Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2020-03-06 21:23:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "permissions"
Fri Mar 6 21:23:21 2020 rev:132 rq:780979 version:unknown
Changes:
--------
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2020-02-21
16:40:25.925802159 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new.26092/permissions.changes
2020-03-06 21:23:24.365419871 +0100
@@ -1,0 +2,55 @@
+Fri Feb 28 12:00:44 UTC 2020 - malte.kr...@suse.com
+
+- Update to version 20200228:
+ * chkstat: fix readline() on platforms with unsigned char
+
+-------------------------------------------------------------------
+Thu Feb 27 12:29:29 UTC 2020 - malte.kr...@suse.com
+
+- Update to version 20200227:
+ * remove capability whitelisting for radosgw
+ * whitelist ceph log directory (bsc#1150366)
+ * adjust testsuite to post CVE-2020-8013 link handling
+ * testsuite: add option to not mount /proc
+ * do not follow symlinks that are the final path element: CVE-2020-8013
+ * add a test for symlinked directories
+ * fix relative symlink handling
+ * include cpp compat headers, not C headers
+ * Move permissions and permissions.* except .local to /usr/share/permissions
+ * regtest: fix the static PATH list which was missing /usr/bin
+ * regtest: also unshare the PID namespace to support /proc mounting
+ * regtest: bindMount(): explicitly reject read-only recursive mounts
+ * Makefile: force remove upon clean target to prevent bogus errors
+ * regtest: by default automatically (re)build chkstat before testing
+ * regtest: add test for symlink targets
+ * regtest: make capability setting tests optional
+ * regtest: fix capability assertion helper logic
+ * regtests: add another test case that catches set*id or caps in
world-writable sub-trees
+ * regtest: add another test that catches when privilege bits are set for
special files
+ * regtest: add test case for user owned symlinks
+ * regtest: employ subuid and subgid feature in user namespace
+ * regtest: add another test case that covers unknown user/group config
+ * regtest: add another test that checks rejection of insecure mixed-owner
paths
+ * regtest: add test that checks for rejection of world-writable paths
+ * regtest: add test for detection of unexpected parent directory ownership
+ * regtest: add further helper functions, allow access to main instance
+ * regtest: introduce some basic coloring support to improve readability
+ * regtest: sort imports, another piece of rationale
+ * regtest: add capability test case
+ * regtest: improve error flagging of test cases and introduce warnings
+ * regtest: support caps
+ * regtest: add a couple of command line parameter test cases
+ * regtest: add another test that checks whether the default profile works
+ * regtests: add tests for correct application of local profiles
+ * regtest: add further test cases that test correct profile application
+ * regtest: simplify test implementation and readability
+ * regtest: add helpers for permissions.d per package profiles
+ * regtest: support read-only bind mounts, also bind-mount permissions repo
+ * tests: introduce a regression test suite for chkstat
+ * Makefile: allow to build test version programmatically
+ * README.md: add basic readme file that explains the repository's purpose
+ * chkstat: change and harmonize coding style
+ * chkstat: switch to C++ compilation unit
+- add suse_version to end of permissions package version
+
+-------------------------------------------------------------------
Old:
----
permissions-20200213.tar.xz
New:
----
permissions-20200228.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ permissions.spec ++++++
