SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for permissions-20190212-217.1.i586.rpm :

* Tue Feb 12 2019 jsegitzAATTsuse.com- Update to version 20190212:
* removed old entry for wodim
* removed old entry for netatalk
* removed old entry for suidperl
* removed old entriy for utempter
* removed old entriy for hostname
* removed old directory entries
* removed old entry for qemu-bridge-helper
* removed old entries for pccardctl
* removed old entries for isdnctrl
* removed old entries for unix(2)_chkpwd
* removed old entries for mount.nfs
* removed old entries for (u)mount
* removed old entry for fileshareset
* removed old entries for KDE
* removed old entry for heartbeat
* removed old entry for gnome-control-center
* removed old entry for pcp
* removed old entry for lpdfilter
* removed old entry for scotty
* removed old entry for ia32el
* removed old entry for squid
* removed old qpopper whitelist
* removed pt_chown entries. Not needed anymore and a bad idea anyway
* removed old majordomo entry
* removed stale entries for old ncpfs tools
* removed old entry for rmtab
* Fixed typo in icinga2 whitelist entry
* New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale entries for VirtualBox
* Removed whitelist for /usr/bin/su.core. According to comment a temporary hack introduced 2012 to help moving su from coretuils to util-linux. I couldn\'t find it anywhere, so we don\'t need it anymore
* Remove entry for /usr/bin/yaps. We don\'t ship it anymore and the group that is used doesn\'t exists anymore starting with Leap 15, so it will not work there anyway. Users using this (old) package can do this individually
* removed entry for /etc/ftpaccess. We currently don\'t have it anywhere (and judging from my search this has been the case for quite a while)
* Ensure consistency of entries, otherwise switching between settings becomes problematic
* Fix spelling of SUSE
* permissions.local: fix typo
* Fri Nov 16 2018 opensuse-packagingAATTopensuse.org- Update to version 20181116:
* zypper-plugin: new plugin to fix bsc#1114383
* Mon Nov 12 2018 opensuse-packagingAATTopensuse.org- Update to version 20181112:
* singularity: remove -suid binaries that have been dropped since version 2.4 (bsc#1028304)
* Tue Oct 30 2018 opensuse-packagingAATTopensuse.org- Update to version 20181030:
* capability whitelisting: allow cap_net_bind_service for ns-slapd from 389-ds
* Mon Oct 29 2018 opensuse-packagingAATTopensuse.org- Update to version 20181029:
* setuid whitelisting: add fusermount3 (bsc#1111230)
* Thu Oct 25 2018 opensuse-packagingAATTopensuse.org- Update to version 20181025:
* setuid whitelisting: add authbind binary (bsc#1111251)
* Mon Aug 27 2018 opensuse-packagingAATTopensuse.org- Update to version 20180827:
* setuid whitelisting: add firejail binary (bsc#1059013)
* Fri Aug 10 2018 opensuse-packagingAATTopensuse.org- Update to version 20180810:
* setuid whitelisting: add lxc-user-nic (bsc#988348)
* Thu Aug 02 2018 opensuse-packagingAATTopensuse.org- Update to version 20180802:
* whitelisting: added smc-tools LD_PRELOAD library (bsc#1102956)
* Tue Jul 24 2018 opensuse-packagingAATTopensuse.org- Update to version 20180724:
* Fix wrong file path in help string
* whitelisting: add spice-gtk usb helper setuid binary (bnc#1101420)
* Tue May 08 2018 astiegerAATTsuse.com- Update to version 20180508:
* Capabilities for usage of Wireshark for non-root (bsc#957624)
* Thu Jan 25 2018 meissnerAATTsuse.com- Update to version 20180125:
* the eror should be reported for permfiles[i], not argv[i], as these are not the same files. (bsc#1047247)
* make btmp root:utmp (bsc#1050467)
* Mon Jan 15 2018 krahmerAATTsuse.com- Update to version 20180115:
* - polkit-default-privs: usbauth (bsc#1066877)
* Mon Dec 04 2017 kukukAATTsuse.com- fillup is required for post, not pre installation
* Thu Nov 30 2017 mpluskalAATTsuse.com- Cleanup spec file with spec-cleaner- Drop conditions/definitions related to old distros
