaps=1;
+ }
+ else if (!strncmp(p, "no", 2))
+ {
+ p+=2;
+ if (isquote(*p) || !*p)
+ have_fscaps=0;
+ }
+ }
}
fclose(fp);
return 0;
@@ -515,18 +534,18 @@ check_fscaps_enabled()
{
FILE* fp;
char line[128];
- int have_fscaps = FSCAPS_DEFAULT_ENABLED;
+ int val = FSCAPS_DEFAULT_ENABLED;
if ((fp = fopen("/sys/kernel/fscaps", "r")) == 0)
{
goto out;
}
if (readline(fp, line, sizeof(line)))
{
- have_fscaps = atoi(line);
+ val = atoi(line);
}
fclose(fp);
out:
- return have_fscaps;
+ return val;
}
int
@@ -552,7 +571,6 @@ main(int argc, char **argv)
int fd, r;
int errors = 0;
cap_t caps = NULL;
- int have_fscaps = -1;
while (argc > 1)
{
@@ -692,9 +710,6 @@ main(int argc, char **argv)
break;
}
- if (have_fscaps == -1)
- have_fscaps = check_fscaps_enabled();
-
if (systemmode)
{
const char file[] = "/etc/sysconfig/security";
@@ -747,6 +762,11 @@ main(int argc, char **argv)
permfiles = &argv[1];
}
+ if (have_fscaps == 1 && !check_fscaps_enabled())
+{
+ fprintf(stderr, "Warning: running kernel does not support fscaps\n");
+}
+
if (do_set == -1)
do_set = 0;
@@ -802,7 +822,7 @@ main(int argc, char **argv)
}
if (!strncmp(p, "+capabilities ", 14))
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at Mon Sep 26 10:10:29 CEST 2011.
--- permissions/permissions.changes 2011-09-21 10:01:31.0 +0200
+++ /mounts/work_src_done/STABLE/permissions/permissions.changes
2011-09-23 10:58:33.0 +0200
@@ -1,0 +2,6 @@
+Fri Sep 23 08:37:21 UTC 2011 - lnus...@suse.de
+
+- set permission by default in SuSEconfig mode as permissions are
+ only set when called explicitly anyways (bnc#720010).
+
+---
calling whatdependson for head-i586
Old:
permissions-2011.09.21.1000.tar.bz2
New:
permissions-2011.09.23.1037.tar.bz2
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.hzIYfq/_old 2011-09-26 10:10:12.0 +0200
+++ /var/tmp/diff_new_pack.hzIYfq/_new 2011-09-26 10:10:12.0 +0200
@@ -24,7 +24,7 @@
License:GPLv2+
Group: Productivity/Security
AutoReqProv:on
-Version:2011.09.21.1000
+Version:2011.09.23.1037
Release:1
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
++ permissions-2011.09.21.1000.tar.bz2 ->
permissions-2011.09.23.1037.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.09.21.1000/checkpermissionfiles.pl
new/permissions-2011.09.23.1037/checkpermissionfiles.pl
--- old/permissions-2011.09.21.1000/checkpermissionfiles.pl 2011-09-21
10:00:05.0 +0200
+++ new/permissions-2011.09.23.1037/checkpermissionfiles.pl 2011-09-23
10:37:01.0 +0200
@@ -19,7 +19,7 @@
my %perms;
my($nodups, $checkmissing, $defonly, $showsuid, $showsgid, $showww, $showgw,
-$show, @levels, $showsame, $dump, @permfiles, $help, $checkdirs);
+$show, @levels, $showsame, $dump, @permfiles, $help, $checkdirs, $root);
Getopt::Long::Configure("no_ignore_case");
GetOptions (
@@ -35,6 +35,7 @@
"level=s" => \@levels,
"dump"=> \$dump,
"checkdirs=s" => \$checkdirs,
+"root=s" => \$root,
"help"=> \$help,
);
@@ -57,6 +58,7 @@
--dump dump files as perl hash
--levelrestrict checks to this coma separated list of levels
--checkdirs DIR check for group writeable directories below DIR
+ --root DIR check for entries that don't exist in DIR
EOF
exit 0;
}
@@ -192,6 +194,11 @@
print STDERR "$file:\n$msg\n";
}
}
+
+if ($root && ! -e $root.$file)
+{
+ print STDERR "MISSING: $file\n";
+}
}
close FORMATTED;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.09.21.1000/chkstat.c
new/permissions-2011.09.23.1037/chkstat.c
