| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: permissions | Distribution: openSUSE:Factory:zSystems |
| Version: 1599_20230217 | Vendor: openSUSE |
| Release: 1.3 | Build date: Sun Mar 19 17:02:09 2023 |
| Group: Productivity/Security | Build host: s390zp24 |
| Size: 0 | Source RPM: permissions-1599_20230217-1.3.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: http://github.com/openSUSE/permissions | |
| Summary: SUSE Linux Default Permissions | |
File and directory permission settings depending on the local security
settings. The local security setting ("easy", "secure", or "paranoid") can be
configured in /etc/sysconfig/security.
This package does not contain files, it just requires the necessary packages.
GPL-2.0-or-later
* Fri Feb 17 2023 matthias.gerstner@suse.com
- Update to version 20230217:
* shadow: newgidmap,newuidmap: use capabilities (bsc#1208309)
* profiles: whitelist kismet capabilities (bsc#1200954) (#171)
* Tue Dec 20 2022 matthias.gerstner@suse.com
- Update to version 20221220:
* profiles: remove outdated kdesud, apptainer entries
* Wed Sep 21 2022 Dirk Müller <dmueller@suse.com>
- skip tests on qemu user builds
* Tue Sep 13 2022 matthias.gerstner@suse.com
- Update to version 20220912:
* chkstat: also consider group controlled paths (bsc#1203018,
CVE-2022-31252)
* Mon Aug 08 2022 Dominique Leuenberger <dimstar@opensuse.org>
- Fix dependency from permissions-zypp-plugin to permissions.
* Sat Jul 30 2022 Stephan Kulow <coolo@suse.com>
- Avoid different Versions for subpackages to fix build-compare
seeing the src rpm as equal. It replaces VERSION-RELEASE but
that will fail if subpackages use a different Version
* Wed Jul 13 2022 matthias.gerstner@suse.com
- Update to version 20220713:
* postfix: add postlog setgid for maildrop binary (bsc#1201385)
* libexec migration: KDE utilities now properly place their helpers
* pccardctl: installation path has finally changed to /usr/sbin
* Fri Mar 11 2022 matthias.gerstner@suse.com
- Update to version 20220309:
* apptainer whitelisting (bsc#1196145)
* Fri Feb 25 2022 matthias.gerstner@suse.com
- Update to version 20220202:
* mount.nfs: switch from migration mode to fixed path in /usr/sbin
* changed gendered pronouns
* mgetty: faxq-helper now finally reside in /usr/libexec
* Wed Sep 01 2021 matthias.gerstner@suse.com
- Update to version 20210901:
* libksysguard5: Updated path for ksgrd_network_helper
* kdesu: Updated path for kdesud
* sbin_dirs cleanup: these binaries have already been moved to /usr/sbin
* mariadb: revert auth_pam_tool to /usr/lib{,64} again
* cleanup: revert virtualbox back to plain /usr/lib
* cleanup: remove deprecated /etc/ssh/sshd_config
* hawk_invoke is not part of newer hawk2 packages anymore
* cleanup: texlive-filesystem: public now resides in libexec
* cleanup: authbind: helper now resides in libexec
* cleanup: polkit: the agent now also resides in libexec
* libexec cleanup: 'inn' news binaries now reside in libexec
* Tue May 18 2021 matthias.gerstner@suse.com
- Update to version 20210518:
* whitelist please (bsc#1183669)
* Tue May 18 2021 matthias.gerstner@suse.com
- Update to version 20210518:
* Fix enlightenment paths for 32-bit architectures
* Mon Jan 25 2021 matthias.gerstner@suse.com
- Update to version 20210125:
* usbauth: drop compatibility variable for libexec
* usbauth: Updated path for usbauth-npriv
* profiles: finish usage of variable for polkit-agent-helper-1
* Fri Dec 04 2020 Ludwig Nussel <lnussel@suse.de>
- move man page to where the documented files are
* Wed Nov 11 2020 matthias.gerstner@suse.com
- Update to version 20201111:
* squid: remove basic_pam_auth which doesn't need special perms (bsc#1171569)
* mgetty: remove long dead (or never existing) locks directory (bsc#1171882)
* adjust squid pinger path (bsc#1171569)
* profiles: remove now superfluous squid pinger paths (bsc#1171569)
* ksgrd_network_helper: remove obviously wrong path
* etc/permissions: remove unnecessary, duplicate, outdated entries
* chkstat: implement support for variables in profile paths in new
variables.conf
* man pages: add documentation about variables, update copyrights
* profiles: use new variables feature to remove redundant entries
* profiles: prepare /usr/sbin versions of profile entries (bsc#1029961)
* Makefile: support CXXFLAGS and LDFLAGS override / extension via make/env variables (bsc#1178475)
* Makefile: compile with LFO support to fix 32-bit emulation on 64-bit hosts (bsc#1178476)
* README: added information about know limitations of this approach
- adjusted spec file:
- package new variables.conf
- apply %{optflags} correctly via CXXFLAGS variable
- drop FSCAPS_DEFAULT_ENABLED which isn't recognized anymore by the
refactored chkstat sources. This is now the default.
