Hello community,
here is the log from the commit of package yast2-security
checked in at Thu May 1 14:24:01 CEST 2008.
--------
--- yast2-security/yast2-security.changes 2008-04-14 10:22:45.000000000 +0200
+++ /mounts/work_src_done/NOARCH/yast2-security/yast2-security.changes 2008-04-30 13:59:43.804926000 +0200
@@ -1,0 +2,10 @@
+Wed Apr 30 13:07:33 CEST 2008 - jsuchome@suse.cz
+
+- new defaults in security levels (bnc#385159):
+ CWD_IN_ROOT_PATH, CWD_IN_USER_PATH always "no",
+ ENABLE_SYSRQ "yes" for Home Workstation
+ RUN_UPDATEDB_AS always "nobody"
+ OBSCURE_CHECKS_ENAB, PASSWD_USE_CRACKLIB always "yes"
+- 2.16.1
+
+-------------------------------------------------------------------
Old:
----
yast2-security-2.16.0.tar.bz2
New:
----
yast2-security-2.16.1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-security.spec ++++++
--- /var/tmp/diff_new_pack.j18225/_old 2008-05-01 14:23:36.000000000 +0200
+++ /var/tmp/diff_new_pack.j18225/_new 2008-05-01 14:23:36.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package yast2-security (Version 2.16.0)
+# spec file for package yast2-security (Version 2.16.1)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -12,12 +12,12 @@
Name: yast2-security
-Version: 2.16.0
+Version: 2.16.1
Release: 1
License: GPL v2 or later
Group: System/YaST
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source0: yast2-security-2.16.0.tar.bz2
+Source0: yast2-security-2.16.1.tar.bz2
Prefix: /usr
BuildRequires: doxygen perl-XML-Writer pkg-config update-desktop-files yast2-devtools yast2-pam yast2-testsuite
# new Pam.ycp API
@@ -40,7 +40,7 @@
Jiri Suchomel
%prep
-%setup -n yast2-security-2.16.0
+%setup -n yast2-security-2.16.1
%build
%{prefix}/bin/y2tool y2autoconf
@@ -74,6 +74,13 @@
/usr/share/YaST2/schema/autoyast/rnc/security.rnc
%doc %{prefix}/share/doc/packages/yast2-security
%changelog
+* Wed Apr 30 2008 jsuchome@suse.cz
+- new defaults in security levels (bnc#385159):
+ CWD_IN_ROOT_PATH, CWD_IN_USER_PATH always "no",
+ ENABLE_SYSRQ "yes" for Home Workstation
+ RUN_UPDATEDB_AS always "nobody"
+ OBSCURE_CHECKS_ENAB, PASSWD_USE_CRACKLIB always "yes"
+- 2.16.1
* Mon Apr 14 2008 jsuchome@suse.cz
- 2.16.0
* Mon Mar 17 2008 jsrain@suse.cz
++++++ yast2-security-2.16.0.tar.bz2 -> yast2-security-2.16.1.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-security-2.16.0/src/levels.ycp new/yast2-security-2.16.1/src/levels.ycp
--- old/yast2-security-2.16.0/src/levels.ycp 2006-06-13 09:16:45.000000000 +0200
+++ new/yast2-security-2.16.1/src/levels.ycp 2008-04-30 13:58:33.000000000 +0200
@@ -4,7 +4,7 @@
* Summary: Security settings definitions
* Authors: Michal Svec
*
- * $Id: levels.ycp 31463 2006-06-13 07:16:36Z jsuchome $
+ * $Id: levels.ycp 47218 2008-04-30 11:58:33Z jsuchome $
*
* This file contains definitions of all security settings.
* They are in one huge list.