--- old/permissions-2011.09.21.1000/chkstat.c 2011-09-21 10:00:05.0
+0200
+++ new/permissions-2011.09.23.1037/chkstat.c 2011-09-23 10:37:01.0
+0200
@@ -53,7 +53,7 @@
int nlevel;
char** level;
int do_set = -1;
-int default_set = 0;
+int default_set = 1;
char** permfiles = NULL;
int npermfiles = 0;
char* force_level;
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at Wed Sep 21 17:17:17 CEST 2011. --- permissions/permissions.changes 2011-06-28 14:53:50.0 +0200 +++ /mounts/work_src_done/STABLE/permissions/permissions.changes 2011-09-21 10:01:31.0 +0200 @@ -1,0 +2,18 @@ +Wed Sep 21 08:00:28 UTC 2011 - lnus...@suse.de + +- fix typo in path + +--- +Tue Sep 20 14:47:30 UTC 2011 - lnus...@suse.de + +- remove world writable /var/crash again (bnc#438041) +- remove world writable permissions from /usr/src/packages (bnc#719217) + +--- +Tue Sep 20 13:38:48 UTC 2011 - lnus...@suse.de + +- add chromium browser sandbox helper (bnc#718016) +- don't offer PERMISSION_SECURITY in config anymore +- remove setgid games bits (bnc#429882) + +--- calling whatdependson for head-i586 Old: permissions-2011.06.28.1452.tar.bz2 New: permissions-2011.09.21.1000.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.gu3k8q/_old 2011-09-21 17:17:12.0 +0200 +++ /var/tmp/diff_new_pack.gu3k8q/_new 2011-09-21 17:17:12.0 +0200 @@ -24,7 +24,7 @@ License:GPLv2+ Group: Productivity/Security AutoReqProv:on -Version:2011.06.28.1452 +Version:2011.09.21.1000 Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2011.06.28.1452.tar.bz2 -> permissions-2011.09.21.1000.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.06.28.1452/permissions new/permissions-2011.09.21.1000/permissions --- old/permissions-2011.06.28.1452/permissions 2011-06-28 14:52:01.0 +0200 +++ new/permissions-2011.09.21.1000/permissions 2011-09-21 10:00:05.0 +0200 @@ -167,12 +167,53 @@ /lib/udev/devices/zero root:root 0666 # -# directory for system crash dumps (#438041) -# -/var/crash/ root:root 1777 - -# # named chroot (#438045) # /var/lib/named/dev/null root:root 0666 /var/lib/named/dev/random root:root 0666 + +# we no longer make rpm build dirs 1777 +/usr/src/packages/SOURCES/ root:root 0755 +/usr/src/packages/BUILD/root:root 0755 +/usr/src/packages/BUILDROOT/root:root 0755 +/usr/src/packages/RPMS/ root:root 0755 +/usr/src/packages/RPMS/alphaev56/ root:root 0755 +/usr/src/packages/RPMS/alphaev67/ root:root 0755 +/usr/src/packages/RPMS/alphaev6/root:root 0755 +/usr/src/packages/RPMS/alpha/ root:root 0755 +/usr/src/packages/RPMS/amd64/ root:root 0755 +/usr/src/packages/RPMS/arm4l/ root:root 0755 +/usr/src/packages/RPMS/armv4l/ root:root 0755 +/usr/src/packages/RPMS/armv5tejl/ root:root 0755 +/usr/src/packages/RPMS/armv5tejvl/ root:root 0755 +/usr/src/packages/RPMS/armv5tel/root:root 0755 +/usr/src/packages/RPMS/armv5tevl/ root:root 0755 +/usr/src/packages/RPMS/armv6l/ root:root 0755 +/usr/src/packages/RPMS/armv6vl/ root:root 0755 +/usr/src/packages/RPMS/armv7l/ root:root 0755 +/usr/src/packages/RPMS/athlon/ root:root 0755 +/usr/src/packages/RPMS/geode/ root:root 0755 +/usr/src/packages/RPMS/hppa2.0/ root:root 0755 +/usr/src/packages/RPMS/hppa/root:root 0755 +/usr/src/packages/RPMS/i386/root:root 0755 +/usr/src/packages/RPMS/i486/root:root 0755 +/usr/src/packages/RPMS/i586/root:root 0755 +/usr/src/packages/RPMS/i686/root:root 0755 +/usr/src/packages/RPMS/ia32e/ root:root 0755 +/usr/src/packages/RPMS/ia64/root:root 0755 +/usr/src/packages/RPMS/mips/root:root 0755 +/usr/src/packages/RPMS/noarch/ root:
