forked from pool/permissions
Matthias Gerstner
a12c51b734
* shadow: newgidmap,newuidmap: use capabilities (bsc#1208309) * profiles: whitelist kismet capabilities (bsc#1200954) (#171) OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=316
2059 lines
74 KiB
Plaintext
2059 lines
74 KiB
Plaintext
-------------------------------------------------------------------
|
|
Fri Feb 17 11:12:44 UTC 2023 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20230217:
|
|
* shadow: newgidmap,newuidmap: use capabilities (bsc#1208309)
|
|
* profiles: whitelist kismet capabilities (bsc#1200954) (#171)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 20 10:04:33 UTC 2022 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20221220:
|
|
* profiles: remove outdated kdesud, apptainer entries
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 21 14:30:41 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- skip tests on qemu user builds
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 13 08:38:26 UTC 2022 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20220912:
|
|
* chkstat: also consider group controlled paths (bsc#1203018,
|
|
CVE-2022-31252)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 8 06:40:01 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- Fix dependency from permissions-zypp-plugin to permissions.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jul 30 07:14:02 UTC 2022 - Stephan Kulow <coolo@suse.com>
|
|
|
|
- Avoid different Versions for subpackages to fix build-compare
|
|
seeing the src rpm as equal. It replaces VERSION-RELEASE but
|
|
that will fail if subpackages use a different Version
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 13 13:52:09 UTC 2022 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20220713:
|
|
* postfix: add postlog setgid for maildrop binary (bsc#1201385)
|
|
* libexec migration: KDE utilities now properly place their helpers
|
|
* pccardctl: installation path has finally changed to /usr/sbin
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 11 11:14:05 UTC 2022 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20220309:
|
|
* apptainer whitelisting (bsc#1196145)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 25 09:34:23 UTC 2022 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20220202:
|
|
* mount.nfs: switch from migration mode to fixed path in /usr/sbin
|
|
* changed gendered pronouns
|
|
* mgetty: faxq-helper now finally reside in /usr/libexec
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 01 07:33:41 UTC 2021 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20210901:
|
|
* libksysguard5: Updated path for ksgrd_network_helper
|
|
* kdesu: Updated path for kdesud
|
|
* sbin_dirs cleanup: these binaries have already been moved to /usr/sbin
|
|
* mariadb: revert auth_pam_tool to /usr/lib{,64} again
|
|
* cleanup: revert virtualbox back to plain /usr/lib
|
|
* cleanup: remove deprecated /etc/ssh/sshd_config
|
|
* hawk_invoke is not part of newer hawk2 packages anymore
|
|
* cleanup: texlive-filesystem: public now resides in libexec
|
|
* cleanup: authbind: helper now resides in libexec
|
|
* cleanup: polkit: the agent now also resides in libexec
|
|
* libexec cleanup: 'inn' news binaries now reside in libexec
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 18 11:16:07 UTC 2021 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20210518:
|
|
* whitelist please (bsc#1183669)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 18 08:02:20 UTC 2021 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20210518:
|
|
* Fix enlightenment paths for 32-bit architectures
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 25 12:14:46 UTC 2021 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20210125:
|
|
* usbauth: drop compatibility variable for libexec
|
|
* usbauth: Updated path for usbauth-npriv
|
|
* profiles: finish usage of variable for polkit-agent-helper-1
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 4 12:58:20 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
|
|
|
|
- move man page to where the documented files are
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 11 09:30:37 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20201111:
|
|
* squid: remove basic_pam_auth which doesn't need special perms (bsc#1171569)
|
|
* mgetty: remove long dead (or never existing) locks directory (bsc#1171882)
|
|
* adjust squid pinger path (bsc#1171569)
|
|
* profiles: remove now superfluous squid pinger paths (bsc#1171569)
|
|
* ksgrd_network_helper: remove obviously wrong path
|
|
* etc/permissions: remove unnecessary, duplicate, outdated entries
|
|
* chkstat: implement support for variables in profile paths in new
|
|
variables.conf
|
|
* man pages: add documentation about variables, update copyrights
|
|
* profiles: use new variables feature to remove redundant entries
|
|
* profiles: prepare /usr/sbin versions of profile entries (bsc#1029961)
|
|
* Makefile: support CXXFLAGS and LDFLAGS override / extension via make/env variables (bsc#1178475)
|
|
* Makefile: compile with LFO support to fix 32-bit emulation on 64-bit hosts (bsc#1178476)
|
|
* README: added information about know limitations of this approach
|
|
- adjusted spec file:
|
|
- package new variables.conf
|
|
- apply %{optflags} correctly via CXXFLAGS variable
|
|
- drop FSCAPS_DEFAULT_ENABLED which isn't recognized anymore by the
|
|
refactored chkstat sources. This is now the default.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 08 09:19:32 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20201008:
|
|
* cleanup now useless /usr/lib entries after move to /usr/libexec (bsc#1171164)
|
|
* drop (f)ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 30 09:26:44 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20200930:
|
|
* whitelist Xorg setuid-root wrapper (bsc#1175867)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 09 10:00:18 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20200909:
|
|
* screen: remove /run/uscreens covered by systemd-tmpfiles (bsc#1171879)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 04 10:57:51 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20200904:
|
|
* Add /usr/libexec for cockpit-session as new path
|
|
* physlock: whitelist with tight restrictions (bsc#1175720)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 26 12:33:11 UTC 2020 - malte.kraus@suse.com
|
|
|
|
- Update to version 20200826:
|
|
* mtr-packet: stop requiring dialout group
|
|
* etc/permissions: fix mtr permission
|
|
* list_permissions: improve output format
|
|
* list_permissions: support globbing in --path argument
|
|
* list_permissions: implement simplifications suggested in PR#92
|
|
* list_permissions: new tool for better path configuration overview
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 11 12:06:30 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20200811:
|
|
* regtest: support new getcap output format in libcap-2.42
|
|
* regtest: print individual test case errors to stderr
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 27 12:18:04 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20200727:
|
|
* etc/permissions: remove static /var/spool/* dirs
|
|
* etc/permissions: remove outdated entries
|
|
* etc/permissions: remove unnecessary static dirs and devices
|
|
* screen: remove now unused /var/run/uscreens
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 10 09:50:04 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20200710:
|
|
* Revert "etc/permissions: remove entries for bind-chrootenv". This
|
|
currently conflicts with the way the CheckSUIDPermissions rpmlint-check is
|
|
implemented.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 7 15:56:02 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
|
|
|
|
- Removed dbus-libexec.patch: contained in upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 07 13:25:40 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20200624:
|
|
* rework permissions.local text (boo#1173221)
|
|
* dbus-1: adjust to new libexec dir location (bsc#1171164)
|
|
* permission profiles: reinstate kdesud for kde5
|
|
* etc/permissions: remove entries for bind-chrootenv
|
|
* etc/permissions: remove traceroute entry
|
|
* VirtualBox: remove outdated entry which is only a symlink any more
|
|
* /bin/su: remove path refering to symlink
|
|
* etc/permissions: remove legacy RPM directory entries
|
|
* /etc/permissions: remove outdated sudo directories
|
|
* singularity: remove outdated setuid-binary entries
|
|
* chromium: remove now unneeded chrome_sandbox entry (bsc#1163588)
|
|
* dbus-1: remove deprecated alternative paths
|
|
* PolicyKit: remove outdated entries last used in SLE-11
|
|
* pcp: remove no longer needed / conflicting entries
|
|
* gnats: remove entries for package removed from Factory
|
|
* kdelibs4: remove entries for package removed from Factory
|
|
* v4l-base: remove entries for package removed from Factory
|
|
* mailman: remove entries for package deleted from Factory
|
|
* gnome-pty-helper: remove dead entry no longer part of the vte package
|
|
* gnokii: remove entries for package no longer in Factory
|
|
* xawtv (v4l-conf): correct group ownership in easy profile
|
|
* systemd-journal: remove unnecessary profile entries
|
|
* thttp: make makeweb entry usable in the secure profile (bsc#1171580)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 16 13:23:23 UTC 2020 - malte.kraus@suse.com
|
|
|
|
- dbus-1: adjust to new libexec dir location (bsc#1171164). This is
|
|
temporarily done through the patch in dbus-libexec.patch because
|
|
we are not completely certain the stability of current git.
