Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

permissions-1699_20250120-160000.2.2 RPM for aarch64

From OpenSuSE Leap 16.0 for aarch64

Name: permissions Distribution: SUSE Linux 16
Version: 1699_20250120 Vendor: SUSE LLC <https://www.suse.com/>
Release: 160000.2.2 Build date: Mon Jan 20 10:00:54 2025
Group: Productivity/Security Build host: reproducible
Size: 0 Source RPM: permissions-1699_20250120-160000.2.2.src.rpm
Packager: https://www.suse.com/
Url: http://github.com/openSUSE/permissions
Summary: SUSE Linux Default Permissions
File and directory permission settings depending on the local security
settings. The local security setting ("easy", "secure", or "paranoid") can be
configured in /etc/sysconfig/security.

This package does not contain files, it just requires the necessary packages.

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Mon Jan 20 2025 wolfgang.frisch@suse.com
  - Update to version 1699_20250120:
    * profiles: whitelist nvidia-modprobe (bsc#1230950)
* Tue Oct 29 2024 matthias.gerstner@suse.com
  - Update to version 1699_20241029:
    * Add RPM macros; moved from rpm-config-SUSE
    * package RPM macros together with permctl, to avoid having to setup an
      extra sub-package.
* Fri May 24 2024 matthias.gerstner@suse.com
  - Update to version 1699_20240522:
    * man pages: minor corrections (bsc#1224822)
* Tue May 21 2024 filippo.bonazzi@suse.com
  - Update to version 1699_20240521:
    * permctl: return special exit code in --warn mode if entries need fixing
* Mon May 13 2024 matthias.gerstner@suse.com
  - rename chkstat package to permctl to match the new binary names. Establish
    Provides/Obsoletes to keep dependencies and old package cleanup in working
    order, see:
    https://en.opensuse.org/openSUSE:Package_dependencies#Renaming_a_package
  - add BuildRequires for acl programs for tests to succeed. Still keep %check
    disabled, because the new ACL test fails without /etc/subuid, /etc/subgid
    setup.
* Mon May 13 2024 matthias.gerstner@suse.com
  - Update to version 1699_20240513:
    * chkstat: has been renamed to permctl to better reflect its purpose. A
      symlink for backward compatibility will remain in place.
    * documentation: updated man pages
    * ACL support: permctl (formerly chkstat) now supports an additional `+acl`
      syntax to support assigning ACLs to files similar to the already existing
      support for file based capabilities.
* Mon Mar 11 2024 matthias.gerstner@suse.com
  - Update to version 1699_20240307:
    * build system: migrate from Makefile to Meson
  - adjust spec file to meson build
* Tue Mar 05 2024 filippo.bonazzi@suse.com
  - Update to version 1699_20240305:
    * chkstat: EntryProcessor: make error handling in safeOpen() clearer
    * chkstat regtests: catch bad error reporting for non-existent files
    * chkstat: EntryProcessor: don't report errors for non-existent files
* Tue Feb 27 2024 filippo.bonazzi@suse.com
  - Update to version 1699_20240223:
    * chkstat: replace ProcMountState enum by simple bool member
    * chkstat: minor style, spelling and documentation fixes
    * chkstat: drop types.h header
    * chkstat: make ProcMountState a private type of ChkStat
    * chkstat: EntryProcessor: rename some member variables for improved readability
    * chkstat: get rid of EntryContext and incorporate it into EntryProcessor
    * chkstat: split-off EntryProcessor from Chkstat main class
    * chkstat: define _GNU_SOURCE via Makefile
    * chkstat: processEntries(): make loop variables const
    * chkstat: split up checkHaveProc()
    * chkstat: ProfileParser: fix a bug when applying capabilities in custom root
    * chkstat: ProfileParser: make adding the root to paths transparent
    * chkstat: ProfileParser: refactor the now reduced codebase
    * chkstat: split off separate ProfileParser
    * chkstat: ProfileEntry: mark dropXID() const to support const ProfileEntry use
    * chkstat: parseProfile(): improve badProfileLine() calls
    * chkstat: drop deprecated capability check
    * chkstat: also move expandProfilePaths() into new VariableExpansions class
    * chkstat: split off variable expansion logic into separate class
    * chkstat: loadVariableExpansions(): a bit of refactoring
    * chkstat: parseSysconfig(): bit of refactoring
    * chkstat: remove deprecated CHECK_PERMISSIONS logic
    * chkstat: move assorted types into dedicated header
    * chkstat: replace #include guards by #pragma once
    * chkstat: split off command line arguments from Chkstat main class
    * chkstat: drop SaneValueArg wrapper
    * chkstat: document new packages.d directory
    * chkstat: drop TODO regarding ProfileEntry being changed on-the-fly
    * chkstat: harmonize FileCapabilities API
    * chkstat: support /usr/share/permissions/package.d for per-package drop-ins
    * chkstat: minor coding style fixes
    * chkstat: improve readability for rstrip() to strip trailing slashes
    * chkstat: remove trailing slashes from paths found on the command line
    * chkstat: add warning messages for rare error situations
    * chkstat: open profiles right away without racy `access()` check.
  - Remove fix_version.sh, handle version with services
* Tue Feb 06 2024 wolfgang.frisch@suse.com
  - Drop superfluous mkdir /usr/share/permissions/permissions.d
    This is now created by the Makefile. See also
    commit 5900bc1ffe6275298ded3c96dee03a5c98e4db1c
* Tue Feb 06 2024 paolo.perego@suse.com
  - Update to version 20240206:
    * Whitelisting libgtop_server2 (bsc#1218921)
    * Removing bogus whitespaces
    * chkstat: harmonize and transform to a more compact coding and doc style
    * gitignore: also ignore hidden ctags
    * build: Create /usr/share/permissions/permissions.d for packagers
    * profiles: drop /usr/sbin/lockdev which is no longer packaged in Factory
    * profiles: drop /etc/ftpusers which is no longer shipped in netcfg
* Tue Jan 30 2024 dimstar@opensuse.org
  - Create directory /usr/share/permissions/permissions.d for packages
    to place their drop-ins.
* Mon Nov 27 2023 daniel.garcia@suse.com
  - Remove dependency on /usr/bin/python3, making scripts to depends on
    the real python3 binary, not the link. bsc#1212476
* Fri Jun 02 2023 matthias.gerstner@suse.com
  - Update to version 20230602:
    * profiles: remove dropped pppoe-wrapper
* Tue May 16 2023 matthias.gerstner@suse.com
  - Update to version 20230516:
    * common permissions: add icingaweb2 setgid directory (bsc#1211314)
* Mon Apr 24 2023 wolfgang.frisch@suse.com
  - Update to version 20230424:
    * profiles: remove dead opiepasswd entry
      (opie was removed via OBS sr#1065964).
* Fri Feb 17 2023 matthias.gerstner@suse.com
  - Update to version 20230217:
    * shadow: newgidmap,newuidmap: use capabilities (bsc#1208309)
    * profiles: whitelist kismet capabilities (bsc#1200954) (#171)
* Tue Dec 20 2022 matthias.gerstner@suse.com
  - Update to version 20221220:
    * profiles: remove outdated kdesud, apptainer entries
* Wed Sep 21 2022 dmueller@suse.com
  - skip tests on qemu user builds
* Tue Sep 13 2022 matthias.gerstner@suse.com
  - Update to version 20220912:
    * chkstat: also consider group controlled paths (bsc#1203018,
      CVE-2022-31252)
* Mon Aug 08 2022 dimstar@opensuse.org
  - Fix dependency from permissions-zypp-plugin to permissions.
