commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-10-15 13:43:38 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.3486 (New) Package is "permissions" Thu Oct 15 13:43:38 2020 rev:145 rq:840211 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-10-04 17:30:10.952238434 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.3486/permissions.changes 2020-10-15 13:43:44.369137504 +0200 @@ -1,0 +2,7 @@ +Thu Oct 08 09:19:32 UTC 2020 - matthias.gerst...@suse.com + +- Update to version 20201008: + * cleanup now useless /usr/lib entries after move to /usr/libexec (bsc#1171164) + * drop (f)ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) + +--- Old: permissions-20200930.tar.xz New: permissions-20201008.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.Zp2ufh/_old 2020-10-15 13:43:45.077137781 +0200 +++ /var/tmp/diff_new_pack.Zp2ufh/_new 2020-10-15 13:43:45.081137782 +0200 @@ -16,7 +16,7 @@ # -%define VERSION_DATE 20200930 +%define VERSION_DATE 20201008 Name: permissions Version:%{VERSION_DATE}.%{suse_version} ++ _servicedata ++ --- /var/tmp/diff_new_pack.Zp2ufh/_old 2020-10-15 13:43:45.121137798 +0200 +++ /var/tmp/diff_new_pack.Zp2ufh/_new 2020-10-15 13:43:45.125137799 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 95fac00b09c116dc9c3f07cbfb4f952700df59ce \ No newline at end of file + 92eac1c845a2b647cc1aeb6c862fc6c93cc50b3d \ No newline at end of file ++ permissions-20200930.tar.xz -> permissions-20201008.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200930/etc/permissions new/permissions-20201008/etc/permissions --- old/permissions-20200930/etc/permissions2020-09-30 10:39:10.0 +0200 +++ new/permissions-20201008/etc/permissions2020-10-08 11:17:56.0 +0200 @@ -86,7 +86,6 @@ /etc/sysconfig/network/providers/ root:root 700 # utempter -/usr/lib/utempter/utempter root:utmp 2755 /usr/libexec/utempter/utempter root:utmp 2755 # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200930/profiles/permissions.easy new/permissions-20201008/profiles/permissions.easy --- old/permissions-20200930/profiles/permissions.easy 2020-09-30 10:39:10.0 +0200 +++ new/permissions-20201008/profiles/permissions.easy 2020-10-08 11:17:56.0 +0200 @@ -81,7 +81,6 @@ /sbin/pccardctl root:trusted 4755 # libgnomesu (#75823, #175616) -/usr/lib/libgnomesu/gnomesu-pam-backend root:root 4755 /usr/libexec/libgnomesu/gnomesu-pam-backend root:root 4755 # @@ -89,8 +88,6 @@ # /usr/bin/clockdiff root:root 0755 +capabilities cap_net_raw=p -/usr/bin/ping root:root 0755 - +capabilities cap_net_raw=p # mtr /usr/sbin/mtr-packetroot:root 0755 +capabilities cap_net_raw=ep @@ -109,7 +106,6 @@ # # setuid needed on the text console to set the terminal content on ctrl-o # #66112 -/usr/lib/mc/cons.saver root:root 4755 /usr/libexec/mc/cons.saver root:root 4755 @@ -132,21 +128,13 @@ # # amanda # -/usr/lib/amanda/calcsizeroot:amanda 4750 /usr/libexec/amanda/calcsizeroot:amanda 4750 -/usr/lib/amanda/rundump root:amanda 4750 /usr/libexec/amanda/rundump root:amanda 4750 -/usr/lib/amanda/runtar root:amanda 4750 /usr/libexec/amanda/runtar root:amanda 4750 -/usr/lib/amanda/killpgrproot:amanda 4750 /usr/libexec/amanda/killpgrproot:amanda 4750 -/usr/lib/amanda/ambind root:amanda 4750 /usr/libexec/amanda/ambind root:amanda 4750 -/usr/lib/amanda/application/ambsdtarroot:amanda 4750 /usr/libexec/amanda/application/ambsdtarroot
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-10-04 17:30:04 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.4249 (New) Package is "permissions" Sun Oct 4 17:30:04 2020 rev:144 rq:838733 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-09-14 12:02:27.131571858 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.4249/permissions.changes 2020-10-04 17:30:10.952238434 +0200 @@ -1,0 +2,6 @@ +Wed Sep 30 09:26:44 UTC 2020 - matthias.gerst...@suse.com + +- Update to version 20200930: + * whitelist Xorg setuid-root wrapper (bsc#1175867) + +--- Old: permissions-20200909.tar.xz New: permissions-20200930.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.okJUdt/_old 2020-10-04 17:30:11.712239162 +0200 +++ /var/tmp/diff_new_pack.okJUdt/_new 2020-10-04 17:30:11.712239162 +0200 @@ -16,7 +16,7 @@ # -%define VERSION_DATE 20200909 +%define VERSION_DATE 20200930 Name: permissions Version:%{VERSION_DATE}.%{suse_version} ++ _servicedata ++ --- /var/tmp/diff_new_pack.okJUdt/_old 2020-10-04 17:30:11.776239224 +0200 +++ /var/tmp/diff_new_pack.okJUdt/_new 2020-10-04 17:30:11.776239224 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 26cac6fa0260d8c1f80c5d0c522f381d3bea \ No newline at end of file + 95fac00b09c116dc9c3f07cbfb4f952700df59ce \ No newline at end of file ++ permissions-20200909.tar.xz -> permissions-20200930.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200909/profiles/permissions.easy new/permissions-20200930/profiles/permissions.easy --- old/permissions-20200909/profiles/permissions.easy 2020-09-09 08:37:43.0 +0200 +++ new/permissions-20200930/profiles/permissions.easy 2020-09-30 10:39:10.0 +0200 @@ -366,3 +366,6 @@ # physlock (bsc#1175720, not suited for world access) /usr/bin/physlock root:trusted 04750 + +# xorg-x11-server (bsc#1175867) +/usr/bin/Xorg.wrap root:root 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200909/profiles/permissions.paranoid new/permissions-20200930/profiles/permissions.paranoid --- old/permissions-20200909/profiles/permissions.paranoid 2020-09-09 08:37:43.0 +0200 +++ new/permissions-20200930/profiles/permissions.paranoid 2020-09-30 10:39:10.0 +0200 @@ -368,3 +368,6 @@ # physlock (bsc#1175720, not suited for world access) /usr/bin/physlock root:root 0755 + +# xorg-x11-server (bsc#1175867) +/usr/bin/Xorg.wrap root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200909/profiles/permissions.secure new/permissions-20200930/profiles/permissions.secure --- old/permissions-20200909/profiles/permissions.secure2020-09-09 08:37:43.0 +0200 +++ new/permissions-20200930/profiles/permissions.secure2020-09-30 10:39:10.0 +0200 @@ -404,3 +404,6 @@ # physlock (bsc#1175720, not suited for world access) /usr/bin/physlock root:root 0755 + +# xorg-x11-server (bsc#1175867) +/usr/bin/Xorg.wrap root:root 4755
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-09-14 12:02:03 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.4249 (New) Package is "permissions" Mon Sep 14 12:02:03 2020 rev:143 rq:833221 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-09-08 22:55:21.647754496 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.4249/permissions.changes 2020-09-14 12:02:27.131571858 +0200 @@ -1,0 +2,6 @@ +Wed Sep 09 10:00:18 UTC 2020 - matthias.gerst...@suse.com + +- Update to version 20200909: + * screen: remove /run/uscreens covered by systemd-tmpfiles (bsc#1171879) + +--- Old: permissions-20200904.tar.xz New: permissions-20200909.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.eLW3Cz/_old 2020-09-14 12:02:29.711574510 +0200 +++ /var/tmp/diff_new_pack.eLW3Cz/_new 2020-09-14 12:02:29.711574510 +0200 @@ -16,7 +16,7 @@ # -%define VERSION_DATE 20200904 +%define VERSION_DATE 20200909 Name: permissions Version:%{VERSION_DATE}.%{suse_version} ++ _servicedata ++ --- /var/tmp/diff_new_pack.eLW3Cz/_old 2020-09-14 12:02:29.763574564 +0200 +++ /var/tmp/diff_new_pack.eLW3Cz/_new 2020-09-14 12:02:29.763574564 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 8a15e29e48acae7266010212096761ba54065fba \ No newline at end of file + 26cac6fa0260d8c1f80c5d0c522f381d3bea \ No newline at end of file ++ permissions-20200904.tar.xz -> permissions-20200909.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200904/profiles/permissions.easy new/permissions-20200909/profiles/permissions.easy --- old/permissions-20200904/profiles/permissions.easy 2020-09-04 12:48:56.0 +0200 +++ new/permissions-20200909/profiles/permissions.easy 2020-09-09 08:37:43.0 +0200 @@ -15,13 +15,6 @@ # # -# Directories -# - -# for screen's session sockets: -/run/uscreens/ root:root 1777 - -# # /etc # /etc/crontabroot:root 600 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200904/profiles/permissions.paranoid new/permissions-20200909/profiles/permissions.paranoid --- old/permissions-20200904/profiles/permissions.paranoid 2020-09-04 12:48:56.0 +0200 +++ new/permissions-20200909/profiles/permissions.paranoid 2020-09-09 08:37:43.0 +0200 @@ -32,13 +32,6 @@ # in your system. # -# Directories -# -# for screen's session sockets: -/run/uscreens/ root:trusted 1775 - - -# # /etc # /etc/crontabroot:root 600 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200904/profiles/permissions.secure new/permissions-20200909/profiles/permissions.secure --- old/permissions-20200904/profiles/permissions.secure2020-09-04 12:48:56.0 +0200 +++ new/permissions-20200909/profiles/permissions.secure2020-09-09 08:37:43.0 +0200 @@ -54,12 +54,6 @@ # in your system. # -# Directories -# -# for screen's session sockets: -/run/uscreens/ root:root 1777 - -# # /etc # /etc/crontabroot:root 600
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-09-08 22:55:18 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.3399 (New) Package is "permissions" Tue Sep 8 22:55:18 2020 rev:142 rq:832056 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-08-31 16:47:25.108272046 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.3399/permissions.changes 2020-09-08 22:55:21.647754496 +0200 @@ -1,0 +2,7 @@ +Fri Sep 04 10:57:51 UTC 2020 - matthias.gerst...@suse.com + +- Update to version 20200904: + * Add /usr/libexec for cockpit-session as new path + * physlock: whitelist with tight restrictions (bsc#1175720) + +--- Old: permissions-20200826.tar.xz New: permissions-20200904.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.ussFb6/_old 2020-09-08 22:55:22.479754912 +0200 +++ /var/tmp/diff_new_pack.ussFb6/_new 2020-09-08 22:55:22.483754915 +0200 @@ -16,7 +16,7 @@ # -%define VERSION_DATE 20200826 +%define VERSION_DATE 20200904 Name: permissions Version:%{VERSION_DATE}.%{suse_version} ++ _servicedata ++ --- /var/tmp/diff_new_pack.ussFb6/_old 2020-09-08 22:55:22.535754940 +0200 +++ /var/tmp/diff_new_pack.ussFb6/_new 2020-09-08 22:55:22.539754942 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 4d0b7f3f806b4a5f39c61a90fa36de6c6bb6ed9a \ No newline at end of file + 8a15e29e48acae7266010212096761ba54065fba \ No newline at end of file ++ permissions-20200826.tar.xz -> permissions-20200904.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200826/profiles/permissions.easy new/permissions-20200904/profiles/permissions.easy --- old/permissions-20200826/profiles/permissions.easy 2020-08-26 14:32:45.0 +0200 +++ new/permissions-20200904/profiles/permissions.easy 2020-09-04 12:48:56.0 +0200 @@ -362,6 +362,7 @@ # setuid bit for cockpit (bsc#1169614) /usr/lib/cockpit-session root:cockpit-wsinstance 4750 +/usr/libexec/cockpit-session root:cockpit-wsinstance 4750 # binary that launches texlive tools with group "mktex" (bsc#1171686) /usr/lib/mktex/public root:mktex 2755 @@ -369,3 +370,6 @@ # enlightenment privileged desktop operations (bsc#1169238) /usr/lib64/enlightenment/utils/enlightenment_system root:root 4755 + +# physlock (bsc#1175720, not suited for world access) +/usr/bin/physlock root:trusted 04750 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200826/profiles/permissions.paranoid new/permissions-20200904/profiles/permissions.paranoid --- old/permissions-20200826/profiles/permissions.paranoid 2020-08-26 14:32:45.0 +0200 +++ new/permissions-20200904/profiles/permissions.paranoid 2020-09-04 12:48:56.0 +0200 @@ -364,6 +364,7 @@ # setuid bit for cockpit (bsc#1169614) /usr/lib/cockpit-session root:cockpit-wsinstance 0750 +/usr/libexec/cockpit-session root:cockpit-wsinstance 0750 # binary that launches texlive tools with group "mktex" (bsc#1171686) /usr/lib/mktex/public root:mktex 0755 @@ -371,3 +372,6 @@ # enlightenment privileged desktop operations (bsc#1169238) /usr/lib64/enlightenment/utils/enlightenment_system root:root 0755 + +# physlock (bsc#1175720, not suited for world access) +/usr/bin/physlock root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200826/profiles/permissions.secure new/permissions-20200904/profiles/permissions.secure --- old/permissions-20200826/profiles/permissions.secure2020-08-26 14:32:45.0 +0200 +++ new/permissions-20200904/profiles/permissions.secure2020-09-04 12:48:56.0 +0200 @@ -399,6 +399,7 @@ # setuid bit for cockpit (bsc#1169614) /usr/lib/cockpit-session root:cockpit-wsinstance 4750 +/usr/libexec/cockpit-session root:cockpit-wsinstance 4750 # binary that launches texlive tools with group "mktex" (bsc#1171686) /usr/lib/mktex/public root:mktex 2755 @@ -406,3 +407,6 @@ # enlightenment pr
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-08-31 16:47:18 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.3399 (New) Package is "permissions" Mon Aug 31 16:47:18 2020 rev:141 rq:829800 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-08-17 12:00:02.310515648 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.3399/permissions.changes 2020-08-31 16:47:25.108272046 +0200 @@ -1,0 +2,11 @@ +Wed Aug 26 12:33:11 UTC 2020 - malte.kr...@suse.com + +- Update to version 20200826: + * mtr-packet: stop requiring dialout group + * etc/permissions: fix mtr permission + * list_permissions: improve output format + * list_permissions: support globbing in --path argument + * list_permissions: implement simplifications suggested in PR#92 + * list_permissions: new tool for better path configuration overview + +--- Old: permissions-20200811.tar.xz New: permissions-20200826.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.hrRaOF/_old 2020-08-31 16:47:25.980272468 +0200 +++ /var/tmp/diff_new_pack.hrRaOF/_new 2020-08-31 16:47:25.984272470 +0200 @@ -16,7 +16,7 @@ # -%define VERSION_DATE 20200811 +%define VERSION_DATE 20200826 Name: permissions Version:%{VERSION_DATE}.%{suse_version} ++ _servicedata ++ --- /var/tmp/diff_new_pack.hrRaOF/_old 2020-08-31 16:47:26.024272490 +0200 +++ /var/tmp/diff_new_pack.hrRaOF/_new 2020-08-31 16:47:26.024272490 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - a42371988f74c07914cc681f29d8a85b1f043d27 \ No newline at end of file + 4d0b7f3f806b4a5f39c61a90fa36de6c6bb6ed9a \ No newline at end of file ++ permissions-20200811.tar.xz -> permissions-20200826.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200811/profiles/permissions.easy new/permissions-20200826/profiles/permissions.easy --- old/permissions-20200811/profiles/permissions.easy 2020-08-11 13:56:21.0 +0200 +++ new/permissions-20200826/profiles/permissions.easy 2020-08-26 14:32:45.0 +0200 @@ -98,8 +98,8 @@ +capabilities cap_net_raw=p /usr/bin/ping root:root 0755 +capabilities cap_net_raw=p -# mtr is linked against ncurses. For dialout only. -/usr/sbin/mtr root:dialout 0750 +# mtr +/usr/sbin/mtr-packetroot:root 0755 +capabilities cap_net_raw=ep # exim diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200811/profiles/permissions.paranoid new/permissions-20200826/profiles/permissions.paranoid --- old/permissions-20200811/profiles/permissions.paranoid 2020-08-11 13:56:21.0 +0200 +++ new/permissions-20200826/profiles/permissions.paranoid 2020-08-26 14:32:45.0 +0200 @@ -113,8 +113,8 @@ # /usr/bin/clockdiff root:root 0755 /usr/bin/ping root:root 0755 -# mtr is linked against ncurses. -/usr/sbin/mtr root:dialout 0750 +# mtr +/usr/sbin/mtr-packetroot:root 0755 # exim /usr/sbin/exim root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200811/profiles/permissions.secure new/permissions-20200826/profiles/permissions.secure --- old/permissions-20200811/profiles/permissions.secure2020-08-11 13:56:21.0 +0200 +++ new/permissions-20200826/profiles/permissions.secure2020-08-26 14:32:45.0 +0200 @@ -139,8 +139,8 @@ +capabilities cap_net_raw=p /usr/bin/ping root:root 0755 +capabilities cap_net_raw=p -# mtr is linked against ncurses. no suid bit, for root only: -/usr/sbin/mtr root:dialout 0750 +# mtr +/usr/sbin/mtr-packetroot:root 0755 # exim /usr/sbin/exim root:root 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200811/tools/list_permissions.py new/permissions-20200826/tools/list_permissions
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-08-17 11:59:54 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.3399 (New) Package is "permissions" Mon Aug 17 11:59:54 2020 rev:140 rq:825923 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-07-30 09:55:43.799066906 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.3399/permissions.changes 2020-08-17 12:00:02.310515648 +0200 @@ -1,0 +2,7 @@ +Tue Aug 11 12:06:30 UTC 2020 - matthias.gerst...@suse.com + +- Update to version 20200811: + * regtest: support new getcap output format in libcap-2.42 + * regtest: print individual test case errors to stderr + +--- Old: permissions-20200727.tar.xz New: permissions-20200811.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.hJQGPw/_old 2020-08-17 12:00:03.522516324 +0200 +++ /var/tmp/diff_new_pack.hJQGPw/_new 2020-08-17 12:00:03.526516325 +0200 @@ -16,7 +16,7 @@ # -%define VERSION_DATE 20200727 +%define VERSION_DATE 20200811 Name: permissions Version:%{VERSION_DATE}.%{suse_version} ++ _servicedata ++ --- /var/tmp/diff_new_pack.hJQGPw/_old 2020-08-17 12:00:03.574516353 +0200 +++ /var/tmp/diff_new_pack.hJQGPw/_new 2020-08-17 12:00:03.574516353 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 9cbf693925f263969f510e34bf03ee64abb06245 \ No newline at end of file + a42371988f74c07914cc681f29d8a85b1f043d27 \ No newline at end of file ++ permissions-20200727.tar.xz -> permissions-20200811.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200727/tests/regtest.py new/permissions-20200811/tests/regtest.py --- old/permissions-20200727/tests/regtest.py 2020-07-27 13:48:55.0 +0200 +++ new/permissions-20200811/tests/regtest.py 2020-08-11 13:56:21.0 +0200 @@ -694,7 +694,8 @@ if test.getNumErrors() != 0: color_printer.setRed() - print(test.getName(), "encountered", test.getNumErrors(), "errors") + sys.stdout.flush() + print(test.getName(), "encountered", test.getNumErrors(), "errors", file = sys.stderr) if test.getNumWarnings() != 0: color_printer.setYellow() tests_warned += 1 @@ -1048,27 +1049,38 @@ shell = False, ) - # getcap uses a '+' to indicate capability types, while - # permissions uses '=', so adjust accordingly - expected_caps = ','.join(caps).replace('=', '+') + expected_caps = ','.join(caps) actual_caps = "" - # output is something like "/path/to/file = cap_stuff+letters" + # until libcap-2.32 the output format looked like this: + # + # /usr/bin/ping = cap_net_raw+ep + # + # starting from libcap-2.42 it looks like this: + # + # /usr/bin/ping cap_net_raw=p + # + # see bsc#1175076 comment 2. + # So let's be agnostic to the output format. + for line in getcap_out.decode('utf8').splitlines(): - # be prudent about possible spaces or equals in paths, - # even though it should never occur in our test - # environment - parts = line.split('=') - if len(parts) < 2: + if not line.startswith(path): continue - cap_path = '='.join(parts[:-1]).strip() - if cap_path != path: - # not for our file - continue + line = line[len(path):].strip() + parts = line.split() - actual_caps = parts[-1].strip() - break + if len(parts) == 2 and parts[0] == '=': + # the old output format: + # getcap uses a '+' to indicate capability + # types, while permissions uses '=', so adjust + # accordingly +
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-07-30 09:55:40 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.3592 (New) Package is "permissions" Thu Jul 30 09:55:40 2020 rev:139 rq:822971 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-07-15 11:13:53.324935511 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.3592/permissions.changes 2020-07-30 09:55:43.799066906 +0200 @@ -1,0 +2,9 @@ +Mon Jul 27 12:18:04 UTC 2020 - matthias.gerst...@suse.com + +- Update to version 20200727: + * etc/permissions: remove static /var/spool/* dirs + * etc/permissions: remove outdated entries + * etc/permissions: remove unnecessary static dirs and devices + * screen: remove now unused /var/run/uscreens + +--- Old: permissions-20200710.tar.xz New: permissions-20200727.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.rEoXNX/_old 2020-07-30 09:55:45.931067332 +0200 +++ /var/tmp/diff_new_pack.rEoXNX/_new 2020-07-30 09:55:45.935067333 +0200 @@ -16,7 +16,7 @@ # -%define VERSION_DATE 20200710 +%define VERSION_DATE 20200727 Name: permissions Version:%{VERSION_DATE}.%{suse_version} ++ _servicedata ++ --- /var/tmp/diff_new_pack.rEoXNX/_old 2020-07-30 09:55:45.971067340 +0200 +++ /var/tmp/diff_new_pack.rEoXNX/_new 2020-07-30 09:55:45.971067340 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 8c1d3398d1f446ac3f27b293ab9d69ad73aaea6d \ No newline at end of file + 9cbf693925f263969f510e34bf03ee64abb06245 \ No newline at end of file ++ permissions-20200710.tar.xz -> permissions-20200727.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200710/etc/permissions new/permissions-20200727/etc/permissions --- old/permissions-20200710/etc/permissions2020-07-10 11:44:15.0 +0200 +++ new/permissions-20200727/etc/permissions2020-07-27 13:48:55.0 +0200 @@ -38,35 +38,17 @@ # root directories: # -/ root:root 755 -/root/ root:root 700 /tmp/ root:root 1777 /tmp/.X11-unix/ root:root 1777 /tmp/.ICE-unix/ root:root 1777 -/dev/ root:root 755 -/bin/ root:root 755 -/sbin/ root:root 755 -/lib/ root:root 755 -/etc/ root:root 755 -/home/ root:root 755 -/boot/ root:root 755 -/opt/ root:root 755 -/usr/ root:root 755 # # /var: # /var/tmp/ root:root 1777 -/var/log/ root:root 755 -/var/spool/ root:root 755 /var/spool/mqueue/ root:root 700 -/var/spool/news/news:news 775 -/var/spool/voice/ root:root 755 /var/spool/mail/root:root 1777 -/var/adm/ root:root 755 -/var/adm/backup/root:root 700 -/var/cache/ root:root 755 /var/run/nscd/socket root:root 666 /run/nscd/socket root:root 666 @@ -81,24 +63,10 @@ /run/utmp root:utmp 664 # -# some device files -# - -/dev/zero root:root 666 -/dev/null root:root 666 -/dev/full root:root
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-07-15 11:12:57 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.3060 (New) Package is "permissions" Wed Jul 15 11:12:57 2020 rev:138 rq:819968 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-06-24 15:47:30.992079239 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.3060/permissions.changes 2020-07-15 11:13:53.324935511 +0200 @@ -1,0 +2,41 @@ +Fri Jul 10 09:50:04 UTC 2020 - matthias.gerst...@suse.com + +- Update to version 20200710: + * Revert "etc/permissions: remove entries for bind-chrootenv". This +currently conflicts with the way the CheckSUIDPermissions rpmlint-check is +implemented. + +--- +Tue Jul 7 15:56:02 UTC 2020 - Callum Farmer + +- Removed dbus-libexec.patch: contained in upstream + +--- +Tue Jul 07 13:25:40 UTC 2020 - matthias.gerst...@suse.com + +- Update to version 20200624: + * rework permissions.local text (boo#1173221) + * dbus-1: adjust to new libexec dir location (bsc#1171164) + * permission profiles: reinstate kdesud for kde5 + * etc/permissions: remove entries for bind-chrootenv + * etc/permissions: remove traceroute entry + * VirtualBox: remove outdated entry which is only a symlink any more + * /bin/su: remove path refering to symlink + * etc/permissions: remove legacy RPM directory entries + * /etc/permissions: remove outdated sudo directories + * singularity: remove outdated setuid-binary entries + * chromium: remove now unneeded chrome_sandbox entry (bsc#1163588) + * dbus-1: remove deprecated alternative paths + * PolicyKit: remove outdated entries last used in SLE-11 + * pcp: remove no longer needed / conflicting entries + * gnats: remove entries for package removed from Factory + * kdelibs4: remove entries for package removed from Factory + * v4l-base: remove entries for package removed from Factory + * mailman: remove entries for package deleted from Factory + * gnome-pty-helper: remove dead entry no longer part of the vte package + * gnokii: remove entries for package no longer in Factory + * xawtv (v4l-conf): correct group ownership in easy profile + * systemd-journal: remove unnecessary profile entries + * thttp: make makeweb entry usable in the secure profile (bsc#1171580) + +--- Old: dbus-libexec.patch permissions-20200526.tar.xz New: permissions-20200710.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.V7av5q/_old 2020-07-15 11:13:56.784938935 +0200 +++ /var/tmp/diff_new_pack.V7av5q/_new 2020-07-15 11:13:56.784938935 +0200 @@ -16,7 +16,7 @@ # -%define VERSION_DATE 20200526 +%define VERSION_DATE 20200710 Name: permissions Version:%{VERSION_DATE}.%{suse_version} @@ -28,7 +28,6 @@ URL:http://github.com/openSUSE/permissions Source: permissions-%{VERSION_DATE}.tar.xz Source1:fix_version.sh -Patch0: dbus-libexec.patch BuildRequires: gcc-c++ BuildRequires: libcap-devel BuildRequires: libcap-progs @@ -41,7 +40,7 @@ Provides: aaa_base:%{_datadir}/permissions %prep -%autosetup -p1 -n permissions-%{VERSION_DATE} +%autosetup -n permissions-%{VERSION_DATE} %build make %{?_smp_mflags} CFLAGS="-W -Wall %{optflags}" FSCAPS_DEFAULT_ENABLED=0 ++ _servicedata ++ --- /var/tmp/diff_new_pack.V7av5q/_old 2020-07-15 11:13:56.816938967 +0200 +++ /var/tmp/diff_new_pack.V7av5q/_new 2020-07-15 11:13:56.816938967 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 19a5eb449122601ea1f4053b575028d1895fedbb \ No newline at end of file + 8c1d3398d1f446ac3f27b293ab9d69ad73aaea6d \ No newline at end of file ++ permissions-20200526.tar.xz -> permissions-20200710.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200526/etc/permissions new/permissions-20200710/etc/permissions --- old/permissions-20200526/etc/permissions2020-05-26 14:54:31.0 +0200 +++ new/permissions-20200710/etc/permissions2020-07-10 11:44:15.0 +0200 @@ -69,8 +69,6 @@ /var/cache/ root:root 755 /var/run/nscd/socket root:root 666 /run/nscd/socket root:root 666 -/var/run/sudo/
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-06-24 15:47:27 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.2956 (New) Package is "permissions" Wed Jun 24 15:47:27 2020 rev:137 rq:815295 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-06-11 14:41:13.444703391 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.2956/permissions.changes 2020-06-24 15:47:30.992079239 +0200 @@ -1,0 +2,8 @@ +Tue Jun 16 13:23:23 UTC 2020 - malte.kr...@suse.com + +- dbus-1: adjust to new libexec dir location (bsc#1171164). This is + temporarily done through the patch in dbus-libexec.patch because + we are not completely certain the stability of current git. +- run chkstat test suite during RPM build + +--- New: dbus-libexec.patch Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.zEw5jq/_old 2020-06-24 15:47:32.040083757 +0200 +++ /var/tmp/diff_new_pack.zEw5jq/_new 2020-06-24 15:47:32.044083772 +0200 @@ -28,17 +28,20 @@ URL:http://github.com/openSUSE/permissions Source: permissions-%{VERSION_DATE}.tar.xz Source1:fix_version.sh +Patch0: dbus-libexec.patch BuildRequires: gcc-c++ BuildRequires: libcap-devel BuildRequires: libcap-progs BuildRequires: tclap +# test suite +BuildRequires: python3-base Requires: chkstat Requires: permissions-config Recommends: permissions-doc Provides: aaa_base:%{_datadir}/permissions %prep -%setup -q -n permissions-%{VERSION_DATE} +%autosetup -p1 -n permissions-%{VERSION_DATE} %build make %{?_smp_mflags} CFLAGS="-W -Wall %{optflags}" FSCAPS_DEFAULT_ENABLED=0 @@ -46,9 +49,8 @@ %install %make_install fillupdir=%{_fillupdir} -# regression tests disabled for the moment, needs adjustment for the new /usr/share world -#%check -#tests/regtest.py +%check +tests/regtest.py --skip-make > /dev/null %description Permission settings of files and directories depending on the local ++ dbus-libexec.patch ++ Index: permissions-20200526/profiles/permissions.easy === --- permissions-20200526.orig/profiles/permissions.easy +++ permissions-20200526/profiles/permissions.easy @@ -267,6 +267,7 @@ /lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 # dbus-1 in /usr #1056764) /usr/lib/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 +/usr/libexec/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 /usr/lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 # policycoreutils (#440596) Index: permissions-20200526/profiles/permissions.paranoid === --- permissions-20200526.orig/profiles/permissions.paranoid +++ permissions-20200526/profiles/permissions.paranoid @@ -278,6 +278,7 @@ /lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 0750 # dbus-1 in /usr #1056764) /usr/lib/dbus-1/dbus-daemon-launch-helper root:messagebus 0750 +/usr/libexec/dbus-1/dbus-daemon-launch-helper root:messagebus 0750 /usr/lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 0750 # policycoreutils (#440596) Index: permissions-20200526/profiles/permissions.secure === --- permissions-20200526.orig/profiles/permissions.secure +++ permissions-20200526/profiles/permissions.secure @@ -308,6 +308,7 @@ /lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 # dbus-1 in /usr #1056764) /usr/lib/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 +/usr/libexec/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 /usr/lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 # policycoreutils (#440596)