* Wed Nov 29 2017 astiegerAATTsuse.com- Update to version 20171129:
* permissions: adding gvfs (bsc#1065864)
* Allow setgid incingacmd on directory /run/icinga2/cmd bsc#1069410
* Allow fping cap_net_raw (bsc#1047921)
* Thu Nov 23 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
* Tue Nov 21 2017 krahmerAATTsuse.com- Update to version 20171121:
* - permissions: adding kwayland (bsc#1062182)
* Mon Nov 06 2017 eeichAATTsuse.com- Update to version 20171106:
* Allow setuid root for singularity (group only) bsc#1028304
* Wed Oct 25 2017 jsegitzAATTsuse.com- Update to version 20171025:
* Stricter permissions on cron directories (paranoid) and stricter permissions on sshd_config (secure/paranoid)
* Thu Sep 28 2017 astiegerAATTsuse.com- Update to version 20170928:
* Fix invalid syntax bsc#1048645 bsc#1060738
* Wed Sep 27 2017 pgajdosAATTsuse.com- Update to version 20170927:
* fix typos in manpages
* Fri Sep 22 2017 astiegerAATTsuse.com- Update to version 20170922:
* Allow setuid root for singularity (group only) bsc#1028304
* Wed Sep 13 2017 astiegerAATTsuse.com- Update to version 20170913:
* Allow setuid for shadow newuidmap, newgidmap bsc#979282, bsc#1048645)
* Wed Sep 06 2017 opensuse-packagingAATTopensuse.org- Update to version 20170906:
* permissions - copy dbus-daemon-launch-helper from / to /usr - bsc#1056764
* permissions: Adding suid bit for VBoxNetNAT (bsc#1033425)
* Wed Jun 07 2017 dimstarAATTopensuse.org- BuildIgnore group(trusted): we don\'t really care for this group in the buildroot and do not want to get system-users into the bootstrap cycle as we can avoid it.
* Sat Jun 03 2017 meissnerAATTsuse.com- Require: group(trusted), as we are handing it out to some unsuspecting binaries and it is no longer default. (bsc#1041159 for fuse, also cronie, etc)
* Fri Jun 02 2017 meissnerAATTsuse.com- Update to version 20170602:
* make /etc/ppp owned by root:root. The group dialout usage is no longer used
* Sun Aug 07 2016 meissnerAATTsuse.com- Update to version 20160807:
* suexec2 is a symlink, no need for permissions handling
* Tue Aug 02 2016 meissnerAATTsuse.com- Update to version 20160802:
* list the newuidmap and newgidmap, currently 0755 until review is done (bsc#979282)
* root:shadow 0755 for newuidmap/newgidmap
* Tue Aug 02 2016 krahmerAATTsuse.com- adding qemu-bridge-helper mode 04750 (bsc#988279)
* Mon May 23 2016 dimstarAATTopensuse.org- Introduce _service to easier update the package. For simplicity, change the version from yyyy.mm.dd to yyyymmdd (which is eactly %cd in the _service defintion). Upgrading is no problem.
* Mon May 23 2016 meissnerAATTsuse.com- chage only needs read rights to /etc/shadow, so setgid shadow is sufficient (bsc#975352)
* Wed Mar 30 2016 meissnerAATTsuse.com- permissions: adding gstreamer ptp file caps (bsc#960173)
* Fri Jan 15 2016 meissnerAATTsuse.com- the apache folks renamed suexec2 to suexec with symlink. adjust both (bsc#962060)
* Tue Jan 12 2016 meissnerAATTsuse.com- pinger needs to be squid:root, not root:squid (there is no squid group) bsc#961363
* Thu Oct 29 2015 meissnerAATTsuse.com- add suexec with 0755 to all standard profiles. this can and should be overridden in permissions.local if you need it setuid root. bsc#951765 bsc#263789- added missing / to the squid specific directories (bsc#950557)
* Mon Sep 28 2015 meissnerAATTsuse.com- adjusted radosgw to root:www mode 0750 (bsc#943471)
* Mon Sep 28 2015 meissnerAATTsuse.com- radosgw can get capability cap_bind_net_service (bsc#943471)
* Mon Jun 08 2015 meissnerAATTsuse.com- remove /usr/bin/get_printing_ticket; (bnc#906336)
* Wed Dec 03 2014 krahmerAATTsuse.com- Added iouyap capabilities (bnc#904060)
* Wed Nov 05 2014 meissnerAATTsuse.com- %{_bindir}/get_printing_ticket turned to mode 700, setuid root no longer needed (bnc#685093)- permissions: incorporating squid changes from bnc#891268- hint that chkstat --system --set needs to be run after editing bnc#895647
  
ICM