* Sat Jul 30 2022 coolo@suse.com
  - Avoid different Versions for subpackages to fix build-compare
    seeing the src rpm as equal. It replaces VERSION-RELEASE but
    that will fail if subpackages use a different Version
* Wed Jul 13 2022 matthias.gerstner@suse.com
  - Update to version 20220713:
    * postfix: add postlog setgid for maildrop binary (bsc#1201385)
    * libexec migration: KDE utilities now properly place their helpers
    * pccardctl: installation path has finally changed to /usr/sbin
* Fri Mar 11 2022 matthias.gerstner@suse.com
  - Update to version 20220309:
    * apptainer whitelisting (bsc#1196145)
* Fri Feb 25 2022 matthias.gerstner@suse.com
  - Update to version 20220202:
    * mount.nfs: switch from migration mode to fixed path in /usr/sbin
    * changed gendered pronouns
    * mgetty: faxq-helper now finally reside in /usr/libexec
* Wed Sep 01 2021 matthias.gerstner@suse.com
  - Update to version 20210901:
    * libksysguard5: Updated path for ksgrd_network_helper
    * kdesu: Updated path for kdesud
    * sbin_dirs cleanup: these binaries have already been moved to /usr/sbin
    * mariadb: revert auth_pam_tool to /usr/lib{,64} again
    * cleanup: revert virtualbox back to plain /usr/lib
    * cleanup: remove deprecated /etc/ssh/sshd_config
    * hawk_invoke is not part of newer hawk2 packages anymore
    * cleanup: texlive-filesystem: public now resides in libexec
    * cleanup: authbind: helper now resides in libexec
    * cleanup: polkit: the agent now also resides in libexec
    * libexec cleanup: 'inn' news binaries now reside in libexec
* Tue May 18 2021 matthias.gerstner@suse.com
  - Update to version 20210518:
    * whitelist please (bsc#1183669)
* Tue May 18 2021 matthias.gerstner@suse.com
  - Update to version 20210518:
    * Fix enlightenment paths for 32-bit architectures
* Mon Jan 25 2021 matthias.gerstner@suse.com
  - Update to version 20210125:
    * usbauth: drop compatibility variable for libexec
    * usbauth: Updated path for usbauth-npriv
    * profiles: finish usage of variable for polkit-agent-helper-1
* Fri Dec 04 2020 lnussel@suse.de
  - move man page to where the documented files are
* Wed Nov 11 2020 matthias.gerstner@suse.com
  - Update to version 20201111:
    * squid: remove basic_pam_auth which doesn't need special perms (bsc#1171569)
    * mgetty: remove long dead (or never existing) locks directory (bsc#1171882)
    * adjust squid pinger path (bsc#1171569)
    * profiles: remove now superfluous squid pinger paths (bsc#1171569)
    * ksgrd_network_helper: remove obviously wrong path
    * etc/permissions: remove unnecessary, duplicate, outdated entries
    * chkstat: implement support for variables in profile paths in new
      variables.conf
    * man pages: add documentation about variables, update copyrights
    * profiles: use new variables feature to remove redundant entries
    * profiles: prepare /usr/sbin versions of profile entries (bsc#1029961)
    * Makefile: support CXXFLAGS and LDFLAGS override / extension via make/env variables (bsc#1178475)
    * Makefile: compile with LFO support to fix 32-bit emulation on 64-bit hosts (bsc#1178476)
    * README: added information about know limitations of this approach
  - adjusted spec file:
    - package new variables.conf
    - apply %{optflags} correctly via CXXFLAGS variable
    - drop FSCAPS_DEFAULT_ENABLED which isn't recognized anymore by the
      refactored chkstat sources. This is now the default.
* Thu Oct 08 2020 matthias.gerstner@suse.com
  - Update to version 20201008:
    * cleanup now useless /usr/lib entries after move to /usr/libexec (bsc#1171164)
    * drop (f)ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)
* Wed Sep 30 2020 matthias.gerstner@suse.com
  - Update to version 20200930:
    * whitelist Xorg setuid-root wrapper (bsc#1175867)
* Wed Sep 09 2020 matthias.gerstner@suse.com
  - Update to version 20200909:
    * screen: remove /run/uscreens covered by systemd-tmpfiles (bsc#1171879)
* Fri Sep 04 2020 matthias.gerstner@suse.com
  - Update to version 20200904:
    * Add /usr/libexec for cockpit-session as new path
    * physlock: whitelist with tight restrictions (bsc#1175720)
* Wed Aug 26 2020 malte.kraus@suse.com
  - Update to version 20200826:
    * mtr-packet: stop requiring dialout group
    * etc/permissions: fix mtr permission
    * list_permissions: improve output format
    * list_permissions: support globbing in --path argument
    * list_permissions: implement simplifications suggested in PR#92
    * list_permissions: new tool for better path configuration overview
* Tue Aug 11 2020 matthias.gerstner@suse.com
  - Update to version 20200811:
    * regtest: support new getcap output format in libcap-2.42
    * regtest: print individual test case errors to stderr
* Mon Jul 27 2020 matthias.gerstner@suse.com
  - Update to version 20200727:
    * etc/permissions: remove static /var/spool/* dirs
    * etc/permissions: remove outdated entries
    * etc/permissions: remove unnecessary static dirs and devices
    * screen: remove now unused /var/run/uscreens
* Fri Jul 10 2020 matthias.gerstner@suse.com
  - Update to version 20200710:
    * Revert "etc/permissions: remove entries for bind-chrootenv". This
      currently conflicts with the way the CheckSUIDPermissions rpmlint-check is
      implemented.
* Tue Jul 07 2020 callumjfarmer13@gmail.com
  - Removed dbus-libexec.patch: contained in upstream
* Tue Jul 07 2020 matthias.gerstner@suse.com
  - Update to version 20200624:
    * rework permissions.local text (boo#1173221)
    * dbus-1: adjust to new libexec dir location (bsc#1171164)
    * permission profiles: reinstate kdesud for kde5
    * etc/permissions: remove entries for bind-chrootenv
    * etc/permissions: remove traceroute entry
    * VirtualBox: remove outdated entry which is only a symlink any more
    * /bin/su: remove path refering to symlink
    * etc/permissions: remove legacy RPM directory entries
    * /etc/permissions: remove outdated sudo directories
    * singularity: remove outdated setuid-binary entries
    * chromium: remove now unneeded chrome_sandbox entry (bsc#1163588)
    * dbus-1: remove deprecated alternative paths
    * PolicyKit: remove outdated entries last used in SLE-11
    * pcp: remove no longer needed / conflicting entries
    * gnats: remove entries for package removed from Factory
    * kdelibs4: remove entries for package removed from Factory
    * v4l-base: remove entries for package removed from Factory
    * mailman: remove entries for package deleted from Factory
    * gnome-pty-helper: remove dead entry no longer part of the vte package
    * gnokii: remove entries for package no longer in Factory
    * xawtv (v4l-conf): correct group ownership in easy profile
    * systemd-journal: remove unnecessary profile entries
    * thttp: make makeweb entry usable in the secure profile (bsc#1171580)
* Tue Jun 16 2020 malte.kraus@suse.com
  - dbus-1: adjust to new libexec dir location (bsc#1171164). This is
    temporarily done through the patch in dbus-libexec.patch because
    we are not completely certain the stability of current git.