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-06-11 14:40:46 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.3606 (New) Package is "permissions" Thu Jun 11 14:40:46 2020 rev:136 rq:810755 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-05-29 21:35:33.506325063 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.3606/permissions.changes 2020-06-11 14:41:13.444703391 +0200 @@ -1,0 +2,6 @@ +Tue May 26 13:03:52 UTC 2020 - matthias.gerst...@suse.com + +- Update to version 20200526: + * profiles: add entries for enlightenment (bsc#1171686) + +--- Old: permissions-20200520.tar.xz New: permissions-20200526.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.6r5ZUr/_old 2020-06-11 14:41:14.584706776 +0200 +++ /var/tmp/diff_new_pack.6r5ZUr/_new 2020-06-11 14:41:14.584706776 +0200 @@ -16,7 +16,7 @@ # -%define VERSION_DATE 20200520 +%define VERSION_DATE 20200526 Name: permissions Version:%{VERSION_DATE}.%{suse_version} ++ _servicedata ++ --- /var/tmp/diff_new_pack.6r5ZUr/_old 2020-06-11 14:41:14.620706883 +0200 +++ /var/tmp/diff_new_pack.6r5ZUr/_new 2020-06-11 14:41:14.620706883 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - d6344d0fa65aa85c9da0c9a9df00f21a7ddc95b3 \ No newline at end of file + 19a5eb449122601ea1f4053b575028d1895fedbb \ No newline at end of file ++ permissions-20200520.tar.xz -> permissions-20200526.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200520/profiles/permissions.easy new/permissions-20200526/profiles/permissions.easy --- old/permissions-20200520/profiles/permissions.easy 2020-05-20 10:39:07.0 +0200 +++ new/permissions-20200526/profiles/permissions.easy 2020-05-26 14:54:31.0 +0200 @@ -451,3 +451,6 @@ # binary that launches texlive tools with group "mktex" (bsc#1171686) /usr/lib/mktex/public root:mktex 2755 /usr/libexec/mktex/public root:mktex 2755 + +# enlightenment privileged desktop operations (bsc#1169238) +/usr/lib64/enlightenment/utils/enlightenment_system root:root 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200520/profiles/permissions.paranoid new/permissions-20200526/profiles/permissions.paranoid --- old/permissions-20200520/profiles/permissions.paranoid 2020-05-20 10:39:07.0 +0200 +++ new/permissions-20200526/profiles/permissions.paranoid 2020-05-26 14:54:31.0 +0200 @@ -451,3 +451,6 @@ # binary that launches texlive tools with group "mktex" (bsc#1171686) /usr/lib/mktex/public root:mktex 0755 /usr/libexec/mktex/public root:mktex 0755 + +# enlightenment privileged desktop operations (bsc#1169238) +/usr/lib64/enlightenment/utils/enlightenment_system root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200520/profiles/permissions.secure new/permissions-20200526/profiles/permissions.secure --- old/permissions-20200520/profiles/permissions.secure2020-05-20 10:39:07.0 +0200 +++ new/permissions-20200526/profiles/permissions.secure2020-05-26 14:54:31.0 +0200 @@ -488,3 +488,6 @@ # binary that launches texlive tools with group "mktex" (bsc#1171686) /usr/lib/mktex/public root:mktex 2755 /usr/libexec/mktex/public root:mktex 2755 + +# enlightenment privileged desktop operations (bsc#1169238) +/usr/lib64/enlightenment/utils/enlightenment_system root:root 4755
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-05-29 21:19:46 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.3606 (New) Package is "permissions" Fri May 29 21:19:46 2020 rev:135 rq:807568 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-05-12 22:25:31.175016360 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.3606/permissions.changes 2020-05-29 21:35:33.506325063 +0200 @@ -1,0 +2,34 @@ +Wed May 20 09:02:14 UTC 2020 - matthias.gerst...@suse.com + +- Update to version 20200520: + * permissions fixed profile: utempter: reinstate libexec compatibility entry + +--- +Tue May 19 09:14:38 UTC 2020 - matthias.gerst...@suse.com + +- Update to version 20200519: + * chkstat: fix sign conversion warnings on 32-bit architectures + * chkstat: allow simultaneous use of `--set` and `--system` + * regtest: adjust TestUnkownOwnership test to new warning output behaviour + +--- +Mon May 18 12:06:10 UTC 2020 - malte.kr...@suse.com + +- Update to version 20200518: + * whitelist texlive public binary (bsc#1171686) + +--- +Fri May 15 09:49:48 UTC 2020 - matthias.gerst...@suse.com + +- Update to version 20200514: + * fixed permissions: adjust to new libexec dir location (bsc#1171164) +(affects utempter path) + +--- +Wed May 13 12:09:17 UTC 2020 - matthias.gerst...@suse.com + +- Update to version 20200513: + * major rewrite of the chkstat tool + * setuid bit for cockpit (bsc#1169614) + +--- Old: permissions-20200506.tar.xz New: permissions-20200520.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.tekRUj/_old 2020-05-29 21:35:34.138326944 +0200 +++ /var/tmp/diff_new_pack.tekRUj/_new 2020-05-29 21:35:34.142326956 +0200 @@ -16,7 +16,7 @@ # -%define VERSION_DATE 20200506 +%define VERSION_DATE 20200520 Name: permissions Version:%{VERSION_DATE}.%{suse_version} @@ -31,6 +31,7 @@ BuildRequires: gcc-c++ BuildRequires: libcap-devel BuildRequires: libcap-progs +BuildRequires: tclap Requires: chkstat Requires: permissions-config Recommends: permissions-doc ++ _servicedata ++ --- /var/tmp/diff_new_pack.tekRUj/_old 2020-05-29 21:35:34.178327063 +0200 +++ /var/tmp/diff_new_pack.tekRUj/_new 2020-05-29 21:35:34.178327063 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 8c6029212030ca9c4fc90a60ff26411acd64a565 \ No newline at end of file + d6344d0fa65aa85c9da0c9a9df00f21a7ddc95b3 \ No newline at end of file ++ permissions-20200506.tar.xz -> permissions-20200520.tar.xz ++ 3745 lines of diff (skipped)
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-05-12 22:25:21 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.2738 (New) Package is "permissions" Tue May 12 22:25:21 2020 rev:134 rq:801106 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-03-30 22:50:52.947755978 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.2738/permissions.changes 2020-05-12 22:25:31.175016360 +0200 @@ -1,0 +2,7 @@ +Thu May 07 09:50:15 UTC 2020 - malte.kr...@suse.com + +- Update to version 20200506: + * add whitelist for files in /usr/lib to be also allowed in +/usr/libexec (bsc#1171164) + +--- Old: permissions-20200324.tar.xz New: permissions-20200506.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.svhQ1u/_old 2020-05-12 22:25:34.263022805 +0200 +++ /var/tmp/diff_new_pack.svhQ1u/_new 2020-05-12 22:25:34.263022805 +0200 @@ -16,7 +16,7 @@ # -%define VERSION_DATE 20200324 +%define VERSION_DATE 20200506 Name: permissions Version:%{VERSION_DATE}.%{suse_version} ++ _servicedata ++ --- /var/tmp/diff_new_pack.svhQ1u/_old 2020-05-12 22:25:34.303022889 +0200 +++ /var/tmp/diff_new_pack.svhQ1u/_new 2020-05-12 22:25:34.303022889 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 5a8f6ce8743fba27666b634dda7a099e027b2edf \ No newline at end of file + 8c6029212030ca9c4fc90a60ff26411acd64a565 \ No newline at end of file ++ permissions-20200324.tar.xz -> permissions-20200506.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200324/profiles/permissions.easy new/permissions-20200506/profiles/permissions.easy --- old/permissions-20200324/profiles/permissions.easy 2020-03-24 12:57:25.0 +0100 +++ new/permissions-20200506/profiles/permissions.easy 2020-05-06 13:37:10.0 +0200 @@ -112,6 +112,7 @@ # libgnomesu (#75823, #175616) /usr/lib/libgnomesu/gnomesu-pam-backend root:root 4755 +/usr/libexec/libgnomesu/gnomesu-pam-backend root:root 4755 # # networking (need root for the privileged socket) @@ -143,6 +144,7 @@ # setuid needed on the text console to set the terminal content on ctrl-o # #66112 /usr/lib/mc/cons.saver root:root 4755 +/usr/libexec/mc/cons.saver root:root 4755 # @@ -179,13 +181,21 @@ # amanda # /usr/lib/amanda/calcsizeroot:amanda 4750 +/usr/libexec/amanda/calcsizeroot:amanda 4750 /usr/lib/amanda/rundump root:amanda 4750 +/usr/libexec/amanda/rundump root:amanda 4750 /usr/lib/amanda/runtar root:amanda 4750 +/usr/libexec/amanda/runtar root:amanda 4750 /usr/lib/amanda/killpgrproot:amanda 4750 +/usr/libexec/amanda/killpgrproot:amanda 4750 /usr/lib/amanda/ambind root:amanda 4750 +/usr/libexec/amanda/ambind root:amanda 4750 /usr/lib/amanda/application/ambsdtarroot:amanda 4750 +/usr/libexec/amanda/application/ambsdtarroot:amanda 4750 /usr/lib/amanda/application/amgtar root:amanda 4750 +/usr/libexec/amanda/application/amgtar root:amanda 4750 /usr/lib/amanda/application/amstar root:amanda 4750 +/usr/libexec/amanda/application/amstar root:amanda 4750 # @@ -205,13 +215,17 @@ # for operation. (#67032, #594393) # /usr/lib/news/bin/rnews news:uucp 4550 +/usr/libexec/news/bin/rnews news:uucp 4550 /usr/lib/news/bin/inews news:news 2555 +/usr/libexec/news/bin/inews news:news 2555 /usr/lib/news/bin/innbind root:news 4550 +/usr/libexec/news/bin/innbind root:news 4550 # # sendfax # /usr/lib/mgetty+sendfax/faxq-helper fax:root 4755 +/usr/libexec/mgetty+sendfax/faxq-helper fax:root 4755 /var/spool/f
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-03-30 22:50:49 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.3160 (New) Package is "permissions" Mon Mar 30 22:50:49 2020 rev:133 rq:787823 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-03-06 21:23:24.365419871 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new.3160/permissions.changes 2020-03-30 22:50:52.947755978 +0200 @@ -1,0 +2,15 @@ +Tue Mar 24 12:52:07 UTC 2020 - jseg...@suse.de + +- Update to version 20200324: + * whitelist s390-tools setgid bit on log directory (bsc#1167163) + * whitelist WMP (bsc#1161335) + * regtest: improve readability of path variables by using literals + * regtest: adjust test suite to new path locations in /usr/share/permissions + * regtest: only catch explicit FileNotFoundError + * regtest: provide valid home directory in /root + * regtest: mount permissions src repository in /usr/src/permissions + * regtest: move initialialization of TestBase paths into the prepare() function + * chkstat: suppport new --config-root command line option + * fix spelling of icingacmd group + +--- Old: permissions-20200228.tar.xz New: permissions-20200324.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.26hX2r/_old 2020-03-30 22:50:53.531756297 +0200 +++ /var/tmp/diff_new_pack.26hX2r/_new 2020-03-30 22:50:53.535756298 +0200 @@ -16,7 +16,7 @@ # -%define VERSION_DATE 20200228 +%define VERSION_DATE 20200324 Name: permissions Version:%{VERSION_DATE}.%{suse_version} ++ _servicedata ++ --- /var/tmp/diff_new_pack.26hX2r/_old 2020-03-30 22:50:53.567756316 +0200 +++ /var/tmp/diff_new_pack.26hX2r/_new 2020-03-30 22:50:53.567756316 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - bfa5f7c7437b3fa939b0a88007e2d1cc6de605c9 \ No newline at end of file + 5a8f6ce8743fba27666b634dda7a099e027b2edf \ No newline at end of file ++ permissions-20200228.tar.xz -> permissions-20200324.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200228/profiles/permissions.easy new/permissions-20200324/profiles/permissions.easy --- old/permissions-20200228/profiles/permissions.easy 2020-02-28 09:49:05.0 +0100 +++ new/permissions-20200324/profiles/permissions.easy 2020-03-24 12:57:25.0 +0100 @@ -351,7 +351,7 @@ +capabilities cap_net_bind_service=ep # icinga2 (bsc#1069410) -/run/icinga2/cmd/ icinga:icingagmd 2750 +/run/icinga2/cmd/ icinga:icingacmd 2750 # fping (bsc#1047921) /usr/sbin/fpingroot:root 0755 @@ -397,3 +397,9 @@ # mariadb auth_pam_tool (bsc#1160285) /usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_toolroot:root 4755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool root:root 4755 + +# Workload Memory Protection (bsc#1161335) +/usr/lib/sapwmp/sapwmp-capture root:sapsys4750 + +# s390-tools log directory for ts-shell (bsc#1167163) +/var/log/ts-shell/ root:ts-shell 2770 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200228/profiles/permissions.paranoid new/permissions-20200324/profiles/permissions.paranoid --- old/permissions-20200228/profiles/permissions.paranoid 2020-02-28 09:49:05.0 +0100 +++ new/permissions-20200324/profiles/permissions.paranoid 2020-03-24 12:57:25.0 +0100 @@ -358,7 +358,7 @@ /usr/lib/gvfs/gvfsd-nfs root:root 0755 # icinga2 (bsc#1069410) -/run/icinga2/cmd/ icinga:icingagmd 0750 +/run/icinga2/cmd/ icinga:icingacmd 0750 # fping (bsc#1047921) /usr/sbin/fping root:root 0755 @@ -400,3 +400,9 @@ # mariadb auth_pam_tool (bsc#1160285) /usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_toolroot:root 0755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool root:root 0755 + +# Workload Memory Protection (bsc#1161335) +/usr/lib/sapwmp/sapwmp-capture root:sapsys0750 + +# s390-tools log directory for ts-shell (bsc#1167163) +/var/log/ts-shell/ root:ts
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-03-06 21:23:21 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.26092 (New) Package is "permissions" Fri Mar 6 21:23:21 2020 rev:132 rq:780979 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-02-21 16:40:25.925802159 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new.26092/permissions.changes 2020-03-06 21:23:24.365419871 +0100 @@ -1,0 +2,55 @@ +Fri Feb 28 12:00:44 UTC 2020 - malte.kr...@suse.com + +- Update to version 20200228: + * chkstat: fix readline() on platforms with unsigned char + +--- +Thu Feb 27 12:29:29 UTC 2020 - malte.kr...@suse.com + +- Update to version 20200227: + * remove capability whitelisting for radosgw + * whitelist ceph log directory (bsc#1150366) + * adjust testsuite to post CVE-2020-8013 link handling + * testsuite: add option to not mount /proc + * do not follow symlinks that are the final path element: CVE-2020-8013 + * add a test for symlinked directories + * fix relative symlink handling + * include cpp compat headers, not C headers + * Move permissions and permissions.* except .local to /usr/share/permissions + * regtest: fix the static PATH list which was missing /usr/bin + * regtest: also unshare the PID namespace to support /proc mounting + * regtest: bindMount(): explicitly reject read-only recursive mounts + * Makefile: force remove upon clean target to prevent bogus errors + * regtest: by default automatically (re)build chkstat before testing + * regtest: add test for symlink targets + * regtest: make capability setting tests optional + * regtest: fix capability assertion helper logic + * regtests: add another test case that catches set*id or caps in world-writable sub-trees + * regtest: add another test that catches when privilege bits are set for special files + * regtest: add test case for user owned symlinks + * regtest: employ subuid and subgid feature in user namespace + * regtest: add another test case that covers unknown user/group config + * regtest: add another test that checks rejection of insecure mixed-owner paths + * regtest: add test that checks for rejection of world-writable paths + * regtest: add test for detection of unexpected parent directory ownership + * regtest: add further helper functions, allow access to main instance + * regtest: introduce some basic coloring support to improve readability + * regtest: sort imports, another piece of rationale + * regtest: add capability test case + * regtest: improve error flagging of test cases and introduce warnings + * regtest: support caps + * regtest: add a couple of command line parameter test cases + * regtest: add another test that checks whether the default profile works + * regtests: add tests for correct application of local profiles + * regtest: add further test cases that test correct profile application + * regtest: simplify test implementation and readability + * regtest: add helpers for permissions.d per package profiles + * regtest: support read-only bind mounts, also bind-mount permissions repo + * tests: introduce a regression test suite for chkstat + * Makefile: allow to build test version programmatically + * README.md: add basic readme file that explains the repository's purpose + * chkstat: change and harmonize coding style + * chkstat: switch to C++ compilation unit +- add suse_version to end of permissions package version + +--- Old: permissions-20200213.tar.xz New: permissions-20200228.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.Us6QpT/_old 2020-03-06 21:23:24.849420138 +0100 +++ /var/tmp/diff_new_pack.Us6QpT/_new 2020-03-06 21:23:24.853420141 +0100 @@ -16,26 +16,28 @@ # -%define VERSION 20200213 +%define VERSION_DATE 20200228 Name: permissions -Version:%{VERSION} +Version:%{VERSION_DATE}.%{suse_version} Release:0 Summary:SUSE Linux Default Permissions # Maintained in github by the security team. License:GPL-2.0-or-later Group: Productivity/Security URL:http://github.com/openSUSE/permissions -Source: permissions-%{version}.tar.xz +Source: permissions-%{VERSION_DATE}.tar.xz Source1:fix_version.sh +BuildRequires: gcc-c++ BuildRequires: libcap-devel +BuildRequires: libcap-progs Requires: chkstat Requires: permissions-config Recommends: permissions-doc -P
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-02-21 16:39:57 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.26092 (New) Package is "permissions" Fri Feb 21 16:39:57 2020 rev:131 rq:774158 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-02-13 10:10:56.484319996 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new.26092/permissions.changes 2020-02-21 16:40:25.925802159 +0100 @@ -1,0 +2,9 @@ +Thu Feb 13 12:10:41 UTC 2020 - malte.kr...@suse.com + +- Update to version 20200213: + * remove obsolete/broken entries for rcp/rsh/rlogin + * chkstat: handle symlinks in final path elements correctly + * Revert "Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)"" + * Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)" + +--- Old: permissions-20200204.tar.xz New: permissions-20200213.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.ab2Abo/_old 2020-02-21 16:40:26.481803270 +0100 +++ /var/tmp/diff_new_pack.ab2Abo/_new 2020-02-21 16:40:26.485803279 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,7 +16,7 @@ # -%define VERSION 20200204 +%define VERSION 20200213 Name: permissions Version:%{VERSION} ++ _servicedata ++ --- /var/tmp/diff_new_pack.ab2Abo/_old 2020-02-21 16:40:26.513803334 +0100 +++ /var/tmp/diff_new_pack.ab2Abo/_new 2020-02-21 16:40:26.513803334 +0100 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 402e7433e5b8114ea2e591ed6a8eadca8936127d \ No newline at end of file + 8676fc316fb0b9eb56ad9d354b8cafb8b1f2f258 \ No newline at end of file ++ permissions-20200204.tar.xz -> permissions-20200213.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200204/profiles/permissions.easy new/permissions-20200213/profiles/permissions.easy --- old/permissions-20200204/profiles/permissions.easy 2020-02-04 13:19:11.0 +0100 +++ new/permissions-20200213/profiles/permissions.easy 2020-02-13 13:07:21.0 +0100 @@ -122,9 +122,6 @@ # mtr is linked against ncurses. For dialout only. /usr/sbin/mtr root:dialout 0750 +capabilities cap_net_raw=ep -/usr/bin/rcproot:root 4755 -/usr/bin/rlogin root:root 4755 -/usr/bin/rshroot:root 4755 # exim /usr/sbin/exim root:root 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200204/profiles/permissions.paranoid new/permissions-20200213/profiles/permissions.paranoid --- old/permissions-20200204/profiles/permissions.paranoid 2020-02-04 13:19:11.0 +0100 +++ new/permissions-20200213/profiles/permissions.paranoid 2020-02-13 13:07:21.0 +0100 @@ -135,9 +135,6 @@ /usr/bin/ping root:root 0755 # mtr is linked against ncurses. /usr/sbin/mtr root:dialout 0750 -/usr/bin/rcproot:root 0755 -/usr/bin/rlogin root:root 0755 -/usr/bin/rshroot:root 0755 # exim /usr/sbin/exim root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20200204/profiles/permissions.secure new/permissions-20200213/profiles/permissions.secure --- old/permissions-20200204/profiles/permissions.secure2020-02-04 13:19:11.0 +0100 +++ new/permissions-20200213/profiles/permissions.secure2020-02-13 13:07:21.0 +0100 @@ -162,9 +162,6 @@ +capabilities cap_net_raw=p # mtr is linked against ncurses. no suid bit, for root only: /usr/sbin/mtr root:dialout 0750 -/usr/bin/rcproot:root 4755 -/usr/bin/rlogin
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2020-02-13 10:10:50 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.26092 (New) Package is "permissions" Thu Feb 13 10:10:50 2020 rev:130 rq:769971 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-12-07 15:13:59.239807746 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new.26092/permissions.changes 2020-02-13 10:10:56.484319996 +0100 @@ -1,0 +2,17 @@ +Tue Feb 04 12:20:43 UTC 2020 - matthias.gerst...@suse.com + +- Update to version 20200204: + * mariadb: settings for new auth_pam_tool (bsc#1160285) + * chkstat: +- add read-only fallback when /proc is not mounted (bsc#1160764) +- capability handling fixes (bsc#1161779) +- better error message when refusing to fix dir perms (#32) + +--- +Mon Jan 27 11:58:17 UTC 2020 - malte.kr...@suse.com + +- Update to version 20200127: + * fix paths of ksysguard whitelisting + * fix zero-termination of error message for overly long paths + +--- Old: permissions-20191205.tar.xz New: permissions-20200204.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.08lMlz/_old 2020-02-13 10:10:57.008320300 +0100 +++ /var/tmp/diff_new_pack.08lMlz/_new 2020-02-13 10:10:57.012320302 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,7 +16,7 @@ # -%define VERSION 20191205 +%define VERSION 20200204 Name: permissions Version:%{VERSION} ++ _servicedata ++ --- /var/tmp/diff_new_pack.08lMlz/_old 2020-02-13 10:10:57.044320321 +0100 +++ /var/tmp/diff_new_pack.08lMlz/_new 2020-02-13 10:10:57.044320321 +0100 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 530cade2a85b318e8cb35261f3d2da5223c11af2 \ No newline at end of file + 402e7433e5b8114ea2e591ed6a8eadca8936127d \ No newline at end of file ++ permissions-20191205.tar.xz -> permissions-20200204.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20191205/Makefile new/permissions-20200204/Makefile --- old/permissions-20191205/Makefile 2019-12-05 15:28:14.0 +0100 +++ new/permissions-20200204/Makefile 2020-02-04 13:19:11.0 +0100 @@ -19,6 +19,7 @@ CPPFLAGS += -DFSCAPS_DEFAULT_ENABLED=$(FSCAPS_DEFAULT_ENABLED) all: src/chkstat + @if grep -o -P '\t' src/chkstat.c ; then echo "error: chkstat.c mixes tabs and spaces!" ; touch src/chkstat.c ; exit 1 ; fi ; : install: all @for i in $(bindir) $(man8dir) $(man5dir) $(fillupdir) $(sysconfdir) $(zypp_commit_plugins); \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20191205/profiles/permissions.easy new/permissions-20200204/profiles/permissions.easy --- old/permissions-20191205/profiles/permissions.easy 2019-12-05 15:28:14.0 +0100 +++ new/permissions-20200204/profiles/permissions.easy 2020-02-04 13:19:11.0 +0100 @@ -395,5 +395,11 @@ /var/spool/nagios/ nagios:nagcmd 2775 # ksysguard network helper (bsc#1151190) -/usr/libexec/ksysguard/ksgrd_network_helper root:root 0755 +/usr/lib/libexec/ksysguard/ksgrd_network_helper root:root 0755 +capabilities cap_net_raw=ep +/usr/lib64/libexec/ksysguard/ksgrd_network_helper root:root 0755 + +capabilities cap_net_raw=ep + +# mariadb auth_pam_tool (bsc#1160285) +/usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_toolroot:root 4755 +/usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool root:root 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20191205/profiles/permissions.paranoid new/permissions-20200204/profiles/permissions.paranoid --- old/permissions-20191205/profiles/permissions.paranoid 2019-12-05 15:28:14.0 +0100 +++ new/permissions-20200204/profiles/permissions.paranoid 2020-02-04 13:19:11.0 +0100 @@ -398,4 +398,9 @@ /var/spool/nagios/ nagios:nagcmd 0770 # ksysguard network helper (bsc#1151190) -/usr/libexec/ksysguard/ksg
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2019-12-07 15:12:21 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.4691 (New) Package is "permissions" Sat Dec 7 15:12:21 2019 rev:129 rq:754442 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-11-23 23:14:54.078759179 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new.4691/permissions.changes 2019-12-07 15:13:59.239807746 +0100 @@ -1,0 +2,13 @@ +Thu Dec 05 14:31:49 UTC 2019 - malte.kr...@suse.com + +- Update to version 20191205: + * fix privilege escalation through untrusted symlinks (bsc#1150734, +CVE-2019-3690) + +--- +Wed Nov 27 12:47:23 UTC 2019 - matthias.gerst...@suse.com + +- Update to version 20191122: + * faxq-helper: correct "secure" permission for trusted group (bsc#1157498) + +--- Old: permissions-20191118.tar.xz New: permissions-20191205.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.8ca8Z3/_old 2019-12-07 15:14:04.111807056 +0100 +++ /var/tmp/diff_new_pack.8ca8Z3/_new 2019-12-07 15:14:04.119807054 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2019 SUSE LLC. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,7 +16,7 @@ # -%define VERSION 20191118 +%define VERSION 20191205 Name: permissions Version:%{VERSION} ++ _servicedata ++ --- /var/tmp/diff_new_pack.8ca8Z3/_old 2019-12-07 15:14:04.155807050 +0100 +++ /var/tmp/diff_new_pack.8ca8Z3/_new 2019-12-07 15:14:04.155807050 +0100 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 352142ec492b76beb495b46bc64f159af5635c8a \ No newline at end of file + 530cade2a85b318e8cb35261f3d2da5223c11af2 \ No newline at end of file ++ permissions-20191118.tar.xz -> permissions-20191205.tar.xz ++ 1755 lines of diff (skipped)
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2019-11-23 23:14:49 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.26869 (New) Package is "permissions" Sat Nov 23 23:14:49 2019 rev:128 rq:749269 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-10-11 15:10:36.617209826 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.26869/permissions.changes 2019-11-23 23:14:54.078759179 +0100 @@ -1,0 +2,13 @@ +Mon Nov 18 09:52:14 UTC 2019 - malte.kr...@suse.com + +- Update to version 20191118: + * whitelist ksysguard network helper (bsc#1151190) + +--- +Tue Nov 12 12:45:12 UTC 2019 - malte.kr...@suse.com + +- Update to version 20191112: + * fix syntax of paranoid profile + * fix squid permissions (bsc#1093414, CVE-2019-3688) + +--- Old: permissions-20190913.tar.xz New: permissions-20191118.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.9o5cWI/_old 2019-11-23 23:14:54.614759236 +0100 +++ /var/tmp/diff_new_pack.9o5cWI/_new 2019-11-23 23:14:54.618759237 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,7 +16,7 @@ # -%define VERSION 20190913 +%define VERSION 20191118 Name: permissions Version:%{VERSION} @@ -25,7 +25,7 @@ # Maintained in github by the security team. License:GPL-2.0-or-later Group: Productivity/Security -Url:http://github.com/openSUSE/permissions +URL:http://github.com/openSUSE/permissions Source: permissions-%{version}.tar.xz Source1:fix_version.sh BuildRequires: libcap-devel @@ -88,7 +88,7 @@ %post config %{fillup_only -n security} # apply all potentially changed permissions -%{_bindir}/chkstat --system || exit 0 +%{_bindir}/chkstat --system || : %package -n chkstat Summary:SUSE Linux Default Permissions tool ++ _servicedata ++ --- /var/tmp/diff_new_pack.9o5cWI/_old 2019-11-23 23:14:54.650759240 +0100 +++ /var/tmp/diff_new_pack.9o5cWI/_new 2019-11-23 23:14:54.650759240 +0100 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - dae6a13e2ed283d181b99d4dc14bcd7d5c2b89d3 \ No newline at end of file + 352142ec492b76beb495b46bc64f159af5635c8a \ No newline at end of file ++ permissions-20190913.tar.xz -> permissions-20191118.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20190913/profiles/permissions.easy new/permissions-20191118/profiles/permissions.easy --- old/permissions-20190913/profiles/permissions.easy 2019-09-13 11:54:23.0 +0200 +++ new/permissions-20191118/profiles/permissions.easy 2019-11-18 10:50:27.0 +0100 @@ -68,7 +68,7 @@ # squid changes from bnc#891268 /var/cache/squid/ squid:root0750 /var/log/squid/ squid:root0750 -/usr/sbin/pingersquid:root0750 +/usr/sbin/pingerroot:squid0750 +capabilities cap_net_raw=ep /usr/sbin/basic_pam_authroot:shadow 2750 @@ -393,3 +393,7 @@ # nagios (bsc#1028975) /var/spool/nagios/ nagios:nagcmd 2775 + +# ksysguard network helper (bsc#1151190) +/usr/libexec/ksysguard/ksgrd_network_helper root:root 0755 + +capabilities cap_net_raw=ep diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20190913/profiles/permissions.paranoid new/permissions-20191118/profiles/permissions.paranoid --- old/permissions-20190913/profiles/permissions.paranoid 2019-09-13 11:54:23.0 +0200 +++ new/permissions-20191118/profiles/permissions.paranoid 2019-11-18 10:50:27.0 +0100 @@ -85,7 +85,7 @@ # /quid changes from bnc#891268 /var/cache/squid/ squid:root0750 /var/log/squid/ squid:root0750 -/usr/sbin/pingersquid:root0750 +/usr/sbin/pinger
