rpm/permissions
SHA256
1
0
Fork 0
forked from pool/permissions
Code Pull Requests Activity
406 Commits 1 Branch 0 Tags 1,023 KiB
factory
Commit Graph

406 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Dominique Leuenberger
8772445d98 Accepting request 774158 from Base:System 
- Update to version 20200213:
  * remove obsolete/broken entries for rcp/rsh/rlogin
  * chkstat: handle symlinks in final path elements correctly
  * Revert "Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)""
  * Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)"

OBS-URL: https://build.opensuse.org/request/show/774158
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/permissions?expand=0&rev=131
 2020-02-21 15:39:57 +00:00
Malte Kraus
a115569e05 - Update to version 20200213: 
* remove obsolete/broken entries for rcp/rsh/rlogin
  * chkstat: handle symlinks in final path elements correctly
  * Revert "Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)""
  * Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)"

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=250
 2020-02-13 12:20:20 +00:00
Dominique Leuenberger
40ff3446e5 Accepting request 769971 from Base:System 
- Update to version 20200204:
  * mariadb: settings for new auth_pam_tool (bsc#1160285)
  * chkstat:
    - add read-only fallback when /proc is not mounted (bsc#1160764)
    - capability handling fixes (bsc#1161779)
    - better error message when refusing to fix dir perms (#32)

- Update to version 20200127:
  * fix paths of ksysguard whitelisting
  * fix zero-termination of error message for overly long paths

OBS-URL: https://build.opensuse.org/request/show/769971
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/permissions?expand=0&rev=130
 2020-02-13 09:10:50 +00:00
Matthias Gerstner
d9ba7c2f04 OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=248 2020-02-04 12:30:29 +00:00
Matthias Gerstner
a4023dfa6b - Update to version 20200204: 
* mariadb: settings for new auth_pam_tool (bsc#1160285)
  * chkstat:
    - add read-only fallback when /proc is not mounted (bsc#1160764)
    - capability handling fixes (bsc#1161779)
    - better error message when refusing to fix dir perms (#32)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=247
 2020-02-04 12:22:39 +00:00
Malte Kraus
70de14a4ec - Update to version 20200127: 
* fix paths of ksysguard whitelisting
  * fix zero-termination of error message for overly long paths

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=246
 2020-01-27 12:02:43 +00:00
Dominique Leuenberger
659f3457a0 Accepting request 754442 from Base:System 
- Update to version 20191205:
  * fix privilege escalation through untrusted symlinks (bsc#1150734,
    CVE-2019-3690)

- Update to version 20191122:
  * faxq-helper: correct "secure" permission for trusted group (bsc#1157498)

OBS-URL: https://build.opensuse.org/request/show/754442
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/permissions?expand=0&rev=129
 2019-12-07 14:12:21 +00:00
Malte Kraus
cba6c7245b fix version 
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=244
 2019-12-05 14:37:17 +00:00
Malte Kraus
ac5efb502f - Update to version 20191205: 
* fix privilege escalation through untrusted symlinks (bsc#1150734,
    CVE-2019-3690)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=243
 2019-12-05 14:34:56 +00:00
Matthias Gerstner
671dc94a75 OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=242 2019-11-27 12:48:34 +00:00
Matthias Gerstner
5feb66e055 - Update to version 20191122: 
* faxq-helper: correct "secure" permission for trusted group (bsc#1157498)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=241
 2019-11-27 12:48:04 +00:00
Dominique Leuenberger
0ac04b6b0a Accepting request 749269 from Base:System 
- Update to version 20191118:
  * whitelist ksysguard network helper (bsc#1151190)

- Update to version 20191112:
  * fix syntax of paranoid profile
  * fix squid permissions (bsc#1093414, CVE-2019-3688)