  - run chkstat test suite during RPM build
* Tue May 26 2020 matthias.gerstner@suse.com
  - Update to version 20200526:
    * profiles: add entries for enlightenment (bsc#1171686)
* Wed May 20 2020 matthias.gerstner@suse.com
  - Update to version 20200520:
    * permissions fixed profile: utempter: reinstate libexec compatibility entry
* Tue May 19 2020 matthias.gerstner@suse.com
  - Update to version 20200519:
    * chkstat: fix sign conversion warnings on 32-bit architectures
    * chkstat: allow simultaneous use of `--set` and `--system`
    * regtest: adjust TestUnkownOwnership test to new warning output behaviour
* Mon May 18 2020 malte.kraus@suse.com
  - Update to version 20200518:
    * whitelist texlive public binary (bsc#1171686)
* Fri May 15 2020 matthias.gerstner@suse.com
  - Update to version 20200514:
    * fixed permissions: adjust to new libexec dir location (bsc#1171164)
      (affects utempter path)
* Wed May 13 2020 matthias.gerstner@suse.com
  - Update to version 20200513:
    * major rewrite of the chkstat tool
    * setuid bit for cockpit (bsc#1169614)
* Thu May 07 2020 malte.kraus@suse.com
  - Update to version 20200506:
    * add whitelist for files in /usr/lib to be also allowed in
      /usr/libexec (bsc#1171164)
* Tue Mar 24 2020 jsegitz@suse.de
  - Update to version 20200324:
    * whitelist s390-tools setgid bit on log directory (bsc#1167163)
    * whitelist WMP (bsc#1161335)
    * regtest: improve readability of path variables by using literals
    * regtest: adjust test suite to new path locations in /usr/share/permissions
    * regtest: only catch explicit FileNotFoundError
    * regtest: provide valid home directory in /root
    * regtest: mount permissions src repository in /usr/src/permissions
    * regtest: move initialialization of TestBase paths into the prepare() function
    * chkstat: suppport new --config-root command line option
    * fix spelling of icingacmd group
* Fri Feb 28 2020 malte.kraus@suse.com
  - Update to version 20200228:
    * chkstat: fix readline() on platforms with unsigned char
* Thu Feb 27 2020 malte.kraus@suse.com
  - Update to version 20200227:
    * remove capability whitelisting for radosgw
    * whitelist ceph log directory (bsc#1150366)
    * adjust testsuite to post CVE-2020-8013 link handling
    * testsuite: add option to not mount /proc
    * do not follow symlinks that are the final path element: CVE-2020-8013
    * add a test for symlinked directories
    * fix relative symlink handling
    * include cpp compat headers, not C headers
    * Move permissions and permissions.* except .local to /usr/share/permissions
    * regtest: fix the static PATH list which was missing /usr/bin
    * regtest: also unshare the PID namespace to support /proc mounting
    * regtest: bindMount(): explicitly reject read-only recursive mounts
    * Makefile: force remove upon clean target to prevent bogus errors
    * regtest: by default automatically (re)build chkstat before testing
    * regtest: add test for symlink targets
    * regtest: make capability setting tests optional
    * regtest: fix capability assertion helper logic
    * regtests: add another test case that catches set*id or caps in world-writable sub-trees
    * regtest: add another test that catches when privilege bits are set for special files
    * regtest: add test case for user owned symlinks
    * regtest: employ subuid and subgid feature in user namespace
    * regtest: add another test case that covers unknown user/group config
    * regtest: add another test that checks rejection of insecure mixed-owner paths
    * regtest: add test that checks for rejection of world-writable paths
    * regtest: add test for detection of unexpected parent directory ownership
    * regtest: add further helper functions, allow access to main instance
    * regtest: introduce some basic coloring support to improve readability
    * regtest: sort imports, another piece of rationale
    * regtest: add capability test case
    * regtest: improve error flagging of test cases and introduce warnings
    * regtest: support caps
    * regtest: add a couple of command line parameter test cases
    * regtest: add another test that checks whether the default profile works
    * regtests: add tests for correct application of local profiles
    * regtest: add further test cases that test correct profile application
    * regtest: simplify test implementation and readability
    * regtest: add helpers for permissions.d per package profiles
    * regtest: support read-only bind mounts, also bind-mount permissions repo
    * tests: introduce a regression test suite for chkstat
    * Makefile: allow to build test version programmatically
    * README.md: add basic readme file that explains the repository's purpose
    * chkstat: change and harmonize coding style
    * chkstat: switch to C++ compilation unit
  - add suse_version to end of permissions package version
* Thu Feb 13 2020 malte.kraus@suse.com
  - Update to version 20200213:
    * remove obsolete/broken entries for rcp/rsh/rlogin
    * chkstat: handle symlinks in final path elements correctly
    * Revert "Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)""
    * Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)"
* Tue Feb 04 2020 matthias.gerstner@suse.com
  - Update to version 20200204:
    * mariadb: settings for new auth_pam_tool (bsc#1160285)
    * chkstat:
    - add read-only fallback when /proc is not mounted (bsc#1160764)
    - capability handling fixes (bsc#1161779)
    - better error message when refusing to fix dir perms (#32)
* Mon Jan 27 2020 malte.kraus@suse.com
  - Update to version 20200127:
    * fix paths of ksysguard whitelisting
    * fix zero-termination of error message for overly long paths
* Thu Dec 05 2019 malte.kraus@suse.com
  - Update to version 20191205:
    * fix privilege escalation through untrusted symlinks (bsc#1150734,
      CVE-2019-3690)
* Wed Nov 27 2019 matthias.gerstner@suse.com
  - Update to version 20191122:
    * faxq-helper: correct "secure" permission for trusted group (bsc#1157498)
* Mon Nov 18 2019 malte.kraus@suse.com
  - Update to version 20191118:
    * whitelist ksysguard network helper (bsc#1151190)
* Tue Nov 12 2019 malte.kraus@suse.com
  - Update to version 20191112:
    * fix syntax of paranoid profile
    * fix squid permissions (bsc#1093414, CVE-2019-3688)
* Thu Oct 03 2019 tchvatal@suse.com
  - Add || exit 0 on the scriptlet as it can actually fail in
    rootless containers with podman. This makes sure the zypper
    does not abort the container creation.
    * the actual error looks like:
      /dev/zero: chown: Operation not permitted
* Fri Sep 13 2019 jsegitz@suse.de
  - Update to version 20190913:
    * setgid bit for nagios directory (bsc#1028975, bsc#1150345)
  - This also restructures the sources for the permission package
* Fri Aug 30 2019 malte.kraus@suse.com
  - Update to version 20190830:
    * dumpcap: remove 'other' executable bit because of capabilities (boo#1148788, CVE-2019-3687)
* Thu Aug 29 2019 malte.kraus@suse.com
  - Update to version 20190829:
    * add one more missing slash for icinga2
    * fix more missing slashes for directories
* Tue Aug 20 2019 malte.kraus@suse.com
  - Update to version 20190820:
    * cron directory permissions: add slashes
* Thu Jul 11 2019 malte.kraus@suse.com
  - Update to version 20190711:
    * iputils: Add capability permissions for clockdiff (bsc#1140994)
* Wed Jul 10 2019 opensuse-packaging@opensuse.org
  - Update to version 20190710:
    * iputils/ping: Drop effective capability
    * iputils/ping6: Remove definitions
* Thu Jun 13 2019 meissner@suse.com
  - Update to version 20190521:
    * singluarity: Add starter-suid for version 3.2.0
    * adjust settings for amanda to current binary layout
* Wed Jun 05 2019 jsegitz@suse.com
  - Move BuildRequires: back to main package
* Wed Jun 05 2019 jsegitz@suse.com
  - Moved requires to subpackages (bsc#1137257)
* Thu May 02 2019 jsegitz@suse.com
  - Fixed versions. Removed set_version from _service file, doesn't
    work with the new packaging. Call fix_version.sh to set current
    date as version instead
  - Fixed requires for -config and -zypp-plugin
* Tue Apr 30 2019 opensuse-packaging@opensuse.org
  - Update to version 20190429:
    * removed entry for /var/cache/man. Conflicts with packaging and man:man is
      the better setting anyway (bsc#1133678)
    * fixed error in description of permissions.paranoid. Make it clear that this
      is not a usable profile, but intended as a base for own developments
* Sat Apr 13 2019 jengelh@inai.de
  - Fix RPM group, fix hard requirement on documentation.
    Update description typography.