|
|
- run chkstat test suite during RPM build
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 26 13:03:52 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20200526:
|
|
* profiles: add entries for enlightenment (bsc#1171686)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 20 09:02:14 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20200520:
|
|
* permissions fixed profile: utempter: reinstate libexec compatibility entry
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 19 09:14:38 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20200519:
|
|
* chkstat: fix sign conversion warnings on 32-bit architectures
|
|
* chkstat: allow simultaneous use of `--set` and `--system`
|
|
* regtest: adjust TestUnkownOwnership test to new warning output behaviour
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 18 12:06:10 UTC 2020 - malte.kraus@suse.com
|
|
|
|
- Update to version 20200518:
|
|
* whitelist texlive public binary (bsc#1171686)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 15 09:49:48 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20200514:
|
|
* fixed permissions: adjust to new libexec dir location (bsc#1171164)
|
|
(affects utempter path)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 13 12:09:17 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20200513:
|
|
* major rewrite of the chkstat tool
|
|
* setuid bit for cockpit (bsc#1169614)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 07 09:50:15 UTC 2020 - malte.kraus@suse.com
|
|
|
|
- Update to version 20200506:
|
|
* add whitelist for files in /usr/lib to be also allowed in
|
|
/usr/libexec (bsc#1171164)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 24 12:52:07 UTC 2020 - jsegitz@suse.de
|
|
|
|
- Update to version 20200324:
|
|
* whitelist s390-tools setgid bit on log directory (bsc#1167163)
|
|
* whitelist WMP (bsc#1161335)
|
|
* regtest: improve readability of path variables by using literals
|
|
* regtest: adjust test suite to new path locations in /usr/share/permissions
|
|
* regtest: only catch explicit FileNotFoundError
|
|
* regtest: provide valid home directory in /root
|
|
* regtest: mount permissions src repository in /usr/src/permissions
|
|
* regtest: move initialialization of TestBase paths into the prepare() function
|
|
* chkstat: suppport new --config-root command line option
|
|
* fix spelling of icingacmd group
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 28 12:00:44 UTC 2020 - malte.kraus@suse.com
|
|
|
|
- Update to version 20200228:
|
|
* chkstat: fix readline() on platforms with unsigned char
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 27 12:29:29 UTC 2020 - malte.kraus@suse.com
|
|
|
|
- Update to version 20200227:
|
|
* remove capability whitelisting for radosgw
|
|
* whitelist ceph log directory (bsc#1150366)
|
|
* adjust testsuite to post CVE-2020-8013 link handling
|
|
* testsuite: add option to not mount /proc
|
|
* do not follow symlinks that are the final path element: CVE-2020-8013
|
|
* add a test for symlinked directories
|
|
* fix relative symlink handling
|
|
* include cpp compat headers, not C headers
|
|
* Move permissions and permissions.* except .local to /usr/share/permissions
|
|
* regtest: fix the static PATH list which was missing /usr/bin
|
|
* regtest: also unshare the PID namespace to support /proc mounting
|
|
* regtest: bindMount(): explicitly reject read-only recursive mounts
|
|
* Makefile: force remove upon clean target to prevent bogus errors
|
|
* regtest: by default automatically (re)build chkstat before testing
|
|
* regtest: add test for symlink targets
|
|
* regtest: make capability setting tests optional
|
|
* regtest: fix capability assertion helper logic
|
|
* regtests: add another test case that catches set*id or caps in world-writable sub-trees
|
|
* regtest: add another test that catches when privilege bits are set for special files
|
|
* regtest: add test case for user owned symlinks
|
|
* regtest: employ subuid and subgid feature in user namespace
|
|
* regtest: add another test case that covers unknown user/group config
|
|
* regtest: add another test that checks rejection of insecure mixed-owner paths
|
|
* regtest: add test that checks for rejection of world-writable paths
|
|
* regtest: add test for detection of unexpected parent directory ownership
|
|
* regtest: add further helper functions, allow access to main instance
|
|
* regtest: introduce some basic coloring support to improve readability
|
|
* regtest: sort imports, another piece of rationale
|
|
* regtest: add capability test case
|
|
* regtest: improve error flagging of test cases and introduce warnings
|
|
* regtest: support caps
|
|
* regtest: add a couple of command line parameter test cases
|
|
* regtest: add another test that checks whether the default profile works
|
|
* regtests: add tests for correct application of local profiles
|
|
* regtest: add further test cases that test correct profile application
|
|
* regtest: simplify test implementation and readability
|
|
* regtest: add helpers for permissions.d per package profiles
|
|
* regtest: support read-only bind mounts, also bind-mount permissions repo
|
|
* tests: introduce a regression test suite for chkstat
|
|
* Makefile: allow to build test version programmatically
|
|
* README.md: add basic readme file that explains the repository's purpose
|
|
* chkstat: change and harmonize coding style
|
|
* chkstat: switch to C++ compilation unit
|
|
- add suse_version to end of permissions package version
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 13 12:10:41 UTC 2020 - malte.kraus@suse.com
|
|
|
|
- Update to version 20200213:
|
|
* remove obsolete/broken entries for rcp/rsh/rlogin
|
|
* chkstat: handle symlinks in final path elements correctly
|
|
* Revert "Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)""
|
|
* Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)"
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 04 12:20:43 UTC 2020 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20200204:
|
|
* mariadb: settings for new auth_pam_tool (bsc#1160285)
|
|
* chkstat:
|
|
- add read-only fallback when /proc is not mounted (bsc#1160764)
|
|
- capability handling fixes (bsc#1161779)
|
|
- better error message when refusing to fix dir perms (#32)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 27 11:58:17 UTC 2020 - malte.kraus@suse.com
|
|
|
|
- Update to version 20200127:
|
|
* fix paths of ksysguard whitelisting
|
|
* fix zero-termination of error message for overly long paths
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 05 14:31:49 UTC 2019 - malte.kraus@suse.com
|
|
|
|
- Update to version 20191205:
|
|
* fix privilege escalation through untrusted symlinks (bsc#1150734,
|
|
CVE-2019-3690)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 27 12:47:23 UTC 2019 - matthias.gerstner@suse.com
|
|
|
|
- Update to version 20191122:
|
|
* faxq-helper: correct "secure" permission for trusted group (bsc#1157498)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 18 09:52:14 UTC 2019 - malte.kraus@suse.com
|
|
|
|
- Update to version 20191118:
|
|
* whitelist ksysguard network helper (bsc#1151190)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 12 12:45:12 UTC 2019 - malte.kraus@suse.com
|
|
|
|
- Update to version 20191112:
|
|
* fix syntax of paranoid profile
|
|
* fix squid permissions (bsc#1093414, CVE-2019-3688)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 3 12:38:09 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
|
|
|
- Add || exit 0 on the scriptlet as it can actually fail in
|
|
rootless containers with podman. This makes sure the zypper
|
|
does not abort the container creation.
|
|
* the actual error looks like:
|
|
/dev/zero: chown: Operation not permitted
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 13 11:19:42 UTC 2019 - jsegitz@suse.de
|
|
|
|
- Update to version 20190913:
|
|
* setgid bit for nagios directory (bsc#1028975, bsc#1150345)
|
|
- This also restructures the sources for the permission package
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 30 14:20:09 UTC 2019 - malte.kraus@suse.com
|
|
|
|
- Update to version 20190830:
|
|
* dumpcap: remove 'other' executable bit because of capabilities (boo#1148788, CVE-2019-3687)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 29 15:38:28 UTC 2019 - malte.kraus@suse.com
|
|
|
|
- Update to version 20190829:
|
|
* add one more missing slash for icinga2
|
|
* fix more missing slashes for directories
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 20 08:56:35 UTC 2019 - malte.kraus@suse.com
|
|
|
|
- Update to version 20190820:
|
|
* cron directory permissions: add slashes
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 11 14:21:23 UTC 2019 - malte.kraus@suse.com
|
|
|
|
- Update to version 20190711:
|
|
* iputils: Add capability permissions for clockdiff (bsc#1140994)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 10 12:29:08 UTC 2019 - opensuse-packaging@opensuse.org
|
|
|
|
- Update to version 20190710:
|
|
* iputils/ping: Drop effective capability
|
|
* iputils/ping6: Remove definitions
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 13 08:57:42 UTC 2019 - meissner@suse.com
|
|
|
|
- Update to version 20190521:
|
|
* singluarity: Add starter-suid for version 3.2.0
|
|
* adjust settings for amanda to current binary layout
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 5 12:02:18 UTC 2019 - <jsegitz@suse.com>
|
|
|
|
- Move BuildRequires: back to main package
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 5 10:38:58 UTC 2019 - <jsegitz@suse.com>
|
|
|
|
- Moved requires to subpackages (bsc#1137257)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 2 09:46:05 UTC 2019 - jsegitz@suse.com
|
|
|
|
- Fixed versions. Removed set_version from _service file, doesn't
|
|
work with the new packaging. Call fix_version.sh to set current
|
|
date as version instead
|
|
- Fixed requires for -config and -zypp-plugin
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 30 08:57:37 UTC 2019 - opensuse-packaging@opensuse.org
|
|
|
|
- Update to version 20190429:
|
|
* removed entry for /var/cache/man. Conflicts with packaging and man:man is
|
|
the better setting anyway (bsc#1133678)
|
|
* fixed error in description of permissions.paranoid. Make it clear that this
|
|
is not a usable profile, but intended as a base for own developments
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Apr 13 17:12:12 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
- Fix RPM group, fix hard requirement on documentation.