@@ -56,25 +56,25 @@
"Level1" : $[
"CONSOLE_SHUTDOWN" : "reboot",
- "CWD_IN_ROOT_PATH" : "yes",
- "CWD_IN_USER_PATH" : "yes",
+ "CWD_IN_ROOT_PATH" : "no",
+ "CWD_IN_USER_PATH" : "no",
"DISPLAYMANAGER_REMOTE_ACCESS" : "no",
- "ENABLE_SYSRQ" : "no",
+ "ENABLE_SYSRQ" : "yes",
"FAIL_DELAY" : "1",
"GID_MAX" : "60000",
"GID_MIN" : "1000",
"GROUP_ENCRYPTION" : "des",
"DISPLAYMANAGER_SHUTDOWN" : "all",
"LASTLOG_ENAB" : "yes",
- "OBSCURE_CHECKS_ENAB" : "no",
+ "OBSCURE_CHECKS_ENAB" : "yes",
"PASSWD_ENCRYPTION" : "blowfish",
- "PASSWD_USE_CRACKLIB" : "no",
+ "PASSWD_USE_CRACKLIB" : "yes",
"PASS_MAX_DAYS" : "99999",
"PASS_MIN_DAYS" : "0",
"PASS_MIN_LEN" : "5",
"PASS_WARN_AGE" : "7",
"PERMISSION_SECURITY" : "easy",
- "RUN_UPDATEDB_AS" : "root",
+ "RUN_UPDATEDB_AS" : "nobody",
"UID_MAX" : "60000",
"UID_MIN" : "1000",
"SYSTEM_UID_MAX" : "499",
@@ -100,7 +100,7 @@
"GROUP_ENCRYPTION" : "des",
"DISPLAYMANAGER_SHUTDOWN" : "root",
"LASTLOG_ENAB" : "yes",
- "OBSCURE_CHECKS_ENAB" : "no",
+ "OBSCURE_CHECKS_ENAB" : "yes",
"PASSWD_ENCRYPTION" : "blowfish",
"PASSWD_USE_CRACKLIB" : "yes",
"PASS_MAX_DAYS" : "99999",
@@ -134,7 +134,7 @@
"GROUP_ENCRYPTION" : "des",
"DISPLAYMANAGER_SHUTDOWN" : "root",
"LASTLOG_ENAB" : "yes",
- "OBSCURE_CHECKS_ENAB" : "no",
+ "OBSCURE_CHECKS_ENAB" : "yes",
"PASSWD_ENCRYPTION" : "blowfish",
"PASSWD_USE_CRACKLIB" : "yes",
"PASS_MAX_DAYS" : "99999",
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-security-2.16.0/testsuite/tests/Level1.out new/yast2-security-2.16.1/testsuite/tests/Level1.out
--- old/yast2-security-2.16.0/testsuite/tests/Level1.out 2006-09-21 12:54:00.000000000 +0200
+++ new/yast2-security-2.16.1/testsuite/tests/Level1.out 2008-04-30 13:40:58.000000000 +0200
@@ -35,15 +35,15 @@
Read .sysconfig.displaymanager.DISPLAYMANAGER_SHUTDOWN nil
Write .sysconfig.displaymanager.DISPLAYMANAGER_SHUTDOWN "all" true
Read .sysconfig.locate.RUN_UPDATEDB_AS nil
-Write .sysconfig.locate.RUN_UPDATEDB_AS "root" true
+Write .sysconfig.locate.RUN_UPDATEDB_AS "nobody" true
Read .sysconfig.security.PERMISSION_SECURITY nil
Write .sysconfig.security.PERMISSION_SECURITY "easy local" true
Read .sysconfig.suseconfig.CWD_IN_ROOT_PATH nil
-Write .sysconfig.suseconfig.CWD_IN_ROOT_PATH "yes" true
+Write .sysconfig.suseconfig.CWD_IN_ROOT_PATH "no" true
Read .sysconfig.suseconfig.CWD_IN_USER_PATH nil
-Write .sysconfig.suseconfig.CWD_IN_USER_PATH "yes" true
+Write .sysconfig.suseconfig.CWD_IN_USER_PATH "no" true
Read .sysconfig.sysctl.ENABLE_SYSRQ nil
-Write .sysconfig.sysctl.ENABLE_SYSRQ "no" true
+Write .sysconfig.sysctl.ENABLE_SYSRQ "yes" true
Write .etc.login_defs nil true
Write .sysconfig.displaymanager nil true
Write .sysconfig.locate nil true
@@ -55,12 +55,12 @@
Execute .target.bash "/sbin/telinit q" 0
Read .etc.default.passwd."CRYPT_FILES" nil