* Thu Apr 11 2019 jsegitz@suse.com
  - Created new subpackages -config, -doc and standalone package chkstat
    where we can start a better versioning scheme and require it from the
    original package
* Tue Feb 12 2019 jsegitz@suse.com
  - Update to version 20190212:
    * removed old entry for wodim
    * removed old entry for netatalk
    * removed old entry for suidperl
    * removed old entriy for utempter
    * removed old entriy for hostname
    * removed old directory entries
    * removed old entry for qemu-bridge-helper
    * removed old entries for pccardctl
    * removed old entries for isdnctrl
    * removed old entries for unix(2)_chkpwd
    * removed old entries for mount.nfs
    * removed old entries for (u)mount
    * removed old entry for fileshareset
    * removed old entries for KDE
    * removed old entry for heartbeat
    * removed old entry for gnome-control-center
    * removed old entry for pcp
    * removed old entry for lpdfilter
    * removed old entry for scotty
    * removed old entry for ia32el
    * removed old entry for squid
    * removed old qpopper whitelist
    * removed pt_chown entries. Not needed anymore and a bad idea anyway
    * removed old majordomo entry
    * removed stale entries for old ncpfs tools
    * removed old entry for rmtab
    * Fixed typo in icinga2 whitelist entry
    * New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale
      entries for VirtualBox
    * Removed whitelist for /usr/bin/su.core. According to comment a temporary
      hack introduced 2012 to help moving su from coretuils to util-linux. I
      couldn't find it anywhere, so we don't need it anymore
    * Remove entry for /usr/bin/yaps. We don't ship it anymore and the group that
      is used doesn't exists anymore starting with Leap 15, so it will not work
      there anyway. Users using this (old) package can do this individually
    * removed entry for /etc/ftpaccess. We currently don't have it anywhere (and
      judging from my search this has been the case for quite a while)
    * Ensure consistency of entries, otherwise switching between settings becomes
      problematic
    * Fix spelling of SUSE
    * permissions.local: fix typo
* Fri Nov 16 2018 opensuse-packaging@opensuse.org
  - Update to version 20181116:
    * zypper-plugin: new plugin to fix bsc#1114383
* Mon Nov 12 2018 opensuse-packaging@opensuse.org
  - Update to version 20181112:
    * singularity: remove -suid binaries that have been dropped since version
    2.4 (bsc#1028304)
* Tue Oct 30 2018 opensuse-packaging@opensuse.org
  - Update to version 20181030:
    * capability whitelisting: allow cap_net_bind_service for ns-slapd from 389-ds
* Mon Oct 29 2018 opensuse-packaging@opensuse.org
  - Update to version 20181029:
    * setuid whitelisting: add fusermount3 (bsc#1111230)
* Thu Oct 25 2018 opensuse-packaging@opensuse.org
  - Update to version 20181025:
    * setuid whitelisting: add authbind binary (bsc#1111251)
* Mon Aug 27 2018 opensuse-packaging@opensuse.org
  - Update to version 20180827:
    * setuid whitelisting: add firejail binary (bsc#1059013)
* Fri Aug 10 2018 opensuse-packaging@opensuse.org
  - Update to version 20180810:
    * setuid whitelisting: add lxc-user-nic (bsc#988348)
* Thu Aug 02 2018 opensuse-packaging@opensuse.org
  - Update to version 20180802:
    * whitelisting: added smc-tools LD_PRELOAD library (bsc#1102956)
* Tue Jul 24 2018 opensuse-packaging@opensuse.org
  - Update to version 20180724:
    * Fix wrong file path in help string
    * whitelisting: add spice-gtk usb helper setuid binary (bnc#1101420)
* Tue May 08 2018 astieger@suse.com
  - Update to version 20180508:
    * Capabilities for usage of Wireshark for non-root (bsc#957624)
* Thu Jan 25 2018 meissner@suse.com
  - Update to version 20180125:
    * the eror should be reported for permfiles[i], not argv[i], as these are not the same files. (bsc#1047247)
    * make btmp root:utmp (bsc#1050467)
* Mon Jan 15 2018 krahmer@suse.com
  - Update to version 20180115:
    * - polkit-default-privs: usbauth (bsc#1066877)
* Mon Dec 04 2017 kukuk@suse.com
  - fillup is required for post, not pre installation
* Thu Nov 30 2017 mpluskal@suse.com
  - Cleanup spec file with spec-cleaner
  - Drop conditions/definitions related to old distros
* Wed Nov 29 2017 astieger@suse.com
  - Update to version 20171129:
    * permissions: adding gvfs (bsc#1065864)
    * Allow setgid incingacmd on directory /run/icinga2/cmd bsc#1069410
    * Allow fping cap_net_raw (bsc#1047921)
* Thu Nov 23 2017 rbrown@suse.com
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Tue Nov 21 2017 krahmer@suse.com
  - Update to version 20171121:
    * - permissions: adding kwayland (bsc#1062182)
* Mon Nov 06 2017 eeich@suse.com
  - Update to version 20171106:
    * Allow setuid root for singularity (group only) bsc#1028304
* Wed Oct 25 2017 jsegitz@suse.com
  - Update to version 20171025:
    * Stricter permissions on cron directories (paranoid) and stricter permissions on sshd_config (secure/paranoid)
* Thu Sep 28 2017 astieger@suse.com
  - Update to version 20170928:
    * Fix invalid syntax bsc#1048645 bsc#1060738
* Wed Sep 27 2017 pgajdos@suse.com
  - Update to version 20170927:
    * fix typos in manpages
* Fri Sep 22 2017 astieger@suse.com
  - Update to version 20170922:
    * Allow setuid root for singularity (group only) bsc#1028304
* Wed Sep 13 2017 astieger@suse.com
  - Update to version 20170913:
    * Allow setuid for shadow newuidmap, newgidmap bsc#979282, bsc#1048645)
* Wed Sep 06 2017 opensuse-packaging@opensuse.org
  - Update to version 20170906:
    * permissions - copy dbus-daemon-launch-helper from / to /usr - bsc#1056764
    * permissions: Adding suid bit for VBoxNetNAT (bsc#1033425)
* Wed Jun 07 2017 dimstar@opensuse.org
  - BuildIgnore group(trusted): we don't really care for this group
    in the buildroot and do not want to get system-users into the
    bootstrap cycle as we can avoid it.
* Sat Jun 03 2017 meissner@suse.com
  - Require: group(trusted), as we are handing it out to some unsuspecting
    binaries and it is no longer default. (bsc#1041159 for fuse, also cronie, etc)
* Fri Jun 02 2017 meissner@suse.com
  - Update to version 20170602:
    * make /etc/ppp owned by root:root. The group dialout usage is no longer used
* Sun Aug 07 2016 meissner@suse.com
  - Update to version 20160807:
    * suexec2 is a symlink, no need for permissions handling
* Tue Aug 02 2016 meissner@suse.com
  - Update to version 20160802:
    * list the newuidmap and newgidmap, currently 0755 until review is done (bsc#979282)
    * root:shadow 0755 for newuidmap/newgidmap
* Tue Aug 02 2016 krahmer@suse.com
  - adding qemu-bridge-helper mode 04750 (bsc#988279)
* Mon May 23 2016 dimstar@opensuse.org
  - Introduce _service to easier update the package. For simplicity,
    change the version from yyyy.mm.dd to yyyymmdd (which is eactly
    %cd in the _service defintion). Upgrading is no problem.
* Mon May 23 2016 meissner@suse.com
  - chage only needs read rights to /etc/shadow, so setgid shadow is sufficient (bsc#975352)
* Wed Mar 30 2016 meissner@suse.com
  - permissions: adding gstreamer ptp file caps (bsc#960173)
* Fri Jan 15 2016 meissner@suse.com
  - the apache folks renamed suexec2 to suexec with symlink. adjust both (bsc#962060)
* Tue Jan 12 2016 meissner@suse.com
  - pinger needs to be squid:root, not root:squid (there is no squid group) bsc#961363
* Thu Oct 29 2015 meissner@suse.com
  - add suexec with 0755 to all standard profiles. this can and should be overridden in permissions.local if you need it setuid root. bsc#951765 bsc#263789
  - added missing / to the squid specific directories (bsc#950557)
* Mon Sep 28 2015 meissner@suse.com
  - adjusted radosgw to root:www mode 0750 (bsc#943471)
* Mon Sep 28 2015 meissner@suse.com
  - radosgw can get capability cap_bind_net_service (bsc#943471)
* Mon Jun 08 2015 meissner@suse.com
  - remove /usr/bin/get_printing_ticket; (bnc#906336)
* Wed Dec 03 2014 krahmer@suse.com
  - Added iouyap capabilities (bnc#904060)
* Wed Nov 05 2014 meissner@suse.com
  - %{_bindir}/get_printing_ticket turned to mode 700, setuid root no longer needed (bnc#685093)
  - permissions: incorporating squid changes from bnc#891268
  - hint that chkstat --system --set needs to be run after editing bnc#895647
* Tue Aug 26 2014 meissner@suse.com
  - Do not applies permissions from backup files (~ / .rpmsave / .rpmnew) (bnc#893370)
  - do not mention SuSEconfig anymore, long dead (bnc#843083)
* Fri Aug 01 2014 meissner@suse.com
  - append a / to /var/log/journal so the framework makes sure it is a directory bnc#888151
* Wed Jul 23 2014 meissner@suse.com
  - make innbind mode 4550  (bnc#876287)
  - permissions: Adding systemd-journal directory (bnc#888151)
* Mon Jul 21 2014 krahmer@suse.com
  - permissions: Adding new kdesud path for KDE5 (bnc#872276)
* Tue Jul 01 2014 meissner@suse.com
  - vlock_main lost its permission checking, so remove from here.