|
|
Update description typography.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 11 11:18:36 UTC 2019 - jsegitz@suse.com
|
|
|
|
- Created new subpackages -config, -doc and standalone package chkstat
|
|
where we can start a better versioning scheme and require it from the
|
|
original package
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 12 14:29:45 UTC 2019 - jsegitz@suse.com
|
|
|
|
- Update to version 20190212:
|
|
* removed old entry for wodim
|
|
* removed old entry for netatalk
|
|
* removed old entry for suidperl
|
|
* removed old entriy for utempter
|
|
* removed old entriy for hostname
|
|
* removed old directory entries
|
|
* removed old entry for qemu-bridge-helper
|
|
* removed old entries for pccardctl
|
|
* removed old entries for isdnctrl
|
|
* removed old entries for unix(2)_chkpwd
|
|
* removed old entries for mount.nfs
|
|
* removed old entries for (u)mount
|
|
* removed old entry for fileshareset
|
|
* removed old entries for KDE
|
|
* removed old entry for heartbeat
|
|
* removed old entry for gnome-control-center
|
|
* removed old entry for pcp
|
|
* removed old entry for lpdfilter
|
|
* removed old entry for scotty
|
|
* removed old entry for ia32el
|
|
* removed old entry for squid
|
|
* removed old qpopper whitelist
|
|
* removed pt_chown entries. Not needed anymore and a bad idea anyway
|
|
* removed old majordomo entry
|
|
* removed stale entries for old ncpfs tools
|
|
* removed old entry for rmtab
|
|
* Fixed typo in icinga2 whitelist entry
|
|
* New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale
|
|
entries for VirtualBox
|
|
* Removed whitelist for /usr/bin/su.core. According to comment a temporary
|
|
hack introduced 2012 to help moving su from coretuils to util-linux. I
|
|
couldn't find it anywhere, so we don't need it anymore
|
|
* Remove entry for /usr/bin/yaps. We don't ship it anymore and the group that
|
|
is used doesn't exists anymore starting with Leap 15, so it will not work
|
|
there anyway. Users using this (old) package can do this individually
|
|
* removed entry for /etc/ftpaccess. We currently don't have it anywhere (and
|
|
judging from my search this has been the case for quite a while)
|
|
* Ensure consistency of entries, otherwise switching between settings becomes
|
|
problematic
|
|
* Fix spelling of SUSE
|
|
* permissions.local: fix typo
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 16 15:15:04 UTC 2018 - opensuse-packaging@opensuse.org
|
|
|
|
- Update to version 20181116:
|
|
* zypper-plugin: new plugin to fix bsc#1114383
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 12 12:14:18 UTC 2018 - opensuse-packaging@opensuse.org
|
|
|
|
- Update to version 20181112:
|
|
* singularity: remove -suid binaries that have been dropped since version
|
|
2.4 (bsc#1028304)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 30 12:13:21 UTC 2018 - opensuse-packaging@opensuse.org
|
|
|
|
- Update to version 20181030:
|
|
* capability whitelisting: allow cap_net_bind_service for ns-slapd from 389-ds
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 29 16:59:05 UTC 2018 - opensuse-packaging@opensuse.org
|
|
|
|
- Update to version 20181029:
|
|
* setuid whitelisting: add fusermount3 (bsc#1111230)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 25 16:13:46 UTC 2018 - opensuse-packaging@opensuse.org
|
|
|
|
- Update to version 20181025:
|
|
* setuid whitelisting: add authbind binary (bsc#1111251)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 27 09:12:35 UTC 2018 - opensuse-packaging@opensuse.org
|
|
|
|
- Update to version 20180827:
|
|
* setuid whitelisting: add firejail binary (bsc#1059013)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 10 09:22:35 UTC 2018 - opensuse-packaging@opensuse.org
|
|
|
|
- Update to version 20180810:
|
|
* setuid whitelisting: add lxc-user-nic (bsc#988348)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 02 16:13:33 UTC 2018 - opensuse-packaging@opensuse.org
|
|
|
|
- Update to version 20180802:
|
|
* whitelisting: added smc-tools LD_PRELOAD library (bsc#1102956)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 24 08:49:20 UTC 2018 - opensuse-packaging@opensuse.org
|
|
|
|
- Update to version 20180724:
|
|
* Fix wrong file path in help string
|
|
* whitelisting: add spice-gtk usb helper setuid binary (bnc#1101420)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 08 06:11:27 UTC 2018 - astieger@suse.com
|
|
|
|
- Update to version 20180508:
|
|
* Capabilities for usage of Wireshark for non-root (bsc#957624)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 25 12:52:52 UTC 2018 - meissner@suse.com
|
|
|
|
- Update to version 20180125:
|
|
* the eror should be reported for permfiles[i], not argv[i], as these are not the same files. (bsc#1047247)
|
|
* make btmp root:utmp (bsc#1050467)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 15 09:56:48 UTC 2018 - krahmer@suse.com
|
|
|
|
- Update to version 20180115:
|
|
* - polkit-default-privs: usbauth (bsc#1066877)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 4 18:45:53 UTC 2017 - kukuk@suse.com
|
|
|
|
- fillup is required for post, not pre installation
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 30 08:24:44 UTC 2017 - mpluskal@suse.com
|
|
|
|
- Cleanup spec file with spec-cleaner
|
|
- Drop conditions/definitions related to old distros
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 29 17:02:20 UTC 2017 - astieger@suse.com
|
|
|
|
- Update to version 20171129:
|
|
* permissions: adding gvfs (bsc#1065864)
|
|
* Allow setgid incingacmd on directory /run/icinga2/cmd bsc#1069410
|
|
* Allow fping cap_net_raw (bsc#1047921)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 23 13:41:09 UTC 2017 - rbrown@suse.com
|
|
|
|
- Replace references to /var/adm/fillup-templates with new
|
|
%_fillupdir macro (boo#1069468)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 21 14:03:29 UTC 2017 - krahmer@suse.com
|
|
|
|
- Update to version 20171121:
|
|
* - permissions: adding kwayland (bsc#1062182)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 06 15:55:58 UTC 2017 - eeich@suse.com
|
|
|
|
- Update to version 20171106:
|
|
* Allow setuid root for singularity (group only) bsc#1028304
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 25 15:51:45 UTC 2017 - jsegitz@suse.com
|
|
|
|
- Update to version 20171025:
|
|
* Stricter permissions on cron directories (paranoid) and stricter permissions on sshd_config (secure/paranoid)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 28 10:48:31 UTC 2017 - astieger@suse.com
|
|
|
|
- Update to version 20170928:
|
|
* Fix invalid syntax bsc#1048645 bsc#1060738
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 27 14:50:11 UTC 2017 - pgajdos@suse.com
|
|
|
|
- Update to version 20170927:
|
|
* fix typos in manpages
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 22 14:00:15 UTC 2017 - astieger@suse.com
|
|
|
|
- Update to version 20170922:
|
|
* Allow setuid root for singularity (group only) bsc#1028304
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 13 16:53:20 UTC 2017 - astieger@suse.com
|
|
|
|
- Update to version 20170913:
|
|
* Allow setuid for shadow newuidmap, newgidmap bsc#979282, bsc#1048645)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 06 09:44:00 UTC 2017 - opensuse-packaging@opensuse.org
|
|
|
|
- Update to version 20170906:
|
|
* permissions - copy dbus-daemon-launch-helper from / to /usr - bsc#1056764
|
|
* permissions: Adding suid bit for VBoxNetNAT (bsc#1033425)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 7 10:58:37 UTC 2017 - dimstar@opensuse.org
|
|
|
|
- BuildIgnore group(trusted): we don't really care for this group
|
|
in the buildroot and do not want to get system-users into the
|
|
bootstrap cycle as we can avoid it.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jun 3 07:21:24 UTC 2017 - meissner@suse.com
|
|
|
|
- Require: group(trusted), as we are handing it out to some unsuspecting
|
|
binaries and it is no longer default. (bsc#1041159 for fuse, also cronie, etc)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 2 10:55:09 UTC 2017 - meissner@suse.com
|
|
|
|
- Update to version 20170602:
|
|
* make /etc/ppp owned by root:root. The group dialout usage is no longer used
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Aug 07 12:00:00 UTC 2016 - meissner@suse.com
|
|
|
|
- Update to version 20160807:
|
|
* suexec2 is a symlink, no need for permissions handling
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 02 08:47:53 UTC 2016 - meissner@suse.com
|
|
|
|
- Update to version 20160802:
|
|
* list the newuidmap and newgidmap, currently 0755 until review is done (bsc#979282)
|
|
* root:shadow 0755 for newuidmap/newgidmap
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 2 08:29:32 UTC 2016 - krahmer@suse.com