* Thu Oct 08 2020 matthias.gerstner@suse.com
- Update to version 20201008:
* cleanup now useless /usr/lib entries after move to /usr/libexec (bsc#1171164)
* drop (f)ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)
* Wed Sep 30 2020 matthias.gerstner@suse.com
- Update to version 20200930:
* whitelist Xorg setuid-root wrapper (bsc#1175867)
* Wed Sep 09 2020 matthias.gerstner@suse.com
- Update to version 20200909:
* screen: remove /run/uscreens covered by systemd-tmpfiles (bsc#1171879)
* Fri Sep 04 2020 matthias.gerstner@suse.com
- Update to version 20200904:
* Add /usr/libexec for cockpit-session as new path
* physlock: whitelist with tight restrictions (bsc#1175720)
* Wed Aug 26 2020 malte.kraus@suse.com
- Update to version 20200826:
* mtr-packet: stop requiring dialout group
* etc/permissions: fix mtr permission
* list_permissions: improve output format
* list_permissions: support globbing in --path argument
* list_permissions: implement simplifications suggested in PR#92
* list_permissions: new tool for better path configuration overview
* Tue Aug 11 2020 matthias.gerstner@suse.com
- Update to version 20200811:
* regtest: support new getcap output format in libcap-2.42
* regtest: print individual test case errors to stderr
* Mon Jul 27 2020 matthias.gerstner@suse.com
- Update to version 20200727:
* etc/permissions: remove static /var/spool/* dirs
* etc/permissions: remove outdated entries
* etc/permissions: remove unnecessary static dirs and devices
* screen: remove now unused /var/run/uscreens
* Fri Jul 10 2020 matthias.gerstner@suse.com
- Update to version 20200710:
* Revert "etc/permissions: remove entries for bind-chrootenv". This
currently conflicts with the way the CheckSUIDPermissions rpmlint-check is
implemented.
* Tue Jul 07 2020 Callum Farmer <callumjfarmer13@gmail.com>
- Removed dbus-libexec.patch: contained in upstream
* Tue Jul 07 2020 matthias.gerstner@suse.com
- Update to version 20200624:
* rework permissions.local text (boo#1173221)
* dbus-1: adjust to new libexec dir location (bsc#1171164)
* permission profiles: reinstate kdesud for kde5
* etc/permissions: remove entries for bind-chrootenv
* etc/permissions: remove traceroute entry
* VirtualBox: remove outdated entry which is only a symlink any more
* /bin/su: remove path refering to symlink
* etc/permissions: remove legacy RPM directory entries
* /etc/permissions: remove outdated sudo directories
* singularity: remove outdated setuid-binary entries
* chromium: remove now unneeded chrome_sandbox entry (bsc#1163588)
* dbus-1: remove deprecated alternative paths
* PolicyKit: remove outdated entries last used in SLE-11
* pcp: remove no longer needed / conflicting entries
* gnats: remove entries for package removed from Factory
* kdelibs4: remove entries for package removed from Factory
* v4l-base: remove entries for package removed from Factory
* mailman: remove entries for package deleted from Factory
* gnome-pty-helper: remove dead entry no longer part of the vte package
* gnokii: remove entries for package no longer in Factory
* xawtv (v4l-conf): correct group ownership in easy profile
* systemd-journal: remove unnecessary profile entries
* thttp: make makeweb entry usable in the secure profile (bsc#1171580)
* Tue Jun 16 2020 malte.kraus@suse.com
- dbus-1: adjust to new libexec dir location (bsc#1171164). This is
temporarily done through the patch in dbus-libexec.patch because
we are not completely certain the stability of current git.