* Mon Jun 16 2014 meissner@suse.com
  - opiesu,wodim,vlock-main have no setuid root. (bnc#882035)
* Thu Jun 05 2014 meissner@suse.com
  - tighten /etc/crontab to be always mode 600, even in easy (bnc#867799)
* Tue Apr 15 2014 meissner@suse.com
  - duplicate /var/run entries to /run (bnc#873708)
* Mon Mar 24 2014 krahmer@suse.com
  - permissions: incorporating capability for mtr, removing +s from ping
    (bnc#865351)
* Mon Oct 28 2013 meissner@suse.com
  - GIT repo moved to GITHUB.
  - removed the setuid bit from "eject" (bnc#824406)
* Thu Aug 22 2013 meissner@suse.com
  - do not use magic constants for strlen (bnc#834790
* Wed Aug 21 2013 meissner@suse.com
  - Chrome sandbox also allowed to be setuid root in secure mode now (bnc#718016)
* Fri Aug 16 2013 meissner@suse.com
  - use PERMISSION_FSCAPS
* Fri Aug 16 2013 meissner@suse.com
  - it is PERMISSIONS_FSCAPS (bnc#834790)
  - qemu-bridge-helper has no special privileges currently (bnc#765948)
* Wed Jun 12 2013 meissner@suse.com
  - utempter helper binary moved in new version to /usr/lib/utempter/utempter (bnc#823302)
* Mon Jun 10 2013 meissner@suse.com
  - cdrtools: allow some filesystem capabilities for more stable CD/DVD
    burning in "easy" mode. (bnc#550021) (cap_sys_nice, cap_sys_rawio,
    cap_sys_resource, cap_ipc_lock)
* Wed May 08 2013 meissner@suse.com
  - leave out readcd,cdda2wav,cdrecord until it is ready for the distro (bnc#550021)
* Sat May 04 2013 meissner@suse.com
  - cdrecord currently has no special permissions approved (bnc#550021)
  - append a /
* Tue Jan 29 2013 meissner@suse.com
  - Allow pcp to have stickybit worldwriteable directories
* Tue Nov 27 2012 meissner@suse.com
  - add /usr/bin/dumpcap to watchlist
  - make fscaps=1 the default on ""
  - added PERMISSION_FSCAPS to the sysconfig/security fillup template.
  - /bin/ping(6) was moved to /usr/bin/ping(6) /bin/eject was moved to /usr/bin/eject
* Wed Nov 21 2012 lnussel@suse.de
  - apply permissions settings in %post. During initial installation
    some packages might be installed before the permissions package
    due to dependency loops so we need to make sure their settings
    are applied too. Also, on update of the permissions package
    changed permission settings may need to be applied.
* Mon Oct 15 2012 lnussel@suse.de
  - temporarily add su.core. workaround for the migration of su from
    coreutils to util-linux needs to be reverted as soon as util-linux
    is also in
* Tue Sep 25 2012 meissner@suse.com
  - no longer install SuSEconfig.permissions, SuSEconfig is gone.
* Fri Jul 06 2012 meissner@suse.com
  - enable ecryptfs-utils setuid root mount wrapper (bnc#740110) in .easy
* Mon Jun 04 2012 lnussel@suse.de
  - remove /var/run/vi.recover (bnc#765288)
* Fri Jun 01 2012 lnussel@suse.de
  - remove /var/cache/fonts (bnc#764885)
  - remove /var/lib/xemacs/lock/ (bnc#764887)
* Thu May 31 2012 lnussel@suse.de
  - Revert "Use credentials from within the root file system"
    breaks use of --root option in brp-05-permissions
* Tue May 15 2012 lnussel@suse.de
  - print warning when requested to check not listed files
  - Use credentials from within the root file system
* Wed Feb 08 2012 lnussel@suse.de
  - add duplicate entries for / and /usr (bnc#745622)
* Tue Feb 07 2012 lnussel@suse.de
  - add scripts for automatic package sumission
  - drop zypp-refresh-wrapper (bnc#738677)
* Mon Nov 07 2011 lnussel@suse.de
  - disable run time fscaps detection (bnc#728312)
* Fri Sep 23 2011 lnussel@suse.de
  - set permission by default in SuSEconfig mode as permissions are
    only set when called explicitly anyways (bnc#720010).
* Wed Sep 21 2011 lnussel@suse.de
  - fix typo in path
* Tue Sep 20 2011 lnussel@suse.de
  - remove world writable /var/crash again (bnc#438041)
  - remove world writable permissions from /usr/src/packages (bnc#719217)
* Tue Sep 20 2011 lnussel@suse.de
  - add chromium browser sandbox helper (bnc#718016)
  - don't offer PERMISSION_SECURITY in config anymore
  - remove setgid games bits (bnc#429882)
* Tue Jun 28 2011 lnussel@suse.de
  - remove setuid bit from opiesu (bnc#698772)
* Fri Jun 17 2011 lnussel@suse.de
  - disable fscaps by default as factory kernel still doesn't have the
    required patch for auto detection
* Thu May 26 2011 lnussel@suse.de
  - read /sys/kernel/fscaps for fscaps settings
* Thu May 12 2011 lnussel@suse.de
  - change path to gnome-pty-helper (bnc#690202)
* Mon Mar 07 2011 lnussel@suse.de
  - setuid bit on VBoxNetDHCP (bnc#669055)
* Mon Feb 14 2011 lnussel@suse.de
  - fix hawk permissions (bnc#665045)
* Wed Feb 09 2011 lnussel@suse.de
  - add hawk (bnc#665045)
* Thu Dec 02 2010 lnussel@suse.de
  - remove Xorg setuid bit (bnc#632737)
* Thu Nov 18 2010 lnussel@suse.de
  - update permissions of lastlog, faillog, wtmp, utmp and btmp
* Wed Nov 17 2010 lnussel@suse.de
  - remove permissions handling for /etc/inittab, /etc/inetd.conf and /etc/mtab
  - revert previous commit, done in coreutils instead
* Tue Nov 16 2010 lnussel@suse.de
  - change fillup deps to requires to avoid coreutils loop
* Tue Nov 16 2010 lnussel@suse.de
  - change utempter from group tty to group utmp (bnc#652877)
* Tue Nov 09 2010 lnussel@suse.de
  - add permissions man page
  - update docu
  - add --level option
  - set perms for setuid files always if owner changes
  - strip root dir when printing file names
* Tue Nov 09 2010 lnussel@suse.de
  - add option to explicitly warn only
* Fri Nov 05 2010 lnussel@suse.de
  - reimplement the core features in chkstat itself instead of
    SuSEconfig.permissions
* Thu Nov 04 2010 lnussel@suse.de
  - don't make changes if not called explicitly
* Wed Nov 03 2010 lnussel@suse.de
  - add support for file system capabilities
* Mon Oct 18 2010 lnussel@suse.de
  - remove vlock (bnc#629236#c13)
* Tue Oct 05 2010 lnussel@suse.de
  - update path to gnome-pty-helper (bnc#634199)
* Wed Sep 22 2010 lnussel@suse.de
  - vlock -> vlock-main (bnc#629236)
* Mon Jun 28 2010 jengelh@medozas.de
  - use %_smp_mflags
* Fri Apr 23 2010 lnussel@suse.de