|
|
|
|
- adding qemu-bridge-helper mode 04750 (bsc#988279)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 23 09:15:22 UTC 2016 - dimstar@opensuse.org
|
|
|
|
- Introduce _service to easier update the package. For simplicity,
|
|
change the version from yyyy.mm.dd to yyyymmdd (which is eactly
|
|
%cd in the _service defintion). Upgrading is no problem.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 23 09:00:11 UTC 2016 - meissner@suse.com
|
|
|
|
- chage only needs read rights to /etc/shadow, so setgid shadow is sufficient (bsc#975352)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 30 11:14:41 UTC 2016 - meissner@suse.com
|
|
|
|
- permissions: adding gstreamer ptp file caps (bsc#960173)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 15 14:19:44 UTC 2016 - meissner@suse.com
|
|
|
|
- the apache folks renamed suexec2 to suexec with symlink. adjust both (bsc#962060)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 12 14:30:01 UTC 2016 - meissner@suse.com
|
|
|
|
- pinger needs to be squid:root, not root:squid (there is no squid group) bsc#961363
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 29 09:40:30 UTC 2015 - meissner@suse.com
|
|
|
|
- add suexec with 0755 to all standard profiles. this can and should be overridden in permissions.local if you need it setuid root. bsc#951765 bsc#263789
|
|
- added missing / to the squid specific directories (bsc#950557)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 28 14:27:19 UTC 2015 - meissner@suse.com
|
|
|
|
- adjusted radosgw to root:www mode 0750 (bsc#943471)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 28 13:35:10 UTC 2015 - meissner@suse.com
|
|
|
|
- radosgw can get capability cap_bind_net_service (bsc#943471)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 8 16:22:39 UTC 2015 - meissner@suse.com
|
|
|
|
- remove /usr/bin/get_printing_ticket; (bnc#906336)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 3 16:36:54 UTC 2014 - krahmer@suse.com
|
|
|
|
- Added iouyap capabilities (bnc#904060)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 5 16:07:01 UTC 2014 - meissner@suse.com
|
|
|
|
- %{_bindir}/get_printing_ticket turned to mode 700, setuid root no longer needed (bnc#685093)
|
|
- permissions: incorporating squid changes from bnc#891268
|
|
- hint that chkstat --system --set needs to be run after editing bnc#895647
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 26 13:00:07 UTC 2014 - meissner@suse.com
|
|
|
|
- Do not applies permissions from backup files (~ / .rpmsave / .rpmnew) (bnc#893370)
|
|
- do not mention SuSEconfig anymore, long dead (bnc#843083)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 1 11:25:40 UTC 2014 - meissner@suse.com
|
|
|
|
- append a / to /var/log/journal so the framework makes sure it is a directory bnc#888151
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 23 11:38:42 UTC 2014 - meissner@suse.com
|
|
|
|
- make innbind mode 4550 (bnc#876287)
|
|
- permissions: Adding systemd-journal directory (bnc#888151)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 21 13:31:48 UTC 2014 - krahmer@suse.com
|
|
|
|
- permissions: Adding new kdesud path for KDE5 (bnc#872276)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 1 11:19:57 UTC 2014 - meissner@suse.com
|
|
|
|
- vlock_main lost its permission checking, so remove from here.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 16 11:46:15 UTC 2014 - meissner@suse.com
|
|
|
|
- opiesu,wodim,vlock-main have no setuid root. (bnc#882035)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 5 08:10:33 UTC 2014 - meissner@suse.com
|
|
|
|
- tighten /etc/crontab to be always mode 600, even in easy (bnc#867799)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 15 14:24:36 UTC 2014 - meissner@suse.com
|
|
|
|
- duplicate /var/run entries to /run (bnc#873708)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 24 10:31:20 UTC 2014 - krahmer@suse.com
|
|
|
|
- permissions: incorporating capability for mtr, removing +s from ping
|
|
(bnc#865351)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 28 10:46:48 UTC 2013 - meissner@suse.com
|
|
|
|
- GIT repo moved to GITHUB.
|
|
- removed the setuid bit from "eject" (bnc#824406)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 22 11:40:20 UTC 2013 - meissner@suse.com
|
|
|
|
- do not use magic constants for strlen (bnc#834790
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 21 12:53:39 UTC 2013 - meissner@suse.com
|
|
|
|
- Chrome sandbox also allowed to be setuid root in secure mode now (bnc#718016)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 16 13:25:56 UTC 2013 - meissner@suse.com
|
|
|
|
- use PERMISSION_FSCAPS
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 16 13:08:10 UTC 2013 - meissner@suse.com
|
|
|
|
- it is PERMISSIONS_FSCAPS (bnc#834790)
|
|
- qemu-bridge-helper has no special privileges currently (bnc#765948)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 12 11:10:18 UTC 2013 - meissner@suse.com
|
|
|
|
- utempter helper binary moved in new version to /usr/lib/utempter/utempter (bnc#823302)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 10 09:46:15 UTC 2013 - meissner@suse.com
|
|
|
|
- cdrtools: allow some filesystem capabilities for more stable CD/DVD
|
|
burning in "easy" mode. (bnc#550021) (cap_sys_nice, cap_sys_rawio,
|
|
cap_sys_resource, cap_ipc_lock)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 8 14:27:12 UTC 2013 - meissner@suse.com
|
|
|
|
- leave out readcd,cdda2wav,cdrecord until it is ready for the distro (bnc#550021)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat May 4 08:32:17 UTC 2013 - meissner@suse.com
|
|
|
|
- cdrecord currently has no special permissions approved (bnc#550021)
|
|
- append a /
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 29 14:00:08 UTC 2013 - meissner@suse.com
|
|
|
|
- Allow pcp to have stickybit worldwriteable directories
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 27 15:41:16 UTC 2012 - meissner@suse.com
|
|
|
|
- add /usr/bin/dumpcap to watchlist
|
|
- make fscaps=1 the default on ""
|
|
- added PERMISSION_FSCAPS to the sysconfig/security fillup template.
|
|
- /bin/ping(6) was moved to /usr/bin/ping(6) /bin/eject was moved to /usr/bin/eject
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 21 13:56:34 UTC 2012 - lnussel@suse.de
|
|
|
|
- apply permissions settings in %post. During initial installation
|
|
some packages might be installed before the permissions package
|
|
due to dependency loops so we need to make sure their settings
|
|
are applied too. Also, on update of the permissions package
|
|
changed permission settings may need to be applied.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 15 11:49:04 UTC 2012 - lnussel@suse.de
|
|
|
|
- temporarily add su.core. workaround for the migration of su from
|
|
coreutils to util-linux needs to be reverted as soon as util-linux
|
|
is also in
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 25 14:55:21 UTC 2012 - meissner@suse.com
|
|
|
|
- no longer install SuSEconfig.permissions, SuSEconfig is gone.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 6 09:01:18 UTC 2012 - meissner@suse.com
|
|
|
|
- enable ecryptfs-utils setuid root mount wrapper (bnc#740110) in .easy
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 4 11:37:27 UTC 2012 - lnussel@suse.de
|
|
|
|
- remove /var/run/vi.recover (bnc#765288)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 1 07:23:46 UTC 2012 - lnussel@suse.de
|
|
|
|
- remove /var/cache/fonts (bnc#764885)
|
|
- remove /var/lib/xemacs/lock/ (bnc#764887)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 31 11:07:25 UTC 2012 - lnussel@suse.de
|
|
|
|
- Revert "Use credentials from within the root file system"
|
|
breaks use of --root option in brp-05-permissions
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 15 14:46:22 UTC 2012 - lnussel@suse.de
|
|
|
|
- print warning when requested to check not listed files
|
|
- Use credentials from within the root file system
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 8 08:15:50 UTC 2012 - lnussel@suse.de
|
|
|
|
- add duplicate entries for / and /usr (bnc#745622)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 7 12:09:17 UTC 2012 - lnussel@suse.de
|
|
|
|
- add scripts for automatic package sumission
|
|
- drop zypp-refresh-wrapper (bnc#738677)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 7 09:39:43 UTC 2011 - lnussel@suse.de
|
|
|
|
- disable run time fscaps detection (bnc#728312)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 23 08:37:21 UTC 2011 - lnussel@suse.de
|
|
|
|
- set permission by default in SuSEconfig mode as permissions are
|
|
only set when called explicitly anyways (bnc#720010).
