SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for permissions-20181116-lp151.4.6.1.i586.rpm :

* Thu Sep 26 2019 Johannes Segitz - Updated permissons for amanda, added 0006-bsc1110797_amanda.patch (bsc#1110797)
* Thu Jun 13 2019 Malte Kraus - Added ./0005-singularity-starter-suid.patch (bsc#1128598) New whitelisting for /usr/lib/singularity/bin/starter-suid
* Tue Apr 30 2019 jsegitzAATTsuse.com- Added 0004-var-cache-man.patch. Removed entry for /var/cache/man. Conflicts with packaging and man:man is the better setting anyway (bsc#1133678)
* Tue Feb 12 2019 jsegitzAATTsuse.com- Added 0001-whitelisting-update-virtualbox.patch (bsc#1120650) New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale entries for VirtualBox- Added 0002-consistency-between-profiles.patch Ensure consistency of entries, otherwise switching between settings becomes problematic- Added 0003-var-run-postgresql.patch (bsc#1123886) Whitelist for postgresql. Currently the checker doesn\'t complain because the directories aren\'t packaged, but that might change and/or our checkers might improve
* Wed Nov 28 2018 opensuse-packagingAATTopensuse.org- Update to version 20181116:
* zypper-plugin: new plugin to fix bsc#1114383
* singularity: remove dropped -suid binaries (bsc#1028304)
* capability whitelisting: allow cap_net_bind_service for ns-slapd from 389-ds
* setuid whitelisting: add fusermount3 (bsc#1111230)
* setuid whitelisting: add authbind binary (bsc#1111251)
* setuid whitelisting: add firejail binary (bsc#1059013)
* setuid whitelisting: add lxc-user-nic (bsc#988348)
* whitelisting: add smc-tools LD_PRELOAD library (bsc#1102956)
* whitelisting: add spice-gtk usb helper setuid binary (bnc#1101420)
* Fix wrong file path in help string
* Capabilities for usage of Wireshark for non-root- remove 0001-whitelisting-add-spice-gtk-usb-helper-setuid-binary-.patch: is now contained in tarball.
* Mon Aug 20 2018 matthias.gerstnerAATTsuse.com- 0001-whitelisting-add-spice-gtk-usb-helper-setuid-binary-.patch: add whitelisting for the spice-gtk setuid binary (bsc#1101420) for improved usability.
* Thu Jan 25 2018 meissnerAATTsuse.com- Update to version 20180125:
* the eror should be reported for permfiles[i], not argv[i], as these are not the same files. (bsc#1047247)
* make btmp root:utmp (bsc#1050467)
* Mon Jan 15 2018 krahmerAATTsuse.com- Update to version 20180115:
* - polkit-default-privs: usbauth (bsc#1066877)
* Mon Dec 04 2017 kukukAATTsuse.com- fillup is required for post, not pre installation
* Thu Nov 30 2017 mpluskalAATTsuse.com- Cleanup spec file with spec-cleaner- Drop conditions/definitions related to old distros
* Wed Nov 29 2017 astiegerAATTsuse.com- Update to version 20171129:
* permissions: adding gvfs (bsc#1065864)
* Allow setgid incingacmd on directory /run/icinga2/cmd bsc#1069410
* Allow fping cap_net_raw (bsc#1047921)
* Thu Nov 23 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
* Tue Nov 21 2017 krahmerAATTsuse.com- Update to version 20171121:
* - permissions: adding kwayland (bsc#1062182)
* Mon Nov 06 2017 eeichAATTsuse.com- Update to version 20171106:
* Allow setuid root for singularity (group only) bsc#1028304
* Wed Oct 25 2017 jsegitzAATTsuse.com- Update to version 20171025:
* Stricter permissions on cron directories (paranoid) and stricter permissions on sshd_config (secure/paranoid)
* Thu Sep 28 2017 astiegerAATTsuse.com- Update to version 20170928:
* Fix invalid syntax bsc#1048645 bsc#1060738
* Wed Sep 27 2017 pgajdosAATTsuse.com- Update to version 20170927:
* fix typos in manpages
* Fri Sep 22 2017 astiegerAATTsuse.com- Update to version 20170922:
* Allow setuid root for singularity (group only) bsc#1028304
* Wed Sep 13 2017 astiegerAATTsuse.com- Update to version 20170913:
* Allow setuid for shadow newuidmap, newgidmap bsc#979282, bsc#1048645)
* Wed Sep 06 2017 opensuse-packagingAATTopensuse.org- Update to version 20170906:
* permissions - copy dbus-daemon-launch-helper from / to /usr - bsc#1056764
* permissions: Adding suid bit for VBoxNetNAT (bsc#1033425)
* Wed Jun 07 2017 dimstarAATTopensuse.org- BuildIgnore group(trusted): we don\'t really care for this group in the buildroot and do not want to get system-users into the bootstrap cycle as we can avoid it.
* Sat Jun 03 2017 meissnerAATTsuse.com- Require: group(trusted), as we are handing it out to some unsuspecting binaries and it is no longer default. (bsc#1041159 for fuse, also cronie, etc)
* Fri Jun 02 2017 meissnerAATTsuse.com- Update to version 20170602:
* make /etc/ppp owned by root:root. The group dialout usage is no longer used
* Sun Aug 07 2016 meissnerAATTsuse.com- Update to version 20160807:
* suexec2 is a symlink, no need for permissions handling
* Tue Aug 02 2016 meissnerAATTsuse.com- Update to version 20160802:
* list the newuidmap and newgidmap, currently 0755 until review is done (bsc#979282)
* root:shadow 0755 for newuidmap/newgidmap
* Tue Aug 02 2016 krahmerAATTsuse.com- adding qemu-bridge-helper mode 04750 (bsc#988279)
* Mon May 23 2016 dimstarAATTopensuse.org- Introduce _service to easier update the package. For simplicity, change the version from yyyy.mm.dd to yyyymmdd (which is eactly %cd in the _service defintion). Upgrading is no problem.
* Mon May 23 2016 meissnerAATTsuse.com- chage only needs read rights to /etc/shadow, so setgid shadow is sufficient (bsc#975352)
* Wed Mar 30 2016 meissnerAATTsuse.com- permissions: adding gstreamer ptp file caps (bsc#960173)
* Fri Jan 15 2016 meissnerAATTsuse.com- the apache folks renamed suexec2 to suexec with symlink. adjust both (bsc#962060)
* Tue Jan 12 2016 meissnerAATTsuse.com- pinger needs to be squid:root, not root:squid (there is no squid group) bsc#961363
* Thu Oct 29 2015 meissnerAATTsuse.com- add suexec with 0755 to all standard profiles. this can and should be overridden in permissions.local if you need it setuid root. bsc#951765 bsc#263789- added missing / to the squid specific directories (bsc#950557)
* Mon Sep 28 2015 meissnerAATTsuse.com- adjusted radosgw to root:www mode 0750 (bsc#943471)
* Mon Sep 28 2015 meissnerAATTsuse.com- radosgw can get capability cap_bind_net_service (bsc#943471)
* Mon Jun 08 2015 meissnerAATTsuse.com- remove /usr/bin/get_printing_ticket; (bnc#906336)
* Wed Dec 03 2014 krahmerAATTsuse.com- Added iouyap capabilities (bnc#904060)
* Wed Nov 05 2014 meissnerAATTsuse.com- %{_bindir}/get_printing_ticket turned to mode 700, setuid root no longer needed (bnc#685093)- permissions: incorporating squid changes from bnc#891268- hint that chkstat --system --set needs to be run after editing bnc#895647
  
ICM