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2019-10-11 15:09:45 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.2352 (New) Package is "permissions" Fri Oct 11 15:09:45 2019 rev:127 rq:734799 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-09-26 20:34:40.359594462 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.2352/permissions.changes 2019-10-11 15:10:36.617209826 +0200 @@ -1,0 +2,9 @@ +Thu Oct 3 12:38:09 UTC 2019 - Tomáš Chvátal + +- Add || exit 0 on the scriptlet as it can actually fail in + rootless containers with podman. This makes sure the zypper + does not abort the container creation. + * the actual error looks like: +/dev/zero: chown: Operation not permitted + +--- Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.PYQAa3/_old 2019-10-11 15:10:40.733198511 +0200 +++ /var/tmp/diff_new_pack.PYQAa3/_new 2019-10-11 15:10:40.741198489 +0200 @@ -88,7 +88,7 @@ %post config %{fillup_only -n security} # apply all potentially changed permissions -%{_bindir}/chkstat --system +%{_bindir}/chkstat --system || exit 0 %package -n chkstat Summary:SUSE Linux Default Permissions tool
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2019-09-26 20:34:38 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.2352 (New) Package is "permissions" Thu Sep 26 20:34:38 2019 rev:126 rq:730732 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-09-11 10:24:40.455478892 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.2352/permissions.changes 2019-09-26 20:34:40.359594462 +0200 @@ -1,0 +2,7 @@ +Fri Sep 13 11:19:42 UTC 2019 - jseg...@suse.de + +- Update to version 20190913: + * setgid bit for nagios directory (bsc#1028975, bsc#1150345) +- This also restructures the sources for the permission package + +--- Old: permissions-20190830.tar.xz New: permissions-20190913.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.jhIuto/_old 2019-09-26 20:34:41.551591276 +0200 +++ /var/tmp/diff_new_pack.jhIuto/_new 2019-09-26 20:34:41.91264 +0200 @@ -16,7 +16,7 @@ # -%define VERSION 20190830 +%define VERSION 20190913 Name: permissions Version:%{VERSION} ++ _servicedata ++ --- /var/tmp/diff_new_pack.jhIuto/_old 2019-09-26 20:34:41.635591051 +0200 +++ /var/tmp/diff_new_pack.jhIuto/_new 2019-09-26 20:34:41.651591008 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 081d081dcfaf61710bda34bc21c80c66276119aa \ No newline at end of file + dae6a13e2ed283d181b99d4dc14bcd7d5c2b89d3 \ No newline at end of file ++ permissions-20190830.tar.xz -> permissions-20190913.tar.xz ++ 6112 lines of diff (skipped)
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2019-09-11 10:24:38 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.7948 (New) Package is "permissions" Wed Sep 11 10:24:38 2019 rev:125 rq:727267 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-07-16 08:28:38.535387305 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.7948/permissions.changes 2019-09-11 10:24:40.455478892 +0200 @@ -1,0 +2,19 @@ +Fri Aug 30 14:20:09 UTC 2019 - malte.kr...@suse.com + +- Update to version 20190830: + * dumpcap: remove 'other' executable bit because of capabilities (boo#1148788, CVE-2019-3687) + +--- +Thu Aug 29 15:38:28 UTC 2019 - malte.kr...@suse.com + +- Update to version 20190829: + * add one more missing slash for icinga2 + * fix more missing slashes for directories + +--- +Tue Aug 20 08:56:35 UTC 2019 - malte.kr...@suse.com + +- Update to version 20190820: + * cron directory permissions: add slashes + +--- Old: permissions-20190711.tar.xz New: permissions-20190830.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.NZ6Oad/_old 2019-09-11 10:24:41.471478765 +0200 +++ /var/tmp/diff_new_pack.NZ6Oad/_new 2019-09-11 10:24:41.475478765 +0200 @@ -16,7 +16,7 @@ # -%define VERSION 20190711 +%define VERSION 20190830 Name: permissions Version:%{VERSION} ++ _servicedata ++ --- /var/tmp/diff_new_pack.NZ6Oad/_old 2019-09-11 10:24:41.507478761 +0200 +++ /var/tmp/diff_new_pack.NZ6Oad/_new 2019-09-11 10:24:41.507478761 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 5da6a81e38bb74f2090d73208b1a0101a0c5b73b \ No newline at end of file + 081d081dcfaf61710bda34bc21c80c66276119aa \ No newline at end of file ++ permissions-20190711.tar.xz -> permissions-20190830.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20190711/permissions.easy new/permissions-20190830/permissions.easy --- old/permissions-20190711/permissions.easy 2019-07-11 16:16:25.0 +0200 +++ new/permissions-20190830/permissions.easy 2019-08-30 16:19:23.0 +0200 @@ -31,11 +31,11 @@ /var/lib/nfs/rmtab root:root 644 /etc/syslog.confroot:root 644 /etc/ssh/sshd_configroot:root 640 -/etc/cron.d root:root 755 -/etc/cron.daily root:root 755 -/etc/cron.hourlyroot:root 755 -/etc/cron.monthly root:root 755 -/etc/cron.weeklyroot:root 755 +/etc/cron.d/root:root 755 +/etc/cron.daily/root:root 755 +/etc/cron.hourly/ root:root 755 +/etc/cron.monthly/ root:root 755 +/etc/cron.weekly/ root:root 755 # # suid system programs that need the suid bit to work: @@ -287,7 +287,7 @@ /sbin/mount.ecryptfs_private root:root 4755 # wireshark (bsc#957624) -/usr/bin/dumpcap root:wireshark0755 +/usr/bin/dumpcap root:wireshark0750 +capabilities cap_net_raw,cap_net_admin=ep # singularity (bsc#1028304) @@ -357,7 +357,7 @@ +capabilities cap_net_bind_service=ep # icinga2 (bsc#1069410) -/run/icinga2/cmd icinga:icingagmd 2750 +/run/icinga2/cmd/ icinga:icingagmd 2750 # fping (bsc#1047921) /usr/sbin/fpingroot:root 0755 @@ -365,7 +365,7 @@ # usbauth (bsc#1066877) /usr/bin/usbauth-npriv root:usbauth04750 -/usr/lib/usbauth-notifier root:usbauth-notifier 0750 +/usr/lib/usbauth-notifier/ root:usbauth-notifier 0750 /usr/lib/usbauth-notifier/usbauth-notifier root:usbauth027
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2019-07-16 08:28:37 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.1887 (New) Package is "permissions" Tue Jul 16 08:28:37 2019 rev:124 rq:714806 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-06-26 16:01:31.675420223 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.1887/permissions.changes 2019-07-16 08:28:38.535387305 +0200 @@ -1,0 +2,13 @@ +Thu Jul 11 14:21:23 UTC 2019 - malte.kr...@suse.com + +- Update to version 20190711: + * iputils: Add capability permissions for clockdiff (bsc#1140994) + +--- +Wed Jul 10 12:29:08 UTC 2019 - opensuse-packag...@opensuse.org + +- Update to version 20190710: + * iputils/ping: Drop effective capability + * iputils/ping6: Remove definitions + +--- Old: permissions-20190521.tar.xz New: permissions-20190711.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.2UCpLS/_old 2019-07-16 08:28:38.991387371 +0200 +++ /var/tmp/diff_new_pack.2UCpLS/_new 2019-07-16 08:28:38.991387371 +0200 @@ -12,11 +12,11 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # -%define VERSION 20190521 +%define VERSION 20190711 Name: permissions Version:%{VERSION} ++ _servicedata ++ --- /var/tmp/diff_new_pack.2UCpLS/_old 2019-07-16 08:28:39.027387376 +0200 +++ /var/tmp/diff_new_pack.2UCpLS/_new 2019-07-16 08:28:39.031387377 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - aafb12397dbea3f9d50d403a05cbf79f869f6fe3 \ No newline at end of file + 5da6a81e38bb74f2090d73208b1a0101a0c5b73b \ No newline at end of file ++ permissions-20190521.tar.xz -> permissions-20190711.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20190521/permissions.easy new/permissions-20190711/permissions.easy --- old/permissions-20190521/permissions.easy 2019-05-21 10:40:59.0 +0200 +++ new/permissions-20190711/permissions.easy 2019-07-11 16:16:25.0 +0200 @@ -115,10 +115,10 @@ # # networking (need root for the privileged socket) # +/usr/bin/clockdiff root:root 0755 + +capabilities cap_net_raw=p /usr/bin/ping root:root 0755 - +capabilities cap_net_raw=ep -/usr/bin/ping6 root:root 0755 - +capabilities cap_net_raw=ep + +capabilities cap_net_raw=p # mtr is linked against ncurses. For dialout only. /usr/sbin/mtr root:dialout 0750 +capabilities cap_net_raw=ep diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20190521/permissions.paranoid new/permissions-20190711/permissions.paranoid --- old/permissions-20190521/permissions.paranoid 2019-05-21 10:40:59.0 +0200 +++ new/permissions-20190711/permissions.paranoid 2019-07-11 16:16:25.0 +0200 @@ -131,8 +131,8 @@ # # networking (need root for the privileged socket) # +/usr/bin/clockdiff root:root 0755 /usr/bin/ping root:root 0755 -/usr/bin/ping6 root:root 0755 # mtr is linked against ncurses. /usr/sbin/mtr root:dialout 0750 /usr/bin/rcproot:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20190521/permissions.secure new/permissions-20190711/permissions.secure --- old/permissions-20190521/permissions.secure 2019-05-21 10:40:59.0 +0200 +++ new/permissions-20190711/permissions.secure 2019-07-11 16:16:25.0 +0200 @@ -156,10 +156,10 @@ # # networking (need root for the privileged socket) # +/usr/bin/clockdiff root:root 0755 + +capabilities cap_net_raw=p /usr/bin/ping root:root 0755 - +capabilities cap_net_raw=ep -/usr/bin/ping6
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2019-06-26 16:01:30 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.4615 (New) Package is "permissions" Wed Jun 26 16:01:30 2019 rev:123 rq:709714 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-05-06 13:19:43.108310935 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new.4615/permissions.changes 2019-06-26 16:01:31.675420223 +0200 @@ -1,0 +2,17 @@ +Thu Jun 13 08:57:42 UTC 2019 - meiss...@suse.com + +- Update to version 20190521: + * singluarity: Add starter-suid for version 3.2.0 + * adjust settings for amanda to current binary layout + +--- +Wed Jun 5 12:02:18 UTC 2019 - + +- Move BuildRequires: back to main package + +--- +Wed Jun 5 10:38:58 UTC 2019 - + +- Moved requires to subpackages (bsc#1137257) + +--- Old: permissions-20190429.tar.xz New: permissions-20190521.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.LEQZcY/_old 2019-06-26 16:01:33.443422671 +0200 +++ /var/tmp/diff_new_pack.LEQZcY/_new 2019-06-26 16:01:33.483422726 +0200 @@ -16,7 +16,7 @@ # -%define VERSION 20190429 +%define VERSION 20190521 Name: permissions Version:%{VERSION} @@ -29,9 +29,6 @@ Source: permissions-%{version}.tar.xz Source1:fix_version.sh BuildRequires: libcap-devel -#!BuildIgnore: group(trusted) -Requires(post): %fillup_prereq -Requires(pre): group(trusted) Requires: chkstat Requires: permissions-config Recommends: permissions-doc @@ -72,7 +69,10 @@ Group: Productivity/Security Version:%{suse_version}_%{VERSION} Release:0 +Requires(post): %fillup_prereq Requires(post): chkstat +#!BuildIgnore: group(trusted) +Requires(pre): group(trusted) %description config The actual permissions configuration files, /etc/permission.*. ++ _servicedata ++ --- /var/tmp/diff_new_pack.LEQZcY/_old 2019-06-26 16:01:33.815423186 +0200 +++ /var/tmp/diff_new_pack.LEQZcY/_new 2019-06-26 16:01:33.827423203 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 938c49d3c1b0820d2a301a8018709efed9a6ce61 \ No newline at end of file + aafb12397dbea3f9d50d403a05cbf79f869f6fe3 \ No newline at end of file ++ permissions-20190429.tar.xz -> permissions-20190521.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20190429/permissions.easy new/permissions-20190521/permissions.easy --- old/permissions-20190429/permissions.easy 2019-04-29 17:10:17.0 +0200 +++ new/permissions-20190521/permissions.easy 2019-05-21 10:40:59.0 +0200 @@ -180,13 +180,14 @@ # # amanda # -/usr/sbin/amcheck root:amanda 4750 /usr/lib/amanda/calcsizeroot:amanda 4750 /usr/lib/amanda/rundump root:amanda 4750 -/usr/lib/amanda/planner root:amanda 4750 /usr/lib/amanda/runtar root:amanda 4750 -/usr/lib/amanda/dumper root:amanda 4750 /usr/lib/amanda/killpgrproot:amanda 4750 +/usr/lib/amanda/ambind root:amanda 4750 +/usr/lib/amanda/application/ambsdtarroot:amanda 4750 +/usr/lib/amanda/application/amgtar root:amanda 4750 +/usr/lib/amanda/application/amstar root:amanda 4750 # @@ -298,6 +299,8 @@ /usr/lib/singularity/bin/action-suid root:singularity 4750 /usr/lib/singularity/bin/mount-suidroot:singularity 4750 /usr/lib/singularity/bin/start-suidroot:singularity 4750 +# singularity version 3 (bsc#1128598) +/usr/lib/singularity/bin/starter-suid root:singularity 4750 /usr/bin/su root:root 4755 /usr/bin/mount root:root 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20190429/permissions.paranoid new/permissions-20190521/permissions.paranoid --- old/permissions-20190429/permissions.paranoid
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2019-05-06 13:19:38 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.5148 (New) Package is "permissions" Mon May 6 13:19:38 2019 rev:122 rq:700154 version:unknown Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2019-02-19 13:54:52.508726137 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new.5148/permissions.changes 2019-05-06 13:19:43.108310935 +0200 @@ -1,0 +2,30 @@ +Thu May 2 09:46:05 UTC 2019 - jseg...@suse.com + +- Fixed versions. Removed set_version from _service file, doesn't + work with the new packaging. Call fix_version.sh to set current + date as version instead +- Fixed requires for -config and -zypp-plugin + +--- +Tue Apr 30 08:57:37 UTC 2019 - opensuse-packag...@opensuse.org + +- Update to version 20190429: + * removed entry for /var/cache/man. Conflicts with packaging and man:man is +the better setting anyway (bsc#1133678) + * fixed error in description of permissions.paranoid. Make it clear that this +is not a usable profile, but intended as a base for own developments + +--- +Sat Apr 13 17:12:12 UTC 2019 - Jan Engelhardt + +- Fix RPM group, fix hard requirement on documentation. + Update description typography. + +--- +Thu Apr 11 11:18:36 UTC 2019 - jseg...@suse.com + +- Created new subpackages -config, -doc and standalone package chkstat + where we can start a better versioning scheme and require it from the + original package + +--- Old: permissions-20190212.tar.xz New: fix_version.sh permissions-20190429.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.W95Pli/_old 2019-05-06 13:19:43.568311983 +0200 +++ /var/tmp/diff_new_pack.W95Pli/_new 2019-05-06 13:19:43.572311992 +0200 @@ -16,8 +16,10 @@ # +%define VERSION 20190429 + Name: permissions -Version:20190212 +Version:%{VERSION} Release:0 Summary:SUSE Linux Default Permissions # Maintained in github by the security team. @@ -25,17 +27,16 @@ Group: Productivity/Security Url:http://github.com/openSUSE/permissions Source: permissions-%{version}.tar.xz +Source1:fix_version.sh BuildRequires: libcap-devel #!BuildIgnore: group(trusted) Requires(post): %fillup_prereq Requires(pre): group(trusted) +Requires: chkstat +Requires: permissions-config +Recommends: permissions-doc Provides: aaa_base:%{_sysconfdir}/permissions -%description -Permission settings of files and directories depending on the local -security settings. The local security setting (easy, secure, or paranoid) -can be configured in /etc/sysconfig/security. - %prep %setup -q @@ -45,25 +46,66 @@ %install %make_install fillupdir=%{_fillupdir} -%post -%{fillup_only -n security} -# apply all potentially changed permissions -%{_bindir}/chkstat --system +%description +Permission settings of files and directories depending on the local +security settings. The local security setting ("easy", "secure", or "paranoid") +can be configured in /etc/sysconfig/security. + +This package does not contain files, it just requires the necessary packages. %files + +%package doc +Summary:SUSE Linux Default Permissions documentation +Group: Documentation/Man +Version:%{suse_version}_%{VERSION} +Release:0 + +%description doc +Documentation for the permission files /etc/permissions*. + +%files doc +%{_mandir}/man5/permissions.5%{ext_man} + +%package config +Summary:SUSE Linux Default Permissions config files +Group: Productivity/Security +Version:%{suse_version}_%{VERSION} +Release:0 +Requires(post): chkstat + +%description config +The actual permissions configuration files, /etc/permission.*. + +%files config %config %{_sysconfdir}/permissions %config %{_sysconfdir}/permissions.easy %config %{_sysconfdir}/permissions.secure %config %{_sysconfdir}/permissions.paranoid %config(noreplace) %{_sysconfdir}/permissions.local +%{_fillupdir}/sysconfig.security + +%post config +%{fillup_only -n security} +# apply all potentially changed permissions +%{_bindir}/chkstat --system + +%package -n chkstat +Summary:SUSE Linux Default Permissions tool +Group: Productivity/Security +Version:%{suse_version}_%{VERSION} +Release:
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2019-02-19 13:54:51 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.28833 (New) Package is "permissions" Tue Feb 19 13:54:51 2019 rev:121 rq:674669 version:20190212 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2018-11-26 10:12:59.726246482 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new.28833/permissions.changes 2019-02-19 13:54:52.508726137 +0100 @@ -1,0 +2,46 @@ +Tue Feb 12 14:29:45 UTC 2019 - jseg...@suse.com + +- Update to version 20190212: + * removed old entry for wodim + * removed old entry for netatalk + * removed old entry for suidperl + * removed old entriy for utempter + * removed old entriy for hostname + * removed old directory entries + * removed old entry for qemu-bridge-helper + * removed old entries for pccardctl + * removed old entries for isdnctrl + * removed old entries for unix(2)_chkpwd + * removed old entries for mount.nfs + * removed old entries for (u)mount + * removed old entry for fileshareset + * removed old entries for KDE + * removed old entry for heartbeat + * removed old entry for gnome-control-center + * removed old entry for pcp + * removed old entry for lpdfilter + * removed old entry for scotty + * removed old entry for ia32el + * removed old entry for squid + * removed old qpopper whitelist + * removed pt_chown entries. Not needed anymore and a bad idea anyway + * removed old majordomo entry + * removed stale entries for old ncpfs tools + * removed old entry for rmtab + * Fixed typo in icinga2 whitelist entry + * New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale +entries for VirtualBox + * Removed whitelist for /usr/bin/su.core. According to comment a temporary +hack introduced 2012 to help moving su from coretuils to util-linux. I +couldn't find it anywhere, so we don't need it anymore + * Remove entry for /usr/bin/yaps. We don't ship it anymore and the group that +is used doesn't exists anymore starting with Leap 15, so it will not work +there anyway. Users using this (old) package can do this individually + * removed entry for /etc/ftpaccess. We currently don't have it anywhere (and +judging from my search this has been the case for quite a while) + * Ensure consistency of entries, otherwise switching between settings becomes +problematic + * Fix spelling of SUSE + * permissions.local: fix typo + +--- Old: permissions-20181116.tar.xz New: permissions-20190212.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.fZetjk/_old 2019-02-19 13:54:53.052725748 +0100 +++ /var/tmp/diff_new_pack.fZetjk/_new 2019-02-19 13:54:53.056725745 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: permissions -Version:20181116 +Version:20190212 Release:0 Summary:SUSE Linux Default Permissions # Maintained in github by the security team. ++ _servicedata ++ --- /var/tmp/diff_new_pack.fZetjk/_old 2019-02-19 13:54:53.104725711 +0100 +++ /var/tmp/diff_new_pack.fZetjk/_new 2019-02-19 13:54:53.104725711 +0100 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - c1107931c09ab5e32fffa7696ab6b09fff553a96 \ No newline at end of file + b3af647ecf37350b62e774e798e2ce4b7f0bff60 \ No newline at end of file ++ permissions-20181116.tar.xz -> permissions-20190212.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20181116/permissions new/permissions-20190212/permissions --- old/permissions-20181116/permissions2018-11-16 16:33:52.0 +0100 +++ new/permissions-20190212/permissions2019-02-12 15:17:25.0 +0100 @@ -8,7 +8,7 @@ # This file is used by chkstat (and indirectly by various RPM scripts) # to check or set the modes and ownerships of files and directories in the installation. # -# There is a set of files with similar meaning in a SuSE installation: +# There is a set of files with similar meaning in a SUSE installation: # /etc/permissions (This file) # /etc/permissions.easy # /etc/permissions.secure @@ -62,14 +62,12 @@ /var/spool/
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2018-11-26 10:12:53 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new.19453 (New) Package is "permissions" Mon Nov 26 10:12:53 2018 rev:120 rq:649630 version:20181116 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2018-11-05 22:49:54.648471693 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new.19453/permissions.changes 2018-11-26 10:12:59.726246482 +0100 @@ -1,0 +2,13 @@ +Fri Nov 16 15:15:04 UTC 2018 - opensuse-packag...@opensuse.org + +- Update to version 20181116: + * zypper-plugin: new plugin to fix bsc#1114383 + +--- +Mon Nov 12 12:14:18 UTC 2018 - opensuse-packag...@opensuse.org + +- Update to version 20181112: + * singularity: remove -suid binaries that have been dropped since version + 2.4 (bsc#1028304) + +--- Old: permissions-20181030.tar.xz New: permissions-20181116.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.htom8Y/_old 2018-11-26 10:13:01.522244376 +0100 +++ /var/tmp/diff_new_pack.htom8Y/_new 2018-11-26 10:13:01.522244376 +0100 @@ -17,7 +17,7 @@ Name: permissions -Version:20181030 +Version:20181116 Release:0 Summary:SUSE Linux Default Permissions # Maintained in github by the security team. @@ -61,4 +61,23 @@ %{_mandir}/man8/chkstat.8%{ext_man} %{_fillupdir}/sysconfig.security +%package -n permissions-zypp-plugin +BuildArch: noarch +Requires: permissions = %version +Requires: python3-zypp-plugin +Requires: libzypp(plugin:commit) = 1 +Summary:A zypper commit plugin for calling chkstat +Group: Productivity/Security + +%description -n permissions-zypp-plugin +This package contains a plugin for zypper that calls `chkstat --system` after +new packages have been installed. This is helpful for maintaining custom +entries in /etc/permissions.local. + +%files -n permissions-zypp-plugin +%dir /usr/lib/zypp +%dir /usr/lib/zypp/plugins +%dir /usr/lib/zypp/plugins/commit +/usr/lib/zypp/plugins/commit/permissions.py + %changelog ++ _servicedata ++ --- /var/tmp/diff_new_pack.htom8Y/_old 2018-11-26 10:13:01.554244338 +0100 +++ /var/tmp/diff_new_pack.htom8Y/_new 2018-11-26 10:13:01.558244333 +0100 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 2a511608aeccb6f43d94e0086f3878a7465b235a \ No newline at end of file + c1107931c09ab5e32fffa7696ab6b09fff553a96 \ No newline at end of file ++ permissions-20181030.tar.xz -> permissions-20181116.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20181030/Makefile new/permissions-20181116/Makefile --- old/permissions-20181030/Makefile 2018-10-30 13:11:09.0 +0100 +++ new/permissions-20181116/Makefile 2018-11-16 16:33:52.0 +0100 @@ -11,6 +11,8 @@ mandir=$(datadir)/man man8dir=$(mandir)/man8 man5dir=$(mandir)/man5 +zypp_plugins=$(prefix)/lib/zypp/plugins +zypp_commit_plugins=$(zypp_plugins)/commit FSCAPS_DEFAULT_ENABLED = 1 CPPFLAGS += -DFSCAPS_DEFAULT_ENABLED=$(FSCAPS_DEFAULT_ENABLED) @@ -18,12 +20,13 @@ all: chkstat install: all - @for i in $(bindir) $(suseconfigdir) $(man8dir) $(man5dir) $(fillupdir) $(sysconfdir); \ + @for i in $(bindir) $(suseconfigdir) $(man8dir) $(man5dir) $(fillupdir) $(sysconfdir) $(zypp_commit_plugins); \ do install -d -m 755 $(DESTDIR)$$i; done @install -m 755 chkstat $(DESTDIR)$(bindir) @install -m 644 chkstat.8 $(DESTDIR)$(man8dir) @install -m 644 permissions.5 $(DESTDIR)$(man5dir) @install -m 644 sysconfig.security $(DESTDIR)$(fillupdir) + @install -m 755 zypper-plugin/permissions.py $(DESTDIR)$(zypp_commit_plugins) @for i in permissions{,.local,.easy,.secure,.paranoid}; \ do install -m 644 $$i $(DESTDIR)$(sysconfdir); done diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20181030/permissions.easy new/permissions-20181116/permissions.easy --- old/permissions-20181030/permissions.easy 2018-10-30 13:11:09.0 +0100 +++ new/permissions-20181116/permissions.easy 2018-11-16 16:33:52.0 +0100 @@ -341,12 +341,13 @@ +capabilities cap_net_raw,cap_net_admin=ep # singularity (bsc#1028304) -/usr/lib/singularity/bin/expand-suid root:singularity 4750 -/usr/lib/singularity/bin/m
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2018-11-05 22:49:49 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Mon Nov 5 22:49:49 2018 rev:119 rq:645523 version:20181030 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2018-08-28 09:19:52.471967860 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2018-11-05 22:49:54.648471693 +0100 @@ -1,0 +2,18 @@ +Tue Oct 30 12:13:21 UTC 2018 - opensuse-packag...@opensuse.org + +- Update to version 20181030: + * capability whitelisting: allow cap_net_bind_service for ns-slapd from 389-ds + +--- +Mon Oct 29 16:59:05 UTC 2018 - opensuse-packag...@opensuse.org + +- Update to version 20181029: + * setuid whitelisting: add fusermount3 (bsc#230) + +--- +Thu Oct 25 16:13:46 UTC 2018 - opensuse-packag...@opensuse.org + +- Update to version 20181025: + * setuid whitelisting: add authbind binary (bsc#251) + +--- Old: permissions-20180827.tar.xz New: permissions-20181030.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.b2oDpz/_old 2018-11-05 22:49:55.184471015 +0100 +++ /var/tmp/diff_new_pack.b2oDpz/_new 2018-11-05 22:49:55.184471015 +0100 @@ -17,7 +17,7 @@ Name: permissions -Version:20180827 +Version:20181030 Release:0 Summary:SUSE Linux Default Permissions # Maintained in github by the security team. ++ _servicedata ++ --- /var/tmp/diff_new_pack.b2oDpz/_old 2018-11-05 22:49:55.232470955 +0100 +++ /var/tmp/diff_new_pack.b2oDpz/_new 2018-11-05 22:49:55.232470955 +0100 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 492fb646f85ecf25c9c13f8c944ff6c6b443e8d8 \ No newline at end of file + 2a511608aeccb6f43d94e0086f3878a7465b235a \ No newline at end of file ++ permissions-20180827.tar.xz -> permissions-20181030.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180827/permissions.easy new/permissions-20181030/permissions.easy --- old/permissions-20180827/permissions.easy 2018-08-27 11:09:15.0 +0200 +++ new/permissions-20181030/permissions.easy 2018-10-30 13:11:09.0 +0100 @@ -444,3 +444,13 @@ # firejail (bsc#1059013) /usr/bin/firejail root:firejail 04750 + +# authbind (bsc#251) +/usr/lib/authbind/helperroot:root 04755 + +# fuse3 (bsc#230) +/usr/bin/fusermount3root:trusted04755 + +# 389-ds (bsc#564) +/usr/sbin/ns-slapd root:dirsrv 0750 + +capabilities cap_net_bind_service=ep diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180827/permissions.paranoid new/permissions-20181030/permissions.paranoid --- old/permissions-20180827/permissions.paranoid 2018-08-27 11:09:15.0 +0200 +++ new/permissions-20181030/permissions.paranoid 2018-10-30 13:11:09.0 +0100 @@ -451,3 +451,12 @@ # firejail (bsc#1059013) /usr/bin/firejail root:firejail 0750 + +# authbind (bsc#251) +/usr/lib/authbind/helperroot:root 0755 + +# fuse3 (bsc#230) +/usr/bin/fusermount3root:trusted0755 + +# 389-ds (bsc#564) +/usr/sbin/ns-slapd root:dirsrv 0750 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180827/permissions.secure new/permissions-20181030/permissions.secure --- old/permissions-20180827/permissions.secure 2018-08-27 11:09:15.0 +0200 +++ new/permissions-20181030/permissions.secure 2018-10-30 13:11:09.0 +0100 @@ -480,3 +480,13 @@ # firejail (bsc#1059013) /usr/bin/firejail root:firejail 04750 + +# authbind (bsc#251) +/usr/lib/authbind/helperroot:root 04755 + +# fuse3 (bsc#230) +/usr/bin/fusermount3root:trusted04750 + +# 389-ds (bsc#564) +/usr/sbin/ns-slapd root:dirsrv 0750 + +capabilities cap_net_bind_service=ep