- run chkstat test suite during RPM build
* Tue May 26 2020 matthias.gerstner@suse.com
- Update to version 20200526:
* profiles: add entries for enlightenment (bsc#1171686)
* Wed May 20 2020 matthias.gerstner@suse.com
- Update to version 20200520:
* permissions fixed profile: utempter: reinstate libexec compatibility entry
* Tue May 19 2020 matthias.gerstner@suse.com
- Update to version 20200519:
* chkstat: fix sign conversion warnings on 32-bit architectures
* chkstat: allow simultaneous use of `--set` and `--system`
* regtest: adjust TestUnkownOwnership test to new warning output behaviour
* Mon May 18 2020 malte.kraus@suse.com
- Update to version 20200518:
* whitelist texlive public binary (bsc#1171686)
* Fri May 15 2020 matthias.gerstner@suse.com
- Update to version 20200514:
* fixed permissions: adjust to new libexec dir location (bsc#1171164)
(affects utempter path)
* Wed May 13 2020 matthias.gerstner@suse.com
- Update to version 20200513:
* major rewrite of the chkstat tool
* setuid bit for cockpit (bsc#1169614)
* Thu May 07 2020 malte.kraus@suse.com
- Update to version 20200506:
* add whitelist for files in /usr/lib to be also allowed in
/usr/libexec (bsc#1171164)
* Tue Mar 24 2020 jsegitz@suse.de
- Update to version 20200324:
* whitelist s390-tools setgid bit on log directory (bsc#1167163)
* whitelist WMP (bsc#1161335)
* regtest: improve readability of path variables by using literals
* regtest: adjust test suite to new path locations in /usr/share/permissions
* regtest: only catch explicit FileNotFoundError
* regtest: provide valid home directory in /root
* regtest: mount permissions src repository in /usr/src/permissions
* regtest: move initialialization of TestBase paths into the prepare() function
* chkstat: suppport new --config-root command line option
* fix spelling of icingacmd group
* Fri Feb 28 2020 malte.kraus@suse.com
- Update to version 20200228:
* chkstat: fix readline() on platforms with unsigned char
* Thu Feb 27 2020 malte.kraus@suse.com
- Update to version 20200227:
* remove capability whitelisting for radosgw
* whitelist ceph log directory (bsc#1150366)
* adjust testsuite to post CVE-2020-8013 link handling
* testsuite: add option to not mount /proc
* do not follow symlinks that are the final path element: CVE-2020-8013
* add a test for symlinked directories
* fix relative symlink handling
* include cpp compat headers, not C headers
* Move permissions and permissions.* except .local to /usr/share/permissions
* regtest: fix the static PATH list which was missing /usr/bin
* regtest: also unshare the PID namespace to support /proc mounting
* regtest: bindMount(): explicitly reject read-only recursive mounts
* Makefile: force remove upon clean target to prevent bogus errors
* regtest: by default automatically (re)build chkstat before testing
* regtest: add test for symlink targets
* regtest: make capability setting tests optional
* regtest: fix capability assertion helper logic
* regtests: add another test case that catches set*id or caps in world-writable sub-trees
* regtest: add another test that catches when privilege bits are set for special files
* regtest: add test case for user owned symlinks
* regtest: employ subuid and subgid feature in user namespace
* regtest: add another test case that covers unknown user/group config
* regtest: add another test that checks rejection of insecure mixed-owner paths
* regtest: add test that checks for rejection of world-writable paths
* regtest: add test for detection of unexpected parent directory ownership
* regtest: add further helper functions, allow access to main instance
* regtest: introduce some basic coloring support to improve readability
* regtest: sort imports, another piece of rationale
* regtest: add capability test case
* regtest: improve error flagging of test cases and introduce warnings
* regtest: support caps
* regtest: add a couple of command line parameter test cases
* regtest: add another test that checks whether the default profile works
* regtests: add tests for correct application of local profiles
* regtest: add further test cases that test correct profile application
* regtest: simplify test implementation and readability
* regtest: add helpers for permissions.d per package profiles
* regtest: support read-only bind mounts, also bind-mount permissions repo
* tests: introduce a regression test suite for chkstat
* Makefile: allow to build test version programmatically
* README.md: add basic readme file that explains the repository's purpose
* chkstat: change and harmonize coding style
* chkstat: switch to C++ compilation unit
- add suse_version to end of permissions package version
* Thu Feb 13 2020 malte.kraus@suse.com
- Update to version 20200213:
* remove obsolete/broken entries for rcp/rsh/rlogin
* chkstat: handle symlinks in final path elements correctly
* Revert "Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)""
* Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)"
* Tue Feb 04 2020 matthias.gerstner@suse.com
- Update to version 20200204:
* mariadb: settings for new auth_pam_tool (bsc#1160285)
* chkstat:
- add read-only fallback when /proc is not mounted (bsc#1160764)
- capability handling fixes (bsc#1161779)
- better error message when refusing to fix dir perms (#32)
* Mon Jan 27 2020 malte.kraus@suse.com
- Update to version 20200127:
* fix paths of ksysguard whitelisting
* fix zero-termination of error message for overly long paths
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri May 5 00:48:45 2023