permissions-zypp-plugin-20181116-lp151.3.1 >  A \̛/=„wBϖ5%/2b0d,ήԃޔկR-h -}<3Bmrx&sQI}c7O ;Gm5 iiyomIiĩ !-0G4rnΊݩW2uYC2^aO˔Ŭjd[ V1E;(gB3r&tvNNQiAAMIXLjWbNp]E]FtÌ#65]L1b20ed078b7c536a8e5e5e9259695d3a74376fd70374a78a0636fca2123fbd867693d5214ee188b3c32de7548bf1528d943b126f)ԉ\̛/=„ԃ:} [C2cŭ{H> qSiՓ$%;yX5L;X?T\= .g?"?ښ$GEx}͑rH3"o q谹&X MU>3IjDqԓζ- ӊrvsyz’-QЊe'-_g ._H)JTT Z fw *${k>=}evAUwREq}G7x픎 4ViJ}Λs>p>,?d# - X $7@I cy    $ (8L`{(8#98#:#F`GtHIXY\]^b1cd<eAfDlFuXvhwxyzCpermissions-zypp-plugin20181116lp151.3.1A zypper commit plugin for calling chkstatThis package contains a plugin for zypper that calls `chkstat --system` after new packages have been installed. This is helpful for maintaining custom entries in /etc/permissions.local.\̚sheep84openSUSE Leap 15.1openSUSEGPL-2.0+https://bugs.opensuse.orgProductivity/Securityhttp://github.com/openSUSE/permissionslinuxnoarchAAA\̚\̚\̚\̚5e2ad820b66bf388d0ce3b05e2ce65e0b9d5bf25dacdac2624e4f71f0687ec6frootrootrootrootrootrootrootrootpermissions-20181116-lp151.3.1.src.rpmpermissions-zypp-plugin@    /usr/bin/python3libzypp(plugin:commit)permissionspython3-zypp-pluginrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)1201811163.0.4-14.6.0-14.0-15.2-14.14.1\8\b@[@[z@ZiZ\Z%8ZZ@Z@Z@ZNY|Y@Y˒Y@YY@Y7Y2Y1S@W"W@W@WBWBVV@VV2 @V +V +UuT~@TZ@jsegitz@suse.comjsegitz@suse.comopensuse-packaging@opensuse.orgmatthias.gerstner@suse.commeissner@suse.comkrahmer@suse.comkukuk@suse.commpluskal@suse.comastieger@suse.comrbrown@suse.comkrahmer@suse.comeeich@suse.comjsegitz@suse.comastieger@suse.compgajdos@suse.comastieger@suse.comastieger@suse.comopensuse-packaging@opensuse.orgdimstar@opensuse.orgmeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.comkrahmer@suse.comdimstar@opensuse.orgmeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.comkrahmer@suse.commeissner@suse.com- Added 0004-var-cache-man.patch. Removed entry for /var/cache/man. Conflicts with packaging and man:man is the better setting anyway (bsc#1133678)- Added 0001-whitelisting-update-virtualbox.patch (bsc#1120650) New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale entries for VirtualBox - Added 0002-consistency-between-profiles.patch Ensure consistency of entries, otherwise switching between settings becomes problematic - Added 0003-var-run-postgresql.patch (bsc#1123886) Whitelist for postgresql. Currently the checker doesn't complain because the directories aren't packaged, but that might change and/or our checkers might improve- Update to version 20181116: * zypper-plugin: new plugin to fix bsc#1114383 * singularity: remove dropped -suid binaries (bsc#1028304) * capability whitelisting: allow cap_net_bind_service for ns-slapd from 389-ds * setuid whitelisting: add fusermount3 (bsc#1111230) * setuid whitelisting: add authbind binary (bsc#1111251) * setuid whitelisting: add firejail binary (bsc#1059013) * setuid whitelisting: add lxc-user-nic (bsc#988348) * whitelisting: add smc-tools LD_PRELOAD library (bsc#1102956) * whitelisting: add spice-gtk usb helper setuid binary (bnc#1101420) * Fix wrong file path in help string * Capabilities for usage of Wireshark for non-root - remove 0001-whitelisting-add-spice-gtk-usb-helper-setuid-binary-.patch: is now contained in tarball.- 0001-whitelisting-add-spice-gtk-usb-helper-setuid-binary-.patch: add whitelisting for the spice-gtk setuid binary (bsc#1101420) for improved usability.