Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

permissions-zypp-plugin-1699_20230602-1.4 RPM for noarch

From OpenSuSE Ports Tumbleweed for noarch

Name: permissions-zypp-plugin Distribution: openSUSE:Factory:zSystems
Version: 1699_20230602 Vendor: openSUSE
Release: 1.4 Build date: Thu Jun 15 18:00:09 2023
Group: Productivity/Security Build host: s390zl21
Size: 4627 Source RPM: permissions-1699_20230602-1.4.src.rpm
Packager: https://bugs.opensuse.org
Url: http://github.com/openSUSE/permissions
Summary: A zypper commit plugin for calling chkstat
This package contains a plugin for zypper that calls `chkstat --system` after
new packages have been installed. This is helpful for maintaining custom
entries in /etc/permissions.local.

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Fri Jun 02 2023 matthias.gerstner@suse.com
  - Update to version 20230602:
    * profiles: remove dropped pppoe-wrapper
* Tue May 16 2023 matthias.gerstner@suse.com
  - Update to version 20230516:
    * common permissions: add icingaweb2 setgid directory (bsc#1211314)
* Mon Apr 24 2023 wolfgang.frisch@suse.com
  - Update to version 20230424:
    * profiles: remove dead opiepasswd entry
      (opie was removed via OBS sr#1065964).
* Fri Feb 17 2023 matthias.gerstner@suse.com
  - Update to version 20230217:
    * shadow: newgidmap,newuidmap: use capabilities (bsc#1208309)
    * profiles: whitelist kismet capabilities (bsc#1200954) (#171)
* Tue Dec 20 2022 matthias.gerstner@suse.com
  - Update to version 20221220:
    * profiles: remove outdated kdesud, apptainer entries
* Wed Sep 21 2022 Dirk Müller <dmueller@suse.com>
  - skip tests on qemu user builds
* Tue Sep 13 2022 matthias.gerstner@suse.com
  - Update to version 20220912:
    * chkstat: also consider group controlled paths (bsc#1203018,
      CVE-2022-31252)
* Mon Aug 08 2022 Dominique Leuenberger <dimstar@opensuse.org>
  - Fix dependency from permissions-zypp-plugin to permissions.
* Sat Jul 30 2022 Stephan Kulow <coolo@suse.com>
  - Avoid different Versions for subpackages to fix build-compare
    seeing the src rpm as equal. It replaces VERSION-RELEASE but
    that will fail if subpackages use a different Version
* Wed Jul 13 2022 matthias.gerstner@suse.com
  - Update to version 20220713:
    * postfix: add postlog setgid for maildrop binary (bsc#1201385)
    * libexec migration: KDE utilities now properly place their helpers
    * pccardctl: installation path has finally changed to /usr/sbin
* Fri Mar 11 2022 matthias.gerstner@suse.com
  - Update to version 20220309:
    * apptainer whitelisting (bsc#1196145)
* Fri Feb 25 2022 matthias.gerstner@suse.com
  - Update to version 20220202:
    * mount.nfs: switch from migration mode to fixed path in /usr/sbin
    * changed gendered pronouns
    * mgetty: faxq-helper now finally reside in /usr/libexec
* Wed Sep 01 2021 matthias.gerstner@suse.com
  - Update to version 20210901:
    * libksysguard5: Updated path for ksgrd_network_helper
    * kdesu: Updated path for kdesud
    * sbin_dirs cleanup: these binaries have already been moved to /usr/sbin
    * mariadb: revert auth_pam_tool to /usr/lib{,64} again
    * cleanup: revert virtualbox back to plain /usr/lib
    * cleanup: remove deprecated /etc/ssh/sshd_config
    * hawk_invoke is not part of newer hawk2 packages anymore
    * cleanup: texlive-filesystem: public now resides in libexec
    * cleanup: authbind: helper now resides in libexec
    * cleanup: polkit: the agent now also resides in libexec
    * libexec cleanup: 'inn' news binaries now reside in libexec
* Tue May 18 2021 matthias.gerstner@suse.com
  - Update to version 20210518:
    * whitelist please (bsc#1183669)
* Tue May 18 2021 matthias.gerstner@suse.com
  - Update to version 20210518:
    * Fix enlightenment paths for 32-bit architectures
* Mon Jan 25 2021 matthias.gerstner@suse.com
  - Update to version 20210125:
    * usbauth: drop compatibility variable for libexec
    * usbauth: Updated path for usbauth-npriv
    * profiles: finish usage of variable for polkit-agent-helper-1
* Fri Dec 04 2020 Ludwig Nussel <lnussel@suse.de>
  - move man page to where the documented files are
* Wed Nov 11 2020 matthias.gerstner@suse.com
  - Update to version 20201111:
    * squid: remove basic_pam_auth which doesn't need special perms (bsc#1171569)
    * mgetty: remove long dead (or never existing) locks directory (bsc#1171882)
    * adjust squid pinger path (bsc#1171569)
    * profiles: remove now superfluous squid pinger paths (bsc#1171569)
    * ksgrd_network_helper: remove obviously wrong path
    * etc/permissions: remove unnecessary, duplicate, outdated entries
    * chkstat: implement support for variables in profile paths in new
      variables.conf
    * man pages: add documentation about variables, update copyrights
    * profiles: use new variables feature to remove redundant entries
    * profiles: prepare /usr/sbin versions of profile entries (bsc#1029961)
    * Makefile: support CXXFLAGS and LDFLAGS override / extension via make/env variables (bsc#1178475)