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at Tue Jun 28 16:02:27 CEST 2011. --- permissions/permissions.changes 2011-06-17 12:56:52.0 +0200 +++ /mounts/work_src_done/STABLE/permissions/permissions.changes 2011-06-28 14:53:50.0 +0200 @@ -1,0 +2,5 @@ +Tue Jun 28 12:53:22 UTC 2011 - lnus...@suse.de + +- remove setuid bit from opiesu (bnc#698772) + +--- calling whatdependson for head-i586 Old: _service:format_spec_file:permissions.spec permissions-2011.05.26.1717.tar.bz2 New: permissions-2011.06.28.1452.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.wEn7t8/_old 2011-06-28 16:01:44.0 +0200 +++ /var/tmp/diff_new_pack.wEn7t8/_new 2011-06-28 16:01:44.0 +0200 @@ -24,8 +24,8 @@ License:GPLv2+ Group: Productivity/Security AutoReqProv:on -Version:2011.05.26.1717 -Release:2 +Version:2011.06.28.1452 +Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq Summary:SUSE Linux Default Permissions ++ permissions-2011.05.26.1717.tar.bz2 -> permissions-2011.06.28.1452.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.05.26.1717/permissions.easy new/permissions-2011.06.28.1452/permissions.easy --- old/permissions-2011.05.26.1717/permissions.easy2011-05-26 17:17:58.0 +0200 +++ new/permissions-2011.06.28.1452/permissions.easy2011-06-28 14:52:01.0 +0200 @@ -48,14 +48,11 @@ /usr/bin/chage root:shadow 4755 /usr/bin/chsh root:shadow 4755 /usr/bin/expiry root:shadow 4755 -# the default configuration of the sudo package in SuSE distribution is to -# intimidate users. /usr/bin/sudo root:root 4755 /usr/sbin/su-wrapperroot:root 4755 # opie password system # #66303 /usr/bin/opiepasswd root:root 4755 -/usr/bin/opiesu root:root 4755 # "user" entries in /etc/fstab make mount work for non-root users: /usr/bin/ncpmount root:trusted 4750 /usr/bin/ncpumount root:trusted 4750 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.05.26.1717/permissions.paranoid new/permissions-2011.06.28.1452/permissions.paranoid --- old/permissions-2011.05.26.1717/permissions.paranoid2011-05-26 17:17:58.0 +0200 +++ new/permissions-2011.06.28.1452/permissions.paranoid2011-06-28 14:52:01.0 +0200 @@ -63,14 +63,11 @@ /usr/bin/chage root:shadow 0755 /usr/bin/chsh root:shadow 0755 /usr/bin/expiry root:shadow 0755 -# the default configuration of the sudo package in SuSE distribution is to -# intimidate users. /usr/bin/sudo root:root 0755 /usr/sbin/su-wrapperroot:root 0755 # opie password system # #66303 /usr/bin/opiepasswd root:root 0755 -/usr/bin/opiesu root:root 0755 # "user" entries in /etc/fstab make mount work for non-root users: /usr/bin/ncpmount root:trusted 0755 /usr/bin/ncpumount root:trusted 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.05.26.1717/permissions.secure new/permissions-2011.06.28.1452/permissions.secure --- old/permissions-2011.05.26.1717/permissions.secure 2011-05-26 17:17:58.0 +0200 +++ new/permissions-2011.06.28.1452/permissions.secure 2011-06-28 14:52:01.0 +0200 @@ -86,14 +86,11 @@ /usr/bin/chage root:shadow 4755 /usr/bin/chsh root:shadow 4755 /usr/bin/expiry root:shadow 4755 -# the default configuration of the sudo package in SuSE distribution is to -# intimidate users. /usr/bin/sudo root:root 4755 /usr/sbin/su-wrapperroot:root 0755 # opie password system # #66303
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at Mon Jun 20 11:13:19 CEST 2011.