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2018-08-28 09:19:50 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Tue Aug 28 09:19:50 2018 rev:118 rq:631726 version:20180827 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2018-08-06 11:52:49.097092359 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2018-08-28 09:19:52.471967860 +0200 @@ -1,0 +2,12 @@ +Mon Aug 27 09:12:35 UTC 2018 - opensuse-packag...@opensuse.org + +- Update to version 20180827: + * setuid whitelisting: add firejail binary (bsc#1059013) + +--- +Fri Aug 10 09:22:35 UTC 2018 - opensuse-packag...@opensuse.org + +- Update to version 20180810: + * setuid whitelisting: add lxc-user-nic (bsc#988348) + +--- Old: permissions-20180802.tar.xz New: permissions-20180827.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.YLQcya/_old 2018-08-28 09:19:52.863969107 +0200 +++ /var/tmp/diff_new_pack.YLQcya/_new 2018-08-28 09:19:52.863969107 +0200 @@ -17,7 +17,7 @@ Name: permissions -Version:20180802 +Version:20180827 Release:0 Summary:SUSE Linux Default Permissions # Maintained in github by the security team. ++ _servicedata ++ --- /var/tmp/diff_new_pack.YLQcya/_old 2018-08-28 09:19:52.899969221 +0200 +++ /var/tmp/diff_new_pack.YLQcya/_new 2018-08-28 09:19:52.903969234 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 5dac4a14d414d798dbdffaeb4d1b91560ca3f351 \ No newline at end of file + 492fb646f85ecf25c9c13f8c944ff6c6b443e8d8 \ No newline at end of file ++ permissions-20180802.tar.xz -> permissions-20180827.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180802/permissions.easy new/permissions-20180827/permissions.easy --- old/permissions-20180802/permissions.easy 2018-08-02 18:12:59.0 +0200 +++ new/permissions-20180827/permissions.easy 2018-08-27 11:09:15.0 +0200 @@ -438,3 +438,9 @@ # smc-tools (bsc#1102956) /usr/lib/libsmc-preload.so root:root 04755 /usr/lib64/libsmc-preload.soroot:root 04755 + +# lxc (bsc#988348) +/usr/lib/lxc/lxc-user-nic root:kvm04750 + +# firejail (bsc#1059013) +/usr/bin/firejail root:firejail 04750 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180802/permissions.paranoid new/permissions-20180827/permissions.paranoid --- old/permissions-20180802/permissions.paranoid 2018-08-02 18:12:59.0 +0200 +++ new/permissions-20180827/permissions.paranoid 2018-08-27 11:09:15.0 +0200 @@ -445,3 +445,9 @@ # smc-tools (bsc#1102956) /usr/lib/libsmc-preload.so root:root 0755 /usr/lib64/libsmc-preload.soroot:root 0755 + +# lxc (bsc#988348) +/usr/lib/lxc/lxc-user-nic root:kvm0750 + +# firejail (bsc#1059013) +/usr/bin/firejail root:firejail 0750 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180802/permissions.secure new/permissions-20180827/permissions.secure --- old/permissions-20180802/permissions.secure 2018-08-02 18:12:59.0 +0200 +++ new/permissions-20180827/permissions.secure 2018-08-27 11:09:15.0 +0200 @@ -474,3 +474,9 @@ # smc-tools (bsc#1102956) /usr/lib/libsmc-preload.so root:root 04755 /usr/lib64/libsmc-preload.soroot:root 04755 + +# lxc (bsc#988348) +/usr/lib/lxc/lxc-user-nic root:kvm04750 + +# firejail (bsc#1059013) +/usr/bin/firejail root:firejail 04750
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2018-08-06 11:52:45 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Mon Aug 6 11:52:45 2018 rev:117 rq:627117 version:20180802 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2018-08-02 14:47:38.175192863 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2018-08-06 11:52:49.097092359 +0200 @@ -1,0 +2,6 @@ +Thu Aug 02 16:13:33 UTC 2018 - opensuse-packag...@opensuse.org + +- Update to version 20180802: + * whitelisting: added smc-tools LD_PRELOAD library (bsc#1102956) + +--- Old: permissions-20180724.tar.xz New: permissions-20180802.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.uivIcP/_old 2018-08-06 11:52:49.537093123 +0200 +++ /var/tmp/diff_new_pack.uivIcP/_new 2018-08-06 11:52:49.541093129 +0200 @@ -17,7 +17,7 @@ Name: permissions -Version:20180724 +Version:20180802 Release:0 Summary:SUSE Linux Default Permissions # Maintained in github by the security team. ++ _servicedata ++ --- /var/tmp/diff_new_pack.uivIcP/_old 2018-08-06 11:52:49.573093185 +0200 +++ /var/tmp/diff_new_pack.uivIcP/_new 2018-08-06 11:52:49.573093185 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 888ecd1562f4a85dd37a131c52f4a5b132acd085 \ No newline at end of file + 5dac4a14d414d798dbdffaeb4d1b91560ca3f351 \ No newline at end of file ++ permissions-20180724.tar.xz -> permissions-20180802.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180724/mkchanges new/permissions-20180802/mkchanges --- old/permissions-20180724/mkchanges 2018-07-24 10:28:19.0 +0200 +++ new/permissions-20180802/mkchanges 1970-01-01 01:00:00.0 +0100 @@ -1,7 +0,0 @@ -#!/bin/sh -# create log suitable for c&p into rpm changes file -if [ -z "$1" ]; then - set -- remotes/origin/master..master -fi -# no idea why it always prints those commit lines -git rev-list --pretty=format:" - %s" "$@" |grep -v ^commit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180724/mktar new/permissions-20180802/mktar --- old/permissions-20180724/mktar 2018-07-24 10:28:19.0 +0200 +++ new/permissions-20180802/mktar 1970-01-01 01:00:00.0 +0100 @@ -1,11 +0,0 @@ -#!/bin/sh -set -e -NAME=permissions -VERSION= -LAST_COMMIT=(`git rev-list --timestamp HEAD^..HEAD`) -DATE=`date +%Y.%m.%d.%H%M -d "1970-01-01 00:00 UTC $LAST_COMMIT seconds"` -vers="${VERSION:+${VERSION}_}$DATE" -pfx="$NAME-$vers" -fn="$pfx".tar.bz2 -git archive --prefix="$pfx"/ HEAD | bzip2 > $fn -echo "version $vers -> $fn" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180724/obs/mkchanges new/permissions-20180802/obs/mkchanges --- old/permissions-20180724/obs/mkchanges 2018-07-24 10:28:19.0 +0200 +++ new/permissions-20180802/obs/mkchanges 1970-01-01 01:00:00.0 +0100 @@ -1,11 +0,0 @@ -#!/bin/sh -# create log suitable for c&p into rpm changes file -if [ -z "$1" ]; then - set -- remotes/origin/master..HEAD -elif [ "${1%.changes}" != "$1" ]; then - # parse time stamp of .changes file - d=`awk 'NR==2{FS=" - ";$0=$0;print $1;exit}' < $1` - set -- --since="$d" HEAD -fi -# no idea why it always prints those commit lines -git rev-list --pretty=format:"- %s" "$@" |grep -v ^commit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180724/obs/mkpackage new/permissions-20180802/obs/mkpackage --- old/permissions-20180724/obs/mkpackage 2018-07-24 10:28:19.0 +0200 +++ new/permissions-20180802/obs/mkpackage 1970-01-01 01:00:00.0 +0100 @@ -1,61 +0,0 @@ -#!/bin/bash -set -e -shopt -s nullglob -name="`pwd -P`" -name=${name##*/} -name=${name%%.*} -dstdir="package" -src="$PWD" -if [ ! -d "$dstdir/.osc" ]; then - echo "*** Error: please check out the package:" - echo "osc branch openSUSE:Factory $name" - echo "ln -s home\:*\:branches\:*/$name $dstdir" - exit 1 -fi -if [ "`git --no-pager diff --name-only|wc -l`" != '0' -o "`git --no-pager diff --name-only --cached|wc -l`" != 0 ]; then - echo "*** Error: uncomitted changes" - echo "run 'git add file' to add files, 'git commit -a' to commit changes" - ex
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2018-08-02 14:47:34 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Thu Aug 2 14:47:34 2018 rev:116 rq:625020 version:20180724 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2018-05-13 15:53:17.260115750 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2018-08-02 14:47:38.175192863 +0200 @@ -1,0 +2,7 @@ +Tue Jul 24 08:49:20 UTC 2018 - opensuse-packag...@opensuse.org + +- Update to version 20180724: + * Fix wrong file path in help string + * whitelisting: add spice-gtk usb helper setuid binary (bnc#1101420) + +--- Old: permissions-20180508.tar.xz New: permissions-20180724.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.qTOlcY/_old 2018-08-02 14:47:38.755193972 +0200 +++ /var/tmp/diff_new_pack.qTOlcY/_new 2018-08-02 14:47:38.755193972 +0200 @@ -17,11 +17,11 @@ Name: permissions -Version:20180508 +Version:20180724 Release:0 Summary:SUSE Linux Default Permissions # Maintained in github by the security team. -License:GPL-2.0+ +License:GPL-2.0-or-later Group: Productivity/Security Url:http://github.com/openSUSE/permissions Source: permissions-%{version}.tar.xz ++ _servicedata ++ --- /var/tmp/diff_new_pack.qTOlcY/_old 2018-08-02 14:47:38.787194033 +0200 +++ /var/tmp/diff_new_pack.qTOlcY/_new 2018-08-02 14:47:38.791194041 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 15dbfc119c74f7144cbdaea3632a6a2936fe94f4 \ No newline at end of file + 888ecd1562f4a85dd37a131c52f4a5b132acd085 \ No newline at end of file ++ permissions-20180508.tar.xz -> permissions-20180724.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180508/chkstat.c new/permissions-20180724/chkstat.c --- old/permissions-20180508/chkstat.c 2018-05-08 08:05:37.0 +0200 +++ new/permissions-20180724/chkstat.c 2018-07-24 10:28:19.0 +0200 @@ -429,7 +429,7 @@ " --noheader don't print intro message\n" " --fscapsforce use of fscaps\n" " --no-fscaps disable use of fscaps\n" -" --systemsystem mode, act according to /etc/permissions/security\n" +" --systemsystem mode, act according to /etc/sysconfig/security\n" " --level LEVEL force use LEVEL (only with --system)\n" " --examine FILE apply to specified file only\n" " --files FILELISTread list of files to apply from FILELIST\n" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180508/permissions.easy new/permissions-20180724/permissions.easy --- old/permissions-20180508/permissions.easy 2018-05-08 08:05:37.0 +0200 +++ new/permissions-20180724/permissions.easy 2018-07-24 10:28:19.0 +0200 @@ -432,3 +432,5 @@ /usr/lib/usbauth-notifier root:usbauth-notifier 0750 /usr/lib/usbauth-notifier/usbauth-notifier root:usbauth02755 +# spice-gtk (bsc#1101420) +/usr/bin/spice-client-glib-usb-acl-helper root:kvm04750 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180508/permissions.paranoid new/permissions-20180724/permissions.paranoid --- old/permissions-20180508/permissions.paranoid 2018-05-08 08:05:37.0 +0200 +++ new/permissions-20180724/permissions.paranoid 2018-07-24 10:28:19.0 +0200 @@ -439,3 +439,5 @@ /usr/lib/usbauth-notifier root:usbauth-notifier 0750 /usr/lib/usbauth-notifier/usbauth-notifier root:usbauth0755 +# spice-gtk (bsc#1101420) +/usr/bin/spice-client-glib-usb-acl-helper root:kvm0750 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180508/permissions.secure new/permissions-20180724/permissions.secure --- old/permissions-20180508/permissions.secure 2018-05-08 08:05:37.0 +0200 +++ new/permissions-20180724/permissions.secure 2018-07-24 10:28:19.0 +0200 @@ -468,3 +468,5 @@ /usr/lib/usbauth-notifier root:usbauth-notifier 0750 /usr/lib/usbauth-notifier/usbauth-notifier root:usbauth02755 +# spice-gtk (bsc#1101420) +/u
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2018-05-13 15:53:15 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Sun May 13 15:53:15 2018 rev:115 rq:605257 version:20180508 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2018-01-26 13:35:32.712376145 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2018-05-13 15:53:17.260115750 +0200 @@ -1,0 +2,6 @@ +Tue May 08 06:11:27 UTC 2018 - astie...@suse.com + +- Update to version 20180508: + * Capabilities for usage of Wireshark for non-root (bsc#957624) + +--- Old: permissions-20180125.tar.xz New: permissions-20180508.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.951t2G/_old 2018-05-13 15:53:17.888092833 +0200 +++ /var/tmp/diff_new_pack.951t2G/_new 2018-05-13 15:53:17.892092687 +0200 @@ -17,7 +17,7 @@ Name: permissions -Version:20180125 +Version:20180508 Release:0 Summary:SUSE Linux Default Permissions # Maintained in github by the security team. ++ _servicedata ++ --- /var/tmp/diff_new_pack.951t2G/_old 2018-05-13 15:53:17.984089330 +0200 +++ /var/tmp/diff_new_pack.951t2G/_new 2018-05-13 15:53:17.984089330 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 6aeb4d61dd404e73b221fbe14ba157f42fada5f9 \ No newline at end of file + 15dbfc119c74f7144cbdaea3632a6a2936fe94f4 \ No newline at end of file ++ permissions-20180125.tar.xz -> permissions-20180508.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180125/permissions.easy new/permissions-20180508/permissions.easy --- old/permissions-20180125/permissions.easy 2018-01-25 14:11:22.0 +0100 +++ new/permissions-20180508/permissions.easy 2018-05-08 08:05:37.0 +0200 @@ -336,8 +336,9 @@ # ecryptfs-utils (bnc#740110) /sbin/mount.ecryptfs_private root:root 4755 -# wireshark (not yet) -/usr/bin/dumpcap root:root 0755 +# wireshark (bsc#957624) +/usr/bin/dumpcap root:wireshark0755 + +capabilities cap_net_raw,cap_net_admin=ep # singularity (bsc#1028304) /usr/lib/singularity/bin/expand-suid root:singularity 4750 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180125/permissions.paranoid new/permissions-20180508/permissions.paranoid --- old/permissions-20180125/permissions.paranoid 2018-01-25 14:11:22.0 +0100 +++ new/permissions-20180508/permissions.paranoid 2018-05-08 08:05:37.0 +0200 @@ -353,7 +353,7 @@ # ecryptfs-utils (bnc#740110) /sbin/mount.ecryptfs_privateroot:root 0755 -# wireshark (not yet) +# wireshark (bsc#957624) /usr/bin/dumpcap root:root 0755 # singularity (bsc#1028304) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20180125/permissions.secure new/permissions-20180508/permissions.secure --- old/permissions-20180125/permissions.secure 2018-01-25 14:11:22.0 +0100 +++ new/permissions-20180508/permissions.secure 2018-05-08 08:05:37.0 +0200 @@ -376,8 +376,9 @@ # ecryptfs-utils (bnc#740110) /sbin/mount.ecryptfs_privateroot:root 0755 -# wireshark (not yet) -/usr/bin/dumpcap root:root 0755 +# wireshark (bsc#957624) +/usr/bin/dumpcap root:wireshark0750 + +capabilities cap_net_raw,cap_net_admin=ep # singularity (bsc#1028304) /usr/lib/singularity/bin/expand-suid root:singularity 4750
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2018-01-26 13:35:31 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Fri Jan 26 13:35:31 2018 rev:114 rq:569510 version:20180125 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2017-12-06 08:48:13.799738878 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2018-01-26 13:35:32.712376145 +0100 @@ -1,0 +2,13 @@ +Thu Jan 25 12:52:52 UTC 2018 - meiss...@suse.com + +- Update to version 20180125: + * the eror should be reported for permfiles[i], not argv[i], as these are not the same files. (bsc#1047247) + * make btmp root:utmp (bsc#1050467) + +--- +Mon Jan 15 09:56:48 UTC 2018 - krah...@suse.com + +- Update to version 20180115: + * - polkit-default-privs: usbauth (bsc#1066877) + +--- Old: permissions-20171129.tar.xz New: permissions-20180125.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.hFtaHQ/_old 2018-01-26 13:35:33.792325703 +0100 +++ /var/tmp/diff_new_pack.hFtaHQ/_new 2018-01-26 13:35:33.792325703 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: permissions -Version:20171129 +Version:20180125 Release:0 Summary:SUSE Linux Default Permissions # Maintained in github by the security team. ++ _servicedata ++ --- /var/tmp/diff_new_pack.hFtaHQ/_old 2018-01-26 13:35:33.848323087 +0100 +++ /var/tmp/diff_new_pack.hFtaHQ/_new 2018-01-26 13:35:33.848323087 +0100 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 37fe496b66d03043da61fc1af7cd51f21d4e2000 \ No newline at end of file + 6aeb4d61dd404e73b221fbe14ba157f42fada5f9 \ No newline at end of file ++ permissions-20171129.tar.xz -> permissions-20180125.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20171129/chkstat.c new/permissions-20180125/chkstat.c --- old/permissions-20171129/chkstat.c 2017-11-29 18:02:04.0 +0100 +++ new/permissions-20180125/chkstat.c 2018-01-25 14:11:22.0 +0100 @@ -33,7 +33,7 @@ #include #define BAD_LINE() \ - fprintf(stderr, "bad permissions line %s:%d\n", argv[i], lcnt); + fprintf(stderr, "bad permissions line %s:%d\n", permfiles[i], lcnt); struct perm { struct perm *next; @@ -787,7 +787,7 @@ { if ((fp = fopen(permfiles[i], "r")) == 0) { - perror(argv[i]); + perror(permfiles[i]); exit(1); } lcnt = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20171129/permissions new/permissions-20180125/permissions --- old/permissions-20171129/permissions2017-11-29 18:02:04.0 +0100 +++ new/permissions-20180125/permissions2018-01-25 14:11:22.0 +0100 @@ -81,7 +81,7 @@ /var/log/lastlogroot:root 644 /var/log/faillogroot:root 600 /var/log/wtmp root:utmp 664 -/var/log/btmp root:root 600 +/var/log/btmp root:utmp 600 /var/run/utmp root:utmp 664 /run/utmp root:utmp 664 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20171129/permissions.easy new/permissions-20180125/permissions.easy --- old/permissions-20171129/permissions.easy 2017-11-29 18:02:04.0 +0100 +++ new/permissions-20180125/permissions.easy 2018-01-25 14:11:22.0 +0100 @@ -426,3 +426,8 @@ /usr/sbin/fpingroot:root 0755 +capabilities cap_net_raw=ep +# usbauth (bsc#1066877) +/usr/bin/usbauth-npriv root:usbauth04750 +/usr/lib/usbauth-notifier root:usbauth-notifier 0750 +/usr/lib/usbauth-notifier/us
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2017-12-06 08:48:11 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Wed Dec 6 08:48:11 2017 rev:113 rq:548532 version:20171129 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2017-11-11 14:14:52.633599236 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2017-12-06 08:48:13.799738878 +0100 @@ -1,0 +2,31 @@ +Mon Dec 4 18:45:53 UTC 2017 - ku...@suse.com + +- fillup is required for post, not pre installation + +--- +Thu Nov 30 08:24:44 UTC 2017 - mplus...@suse.com + +- Cleanup spec file with spec-cleaner +- Drop conditions/definitions related to old distros + +--- +Wed Nov 29 17:02:20 UTC 2017 - astie...@suse.com + +- Update to version 20171129: + * permissions: adding gvfs (bsc#1065864) + * Allow setgid incingacmd on directory /run/icinga2/cmd bsc#1069410 + * Allow fping cap_net_raw (bsc#1047921) + +--- +Thu Nov 23 13:41:09 UTC 2017 - rbr...@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +--- +Tue Nov 21 14:03:29 UTC 2017 - krah...@suse.com + +- Update to version 20171121: + * - permissions: adding kwayland (bsc#1062182) + +--- Old: permissions-20171106.tar.xz New: permissions-20171129.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.zHN1Sq/_old 2017-12-06 08:48:14.443715301 +0100 +++ /var/tmp/diff_new_pack.zHN1Sq/_new 2017-12-06 08:48:14.443715301 +0100 @@ -14,65 +14,51 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# icecream 0 -BuildRequires: libcap-devel - Name: permissions -Version:20171106 +Version:20171129 Release:0 -Provides: aaa_base:/etc/permissions -PreReq: %fillup_prereq Summary:SUSE Linux Default Permissions # Maintained in github by the security team. License:GPL-2.0+ Group: Productivity/Security -%if 0%{?suse_version} >= 1330 -Requires(pre): group(trusted) -#!BuildIgnore: group(trusted) -%endif -Source: permissions-%{version}.tar.xz -BuildRoot: %{_tmppath}/%{name}-%{version}-build Url:http://github.com/openSUSE/permissions +Source: permissions-%{version}.tar.xz +BuildRequires: libcap-devel +#!BuildIgnore: group(trusted) +Requires(post): %fillup_prereq +Requires(pre): group(trusted) +Provides: aaa_base:%{_sysconfdir}/permissions %description -Permission settings of files and directories depending on the -local security settings. The local security setting (easy, secure, -or paranoid) can be configured in /etc/sysconfig/security. - - -Authors: - -Werner Fink -Roman Drahtmüller -Michael Schröder -Ludwig Nussel +Permission settings of files and directories depending on the local +security settings. The local security setting (easy, secure, or paranoid) +can be configured in /etc/sysconfig/security. %prep %setup -q %build -make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0 +make %{?_smp_mflags} CFLAGS="-W -Wall %{optflags}" FSCAPS_DEFAULT_ENABLED=0 %install -make DESTDIR="$RPM_BUILD_ROOT" install +%make_install fillupdir=%{_fillupdir} %post %{fillup_only -n security} # apply all potentially changed permissions -/usr/bin/chkstat --system +%{_bindir}/chkstat --system %files -%defattr(-,root,root,-) -%config /etc/permissions -%config /etc/permissions.easy -%config /etc/permissions.secure -%config /etc/permissions.paranoid -%config(noreplace) /etc/permissions.local +%config %{_sysconfdir}/permissions +%config %{_sysconfdir}/permissions.easy +%config %{_sysconfdir}/permissions.secure +%config %{_sysconfdir}/permissions.paranoid +%config(noreplace) %{_sysconfdir}/permissions.local %{_bindir}/chkstat -%{_mandir}/man5/permissions.5* -%{_mandir}/man8/chkstat.8* -/var/adm/fillup-templates/sysconfig.security +%{_mandir}/man5/permissions.5%{ext_man} +%{_mandir}/man8/chkstat.8%{ext_man} +%{_fillupdir}/sysconfig.security %changelog ++ _servicedata ++ --- /var/tmp/diff_new_pack.zHN1Sq/_old 2017-12-06 08:48:14.487713690 +0100 +++ /var/tmp/diff_new_pack.zHN1Sq/_new 2017-12-06 08:48:14.491713543 +0100 @@ -1,4 +1,4 @@ https://
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2017-11-11 14:14:50 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Sat Nov 11 14:14:50 2017 rev:112 rq:539346 version:20171106 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2017-10-29 20:23:36.592998327 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2017-11-11 14:14:52.633599236 +0100 @@ -1,0 +2,6 @@ +Mon Nov 06 15:55:58 UTC 2017 - ee...@suse.com + +- Update to version 20171106: + * Allow setuid root for singularity (group only) bsc#1028304 + +--- Old: permissions-20171025.tar.xz New: permissions-20171106.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.OFCQC9/_old 2017-11-11 14:14:53.957550709 +0100 +++ /var/tmp/diff_new_pack.OFCQC9/_new 2017-11-11 14:14:53.961550562 +0100 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:20171025 +Version:20171106 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ _servicedata ++ --- /var/tmp/diff_new_pack.OFCQC9/_old 2017-11-11 14:14:54.017548510 +0100 +++ /var/tmp/diff_new_pack.OFCQC9/_new 2017-11-11 14:14:54.017548510 +0100 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 53286c7c2256d31aa9c4eb9a81ccaeef01206c46 \ No newline at end of file + 73fce42f13a75d8e1a572f366bcebd7a8a0ecbeb \ No newline at end of file ++ permissions-20171025.tar.xz -> permissions-20171106.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20171025/permissions.easy new/permissions-20171106/permissions.easy --- old/permissions-20171025/permissions.easy 2017-10-25 17:48:29.0 +0200 +++ new/permissions-20171106/permissions.easy 2017-11-06 16:55:37.0 +0100 @@ -346,6 +346,7 @@ /usr/lib/singularity/bin/action-suid root:singularity 4750 /usr/lib/singularity/bin/export-suid root:singularity 4750 /usr/lib/singularity/bin/import-suid root:singularity 4750 +/usr/lib/singularity/bin/start-suidroot:singularity 4750 # # XXX: / -> /usr merge and sbin -> bin merge diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20171025/permissions.paranoid new/permissions-20171106/permissions.paranoid --- old/permissions-20171025/permissions.paranoid 2017-10-25 17:48:29.0 +0200 +++ new/permissions-20171106/permissions.paranoid 2017-11-06 16:55:37.0 +0100 @@ -363,6 +363,7 @@ /usr/lib/singularity/bin/action-suid root:singularity 0750 /usr/lib/singularity/bin/export-suid root:singularity 0750 /usr/lib/singularity/bin/import-suid root:singularity 0750 +/usr/lib/singularity/bin/start-suidroot:singularity 0750 # # XXX: / -> /usr merge and sbin -> bin merge diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20171025/permissions.secure new/permissions-20171106/permissions.secure --- old/permissions-20171025/permissions.secure 2017-10-25 17:48:29.0 +0200 +++ new/permissions-20171106/permissions.secure 2017-11-06 16:55:37.0 +0100 @@ -386,6 +386,7 @@ /usr/lib/singularity/bin/action-suid root:singularity 4750 /usr/lib/singularity/bin/export-suid root:singularity 4750 /usr/lib/singularity/bin/import-suid root:singularity 4750 +/usr/lib/singularity/bin/start-suidroot:singularity 4750 # # XXX: / -> /usr merge and sbin -> bin merge
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2017-10-29 20:23:30 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Sun Oct 29 20:23:30 2017 rev:111 rq:536588 version:20171025 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2017-10-01 16:59:19.139773837 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2017-10-29 20:23:36.592998327 +0100 @@ -1,0 +2,6 @@ +Wed Oct 25 15:51:45 UTC 2017 - jseg...@suse.com + +- Update to version 20171025: + * Stricter permissions on cron directories (paranoid) and stricter permissions on sshd_config (secure/paranoid) + +--- Old: permissions-20170928.tar.xz New: permissions-20171025.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.sZuzAT/_old 2017-10-29 20:23:37.252974276 +0100 +++ /var/tmp/diff_new_pack.sZuzAT/_new 2017-10-29 20:23:37.260973984 +0100 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:20170928 +Version:20171025 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ _servicedata ++ --- /var/tmp/diff_new_pack.sZuzAT/_old 2017-10-29 20:23:37.296972673 +0100 +++ /var/tmp/diff_new_pack.sZuzAT/_new 2017-10-29 20:23:37.296972673 +0100 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - d2c8045c05a2b230f41c335f003ca63d988c942b \ No newline at end of file + 53286c7c2256d31aa9c4eb9a81ccaeef01206c46 \ No newline at end of file ++ permissions-20170928.tar.xz -> permissions-20171025.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170928/permissions.paranoid new/permissions-20171025/permissions.paranoid --- old/permissions-20170928/permissions.paranoid 2017-09-28 12:45:42.0 +0200 +++ new/permissions-20171025/permissions.paranoid 2017-10-25 17:48:29.0 +0200 @@ -47,6 +47,12 @@ /etc/rmtab root:root 600 /var/lib/nfs/rmtab root:root 600 /etc/syslog.confroot:root 600 +/etc/ssh/sshd_configroot:root 600 +/etc/cron.d root:root 700 +/etc/cron.daily root:root 700 +/etc/cron.hourlyroot:root 700 +/etc/cron.monthly root:root 700 +/etc/cron.weeklyroot:root 700 # # suid system programs that need the suid bit to work: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170928/permissions.secure new/permissions-20171025/permissions.secure --- old/permissions-20170928/permissions.secure 2017-09-28 12:45:42.0 +0200 +++ new/permissions-20171025/permissions.secure 2017-10-25 17:48:29.0 +0200 @@ -70,6 +70,7 @@ /etc/rmtab root:root 644 /var/lib/nfs/rmtab root:root 644 /etc/syslog.confroot:root 600 +/etc/ssh/sshd_configroot:root 600 # # suid system programs that need the suid bit to work:
