a4023dfa6b
- Update to version 20200204:
...
* mariadb: settings for new auth_pam_tool (bsc#1160285)
* chkstat:
- add read-only fallback when /proc is not mounted (bsc#1160764)
- capability handling fixes (bsc#1161779)
- better error message when refusing to fix dir perms (#32 )
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=247
2020-02-04 12:22:39 +00:00
Malte Kraus
70de14a4ec
- Update to version 20200127:
...
* fix paths of ksysguard whitelisting
* fix zero-termination of error message for overly long paths
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=246
2020-01-27 12:02:43 +00:00
Malte Kraus
ac5efb502f
- Update to version 20191205:
...
* fix privilege escalation through untrusted symlinks (bsc#1150734,
CVE-2019-3690)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=243
2019-12-05 14:34:56 +00:00
5feb66e055
- Update to version 20191122:
...
* faxq-helper: correct "secure" permission for trusted group (bsc#1157498)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=241
2019-11-27 12:48:04 +00:00
Malte Kraus
20fbab7702
- Update to version 20191118:
...
* whitelist ksysguard network helper (bsc#1151190)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=239
2019-11-18 09:54:19 +00:00
Malte Kraus
bdb9837e95
- Update to version 20191112:
...
* fix syntax of paranoid profile
* fix squid permissions (bsc#1093414, CVE-2019-3688)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=238
2019-11-12 12:51:22 +00:00
Johannes Segitz
13d46ae0a1
Accepting request 730731 from home:jsegitz:branches:Base:System
...
- Update to version 20190913:
* setgid bit for nagios directory (bsc#1028975, bsc#1150345)
- This also restructures the sources for the permission package
OBS-URL: https://build.opensuse.org/request/show/730731
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=234
2019-09-13 13:17:47 +00:00
Malte Kraus
c9ec3a7362
- Update to version 20190830:
...
* dumpcap: remove 'other' executable bit because of capabilities (boo#1148788, CVE-2019-3687)
- Update to version 20190829:
* add one more missing slash for icinga2
* fix more missing slashes for directories
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=232
2019-08-30 14:26:48 +00:00
Malte Kraus
7bd46e85c9
- Update to version 20190820:
...
* cron directory permissions: add slashes
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=231
2019-08-20 09:47:17 +00:00
Johannes Segitz
617c5f2df9
Accepting request 714669 from home:mkraus:branches:Base:System
...
- Update to version 20190711:
* iputils: Add capability permissions for clockdiff (bsc#1140994)
OBS-URL: https://build.opensuse.org/request/show/714669
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=228
2019-07-12 09:02:35 +00:00
6cbfeb58bb
- Update to version 20190710:
...
* iputils/ping: Drop effective capability
* iputils/ping6: Remove definitions
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=226
2019-07-10 12:30:03 +00:00
5b398c37ea
- Update to version 20190521:
...
* singluarity: Add starter-suid for version 3.2.0
* adjust settings for amanda to current binary layout
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=223
2019-06-13 08:58:09 +00:00
741577cc7c
Accepting request 699578 from home:jsegitz:branches:Base:System
...
- Update to version 20190429:
* removed entry for /var/cache/man. Conflicts with packaging and man:man is
the better setting anyway (bsc#1133678)
* fixed error in description of permissions.paranoid. Make it clear that this
is not a usable profile, but intended as a base for own developments
OBS-URL: https://build.opensuse.org/request/show/699578
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=217
2019-05-01 06:26:24 +00:00
f25290dd69
Accepting request 674173 from home:jsegitz:branches:Base:System
...
- Update to version 20190212:
* removed old entry for wodim
* removed old entry for netatalk
* removed old entry for suidperl
* removed old entriy for utempter
* removed old entriy for hostname
* removed old directory entries
* removed old entry for qemu-bridge-helper
* removed old entries for pccardctl
* removed old entries for isdnctrl
* removed old entries for unix(2)_chkpwd
* removed old entries for mount.nfs
* removed old entries for (u)mount
* removed old entry for fileshareset
* removed old entries for KDE
* removed old entry for heartbeat
* removed old entry for gnome-control-center
* removed old entry for pcp
* removed old entry for lpdfilter
* removed old entry for scotty
* removed old entry for ia32el
* removed old entry for squid
* removed old qpopper whitelist
* removed pt_chown entries. Not needed anymore and a bad idea anyway
* removed old majordomo entry
* removed stale entries for old ncpfs tools
* removed old entry for rmtab
* Fixed typo in icinga2 whitelist entry
* New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale
entries for VirtualBox
OBS-URL: https://build.opensuse.org/request/show/674173
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=213
2019-02-13 16:59:34 +00:00
687b016f47
Accepting request 649628 from home:mgerstner:branches:Base:System
...
- Update to version 20181116:
* zypper-plugin: new plugin to fix bsc#1114383
OBS-URL: https://build.opensuse.org/request/show/649628
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=211
2018-11-16 16:39:18 +00:00
2808ce4fdd
- Update to version 20181112:
...
* singularity: remove -suid binaries that have been dropped since version
2.4 (bsc#1028304)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=210
2018-11-12 12:15:37 +00:00
a73387d528
- Update to version 20181030:
...