--- permissions/permissions.changes 2011-05-26 17:24:27.0 +0200
+++ /mounts/work_src_done/STABLE/permissions/permissions.changes
2011-06-17 12:56:52.0 +0200
@@ -1,0 +2,6 @@
+Fri Jun 17 09:46:29 UTC 2011 - lnus...@suse.de
+
+- disable fscaps by default as factory kernel still doesn't have the
+ required patch for auto detection
+
+---
calling whatdependson for head-i586
New:
_service:format_spec_file:permissions.spec
Other differences:
--
++ _service:format_spec_file:permissions.spec ++
#
# spec file for package permissions
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
# icecream 0
BuildRequires: libcap-devel
Name: permissions
License:GPLv2+
Group: Productivity/Security
AutoReqProv:on
Version:2011.05.26.1717
Release:1
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
Summary:SUSE Linux Default Permissions
Source: permissions-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url:http://gitorious.org/opensuse/permissions
%description
Permission settings of files and directories depending on the
local security settings. The local security setting (easy, secure,
or paranoid) can be configured in /etc/sysconfig/security.
Authors:
Werner Fink
Roman Drahtmüller
Michael Schröder
Ludwig Nussel
%prep
%setup -q
%build
make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0
%install
make DESTDIR="$RPM_BUILD_ROOT" install
%post
%{fillup_only -n security}
%files
%defattr(-,root,root,-)
%config /etc/permissions
%config /etc/permissions.easy
%config /etc/permissions.secure
%config /etc/permissions.paranoid
%config(noreplace) /etc/permissions.local
%{_bindir}/chkstat
%{_mandir}/man5/permissions.5*
%{_mandir}/man8/chkstat.8*
/sbin/conf.d/SuSEconfig.permissions
/var/adm/fillup-templates/sysconfig.security
%changelog
++ permissions.spec ++
--- /var/tmp/diff_new_pack.W9X553/_old 2011-06-20 11:12:49.0 +0200
+++ /var/tmp/diff_new_pack.W9X553/_new 2011-06-20 11:12:49.0 +0200
@@ -25,7 +25,7 @@
Group: Productivity/Security
AutoReqProv:on
Version:2011.05.26.1717
-Release:1
+Release:2
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
Summary:SUSE Linux Default Permissions
@@ -50,7 +50,7 @@
%setup -q
%build
-make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS"
+make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0
%install
make DESTDIR="$RPM_BUILD_ROOT" install
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at Fri May 27 11:16:12 CEST 2011.
--- permissions/permissions.changes 2011-05-12 13:48:45.0 +0200
+++ /mounts/work_src_done/STABLE/permissions/permissions.changes
2011-05-26 17:24:27.0 +0200
@@ -1,0 +2,5 @@
+Thu May 26 15:23:49 UTC 2011 - lnus...@suse.de
+
+- read /sys/kernel/fscaps for fscaps settings
+
+---
calling whatdependson for head-i586
Old:
permissions-2011.05.12.1347.tar.bz2
New:
permissions-2011.05.26.1717.tar.bz2
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.HxJLto/_old 2011-05-27 11:14:52.0 +0200
+++ /var/tmp/diff_new_pack.HxJLto/_new 2011-05-27 11:14:52.0 +0200
@@ -24,7 +24,7 @@
License:GPLv2+
Group: Productivity/Security
AutoReqProv:on
-Version:2011.05.12.1347
+Version:2011.05.26.1717
Release:1
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
++ permissions-2011.05.12.1347.tar.bz2 ->
permissions-2011.05.26.1717.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.05.12.1347/chkstat.c
new/permissions-2011.05.26.1717/chkstat.c
--- old/permissions-2011.05.12.1347/chkstat.c 2011-05-12 13:47:52.0
+0200
+++ new/permissions-2011.05.26.1717/chkstat.c 2011-05-26 17:17:58.0
+0200
@@ -509,31 +509,20 @@
}
}
-/* that's really ugly. There should be sysctl or something */
+/* check /sys/kernel/fscaps, 2.6.39 */
static int
-check_fscaps_cmdline()
+check_fscaps_enabled()
{
FILE* fp;
- char line[4096];
+ char line[128];
int have_fscaps = FSCAPS_DEFAULT_ENABLED;
- if ((fp = fopen("/proc/cmdline", "r")) == 0)
+ if ((fp = fopen("/sys/kernel/fscaps", "r")) == 0)
{
goto out;
}
if (readline(fp, line, sizeof(line)))
{
- char* p;
- if ((p = strstr(line, "file_caps")))
- {
- if (p - line == 3 && !strncmp("no_", p, 3))
- {
- have_fscaps = 0;
- }
- else
- {
- have_fscaps = 1;
- }
- }
+ have_fscaps = atoi(line);
}
fclose(fp);
out:
@@ -704,7 +693,7 @@
}
if (have_fscaps == -1)
- have_fscaps = check_fscaps_cmdline();
+ have_fscaps = check_fscaps_enabled();
if (systemmode)
{
@@ -913,7 +902,7 @@
printf("\t%s\n", permfiles[i]);
if (!have_fscaps)
{
- printf("fscaps support disabled (file_caps missing in
/proc/cmdline).\n");
+ printf("kernel has fscaps support disabled.\n");
}
if (rootl)
{
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at Mon May 16 15:17:23 CEST 2011.
