openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of permissions

Dominique Leuenberger (dimstar_suse) accepted request 853596 from

Matthias Gerstner (mgerstner) over 3 years ago (revision 146)

move man page to where the documented files are

A separate package for a single man page really is overkill.

See also discussion at 
https://lists.opensuse.org/archives/list/packaging@lists.opensuse.org/message/5FSP57UVYLS7BNBDNF4EGHW5TEEZUS5D/ (forwarded request 853107 from lnussel)

Dominique Leuenberger (dimstar_suse) accepted request 840211 from

Matthias Gerstner (mgerstner) over 3 years ago (revision 145)

- Update to version 20201008:
  * cleanup now useless /usr/lib entries after move to /usr/libexec (bsc#1171164)
  * drop (f)ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)

Dominique Leuenberger (dimstar_suse) accepted request 838733 from

Matthias Gerstner (mgerstner) over 3 years ago (revision 144)

- Update to version 20200930:
  * whitelist Xorg setuid-root wrapper (bsc#1175867)

Dominique Leuenberger (dimstar_suse) accepted request 833221 from

Matthias Gerstner (mgerstner) over 3 years ago (revision 143)

- Update to version 20200909:
  * screen: remove /run/uscreens covered by systemd-tmpfiles (bsc#1171879)

Dominique Leuenberger (dimstar_suse) accepted request 832056 from

Matthias Gerstner (mgerstner) over 3 years ago (revision 142)

- Update to version 20200904:
  * Add /usr/libexec for cockpit-session as new path
  * physlock: whitelist with tight restrictions (bsc#1175720)

Dominique Leuenberger (dimstar_suse) accepted request 829800 from

Malte Kraus (mkraus) over 3 years ago (revision 141)

- Update to version 20200826:
  * mtr-packet: stop requiring dialout group
  * etc/permissions: fix mtr permission
  * list_permissions: improve output format
  * list_permissions: support globbing in --path argument
  * list_permissions: implement simplifications suggested in PR#92
  * list_permissions: new tool for better path configuration overview

Dominique Leuenberger (dimstar_suse) accepted request 825923 from

Matthias Gerstner (mgerstner) almost 4 years ago (revision 140)

- Update to version 20200811:
  * regtest: support new getcap output format in libcap-2.42
  * regtest: print individual test case errors to stderr

Dominique Leuenberger (dimstar_suse) accepted request 822971 from

Matthias Gerstner (mgerstner) almost 4 years ago (revision 139)

- Update to version 20200727:
  * etc/permissions: remove static /var/spool/* dirs
  * etc/permissions: remove outdated entries
  * etc/permissions: remove unnecessary static dirs and devices
  * screen: remove now unused /var/run/uscreens

Dominique Leuenberger (dimstar_suse) accepted request 819968 from

Matthias Gerstner (mgerstner) almost 4 years ago (revision 138)

- Update to version 20200710:
  * Revert "etc/permissions: remove entries for bind-chrootenv". This
    currently conflicts with the way the CheckSUIDPermissions rpmlint-check is
    implemented.

- Removed dbus-libexec.patch: contained in upstream

- Update to version 20200624:
  * rework permissions.local text (boo#1173221)
  * dbus-1: adjust to new libexec dir location (bsc#1171164)
  * permission profiles: reinstate kdesud for kde5
  * etc/permissions: remove entries for bind-chrootenv
  * etc/permissions: remove traceroute entry
  * VirtualBox: remove outdated entry which is only a symlink any more
  * /bin/su: remove path refering to symlink
  * etc/permissions: remove legacy RPM directory entries
  * /etc/permissions: remove outdated sudo directories
  * singularity: remove outdated setuid-binary entries
  * chromium: remove now unneeded chrome_sandbox entry (bsc#1163588)
  * dbus-1: remove deprecated alternative paths
  * PolicyKit: remove outdated entries last used in SLE-11
  * pcp: remove no longer needed / conflicting entries
  * gnats: remove entries for package removed from Factory
  * kdelibs4: remove entries for package removed from Factory
  * v4l-base: remove entries for package removed from Factory
  * mailman: remove entries for package deleted from Factory
  * gnome-pty-helper: remove dead entry no longer part of the vte package
  * gnokii: remove entries for package no longer in Factory
  * xawtv (v4l-conf): correct group ownership in easy profile
  * systemd-journal: remove unnecessary profile entries

Dominique Leuenberger (dimstar_suse) accepted request 815295 from

Malte Kraus (mkraus) almost 4 years ago (revision 137)

- dbus-1: adjust to new libexec dir location (bsc#1171164). This is
  temporarily done through the patch in dbus-libexec.patch because
  we are not completely certain the stability of current git.
- run chkstat test suite during RPM build