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 21 08:00:28 UTC 2011 - lnussel@suse.de
|
|
|
|
- fix typo in path
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 20 14:47:30 UTC 2011 - lnussel@suse.de
|
|
|
|
- remove world writable /var/crash again (bnc#438041)
|
|
- remove world writable permissions from /usr/src/packages (bnc#719217)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 20 13:38:48 UTC 2011 - lnussel@suse.de
|
|
|
|
- add chromium browser sandbox helper (bnc#718016)
|
|
- don't offer PERMISSION_SECURITY in config anymore
|
|
- remove setgid games bits (bnc#429882)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 28 12:53:22 UTC 2011 - lnussel@suse.de
|
|
|
|
- remove setuid bit from opiesu (bnc#698772)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 17 09:46:29 UTC 2011 - lnussel@suse.de
|
|
|
|
- disable fscaps by default as factory kernel still doesn't have the
|
|
required patch for auto detection
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 26 15:23:49 UTC 2011 - lnussel@suse.de
|
|
|
|
- read /sys/kernel/fscaps for fscaps settings
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 12 11:48:36 UTC 2011 - lnussel@suse.de
|
|
|
|
- change path to gnome-pty-helper (bnc#690202)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 7 15:08:33 UTC 2011 - lnussel@suse.de
|
|
|
|
- setuid bit on VBoxNetDHCP (bnc#669055)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 14 08:09:21 UTC 2011 - lnussel@suse.de
|
|
|
|
- fix hawk permissions (bnc#665045)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 9 13:25:29 UTC 2011 - lnussel@suse.de
|
|
|
|
- add hawk (bnc#665045)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 2 10:20:11 UTC 2010 - lnussel@suse.de
|
|
|
|
- remove Xorg setuid bit (bnc#632737)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 18 10:52:39 UTC 2010 - lnussel@suse.de
|
|
|
|
- update permissions of lastlog, faillog, wtmp, utmp and btmp
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 17 11:02:37 UTC 2010 - lnussel@suse.de
|
|
|
|
- remove permissions handling for /etc/inittab, /etc/inetd.conf and /etc/mtab
|
|
- revert previous commit, done in coreutils instead
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 16 16:10:09 UTC 2010 - lnussel@suse.de
|
|
|
|
- change fillup deps to requires to avoid coreutils loop
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 16 15:10:53 UTC 2010 - lnussel@suse.de
|
|
|
|
- change utempter from group tty to group utmp (bnc#652877)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 9 12:51:10 UTC 2010 - lnussel@suse.de
|
|
|
|
- add permissions man page
|
|
- update docu
|
|
- add --level option
|
|
- set perms for setuid files always if owner changes
|
|
- strip root dir when printing file names
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 9 09:25:17 UTC 2010 - lnussel@suse.de
|
|
|
|
- add option to explicitly warn only
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 5 14:00:30 UTC 2010 - lnussel@suse.de
|
|
|
|
- reimplement the core features in chkstat itself instead of
|
|
SuSEconfig.permissions
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 4 16:17:25 UTC 2010 - lnussel@suse.de
|
|
|
|
- don't make changes if not called explicitly
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 3 14:16:54 UTC 2010 - lnussel@suse.de
|
|
|
|
- add support for file system capabilities
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 18 13:37:40 UTC 2010 - lnussel@suse.de
|
|
|
|
- remove vlock (bnc#629236#c13)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 5 13:33:08 UTC 2010 - lnussel@suse.de
|
|
|
|
- update path to gnome-pty-helper (bnc#634199)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 22 15:29:43 UTC 2010 - lnussel@suse.de
|
|
|
|
- vlock -> vlock-main (bnc#629236)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
|
|
|
|
- use %_smp_mflags
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 23 09:41:10 UTC 2010 - lnussel@suse.de
|
|
|
|
- add lockdev (bnc#588325)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 7 14:45:28 UTC 2010 - lnussel@suse.de
|
|
|
|
- update for innd update (bnc#594393)
|
|
- remove lppasswd (bnc#574336)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 8 10:16:07 CET 2009 - jengelh@medozas.de
|
|
|
|
- enable parallel building
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 7 14:54:21 UTC 2009 - lnussel@suse.de
|
|
|
|
- add /usr/lib/virtualbox/VBoxNetAdpCtl (bnc#533550)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 27 10:00:19 UTC 2009 - lnussel@suse.de
|
|
|
|
- add /usr/src/packages/BUILDROOT/ for rpm 4.7
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 26 13:09:55 UTC 2009 - lnussel@suse.de
|
|
|
|
- add more arm directories to /usr/src/packages/RPMS/
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 24 09:53:25 UTC 2009 - lnussel@suse.de
|
|
|
|
- remove permissions handling for traceroute6 and cdrecord which are
|
|
symlinks nowadays
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 20 08:30:02 UTC 2009 - lnussel@suse.de
|
|
|
|
- fix weird sendfax permissions (bnc#525954)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 19 11:17:53 UTC 2009 - lnussel@suse.de
|
|
|
|
- permissions now maintained at gitorious so use tarball instead of
|
|
individual files
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 12 09:57:12 CEST 2009 - meissner@suse.de
|
|
|
|
- added polkit setuid root helpers after review (bnc#523377)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 7 10:42:53 CEST 2009 - meissner@suse.de
|
|
|
|
- also added KDE4 start_kdeinit (same source as kde3 start_kdeinit),
|
|
bnc#523833
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 6 16:38:20 CEST 2009 - meissner@suse.de
|
|
|
|
- open-vm-tools gets setuid root:root in mode easy (bnc#474285)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 28 13:00:44 UTC 2009 - lnussel@suse.de
|
|
|
|
- hylafax directory permissions are handled by the package
|
|
- change group of amanda binaries (bnc#523006)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 2 11:26:53 CET 2009 - lnussel@suse.de
|
|
|
|
- add some missing slashes to directories and remove entries for at
|
|
and cron (bnc#480855)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 25 14:10:13 CET 2008 - lnussel@suse.de
|
|
|
|
- add VirtualBox (bnc#429725)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 7 14:39:10 CET 2008 - lnussel@suse.de
|
|
|
|
- add newrole from policycoreutils (bnc#440596)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 23 09:23:59 CEST 2008 - lnussel@suse.de
|
|
|
|
- add udev device files (bnc#438039)
|
|
- add system crash dump directory (bnc#438041)
|
|
- add bind chroot devices (bnc#438045)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 20 17:05:30 CEST 2008 - lnussel@suse.de
|
|
|
|
- dbus-daemon-launch-helper neeeds to be setuid in level secure
|
|
(bnc#435776)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 25 15:38:39 CEST 2008 - lnussel@suse.de
|
|
|
|
- change /var/games to 755 to prevent ill-considered maneuvers there
|
|
(bnc#429882)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 11 17:03:04 CEST 2008 - lnussel@suse.de
|
|
|
|
- remove static smpppd config file permissions
|
|
- fix permissions of polkit-set-default-helper
|
|
- grant permissions to PolicyKit helpers also in level secure
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 15 11:40:22 CEST 2008 - lnussel@suse.de
|
|
|
|
- ensure correct permissions on ssh files to avoid sshd refusing
|
|
logins (bnc#398250)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 3 11:33:29 CEST 2008 - lnussel@suse.de
|
|
|
|
- adapt permissions of lppasswd for current cups setup (bnc#406058)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 2 11:46:30 CEST 2008 - lnussel@suse.de
|
|
|
|
- add mount.nfs due to an ever increasing number of users
|
|
hit by the regression (bnc#331020, bnc#304318)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 7 15:18:04 CEST 2008 - lnussel@suse.de
|
|
|
|
- zypp-checkpatches-wrapper -> zypp-refresh-wrapper (bnc#385207)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 21 16:03:22 CEST 2008 - lnussel@suse.de
|
|
|
|
- /dev/full should be 0666 (bnc#379545)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 17 09:45:03 CEST 2008 - lnussel@suse.de
|
|
|
|
- update chkstat manpage and support '--' argument for chkstat
|
|
(bnc#57438)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 12 13:09:51 CET 2008 - lnussel@suse.de
|
|
|
|
- new PolicyKit permissions (bnc#295341)
|
|
- remove obsolete entries for scmxx and zapping
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 7 12:24:47 CET 2008 - lnussel@suse.de
|
|
|
|
- remove setuid bits on man (#351988)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 3 15:46:50 CET 2007 - lnussel@suse.de
|
|
|
|
- add dbus-daemon-launch-helper (#333361)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 2 23:11:57 CET 2007 - dmueller@suse.de
|
|
|
|
- kcheckpass/kdesud moved to %_libdir/kde4/libexec
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 17 16:09:03 CEST 2007 - lnussel@suse.de
|
|
|
|
- remove bing (#306626)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 12 13:30:57 CEST 2007 - lnussel@suse.de
|
|
|
|
- remove suexec2 (#263789)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 10 21:02:03 CEST 2007 - aj@suse.de
|
|
|
|
- Readd nscd socket permissions, otherwise glibc build will fail.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 10 09:23:16 CEST 2007 - lnussel@suse.de
|
|
|
|
- add PolicyKit helpers (#295341)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 8 11:11:43 CEST 2007 - lnussel@suse.de
|
|
|
|
- remove nscd socket permission handling as chkstat refuses to touch
|
|
that file anyways (#298334).