  - add lockdev (bnc#588325)
* Wed Apr 07 2010 lnussel@suse.de
  - update for innd update (bnc#594393)
  - remove lppasswd (bnc#574336)
* Tue Dec 08 2009 jengelh@medozas.de
  - enable parallel building
* Wed Oct 07 2009 lnussel@suse.de
  - add /usr/lib/virtualbox/VBoxNetAdpCtl (bnc#533550)
* Thu Aug 27 2009 lnussel@suse.de
  - add /usr/src/packages/BUILDROOT/ for rpm 4.7
* Wed Aug 26 2009 lnussel@suse.de
  - add more arm directories to /usr/src/packages/RPMS/
* Mon Aug 24 2009 lnussel@suse.de
  - remove permissions handling for traceroute6 and cdrecord which are
    symlinks nowadays
* Thu Aug 20 2009 lnussel@suse.de
  - fix weird sendfax permissions (bnc#525954)
* Wed Aug 19 2009 lnussel@suse.de
  - permissions now maintained at gitorious so use tarball instead of
    individual files
* Wed Aug 12 2009 meissner@suse.de
  - added polkit setuid root helpers after review (bnc#523377)
* Fri Aug 07 2009 meissner@suse.de
  - also added KDE4 start_kdeinit (same source as kde3 start_kdeinit),
    bnc#523833
* Thu Aug 06 2009 meissner@suse.de
  - open-vm-tools gets setuid root:root in mode easy (bnc#474285)
* Tue Jul 28 2009 lnussel@suse.de
  - hylafax directory permissions are handled by the package
    - change group of amanda binaries (bnc#523006)
* Mon Mar 02 2009 lnussel@suse.de
  - add some missing slashes to directories and remove entries for at
    and cron (bnc#480855)
* Tue Nov 25 2008 lnussel@suse.de
  - add VirtualBox (bnc#429725)
* Fri Nov 07 2008 lnussel@suse.de
  - add newrole from policycoreutils (bnc#440596)
* Thu Oct 23 2008 lnussel@suse.de
  - add udev device files (bnc#438039)
  - add system crash dump directory (bnc#438041)
  - add bind chroot devices (bnc#438045)
* Mon Oct 20 2008 lnussel@suse.de
  - dbus-daemon-launch-helper neeeds to be setuid in level secure
    (bnc#435776)
* Thu Sep 25 2008 lnussel@suse.de
  - change /var/games to 755 to prevent ill-considered maneuvers there
    (bnc#429882)
* Thu Sep 11 2008 lnussel@suse.de
  - remove static smpppd config file permissions
  - fix permissions of polkit-set-default-helper
  - grant permissions to PolicyKit helpers also in level secure
* Tue Jul 15 2008 lnussel@suse.de
  - ensure correct permissions on ssh files to avoid sshd refusing
    logins (bnc#398250)
* Thu Jul 03 2008 lnussel@suse.de
  - adapt permissions of lppasswd for current cups setup (bnc#406058)
* Mon Jun 02 2008 lnussel@suse.de
  - add mount.nfs due to an ever increasing number of users
    hit by the regression (bnc#331020, bnc#304318)
* Wed May 07 2008 lnussel@suse.de
  - zypp-checkpatches-wrapper -> zypp-refresh-wrapper (bnc#385207)
* Mon Apr 21 2008 lnussel@suse.de
  - /dev/full should be 0666 (bnc#379545)
* Thu Apr 17 2008 lnussel@suse.de
  - update chkstat manpage and support '--' argument for chkstat
    (bnc#57438)
* Wed Mar 12 2008 lnussel@suse.de
  - new PolicyKit permissions (bnc#295341)
  - remove obsolete entries for scmxx and zapping
* Mon Jan 07 2008 lnussel@suse.de
  - remove setuid bits on man (#351988)
* Mon Dec 03 2007 lnussel@suse.de
  - add dbus-daemon-launch-helper (#333361)
* Fri Nov 02 2007 dmueller@suse.de
  - kcheckpass/kdesud moved to %_libdir/kde4/libexec
* Wed Oct 17 2007 lnussel@suse.de
  - remove bing (#306626)
* Fri Oct 12 2007 lnussel@suse.de
  - remove suexec2 (#263789)
* Fri Aug 10 2007 aj@suse.de
  - Readd nscd socket permissions, otherwise glibc build will fail.
* Fri Aug 10 2007 lnussel@suse.de
  - add PolicyKit helpers (#295341)
* Wed Aug 08 2007 lnussel@suse.de
  - remove nscd socket permission handling as chkstat refuses to touch
    that file anyways (#298334).
* Tue Jun 12 2007 schwab@suse.de
  - permissions.local: Fix comment to use uid:gid instead of uid.gid.
* Fri Jun 01 2007 lnussel@suse.de
  - package /etc/permissions.local
* Wed May 30 2007 lnussel@suse.de
  - add /usr/bin/kcheckpass and /usr/bin/kdesud (#276502)
* Wed Apr 18 2007 dmueller@suse.de
  - create debuginfo package (#265667)
* Thu Feb 22 2007 lnussel@suse.de
  - prefer package specific permissions files over central ones
    (#246252)
* Thu Feb 22 2007 lnussel@suse.de
  - add /opt/kde3/bin/start_kdeinit (#203535)
  - remove entries for dropped packages OpenPBS and xtetris
* Wed Jan 17 2007 lnussel@suse.de
  - make pam authentication helpers unix_chkpwd, unix2_chkpwd and
    pam_auth setuid root instead of setgid shadow (#216816)
* Wed Jan 10 2007 sbrabec@suse.cz
  - Prefix of /opt/gnome binaries changed to /usr.
  - Removed gnome-stones.
* Mon Nov 13 2006 lnussel@suse.de
  - remove khc_indexbuilder (#188192)
* Mon Oct 16 2006 lnussel@suse.de
  - add zypp patch checking helper (#211286)
* Wed Aug 23 2006 lnussel@suse.de
  - /usr/X11R6 -> /usr
  - remove obsolete entries for xmris,pcmcia-cardinfo,geki2,vmware,nicimud
* Thu Aug 17 2006 cthiel@suse.de
  - change paths for v4l-conf from /usr/X11R6/bin to /usr/bin
* Thu Jul 20 2006 sndirsch@suse.de
  - Xorg moved from /usr/X11R6/bin to /usr/bin; fixes build of
    xorg-x11-server package
* Tue Jun 27 2006 lnussel@suse.de
  - remove setuid bit on gpg (#137562)
* Fri May 19 2006 lnussel@suse.de
  - add get_printing_ticket in order to enable smb printing with
    kerberos authentication (#177114)
* Wed May 17 2006 lnussel@suse.de
  - add setuid bit to gnomesu-pam-backend in level secure (#175616)
* Thu Feb 23 2006 schwab@suse.de
  - /usr/lib/ia32el/suid_libia32x.so renamed to suid_ia32x_loader.
* Wed Jan 25 2006 mls@suse.de
  - converted neededforbuild to BuildRequires
* Mon Jan 16 2006 meissner@suse.de
  - removed pmount, pumount.
  - moved pmpost to /usr/lib/pcp/pmpost.
* Thu Dec 15 2005 lnussel@suse.de
  - /opt/kde3/bin/fileshareset -> /usr/bin/fileshareset
* Fri Dec 09 2005 meissner@suse.de
  - temporary only setuid bit for pmount and pumount. #135792
* Wed Nov 23 2005 lnussel@suse.de
  - add /usr/bin/fusermount (#133657)
* Mon Nov 21 2005 lnussel@suse.de
  - remove Xwrapper, it's a symlink nowadays (#134611)
* Wed Nov 02 2005 dmueller@suse.de
  - don't build as root
* Thu Oct 13 2005 meissner@suse.de
  - nici moved to /var/opt/novell/...