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2017-10-01 16:59:17 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Sun Oct 1 16:59:17 2017 rev:110 rq:529130 version:20170928 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2017-09-25 13:50:38.516907440 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2017-10-01 16:59:19.139773837 +0200 @@ -1,0 +2,12 @@ +Thu Sep 28 10:48:31 UTC 2017 - astie...@suse.com + +- Update to version 20170928: + * Fix invalid syntax bsc#1048645 bsc#1060738 + +--- +Wed Sep 27 14:50:11 UTC 2017 - pgaj...@suse.com + +- Update to version 20170927: + * fix typos in manpages + +--- Old: permissions-20170922.tar.xz New: permissions-20170928.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.v5rIso/_old 2017-10-01 16:59:19.723691691 +0200 +++ /var/tmp/diff_new_pack.v5rIso/_new 2017-10-01 16:59:19.723691691 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:20170922 +Version:20170928 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ _servicedata ++ --- /var/tmp/diff_new_pack.v5rIso/_old 2017-10-01 16:59:19.775684377 +0200 +++ /var/tmp/diff_new_pack.v5rIso/_new 2017-10-01 16:59:19.775684377 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 15ece10fa35f4b3677bcbd7aed9ccf525ffe0a67 \ No newline at end of file + d2c8045c05a2b230f41c335f003ca63d988c942b \ No newline at end of file ++ permissions-20170922.tar.xz -> permissions-20170928.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170922/chkstat.8 new/permissions-20170928/chkstat.8 --- old/permissions-20170922/chkstat.8 2017-09-22 15:53:38.0 +0200 +++ new/permissions-20170928/chkstat.8 2017-09-28 12:45:42.0 +0200 @@ -26,7 +26,7 @@ is a tool to check and set file permissions. .PP chkstat can either operate in system mode or on individually -specified permission files. In system mode /etc/permissions/security +specified permission files. In system mode, \fI/etc/sysconfig/security\fR determines which level to use and whether to actually apply permission changes. .PP @@ -53,7 +53,7 @@ .TP .IR \-\-fscaps,\ \-\-no\-fscaps Enable or disable use of fscaps. In system mode the setting of -PERMISSIONS_FSCAPS determines whether fscaps are on or off when this +\fIPERMISSIONS_FSCAPS\fR determines whether fscaps are on or off when this option is not set. .TP .IR \-\-examine\ file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170922/permissions.5 new/permissions-20170928/permissions.5 --- old/permissions-20170922/permissions.5 2017-09-22 15:53:38.0 +0200 +++ new/permissions-20170928/permissions.5 2017-09-28 12:45:42.0 +0200 @@ -21,7 +21,7 @@ \- The third column specifies the file mode\. .br \- The special value \fB+capabilities\fR in the first column extends -the information of the previous line with with file capabilites. +the information of the previous line with file capabilites. .br .SH "FILES" .sp @@ -44,5 +44,5 @@ Written by Ludwig Nussel .sp .SH "REPORTING BUGS" -Report bugs to https://bugzilla\.novell\.com/ +Report bugs to https://bugzilla\.suse\.com/ .sp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170922/permissions.easy new/permissions-20170928/permissions.easy --- old/permissions-20170922/permissions.easy 2017-09-22 15:53:38.0 +0200 +++ new/permissions-20170928/permissions.easy 2017-09-28 12:45:42.0 +0200 @@ -341,10 +341,10 @@ # singularity (bsc#1028304) /usr/lib/singularity/bin/expand-suid root:singularity 4750 -/usr/lib/singularity/bin/mount-suidroot:singularity 4750 -/usr/lib/singularity/bin/create-suid root:singularity 4750 -/usr/lib/singularity/bin/action-suid root:singularity 4750 -/usr/lib/singularity/bin/export-suid root:singularity 4750 +/usr/lib/singularity/bin/mount-suidroot:singularity 4750 +/usr/lib/singularity/bin/create-suid root:singularity 4750 +/usr/lib/singularity/bin/action-suid
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2017-09-25 13:50:36 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Mon Sep 25 13:50:36 2017 rev:109 rq:528303 version:20170922 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2017-09-15 21:02:58.173921411 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2017-09-25 13:50:38.516907440 +0200 @@ -1,0 +2,6 @@ +Fri Sep 22 14:00:15 UTC 2017 - astie...@suse.com + +- Update to version 20170922: + * Allow setuid root for singularity (group only) bsc#1028304 + +--- Old: permissions-20170913.tar.xz New: permissions-20170922.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.8sExxs/_old 2017-09-25 13:50:39.388784768 +0200 +++ /var/tmp/diff_new_pack.8sExxs/_new 2017-09-25 13:50:39.392784205 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:20170913 +Version:20170922 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ _servicedata ++ --- /var/tmp/diff_new_pack.8sExxs/_old 2017-09-25 13:50:39.428779141 +0200 +++ /var/tmp/diff_new_pack.8sExxs/_new 2017-09-25 13:50:39.428779141 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 0826e4862f152b8169d87f0e0e4593fb35ab8529 \ No newline at end of file + 15ece10fa35f4b3677bcbd7aed9ccf525ffe0a67 \ No newline at end of file ++ permissions-20170913.tar.xz -> permissions-20170922.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170913/permissions.easy new/permissions-20170922/permissions.easy --- old/permissions-20170913/permissions.easy 2017-09-13 18:52:57.0 +0200 +++ new/permissions-20170922/permissions.easy 2017-09-22 15:53:38.0 +0200 @@ -339,6 +339,14 @@ # wireshark (not yet) /usr/bin/dumpcap root:root 0755 +# singularity (bsc#1028304) +/usr/lib/singularity/bin/expand-suid root:singularity 4750 +/usr/lib/singularity/bin/mount-suidroot:singularity 4750 +/usr/lib/singularity/bin/create-suid root:singularity 4750 +/usr/lib/singularity/bin/action-suid root:singularity 4750 +/usr/lib/singularity/bin/export-suid root:singularity 4750 +/usr/lib/singularity/bin/import-suid root:singularity 4750 + # # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 @@ -387,7 +395,6 @@ /usr/lib/gstreamer-1.0/gst-ptp-helper root:root 0755 +capabilities cap_net_bind_service=ep - # # suexec is only secure if the document root doesn't contain files # writeable by wwwrun. Make sure you have a safe server setup diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170913/permissions.paranoid new/permissions-20170922/permissions.paranoid --- old/permissions-20170913/permissions.paranoid 2017-09-13 18:52:57.0 +0200 +++ new/permissions-20170922/permissions.paranoid 2017-09-22 15:53:38.0 +0200 @@ -350,6 +350,14 @@ # wireshark (not yet) /usr/bin/dumpcap root:root 0755 +# singularity (bsc#1028304) +/usr/lib/singularity/bin/expand-suid root:singularity 0750 +/usr/lib/singularity/bin/mount-suidroot:singularity 0750 +/usr/lib/singularity/bin/create-suid root:singularity 0750 +/usr/lib/singularity/bin/action-suid root:singularity 0750 +/usr/lib/singularity/bin/export-suid root:singularity 0750 +/usr/lib/singularity/bin/import-suid root:singularity 0750 + # # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170913/permissions.secure new/permissions-20170922/permissions.secure --- old/permissions-20170913/permissions.secure 2017-09-13 18:52:57.0 +0200 +++ new/permissions-20170922/permissions.secure 2017-09-22 15:53:38.0 +0200 @@ -378,6 +378,14 @@ # wireshark (not yet) /usr/bin/dumpcap root:root 0755 +# sin
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2017-09-15 21:02:55 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Fri Sep 15 21:02:55 2017 rev:108 rq:526050 version:20170913 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2017-06-23 09:13:18.129355408 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2017-09-15 21:02:58.173921411 +0200 @@ -1,0 +2,13 @@ +Wed Sep 13 16:53:20 UTC 2017 - astie...@suse.com + +- Update to version 20170913: + * Allow setuid for shadow newuidmap, newgidmap bsc#979282, bsc#1048645) + +--- +Wed Sep 06 09:44:00 UTC 2017 - opensuse-packag...@opensuse.org + +- Update to version 20170906: + * permissions - copy dbus-daemon-launch-helper from / to /usr - bsc#1056764 + * permissions: Adding suid bit for VBoxNetNAT (bsc#1033425) + +--- Old: permissions-20170602.tar.xz New: permissions-20170913.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.4Ey1qp/_old 2017-09-15 21:02:58.881822038 +0200 +++ /var/tmp/diff_new_pack.4Ey1qp/_new 2017-09-15 21:02:58.885821478 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:20170602 +Version:20170913 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ _servicedata ++ --- /var/tmp/diff_new_pack.4Ey1qp/_old 2017-09-15 21:02:58.929815301 +0200 +++ /var/tmp/diff_new_pack.4Ey1qp/_new 2017-09-15 21:02:58.929815301 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 1cf8eb193920f201e1d313046bba2271f745bd0e + 0826e4862f152b8169d87f0e0e4593fb35ab8529 \ No newline at end of file ++ permissions-20170602.tar.xz -> permissions-20170913.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170602/permissions.easy new/permissions-20170913/permissions.easy --- old/permissions-20170602/permissions.easy 2017-06-02 12:49:23.0 +0200 +++ new/permissions-20170913/permissions.easy 2017-09-13 18:52:57.0 +0200 @@ -300,6 +300,9 @@ # dbus-1 (#61) /lib/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 /lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 +# dbus-1 in /usr #1056764) +/usr/lib/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 +/usr/lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 4750 # policycoreutils (#440596) /usr/bin/newroleroot:root 4755 @@ -314,6 +317,8 @@ /usr/lib/virtualbox/VBoxNetAdpCtl root:vboxusers4750 # bnc#669055 /usr/lib/virtualbox/VBoxNetDHCP root:vboxusers4750 +# bsc#1033425 +/usr/lib/virtualbox/VBoxNetNAT root:vboxusers4750 # open-vm-tools (bnc#474285) /usr/bin/vmware-user-suid-wrapper root:root 4755 @@ -394,6 +399,6 @@ # /usr/sbin/suexec root:root 0755 -# newgidmap / newuidmap (bsc#979282) -/usr/bin/newgidmap root:shadow 0755 -/usr/bin/newuidmap root:shadow 0755 +# newgidmap / newuidmap (bsc#979282, bsc#1048645) +/usr/bin/newgidmap root:shadow 4755 +/usr/bin/newuidmap root:shadow 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20170602/permissions.paranoid new/permissions-20170913/permissions.paranoid --- old/permissions-20170602/permissions.paranoid 2017-06-02 12:49:23.0 +0200 +++ new/permissions-20170913/permissions.paranoid 2017-09-13 18:52:57.0 +0200 @@ -310,6 +310,9 @@ # dbus-1 (#61) /lib/dbus-1/dbus-daemon-launch-helper root:messagebus 0750 /lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 0750 +# dbus-1 in /usr #1056764) +/usr/lib/dbus-1/dbus-daemon-launch-helper root:messagebus 0750 +/usr/lib64/dbus-1/dbus-daemon-launch-helper root:messagebus 0750 # policycoreutils (#440596) /usr/bin/newroleroot:root 0755 @@ -324,6 +327,9 @@ /usr/lib/virtualbox/VBoxNetAdpCtl
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2017-06-23 09:13:16 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Fri Jun 23 09:13:16 2017 rev:107 rq:501683 version:20170602 Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2016-08-16 13:00:51.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2017-06-23 09:13:18.129355408 +0200 @@ -1,0 +2,19 @@ +Wed Jun 7 10:58:37 UTC 2017 - dims...@opensuse.org + +- BuildIgnore group(trusted): we don't really care for this group + in the buildroot and do not want to get system-users into the + bootstrap cycle as we can avoid it. + +--- +Sat Jun 3 07:21:24 UTC 2017 - meiss...@suse.com + +- Require: group(trusted), as we are handing it out to some unsuspecting + binaries and it is no longer default. (bsc#1041159 for fuse, also cronie, etc) + +--- +Fri Jun 2 10:55:09 UTC 2017 - meiss...@suse.com + +- Update to version 20170602: + * make /etc/ppp owned by root:root. The group dialout usage is no longer used + +--- Old: permissions-20160807.tar.xz New: permissions-20170602.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.dKzaR3/_old 2017-06-23 09:13:18.789262168 +0200 +++ /var/tmp/diff_new_pack.dKzaR3/_new 2017-06-23 09:13:18.793261603 +0200 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,14 +20,18 @@ BuildRequires: libcap-devel Name: permissions -Version:20160807 +Version:20170602 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq Summary:SUSE Linux Default Permissions +# Maintained in github by the security team. License:GPL-2.0+ Group: Productivity/Security -# Maintained in github by the security team. +%if 0%{?suse_version} >= 1330 +Requires(pre): group(trusted) +#!BuildIgnore: group(trusted) +%endif Source: permissions-%{version}.tar.xz BuildRoot: %{_tmppath}/%{name}-%{version}-build Url:http://github.com/openSUSE/permissions ++ _servicedata ++ --- /var/tmp/diff_new_pack.dKzaR3/_old 2017-06-23 09:13:18.837255387 +0200 +++ /var/tmp/diff_new_pack.dKzaR3/_new 2017-06-23 09:13:18.837255387 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - 8ee9ae34fc10f290b5cd4b3295004704cde86a5a \ No newline at end of file + 1cf8eb193920f201e1d313046bba2271f745bd0e ++ permissions-20160807.tar.xz -> permissions-20170602.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20160807/permissions new/permissions-20170602/permissions --- old/permissions-20160807/permissions2016-08-07 14:03:19.0 +0200 +++ new/permissions-20170602/permissions2017-06-02 12:49:23.0 +0200 @@ -116,7 +116,7 @@ /etc/opiekeys root:root 600 -/etc/ppp/ root:dialout 750 +/etc/ppp/ root:root 750 /etc/ppp/chap-secrets root:root 600 /etc/ppp/pap-secretsroot:root 600
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2016-08-16 13:00:50 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2016-05-26 23:52:54.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2016-08-16 13:00:51.0 +0200 @@ -1,0 +2,18 @@ +Sun Aug 07 12:00:00 UTC 2016 - meiss...@suse.com + +- Update to version 20160807: + * suexec2 is a symlink, no need for permissions handling + +--- +Tue Aug 02 08:47:53 UTC 2016 - meiss...@suse.com + +- Update to version 20160802: + * list the newuidmap and newgidmap, currently 0755 until review is done (bsc#979282) + * root:shadow 0755 for newuidmap/newgidmap + +--- +Tue Aug 2 08:29:32 UTC 2016 - krah...@suse.com + +- adding qemu-bridge-helper mode 04750 (bsc#988279) + +--- Old: permissions-20160413.tar.xz New: permissions-20160807.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.P1TlEZ/_old 2016-08-16 13:00:52.0 +0200 +++ /var/tmp/diff_new_pack.P1TlEZ/_new 2016-08-16 13:00:52.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:20160413 +Version:20160807 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ _servicedata ++ --- /var/tmp/diff_new_pack.P1TlEZ/_old 2016-08-16 13:00:52.0 +0200 +++ /var/tmp/diff_new_pack.P1TlEZ/_new 2016-08-16 13:00:52.0 +0200 @@ -1,4 +1,4 @@ https://github.com/openSUSE/permissions.git - a0d1ad1352f3badc255dcc46a41901461af2e5f5 \ No newline at end of file + 8ee9ae34fc10f290b5cd4b3295004704cde86a5a \ No newline at end of file ++ permissions-20160413.tar.xz -> permissions-20160807.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20160413/permissions.easy new/permissions-20160807/permissions.easy --- old/permissions-20160413/permissions.easy 2016-05-23 10:39:00.0 +0200 +++ new/permissions-20160807/permissions.easy 2016-08-07 14:03:19.0 +0200 @@ -362,8 +362,10 @@ /usr/bin/readcdroot:root 755 /usr/bin/cdda2wav root:root 755 -# qemu-bridge-helper has no special privileges currently (bnc#765948) -/usr/lib/qemu-bridge-helperroot:root 755 +# qemu-bridge-helper (bnc#765948, bsc#988279) +/usr/lib/qemu-bridge-helperroot:kvm04750 +/usr/lib64/qemu-bridge-helper root:kvm04750 + # systemd-journal (bnc#888151) /var/log/journal/ root:systemd-journal 2755 @@ -388,6 +390,10 @@ # https://bugzilla.novell.com/show_bug.cgi?id=263789 # http://httpd.apache.org/docs/trunk/suexec.html # You need to override this in permissions.local. +# suexec2 is a symlink for now, leave as-is # -/usr/sbin/suexec2 root:root 0755 /usr/sbin/suexec root:root 0755 + +# newgidmap / newuidmap (bsc#979282) +/usr/bin/newgidmap root:shadow 0755 +/usr/bin/newuidmap root:shadow 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-20160413/permissions.paranoid new/permissions-20160807/permissions.paranoid --- old/permissions-20160413/permissions.paranoid 2016-05-23 10:39:00.0 +0200 +++ new/permissions-20160807/permissions.paranoid 2016-08-07 14:03:19.0 +0200 @@ -372,6 +372,8 @@ # qemu-bridge-helper has no special privileges currently (bnc#765948) /usr/lib/qemu-bridge-helperroot:root 755 +/usr/lib64/qemu-bridge-helper root:root 755 + # systemd-journal (bnc#888151) /var/log/journal/ root:systemd-journal 2755 @@ -394,6 +396,10 @@ # https://bugzilla.novell.com/show_bug.cgi?id=263789 # http://httpd.apache.org/docs/trunk/suexec.html # You need to override this in permissions.local. +# suexec2 is a symlink for now, leave as-is # -/usr/sbin/suexec2
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2016-05-26 23:52:53 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2016-01-16 11:55:51.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2016-05-26 23:52:54.0 +0200 @@ -1,0 +2,17 @@ +Mon May 23 09:15:22 UTC 2016 - dims...@opensuse.org + +- Introduce _service to easier update the package. For simplicity, + change the version from .mm.dd to mmdd (which is eactly + %cd in the _service defintion). Upgrading is no problem. + +--- +Mon May 23 09:00:11 UTC 2016 - meiss...@suse.com + +- chage only needs read rights to /etc/shadow, so setgid shadow is sufficient (bsc#975352) + +--- +Wed Mar 30 11:14:41 UTC 2016 - meiss...@suse.com + +- permissions: adding gstreamer ptp file caps (bsc#960173) + +--- Old: permissions-2016.01.15.1451.tar.bz2 New: _service _servicedata permissions-20160413.tar.xz Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.SdlGKq/_old 2016-05-26 23:52:55.0 +0200 +++ /var/tmp/diff_new_pack.SdlGKq/_new 2016-05-26 23:52:55.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2016.01.15.1451 +Version:20160413 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq @@ -28,7 +28,7 @@ License:GPL-2.0+ Group: Productivity/Security # Maintained in github by the security team. -Source: permissions-%{version}.tar.bz2 +Source: permissions-%{version}.tar.xz BuildRoot: %{_tmppath}/%{name}-%{version}-build Url:http://github.com/openSUSE/permissions ++ _service ++ https://github.com/openSUSE/permissions.git git %cd enable *.tar xz ++ _servicedata ++ https://github.com/openSUSE/permissions.git a0d1ad1352f3badc255dcc46a41901461af2e5f5
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2016-01-16 11:55:50 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2015-10-06 13:23:19.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2016-01-16 11:55:51.0 +0100 @@ -1,0 +2,16 @@ +Fri Jan 15 14:19:44 UTC 2016 - meiss...@suse.com + +- the apache folks renamed suexec2 to suexec with symlink. adjust both (bsc#962060) + +--- +Tue Jan 12 14:30:01 UTC 2016 - meiss...@suse.com + +- pinger needs to be squid:root, not root:squid (there is no squid group) bsc#961363 + +--- +Thu Oct 29 09:40:30 UTC 2015 - meiss...@suse.com + +- add suexec with 0755 to all standard profiles. this can and should be overridden in permissions.local if you need it setuid root. bsc#951765 bsc#263789 +- added missing / to the squid specific directories (bsc#950557) + +--- Old: permissions-2015.09.28.1626.tar.bz2 New: permissions-2016.01.15.1451.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.tokRE3/_old 2016-01-16 11:55:52.0 +0100 +++ /var/tmp/diff_new_pack.tokRE3/_new 2016-01-16 11:55:52.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2015.09.28.1626 +Version:2016.01.15.1451 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2015.09.28.1626.tar.bz2 -> permissions-2016.01.15.1451.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2015.09.28.1626/permissions.easy new/permissions-2016.01.15.1451/permissions.easy --- old/permissions-2015.09.28.1626/permissions.easy2015-09-28 16:26:23.0 +0200 +++ new/permissions-2016.01.15.1451/permissions.easy2016-01-15 14:51:59.0 +0100 @@ -77,9 +77,9 @@ /usr/sbin/pam_auth root:shadow 4755 # squid changes from bnc#891268 -/var/cache/squidsquid:root0750 -/var/log/squid squid:root0750 -/usr/sbin/pingerroot:squid0750 +/var/cache/squid/ squid:root0750 +/var/log/squid/ squid:root0750 +/usr/sbin/pingersquid:root0750 +capabilities cap_net_raw=ep /usr/sbin/basic_pam_authroot:shadow 2750 @@ -375,3 +375,13 @@ # radosgw (bsc#943471) /usr/bin/radosgw root:www0750 +capabilities cap_net_bind_service=ep +# +# suexec is only secure if the document root doesn't contain files +# writeable by wwwrun. Make sure you have a safe server setup +# before setting the setuid bit! See also +# https://bugzilla.novell.com/show_bug.cgi?id=263789 +# http://httpd.apache.org/docs/trunk/suexec.html +# You need to override this in permissions.local. +# +/usr/sbin/suexec2 root:root 0755 +/usr/sbin/suexec root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2015.09.28.1626/permissions.local new/permissions-2016.01.15.1451/permissions.local --- old/permissions-2015.09.28.1626/permissions.local 2015-09-28 16:26:23.0 +0200 +++ new/permissions-2016.01.15.1451/permissions.local 2016-01-15 14:51:59.0 +0100 @@ -35,6 +35,7 @@ # http://httpd.apache.org/docs/trunk/suexec.html # #/usr/sbin/suexec2root:root 4755 +#/usr/sbin/suexec root:root 4755 # setuid bit on Xorg is only needed if no display manager, ie startx # is used. Beware of CVE-2010-2240. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2015-10-06 13:23:17 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2015-06-11 08:20:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2015-10-06 13:23:19.0 +0200 @@ -1,0 +2,10 @@ +Mon Sep 28 14:27:19 UTC 2015 - meiss...@suse.com + +- adjusted radosgw to root:www mode 0750 (bsc#943471) + +--- +Mon Sep 28 13:35:10 UTC 2015 - meiss...@suse.com + +- radosgw can get capability cap_bind_net_service (bsc#943471) + +--- Old: permissions-2015.05.21.1505.tar.bz2 New: permissions-2015.09.28.1626.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.q52yJX/_old 2015-10-06 13:23:20.0 +0200 +++ /var/tmp/diff_new_pack.q52yJX/_new 2015-10-06 13:23:20.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2015.05.21.1505 +Version:2015.09.28.1626 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2015.05.21.1505.tar.bz2 -> permissions-2015.09.28.1626.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2015.05.21.1505/permissions.easy new/permissions-2015.09.28.1626/permissions.easy --- old/permissions-2015.05.21.1505/permissions.easy2015-05-21 15:05:41.0 +0200 +++ new/permissions-2015.09.28.1626/permissions.easy2015-09-28 16:26:23.0 +0200 @@ -372,4 +372,6 @@ /usr/lib/iouyaproot:iouyap 0750 +capabilities cap_net_raw,cap_net_admin=ep - +# radosgw (bsc#943471) +/usr/bin/radosgw root:www0750 + +capabilities cap_net_bind_service=ep diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2015.05.21.1505/permissions.paranoid new/permissions-2015.09.28.1626/permissions.paranoid --- old/permissions-2015.05.21.1505/permissions.paranoid2015-05-21 15:05:41.0 +0200 +++ new/permissions-2015.09.28.1626/permissions.paranoid2015-09-28 16:26:23.0 +0200 @@ -379,3 +379,5 @@ #iouyap (bnc#904060) /usr/lib/iouyaproot:iouyap 0750 +# radosgw (bsc#943471) +/usr/bin/radosgw root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2015.05.21.1505/permissions.secure new/permissions-2015.09.28.1626/permissions.secure --- old/permissions-2015.05.21.1505/permissions.secure 2015-05-21 15:05:41.0 +0200 +++ new/permissions-2015.09.28.1626/permissions.secure 2015-09-28 16:26:23.0 +0200 @@ -407,3 +407,6 @@ #iouyap (bnc#904060) /usr/lib/iouyaproot:iouyap 0750 +# radosgw (bsc#943471) +/usr/bin/radosgw root:www0750 + +capabilities cap_net_bind_service=ep
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-12-10 23:43:44 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-11-10 22:15:20.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-12-10 23:43:12.0 +0100 @@ -1,0 +2,5 @@ +Wed Dec 3 16:36:54 UTC 2014 - krah...@suse.com + +- Added iouyap capabilities (bnc#904060) + +--- Old: permissions-2014.11.05.1706.tar.bz2 New: permissions-2014.12.03.1512.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.i5V0Lz/_old 2014-12-10 23:43:13.0 +0100 +++ /var/tmp/diff_new_pack.i5V0Lz/_new 2014-12-10 23:43:13.0 +0100 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2014.11.05.1706 +Version:2014.12.03.1512 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2014.11.05.1706.tar.bz2 -> permissions-2014.12.03.1512.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.11.05.1706/permissions.easy new/permissions-2014.12.03.1512/permissions.easy --- old/permissions-2014.11.05.1706/permissions.easy2014-11-05 17:06:34.0 +0100 +++ new/permissions-2014.12.03.1512/permissions.easy2014-12-03 15:12:07.0 +0100 @@ -373,3 +373,8 @@ # systemd-journal (bnc#888151) /var/log/journal/ root:systemd-journal 2755 +#iouyap (bnc#904060) +/usr/lib/iouyaproot:iouyap 0750 + +capabilities cap_net_raw,cap_net_admin=ep + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.11.05.1706/permissions.paranoid new/permissions-2014.12.03.1512/permissions.paranoid --- old/permissions-2014.11.05.1706/permissions.paranoid2014-11-05 17:06:34.0 +0100 +++ new/permissions-2014.12.03.1512/permissions.paranoid2014-12-03 15:12:07.0 +0100 @@ -381,3 +381,6 @@ # systemd-journal (bnc#888151) /var/log/journal/ root:systemd-journal 2755 +#iouyap (bnc#904060) +/usr/lib/iouyaproot:iouyap 0750 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.11.05.1706/permissions.secure new/permissions-2014.12.03.1512/permissions.secure --- old/permissions-2014.11.05.1706/permissions.secure 2014-11-05 17:06:34.0 +0100 +++ new/permissions-2014.12.03.1512/permissions.secure 2014-12-03 15:12:07.0 +0100 @@ -409,3 +409,6 @@ # systemd-journal (bnc#888151) /var/log/journal/ root:systemd-journal 2755 +#iouyap (bnc#904060) +/usr/lib/iouyaproot:iouyap 0750 + -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-11-10 22:15:19 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-08-29 17:42:28.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-11-10 22:15:20.0 +0100 @@ -1,0 +2,7 @@ +Wed Nov 5 16:07:01 UTC 2014 - meiss...@suse.com + +- %{_bindir}/get_printing_ticket turned to mode 700, setuid root no longer needed (bnc#685093) +- permissions: incorporating squid changes from bnc#891268 +- hint that chkstat --system --set needs to be run after editing bnc#895647 + +--- Old: permissions-2014.08.26.1452.tar.bz2 New: permissions-2014.11.05.1706.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.nZIeXs/_old 2014-11-10 22:15:21.0 +0100 +++ /var/tmp/diff_new_pack.nZIeXs/_new 2014-11-10 22:15:21.0 +0100 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2014.08.26.1452 +Version:2014.11.05.1706 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2014.08.26.1452.tar.bz2 -> permissions-2014.11.05.1706.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.08.26.1452/permissions.easy new/permissions-2014.11.05.1706/permissions.easy --- old/permissions-2014.08.26.1452/permissions.easy2014-08-26 14:52:59.0 +0200 +++ new/permissions-2014.11.05.1706/permissions.easy2014-11-05 17:06:34.0 +0100 @@ -76,6 +76,14 @@ # from the squid package /usr/sbin/pam_auth root:shadow 4755 +# squid changes from bnc#891268 +/var/cache/squidsquid:root0750 +/var/log/squid squid:root0750 +/usr/sbin/pingerroot:squid0750 + +capabilities cap_net_raw=ep +/usr/sbin/basic_pam_authroot:shadow 2750 + + # still to be converted to utempter /usr/lib/gnome-pty-helper root:utmp 2755 @@ -137,9 +145,9 @@ /usr/sbin/change-passwd root:root 4755 # -# smb printing with kerberos authentication (#177114) +# smb printing with kerberos authentication (bnc#177114) (bnc#685093) # -/usr/bin/get_printing_ticketroot:lp 4750 +/usr/bin/get_printing_ticketroot:lp 0700 # # networking (need root for the privileged socket) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.08.26.1452/permissions.local new/permissions-2014.11.05.1706/permissions.local --- old/permissions-2014.08.26.1452/permissions.local 2014-08-26 14:52:59.0 +0200 +++ new/permissions-2014.11.05.1706/permissions.local 2014-11-05 17:06:34.0 +0100 @@ -1,6 +1,10 @@ # # /etc/permissions.local # +# After editing this file run +# chkstat --system --set +# to apply the changes. +# # This file is used by chkstat (and indirectly by various RPM package scripts) # to check or set the modes and ownerships of files and directories in # the installation. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.08.26.1452/permissions.paranoid new/permissions-2014.11.05.1706/permissions.paranoid --- old/permissions-2014.08.26.1452/permissions.paranoid2014-08-26 14:52:59.0 +0200 +++ new/permissions-2014.11.05.1706/permissions.paranoid2014-11-05 17:06:34.0 +0100 @@ -91,6 +91,13 @@ # from the squid package /usr/sbin/pam_auth root:shadow 0755 +# squid changes from bnc#891268 +/var/cache/squidsquid:root0750 +/var/log/squid squid:root0750 +/usr/sbin/pingerroot:squid0750 +/usr/sbin/basic_pam_authroot:shadow 0750 + + # still to be converted to utempter /usr/lib/gnome-pty-helper root:utmp 0755 @@ -153,9 +160,9 @@ /usr/sbin/change-passwd root:root 0755 # -