--- /var/tmp/diff_new_pack.Us6QpT/_old 2020-03-06 21:23:24.849420138 +0100
+++ /var/tmp/diff_new_pack.Us6QpT/_new 2020-03-06 21:23:24.853420141 +0100
@@ -16,26 +16,28 @@
#
-%define VERSION 20200213
+%define VERSION_DATE 20200228
Name: permissions
-Version: %{VERSION}
+Version: %{VERSION_DATE}.%{suse_version}
Release: 0
Summary: SUSE Linux Default Permissions
# Maintained in github by the security team.
License: GPL-2.0-or-later
Group: Productivity/Security
URL: http://github.com/openSUSE/permissions
-Source: permissions-%{version}.tar.xz
+Source: permissions-%{VERSION_DATE}.tar.xz
Source1: fix_version.sh
+BuildRequires: gcc-c++
BuildRequires: libcap-devel
+BuildRequires: libcap-progs
Requires: chkstat
Requires: permissions-config
Recommends: permissions-doc
-Provides: aaa_base:%{_sysconfdir}/permissions
+Provides: aaa_base:%{_datadir}/permissions
%prep
-%setup -q
+%setup -q -n permissions-%{VERSION_DATE}
%build
make %{?_smp_mflags} CFLAGS="-W -Wall %{optflags}" FSCAPS_DEFAULT_ENABLED=0
@@ -43,6 +45,10 @@
%install
%make_install fillupdir=%{_fillupdir}
+# regression tests disabled for the moment, needs adjustment for the new
/usr/share world
+#%check
+#tests/regtest.py
+
%description
Permission settings of files and directories depending on the local
security settings. The local security setting ("easy", "secure", or "paranoid")
@@ -55,11 +61,11 @@
%package doc
Summary: SUSE Linux Default Permissions documentation
Group: Documentation/Man
-Version: %{suse_version}_%{VERSION}
+Version: %{suse_version}_%{VERSION_DATE}
Release: 0
%description doc
-Documentation for the permission files /etc/permissions*.
+Documentation for the permission files /usr/share/permissions/permissions*.
%files doc
%{_mandir}/man5/permissions.5%{ext_man}
@@ -67,7 +73,7 @@
%package config
Summary: SUSE Linux Default Permissions config files
Group: Productivity/Security
-Version: %{suse_version}_%{VERSION}
+Version: %{suse_version}_%{VERSION_DATE}
Release: 0
Requires(post): %fillup_prereq
Requires(post): chkstat
@@ -75,13 +81,15 @@
Requires(pre): group(trusted)
%description config
-The actual permissions configuration files, /etc/permission.*.
+The actual permissions configuration files,
/usr/share/permissions/permission.*.
%files config
-%config %{_sysconfdir}/permissions
-%config %{_sysconfdir}/permissions.easy
-%config %{_sysconfdir}/permissions.secure
-%config %{_sysconfdir}/permissions.paranoid
+%defattr(644, root, root, 755)
+%dir %{_datadir}/permissions
+%{_datadir}/permissions/permissions
+%{_datadir}/permissions/permissions.easy
+%{_datadir}/permissions/permissions.secure
+%{_datadir}/permissions/permissions.paranoid
%config(noreplace) %{_sysconfdir}/permissions.local
%{_fillupdir}/sysconfig.security
@@ -93,7 +101,7 @@
%package -n chkstat
Summary: SUSE Linux Default Permissions tool
Group: Productivity/Security
-Version: %{suse_version}_%{VERSION}
+Version: %{suse_version}_%{VERSION_DATE}
Release: 0
%description -n chkstat
@@ -105,7 +113,7 @@
%package -n permissions-zypp-plugin
BuildArch: noarch
-Requires: permissions = %{VERSION}
+Requires: permissions = %{VERSION_DATE}.%{suse_version}
Requires: python3-zypp-plugin
Requires: libzypp(plugin:commit) = 1
Summary: A zypper commit plugin for calling chkstat
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.Us6QpT/_old 2020-03-06 21:23:24.877420154 +0100
+++ /var/tmp/diff_new_pack.Us6QpT/_new 2020-03-06 21:23:24.877420154 +0100
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/openSUSE/permissions.git</param>
- <param
name="changesrevision">8676fc316fb0b9eb56ad9d354b8cafb8b1f2f258</param></service></servicedata>
\ No newline at end of file
+ <param
name="changesrevision">bfa5f7c7437b3fa939b0a88007e2d1cc6de605c9</param></service></servicedata>
\ No newline at end of file
++++++ fix_version.sh ++++++
--- /var/tmp/diff_new_pack.Us6QpT/_old 2020-03-06 21:23:24.889420161 +0100
+++ /var/tmp/diff_new_pack.Us6QpT/_new 2020-03-06 21:23:24.889420161 +0100
@@ -3,4 +3,4 @@
version=`date '+%Y%m%d'`
echo "setting version to ${version}"
-sed -E -i -e "s/^%define VERSION [0-9]+/%define VERSION ${version}/"
permissions.spec
+sed -E -i -e "s/^%define VERSION_DATE [0-9]+/%define VERSION_DATE ${version}/"
permissions.spec
++++++ permissions-20200213.tar.xz -> permissions-20200228.tar.xz ++++++
++++ 5007 lines of diff (skipped)
