commit permissions.1949 for openSUSE:12.3:Update
Hello community, here is the log from the commit of package permissions.1949 for openSUSE:12.3:Update checked in at 2013-08-29 18:07:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/permissions.1949 (Old) and /work/SRC/openSUSE:12.3:Update/.permissions.1949.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "permissions.1949" Changes: -------- New Changes file: --- /dev/null 2013-07-23 23:44:04.804033756 +0200 +++ /work/SRC/openSUSE:12.3:Update/.permissions.1949.new/permissions.changes 2013-08-29 18:08:01.000000000 +0200 @@ -0,0 +1,1183 @@ +------------------------------------------------------------------- +Fri Aug 16 13:23:43 UTC 2013 - meissner@suse.com + +- Spell PERMISSION_FSCAPS correctly in chkstat.c (bnc#834790) + +------------------------------------------------------------------- +Tue Jan 29 14:00:08 UTC 2013 - meissner@suse.com + +- Allow pcp to have stickybit worldwriteable directories + +------------------------------------------------------------------- +Tue Nov 27 15:41:16 UTC 2012 - meissner@suse.com + +- add /usr/bin/dumpcap to watchlist +- make fscaps=1 the default on "" +- added PERMISSION_FSCAPS to the sysconfig/security fillup template. +- /bin/ping(6) was moved to /usr/bin/ping(6) /bin/eject was moved to /usr/bin/eject + +------------------------------------------------------------------- +Wed Nov 21 13:56:34 UTC 2012 - lnussel@suse.de + +- apply permissions settings in %post. During initial installation + some packages might be installed before the permissions package + due to dependency loops so we need to make sure their settings + are applied too. Also, on update of the permissions package + changed permission settings may need to be applied. + +------------------------------------------------------------------- +Mon Oct 15 11:49:04 UTC 2012 - lnussel@suse.de + +- temporarily add su.core. workaround for the migration of su from + coreutils to util-linux needs to be reverted as soon as util-linux + is also in + +------------------------------------------------------------------- +Tue Sep 25 14:55:21 UTC 2012 - meissner@suse.com + +- no longer install SuSEconfig.permissions, SuSEconfig is gone. + +------------------------------------------------------------------- +Fri Jul 6 09:01:18 UTC 2012 - meissner@suse.com + +- enable ecryptfs-utils setuid root mount wrapper (bnc#740110) in .easy + +------------------------------------------------------------------- +Mon Jun 4 11:37:27 UTC 2012 - lnussel@suse.de + +- remove /var/run/vi.recover (bnc#765288) + +------------------------------------------------------------------- +Fri Jun 1 07:23:46 UTC 2012 - lnussel@suse.de + +- remove /var/cache/fonts (bnc#764885) +- remove /var/lib/xemacs/lock/ (bnc#764887) + +------------------------------------------------------------------- +Thu May 31 11:07:25 UTC 2012 - lnussel@suse.de + +- Revert "Use credentials from within the root file system" + breaks use of --root option in brp-05-permissions + +------------------------------------------------------------------- +Tue May 15 14:46:22 UTC 2012 - lnussel@suse.de + +- print warning when requested to check not listed files +- Use credentials from within the root file system + +------------------------------------------------------------------- +Wed Feb 8 08:15:50 UTC 2012 - lnussel@suse.de + +- add duplicate entries for / and /usr (bnc#745622) + +------------------------------------------------------------------- +Tue Feb 7 12:09:17 UTC 2012 - lnussel@suse.de + +- add scripts for automatic package sumission +- drop zypp-refresh-wrapper (bnc#738677) + +------------------------------------------------------------------- +Mon Nov 7 09:39:43 UTC 2011 - lnussel@suse.de + +- disable run time fscaps detection (bnc#728312) + +------------------------------------------------------------------- +Fri Sep 23 08:37:21 UTC 2011 - lnussel@suse.de + +- set permission by default in SuSEconfig mode as permissions are + only set when called explicitly anyways (bnc#720010). + +------------------------------------------------------------------- +Wed Sep 21 08:00:28 UTC 2011 - lnussel@suse.de + +- fix typo in path + +------------------------------------------------------------------- +Tue Sep 20 14:47:30 UTC 2011 - lnussel@suse.de + +- remove world writable /var/crash again (bnc#438041) +- remove world writable permissions from /usr/src/packages (bnc#719217) + +------------------------------------------------------------------- +Tue Sep 20 13:38:48 UTC 2011 - lnussel@suse.de + +- add chromium browser sandbox helper (bnc#718016) +- don't offer PERMISSION_SECURITY in config anymore +- remove setgid games bits (bnc#429882) + +------------------------------------------------------------------- +Tue Jun 28 12:53:22 UTC 2011 - lnussel@suse.de + +- remove setuid bit from opiesu (bnc#698772) + +------------------------------------------------------------------- +Fri Jun 17 09:46:29 UTC 2011 - lnussel@suse.de + +- disable fscaps by default as factory kernel still doesn't have the + required patch for