OBS-URL: https://build.opensuse.org/request/show/749269
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/permissions?expand=0&rev=128
 2019-11-23 22:14:49 +00:00
Malte Kraus
20fbab7702 - Update to version 20191118: 
* whitelist ksysguard network helper (bsc#1151190)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=239
 2019-11-18 09:54:19 +00:00
Malte Kraus
bdb9837e95 - Update to version 20191112: 
* fix syntax of paranoid profile
  * fix squid permissions (bsc#1093414, CVE-2019-3688)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=238
 2019-11-12 12:51:22 +00:00
Dominique Leuenberger
c959fdefdd Accepting request 734799 from Base:System 
- Add || exit 0 on the scriptlet as it can actually fail in
  rootless containers with podman. This makes sure the zypper
  does not abort the container creation.
  * the actual error looks like:
    /dev/zero: chown: Operation not permitted (forwarded request 734796 from scarabeus_iv)

OBS-URL: https://build.opensuse.org/request/show/734799
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/permissions?expand=0&rev=127
 2019-10-11 13:09:45 +00:00
Marcus Meissner
4e0657a187 Accepting request 734796 from home:scarabeus_iv:branches:Base:System 
- Add || exit 0 on the scriptlet as it can actually fail in
  rootless containers with podman. This makes sure the zypper
  does not abort the container creation.
  * the actual error looks like:
    /dev/zero: chown: Operation not permitted

OBS-URL: https://build.opensuse.org/request/show/734796
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=236
 2019-10-03 13:03:49 +00:00
Dominique Leuenberger
817b34c63f Accepting request 730732 from Base:System 
OBS-URL: https://build.opensuse.org/request/show/730732
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/permissions?expand=0&rev=126
 2019-09-26 18:34:38 +00:00
Johannes Segitz
13d46ae0a1 Accepting request 730731 from home:jsegitz:branches:Base:System 
- Update to version 20190913:
  * setgid bit for nagios directory (bsc#1028975, bsc#1150345)
- This also restructures the sources for the permission package

OBS-URL: https://build.opensuse.org/request/show/730731
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=234
 2019-09-13 13:17:47 +00:00
Dominique Leuenberger
adb5b9c706 Accepting request 727267 from Base:System 
- Update to version 20190830:
  * dumpcap: remove 'other' executable bit because of capabilities (boo#1148788, CVE-2019-3687)

- Update to version 20190829:
  * add one more missing slash for icinga2
  * fix more missing slashes for directories

- Update to version 20190820:
  * cron directory permissions: add slashes

OBS-URL: https://build.opensuse.org/request/show/727267
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/permissions?expand=0&rev=125
 2019-09-11 08:24:38 +00:00
Malte Kraus
c9ec3a7362 - Update to version 20190830: 
* dumpcap: remove 'other' executable bit because of capabilities (boo#1148788, CVE-2019-3687)

- Update to version 20190829:
  * add one more missing slash for icinga2
  * fix more missing slashes for directories

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=232
 2019-08-30 14:26:48 +00:00
Malte Kraus
7bd46e85c9 - Update to version 20190820: 
* cron directory permissions: add slashes

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=231
 2019-08-20 09:47:17 +00:00
Dominique Leuenberger
5677c83ad8 Accepting request 714806 from Base:System 
- Update to version 20190711:
  * iputils: Add capability permissions for clockdiff (bsc#1140994)

- Update to version 20190710:
  * iputils/ping: Drop effective capability
  * iputils/ping6: Remove definitions

OBS-URL: https://build.opensuse.org/request/show/714806
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/permissions?expand=0&rev=124
 2019-07-16 06:28:37 +00:00
Johannes Segitz
90513df40a OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=229 2019-07-12 09:23:21 +00:00
Johannes Segitz
617c5f2df9 Accepting request 714669 from home:mkraus:branches:Base:System 
- Update to version 20190711:
  * iputils: Add capability permissions for clockdiff (bsc#1140994)

OBS-URL: https://build.opensuse.org/request/show/714669
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=228
 2019-07-12 09:02:35 +00:00
Matthias Gerstner
a83a90964a OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=227 2019-07-10 12:30:49 +00:00
Matthias Gerstner
6cbfeb58bb - Update to version 20190710: 
* iputils/ping: Drop effective capability
  * iputils/ping6: Remove definitions

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=226
 2019-07-10 12:30:03 +00:00
Dominique Leuenberger
7b5694efcf Accepting request 709714 from Base:System 
- Update to version 20190521:
  * singluarity: Add starter-suid for version 3.2.0
  * adjust settings for amanda to current binary layout