    * Makefile: compile with LFO support to fix 32-bit emulation on 64-bit hosts (bsc#1178476)
    * README: added information about know limitations of this approach
  - adjusted spec file:
    - package new variables.conf
    - apply %{optflags} correctly via CXXFLAGS variable
    - drop FSCAPS_DEFAULT_ENABLED which isn't recognized anymore by the
      refactored chkstat sources. This is now the default.
* Thu Oct 08 2020 matthias.gerstner@suse.com
  - Update to version 20201008:
    * cleanup now useless /usr/lib entries after move to /usr/libexec (bsc#1171164)
    * drop (f)ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)
* Wed Sep 30 2020 matthias.gerstner@suse.com
  - Update to version 20200930:
    * whitelist Xorg setuid-root wrapper (bsc#1175867)
* Wed Sep 09 2020 matthias.gerstner@suse.com
  - Update to version 20200909:
    * screen: remove /run/uscreens covered by systemd-tmpfiles (bsc#1171879)
* Fri Sep 04 2020 matthias.gerstner@suse.com
  - Update to version 20200904:
    * Add /usr/libexec for cockpit-session as new path
    * physlock: whitelist with tight restrictions (bsc#1175720)
* Wed Aug 26 2020 malte.kraus@suse.com
  - Update to version 20200826:
    * mtr-packet: stop requiring dialout group
    * etc/permissions: fix mtr permission
    * list_permissions: improve output format
    * list_permissions: support globbing in --path argument
    * list_permissions: implement simplifications suggested in PR#92
    * list_permissions: new tool for better path configuration overview
* Tue Aug 11 2020 matthias.gerstner@suse.com
  - Update to version 20200811:
    * regtest: support new getcap output format in libcap-2.42
    * regtest: print individual test case errors to stderr
* Mon Jul 27 2020 matthias.gerstner@suse.com
  - Update to version 20200727:
    * etc/permissions: remove static /var/spool/* dirs
    * etc/permissions: remove outdated entries
    * etc/permissions: remove unnecessary static dirs and devices
    * screen: remove now unused /var/run/uscreens
* Fri Jul 10 2020 matthias.gerstner@suse.com
  - Update to version 20200710:
    * Revert "etc/permissions: remove entries for bind-chrootenv". This
      currently conflicts with the way the CheckSUIDPermissions rpmlint-check is
      implemented.
* Tue Jul 07 2020 Callum Farmer <callumjfarmer13@gmail.com>
  - Removed dbus-libexec.patch: contained in upstream
* Tue Jul 07 2020 matthias.gerstner@suse.com
  - Update to version 20200624:
    * rework permissions.local text (boo#1173221)
    * dbus-1: adjust to new libexec dir location (bsc#1171164)
    * permission profiles: reinstate kdesud for kde5
    * etc/permissions: remove entries for bind-chrootenv
    * etc/permissions: remove traceroute entry
    * VirtualBox: remove outdated entry which is only a symlink any more
    * /bin/su: remove path refering to symlink
    * etc/permissions: remove legacy RPM directory entries
    * /etc/permissions: remove outdated sudo directories
    * singularity: remove outdated setuid-binary entries
    * chromium: remove now unneeded chrome_sandbox entry (bsc#1163588)
    * dbus-1: remove deprecated alternative paths
    * PolicyKit: remove outdated entries last used in SLE-11
    * pcp: remove no longer needed / conflicting entries
    * gnats: remove entries for package removed from Factory
    * kdelibs4: remove entries for package removed from Factory
    * v4l-base: remove entries for package removed from Factory
    * mailman: remove entries for package deleted from Factory
    * gnome-pty-helper: remove dead entry no longer part of the vte package
    * gnokii: remove entries for package no longer in Factory
    * xawtv (v4l-conf): correct group ownership in easy profile
    * systemd-journal: remove unnecessary profile entries
    * thttp: make makeweb entry usable in the secure profile (bsc#1171580)
* Tue Jun 16 2020 malte.kraus@suse.com
  - dbus-1: adjust to new libexec dir location (bsc#1171164). This is
    temporarily done through the patch in dbus-libexec.patch because
    we are not completely certain the stability of current git.
  - run chkstat test suite during RPM build
* Tue May 26 2020 matthias.gerstner@suse.com
  - Update to version 20200526:
    * profiles: add entries for enlightenment (bsc#1171686)
* Wed May 20 2020 matthias.gerstner@suse.com
  - Update to version 20200520:
    * permissions fixed profile: utempter: reinstate libexec compatibility entry
* Tue May 19 2020 matthias.gerstner@suse.com
  - Update to version 20200519:
    * chkstat: fix sign conversion warnings on 32-bit architectures
    * chkstat: allow simultaneous use of `--set` and `--system`
    * regtest: adjust TestUnkownOwnership test to new warning output behaviour
* Mon May 18 2020 malte.kraus@suse.com
  - Update to version 20200518:
    * whitelist texlive public binary (bsc#1171686)
* Fri May 15 2020 matthias.gerstner@suse.com
  - Update to version 20200514:
    * fixed permissions: adjust to new libexec dir location (bsc#1171164)
      (affects utempter path)