* Tue Oct 11 2005 meissner@suse.de
  - Temporary added setuid binary from "nici" (Novell I? Crypto Interface),
    bug #127545.
* Fri Sep 30 2005 lnussel@suse.de
  - add slashes to several directories (#103186)
  - change /var/games to games:games 775 again (#103186)
* Tue Aug 30 2005 lnussel@suse.de
  - remove kpopup helper (#100132)
* Thu Aug 25 2005 lnussel@suse.de
  - add /opt/gnome/sbin/change-passwd (#104993)
* Thu Aug 11 2005 lnussel@suse.de
  - remove xmcd (#104040)
  - add suexec2 from apache2 (#66304)
  - add exim (#66306)
* Thu Aug 11 2005 lnussel@suse.de
  - remove /opt/gnome/bin/iagno (#103844)
* Wed Aug 10 2005 lnussel@suse.de
  - remove xbl (#103762)
  - clean up bsd games list (#103785)
  - remove score files as they are the same in all levels anyways
* Wed Aug 10 2005 lnussel@suse.de
  - change /var/games{,/xsok} to root:root (#103186)
* Fri Aug 05 2005 lnussel@suse.de
  - /usr/sbin/isdnctrl -> /sbin/isdnctrl (#100750)
* Tue Aug 02 2005 lnussel@suse.de
  - remove kde games again. Turned out they don't work as intended.
* Tue Aug 02 2005 lnussel@suse.de
  - cardctl -> pccardctl (#100120)
* Fri Jul 22 2005 lnussel@suse.de
  - add setgid games to some kde games
* Wed Jun 08 2005 lnussel@suse.de
  - use correct gnomesu-pam-backend path
* Tue Jun 07 2005 lnussel@suse.de
  - add gnomesu-pam-backend (#75823)
  - add lppasswd (#66305)
  - make ntping 4750 root:trusted also in easy (#66211)
  - add cl_status from heartbeat (#66310)
  - remove unused /opt/gnome/sbin/change-passwd
* Mon May 16 2005 ro@suse.de
  - added /opt/gnome/sbin/change-passwd
* Mon Apr 25 2005 lnussel@suse.de
  - add OpenPBS permissions (#66320)
* Tue Mar 01 2005 lnussel@suse.de
  - fix inn permissions (#67032)
  - remove setuid bit from ziptool (#66191)
* Wed Feb 23 2005 lnussel@suse.de
  - remove no longer existing files
  - remove setuid plpnfsd (#66207)
  - remove setuid bit from dga program
  - change vmware permissions
  - add /opt/kde3/bin/receivepopup (#66313)
  - add /opt/kde3/bin/fileshareset (#66312)
  - add /usr/bin/scmxx (#66309)
  - add some missing mailman files (#66315)
  - include perl script to perform some basic consistency checks
* Mon Jan 31 2005 meissner@suse.de
  - backported security fix from SLES 9 branch. #43035
* Sat Jan 15 2005 schwab@suse.de
  - Comment fixes.
* Mon Nov 22 2004 sndirsch@suse.de
  - permissions.secure: set Xorg to 0711 (4711 before)
* Wed Nov 10 2004 ro@suse.de
  - /var/cache/fonts to 1777 (as in tetex perms before)
* Mon Nov 08 2004 kukuk@suse.de
  - Add nscd socket to permissions file
* Tue Sep 14 2004 ro@suse.de
  - do not use rpm in SuSEconfig.permissions (#45252)
* Tue Sep 14 2004 ro@suse.de
  - dropped check for perl in SuSEconfig.permissions (#45252)
* Wed May 26 2004 draht@suse.de
  - /usr/lib/ia32el/suid_libia32x.so set to (6755,0755,0755) (#40234)
    source code audit in progress (#40234) (thomas)
* Fri May 14 2004 ro@suse.de
  - /usr/lib/ia32el/suid_libia32x.so added to easy,secure,paranoid
    (0755,0755,0755) (#40234)
* Thu Apr 15 2004 sndirsch@suse.de
  - XFree86 --> Xorg in permissions files
* Tue Apr 06 2004 mls@suse.de
  - added --root option for buildroot operation
* Mon Apr 05 2004 mls@suse.de
  - chkstat: fixed relative symlink chasing
  - /usr/src/packages/RPMS back to 1777 in easy, as chkstat can
    now handle it
* Sun Apr 04 2004 mls@suse.de
  - chkstat: added missing link count check and safepath() function
  - chkstat: refuse to give away s-bits on insecure paths
  - chkstat: bugfix: stat file again after chown, as modes may have
    changed
* Fri Apr 02 2004 mls@suse.de
  - chkstat: re-implemented it in C to make it more secure
* Thu Apr 01 2004 kukuk@suse.de
  - Remove /var/lock/subsys [#37759]
  - Add sticky bit to /var/lock [#37759]
* Wed Mar 24 2004 draht@suse.de
  - make /usr/bin/gpg setuid root in easy+secure, 0755 in paranoid.
    [#33570].
* Tue Mar 23 2004 draht@suse.de
  - #36741: /usr/src/packages/RPMS 1777->0755 in easy.
* Mon Mar 22 2004 kukuk@suse.de
  - Fix syntax error in permission.easy
  - /usr/bin/ssh should be always 0755
* Fri Feb 13 2004 draht@suse.de
  - /var/run/uscreens (root:root 1777) added
* Thu Feb 12 2004 kukuk@suse.de
  - Don't modify group of crontab and at useless
* Fri Jan 09 2004 kukuk@suse.de
  - Add RPM directory for hppa2.0
* Fri Nov 21 2003 ro@suse.de
  - fpexec decrease go rights to 11
* Tue Nov 04 2003 ro@suse.de
  - inn scripts: u-w (not needed)
* Mon Nov 03 2003 schwab@suse.de
  - chkstat: fix option parsing.
* Wed Oct 29 2003 kukuk@suse.de
  - Sync permissions for shadow package
* Tue Oct 28 2003 ro@suse.de
  - require /sbin/SuSEconfig
* Tue Oct 28 2003 ro@suse.de
  - chkstat: added some new extensions:
    allow specifying singular files or a filelist to be checked
    output previous/current mode of a failed file
    adapted manpage
* Tue Oct 21 2003 draht@suse.de
  - permissions.secure: /etc/ftpusers 0640 root.root -> 0644
* Mon Oct 20 2003 ro@suse.de
  - permissions.*: use ":" and not "." to separate user/group
  - chkstat: output also which of (permissions/owner) is wrong
  - chkstat: don't try to chown if not root
* Tue Oct 14 2003 draht@suse.de
  - reformatting of all 4 permissions files. xkobo, rocksndiamonds,
    xlogical, lbreakout2 and ltris path adoptions.
    for future reference: :-)
    for i in permissions permissions.easy permissions.secure
    permissions.paranoid; do cat $i | \
    awk '/^(#|$)/ { print $0; next; }
    { if(NF > 3) {printf("error: %s\n",$0);exit};
      printf("%-55s %-17s %4s\n",$1,$2,$3)}' \
    > $i.. && mv $i.. $i; done
* Thu Sep 18 2003 kukuk@suse.de
  - Fix group of straps, popauth and ntping
  - Remove some GNOME games which do not need special rights anymore
* Tue Sep 16 2003 kukuk@suse.de
  - permissions.easy: change group of bing, vboxbeep, plpnfsd to
    trusted, majordomo/wrapper to daemon
* Tue Sep 16 2003 kukuk@suse.de
  - permissions.easy: change group of gpasswd and ziptool to trusted
* Tue Sep 02 2003 kkeil@suse.de
  - fix user fax for hylafax specific files
* Tue Sep 02 2003 kukuk@suse.de
  - fix path to cons.saver, remove setuid bit in paranoid (#25907)
  - remove screen
  - remove smail (dropped years ago)
* Mon Sep 01 2003 kkeil@suse.de
  - fix group for isdnctrl uucp --> dialout (#28997)
* Mon Sep 01 2003 draht@suse.de
  - feedback@suse.de -> http://www.suse.de/feedback in all files of
    the package. #29635.