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-08-29 17:42:18 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-08-03 15:35:36.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-08-29 17:42:28.0 +0200 @@ -1,0 +2,6 @@ +Tue Aug 26 13:00:07 UTC 2014 - meiss...@suse.com + +- Do not applies permissions from backup files (~ / .rpmsave / .rpmnew) (bnc#893370) +- do not mention SuSEconfig anymore, long dead (bnc#843083) + +--- Old: permissions-2014.08.01.1324.tar.bz2 New: permissions-2014.08.26.1452.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.keKqUa/_old 2014-08-29 17:42:30.0 +0200 +++ /var/tmp/diff_new_pack.keKqUa/_new 2014-08-29 17:42:30.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2014.08.01.1324 +Version:2014.08.26.1452 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2014.08.01.1324.tar.bz2 -> permissions-2014.08.26.1452.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.08.01.1324/chkstat.c new/permissions-2014.08.26.1452/chkstat.c --- old/permissions-2014.08.01.1324/chkstat.c 2014-08-01 13:24:53.0 +0200 +++ new/permissions-2014.08.26.1452/chkstat.c 2014-08-26 14:52:59.0 +0200 @@ -351,6 +351,13 @@ char* p; if (!strcmp("..", d->d_name) || !strcmp(".", d->d_name)) continue; + + /* filter out backup files */ + if ((strlen(d->d_name)>2) && (d->d_name[strlen(d->d_name)-1] == '~')) + continue; + if (strstr(d->d_name,".rpmnew") || strstr(d->d_name,".rpmsave")) + continue; + ensure_array((void**)&files, &nfiles); if ((p = strchr(d->d_name, '.'))) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.08.01.1324/permissions new/permissions-2014.08.26.1452/permissions --- old/permissions-2014.08.01.1324/permissions 2014-08-01 13:24:53.0 +0200 +++ new/permissions-2014.08.26.1452/permissions 2014-08-26 14:52:59.0 +0200 @@ -5,8 +5,8 @@ # # Author: Roman Drahtmueller , 2001 # -# This file is used by SuSEconfig and chkstat to check or set the modes -# and ownerships of files and directories in the installation. +# This file is used by chkstat (and indirectly by various RPM scripts) +# to check or set the modes and ownerships of files and directories in the installation. # # There is a set of files with similar meaning in a SuSE installation: # /etc/permissions (This file) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.08.01.1324/permissions.local new/permissions-2014.08.26.1452/permissions.local --- old/permissions-2014.08.01.1324/permissions.local 2014-08-01 13:24:53.0 +0200 +++ new/permissions-2014.08.26.1452/permissions.local 2014-08-26 14:52:59.0 +0200 @@ -1,8 +1,9 @@ # # /etc/permissions.local # -# This file is used by SuSEconfig and chkstat to check or set the modes -# and ownerships of files and directories in the installation. +# This file is used by chkstat (and indirectly by various RPM package scripts) +# to check or set the modes and ownerships of files and directories in +# the installation. # # In particular, this file will not be touched during an upgrade of the # installation. It is designed to be a placeholder for local -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-08-03 15:35:35 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-07-25 09:08:55.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-08-03 15:35:36.0 +0200 @@ -1,0 +2,5 @@ +Fri Aug 1 11:25:40 UTC 2014 - meiss...@suse.com + +- append a / to /var/log/journal so the framework makes sure it is a directory bnc#888151 + +--- Old: permissions-2014.07.23.1321.tar.bz2 New: permissions-2014.08.01.1324.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.FZLYvY/_old 2014-08-03 15:35:37.0 +0200 +++ /var/tmp/diff_new_pack.FZLYvY/_new 2014-08-03 15:35:37.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2014.07.23.1321 +Version:2014.08.01.1324 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2014.07.23.1321.tar.bz2 -> permissions-2014.08.01.1324.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.07.23.1321/permissions.easy new/permissions-2014.08.01.1324/permissions.easy --- old/permissions-2014.07.23.1321/permissions.easy2014-07-23 13:21:34.0 +0200 +++ new/permissions-2014.08.01.1324/permissions.easy2014-08-01 13:24:53.0 +0200 @@ -363,5 +363,5 @@ /usr/lib/qemu-bridge-helperroot:root 755 # systemd-journal (bnc#888151) -/var/log/journalroot:systemd-journal 2755 +/var/log/journal/ root:systemd-journal 2755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.07.23.1321/permissions.paranoid new/permissions-2014.08.01.1324/permissions.paranoid --- old/permissions-2014.07.23.1321/permissions.paranoid2014-07-23 13:21:34.0 +0200 +++ new/permissions-2014.08.01.1324/permissions.paranoid2014-08-01 13:24:53.0 +0200 @@ -372,5 +372,5 @@ /usr/lib/qemu-bridge-helperroot:root 755 # systemd-journal (bnc#888151) -/var/log/journalroot:systemd-journal 2755 +/var/log/journal/ root:systemd-journal 2755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.07.23.1321/permissions.secure new/permissions-2014.08.01.1324/permissions.secure --- old/permissions-2014.07.23.1321/permissions.secure 2014-07-23 13:21:34.0 +0200 +++ new/permissions-2014.08.01.1324/permissions.secure 2014-08-01 13:24:53.0 +0200 @@ -399,5 +399,5 @@ /usr/lib/qemu-bridge-helperroot:root 755 # systemd-journal (bnc#888151) -/var/log/journalroot:systemd-journal 2755 +/var/log/journal/ root:systemd-journal 2755 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-07-25 09:08:51 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-07-02 15:18:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-07-25 09:08:55.0 +0200 @@ -1,0 +2,11 @@ +Wed Jul 23 11:38:42 UTC 2014 - meiss...@suse.com + +- make innbind mode 4550 (bnc#876287) +- permissions: Adding systemd-journal directory (bnc#888151) + +--- +Mon Jul 21 13:31:48 UTC 2014 - krah...@suse.com + +- permissions: Adding new kdesud path for KDE5 (bnc#872276) + +--- Old: permissions-2014.06.30.1743.tar.bz2 New: permissions-2014.07.23.1321.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.HZMXus/_old 2014-07-25 09:08:56.0 +0200 +++ /var/tmp/diff_new_pack.HZMXus/_new 2014-07-25 09:08:56.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2014.06.30.1743 +Version:2014.07.23.1321 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2014.06.30.1743.tar.bz2 -> permissions-2014.07.23.1321.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.06.30.1743/permissions.easy new/permissions-2014.07.23.1321/permissions.easy --- old/permissions-2014.06.30.1743/permissions.easy2014-06-30 17:43:17.0 +0200 +++ new/permissions-2014.07.23.1321/permissions.easy2014-07-23 13:21:34.0 +0200 @@ -209,6 +209,9 @@ /opt/kde3/bin/kdesudroot:nogroup 2755 /usr/lib/kde4/libexec/kdesudroot:nogroup 2755 /usr/lib64/kde4/libexec/kdesud root:nogroup 2755 +/usr/lib/libexec/kf5/kdesud root:nogroup 2755 +/usr/lib64/libexec/kf5/kdesud root:nogroup 2755 + # used for getting proxy settings from dhcp /opt/kde3/bin/kpac_dhcp_helper root:root 4755 # used to distract the oom killer @@ -252,7 +255,7 @@ # /usr/lib/news/bin/rnews news:uucp 4550 /usr/lib/news/bin/inews news:news 2555 -/usr/lib/news/bin/innbind root:news 4554 +/usr/lib/news/bin/innbind root:news 4550 # # sendfax @@ -358,3 +361,7 @@ # qemu-bridge-helper has no special privileges currently (bnc#765948) /usr/lib/qemu-bridge-helperroot:root 755 + +# systemd-journal (bnc#888151) +/var/log/journalroot:systemd-journal 2755 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.06.30.1743/permissions.paranoid new/permissions-2014.07.23.1321/permissions.paranoid --- old/permissions-2014.06.30.1743/permissions.paranoid2014-06-30 17:43:17.0 +0200 +++ new/permissions-2014.07.23.1321/permissions.paranoid2014-07-23 13:21:34.0 +0200 @@ -219,6 +219,9 @@ /opt/kde3/bin/kdesudroot:nogroup 0755 /usr/lib/kde4/libexec/kdesudroot:nogroup 0755 /usr/lib64/kde4/libexec/kdesud root:nogroup 0755 +/usr/lib/libexec/kf5/kdesud root:nogroup 0755 +/usr/lib64/libexec/kf5/kdesud root:nogroup 0755 + # used for getting proxy settings from dhcp /opt/kde3/bin/kpac_dhcp_helper root:root 0755 # used to distract the oom killer @@ -367,3 +370,7 @@ # qemu-bridge-helper has no special privileges currently (bnc#765948) /usr/lib/qemu-bridge-helperroot:root 755 + +# systemd-journal (bnc#888151) +/var/log/journalroot:systemd-journal 2755 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.06.30.1743/permissions.secure new/permissions-2014.07.23.1321/permissions.secure --- old/permissions-2014.06.30.1743/permissions.secure 2014-06-30 17:43:17.0 +0200 +++ new/permissions-2014.07.23.1321/perm
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-07-02 15:18:20 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-06-18 22:04:26.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-07-02 15:18:21.0 +0200 @@ -1,0 +2,5 @@ +Tue Jul 1 11:19:57 UTC 2014 - meiss...@suse.com + +- vlock_main lost its permission checking, so remove from here. + +--- Old: permissions-2014.06.16.1345.tar.bz2 New: permissions-2014.06.30.1743.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.23DP7S/_old 2014-07-02 15:18:22.0 +0200 +++ /var/tmp/diff_new_pack.23DP7S/_new 2014-07-02 15:18:22.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2014.06.16.1345 +Version:2014.06.30.1743 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2014.06.16.1345.tar.bz2 -> permissions-2014.06.30.1743.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.06.16.1345/permissions new/permissions-2014.06.30.1743/permissions --- old/permissions-2014.06.16.1345/permissions 2014-06-16 13:45:27.0 +0200 +++ new/permissions-2014.06.30.1743/permissions 2014-06-30 17:43:17.0 +0200 @@ -179,8 +179,6 @@ # wodim is not allowed setuid root as cd burning does not strictly require # it (bnc#882035) /usr/bin/wodim root:root 0755 -# vlock is not allowed setuid root as code is unproven quality (bnc#882035) -/usr/sbin/vlock-mainroot:root 0755 # we no longer make rpm build dirs 1777 /usr/src/packages/SOURCES/ root:root 0755 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-06-18 22:04:25 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-04-16 07:25:05.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-06-18 22:04:26.0 +0200 @@ -1,0 +2,10 @@ +Mon Jun 16 11:46:15 UTC 2014 - meiss...@suse.com + +- opiesu,wodim,vlock-main have no setuid root. (bnc#882035) + +--- +Thu Jun 5 08:10:33 UTC 2014 - meiss...@suse.com + +- tighten /etc/crontab to be always mode 600, even in easy (bnc#867799) + +--- Old: permissions-2014.04.15.1621.tar.bz2 New: permissions-2014.06.16.1345.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.1YSqpB/_old 2014-06-18 22:04:27.0 +0200 +++ /var/tmp/diff_new_pack.1YSqpB/_new 2014-06-18 22:04:27.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2014.04.15.1621 +Version:2014.06.16.1345 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2014.04.15.1621.tar.bz2 -> permissions-2014.06.16.1345.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.04.15.1621/permissions new/permissions-2014.06.16.1345/permissions --- old/permissions-2014.04.15.1621/permissions 2014-04-15 16:21:15.0 +0200 +++ new/permissions-2014.06.16.1345/permissions 2014-06-16 13:45:27.0 +0200 @@ -174,6 +174,14 @@ /var/lib/named/dev/null root:root 0666 /var/lib/named/dev/random root:root 0666 +# opiesu is not allowed setuid root as code quality is bad (bnc#882035) +/usr/bin/opiesuroot:root 0755 +# wodim is not allowed setuid root as cd burning does not strictly require +# it (bnc#882035) +/usr/bin/wodim root:root 0755 +# vlock is not allowed setuid root as code is unproven quality (bnc#882035) +/usr/sbin/vlock-mainroot:root 0755 + # we no longer make rpm build dirs 1777 /usr/src/packages/SOURCES/ root:root 0755 /usr/src/packages/BUILD/root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.04.15.1621/permissions.easy new/permissions-2014.06.16.1345/permissions.easy --- old/permissions-2014.04.15.1621/permissions.easy2014-04-15 16:21:15.0 +0200 +++ new/permissions-2014.06.16.1345/permissions.easy2014-06-16 13:45:27.0 +0200 @@ -24,7 +24,7 @@ # # /etc # -/etc/crontabroot:root 644 +/etc/crontabroot:root 600 /etc/exportsroot:root 644 /etc/fstab root:root 644 # we don't package it -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-04-16 07:25:04 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2014-03-27 06:15:20.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-04-16 07:25:05.0 +0200 @@ -1,0 +2,5 @@ +Tue Apr 15 14:24:36 UTC 2014 - meiss...@suse.com + +- duplicate /var/run entries to /run (bnc#873708) + +--- Old: permissions-2014.03.24.1202.tar.bz2 New: permissions-2014.04.15.1621.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.2iXgbt/_old 2014-04-16 07:25:08.0 +0200 +++ /var/tmp/diff_new_pack.2iXgbt/_new 2014-04-16 07:25:08.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2014.03.24.1202 +Version:2014.04.15.1621 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2014.03.24.1202.tar.bz2 -> permissions-2014.04.15.1621.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.03.24.1202/permissions new/permissions-2014.04.15.1621/permissions --- old/permissions-2014.03.24.1202/permissions 2014-03-24 12:02:32.0 +0100 +++ new/permissions-2014.04.15.1621/permissions 2014-04-15 16:21:15.0 +0200 @@ -71,7 +71,9 @@ /var/cache/man/ man:root 755 /var/yp/root:root 755 /var/run/nscd/socket root:root 666 +/run/nscd/socket root:root 666 /var/run/sudo/ root:root 700 +/run/sudo/ root:root 700 # # login tracking @@ -81,6 +83,7 @@ /var/log/wtmp root:utmp 664 /var/log/btmp root:root 600 /var/run/utmp root:utmp 664 +/run/utmp root:utmp 664 # # some device files diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.03.24.1202/permissions.easy new/permissions-2014.04.15.1621/permissions.easy --- old/permissions-2014.03.24.1202/permissions.easy2014-03-24 12:02:32.0 +0100 +++ new/permissions-2014.04.15.1621/permissions.easy2014-04-15 16:21:15.0 +0200 @@ -19,6 +19,7 @@ # for screen's session sockets: /var/run/uscreens/ root:root 1777 +/run/uscreens/ root:root 1777 # # /etc diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.03.24.1202/permissions.paranoid new/permissions-2014.04.15.1621/permissions.paranoid --- old/permissions-2014.03.24.1202/permissions.paranoid2014-03-24 12:02:32.0 +0100 +++ new/permissions-2014.04.15.1621/permissions.paranoid2014-04-15 16:21:15.0 +0200 @@ -33,6 +33,7 @@ # # for screen's session sockets: /var/run/uscreens/ root:trusted 1775 +/run/uscreens/ root:trusted 1775 # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2014.03.24.1202/permissions.secure new/permissions-2014.04.15.1621/permissions.secure --- old/permissions-2014.03.24.1202/permissions.secure 2014-03-24 12:02:32.0 +0100 +++ new/permissions-2014.04.15.1621/permissions.secure 2014-04-15 16:21:15.0 +0200 @@ -57,6 +57,7 @@ # # for screen's session sockets: /var/run/uscreens/ root:root 1777 +/run/uscreens/ root:root 1777 # # /etc -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2014-03-27 06:15:19 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-10-29 09:33:32.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2014-03-27 06:15:20.0 +0100 @@ -1,0 +2,6 @@ +Mon Mar 24 10:31:20 UTC 2014 - krah...@suse.com + +- permissions: incorporating capability for mtr, removing +s from ping + (bnc#865351) + +--- Old: permissions-2013.10.28.1145.tar.bz2 New: permissions-2014.03.24.1202.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.lNrYUk/_old 2014-03-27 06:15:21.0 +0100 +++ /var/tmp/diff_new_pack.lNrYUk/_new 2014-03-27 06:15:21.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2013.10.28.1145 +Version:2014.03.24.1202 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2013.10.28.1145.tar.bz2 -> permissions-2014.03.24.1202.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.10.28.1145/permissions.easy new/permissions-2014.03.24.1202/permissions.easy --- old/permissions-2013.10.28.1145/permissions.easy2013-10-28 11:45:26.0 +0100 +++ new/permissions-2014.03.24.1202/permissions.easy2014-03-24 12:02:32.0 +0100 @@ -143,12 +143,13 @@ # # networking (need root for the privileged socket) # -/usr/bin/ping root:root 4755 +/usr/bin/ping root:root 0755 +capabilities cap_net_raw=ep -/usr/bin/ping6 root:root 4755 +/usr/bin/ping6 root:root 0755 +capabilities cap_net_raw=ep # mtr is linked against ncurses. For dialout only. -/usr/sbin/mtr root:dialout 4750 +/usr/sbin/mtr root:dialout 0750 + +capabilities cap_net_raw=ep /usr/bin/rcproot:root 4755 /usr/bin/rlogin root:root 4755 /usr/bin/rshroot:root 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.10.28.1145/permissions.paranoid new/permissions-2014.03.24.1202/permissions.paranoid --- old/permissions-2013.10.28.1145/permissions.paranoid2013-10-28 11:45:26.0 +0100 +++ new/permissions-2014.03.24.1202/permissions.paranoid2014-03-24 12:02:32.0 +0100 @@ -162,7 +162,7 @@ /usr/bin/ping root:root 0755 /usr/bin/ping6 root:root 0755 # mtr is linked against ncurses. -/usr/sbin/mtr root:dialout 0755 +/usr/sbin/mtr root:dialout 0750 /usr/bin/rcproot:root 0755 /usr/bin/rlogin root:root 0755 /usr/bin/rshroot:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.10.28.1145/permissions.secure new/permissions-2014.03.24.1202/permissions.secure --- old/permissions-2013.10.28.1145/permissions.secure 2013-10-28 11:45:26.0 +0100 +++ new/permissions-2014.03.24.1202/permissions.secure 2014-03-24 12:02:32.0 +0100 @@ -181,12 +181,12 @@ # # networking (need root for the privileged socket) # -/usr/bin/ping root:root 4755 +/usr/bin/ping root:root 0755 +capabilities cap_net_raw=ep -/usr/bin/ping6 root:root
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2013-10-29 09:33:31 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-08-23 11:05:49.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2013-10-29 09:33:32.0 +0100 @@ -1,0 +2,6 @@ +Mon Oct 28 10:46:48 UTC 2013 - meiss...@suse.com + +- GIT repo moved to GITHUB. +- removed the setuid bit from "eject" (bnc#824406) + +--- Old: permissions-2013.08.22.1339.tar.bz2 New: permissions-2013.10.28.1145.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.9cFmDa/_old 2013-10-29 09:33:33.0 +0100 +++ /var/tmp/diff_new_pack.9cFmDa/_new 2013-10-29 09:33:33.0 +0100 @@ -20,16 +20,17 @@ BuildRequires: libcap-devel Name: permissions -Version:2013.08.22.1339 +Version:2013.10.28.1145 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq Summary:SUSE Linux Default Permissions License:GPL-2.0+ Group: Productivity/Security +# Maintained in github by the security team. Source: permissions-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build -Url:http://gitorious.org/opensuse/permissions +Url:http://github.com/openSUSE/permissions %description Permission settings of files and directories depending on the ++ permissions-2013.08.22.1339.tar.bz2 -> permissions-2013.10.28.1145.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.08.22.1339/permissions.easy new/permissions-2013.10.28.1145/permissions.easy --- old/permissions-2013.08.22.1339/permissions.easy2013-08-22 13:39:35.0 +0200 +++ new/permissions-2013.10.28.1145/permissions.easy2013-10-28 11:45:26.0 +0100 @@ -58,7 +58,6 @@ /sbin/mount.nfs root:root 4755 /bin/mount root:root 4755 /bin/umount root:root 4755 -/usr/bin/eject root:audio4755 # # #133657 /usr/bin/fusermount root:trusted 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.08.22.1339/permissions.paranoid new/permissions-2013.10.28.1145/permissions.paranoid --- old/permissions-2013.08.22.1339/permissions.paranoid2013-08-22 13:39:35.0 +0200 +++ new/permissions-2013.10.28.1145/permissions.paranoid2013-10-28 11:45:26.0 +0100 @@ -73,7 +73,6 @@ /sbin/mount.nfs root:root 0755 /bin/mount root:root 0755 /bin/umount root:root 0755 -/usr/bin/eject root:audio0750 # # #133657 /usr/bin/fusermount root:trusted 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.08.22.1339/permissions.secure new/permissions-2013.10.28.1145/permissions.secure --- old/permissions-2013.08.22.1339/permissions.secure 2013-08-22 13:39:35.0 +0200 +++ new/permissions-2013.10.28.1145/permissions.secure 2013-10-28 11:45:26.0 +0100 @@ -96,7 +96,6 @@ /sbin/mount.nfs root:root 0755 /bin/mount root:root 4755 /bin/umount root:root 4755 -/usr/bin/eject root:audio4750 # # #133657 /usr/bin/fusermount root:trusted 4750 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2013-08-23 11:05:47 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-08-21 16:47:19.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2013-08-23 11:05:49.0 +0200 @@ -1,0 +2,5 @@ +Thu Aug 22 11:40:20 UTC 2013 - meiss...@suse.com + +- do not use magic constants for strlen (bnc#834790 + +--- Old: permissions-2013.08.21.1452.tar.bz2 New: permissions-2013.08.22.1339.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.GsWvQM/_old 2013-08-23 11:05:50.0 +0200 +++ /var/tmp/diff_new_pack.GsWvQM/_new 2013-08-23 11:05:50.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2013.08.21.1452 +Version:2013.08.22.1339 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2013.08.21.1452.tar.bz2 -> permissions-2013.08.22.1339.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.08.21.1452/chkstat.c new/permissions-2013.08.22.1339/chkstat.c --- old/permissions-2013.08.21.1452/chkstat.c 2013-08-21 14:52:46.0 +0200 +++ new/permissions-2013.08.22.1339/chkstat.c 2013-08-22 13:39:35.0 +0200 @@ -282,9 +282,10 @@ //fprintf(stderr, "invalid value for CHECK_PERMISSIONS (must be 'set', 'warn' or 'no')\n"); } } - else if (have_fscaps == -1 && !strncmp(p, "PERMISSION_FSCAPS=", 19)) +#define FSCAPSENABLE "PERMISSION_FSCAPS=" + else if (have_fscaps == -1 && !strncmp(p, FSCAPSENABLE, strlen(FSCAPSENABLE))) { - p+=19; + p+=strlen(FSCAPSENABLE); if (isquote(*p)) ++p; if (!strncmp(p, "yes", 3)) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2013-08-21 16:47:17 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-06-13 20:27:17.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2013-08-21 16:47:19.0 +0200 @@ -1,0 +2,16 @@ +Wed Aug 21 12:53:39 UTC 2013 - meiss...@suse.com + +- Chrome sandbox also allowed to be setuid root in secure mode now (bnc#718016) + +--- +Fri Aug 16 13:25:56 UTC 2013 - meiss...@suse.com + +- use PERMISSION_FSCAPS + +--- +Fri Aug 16 13:08:10 UTC 2013 - meiss...@suse.com + +- it is PERMISSIONS_FSCAPS (bnc#834790) +- qemu-bridge-helper has no special privileges currently (bnc#765948) + +--- Old: permissions-2013.06.12.1309.tar.bz2 New: permissions-2013.08.21.1452.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.kCqeRs/_old 2013-08-21 16:47:20.0 +0200 +++ /var/tmp/diff_new_pack.kCqeRs/_new 2013-08-21 16:47:20.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2013.06.12.1309 +Version:2013.08.21.1452 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2013.06.12.1309.tar.bz2 -> permissions-2013.08.21.1452.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.06.12.1309/chkstat.c new/permissions-2013.08.21.1452/chkstat.c --- old/permissions-2013.06.12.1309/chkstat.c 2013-06-12 13:09:16.0 +0200 +++ new/permissions-2013.08.21.1452/chkstat.c 2013-08-21 14:52:46.0 +0200 @@ -282,7 +282,7 @@ //fprintf(stderr, "invalid value for CHECK_PERMISSIONS (must be 'set', 'warn' or 'no')\n"); } } - else if (have_fscaps == -1 && !strncmp(p, "PERMISSIONS_FSCAPS=", 19)) + else if (have_fscaps == -1 && !strncmp(p, "PERMISSION_FSCAPS=", 19)) { p+=19; if (isquote(*p)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.06.12.1309/permissions.easy new/permissions-2013.08.21.1452/permissions.easy --- old/permissions-2013.06.12.1309/permissions.easy2013-06-12 13:09:16.0 +0200 +++ new/permissions-2013.08.21.1452/permissions.easy2013-08-21 14:52:46.0 +0200 @@ -354,3 +354,6 @@ # no special privileges are needed for cd reading. /usr/bin/readcdroot:root 755 /usr/bin/cdda2wav root:root 755 + +# qemu-bridge-helper has no special privileges currently (bnc#765948) +/usr/lib/qemu-bridge-helperroot:root 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.06.12.1309/permissions.paranoid new/permissions-2013.08.21.1452/permissions.paranoid --- old/permissions-2013.06.12.1309/permissions.paranoid2013-06-12 13:09:16.0 +0200 +++ new/permissions-2013.08.21.1452/permissions.paranoid2013-08-21 14:52:46.0 +0200 @@ -364,3 +364,6 @@ /usr/bin/cdrecord root:root 755 /usr/bin/readcd root:root 755 /usr/bin/cdda2wav root:root 755 + +# qemu-bridge-helper has no special privileges currently (bnc#765948) +/usr/lib/qemu-bridge-helperroot:root 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.06.12.1309/permissions.secure new/permissions-2013.08.21.1452/permissions.secure --- old/permissions-2013.06.12.1309/permissions.secure 2013-06-12 13:09:16.0 +0200 +++ new/permissions-2013.08.21.1452/permissions.secure 2013-08-21 14:52:46.0 +0200 @@ -358,7 +358,7 @@ /usr/sbin/hawk_invoke root:haclient 4750 # chromium (bnc#718016) -/usr/lib/chrome_sandbox root:root 0755 +/usr/lib/chrome_sandbox root:root 4755 # ecryptfs-utils (bnc#740110) /sbin/mount.ecryptfs_privateroot:r
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2013-06-13 20:27:16 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-05-13 15:12:06.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2013-06-13 20:27:17.0 +0200 @@ -1,0 +2,12 @@ +Wed Jun 12 11:10:18 UTC 2013 - meiss...@suse.com + +- utempter helper binary moved in new version to /usr/lib/utempter/utempter (bnc#823302) + +--- +Mon Jun 10 09:46:15 UTC 2013 - meiss...@suse.com + +- cdrtools: allow some filesystem capabilities for more stable CD/DVD + burning in "easy" mode. (bnc#550021) (cap_sys_nice, cap_sys_rawio, + cap_sys_resource, cap_ipc_lock) + +--- Old: permissions-2013.05.08.1626.tar.bz2 New: permissions-2013.06.12.1309.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.9sWKdV/_old 2013-06-13 20:27:18.0 +0200 +++ /var/tmp/diff_new_pack.9sWKdV/_new 2013-06-13 20:27:18.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2013.05.08.1626 +Version:2013.06.12.1309 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2013.05.08.1626.tar.bz2 -> permissions-2013.06.12.1309.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.05.08.1626/permissions new/permissions-2013.06.12.1309/permissions --- old/permissions-2013.05.08.1626/permissions 2013-05-08 16:26:23.0 +0200 +++ new/permissions-2013.06.12.1309/permissions 2013-06-12 13:09:16.0 +0200 @@ -122,6 +122,7 @@ # utempter /usr/sbin/utempter root:utmp 2755 +/usr/lib/utempter/utempter root:utmp 2755 # ensure correct permissions on ssh files to avoid sshd refusing # logins (bnc#398250) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.05.08.1626/permissions.easy new/permissions-2013.06.12.1309/permissions.easy --- old/permissions-2013.05.08.1626/permissions.easy2013-05-08 16:26:23.0 +0200 +++ new/permissions-2013.06.12.1309/permissions.easy2013-06-12 13:09:16.0 +0200 @@ -347,8 +347,10 @@ /usr/bin/pccardctl root:trusted 4755 # cdrecord of cdrtools from Joerg Schilling (bnc#550021) -# not allowed setuid root or any capabilities unless audit bug is resolved -# leave it disabled until it is in the distro to allow their overrides -#/usr/bin/cdrecord root:root 755 -#/usr/bin/readcd root:root 755 -#/usr/bin/cdda2wav root:root 755 +# Please note that additional capabilities are provided only for reliable +# CD/DVD burning and do not cover all use-cases of cdrecord. +/usr/bin/cdrecord root:root 755 + +capabilities cap_sys_resource,cap_sys_nice,cap_ipc_lock,cap_sys_rawio=ep +# no special privileges are needed for cd reading. +/usr/bin/readcdroot:root 755 +/usr/bin/cdda2wav root:root 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.05.08.1626/permissions.paranoid new/permissions-2013.06.12.1309/permissions.paranoid --- old/permissions-2013.05.08.1626/permissions.paranoid2013-05-08 16:26:23.0 +0200 +++ new/permissions-2013.06.12.1309/permissions.paranoid2013-06-12 13:09:16.0 +0200 @@ -359,7 +359,8 @@ /usr/bin/pccardctl root:trusted 0755 # cdrecord of cdrtools from Joerg Schilling (bnc#550021) -# not allowed setuid root or any capabilities unless audit bug is resolved +# in paranoid mode, no provisions are made for reliable cd burning, as admins +# will have very likely prohibited that anyway. /usr/bin/cdrecord root:root 755 /usr/bin/readcd root:root 755 /usr/bin/cdda2wav root:root 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore'