--- permissions/permissions.changes 2011-03-07 16:24:01.0 +0100
+++ /mounts/work_src_done/STABLE/permissions/permissions.changes
2011-05-12 13:48:45.0 +0200
@@ -1,0 +2,5 @@
+Thu May 12 11:48:36 UTC 2011 - lnus...@suse.de
+
+- change path to gnome-pty-helper (bnc#690202)
+
+---
calling whatdependson for head-i586
Old:
permissions-2011.03.07.1608.tar.bz2
New:
permissions-2011.05.12.1347.tar.bz2
Other differences:
--
++ permissions.spec ++
--- /var/tmp/diff_new_pack.nexhr7/_old 2011-05-16 15:13:51.0 +0200
+++ /var/tmp/diff_new_pack.nexhr7/_new 2011-05-16 15:13:51.0 +0200
@@ -24,7 +24,7 @@
License:GPLv2+
Group: Productivity/Security
AutoReqProv:on
-Version:2011.03.07.1608
+Version:2011.05.12.1347
Release:1
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
++ permissions-2011.03.07.1608.tar.bz2 ->
permissions-2011.05.12.1347.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.03.07.1608/Makefile
new/permissions-2011.05.12.1347/Makefile
--- old/permissions-2011.03.07.1608/Makefile2011-03-07 16:08:04.0
+0100
+++ new/permissions-2011.05.12.1347/Makefile2011-05-12 13:47:52.0
+0200
@@ -12,6 +12,9 @@
man8dir=$(mandir)/man8
man5dir=$(mandir)/man5
+FSCAPS_DEFAULT_ENABLED = 1
+CPPFLAGS += -DFSCAPS_DEFAULT_ENABLED=$(FSCAPS_DEFAULT_ENABLED)
+
all: chkstat
install: all
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.03.07.1608/chkstat.c
new/permissions-2011.05.12.1347/chkstat.c
--- old/permissions-2011.03.07.1608/chkstat.c 2011-03-07 16:08:04.0
+0100
+++ new/permissions-2011.05.12.1347/chkstat.c 2011-05-12 13:47:52.0
+0200
@@ -515,23 +515,29 @@
{
FILE* fp;
char line[4096];
+ int have_fscaps = FSCAPS_DEFAULT_ENABLED;
if ((fp = fopen("/proc/cmdline", "r")) == 0)
{
- return 0;
+ goto out;
}
if (readline(fp, line, sizeof(line)))
{
char* p;
if ((p = strstr(line, "file_caps")))
{
- if (p - line < 3 || strncmp("no_", p, 3))
+ if (p - line == 3 && !strncmp("no_", p, 3))
{
- return 1;
+ have_fscaps = 0;
+ }
+ else
+ {
+ have_fscaps = 1;
}
}
}
fclose(fp);
- return 0;
+out:
+ return have_fscaps;
}
int
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2011.03.07.1608/permissions
new/permissions-2011.05.12.1347/permissions
--- old/permissions-2011.03.07.1608/permissions 2011-03-07 16:08:04.0
+0100
+++ new/permissions-2011.05.12.1347/permissions 2011-05-12 13:47:52.0
+0200
@@ -1,6 +1,7 @@
# /etc/permissions
#
-# Copyright (c) 2001 SuSE GmbH Nuernberg, Germany. All rights reserved.
+# Copyright (c) 2001 SuSE GmbH Nuernberg, Germany.
+# Copyright (c) 2011 SUSE Linux Products GmbH Nuernberg, Germany.
#
# Author: Roman Drahtmueller , 2001
#
@@ -20,35 +21,18 @@
# :
#
# How it works:
-# Change the entries as you like, then call
-# 'chkstat -set /etc/permissions' or /etc/permissions.{easy,secure,paranoid}
-# respectively, or call 'SuSEconfig' as yast do after they think
-# that files have been modified in the system.
