diff --git a/_servicedata b/_servicedata
index 2530997..e164b3e 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
https://github.com/openSUSE/permissions.git
- 8676fc316fb0b9eb56ad9d354b8cafb8b1f2f258
\ No newline at end of file
+ bfa5f7c7437b3fa939b0a88007e2d1cc6de605c9
\ No newline at end of file
diff --git a/fix_version.sh b/fix_version.sh
index 8852264..1359069 100644
--- a/fix_version.sh
+++ b/fix_version.sh
@@ -3,4 +3,4 @@
version=`date '+%Y%m%d'`
echo "setting version to ${version}"
-sed -E -i -e "s/^%define VERSION [0-9]+/%define VERSION ${version}/" permissions.spec
+sed -E -i -e "s/^%define VERSION_DATE [0-9]+/%define VERSION_DATE ${version}/" permissions.spec
diff --git a/permissions-20200213.tar.xz b/permissions-20200213.tar.xz
deleted file mode 100644
index b7da393..0000000
--- a/permissions-20200213.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b7378f25982ade8a1983cb891bc5ee3962f1380d85b458078850686b65b9c895
-size 21532
diff --git a/permissions-20200228.tar.xz b/permissions-20200228.tar.xz
new file mode 100644
index 0000000..77f67a1
--- /dev/null
+++ b/permissions-20200228.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b779962f0f1ae43ef95a987d842861d65ddfabaa442204ce5d8bc7b3e4134c59
+size 36196
diff --git a/permissions.changes b/permissions.changes
index 4e49bb3..d00b9fe 100644
--- a/permissions.changes
+++ b/permissions.changes
@@ -1,3 +1,58 @@
+-------------------------------------------------------------------
+Fri Feb 28 12:00:44 UTC 2020 - malte.kraus@suse.com
+
+- Update to version 20200228:
+ * chkstat: fix readline() on platforms with unsigned char
+
+-------------------------------------------------------------------
+Thu Feb 27 12:29:29 UTC 2020 - malte.kraus@suse.com
+
+- Update to version 20200227:
+ * remove capability whitelisting for radosgw
+ * whitelist ceph log directory (bsc#1150366)
+ * adjust testsuite to post CVE-2020-8013 link handling
+ * testsuite: add option to not mount /proc
+ * do not follow symlinks that are the final path element: CVE-2020-8013
+ * add a test for symlinked directories
+ * fix relative symlink handling
+ * include cpp compat headers, not C headers
+ * Move permissions and permissions.* except .local to /usr/share/permissions
+ * regtest: fix the static PATH list which was missing /usr/bin
+ * regtest: also unshare the PID namespace to support /proc mounting
+ * regtest: bindMount(): explicitly reject read-only recursive mounts
+ * Makefile: force remove upon clean target to prevent bogus errors
+ * regtest: by default automatically (re)build chkstat before testing
+ * regtest: add test for symlink targets
+ * regtest: make capability setting tests optional
+ * regtest: fix capability assertion helper logic
+ * regtests: add another test case that catches set*id or caps in world-writable sub-trees
+ * regtest: add another test that catches when privilege bits are set for special files
+ * regtest: add test case for user owned symlinks
+ * regtest: employ subuid and subgid feature in user namespace
+ * regtest: add another test case that covers unknown user/group config
+ * regtest: add another test that checks rejection of insecure mixed-owner paths