- Move BuildRequires: back to main package

- Moved requires to subpackages (bsc#1137257)

OBS-URL: https://build.opensuse.org/request/show/709714
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/permissions?expand=0&rev=123
 2019-06-26 14:01:30 +00:00
Marcus Meissner
f1694e5736 OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=224 2019-06-13 10:04:14 +00:00
Marcus Meissner
5b398c37ea - Update to version 20190521: 
* singluarity: Add starter-suid for version 3.2.0
  * adjust settings for amanda to current binary layout

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=223
 2019-06-13 08:58:09 +00:00
Marcus Meissner
6d800560d0 Accepting request 707829 from home:jsegitz:branches:Base:System 
- Move BuildRequires: back to main package

OBS-URL: https://build.opensuse.org/request/show/707829
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=222
 2019-06-05 12:35:17 +00:00
Matthias Gerstner
c817154009 Accepting request 707806 from home:jsegitz:branches:Base:System 
- Moved requires to subpackages (bsc#1137257)

OBS-URL: https://build.opensuse.org/request/show/707806
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=221
 2019-06-05 11:28:29 +00:00
Dominique Leuenberger
dea1809511 Accepting request 700154 from Base:System 
- Fixed versions. Removed set_version from _service file, doesn't
  work with the new packaging. Call fix_version.sh to set current
  date as version instead
- Fixed requires for -config and -zypp-plugin

- Update to version 20190429:
  * removed entry for /var/cache/man. Conflicts with packaging and man:man is
    the better setting anyway (bsc#1133678)
  * fixed error in description of permissions.paranoid. Make it clear that this
    is not a usable profile, but intended as a base for own developments

- Fix RPM group, fix hard requirement on documentation.
  Update description typography.

- Created new subpackages -config, -doc and standalone package chkstat 
  where we can start a better versioning scheme and require it from the 
  original package

OBS-URL: https://build.opensuse.org/request/show/700154
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/permissions?expand=0&rev=122
 2019-05-06 11:19:38 +00:00
Marcus Meissner
7ef24ac09f OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=219 2019-05-02 13:38:50 +00:00
Marcus Meissner
9bbb7deff7 Accepting request 700150 from home:jsegitz:branches:Base:System 
- Fixed versions. Removed set_version from _service file, doesn't
  work with the new packaging. Call fix_version.sh to set current
  date as version instead
- Fixed requires for -config and -zypp-plugin

OBS-URL: https://build.opensuse.org/request/show/700150
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=218
 2019-05-02 13:24:27 +00:00
Marcus Meissner
741577cc7c Accepting request 699578 from home:jsegitz:branches:Base:System 
- Update to version 20190429:
  * removed entry for /var/cache/man. Conflicts with packaging and man:man is
    the better setting anyway (bsc#1133678)
  * fixed error in description of permissions.paranoid. Make it clear that this
    is not a usable profile, but intended as a base for own developments

OBS-URL: https://build.opensuse.org/request/show/699578
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=217
 2019-05-01 06:26:24 +00:00
Dirk Mueller
edfc5837d1 Accepting request 693920 from home:jengelh:branches:Base:System 
- Fix RPM group, fix hard requirement on documentation.
  Update description typography.

OBS-URL: https://build.opensuse.org/request/show/693920
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=216
 2019-04-15 18:37:33 +00:00
Marcus Meissner
e7563d435d Accepting request 693721 from home:jsegitz:branches:Base:System 
- Created new subpackages -config, -doc and standalone package chkstat 
  where we can start a better versioning scheme and require it from the 
  original package