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 12 15:22:22 CEST 2007 - schwab@suse.de
|
|
|
|
- permissions.local: Fix comment to use uid:gid instead of uid.gid.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 1 15:44:55 CEST 2007 - lnussel@suse.de
|
|
|
|
- package /etc/permissions.local
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 30 10:47:52 CEST 2007 - lnussel@suse.de
|
|
|
|
- add /usr/bin/kcheckpass and /usr/bin/kdesud (#276502)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 18 18:23:19 CEST 2007 - dmueller@suse.de
|
|
|
|
- create debuginfo package (#265667)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 22 17:50:27 CET 2007 - lnussel@suse.de
|
|
|
|
- prefer package specific permissions files over central ones
|
|
(#246252)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 22 16:51:06 CET 2007 - lnussel@suse.de
|
|
|
|
- add /opt/kde3/bin/start_kdeinit (#203535)
|
|
- remove entries for dropped packages OpenPBS and xtetris
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 17 13:53:28 CET 2007 - lnussel@suse.de
|
|
|
|
- make pam authentication helpers unix_chkpwd, unix2_chkpwd and
|
|
pam_auth setuid root instead of setgid shadow (#216816)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 10 15:12:53 CET 2007 - sbrabec@suse.cz
|
|
|
|
- Prefix of /opt/gnome binaries changed to /usr.
|
|
- Removed gnome-stones.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 13 11:40:32 CET 2006 - lnussel@suse.de
|
|
|
|
- remove khc_indexbuilder (#188192)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 16 16:08:06 CEST 2006 - lnussel@suse.de
|
|
|
|
- add zypp patch checking helper (#211286)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 23 09:59:37 CEST 2006 - lnussel@suse.de
|
|
|
|
- /usr/X11R6 -> /usr
|
|
- remove obsolete entries for xmris,pcmcia-cardinfo,geki2,vmware,nicimud
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 17 14:27:17 CEST 2006 - cthiel@suse.de
|
|
|
|
- change paths for v4l-conf from /usr/X11R6/bin to /usr/bin
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 20 16:32:35 CEST 2006 - sndirsch@suse.de
|
|
|
|
- Xorg moved from /usr/X11R6/bin to /usr/bin; fixes build of
|
|
xorg-x11-server package
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 27 08:21:00 CEST 2006 - lnussel@suse.de
|
|
|
|
- remove setuid bit on gpg (#137562)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 19 15:48:04 CEST 2006 - lnussel@suse.de
|
|
|
|
- add get_printing_ticket in order to enable smb printing with
|
|
kerberos authentication (#177114)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 17 11:42:30 CEST 2006 - lnussel@suse.de
|
|
|
|
- add setuid bit to gnomesu-pam-backend in level secure (#175616)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 23 18:27:24 CET 2006 - schwab@suse.de
|
|
|
|
- /usr/lib/ia32el/suid_libia32x.so renamed to suid_ia32x_loader.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 25 21:30:49 CET 2006 - mls@suse.de
|
|
|
|
- converted neededforbuild to BuildRequires
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 16 13:57:03 CET 2006 - meissner@suse.de
|
|
|
|
- removed pmount, pumount.
|
|
- moved pmpost to /usr/lib/pcp/pmpost.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 15 16:06:44 CET 2005 - lnussel@suse.de
|
|
|
|
- /opt/kde3/bin/fileshareset -> /usr/bin/fileshareset
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 9 19:57:11 CET 2005 - meissner@suse.de
|
|
|
|
- temporary only setuid bit for pmount and pumount. #135792
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 23 09:22:05 CET 2005 - lnussel@suse.de
|
|
|
|
- add /usr/bin/fusermount (#133657)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 21 09:32:56 CET 2005 - lnussel@suse.de
|
|
|
|
- remove Xwrapper, it's a symlink nowadays (#134611)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 2 22:31:11 CET 2005 - dmueller@suse.de
|
|
|
|
- don't build as root
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 13 13:22:49 CEST 2005 - meissner@suse.de
|
|
|
|
- nici moved to /var/opt/novell/...
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 11 17:34:40 CEST 2005 - meissner@suse.de
|
|
|
|
- Temporary added setuid binary from "nici" (Novell I? Crypto Interface),
|
|
bug #127545.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 30 13:28:00 CEST 2005 - lnussel@suse.de
|
|
|
|
- add slashes to several directories (#103186)
|
|
- change /var/games to games:games 775 again (#103186)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 30 09:23:08 CEST 2005 - lnussel@suse.de
|
|
|
|
- remove kpopup helper (#100132)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 25 15:17:57 CEST 2005 - lnussel@suse.de
|
|
|
|
- add /opt/gnome/sbin/change-passwd (#104993)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 11 11:01:36 CEST 2005 - lnussel@suse.de
|
|
|
|
- remove xmcd (#104040)
|
|
- add suexec2 from apache2 (#66304)
|
|
- add exim (#66306)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 11 08:55:45 CEST 2005 - lnussel@suse.de
|
|
|
|
- remove /opt/gnome/bin/iagno (#103844)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 10 17:34:36 CEST 2005 - lnussel@suse.de
|
|
|
|
- remove xbl (#103762)
|
|
- clean up bsd games list (#103785)
|
|
- remove score files as they are the same in all levels anyways
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 10 10:53:31 CEST 2005 - lnussel@suse.de
|
|
|
|
- change /var/games{,/xsok} to root:root (#103186)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 5 08:38:22 CEST 2005 - lnussel@suse.de
|
|
|
|
- /usr/sbin/isdnctrl -> /sbin/isdnctrl (#100750)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 2 16:00:09 CEST 2005 - lnussel@suse.de
|
|
|
|
- remove kde games again. Turned out they don't work as intended.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 2 11:59:41 CEST 2005 - lnussel@suse.de
|
|
|
|
- cardctl -> pccardctl (#100120)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 22 10:34:32 CEST 2005 - lnussel@suse.de
|
|
|
|
- add setgid games to some kde games
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 8 14:36:57 CEST 2005 - lnussel@suse.de
|
|
|
|
- use correct gnomesu-pam-backend path
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 7 10:01:22 CEST 2005 - lnussel@suse.de
|
|
|
|
- add gnomesu-pam-backend (#75823)
|
|
- add lppasswd (#66305)
|
|
- make ntping 4750 root:trusted also in easy (#66211)
|
|
- add cl_status from heartbeat (#66310)
|
|
- remove unused /opt/gnome/sbin/change-passwd
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 17 00:29:21 CEST 2005 - ro@suse.de
|
|
|
|
- added /opt/gnome/sbin/change-passwd
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 25 16:45:30 CEST 2005 - lnussel@suse.de
|
|
|
|
- add OpenPBS permissions (#66320)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 1 16:14:48 CET 2005 - lnussel@suse.de
|
|
|
|
- fix inn permissions (#67032)
|
|
- remove setuid bit from ziptool (#66191)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 23 11:53:33 CET 2005 - lnussel@suse.de
|
|
|
|
- remove no longer existing files
|
|
- remove setuid plpnfsd (#66207)
|
|
- remove setuid bit from dga program
|
|
- change vmware permissions
|
|
- add /opt/kde3/bin/receivepopup (#66313)
|
|
- add /opt/kde3/bin/fileshareset (#66312)
|
|
- add /usr/bin/scmxx (#66309)
|
|
- add some missing mailman files (#66315)
|
|
- include perl script to perform some basic consistency checks
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 31 16:32:14 CET 2005 - meissner@suse.de
|
|
|
|
- backported security fix from SLES 9 branch. #43035
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jan 15 20:40:04 CET 2005 - schwab@suse.de
|
|
|
|
- Comment fixes.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 22 21:02:36 CET 2004 - sndirsch@suse.de
|
|
|
|