Dominique Leuenberger (dimstar_suse) accepted request 810755 from

Matthias Gerstner (mgerstner) almost 4 years ago (revision 136)

- Update to version 20200526:
  * profiles: add entries for enlightenment (bsc#1171686)

Yuchen Lin (maxlin_factory) accepted request 807568 from

Matthias Gerstner (mgerstner) about 4 years ago (revision 135)

- Update to version 20200520:
  * permissions fixed profile: utempter: reinstate libexec compatibility entry (forwarded request 807566 from mgerstner)

Dominique Leuenberger (dimstar_suse) accepted request 801106 from

Malte Kraus (mkraus) about 4 years ago (revision 134)

- Update to version 20200506:
  * add whitelist for files in /usr/lib to be also allowed in
    /usr/libexec (bsc#1171164)

Dominique Leuenberger (dimstar_suse) accepted request 787823 from

Johannes Segitz (jsegitz) about 4 years ago (revision 133)

Dominique Leuenberger (dimstar_suse) accepted request 780979 from

Matthias Gerstner (mgerstner) about 4 years ago (revision 132)

- Update to version 20200228:
  * chkstat: fix readline() on platforms with unsigned char

- Update to version 20200227:
  * remove capability whitelisting for radosgw
  * whitelist ceph log directory (bsc#1150366)
  * adjust testsuite to post CVE-2020-8013 link handling
  * testsuite: add option to not mount /proc
  * do not follow symlinks that are the final path element: CVE-2020-8013
  * add a test for symlinked directories
  * fix relative symlink handling
  * include cpp compat headers, not C headers
  * Move permissions and permissions.* except .local to /usr/share/permissions
  * regtest: fix the static PATH list which was missing /usr/bin
  * regtest: also unshare the PID namespace to support /proc mounting
  * regtest: bindMount(): explicitly reject read-only recursive mounts
  * Makefile: force remove upon clean target to prevent bogus errors
  * regtest: by default automatically (re)build chkstat before testing
  * regtest: add test for symlink targets
  * regtest: make capability setting tests optional
  * regtest: fix capability assertion helper logic
  * regtests: add another test case that catches set*id or caps in world-writable sub-trees
  * regtest: add another test that catches when privilege bits are set for special files
  * regtest: add test case for user owned symlinks
  * regtest: employ subuid and subgid feature in user namespace
  * regtest: add another test case that covers unknown user/group config
  * regtest: add another test that checks rejection of insecure mixed-owner paths
  * regtest: add test that checks for rejection of world-writable paths
  * regtest: add test for detection of unexpected parent directory ownership
  * regtest: add further helper functions, allow access to main instance (forwarded request 780264 from mkraus)

Dominique Leuenberger (dimstar_suse) accepted request 774158 from

Malte Kraus (mkraus) over 4 years ago (revision 131)

- Update to version 20200213:
  * remove obsolete/broken entries for rcp/rsh/rlogin
  * chkstat: handle symlinks in final path elements correctly
  * Revert "Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)""
  * Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)"

Dominique Leuenberger (dimstar_suse) accepted request 769971 from

Matthias Gerstner (mgerstner) over 4 years ago (revision 130)

- Update to version 20200204:
  * mariadb: settings for new auth_pam_tool (bsc#1160285)
  * chkstat:
    - add read-only fallback when /proc is not mounted (bsc#1160764)
    - capability handling fixes (bsc#1161779)
    - better error message when refusing to fix dir perms (#32)

- Update to version 20200127:
  * fix paths of ksysguard whitelisting
  * fix zero-termination of error message for overly long paths

Dominique Leuenberger (dimstar_suse) accepted request 754442 from

Malte Kraus (mkraus) over 4 years ago (revision 129)

- Update to version 20191205:
  * fix privilege escalation through untrusted symlinks (bsc#1150734,
    CVE-2019-3690)

- Update to version 20191122:
  * faxq-helper: correct "secure" permission for trusted group (bsc#1157498)

Dominique Leuenberger (dimstar_suse) accepted request 749269 from

Malte Kraus (mkraus) over 4 years ago (revision 128)

- Update to version 20191118:
  * whitelist ksysguard network helper (bsc#1151190)

- Update to version 20191112:
  * fix syntax of paranoid profile
  * fix squid permissions (bsc#1093414, CVE-2019-3688)

Dominique Leuenberger (dimstar_suse) accepted request 734799 from

Marcus Meissner (msmeissn) over 4 years ago (revision 127)

- Add || exit 0 on the scriptlet as it can actually fail in
  rootless containers with podman. This makes sure the zypper
  does not abort the container creation.
  * the actual error looks like:
    /dev/zero: chown: Operation not permitted (forwarded request 734796 from scarabeus_iv)

Displaying revisions 21 - 40 of 166

Places

Revisions of permissions

Places