-#
-# SuSEconfig will use the files /etc/permissions and the ones ending
-# in what the variable PERMISSION_SECURITY from
-# /etc/sysconfig/security contains. By default, these are the files
-# /etc/permissions, /etc/permissions.easy and /etc/permissions.local
-# for local changes by the admin. In addition, the directory
+# To change an entry copy the line to permissions.local, modify it
+# to suit your needs and call "chkstat --system"
+#
+# chkstat uses the variable PERMISSION_SECURITY from
+# /etc/sysconfig/security to determine which security level to
+# apply.
+# In addition to the central files listed above the directory
# /etc/permissions.d/ can contain permission files that belong to
# the packages they modify file modes for. These permission files
# are to switch between conflicting file modes of the same file
# paths in different packages (popular example: sendmail and
# postfix, path /usr/sbin/sendmail).
-#
-# SuSEconfig's usage of the chkstat program can be turned off completely
-# by setting CHECK_PERMISSIONS to "warn" in /etc/sysconfig/security.
-#
-# /etc/permissions is kept to the bare minimum. File modes that differ
-# from the settings in this file should be considered broken.
-#
-# Please see the
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at Tue Mar 8 14:34:32 CET 2011. --- permissions/permissions.changes 2011-02-14 09:10:01.0 +0100 +++ /mounts/work_src_done/STABLE/permissions/permissions.changes 2011-03-07 16:24:01.0 +0100 @@ -1,0 +2,5 @@ +Mon Mar 7 15:08:33 UTC 2011 - lnus...@suse.de + + - setuid bit on VBoxNetDHCP (bnc#669055) + +--- calling whatdependson for head-i586 Old: permissions-2011.02.14.0908.tar.bz2 New: permissions-2011.03.07.1608.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.5LGqXE/_old 2011-03-08 14:33:57.0 +0100 +++ /var/tmp/diff_new_pack.5LGqXE/_new 2011-03-08 14:33:57.0 +0100 @@ -24,7 +24,7 @@ License:GPLv2+ Group: Productivity/Security AutoReqProv:on -Version:2011.02.14.0908 +Version:2011.03.07.1608 Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2011.02.14.0908.tar.bz2 -> permissions-2011.03.07.1608.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.02.14.0908/permissions.easy new/permissions-2011.03.07.1608/permissions.easy --- old/permissions-2011.02.14.0908/permissions.easy2011-02-14 09:08:58.0 +0100 +++ new/permissions-2011.03.07.1608/permissions.easy2011-03-07 16:08:04.0 +0100 @@ -411,6 +411,8 @@ /usr/lib/virtualbox/VBoxSDL root:vboxusers4750 # (bnc#533550) /usr/lib/virtualbox/VBoxNetAdpCtl root:vboxusers4750 +# bnc#669055 +/usr/lib/virtualbox/VBoxNetDHCP root:vboxusers4750 # open-vm-tools (bnc#474285) /usr/bin/vmware-user-suid-wrapper root:root 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.02.14.0908/permissions.paranoid new/permissions-2011.03.07.1608/permissions.paranoid --- old/permissions-2011.02.14.0908/permissions.paranoid2011-02-14 09:08:58.0 +0100 +++ new/permissions-2011.03.07.1608/permissions.paranoid2011-03-07 16:08:04.0 +0100 @@ -423,6 +423,8 @@ /usr/lib/virtualbox/VBoxSDL root:vboxusers0755 # (bnc#533550) /usr/lib/virtualbox/VBoxNetAdpCtl root:vboxusers0755 +# bnc#669055 +/usr/lib/virtualbox/VBoxNetDHCP root:vboxusers0755 # open-vm-tools (bnc#474285) /usr/bin/vmware-user-suid-wrapper root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.02.14.0908/permissions.secure new/permissions-2011.03.07.1608/permissions.secure --- old/permissions-2011.02.14.0908/permissions.secure 2011-02-14 09:08:58.0 +0100 +++ new/permissions-2011.03.07.1608/permissions.secure 2011-03-07 16:08:04.0 +0100 @@ -450,6 +450,8 @@ /usr/lib/virtualbox/VBoxSDL root:vboxusers0755 # (bnc#533550) /usr/lib/virtualbox/VBoxNetAdpCtl root:vboxusers0755 +# bnc#669055 +/usr/lib/virtualbox/VBoxNetDHCP root:vboxusers0755 # open-vm-tools (bnc#474285) /usr/bin/vmware-user-suid-wrapper root:root 0755 Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