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2013-05-13 15:12:04 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-05-06 10:11:15.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2013-05-13 15:12:06.0 +0200 @@ -1,0 +2,5 @@ +Wed May 8 14:27:12 UTC 2013 - meiss...@suse.com + +- leave out readcd,cdda2wav,cdrecord until it is ready for the distro (bnc#550021) + +--- Old: permissions-2013.05.04.1031.tar.bz2 New: permissions-2013.05.08.1626.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.XvqaV5/_old 2013-05-13 15:12:07.0 +0200 +++ /var/tmp/diff_new_pack.XvqaV5/_new 2013-05-13 15:12:07.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2013.05.04.1031 +Version:2013.05.08.1626 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2013.05.04.1031.tar.bz2 -> permissions-2013.05.08.1626.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.05.04.1031/permissions.easy new/permissions-2013.05.08.1626/permissions.easy --- old/permissions-2013.05.04.1031/permissions.easy2013-05-04 10:31:04.0 +0200 +++ new/permissions-2013.05.08.1626/permissions.easy2013-05-08 16:26:23.0 +0200 @@ -348,6 +348,7 @@ # cdrecord of cdrtools from Joerg Schilling (bnc#550021) # not allowed setuid root or any capabilities unless audit bug is resolved -/usr/bin/cdrecord root:root 755 -/usr/bin/readcdroot:root 755 -/usr/bin/cdda2wav root:root 755 +# leave it disabled until it is in the distro to allow their overrides +#/usr/bin/cdrecord root:root 755 +#/usr/bin/readcd root:root 755 +#/usr/bin/cdda2wav root:root 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.05.04.1031/permissions.secure new/permissions-2013.05.08.1626/permissions.secure --- old/permissions-2013.05.04.1031/permissions.secure 2013-05-04 10:31:04.0 +0200 +++ new/permissions-2013.05.08.1626/permissions.secure 2013-05-08 16:26:23.0 +0200 @@ -387,6 +387,7 @@ # cdrecord of cdrtools from Joerg Schilling (bnc#550021) # not allowed setuid root or any capabilities unless audit bug is resolved -/usr/bin/cdrecord root:root 755 -/usr/bin/readcd root:root 755 -/usr/bin/cdda2wav root:root 755 +# leave it out until it is in the distro +#/usr/bin/cdrecord root:root 755 +#/usr/bin/readcd root:root 755 +#/usr/bin/cdda2wav root:root 755 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2013-05-06 10:11:14 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-01-31 10:28:45.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2013-05-06 10:11:15.0 +0200 @@ -1,0 +2,6 @@ +Sat May 4 08:32:17 UTC 2013 - meiss...@suse.com + +- cdrecord currently has no special permissions approved (bnc#550021) +- append a / + +--- Old: permissions-2013.01.29.1841.tar.bz2 New: permissions-2013.05.04.1031.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.un1aor/_old 2013-05-06 10:11:17.0 +0200 +++ /var/tmp/diff_new_pack.un1aor/_new 2013-05-06 10:11:17.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2013.01.29.1841 +Version:2013.05.04.1031 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2013.01.29.1841.tar.bz2 -> permissions-2013.05.04.1031.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.01.29.1841/permissions.easy new/permissions-2013.05.04.1031/permissions.easy --- old/permissions-2013.01.29.1841/permissions.easy2013-01-29 18:41:57.0 +0100 +++ new/permissions-2013.05.04.1031/permissions.easy2013-05-04 10:31:04.0 +0200 @@ -346,3 +346,8 @@ /usr/sbin/pccardctl root:trusted 4755 /usr/bin/pccardctl root:trusted 4755 +# cdrecord of cdrtools from Joerg Schilling (bnc#550021) +# not allowed setuid root or any capabilities unless audit bug is resolved +/usr/bin/cdrecord root:root 755 +/usr/bin/readcdroot:root 755 +/usr/bin/cdda2wav root:root 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.01.29.1841/permissions.paranoid new/permissions-2013.05.04.1031/permissions.paranoid --- old/permissions-2013.01.29.1841/permissions.paranoid2013-01-29 18:41:57.0 +0100 +++ new/permissions-2013.05.04.1031/permissions.paranoid2013-05-04 10:31:04.0 +0200 @@ -357,3 +357,9 @@ /usr/bin/isdnctrl root:dialout 0755 /usr/sbin/pccardctl root:trusted 0755 /usr/bin/pccardctl root:trusted 0755 + +# cdrecord of cdrtools from Joerg Schilling (bnc#550021) +# not allowed setuid root or any capabilities unless audit bug is resolved +/usr/bin/cdrecord root:root 755 +/usr/bin/readcd root:root 755 +/usr/bin/cdda2wav root:root 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.01.29.1841/permissions.secure new/permissions-2013.05.04.1031/permissions.secure --- old/permissions-2013.01.29.1841/permissions.secure 2013-01-29 18:41:57.0 +0100 +++ new/permissions-2013.05.04.1031/permissions.secure 2013-05-04 10:31:04.0 +0200 @@ -384,3 +384,9 @@ /usr/bin/isdnctrl root:dialout 4750 /usr/sbin/pccardctl root:trusted 4750 /usr/bin/pccardctl root:trusted 4750 + +# cdrecord of cdrtools from Joerg Schilling (bnc#550021) +# not allowed setuid root or any capabilities unless audit bug is resolved +/usr/bin/cdrecord root:root 755 +/usr/bin/readcd root:root 755 +/usr/bin/cdda2wav root:root 755 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2013-01-31 10:28:43 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "meiss...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-12-03 11:18:01.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2013-01-31 10:28:45.0 +0100 @@ -1,0 +2,5 @@ +Tue Jan 29 14:00:08 UTC 2013 - meiss...@suse.com + +- Allow pcp to have stickybit worldwriteable directories + +--- Old: permissions-2012.11.27.1640.tar.bz2 New: permissions-2013.01.29.1841.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.E2LB8o/_old 2013-01-31 10:28:46.0 +0100 +++ /var/tmp/diff_new_pack.E2LB8o/_new 2013-01-31 10:28:46.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2012.11.27.1640 +Version:2013.01.29.1841 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2012.11.27.1640.tar.bz2 -> permissions-2013.01.29.1841.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.11.27.1640/permissions.easy new/permissions-2013.01.29.1841/permissions.easy --- old/permissions-2012.11.27.1640/permissions.easy2012-11-27 16:40:51.0 +0100 +++ new/permissions-2013.01.29.1841/permissions.easy2013-01-29 18:41:57.0 +0100 @@ -271,6 +271,13 @@ /usr/lib/uucp/uucicouucp:uucp 6555 /usr/lib/uucp/uuxqt uucp:uucp 6555 +# pcp (bnc#782967) +/var/lib/pcp/tmp/ root:root 1777 +/var/lib/pcp/tmp/pmdabash/ root:root 1777 +/var/lib/pcp/tmp/mmv/ root:root 1777 +/var/lib/pcp/tmp/pmlogger/ root:root 1777 +/var/lib/pcp/tmp/pmie/ root:root 1777 + # PolicyKit (#295341) /usr/lib/PolicyKit/polkit-set-default-helperpolkituser:root 4755 /usr/lib/PolicyKit/polkit-read-auth-helper root:polkituser 2755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.11.27.1640/permissions.paranoid new/permissions-2013.01.29.1841/permissions.paranoid --- old/permissions-2012.11.27.1640/permissions.paranoid2012-11-27 16:40:51.0 +0100 +++ new/permissions-2013.01.29.1841/permissions.paranoid2013-01-29 18:41:57.0 +0100 @@ -283,6 +283,13 @@ /usr/lib/uucp/uucicouucp:uucp 0555 /usr/lib/uucp/uuxqt uucp:uucp 0555 +# pcp (bnc#782967) +/var/lib/pcp/tmp/ root:root 0755 +/var/lib/pcp/tmp/pmdabash/ root:root 0755 +/var/lib/pcp/tmp/mmv/ root:root 0755 +/var/lib/pcp/tmp/pmlogger/ root:root 0755 +/var/lib/pcp/tmp/pmie/ root:root 0755 + # PolicyKit (#295341) /usr/lib/PolicyKit/polkit-set-default-helperroot:polkituser 0755 /usr/lib/PolicyKit/polkit-read-auth-helper root:polkituser 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.11.27.1640/permissions.secure new/permissions-2013.01.29.1841/permissions.secure --- old/permissions-2012.11.27.1640/permissions.secure 2012-11-27 16:40:51.0 +0100 +++ new/permissions-2013.01.29.1841/permissions.secure 2013-01-29 18:41:57.0 +0100 @@ -309,6 +309,14 @@ /usr/lib/uucp/uucicouucp:uucp 6555 /usr/lib/uucp/uuxqt uucp:uucp 6555 + +# pcp (bnc#782967) +/var/lib/pcp/tmp/ root:root 0755 +/var/lib/pcp/tmp/pmdabash/
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-12-03 11:17:54 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "meiss...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-11-22 17:02:38.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-12-03 11:18:01.0 +0100 @@ -1,0 +2,8 @@ +Tue Nov 27 15:41:16 UTC 2012 - meiss...@suse.com + +- add /usr/bin/dumpcap to watchlist +- make fscaps=1 the default on "" +- added PERMISSION_FSCAPS to the sysconfig/security fillup template. +- /bin/ping(6) was moved to /usr/bin/ping(6) /bin/eject was moved to /usr/bin/eject + +--- Old: permissions-2012.10.15.1348.tar.bz2 New: permissions-2012.11.27.1640.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.1VZ9KD/_old 2012-12-03 11:18:02.0 +0100 +++ /var/tmp/diff_new_pack.1VZ9KD/_new 2012-12-03 11:18:02.0 +0100 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2012.10.15.1348 +Version:2012.11.27.1640 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2012.10.15.1348.tar.bz2 -> permissions-2012.11.27.1640.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.10.15.1348/chkstat.c new/permissions-2012.11.27.1640/chkstat.c --- old/permissions-2012.10.15.1348/chkstat.c 2012-10-15 13:48:16.0 +0200 +++ new/permissions-2012.11.27.1640/chkstat.c 2012-11-27 16:40:51.0 +0100 @@ -298,7 +298,8 @@ p+=2; if (isquote(*p) || !*p) have_fscaps=0; - } + } else + have_fscaps=1; /* default */ } } fclose(fp); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.10.15.1348/permissions.easy new/permissions-2012.11.27.1640/permissions.easy --- old/permissions-2012.10.15.1348/permissions.easy2012-10-15 13:48:16.0 +0200 +++ new/permissions-2012.11.27.1640/permissions.easy2012-11-27 16:40:51.0 +0100 @@ -58,7 +58,7 @@ /sbin/mount.nfs root:root 4755 /bin/mount root:root 4755 /bin/umount root:root 4755 -/bin/eject root:audio4755 +/usr/bin/eject root:audio4755 # # #133657 /usr/bin/fusermount root:trusted 4755 @@ -144,9 +144,9 @@ # # networking (need root for the privileged socket) # -/bin/ping root:root 4755 +/usr/bin/ping root:root 4755 +capabilities cap_net_raw=ep -/bin/ping6 root:root 4755 +/usr/bin/ping6 root:root 4755 +capabilities cap_net_raw=ep # mtr is linked against ncurses. For dialout only. /usr/sbin/mtr root:dialout 4750 @@ -312,11 +312,14 @@ /usr/sbin/hawk_invoke root:haclient 4750 # chromium (bnc#718016) -/usr/lib/chrome_sandbox root:root 4755 +/usr/lib/chrome_sandbox root:root 4755 # ecryptfs-utils (bnc#740110) /sbin/mount.ecryptfs_private root:root 4755 +# wireshark (not yet) +/usr/bin/dumpcap root:root 0755 + # # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 @@ -327,7 +330,6 @@ /usr/bin/mount.nfs root:root 4755 /usr/bin/mount root:root 4755 /usr/bin/umount root:root 4755 -/usr/bin/eject root:audio4755 /usr/sbin/unix_chkpwd root:shadow 4755 /usr/bin/unix_chkpwdroot:shadow 4755 /usr/sbin/unix2_chkpwd root:s
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-11-22 17:02:36 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "meiss...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-10-16 07:18:36.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-11-22 17:02:38.0 +0100 @@ -1,0 +2,9 @@ +Wed Nov 21 13:56:34 UTC 2012 - lnus...@suse.de + +- apply permissions settings in %post. During initial installation + some packages might be installed before the permissions package + due to dependency loops so we need to make sure their settings + are applied too. Also, on update of the permissions package + changed permission settings may need to be applied. + +--- Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.33UWCI/_old 2012-11-22 17:02:39.0 +0100 +++ /var/tmp/diff_new_pack.33UWCI/_new 2012-11-22 17:02:39.0 +0100 @@ -55,6 +55,8 @@ %post %{fillup_only -n security} +# apply all potentially changed permissions +/usr/bin/chkstat --system %files %defattr(-,root,root,-) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-10-16 07:18:34 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "meiss...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-09-26 10:11:00.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-10-16 07:18:36.0 +0200 @@ -1,0 +2,7 @@ +Mon Oct 15 11:49:04 UTC 2012 - lnus...@suse.de + +- temporarily add su.core. workaround for the migration of su from + coreutils to util-linux needs to be reverted as soon as util-linux + is also in + +--- Old: permissions-2012.09.25.1654.tar.bz2 New: permissions-2012.10.15.1348.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.1f0ZKg/_old 2012-10-16 07:18:37.0 +0200 +++ /var/tmp/diff_new_pack.1f0ZKg/_new 2012-10-16 07:18:37.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2012.09.25.1654 +Version:2012.10.15.1348 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2012.09.25.1654.tar.bz2 -> permissions-2012.10.15.1348.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.09.25.1654/permissions.easy new/permissions-2012.10.15.1348/permissions.easy --- old/permissions-2012.09.25.1654/permissions.easy2012-09-25 16:54:47.0 +0200 +++ new/permissions-2012.10.15.1348/permissions.easy2012-10-15 13:48:16.0 +0200 @@ -321,6 +321,8 @@ # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 /usr/bin/su root:root 4755 +# temporary hack to make the move from coreutils to util-linux work +/usr/bin/su.coreroot:root 4755 /usr/sbin/mount.nfs root:root 4755 /usr/bin/mount.nfs root:root 4755 /usr/bin/mount root:root 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.09.25.1654/permissions.paranoid new/permissions-2012.10.15.1348/permissions.paranoid --- old/permissions-2012.09.25.1654/permissions.paranoid2012-09-25 16:54:47.0 +0200 +++ new/permissions-2012.10.15.1348/permissions.paranoid2012-10-15 13:48:16.0 +0200 @@ -333,6 +333,8 @@ # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 /usr/bin/su root:root 0755 +# temporary hack to make the move from coreutils to util-linux work +/usr/bin/su.coreroot:root 0755 /usr/sbin/mount.nfs root:root 0755 /usr/bin/mount.nfs root:root 0755 /usr/bin/mount root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.09.25.1654/permissions.secure new/permissions-2012.10.15.1348/permissions.secure --- old/permissions-2012.09.25.1654/permissions.secure 2012-09-25 16:54:47.0 +0200 +++ new/permissions-2012.10.15.1348/permissions.secure 2012-10-15 13:48:16.0 +0200 @@ -359,6 +359,8 @@ # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 /usr/bin/su root:root 4755 +# temporary hack to make the move from coreutils to util-linux work +/usr/bin/su.coreroot:root 4755 /usr/sbin/mount.nfs root:root 0755 /usr/bin/mount.nfs root:root 0755 /usr/bin/mount root:root 4755 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-09-26 10:10:56 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "lnus...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-07-09 10:00:15.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-09-26 10:11:00.0 +0200 @@ -1,0 +2,5 @@ +Tue Sep 25 14:55:21 UTC 2012 - meiss...@suse.com + +- no longer install SuSEconfig.permissions, SuSEconfig is gone. + +--- Old: permissions-2012.07.06.1059.tar.bz2 New: permissions-2012.09.25.1654.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.2JHnaf/_old 2012-09-26 10:11:03.0 +0200 +++ /var/tmp/diff_new_pack.2JHnaf/_new 2012-09-26 10:11:03.0 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version:2012.07.06.1059 +Version:2012.09.25.1654 Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq @@ -66,7 +66,6 @@ %{_bindir}/chkstat %{_mandir}/man5/permissions.5* %{_mandir}/man8/chkstat.8* -/sbin/conf.d/SuSEconfig.permissions /var/adm/fillup-templates/sysconfig.security %changelog ++ permissions-2012.07.06.1059.tar.bz2 -> permissions-2012.09.25.1654.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.07.06.1059/Makefile new/permissions-2012.09.25.1654/Makefile --- old/permissions-2012.07.06.1059/Makefile2012-07-06 10:59:51.0 +0200 +++ new/permissions-2012.09.25.1654/Makefile2012-09-25 16:54:47.0 +0200 @@ -21,7 +21,6 @@ @for i in $(bindir) $(suseconfigdir) $(man8dir) $(man5dir) $(fillupdir) $(sysconfdir); \ do install -d -m 755 $(DESTDIR)$$i; done @install -m 755 chkstat $(DESTDIR)$(bindir) - @install -m 755 SuSEconfig.permissions $(DESTDIR)$(suseconfigdir) @install -m 644 chkstat.8 $(DESTDIR)$(man8dir) @install -m 644 permissions.5 $(DESTDIR)$(man5dir) @install -m 644 sysconfig.security $(DESTDIR)$(fillupdir) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-07-09 10:00:13 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "lnus...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-06-01 22:32:34.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-07-09 10:00:15.0 +0200 @@ -1,0 +2,10 @@ +Fri Jul 6 09:01:18 UTC 2012 - meiss...@suse.com + +- enable ecryptfs-utils setuid root mount wrapper (bnc#740110) in .easy + +--- +Mon Jun 4 11:37:27 UTC 2012 - lnus...@suse.de + +- remove /var/run/vi.recover (bnc#765288) + +--- Old: permissions-2012.06.01.0923.tar.bz2 New: permissions-2012.07.06.1059.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.HlqyRT/_old 2012-07-09 10:00:16.0 +0200 +++ /var/tmp/diff_new_pack.HlqyRT/_new 2012-07-09 10:00:16.0 +0200 @@ -14,21 +14,19 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - -# norootforbuild # icecream 0 + BuildRequires: libcap-devel Name: permissions -License:GPL-2.0+ -Group: Productivity/Security -AutoReqProv:on -Version:2012.06.01.0923 -Release:1 +Version:2012.07.06.1059 +Release:0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq Summary:SUSE Linux Default Permissions +License:GPL-2.0+ +Group: Productivity/Security Source: permissions-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build Url:http://gitorious.org/opensuse/permissions ++ permissions-2012.06.01.0923.tar.bz2 -> permissions-2012.07.06.1059.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.06.01.0923/permissions new/permissions-2012.07.06.1059/permissions --- old/permissions-2012.06.01.0923/permissions 2012-06-01 09:23:33.0 +0200 +++ new/permissions-2012.07.06.1059/permissions 2012-07-06 10:59:51.0 +0200 @@ -58,7 +58,6 @@ # /var/tmp/ root:root 1777 -/var/tmp/vi.recover/root:root 1777 /var/log/ root:root 755 /var/spool/ root:root 755 /var/spool/mqueue/ root:root 700 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.06.01.0923/permissions.easy new/permissions-2012.07.06.1059/permissions.easy --- old/permissions-2012.06.01.0923/permissions.easy2012-06-01 09:23:33.0 +0200 +++ new/permissions-2012.07.06.1059/permissions.easy2012-07-06 10:59:51.0 +0200 @@ -314,6 +314,9 @@ # chromium (bnc#718016) /usr/lib/chrome_sandbox root:root 4755 +# ecryptfs-utils (bnc#740110) +/sbin/mount.ecryptfs_private root:root 4755 + # # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.06.01.0923/permissions.paranoid new/permissions-2012.07.06.1059/permissions.paranoid --- old/permissions-2012.06.01.0923/permissions.paranoid2012-06-01 09:23:33.0 +0200 +++ new/permissions-2012.07.06.1059/permissions.paranoid2012-07-06 10:59:51.0 +0200 @@ -326,6 +326,9 @@ # chromium (bnc#718016) /usr/lib/chrome_sandbox root:root 0755 +# ecryptfs-utils (bnc#740110) +/sbin/mount.ecryptfs_privateroot:root 0755 + # # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.06.01.0923/permissions.secure new/permissions-2012.07.06.1059/permissions.secure --- old/permissions-2012.06.01.0923/permissions.secure 2012-06-01 09:23:33.0 +0200 +++ new/permissions-2012.07.06.1059/permissions.secure 2012-07-06 10:59:51.0 +0200 @@ -352,6 +352,9 @@ # chromium (bnc#718016) /usr/lib/chrome_sandbox
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-06-01 22:31:50 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "lnus...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-06-01 07:22:50.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-06-01 22:32:34.0 +0200 @@ -1,0 +2,6 @@ +Fri Jun 1 07:23:46 UTC 2012 - lnus...@suse.de + +- remove /var/cache/fonts (bnc#764885) +- remove /var/lib/xemacs/lock/ (bnc#764887) + +--- Old: permissions-2012.05.31.1307.tar.bz2 New: permissions-2012.06.01.0923.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.SK5hzN/_old 2012-06-01 22:32:36.0 +0200 +++ /var/tmp/diff_new_pack.SK5hzN/_new 2012-06-01 22:32:36.0 +0200 @@ -24,7 +24,7 @@ License:GPL-2.0+ Group: Productivity/Security AutoReqProv:on -Version:2012.05.31.1307 +Version:2012.06.01.0923 Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2012.05.31.1307.tar.bz2 -> permissions-2012.06.01.0923.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.05.31.1307/permissions new/permissions-2012.06.01.0923/permissions --- old/permissions-2012.05.31.1307/permissions 2012-05-31 13:07:15.0 +0200 +++ new/permissions-2012.06.01.0923/permissions 2012-06-01 09:23:33.0 +0200 @@ -69,7 +69,6 @@ /var/adm/ root:root 755 /var/adm/backup/root:root 700 /var/cache/ root:root 755 -/var/cache/fonts/ root:root 1777 /var/cache/man/ man:root 755 /var/yp/root:root 755 /var/run/nscd/socket root:root 666 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.05.31.1307/permissions.easy new/permissions-2012.06.01.0923/permissions.easy --- old/permissions-2012.05.31.1307/permissions.easy2012-05-31 13:07:15.0 +0200 +++ new/permissions-2012.06.01.0923/permissions.easy2012-06-01 09:23:33.0 +0200 @@ -17,8 +17,6 @@ # Directories # -# lock file for emacs -/var/lib/xemacs/lock/ root:root 1777 # for screen's session sockets: /var/run/uscreens/ root:root 1777 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.05.31.1307/permissions.paranoid new/permissions-2012.06.01.0923/permissions.paranoid --- old/permissions-2012.05.31.1307/permissions.paranoid2012-05-31 13:07:15.0 +0200 +++ new/permissions-2012.06.01.0923/permissions.paranoid2012-06-01 09:23:33.0 +0200 @@ -31,8 +31,6 @@ # # Directories # -# no lock files for emacs: -/var/lib/xemacs/lock/ root:trusted 1775 # for screen's session sockets: /var/run/uscreens/ root:trusted 1775 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.05.31.1307/permissions.secure new/permissions-2012.06.01.0923/permissions.secure --- old/permissions-2012.05.31.1307/permissions.secure 2012-05-31 13:07:15.0 +0200 +++ new/permissions-2012.06.01.0923/permissions.secure 2012-06-01 09:23:33.0 +0200 @@ -55,8 +55,6 @@ # # Directories # -# no lock files for emacs: -/var/lib/xemacs/lock/ root:trusted 1775 # for screen's session sockets: /var/run/uscreens/ root:root 1777 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-06-01 07:22:48 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "lnus...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-05-25 16:18:08.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-06-01 07:22:50.0 +0200 @@ -1,0 +2,6 @@ +Thu May 31 11:07:25 UTC 2012 - lnus...@suse.de + +- Revert "Use credentials from within the root file system" + breaks use of --root option in brp-05-permissions + +--- Old: permissions-2012.05.15.1646.tar.bz2 New: permissions-2012.05.31.1307.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.nyyk7t/_old 2012-06-01 07:22:51.0 +0200 +++ /var/tmp/diff_new_pack.nyyk7t/_new 2012-06-01 07:22:51.0 +0200 @@ -24,7 +24,7 @@ License:GPL-2.0+ Group: Productivity/Security AutoReqProv:on -Version:2012.05.15.1646 +Version:2012.05.31.1307 Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2012.05.15.1646.tar.bz2 -> permissions-2012.05.31.1307.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.05.15.1646/chkstat.c new/permissions-2012.05.31.1307/chkstat.c --- old/permissions-2012.05.15.1646/chkstat.c 2012-05-15 16:46:07.0 +0200 +++ new/permissions-2012.05.31.1307/chkstat.c 2012-05-31 13:07:15.0 +0200 @@ -59,128 +59,6 @@ int npermfiles = 0; char* force_level; -static struct passwd* -_getpwuid(uid_t uid) -{ - char fn[PATH_MAX]; - struct passwd *pwd = 0; - FILE *fp = 0; - - if (!rootl) -return getpwuid(uid); - - // read the passwd from the root instead - strcpy(fn, root); - strcpy(fn+rootl, "/etc/passwd"); - - printf("trying %s\n", fn); - - fp = fopen(fn, "r"); - if (!fp) -goto out; - - while ((pwd = fgetpwent(fp))) -{ - if (pwd->pw_uid == uid) -goto out; -} - -out: - if (fp) -fclose(fp); - return pwd; -} - -static struct passwd* -_getpwnam(const char *name) -{ - char fn[PATH_MAX]; - struct passwd *pwd = 0; - FILE *fp = 0; - - if (!rootl) -return getpwnam(name); - - // read the passwd from the root instead - strcpy(fn, root); - strcpy(fn+rootl, "/etc/passwd"); - - fp = fopen(fn, "r"); - if (!fp) -goto out; - - while ((pwd = fgetpwent(fp))) -{ - if (strcmp(pwd->pw_name, name) == 0) -goto out; -} - -out: - if (fp) -fclose(fp); - return pwd; -} - -static struct group* -_getgrgid(gid_t gid) -{ - char fn[PATH_MAX]; - struct group *grp = 0; - FILE *fp = 0; - - if (!rootl) -return getgrgid(gid); - - // read the group from the root instead - strcpy(fn, root); - strcpy(fn+rootl, "/etc/passwd"); - - fp = fopen(fn, "r"); - if (!fp) -goto out; - - while ((grp = fgetgrent(fp))) -{ - if (grp->gr_gid == gid) -goto out; -} - -out: - if (fp) -fclose(fp); - return grp; -} - -static struct group* -_getgrnam(const char *name) -{ - char fn[PATH_MAX]; - struct group *grp = 0; - FILE *fp = 0; - - if (!rootl) -return getgrnam(name); - - // read the group from the root instead - strcpy(fn, root); - strcpy(fn+rootl, "/etc/passwd"); - - fp = fopen(fn, "r"); - if (!fp) -goto out; - - while ((grp = fgetgrent(fp))) -{ - if (strcmp(grp->gr_name, name) == 0) -goto out; -} - -out: - if (fp) -fclose(fp); - return grp; -} - struct perm* add_permlist(char *file, char *owner, char *group, mode_t mode) { @@ -1002,8 +880,8 @@ if (!e->mode && !strcmp(e->owner, "unknown")) { char uids[16], gids[16]; - pwd = _getpwuid(stb.st_uid); - grp = _getgrgid(stb.st_gid); + pwd = getpwuid(stb.st_uid); + grp = getgrgid(stb.st_gid); if (!pwd) sprintf(uids, "%d", stb.st_uid); if (!grp) @@ -1017,12 +895,12 @@ grp = 0; continue; } - if ((!pwd || strcmp(pwd->pw_name, e->owner)) && (pwd = _getpwnam(e->owner)) == 0) + if ((!pwd || strcmp(pwd->pw_name, e->owner)) && (pwd = getpwnam(e->owner)) == 0) { fprintf(stderr, "%s: unknown user %s\n", e->file+rootl, e->owner); continue; } - if ((!grp || strcmp(grp->gr_name, e->group)) && (grp = _getgrnam(e->group)) == 0) + if ((!grp || strcmp(grp->gr_name, e->group)) && (grp = getgrnam
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-05-25 16:18:06 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "lnus...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-02-08 15:41:13.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-05-25 16:18:08.0 +0200 @@ -1,0 +2,6 @@ +Tue May 15 14:46:22 UTC 2012 - lnus...@suse.de + +- print warning when requested to check not listed files +- Use credentials from within the root file system + +--- Old: permissions-2012.02.08.0914.tar.bz2 New: permissions-2012.05.15.1646.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.zSDFuc/_old 2012-05-25 16:18:10.0 +0200 +++ /var/tmp/diff_new_pack.zSDFuc/_new 2012-05-25 16:18:10.0 +0200 @@ -24,7 +24,7 @@ License:GPL-2.0+ Group: Productivity/Security AutoReqProv:on -Version:2012.02.08.0914 +Version:2012.05.15.1646 Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2012.02.08.0914.tar.bz2 -> permissions-2012.05.15.1646.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.02.08.0914/chkstat.c new/permissions-2012.05.15.1646/chkstat.c --- old/permissions-2012.02.08.0914/chkstat.c 2012-02-08 09:14:56.0 +0100 +++ new/permissions-2012.05.15.1646/chkstat.c 2012-05-15 16:46:07.0 +0200 @@ -59,6 +59,128 @@ int npermfiles = 0; char* force_level; +static struct passwd* +_getpwuid(uid_t uid) +{ + char fn[PATH_MAX]; + struct passwd *pwd = 0; + FILE *fp = 0; + + if (!rootl) +return getpwuid(uid); + + // read the passwd from the root instead + strcpy(fn, root); + strcpy(fn+rootl, "/etc/passwd"); + + printf("trying %s\n", fn); + + fp = fopen(fn, "r"); + if (!fp) +goto out; + + while ((pwd = fgetpwent(fp))) +{ + if (pwd->pw_uid == uid) +goto out; +} + +out: + if (fp) +fclose(fp); + return pwd; +} + +static struct passwd* +_getpwnam(const char *name) +{ + char fn[PATH_MAX]; + struct passwd *pwd = 0; + FILE *fp = 0; + + if (!rootl) +return getpwnam(name); + + // read the passwd from the root instead + strcpy(fn, root); + strcpy(fn+rootl, "/etc/passwd"); + + fp = fopen(fn, "r"); + if (!fp) +goto out; + + while ((pwd = fgetpwent(fp))) +{ + if (strcmp(pwd->pw_name, name) == 0) +goto out; +} + +out: + if (fp) +fclose(fp); + return pwd; +} + +static struct group* +_getgrgid(gid_t gid) +{ + char fn[PATH_MAX]; + struct group *grp = 0; + FILE *fp = 0; + + if (!rootl) +return getgrgid(gid); + + // read the group from the root instead + strcpy(fn, root); + strcpy(fn+rootl, "/etc/passwd"); + + fp = fopen(fn, "r"); + if (!fp) +goto out; + + while ((grp = fgetgrent(fp))) +{ + if (grp->gr_gid == gid) +goto out; +} + +out: + if (fp) +fclose(fp); + return grp; +} + +static struct group* +_getgrnam(const char *name) +{ + char fn[PATH_MAX]; + struct group *grp = 0; + FILE *fp = 0; + + if (!rootl) +return getgrnam(name); + + // read the group from the root instead + strcpy(fn, root); + strcpy(fn+rootl, "/etc/passwd"); + + fp = fopen(fn, "r"); + if (!fp) +goto out; + + while ((grp = fgetgrent(fp))) +{ + if (strcmp(grp->gr_name, name) == 0) +goto out; +} + +out: + if (fp) +fclose(fp); + return grp; +} + struct perm* add_permlist(char *file, char *owner, char *group, mode_t mode) { @@ -770,6 +892,10 @@ if (do_set == -1) do_set = 0; + // add fake list entries for all files to check + for (i = 0; i < nchecklist; i++) +add_permlist(checklist[i], "unknown", "unknown", 0); + for (i = 0; i < npermfiles; i++) { if ((fp = fopen(permfiles[i], "r")) == 0) @@ -867,18 +993,36 @@ euid = geteuid(); for (e = permlist; e; e = e->next) { - if (use_checklist && !in_checklist(e->file)) + if (use_checklist && !in_checklist(e->file+rootl)) continue; if (lstat(e->file, &stb)) continue; if (S_ISLNK(stb.st_mode)) continue; - if ((!pwd || strcmp(pwd->pw_name, e->owner)) && (pwd = getpwnam(e->owner)) == 0) + if (!e->mode && !strcmp(e->owner, "unknown")) + { + char uids[16], gids[16]; + pwd = _getpwuid(stb.st_uid); + grp = _getgrgid(stb.st_gid); +