+ * regtest: add test that checks for rejection of world-writable paths
+ * regtest: add test for detection of unexpected parent directory ownership
+ * regtest: add further helper functions, allow access to main instance
+ * regtest: introduce some basic coloring support to improve readability
+ * regtest: sort imports, another piece of rationale
+ * regtest: add capability test case
+ * regtest: improve error flagging of test cases and introduce warnings
+ * regtest: support caps
+ * regtest: add a couple of command line parameter test cases
+ * regtest: add another test that checks whether the default profile works
+ * regtests: add tests for correct application of local profiles
+ * regtest: add further test cases that test correct profile application
+ * regtest: simplify test implementation and readability
+ * regtest: add helpers for permissions.d per package profiles
+ * regtest: support read-only bind mounts, also bind-mount permissions repo
+ * tests: introduce a regression test suite for chkstat
+ * Makefile: allow to build test version programmatically
+ * README.md: add basic readme file that explains the repository's purpose
+ * chkstat: change and harmonize coding style
+ * chkstat: switch to C++ compilation unit
+- add suse_version to end of permissions package version
+
-------------------------------------------------------------------
Thu Feb 13 12:10:41 UTC 2020 - malte.kraus@suse.com
diff --git a/permissions.spec b/permissions.spec
index 717a241..f4f4ae6 100644
--- a/permissions.spec
+++ b/permissions.spec
@@ -16,26 +16,28 @@
#
-%define VERSION 20200213
+%define VERSION_DATE 20200228
Name: permissions
-Version: %{VERSION}
+Version: %{VERSION_DATE}.%{suse_version}
Release: 0
Summary: SUSE Linux Default Permissions
# Maintained in github by the security team.
License: GPL-2.0-or-later
Group: Productivity/Security
URL: http://github.com/openSUSE/permissions
-Source: permissions-%{version}.tar.xz
+Source: permissions-%{VERSION_DATE}.tar.xz
Source1: fix_version.sh
+BuildRequires: gcc-c++
BuildRequires: libcap-devel
+BuildRequires: libcap-progs
Requires: chkstat
Requires: permissions-config
Recommends: permissions-doc
-Provides: aaa_base:%{_sysconfdir}/permissions
+Provides: aaa_base:%{_datadir}/permissions
%prep
-%setup -q
+%setup -q -n permissions-%{VERSION_DATE}
%build
make %{?_smp_mflags} CFLAGS="-W -Wall %{optflags}" FSCAPS_DEFAULT_ENABLED=0
@@ -43,6 +45,10 @@ make %{?_smp_mflags} CFLAGS="-W -Wall %{optflags}" FSCAPS_DEFAULT_ENABLED=0
%install
%make_install fillupdir=%{_fillupdir}
+# regression tests disabled for the moment, needs adjustment for the new /usr/share world
+#%check
+#tests/regtest.py
+
%description
Permission settings of files and directories depending on the local
security settings. The local security setting ("easy", "secure", or "paranoid")
@@ -55,11 +61,11 @@ This package does not contain files, it just requires the necessary packages.
%package doc
Summary: SUSE Linux Default Permissions documentation
Group: Documentation/Man
-Version: %{suse_version}_%{VERSION}
+Version: %{suse_version}_%{VERSION_DATE}
Release: 0
%description doc
-Documentation for the permission files /etc/permissions*.
+Documentation for the permission files /usr/share/permissions/permissions*.
%files doc
%{_mandir}/man5/permissions.5%{ext_man}
@@ -67,7 +73,7 @@ Documentation for the permission files /etc/permissions*.
%package config
Summary: SUSE Linux Default Permissions config files
Group: Productivity/Security
-Version: %{suse_version}_%{VERSION}
+Version: %{suse_version}_%{VERSION_DATE}
Release: 0
Requires(post): %fillup_prereq
Requires(post): chkstat
@@ -75,13 +81,15 @@ Requires(post): chkstat
Requires(pre): group(trusted)
%description config
-The actual permissions configuration files, /etc/permission.*.
+The actual permissions configuration files, /usr/share/permissions/permission.*.
%files config
-%config %{_sysconfdir}/permissions
-%config %{_sysconfdir}/permissions.easy
-%config %{_sysconfdir}/permissions.secure
-%config %{_sysconfdir}/permissions.paranoid
+%defattr(644, root, root, 755)
+%dir %{_datadir}/permissions
+%{_datadir}/permissions/permissions
+%{_datadir}/permissions/permissions.easy
+%{_datadir}/permissions/permissions.secure
+%{_datadir}/permissions/permissions.paranoid
%config(noreplace) %{_sysconfdir}/permissions.local
%{_fillupdir}/sysconfig.security
@@ -93,7 +101,7 @@ The actual permissions configuration files, /etc/permission.*.
%package -n chkstat
Summary: SUSE Linux Default Permissions tool
Group: Productivity/Security
-Version: %{suse_version}_%{VERSION}
+Version: %{suse_version}_%{VERSION_DATE}
Release: 0
%description -n chkstat
@@ -105,7 +113,7 @@ Tool to check and set file permissions.
%package -n permissions-zypp-plugin
BuildArch: noarch
-Requires: permissions = %{VERSION}
+Requires: permissions = %{VERSION_DATE}.%{suse_version}
Requires: python3-zypp-plugin
Requires: libzypp(plugin:commit) = 1
Summary: A zypper commit plugin for calling chkstat