OBS-URL: https://build.opensuse.org/request/show/693721
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=215
 2019-04-12 13:08:09 +00:00
Yuchen Lin
80bfabba8d Accepting request 674669 from Base:System 
OBS-URL: https://build.opensuse.org/request/show/674669
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/permissions?expand=0&rev=121
 2019-02-19 12:54:51 +00:00
Marcus Meissner
f25290dd69 Accepting request 674173 from home:jsegitz:branches:Base:System 
- Update to version 20190212:
  * removed old entry for wodim
  * removed old entry for netatalk
  * removed old entry for suidperl
  * removed old entriy for utempter
  * removed old entriy for hostname
  * removed old directory entries
  * removed old entry for qemu-bridge-helper
  * removed old entries for pccardctl
  * removed old entries for isdnctrl
  * removed old entries for unix(2)_chkpwd
  * removed old entries for mount.nfs
  * removed old entries for (u)mount
  * removed old entry for fileshareset
  * removed old entries for KDE
  * removed old entry for heartbeat
  * removed old entry for gnome-control-center
  * removed old entry for pcp
  * removed old entry for lpdfilter
  * removed old entry for scotty
  * removed old entry for ia32el
  * removed old entry for squid
  * removed old qpopper whitelist
  * removed pt_chown entries. Not needed anymore and a bad idea anyway
  * removed old majordomo entry
  * removed stale entries for old ncpfs tools
  * removed old entry for rmtab
  * Fixed typo in icinga2 whitelist entry
  * New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale
    entries for VirtualBox

OBS-URL: https://build.opensuse.org/request/show/674173
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=213
 2019-02-13 16:59:34 +00:00
Dominique Leuenberger
29b31aa2bb Accepting request 649630 from Base:System 
- Update to version 20181116:
  * zypper-plugin: new plugin to fix bsc#1114383

- Update to version 20181112:
  * singularity: remove -suid binaries that have been dropped since version
  2.4 (bsc#1028304)

OBS-URL: https://build.opensuse.org/request/show/649630
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/permissions?expand=0&rev=120
 2018-11-26 09:12:53 +00:00
Matthias Gerstner
687b016f47 Accepting request 649628 from home:mgerstner:branches:Base:System 
- Update to version 20181116:
  * zypper-plugin: new plugin to fix bsc#1114383

OBS-URL: https://build.opensuse.org/request/show/649628
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=211
 2018-11-16 16:39:18 +00:00
Matthias Gerstner
2808ce4fdd - Update to version 20181112: 
* singularity: remove -suid binaries that have been dropped since version
  2.4 (bsc#1028304)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=210
 2018-11-12 12:15:37 +00:00
Dominique Leuenberger
06f0f9ebda Accepting request 645523 from Base:System 
- Update to version 20181030:
  * capability whitelisting: allow cap_net_bind_service for ns-slapd from 389-ds

- Update to version 20181029:
  * setuid whitelisting: add fusermount3 (bsc#1111230)

- Update to version 20181025:
  * setuid whitelisting: add authbind binary (bsc#1111251)

OBS-URL: https://build.opensuse.org/request/show/645523
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/permissions?expand=0&rev=119
 2018-11-05 21:49:49 +00:00
Matthias Gerstner
a73387d528 - Update to version 20181030: 
* capability whitelisting: allow cap_net_bind_service for ns-slapd from 389-ds

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=208
 2018-10-30 12:14:17 +00:00
Matthias Gerstner
7054263663 - Update to version 20181029: 
* setuid whitelisting: add fusermount3 (bsc#1111230)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=207
 2018-10-29 16:59:42 +00:00
Matthias Gerstner
6f2a944fac - Update to version 20181025: 
* setuid whitelisting: add authbind binary (bsc#1111251)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=206
 2018-10-25 16:15:13 +00:00
Dominique Leuenberger
bd8a1c90b7 Accepting request 631726 from Base:System 
- Update to version 20180827:
  * setuid whitelisting: add firejail binary (bsc#1059013)

- Update to version 20180810:
  * setuid whitelisting: add lxc-user-nic (bsc#988348)

OBS-URL: https://build.opensuse.org/request/show/631726
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/permissions?expand=0&rev=118
 2018-08-28 07:19:50 +00:00
Matthias Gerstner
84943e9c36 forgot to remove old archive 
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=204
 2018-08-27 09:36:48 +00:00
Matthias Gerstner
f4d7d3598d - Update to version 20180827: 
* setuid whitelisting: add firejail binary (bsc#1059013)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=203
 2018-08-27 09:16:16 +00:00
Matthias Gerstner
d7a67f7831 - Update to version 20180810: 
* setuid whitelisting: add lxc-user-nic (bsc#988348)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=202
 2018-08-10 09:23:22 +00:00