* Wed May 13 2020 matthias.gerstner@suse.com
  - Update to version 20200513:
    * major rewrite of the chkstat tool
    * setuid bit for cockpit (bsc#1169614)
* Thu May 07 2020 malte.kraus@suse.com
  - Update to version 20200506:
    * add whitelist for files in /usr/lib to be also allowed in
      /usr/libexec (bsc#1171164)
* Tue Mar 24 2020 jsegitz@suse.de
  - Update to version 20200324:
    * whitelist s390-tools setgid bit on log directory (bsc#1167163)
    * whitelist WMP (bsc#1161335)
    * regtest: improve readability of path variables by using literals
    * regtest: adjust test suite to new path locations in /usr/share/permissions
    * regtest: only catch explicit FileNotFoundError
    * regtest: provide valid home directory in /root
    * regtest: mount permissions src repository in /usr/src/permissions
    * regtest: move initialialization of TestBase paths into the prepare() function
    * chkstat: suppport new --config-root command line option
    * fix spelling of icingacmd group
* Fri Feb 28 2020 malte.kraus@suse.com
  - Update to version 20200228:
    * chkstat: fix readline() on platforms with unsigned char
* Thu Feb 27 2020 malte.kraus@suse.com
  - Update to version 20200227:
    * remove capability whitelisting for radosgw
    * whitelist ceph log directory (bsc#1150366)
    * adjust testsuite to post CVE-2020-8013 link handling
    * testsuite: add option to not mount /proc
    * do not follow symlinks that are the final path element: CVE-2020-8013
    * add a test for symlinked directories
    * fix relative symlink handling
    * include cpp compat headers, not C headers
    * Move permissions and permissions.* except .local to /usr/share/permissions
    * regtest: fix the static PATH list which was missing /usr/bin
    * regtest: also unshare the PID namespace to support /proc mounting
    * regtest: bindMount(): explicitly reject read-only recursive mounts
    * Makefile: force remove upon clean target to prevent bogus errors
    * regtest: by default automatically (re)build chkstat before testing
    * regtest: add test for symlink targets
    * regtest: make capability setting tests optional
    * regtest: fix capability assertion helper logic
    * regtests: add another test case that catches set*id or caps in world-writable sub-trees
    * regtest: add another test that catches when privilege bits are set for special files
    * regtest: add test case for user owned symlinks
    * regtest: employ subuid and subgid feature in user namespace
    * regtest: add another test case that covers unknown user/group config
    * regtest: add another test that checks rejection of insecure mixed-owner paths
    * regtest: add test that checks for rejection of world-writable paths
    * regtest: add test for detection of unexpected parent directory ownership
    * regtest: add further helper functions, allow access to main instance
    * regtest: introduce some basic coloring support to improve readability
    * regtest: sort imports, another piece of rationale
    * regtest: add capability test case
    * regtest: improve error flagging of test cases and introduce warnings
    * regtest: support caps
    * regtest: add a couple of command line parameter test cases
    * regtest: add another test that checks whether the default profile works
    * regtests: add tests for correct application of local profiles
    * regtest: add further test cases that test correct profile application
    * regtest: simplify test implementation and readability
    * regtest: add helpers for permissions.d per package profiles
    * regtest: support read-only bind mounts, also bind-mount permissions repo
    * tests: introduce a regression test suite for chkstat
    * Makefile: allow to build test version programmatically
    * README.md: add basic readme file that explains the repository's purpose
    * chkstat: change and harmonize coding style
    * chkstat: switch to C++ compilation unit
  - add suse_version to end of permissions package version
* Thu Feb 13 2020 malte.kraus@suse.com
  - Update to version 20200213:
    * remove obsolete/broken entries for rcp/rsh/rlogin
    * chkstat: handle symlinks in final path elements correctly
    * Revert "Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)""
    * Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)"
* Tue Feb 04 2020 matthias.gerstner@suse.com
  - Update to version 20200204:
    * mariadb: settings for new auth_pam_tool (bsc#1160285)
    * chkstat:
    - add read-only fallback when /proc is not mounted (bsc#1160764)
    - capability handling fixes (bsc#1161779)
    - better error message when refusing to fix dir perms (#32)
* Mon Jan 27 2020 malte.kraus@suse.com
  - Update to version 20200127:
    * fix paths of ksysguard whitelisting
    * fix zero-termination of error message for overly long paths

Files

/usr/lib/zypp
/usr/lib/zypp/plugins
/usr/lib/zypp/plugins/commit
/usr/lib/zypp/plugins/commit/permissions.py


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jan 9 12:40:01 2024