Write .etc.default.passwd."CRYPT_FILES" "blowfish" true
-Execute .target.bash_output "pam-config -d --pwcheck-cracklib" $[]
-Execute .target.bash_output "pam-config -a --pwcheck-no_obscure_checks" $[]
+Execute .target.bash_output "pam-config -a --pwcheck-cracklib" $[]
+Execute .target.bash_output "pam-config -d --pwcheck-no_obscure_checks" $[]
Execute .target.bash_output "pam-config -d --pwcheck-minlen=" $[]
Execute .target.bash_output "pam-config -d --pwcheck-remember=" $[]
Write .etc.default.passwd nil true
-Execute .target.bash "echo 0 > /proc/sys/kernel/sysrq" 0
+Execute .target.bash "echo 1 > /proc/sys/kernel/sysrq" 0
Read .sysconfig.displaymanager.DISPLAYMANAGER ""
Execute .target.bash "/sbin/SuSEconfig --module kde3" 0
Execute .target.bash "/sbin/SuSEconfig --module kdm3" 0
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-security-2.16.0/testsuite/tests/Level2.out new/yast2-security-2.16.1/testsuite/tests/Level2.out
--- old/yast2-security-2.16.0/testsuite/tests/Level2.out 2006-09-21 12:54:00.000000000 +0200
+++ new/yast2-security-2.16.1/testsuite/tests/Level2.out 2008-04-30 13:28:36.000000000 +0200
@@ -56,7 +56,7 @@
Read .etc.default.passwd."CRYPT_FILES" nil
Write .etc.default.passwd."CRYPT_FILES" "blowfish" true
Execute .target.bash_output "pam-config -a --pwcheck-cracklib" $[]
-Execute .target.bash_output "pam-config -a --pwcheck-no_obscure_checks" $[]
+Execute .target.bash_output "pam-config -d --pwcheck-no_obscure_checks" $[]
Execute .target.bash_output "pam-config -d --pwcheck-minlen=" $[]
Execute .target.bash_output "pam-config -d --pwcheck-remember=" $[]
Write .etc.default.passwd nil true
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-security-2.16.0/testsuite/tests/Level3.out new/yast2-security-2.16.1/testsuite/tests/Level3.out
--- old/yast2-security-2.16.0/testsuite/tests/Level3.out 2006-09-21 12:54:00.000000000 +0200
+++ new/yast2-security-2.16.1/testsuite/tests/Level3.out 2008-04-30 13:28:47.000000000 +0200
@@ -56,7 +56,7 @@
Read .etc.default.passwd."CRYPT_FILES" nil
Write .etc.default.passwd."CRYPT_FILES" "blowfish" true
Execute .target.bash_output "pam-config -a --pwcheck-cracklib" $[]
-Execute .target.bash_output "pam-config -a --pwcheck-no_obscure_checks" $[]
+Execute .target.bash_output "pam-config -d --pwcheck-no_obscure_checks" $[]
Execute .target.bash_output "pam-config -a --pwcheck-minlen=6" $[]
Execute .target.bash_output "pam-config -d --pwcheck-remember=" $[]
Write .etc.default.passwd nil true
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-security-2.16.0/VERSION new/yast2-security-2.16.1/VERSION
--- old/yast2-security-2.16.0/VERSION 2008-03-19 08:54:03.000000000 +0100
+++ new/yast2-security-2.16.1/VERSION 2008-04-30 13:09:58.000000000 +0200
@@ -1 +1 @@
-2.16.0
+2.16.1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org