auto detection + +------------------------------------------------------------------- +Thu May 26 15:23:49 UTC 2011 - lnussel@suse.de + +- read /sys/kernel/fscaps for fscaps settings + +------------------------------------------------------------------- +Thu May 12 11:48:36 UTC 2011 - lnussel@suse.de + +- change path to gnome-pty-helper (bnc#690202) + +------------------------------------------------------------------- +Mon Mar 7 15:08:33 UTC 2011 - lnussel@suse.de + + - setuid bit on VBoxNetDHCP (bnc#669055) + +------------------------------------------------------------------- +Mon Feb 14 08:09:21 UTC 2011 - lnussel@suse.de + +- fix hawk permissions (bnc#665045) + +------------------------------------------------------------------- +Wed Feb 9 13:25:29 UTC 2011 - lnussel@suse.de + +- add hawk (bnc#665045) + +------------------------------------------------------------------- +Thu Dec 2 10:20:11 UTC 2010 - lnussel@suse.de + +- remove Xorg setuid bit (bnc#632737) + +------------------------------------------------------------------- +Thu Nov 18 10:52:39 UTC 2010 - lnussel@suse.de + +- update permissions of lastlog, faillog, wtmp, utmp and btmp + +------------------------------------------------------------------- +Wed Nov 17 11:02:37 UTC 2010 - lnussel@suse.de + +- remove permissions handling for /etc/inittab, /etc/inetd.conf and /etc/mtab +- revert previous commit, done in coreutils instead + +------------------------------------------------------------------- +Tue Nov 16 16:10:09 UTC 2010 - lnussel@suse.de + +- change fillup deps to requires to avoid coreutils loop + +------------------------------------------------------------------- +Tue Nov 16 15:10:53 UTC 2010 - lnussel@suse.de + +- change utempter from group tty to group utmp (bnc#652877) + +------------------------------------------------------------------- +Tue Nov 9 12:51:10 UTC 2010 - lnussel@suse.de + +- add permissions man page +- update docu +- add --level option +- set perms for setuid files always if owner changes +- strip root dir when printing file names + +------------------------------------------------------------------- +Tue Nov 9 09:25:17 UTC 2010 - lnussel@suse.de + +- add option to explicitly warn only + +------------------------------------------------------------------- +Fri Nov 5 14:00:30 UTC 2010 - lnussel@suse.de + +- reimplement the core features in chkstat itself instead of + SuSEconfig.permissions + +------------------------------------------------------------------- +Thu Nov 4 16:17:25 UTC 2010 - lnussel@suse.de + +- don't make changes if not called explicitly + +------------------------------------------------------------------- +Wed Nov 3 14:16:54 UTC 2010 - lnussel@suse.de + ++++ 986 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.permissions.1949.new/permissions.changes New: ---- permissions-2013.01.29.1841.tar.bz2 permissions-fix-fscaps.patch permissions.changes permissions.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ permissions.spec ++++++ # # spec file for package permissions # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # icecream 0 BuildRequires: libcap-devel Name: permissions Version: 2013.01.29.1841 Release: 0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq Summary: SUSE Linux Default Permissions License: GPL-2.0+ Group: Productivity/Security Source: permissions-%{version}.tar.bz2 Patch0: permissions-fix-fscaps.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://gitorious.org/opensuse/permissions %description Permission settings of files and directories depending on the local security settings. The local security setting (easy, secure, or paranoid) can be configured in /etc/sysconfig/security. Authors: -------- Werner Fink Roman Drahtmüller Michael Schröder Ludwig Nussel %prep %setup -q %patch0 -p1 %build make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0 %install make DESTDIR="$RPM_BUILD_ROOT" install %post %{fillup_only -n security} # apply all potentially changed permissions /usr/bin/chkstat --system %files %defattr(-,root,root,-) %config /etc/permissions %config /etc/permissions.easy %config /etc/permissions.secure %config /etc/permissions.paranoid %config(noreplace) /etc/permissions.local %{_bindir}/chkstat %{_mandir}/man5/permissions.5* %{_mandir}/man8/chkstat.8* /var/adm/fillup-templates/sysconfig.security %changelog ++++++ permissions-fix-fscaps.patch ++++++ Index: permissions-2013.01.29.1841/chkstat.c =================================================================== --- permissions-2013.01.29.1841.orig/chkstat.c +++ permissions-2013.01.29.1841/chkstat.c @@ -282,9 +282,10 @@ parse_sysconf(const char* file) //fprintf(stderr, "invalid value for CHECK_PERMISSIONS (must be 'set', 'warn' or 'no')\n"); } } - else if (have_fscaps == -1 && !strncmp(p, "PERMISSIONS_FSCAPS=", 19)) +#define FSCAPSENABLE "PERMISSION_FSCAPS=" + else if (have_fscaps == -1 && !strncmp(p, FSCAPSENABLE, strlen(FSCAPSENABLE))) { - p+=19; + p+=strlen(FSCAPSENABLE); if (isquote(*p)) ++p; if (!strncmp(p, "yes", 3)) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de