* Sat Aug 23 2003 sndirsch@suse.de
  - added martian entries of package pachi
* Tue Aug 19 2003 mmj@suse.de
  - Add sysconfig metadata [#28937]
* Tue Jul 29 2003 draht@suse.de
  - fax changes from Tomas Crhak: faxq-helper and spool directories.
* Tue Jul 29 2003 ro@suse.de
  - gnome games moved back to /opt/gnome
* Mon Jul 28 2003 kukuk@suse.de
  - Remove /var/run from permissions file list [Bug #28289]
* Mon Jul 28 2003 kukuk@suse.de
  - /var/lib/gdm: Removed to solve [Bug #28257] for future products.
* Fri Jul 25 2003 draht@suse.de
  - /usr/lib/vte/gnome-pty-helper -> /opt/gnome/lib/vte/gnome-pty-helper
    The same with /opt/gnome/lib64/.
* Fri Jun 13 2003 kukuk@suse.de
  - /usr/lib/mgetty+sendfax/faxq-helper added 4711 in easy and secure
* Fri May 02 2003 sndirsch@suse.de
  - added /usr/games/pachi and /var/games/pachi.scores
* Mon Mar 10 2003 sndirsch@suse.de
  - added /usr/games/falconseye.bin
  - removed /usr/games/falconseye
* Mon Mar 10 2003 kukuk@suse.de
  - added /usr/lib64/vte/gnome-pty-helper until ported to utempter
* Sun Mar 09 2003 sndirsch@suse.de
  - added /usr/games/falconseye
  - removed old falconseye entries
* Thu Mar 06 2003 ro@suse.de
  - added /usr/lib/vte/gnome-pty-helper until ported to utempter
* Thu Feb 20 2003 mmj@suse.de
  - Add sysconfig metadata [#22686]
* Tue Feb 18 2003 kssingvo@suse.de
  - removed squid entries. They will be added and corrected to squids own
    permission file /etc/permissions.d/squid (bugzilla#23752):
    /var/squid
    /var/squid/cache
    /var/squid/logs
* Tue Feb 18 2003 draht@suse.de
  - /usr/games/trackballs added 2755 games.games in easy.
* Sun Feb 16 2003 adrian@suse.de
  - allow khc_indexbuilder to write into /var/cache/susehelp in easy mode
  - remove old entries (kreatecd and kscd)
* Mon Feb 10 2003 draht@suse.de
  - additions/changes (from #17012, Tobias Burnus):
    * read all files from the commandline at once and override
      entries given multiple times by the last entry
    * enable option --set in addition to -set
    * manpage adoptions
    * call chkstat only once from SuSEconfig.permissions
* Thu Feb 06 2003 ro@suse.de
  - /var/mtrack -> /var/lib/mtrack
* Tue Nov 19 2002 ro@suse.de
  - zapping_setup_fb moved to /opt/gnome/sbin
* Thu Nov 14 2002 bg@suse.de
  - added hppa to rpm subsystem in permissions files to be able to
    finish autobuild
* Thu Oct 24 2002 ro@suse.de
  - two more nethack flavors with sgid games in easy
* Tue Sep 10 2002 draht@suse.de
  - cda entries below /usr/X11R6/lib/X11/xmcd removed.
    index.html under /var/lib/xmcd/discog directories added
    world-writeable. This is not satisfactory. New user xmcd will be
    added in next release.
* Thu Sep 05 2002 draht@suse.de
  - /usr/X11R6/lib/X11/xmcd/bin-Linux-ia64/{cda,xmcd} added.
* Mon Aug 26 2002 draht@suse.de
  - removed all occurrences of kv4lsetup upon request by adrian+uli.
  - -s for xlock, xlock-mesa + xscreensaver (#18125), (#18132)
  - /usr/src/packages/RPMS/alphaev67 added.
  - added /sbin/unix2_chkpwd root.shadow 2755
  - -s /usr/sbin/papd (#18103)
* Wed Aug 21 2002 draht@suse.de
  - removed suid bits from heimdal's su and otp (#18104)
* Wed Aug 21 2002 draht@suse.de
  - remove setuid bit from traceroute due to new implementation by
    Olaf Kirch which doesn't need euid root. (#18101)
* Wed Aug 21 2002 draht@suse.de
  - removed lprng entries because of conflicts cups <-> lprng
* Wed Aug 21 2002 draht@suse.de
  - vboxbeep -> 0755 in secure.
* Mon Aug 19 2002 ro@suse.de
  - added prereq (#17956)
* Mon Aug 19 2002 uli@suse.de
  - added nethack for lib64 archs
* Mon Aug 19 2002 uli@suse.de
  - added xmcd for archs != i386
* Tue Aug 13 2002 draht@suse.de
  - gnome-games2 entries changed/adopted to /opt/gnome2 path.
* Tue Aug 13 2002 draht@suse.de
  - changed kcheckpass from 2755 root.shadow to 4755. (#17664)
* Wed Jul 31 2002 olh@suse.de
  - ncpmount, ncpumount, nwsfind, ncplogin, ncpmap root.trusted 4750
* Sat Jul 27 2002 kukuk@suse.de
  - Rename group wwwadmin to www
  - Rename group game to games
* Tue Jul 23 2002 draht@suse.de
  - added sapdb files, not setuid root in secure,paranoid.
* Mon Jul 22 2002 draht@suse.de
  - added frontpage files
* Tue Jul 16 2002 draht@suse.de
  - changed entries for mailman: group mdom -> mailman
* Tue Jul 16 2002 draht@suse.de
  - mailman sgid mdom files added to easy, secure and paranoid.
* Wed Jul 10 2002 draht@suse.de
  - .paranoid comment fixed about at and cron (#12159)
* Mon Jul 08 2002 draht@suse.de
  - ppp dialup networking fixes and cleanup.
* Mon Jul 08 2002 draht@suse.de
  - modifications: -s for pppd, world-writeable directories for
    kdemultimedia3-sound, gift, mips and armv4l RPMS directory.
* Fri Jul 05 2002 kukuk@suse.de
  - Add /usr/src/packages/RPMS/sparcv9 to easy,secure,paranoid.
* Thu Jul 04 2002 draht@suse.de
  - /usr/lib64/pt_chown added to easy,secure,paranoid.
* Mon Jul 01 2002 draht@suse.de
  - entries for packages added or changed:
    squid
    geki2
    d1x
    falconseye
    fdutils
    gewels
    gnome-games
    heimdal
    lbreakout
    lpdfilter
    lprng
    man
    mgetty (/var/spool/fax/outgoing/* need discussion)
    mtrack (locfile+satfile -> 0644)
    nethack
    nvi-m17n (/var/preserve/vi.recover -> 1777)
    opie (/bin -> /usr/bin)
    pcp
    plptools
    qpopper
    rp-pppoe (/usr/sbin/pppoe-wrapper)
    smpppd (/usr/sbin/cinternet-wwwrun wwwrun.dialout   2750)
    squid (/usr/sbin/pam_auth)
    su-wrapper
    xemacs (lock directory changed again? now /var/state/xemacs and /var/lib/xemacs)
    xgalaga
    xmcd
    xscrabble
* Sun Jun 30 2002 ro@suse.de
  - don't install all sources (spec file etc.)
* Fri Jun 28 2002 draht@suse.de
  - minor spec file change
* Fri Jun 28 2002 draht@suse.de
  - entries for packages added:
    ftpdir
    gnokii
    kamplus
    geki2
    aaa_dir (/tmp/.ICE-unix)
* Fri Jun 28 2002 draht@suse.de
  - unpack tar archive in source for convenience.
* Thu Jun 27 2002 olh@suse.de
  - update permissions of /usr/src/packages/RPMS/<arch>
* Fri Jun 21 2002 ro@suse.de
  - created package as split off from aaa_base

Files

No Filelist in the Package !

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Sep 30 22:53:47 2025