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-02-08 15:41:09 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "lnus...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2011-11-07 14:28:56.0 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-02-08 15:41:13.0 +0100 @@ -1,0 +2,11 @@ +Wed Feb 8 08:15:50 UTC 2012 - lnus...@suse.de + +- add duplicate entries for / and /usr (bnc#745622) + +--- +Tue Feb 7 12:09:17 UTC 2012 - lnus...@suse.de + +- add scripts for automatic package sumission +- drop zypp-refresh-wrapper (bnc#738677) + +--- Old: 0001-disable-run-time-fscaps-detection-bnc-728312.diff permissions-2011.09.23.1037.tar.bz2 New: permissions-2012.02.08.0914.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.CeBfIs/_old 2012-02-08 15:41:16.0 +0100 +++ /var/tmp/diff_new_pack.CeBfIs/_new 2012-02-08 15:41:16.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package permissions # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,13 +24,12 @@ License:GPL-2.0+ Group: Productivity/Security AutoReqProv:on -Version:2011.09.23.1037 +Version:2012.02.08.0914 Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq Summary:SUSE Linux Default Permissions Source: permissions-%{version}.tar.bz2 -Patch0: 0001-disable-run-time-fscaps-detection-bnc-728312.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build Url:http://gitorious.org/opensuse/permissions @@ -49,7 +48,6 @@ %prep %setup -q -%patch0 -p1 %build make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0 ++ permissions-2011.09.23.1037.tar.bz2 -> permissions-2012.02.08.0914.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.09.23.1037/Makefile new/permissions-2012.02.08.0914/Makefile --- old/permissions-2011.09.23.1037/Makefile2011-09-23 10:37:01.0 +0200 +++ new/permissions-2012.02.08.0914/Makefile2012-02-08 09:14:56.0 +0100 @@ -32,4 +32,7 @@ clean: /bin/rm chkstat -.PHONY: all clean +package: + @obs/mkpackage + +.PHONY: all clean package diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.09.23.1037/chkstat.8 new/permissions-2012.02.08.0914/chkstat.8 --- old/permissions-2011.09.23.1037/chkstat.8 2011-09-23 10:37:01.0 +0200 +++ new/permissions-2012.02.08.0914/chkstat.8 2012-02-08 09:14:56.0 +0100 @@ -52,8 +52,9 @@ Omit printing the output header lines. .TP .IR \-\-fscaps,\ \-\-no\-fscaps -Force or disable use of fscaps. Default is to automatically -determine whether the running kernel supports fscaps. +Enable or disable use of fscaps. In system mode the setting of +PERMISSIONS_FSCAPS determines whether fscaps are on or off when this +option is not set. .TP .IR \-\-examine\ file Check permissions for this file instead of all files listed in the permissions files. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.09.23.1037/chkstat.c new/permissions-2012.02.08.0914/chkstat.c --- old/permissions-2011.09.23.1037/chkstat.c 2011-09-23 10:37:01.0 +0200 +++ new/permissions-2012.02.08.0914/chkstat.c 2012-02-08 09:14:56.0 +0100 @@ -54,6 +54,7 @@ char** level; int do_set = -1; int default_set = 1; +int have_fscaps = -1; char** permfiles = NULL; int npermfiles = 0; char* force_level; @@ -281,6 +282,24 @@ //fprintf(stderr, "invalid value for CHECK_PERMISSIONS (must be 'set', 'warn' or 'no')\n"); } } + else if (have_fscaps == -1 && !strncmp(p, "PERMISSIONS_FSCAPS=", 19)) + { + p+=19; + if (isquote(*p)) + ++p; + if (!strncmp(p, "yes", 3)) + { + p+=3; + if (isquote(*p) || !*p) + have_fscaps=1; + } + else if (!strncmp(p, "no", 2)) + { + p+=2;
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2011-12-06 18:50:13 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "lnus...@suse.com" Changes: Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.kVEDBP/_old 2011-12-06 19:23:39.0 +0100 +++ /var/tmp/diff_new_pack.kVEDBP/_new 2011-12-06 19:23:39.0 +0100 @@ -21,7 +21,7 @@ BuildRequires: libcap-devel Name: permissions -License:GPLv2+ +License:GPL-2.0+ Group: Productivity/Security AutoReqProv:on Version:2011.09.23.1037 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2011-11-07 14:28:51 Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) Package is "permissions", Maintainer is "lnus...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2011-09-26 10:10:13.0 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2011-11-07 14:28:56.0 +0100 @@ -1,0 +2,5 @@ +Mon Nov 7 09:39:43 UTC 2011 - lnus...@suse.de + +- disable run time fscaps detection (bnc#728312) + +--- New: 0001-disable-run-time-fscaps-detection-bnc-728312.diff Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.yLcL1T/_old 2011-11-07 14:28:57.0 +0100 +++ /var/tmp/diff_new_pack.yLcL1T/_new 2011-11-07 14:28:57.0 +0100 @@ -30,6 +30,7 @@ PreReq: %fillup_prereq Summary:SUSE Linux Default Permissions Source: permissions-%{version}.tar.bz2 +Patch0: 0001-disable-run-time-fscaps-detection-bnc-728312.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build Url:http://gitorious.org/opensuse/permissions @@ -48,6 +49,7 @@ %prep %setup -q +%patch0 -p1 %build make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0 ++ 0001-disable-run-time-fscaps-detection-bnc-728312.diff ++ >From 94311258bfdf3ad86938bd50aaef4a83ca04eae5 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Mon, 7 Nov 2011 10:34:38 +0100 Subject: [PATCH] disable run time fscaps detection (bnc#728312) PERMISSIONS_FSCAPS setting in /etc/sysconfig/security allows to enable them again. --- chkstat.8 |5 +++-- chkstat.c | 40 2 files changed, 31 insertions(+), 14 deletions(-) diff --git a/chkstat.8 b/chkstat.8 index 3492e21..364a237 100644 --- a/chkstat.8 +++ b/chkstat.8 @@ -52,8 +52,9 @@ Opposite of --set, ie warn only but don't make actual changes Omit printing the output header lines. .TP .IR \-\-fscaps,\ \-\-no\-fscaps -Force or disable use of fscaps. Default is to automatically -determine whether the running kernel supports fscaps. +Enable or disable use of fscaps. In system mode the setting of +PERMISSIONS_FSCAPS determines whether fscaps are on or off when this +option is not set. .TP .IR \-\-examine\ file Check permissions for this file instead of all files listed in the permissions files. diff --git a/chkstat.c b/chkstat.c index e5c9b15..8682c3e 100644 --- a/chkstat.c +++ b/chkstat.c @@ -54,6 +54,7 @@ int nlevel; char** level; int do_set = -1; int default_set = 1; +int have_fscaps = -1; char** permfiles = NULL; int npermfiles = 0; char* force_level; @@ -281,6 +282,24 @@ parse_sysconf(const char* file) //fprintf(stderr, "invalid value for CHECK_PERMISSIONS (must be 'set', 'warn' or 'no')\n"); } } + else if (have_fscaps == -1 && !strncmp(p, "PERMISSIONS_FSCAPS=", 19)) + { + p+=19; + if (isquote(*p)) + ++p; + if (!strncmp(p, "yes", 3)) + { + p+=3; + if (isquote(*p) || !*p) + have_fscaps=1; + } + else if (!strncmp(p, "no", 2)) + { + p+=2; + if (isquote(*p) || !*p) + have_fscaps=0; + } + } } fclose(fp); return 0; @@ -515,18 +534,18 @@ check_fscaps_enabled() { FILE* fp; char line[128]; - int have_fscaps = FSCAPS_DEFAULT_ENABLED; + int val = FSCAPS_DEFAULT_ENABLED; if ((fp = fopen("/sys/kernel/fscaps", "r")) == 0) { goto out; } if (readline(fp, line, sizeof(line))) { - have_fscaps = atoi(line); + val = atoi(line); } fclose(fp); out: - return have_fscaps; + return val; } int @@ -552,7 +571,6 @@ main(int argc, char **argv) int fd, r; int errors = 0; cap_t caps = NULL; - int have_fscaps = -1; while (argc > 1) { @@ -692,9 +710,6 @@ main(int argc, char **argv) break; } - if (have_fscaps == -1) - have_fscaps = check_fscaps_enabled(); - if (systemmode) { const char file[] = "/etc/sysconfig/security"; @@ -747,6 +762,11 @@ main(int argc, char **argv) permfiles = &argv[1]; } + if (have_fscaps == 1 && !check_fscaps_enabled()) +{ + fprintf(stderr, "Warning: running kernel does not support fscaps\n"); +} + if (do_set == -1) do_set = 0; @@ -802,7 +822,7 @@ main(int argc, char **argv) } if (!strncmp(p, "+capabilities ", 14))
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at Mon Sep 26 10:10:29 CEST 2011. --- permissions/permissions.changes 2011-09-21 10:01:31.0 +0200 +++ /mounts/work_src_done/STABLE/permissions/permissions.changes 2011-09-23 10:58:33.0 +0200 @@ -1,0 +2,6 @@ +Fri Sep 23 08:37:21 UTC 2011 - lnus...@suse.de + +- set permission by default in SuSEconfig mode as permissions are + only set when called explicitly anyways (bnc#720010). + +--- calling whatdependson for head-i586 Old: permissions-2011.09.21.1000.tar.bz2 New: permissions-2011.09.23.1037.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.hzIYfq/_old 2011-09-26 10:10:12.0 +0200 +++ /var/tmp/diff_new_pack.hzIYfq/_new 2011-09-26 10:10:12.0 +0200 @@ -24,7 +24,7 @@ License:GPLv2+ Group: Productivity/Security AutoReqProv:on -Version:2011.09.21.1000 +Version:2011.09.23.1037 Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2011.09.21.1000.tar.bz2 -> permissions-2011.09.23.1037.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.09.21.1000/checkpermissionfiles.pl new/permissions-2011.09.23.1037/checkpermissionfiles.pl --- old/permissions-2011.09.21.1000/checkpermissionfiles.pl 2011-09-21 10:00:05.0 +0200 +++ new/permissions-2011.09.23.1037/checkpermissionfiles.pl 2011-09-23 10:37:01.0 +0200 @@ -19,7 +19,7 @@ my %perms; my($nodups, $checkmissing, $defonly, $showsuid, $showsgid, $showww, $showgw, -$show, @levels, $showsame, $dump, @permfiles, $help, $checkdirs); +$show, @levels, $showsame, $dump, @permfiles, $help, $checkdirs, $root); Getopt::Long::Configure("no_ignore_case"); GetOptions ( @@ -35,6 +35,7 @@ "level=s" => \@levels, "dump"=> \$dump, "checkdirs=s" => \$checkdirs, +"root=s" => \$root, "help"=> \$help, ); @@ -57,6 +58,7 @@ --dump dump files as perl hash --levelrestrict checks to this coma separated list of levels --checkdirs DIR check for group writeable directories below DIR + --root DIR check for entries that don't exist in DIR EOF exit 0; } @@ -192,6 +194,11 @@ print STDERR "$file:\n$msg\n"; } } + +if ($root && ! -e $root.$file) +{ + print STDERR "MISSING: $file\n"; +} } close FORMATTED; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.09.21.1000/chkstat.c new/permissions-2011.09.23.1037/chkstat.c --- old/permissions-2011.09.21.1000/chkstat.c 2011-09-21 10:00:05.0 +0200 +++ new/permissions-2011.09.23.1037/chkstat.c 2011-09-23 10:37:01.0 +0200 @@ -53,7 +53,7 @@ int nlevel; char** level; int do_set = -1; -int default_set = 0; +int default_set = 1; char** permfiles = NULL; int npermfiles = 0; char* force_level; Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at Wed Sep 21 17:17:17 CEST 2011. --- permissions/permissions.changes 2011-06-28 14:53:50.0 +0200 +++ /mounts/work_src_done/STABLE/permissions/permissions.changes 2011-09-21 10:01:31.0 +0200 @@ -1,0 +2,18 @@ +Wed Sep 21 08:00:28 UTC 2011 - lnus...@suse.de + +- fix typo in path + +--- +Tue Sep 20 14:47:30 UTC 2011 - lnus...@suse.de + +- remove world writable /var/crash again (bnc#438041) +- remove world writable permissions from /usr/src/packages (bnc#719217) + +--- +Tue Sep 20 13:38:48 UTC 2011 - lnus...@suse.de + +- add chromium browser sandbox helper (bnc#718016) +- don't offer PERMISSION_SECURITY in config anymore +- remove setgid games bits (bnc#429882) + +--- calling whatdependson for head-i586 Old: permissions-2011.06.28.1452.tar.bz2 New: permissions-2011.09.21.1000.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.gu3k8q/_old 2011-09-21 17:17:12.0 +0200 +++ /var/tmp/diff_new_pack.gu3k8q/_new 2011-09-21 17:17:12.0 +0200 @@ -24,7 +24,7 @@ License:GPLv2+ Group: Productivity/Security AutoReqProv:on -Version:2011.06.28.1452 +Version:2011.09.21.1000 Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2011.06.28.1452.tar.bz2 -> permissions-2011.09.21.1000.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.06.28.1452/permissions new/permissions-2011.09.21.1000/permissions --- old/permissions-2011.06.28.1452/permissions 2011-06-28 14:52:01.0 +0200 +++ new/permissions-2011.09.21.1000/permissions 2011-09-21 10:00:05.0 +0200 @@ -167,12 +167,53 @@ /lib/udev/devices/zero root:root 0666 # -# directory for system crash dumps (#438041) -# -/var/crash/ root:root 1777 - -# # named chroot (#438045) # /var/lib/named/dev/null root:root 0666 /var/lib/named/dev/random root:root 0666 + +# we no longer make rpm build dirs 1777 +/usr/src/packages/SOURCES/ root:root 0755 +/usr/src/packages/BUILD/root:root 0755 +/usr/src/packages/BUILDROOT/root:root 0755 +/usr/src/packages/RPMS/ root:root 0755 +/usr/src/packages/RPMS/alphaev56/ root:root 0755 +/usr/src/packages/RPMS/alphaev67/ root:root 0755 +/usr/src/packages/RPMS/alphaev6/root:root 0755 +/usr/src/packages/RPMS/alpha/ root:root 0755 +/usr/src/packages/RPMS/amd64/ root:root 0755 +/usr/src/packages/RPMS/arm4l/ root:root 0755 +/usr/src/packages/RPMS/armv4l/ root:root 0755 +/usr/src/packages/RPMS/armv5tejl/ root:root 0755 +/usr/src/packages/RPMS/armv5tejvl/ root:root 0755 +/usr/src/packages/RPMS/armv5tel/root:root 0755 +/usr/src/packages/RPMS/armv5tevl/ root:root 0755 +/usr/src/packages/RPMS/armv6l/ root:root 0755 +/usr/src/packages/RPMS/armv6vl/ root:root 0755 +/usr/src/packages/RPMS/armv7l/ root:root 0755 +/usr/src/packages/RPMS/athlon/ root:root 0755 +/usr/src/packages/RPMS/geode/ root:root 0755 +/usr/src/packages/RPMS/hppa2.0/ root:root 0755 +/usr/src/packages/RPMS/hppa/root:root 0755 +/usr/src/packages/RPMS/i386/root:root 0755 +/usr/src/packages/RPMS/i486/root:root 0755 +/usr/src/packages/RPMS/i586/root:root 0755 +/usr/src/packages/RPMS/i686/root:root 0755 +/usr/src/packages/RPMS/ia32e/ root:root 0755 +/usr/src/packages/RPMS/ia64/root:root 0755 +/usr/src/packages/RPMS/mips/root:root 0755 +/usr/src/packages/RPMS/noarch/ root:
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at Tue Jun 28 16:02:27 CEST 2011. --- permissions/permissions.changes 2011-06-17 12:56:52.0 +0200 +++ /mounts/work_src_done/STABLE/permissions/permissions.changes 2011-06-28 14:53:50.0 +0200 @@ -1,0 +2,5 @@ +Tue Jun 28 12:53:22 UTC 2011 - lnus...@suse.de + +- remove setuid bit from opiesu (bnc#698772) + +--- calling whatdependson for head-i586 Old: _service:format_spec_file:permissions.spec permissions-2011.05.26.1717.tar.bz2 New: permissions-2011.06.28.1452.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.wEn7t8/_old 2011-06-28 16:01:44.0 +0200 +++ /var/tmp/diff_new_pack.wEn7t8/_new 2011-06-28 16:01:44.0 +0200 @@ -24,8 +24,8 @@ License:GPLv2+ Group: Productivity/Security AutoReqProv:on -Version:2011.05.26.1717 -Release:2 +Version:2011.06.28.1452 +Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq Summary:SUSE Linux Default Permissions ++ permissions-2011.05.26.1717.tar.bz2 -> permissions-2011.06.28.1452.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.05.26.1717/permissions.easy new/permissions-2011.06.28.1452/permissions.easy --- old/permissions-2011.05.26.1717/permissions.easy2011-05-26 17:17:58.0 +0200 +++ new/permissions-2011.06.28.1452/permissions.easy2011-06-28 14:52:01.0 +0200 @@ -48,14 +48,11 @@ /usr/bin/chage root:shadow 4755 /usr/bin/chsh root:shadow 4755 /usr/bin/expiry root:shadow 4755 -# the default configuration of the sudo package in SuSE distribution is to -# intimidate users. /usr/bin/sudo root:root 4755 /usr/sbin/su-wrapperroot:root 4755 # opie password system # #66303 /usr/bin/opiepasswd root:root 4755 -/usr/bin/opiesu root:root 4755 # "user" entries in /etc/fstab make mount work for non-root users: /usr/bin/ncpmount root:trusted 4750 /usr/bin/ncpumount root:trusted 4750 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.05.26.1717/permissions.paranoid new/permissions-2011.06.28.1452/permissions.paranoid --- old/permissions-2011.05.26.1717/permissions.paranoid2011-05-26 17:17:58.0 +0200 +++ new/permissions-2011.06.28.1452/permissions.paranoid2011-06-28 14:52:01.0 +0200 @@ -63,14 +63,11 @@ /usr/bin/chage root:shadow 0755 /usr/bin/chsh root:shadow 0755 /usr/bin/expiry root:shadow 0755 -# the default configuration of the sudo package in SuSE distribution is to -# intimidate users. /usr/bin/sudo root:root 0755 /usr/sbin/su-wrapperroot:root 0755 # opie password system # #66303 /usr/bin/opiepasswd root:root 0755 -/usr/bin/opiesu root:root 0755 # "user" entries in /etc/fstab make mount work for non-root users: /usr/bin/ncpmount root:trusted 0755 /usr/bin/ncpumount root:trusted 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.05.26.1717/permissions.secure new/permissions-2011.06.28.1452/permissions.secure --- old/permissions-2011.05.26.1717/permissions.secure 2011-05-26 17:17:58.0 +0200 +++ new/permissions-2011.06.28.1452/permissions.secure 2011-06-28 14:52:01.0 +0200 @@ -86,14 +86,11 @@ /usr/bin/chage root:shadow 4755 /usr/bin/chsh root:shadow 4755 /usr/bin/expiry root:shadow 4755 -# the default configuration of the sudo package in SuSE distribution is to -# intimidate users. /usr/bin/sudo root:root 4755 /usr/sbin/su-wrapperroot:root 0755 # opie password system # #66303
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at Mon Jun 20 11:13:19 CEST 2011. --- permissions/permissions.changes 2011-05-26 17:24:27.0 +0200 +++ /mounts/work_src_done/STABLE/permissions/permissions.changes 2011-06-17 12:56:52.0 +0200 @@ -1,0 +2,6 @@ +Fri Jun 17 09:46:29 UTC 2011 - lnus...@suse.de + +- disable fscaps by default as factory kernel still doesn't have the + required patch for auto detection + +--- calling whatdependson for head-i586 New: _service:format_spec_file:permissions.spec Other differences: -- ++ _service:format_spec_file:permissions.spec ++ # # spec file for package permissions # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild # icecream 0 BuildRequires: libcap-devel Name: permissions License:GPLv2+ Group: Productivity/Security AutoReqProv:on Version:2011.05.26.1717 Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq Summary:SUSE Linux Default Permissions Source: permissions-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build Url:http://gitorious.org/opensuse/permissions %description Permission settings of files and directories depending on the local security settings. The local security setting (easy, secure, or paranoid) can be configured in /etc/sysconfig/security. Authors: Werner Fink Roman Drahtmüller Michael Schröder Ludwig Nussel %prep %setup -q %build make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0 %install make DESTDIR="$RPM_BUILD_ROOT" install %post %{fillup_only -n security} %files %defattr(-,root,root,-) %config /etc/permissions %config /etc/permissions.easy %config /etc/permissions.secure %config /etc/permissions.paranoid %config(noreplace) /etc/permissions.local %{_bindir}/chkstat %{_mandir}/man5/permissions.5* %{_mandir}/man8/chkstat.8* /sbin/conf.d/SuSEconfig.permissions /var/adm/fillup-templates/sysconfig.security %changelog ++ permissions.spec ++ --- /var/tmp/diff_new_pack.W9X553/_old 2011-06-20 11:12:49.0 +0200 +++ /var/tmp/diff_new_pack.W9X553/_new 2011-06-20 11:12:49.0 +0200 @@ -25,7 +25,7 @@ Group: Productivity/Security AutoReqProv:on Version:2011.05.26.1717 -Release:1 +Release:2 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq Summary:SUSE Linux Default Permissions @@ -50,7 +50,7 @@ %setup -q %build -make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" +make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0 %install make DESTDIR="$RPM_BUILD_ROOT" install Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at Fri May 27 11:16:12 CEST 2011. --- permissions/permissions.changes 2011-05-12 13:48:45.0 +0200 +++ /mounts/work_src_done/STABLE/permissions/permissions.changes 2011-05-26 17:24:27.0 +0200 @@ -1,0 +2,5 @@ +Thu May 26 15:23:49 UTC 2011 - lnus...@suse.de + +- read /sys/kernel/fscaps for fscaps settings + +--- calling whatdependson for head-i586 Old: permissions-2011.05.12.1347.tar.bz2 New: permissions-2011.05.26.1717.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.HxJLto/_old 2011-05-27 11:14:52.0 +0200 +++ /var/tmp/diff_new_pack.HxJLto/_new 2011-05-27 11:14:52.0 +0200 @@ -24,7 +24,7 @@ License:GPLv2+ Group: Productivity/Security AutoReqProv:on -Version:2011.05.12.1347 +Version:2011.05.26.1717 Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2011.05.12.1347.tar.bz2 -> permissions-2011.05.26.1717.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.05.12.1347/chkstat.c new/permissions-2011.05.26.1717/chkstat.c --- old/permissions-2011.05.12.1347/chkstat.c 2011-05-12 13:47:52.0 +0200 +++ new/permissions-2011.05.26.1717/chkstat.c 2011-05-26 17:17:58.0 +0200 @@ -509,31 +509,20 @@ } } -/* that's really ugly. There should be sysctl or something */ +/* check /sys/kernel/fscaps, 2.6.39 */ static int -check_fscaps_cmdline() +check_fscaps_enabled() { FILE* fp; - char line[4096]; + char line[128]; int have_fscaps = FSCAPS_DEFAULT_ENABLED; - if ((fp = fopen("/proc/cmdline", "r")) == 0) + if ((fp = fopen("/sys/kernel/fscaps", "r")) == 0) { goto out; } if (readline(fp, line, sizeof(line))) { - char* p; - if ((p = strstr(line, "file_caps"))) - { - if (p - line == 3 && !strncmp("no_", p, 3)) - { - have_fscaps = 0; - } - else - { - have_fscaps = 1; - } - } + have_fscaps = atoi(line); } fclose(fp); out: @@ -704,7 +693,7 @@ } if (have_fscaps == -1) - have_fscaps = check_fscaps_cmdline(); + have_fscaps = check_fscaps_enabled(); if (systemmode) { @@ -913,7 +902,7 @@ printf("\t%s\n", permfiles[i]); if (!have_fscaps) { - printf("fscaps support disabled (file_caps missing in /proc/cmdline).\n"); + printf("kernel has fscaps support disabled.\n"); } if (rootl) { Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at Mon May 16 15:17:23 CEST 2011. --- permissions/permissions.changes 2011-03-07 16:24:01.0 +0100 +++ /mounts/work_src_done/STABLE/permissions/permissions.changes 2011-05-12 13:48:45.0 +0200 @@ -1,0 +2,5 @@ +Thu May 12 11:48:36 UTC 2011 - lnus...@suse.de + +- change path to gnome-pty-helper (bnc#690202) + +--- calling whatdependson for head-i586 Old: permissions-2011.03.07.1608.tar.bz2 New: permissions-2011.05.12.1347.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.nexhr7/_old 2011-05-16 15:13:51.0 +0200 +++ /var/tmp/diff_new_pack.nexhr7/_new 2011-05-16 15:13:51.0 +0200 @@ -24,7 +24,7 @@ License:GPLv2+ Group: Productivity/Security AutoReqProv:on -Version:2011.03.07.1608 +Version:2011.05.12.1347 Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2011.03.07.1608.tar.bz2 -> permissions-2011.05.12.1347.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.03.07.1608/Makefile new/permissions-2011.05.12.1347/Makefile --- old/permissions-2011.03.07.1608/Makefile2011-03-07 16:08:04.0 +0100 +++ new/permissions-2011.05.12.1347/Makefile2011-05-12 13:47:52.0 +0200 @@ -12,6 +12,9 @@ man8dir=$(mandir)/man8 man5dir=$(mandir)/man5 +FSCAPS_DEFAULT_ENABLED = 1 +CPPFLAGS += -DFSCAPS_DEFAULT_ENABLED=$(FSCAPS_DEFAULT_ENABLED) + all: chkstat install: all diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.03.07.1608/chkstat.c new/permissions-2011.05.12.1347/chkstat.c --- old/permissions-2011.03.07.1608/chkstat.c 2011-03-07 16:08:04.0 +0100 +++ new/permissions-2011.05.12.1347/chkstat.c 2011-05-12 13:47:52.0 +0200 @@ -515,23 +515,29 @@ { FILE* fp; char line[4096]; + int have_fscaps = FSCAPS_DEFAULT_ENABLED; if ((fp = fopen("/proc/cmdline", "r")) == 0) { - return 0; + goto out; } if (readline(fp, line, sizeof(line))) { char* p; if ((p = strstr(line, "file_caps"))) { - if (p - line < 3 || strncmp("no_", p, 3)) + if (p - line == 3 && !strncmp("no_", p, 3)) { - return 1; + have_fscaps = 0; + } + else + { + have_fscaps = 1; } } } fclose(fp); - return 0; +out: + return have_fscaps; } int diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.03.07.1608/permissions new/permissions-2011.05.12.1347/permissions --- old/permissions-2011.03.07.1608/permissions 2011-03-07 16:08:04.0 +0100 +++ new/permissions-2011.05.12.1347/permissions 2011-05-12 13:47:52.0 +0200 @@ -1,6 +1,7 @@ # /etc/permissions # -# Copyright (c) 2001 SuSE GmbH Nuernberg, Germany. All rights reserved. +# Copyright (c) 2001 SuSE GmbH Nuernberg, Germany. +# Copyright (c) 2011 SUSE Linux Products GmbH Nuernberg, Germany. # # Author: Roman Drahtmueller , 2001 # @@ -20,35 +21,18 @@ # : # # How it works: -# Change the entries as you like, then call -# 'chkstat -set /etc/permissions' or /etc/permissions.{easy,secure,paranoid} -# respectively, or call 'SuSEconfig' as yast do after they think -# that files have been modified in the system. -# -# SuSEconfig will use the files /etc/permissions and the ones ending -# in what the variable PERMISSION_SECURITY from -# /etc/sysconfig/security contains. By default, these are the files -# /etc/permissions, /etc/permissions.easy and /etc/permissions.local -# for local changes by the admin. In addition, the directory +# To change an entry copy the line to permissions.local, modify it +# to suit your needs and call "chkstat --system" +# +# chkstat uses the variable PERMISSION_SECURITY from +# /etc/sysconfig/security to determine which security level to +# apply. +# In addition to the central files listed above the directory # /etc/permissions.d/ can contain permission files that belong to # the packages they modify file modes for. These permission files # are to switch between conflicting file modes of the same file # paths in different packages (popular example: sendmail and # postfix, path /usr/sbin/sendmail). -# -# SuSEconfig's usage of the chkstat program can be turned off completely -# by setting CHECK_PERMISSIONS to "warn" in /etc/sysconfig/security. -# -# /etc/permissions is kept to the bare minimum. File modes that differ -# from the settings in this file should be considered broken. -# -# Please see the
commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at Tue Mar 8 14:34:32 CET 2011. --- permissions/permissions.changes 2011-02-14 09:10:01.0 +0100 +++ /mounts/work_src_done/STABLE/permissions/permissions.changes 2011-03-07 16:24:01.0 +0100 @@ -1,0 +2,5 @@ +Mon Mar 7 15:08:33 UTC 2011 - lnus...@suse.de + + - setuid bit on VBoxNetDHCP (bnc#669055) + +--- calling whatdependson for head-i586 Old: permissions-2011.02.14.0908.tar.bz2 New: permissions-2011.03.07.1608.tar.bz2 Other differences: -- ++ permissions.spec ++ --- /var/tmp/diff_new_pack.5LGqXE/_old 2011-03-08 14:33:57.0 +0100 +++ /var/tmp/diff_new_pack.5LGqXE/_new 2011-03-08 14:33:57.0 +0100 @@ -24,7 +24,7 @@ License:GPLv2+ Group: Productivity/Security AutoReqProv:on -Version:2011.02.14.0908 +Version:2011.03.07.1608 Release:1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++ permissions-2011.02.14.0908.tar.bz2 -> permissions-2011.03.07.1608.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.02.14.0908/permissions.easy new/permissions-2011.03.07.1608/permissions.easy --- old/permissions-2011.02.14.0908/permissions.easy2011-02-14 09:08:58.0 +0100 +++ new/permissions-2011.03.07.1608/permissions.easy2011-03-07 16:08:04.0 +0100 @@ -411,6 +411,8 @@ /usr/lib/virtualbox/VBoxSDL root:vboxusers4750 # (bnc#533550) /usr/lib/virtualbox/VBoxNetAdpCtl root:vboxusers4750 +# bnc#669055 +/usr/lib/virtualbox/VBoxNetDHCP root:vboxusers4750 # open-vm-tools (bnc#474285) /usr/bin/vmware-user-suid-wrapper root:root 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.02.14.0908/permissions.paranoid new/permissions-2011.03.07.1608/permissions.paranoid --- old/permissions-2011.02.14.0908/permissions.paranoid2011-02-14 09:08:58.0 +0100 +++ new/permissions-2011.03.07.1608/permissions.paranoid2011-03-07 16:08:04.0 +0100 @@ -423,6 +423,8 @@ /usr/lib/virtualbox/VBoxSDL root:vboxusers0755 # (bnc#533550) /usr/lib/virtualbox/VBoxNetAdpCtl root:vboxusers0755 +# bnc#669055 +/usr/lib/virtualbox/VBoxNetDHCP root:vboxusers0755 # open-vm-tools (bnc#474285) /usr/bin/vmware-user-suid-wrapper root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.02.14.0908/permissions.secure new/permissions-2011.03.07.1608/permissions.secure --- old/permissions-2011.02.14.0908/permissions.secure 2011-02-14 09:08:58.0 +0100 +++ new/permissions-2011.03.07.1608/permissions.secure 2011-03-07 16:08:04.0 +0100 @@ -450,6 +450,8 @@ /usr/lib/virtualbox/VBoxSDL root:vboxusers0755 # (bnc#533550) /usr/lib/virtualbox/VBoxNetAdpCtl root:vboxusers0755 +# bnc#669055 +/usr/lib/virtualbox/VBoxNetDHCP root:vboxusers0755 # open-vm-tools (bnc#474285) /usr/bin/vmware-user-suid-wrapper root:root 0755 Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org