- permissions.secure: set Xorg to 0711 (4711 before)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 10 15:07:02 CET 2004 - ro@suse.de
|
|
|
|
- /var/cache/fonts to 1777 (as in tetex perms before)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 8 14:37:25 CET 2004 - kukuk@suse.de
|
|
|
|
- Add nscd socket to permissions file
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 14 18:50:46 CEST 2004 - ro@suse.de
|
|
|
|
- do not use rpm in SuSEconfig.permissions (#45252)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 14 17:21:40 CEST 2004 - ro@suse.de
|
|
|
|
- dropped check for perl in SuSEconfig.permissions (#45252)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 26 12:34:57 MEST 2004 - draht@suse.de
|
|
|
|
- /usr/lib/ia32el/suid_libia32x.so set to (6755,0755,0755) (#40234)
|
|
source code audit in progress (#40234) (thomas)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 14 15:26:23 CEST 2004 - ro@suse.de
|
|
|
|
- /usr/lib/ia32el/suid_libia32x.so added to easy,secure,paranoid
|
|
(0755,0755,0755) (#40234)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 15 14:16:03 CEST 2004 - sndirsch@suse.de
|
|
|
|
- XFree86 --> Xorg in permissions files
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 6 12:45:32 CEST 2004 - mls@suse.de
|
|
|
|
- added --root option for buildroot operation
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 5 15:27:52 CEST 2004 - mls@suse.de
|
|
|
|
- chkstat: fixed relative symlink chasing
|
|
- /usr/src/packages/RPMS back to 1777 in easy, as chkstat can
|
|
now handle it
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Apr 4 21:30:02 CEST 2004 - mls@suse.de
|
|
|
|
- chkstat: added missing link count check and safepath() function
|
|
- chkstat: refuse to give away s-bits on insecure paths
|
|
- chkstat: bugfix: stat file again after chown, as modes may have
|
|
changed
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 2 17:44:08 CEST 2004 - mls@suse.de
|
|
|
|
- chkstat: re-implemented it in C to make it more secure
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 1 10:17:00 CEST 2004 - kukuk@suse.de
|
|
|
|
- Remove /var/lock/subsys [#37759]
|
|
- Add sticky bit to /var/lock [#37759]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 24 01:13:41 MET 2004 - draht@suse.de
|
|
|
|
- make /usr/bin/gpg setuid root in easy+secure, 0755 in paranoid.
|
|
#33570.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 23 19:06:18 MET 2004 - draht@suse.de
|
|
|
|
- #36741: /usr/src/packages/RPMS 1777->0755 in easy.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 22 15:28:59 CET 2004 - kukuk@suse.de
|
|
|
|
- Fix syntax error in permission.easy
|
|
- /usr/bin/ssh should be always 0755
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 13 12:09:14 MET 2004 - draht@suse.de
|
|
|
|
- /var/run/uscreens (root:root 1777) added
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 12 14:18:55 CET 2004 - kukuk@suse.de
|
|
|
|
- Don't modify group of crontab and at useless
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 9 23:17:42 CET 2004 - kukuk@suse.de
|
|
|
|
- Add RPM directory for hppa2.0
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 21 01:02:32 CET 2003 - ro@suse.de
|
|
|
|
- fpexec decrease go rights to 11
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 5 00:12:41 CET 2003 - ro@suse.de
|
|
|
|
- inn scripts: u-w (not needed)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 3 13:08:38 CET 2003 - schwab@suse.de
|
|
|
|
- chkstat: fix option parsing.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 29 09:18:20 CET 2003 - kukuk@suse.de
|
|
|
|
- Sync permissions for shadow package
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 28 16:24:10 CET 2003 - ro@suse.de
|
|
|
|
- require /sbin/SuSEconfig
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 28 16:06:42 CET 2003 - ro@suse.de
|
|
|
|
- chkstat: added some new extensions:
|
|
allow specifying singular files or a filelist to be checked
|
|
output previous/current mode of a failed file
|
|
adapted manpage
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 21 19:40:33 MEST 2003 - draht@suse.de
|
|
|
|
- permissions.secure: /etc/ftpusers 0640 root.root -> 0644
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 20 18:07:29 CEST 2003 - ro@suse.de
|
|
|
|
- permissions.*: use ":" and not "." to separate user/group
|
|
- chkstat: output also which of (permissions/owner) is wrong
|
|
- chkstat: don't try to chown if not root
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 14 16:06:06 MEST 2003 - draht@suse.de
|
|
|
|
- reformatting of all 4 permissions files. xkobo, rocksndiamonds,
|
|
xlogical, lbreakout2 and ltris path adoptions.
|
|
for future reference: :-)
|
|
for i in permissions permissions.easy permissions.secure
|
|
permissions.paranoid; do cat $i | \
|
|
awk '/^(#|$)/ { print $0; next; }
|
|
{ if(NF > 3) {printf("error: %s\n",$0);exit};
|
|
printf("%-55s %-17s %4s\n",$1,$2,$3)}' \
|
|
> $i.. && mv $i.. $i; done
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 18 16:05:54 CEST 2003 - kukuk@suse.de
|
|
|
|
- Fix group of straps, popauth and ntping
|
|
- Remove some GNOME games which do not need special rights anymore
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 16 22:34:41 CEST 2003 - kukuk@suse.de
|
|
|
|
- permissions.easy: change group of bing, vboxbeep, plpnfsd to
|
|
trusted, majordomo/wrapper to daemon
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 16 11:39:04 CEST 2003 - kukuk@suse.de
|
|
|
|
- permissions.easy: change group of gpasswd and ziptool to trusted
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 2 17:11:52 CEST 2003 - kkeil@suse.de
|
|
|
|
- fix user fax for hylafax specific files
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 2 08:47:35 CEST 2003 - kukuk@suse.de
|
|
|
|
- fix path to cons.saver, remove setuid bit in paranoid (#25907)
|
|
- remove screen
|
|
- remove smail (dropped years ago)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 1 18:26:32 CEST 2003 - kkeil@suse.de
|
|
|
|
- fix group for isdnctrl uucp --> dialout (#28997)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 1 15:06:09 MEST 2003 - draht@suse.de
|
|
|
|
- feedback@suse.de -> http://www.suse.de/feedback in all files of
|
|
the package. #29635.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Aug 23 15:54:13 CEST 2003 - sndirsch@suse.de
|
|
|
|
- added martian entries of package pachi
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 19 11:48:29 CEST 2003 - mmj@suse.de
|
|
|
|
- Add sysconfig metadata [#28937]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 29 19:12:03 MEST 2003 - draht@suse.de
|
|
|
|
- fax changes from Tomas Crhak: faxq-helper and spool directories.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 29 14:08:49 CEST 2003 - ro@suse.de
|
|
|
|
- gnome games moved back to /opt/gnome
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 28 16:56:27 CEST 2003 - kukuk@suse.de
|
|
|
|
- Remove /var/run from permissions file list [Bug #28289]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 28 08:47:31 CEST 2003 - kukuk@suse.de
|
|
|
|
- /var/lib/gdm: Removed to solve [Bug #28257] for future products.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 25 15:28:10 MEST 2003 - draht@suse.de
|
|
|
|
- /usr/lib/vte/gnome-pty-helper -> /opt/gnome/lib/vte/gnome-pty-helper
|
|
The same with /opt/gnome/lib64/.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 13 09:11:40 CEST 2003 - kukuk@suse.de
|
|
|
|
- /usr/lib/mgetty+sendfax/faxq-helper added 4711 in easy and secure
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 2 11:42:47 CEST 2003 - sndirsch@suse.de
|
|
|
|
- added /usr/games/pachi and /var/games/pachi.scores
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 10 15:46:45 CET 2003 - sndirsch@suse.de
|
|
|
|
- added /usr/games/falconseye.bin
|
|
- removed /usr/games/falconseye