* capability whitelisting: allow cap_net_bind_service for ns-slapd from 389-ds
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=208
2018-10-30 12:14:17 +00:00
7054263663
- Update to version 20181029:
...
* setuid whitelisting: add fusermount3 (bsc#1111230)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=207
2018-10-29 16:59:42 +00:00
6f2a944fac
- Update to version 20181025:
...
* setuid whitelisting: add authbind binary (bsc#1111251)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=206
2018-10-25 16:15:13 +00:00
f4d7d3598d
- Update to version 20180827:
...
* setuid whitelisting: add firejail binary (bsc#1059013)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=203
2018-08-27 09:16:16 +00:00
d7a67f7831
- Update to version 20180810:
...
* setuid whitelisting: add lxc-user-nic (bsc#988348)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=202
2018-08-10 09:23:22 +00:00
11a9977c9e
- Update to version 20180802:
...
* whitelisting: added smc-tools LD_PRELOAD library (bsc#1102956)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=200
2018-08-02 16:24:20 +00:00
255dbfc84f
Accepting request 624972 from home:mgerstner:branches:Base:System
...
- Update to version 20180724:
* Fix wrong file path in help string
* whitelisting: add spice-gtk usb helper setuid binary (bnc#1101420)
OBS-URL: https://build.opensuse.org/request/show/624972
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=198
2018-07-24 11:46:06 +00:00
9ebc9d2aa6
- Update to version 20180508:
...
* Capabilities for usage of Wireshark for non-root (bsc#957624)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=195
2018-05-08 06:12:16 +00:00
6cb0226aaa
* the eror should be reported for permfiles[i], not argv[i], as these are not the same files. (bsc#1047247)
...
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=193
2018-01-25 13:17:25 +00:00
ee933ba6a8
- Update to version 20180125:
...
* make btmp root:utmp (bsc#1050467)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=192
2018-01-25 12:54:05 +00:00
ac7a7aecfc
- Update to version 20180115:
...
* - polkit-default-privs: usbauth (bsc#1066877)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=191
2018-01-15 09:57:27 +00:00
f434538bbd
- Update to version 20171129:
...
* permissions: adding gvfs (bsc#1065864)
* Allow setgid incingacmd on directory /run/icinga2/cmd bsc#1069410
* Allow fping cap_net_raw (bsc#1047921)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=187
2017-11-29 17:02:48 +00:00
a7962163fe
- Update to version 20171121:
...
* - permissions: adding kwayland (bsc#1062182)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=182
2017-11-21 14:07:42 +00:00
b680cbc36d
- Update to version 20171106:
...
* Allow setuid root for singularity (group only) bsc#1028304
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=180
2017-11-06 15:58:58 +00:00
fb770d791f
- Update to version 20171025:
...
* Stricter permissions on cron directories (paranoid) and stricter permissions on sshd_config (secure/paranoid)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=177
2017-10-25 15:51:58 +00:00
8b1949dd93
- Update to version 20170928:
...
* Fix invalid syntax bsc#1048645 bsc#1060738
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=174
2017-09-28 10:48:52 +00:00
ae2fcfcc83
- Update to version 20170927:
...
* fix typos in manpages
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=173
2017-09-27 14:50:43 +00:00
88add7774f
- Update to version 20170922:
...
* Allow setuid root for singularity (group only) bsc#1028304
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=171
2017-09-22 14:01:01 +00:00
79244e6f3c
- Update to version 20170913:
...
* Allow setuid for shadow newuidmap, newgidmap bsc#979282, bsc#1048645)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=168
2017-09-13 16:53:54 +00:00
f811efeca2
- Update to version 20170906:
...
*
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=165
2017-09-06 09:44:09 +00:00
88cf747ec1
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=162
2017-09-06 09:42:16 +00:00
80e970fabb
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=155
2017-06-02 10:54:25 +00:00
f28a99e103
- Update to version 20160807:
...
* suexec2 is a symlink, no need for permissions handling
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=151
2016-08-07 12:03:42 +00:00
fb322ba460
- Update to version 20160802:
...
* root:shadow 0755 for newuidmap/newgidmap
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=149
2016-08-02 08:51:37 +00:00
8edde370cc
- Update to version 20160802:
...
* list the newuidmap and newgidmap, currently 0755 until review is done (bsc#979282)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=148
2016-08-02 08:48:45 +00:00
3b16bfa06f
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=146
2016-08-02 08:29:24 +00:00
6899251720
Accepting request 397400 from home:dimstar:branches:Base:System
...
- Introduce _service to easier update the package. For simplicity,
change the version from yyyy.mm.dd to yyyymmdd (which is eactly
%cd in the _service defintion). Upgrading is no problem.
It's up to the maintainer if you prefer this method or whatever you
currently use...
the _service allows to do an update with those commands:
===
osc co Base:System permissions
cd Base:System/permissions
rm *xz
osc service dr
osc ar
osc ci -m 'Update done'
===
It will add use the commit messages from git to formulate the .changelog in the form:
+ Update to version YYYYMMDD:
- Git commitlog 1
- Git commitlog 1
Feel free to use or reject
OBS-URL: https://build.opensuse.org/request/show/397400
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=144
2016-05-23 14:04:56 +00:00