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 10 10:45:30 CET 2003 - kukuk@suse.de
|
|
|
|
- added /usr/lib64/vte/gnome-pty-helper until ported to utempter
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Mar 9 01:15:10 CET 2003 - sndirsch@suse.de
|
|
|
|
- added /usr/games/falconseye
|
|
- removed old falconseye entries
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 6 23:58:24 CET 2003 - ro@suse.de
|
|
|
|
- added /usr/lib/vte/gnome-pty-helper until ported to utempter
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 20 11:22:35 CET 2003 - mmj@suse.de
|
|
|
|
- Add sysconfig metadata [#22686]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 18 16:38:12 CET 2003 - kssingvo@suse.de
|
|
|
|
- removed squid entries. They will be added and corrected to squids own
|
|
permission file /etc/permissions.d/squid (bugzilla#23752):
|
|
/var/squid
|
|
/var/squid/cache
|
|
/var/squid/logs
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 18 02:55:30 MET 2003 - draht@suse.de
|
|
|
|
- /usr/games/trackballs added 2755 games.games in easy.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Feb 16 17:19:29 CET 2003 - adrian@suse.de
|
|
|
|
- allow khc_indexbuilder to write into /var/cache/susehelp in easy mode
|
|
- remove old entries (kreatecd and kscd)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 10 01:37:01 MET 2003 - draht@suse.de
|
|
|
|
- additions/changes (from #17012, Tobias Burnus):
|
|
* read all files from the commandline at once and override
|
|
entries given multiple times by the last entry
|
|
* enable option --set in addition to -set
|
|
* manpage adoptions
|
|
* call chkstat only once from SuSEconfig.permissions
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 6 01:52:49 CET 2003 - ro@suse.de
|
|
|
|
- /var/mtrack -> /var/lib/mtrack
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 19 15:16:41 CET 2002 - ro@suse.de
|
|
|
|
- zapping_setup_fb moved to /opt/gnome/sbin
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 14 13:44:56 CET 2002 - bg@suse.de
|
|
|
|
- added hppa to rpm subsystem in permissions files to be able to
|
|
finish autobuild
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 24 13:50:20 CEST 2002 - ro@suse.de
|
|
|
|
- two more nethack flavors with sgid games in easy
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 10 17:40:44 MEST 2002 - draht@suse.de
|
|
|
|
- cda entries below /usr/X11R6/lib/X11/xmcd removed.
|
|
index.html under /var/lib/xmcd/discog directories added
|
|
world-writeable. This is not satisfactory. New user xmcd will be
|
|
added in next release.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 5 18:43:44 MEST 2002 - draht@suse.de
|
|
|
|
- /usr/X11R6/lib/X11/xmcd/bin-Linux-ia64/{cda,xmcd} added.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 26 17:22:29 MEST 2002 - draht@suse.de
|
|
|
|
- removed all occurrences of kv4lsetup upon request by adrian+uli.
|
|
- -s for xlock, xlock-mesa + xscreensaver (#18125), (#18132)
|
|
- /usr/src/packages/RPMS/alphaev67 added.
|
|
- added /sbin/unix2_chkpwd root.shadow 2755
|
|
- -s /usr/sbin/papd (#18103)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 21 16:29:43 MEST 2002 - draht@suse.de
|
|
|
|
- removed suid bits from heimdal's su and otp (#18104)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 21 16:13:29 MEST 2002 - draht@suse.de
|
|
|
|
- remove setuid bit from traceroute due to new implementation by
|
|
Olaf Kirch which doesn't need euid root. (#18101)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 21 14:16:47 MEST 2002 - draht@suse.de
|
|
|
|
- removed lprng entries because of conflicts cups <-> lprng
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 21 14:14:05 MEST 2002 - draht@suse.de
|
|
|
|
- vboxbeep -> 0755 in secure.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 19 15:27:09 CEST 2002 - ro@suse.de
|
|
|
|
- added prereq (#17956)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 19 13:45:43 CEST 2002 - uli@suse.de
|
|
|
|
- added nethack for lib64 archs
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 19 12:32:56 CEST 2002 - uli@suse.de
|
|
|
|
- added xmcd for archs != i386
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 13 13:48:05 MEST 2002 - draht@suse.de
|
|
|
|
- gnome-games2 entries changed/adopted to /opt/gnome2 path.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 13 13:30:30 CEST 2002 - draht@suse.de
|
|
|
|
- changed kcheckpass from 2755 root.shadow to 4755. (#17664)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 31 07:55:06 CEST 2002 - olh@suse.de
|
|
|
|
- ncpmount, ncpumount, nwsfind, ncplogin, ncpmap root.trusted 4750
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jul 27 13:19:26 CEST 2002 - kukuk@suse.de
|
|
|
|
- Rename group wwwadmin to www
|
|
- Rename group game to games
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 23 12:54:24 MEST 2002 - draht@suse.de
|
|
|
|
- added sapdb files, not setuid root in secure,paranoid.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 22 18:26:43 MEST 2002 - draht@suse.de
|
|
|
|
- added frontpage files
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 16 15:18:14 MEST 2002 - draht@suse.de
|
|
|
|
- changed entries for mailman: group mdom -> mailman
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 16 03:51:29 MEST 2002 - draht@suse.de
|
|
|
|
- mailman sgid mdom files added to easy, secure and paranoid.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 10 14:33:50 MEST 2002 - draht@suse.de
|
|
|
|
- .paranoid comment fixed about at and cron (#12159)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 8 17:24:21 MEST 2002 - draht@suse.de
|
|
|
|
- ppp dialup networking fixes and cleanup.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 8 15:56:23 MEST 2002 - draht@suse.de
|
|
|
|
- modifications: -s for pppd, world-writeable directories for
|
|
kdemultimedia3-sound, gift, mips and armv4l RPMS directory.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 5 21:13:08 CEST 2002 - kukuk@suse.de
|
|
|
|
- Add /usr/src/packages/RPMS/sparcv9 to easy,secure,paranoid.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 4 16:26:47 MEST 2002 - draht@suse.de
|
|
|
|
- /usr/lib64/pt_chown added to easy,secure,paranoid.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 1 19:56:10 MEST 2002 - draht@suse.de
|
|
|
|
- entries for packages added or changed:
|
|
squid
|
|
geki2
|
|
d1x
|
|
falconseye
|
|
fdutils
|
|
gewels
|
|
gnome-games
|
|
heimdal
|
|
lbreakout
|
|
lpdfilter
|
|
lprng
|
|
man
|
|
mgetty (/var/spool/fax/outgoing/* need discussion)
|
|
mtrack (locfile+satfile -> 0644)
|
|
nethack
|
|
nvi-m17n (/var/preserve/vi.recover -> 1777)
|
|
opie (/bin -> /usr/bin)
|
|
pcp
|
|
plptools
|
|
qpopper
|
|
rp-pppoe (/usr/sbin/pppoe-wrapper)
|
|
smpppd (/usr/sbin/cinternet-wwwrun wwwrun.dialout 2750)
|
|
squid (/usr/sbin/pam_auth)
|
|
su-wrapper
|
|
xemacs (lock directory changed again? now /var/state/xemacs and /var/lib/xemacs)
|
|
xgalaga
|
|
xmcd
|
|
xscrabble
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 1 01:01:10 CEST 2002 - ro@suse.de
|
|
|
|
- don't install all sources (spec file etc.)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 28 14:40:07 MEST 2002 - draht@suse.de
|
|
|
|
- minor spec file change
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 28 12:56:43 MEST 2002 - draht@suse.de
|
|
|
|
- entries for packages added:
|
|
ftpdir
|
|
gnokii
|
|
kamplus
|
|
geki2
|
|
aaa_dir (/tmp/.ICE-unix)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 28 12:56:18 MEST 2002 - draht@suse.de
|
|
|
|
- unpack tar archive in source for convenience.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 27 23:05:51 CEST 2002 - olh@suse.de
|
|
|
|
- update permissions of /usr/src/packages/RPMS/<arch>
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 21 02:10:26 CEST 2002 - ro@suse.de
|
|
|
|
- created package as split off from aaa_base
|
|
|