- Update to version 20180125: * the eror should be reported for permfiles[i], not argv[i], as these are not the same files. (bsc#1047247) * make btmp root:utmp (bsc#1050467)- Update to version 20180115: * - polkit-default-privs: usbauth (bsc#1066877)- fillup is required for post, not pre installation- Cleanup spec file with spec-cleaner - Drop conditions/definitions related to old distros- Update to version 20171129: * permissions: adding gvfs (bsc#1065864) * Allow setgid incingacmd on directory /run/icinga2/cmd bsc#1069410 * Allow fping cap_net_raw (bsc#1047921)- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Update to version 20171121: * - permissions: adding kwayland (bsc#1062182)- Update to version 20171106: * Allow setuid root for singularity (group only) bsc#1028304- Update to version 20171025: * Stricter permissions on cron directories (paranoid) and stricter permissions on sshd_config (secure/paranoid)- Update to version 20170928: * Fix invalid syntax bsc#1048645 bsc#1060738- Update to version 20170927: * fix typos in manpages- Update to version 20170922: * Allow setuid root for singularity (group only) bsc#1028304- Update to version 20170913: * Allow setuid for shadow newuidmap, newgidmap bsc#979282, bsc#1048645)- Update to version 20170906: * permissions - copy dbus-daemon-launch-helper from / to /usr - bsc#1056764 * permissions: Adding suid bit for VBoxNetNAT (bsc#1033425)- BuildIgnore group(trusted): we don't really care for this group in the buildroot and do not want to get system-users into the bootstrap cycle as we can avoid it.- Require: group(trusted), as we are handing it out to some unsuspecting binaries and it is no longer default. (bsc#1041159 for fuse, also cronie, etc)- Update to version 20170602: * make /etc/ppp owned by root:root. The group dialout usage is no longer used- Update to version 20160807: * suexec2 is a symlink, no need for permissions handling- Update to version 20160802: * list the newuidmap and newgidmap, currently 0755 until review is done (bsc#979282) * root:shadow 0755 for newuidmap/newgidmap- adding qemu-bridge-helper mode 04750 (bsc#988279)- Introduce _service to easier update the package. For simplicity, change the version from yyyy.mm.dd to yyyymmdd (which is eactly %cd in the _service defintion). Upgrading is no problem.- chage only needs read rights to /etc/shadow, so setgid shadow is sufficient (bsc#975352)- permissions: adding gstreamer ptp file caps (bsc#960173)- the apache folks renamed suexec2 to suexec with symlink. adjust both (bsc#962060)- pinger needs to be squid:root, not root:squid (there is no squid group) bsc#961363- add suexec with 0755 to all standard profiles. this can and should be overridden in permissions.local if you need it setuid root. bsc#951765 bsc#263789 - added missing / to the squid specific directories (bsc#950557)- adjusted radosgw to root:www mode 0750 (bsc#943471)- radosgw can get capability cap_bind_net_service (bsc#943471)- remove /usr/bin/get_printing_ticket; (bnc#906336)- Added iouyap capabilities (bnc#904060)- %{_bindir}/get_printing_ticket turned to mode 700, setuid root no longer needed (bnc#685093) - permissions: incorporating squid changes from bnc#891268 - hint that chkstat --system --set needs to be run after editing bnc#895647sheep84 155691289220181116-lp151.3.1zypppluginscommitpermissions.py/usr/lib//usr/lib/zypp//usr/lib/zypp/plugins//usr/lib/zypp/plugins/commit/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Leap:15.1/standard/bfbf26e270d73e9d55ca27acd2cfe381-permissionscpioxz5x86_64-suse-linuxdirectoryPython script, ASCII text executableR3ي5W!Mutf-89ad0e85878a0a410de13c332f29a21285e187c38e6b1720c40d82230fb6a0a88? 7zXZ !t/]] crt:bLL <0y@wae&TL!Ӏj>nN;CmJqD̔(~_pf5CkfqŏsFu7ѣHp/I9j<짷Ql/06gduSbSEMXRAˊdB†n١/0d n>r4u3ߪԮb 2Z?@TN6:?t&XI랳)4wpɂ7ԍ⫌OgO@h]Uf)W )1HQyl%K(m*wxyl&-sWuI Lxe?] V#UͮaUJ^FNʗBuXŵ6̰fhZy.$ DyhJLrs ޸GX= ᪒cϘBEIQE=1/T0|w>ƒlAM`"$^i%dvei?h? +utA 2A I.zPܣd /: ,6ܳ*sԄۺm3i0-F;B՗Q{*[|f`d<9(0^3M_ ,bz .W}|V`țJn5^ų0?ğa75sz(xu5A>UNul>Eφi m> ӬeZ:k[PJL|hW/J\AۯC9<-|GS`[F\:&_WȈ$vzHT'U~L-$ Ѿ$6CoDrmY2b@Y S^C }"xfAE.`)zybpؽ>\\e}UvIL )˗'qj1Vp?&~nRdZA/CD7tea$β7zW>AWpa:C ˈMƑMP.dŝ0sbL86Ȗ@)>(Nu aUhSBw@9: +حP (5ŕ e֋89ے9@Wp\% %1GAQsvȻEe҅ߵ[IʚǓHFx؝dHfiT iXr7_u@V%<|~Ί$͝+%60Df+Ͽ`f99> (`s- ~}Hs &cc rFHmy]tEHt}nژVO5ekH;&,.DOCWxID $;rrPP0JOcHEl$'KWѳ9"DVKQOU@J_F!nF;Z%Wt.70|ߥB搛u5\YqXV s`X`[V3 ڠ%0]|Ӵ?ب*'T=$M}gDR"sT8Jމ c4~af://S#RLLa1: H0J(|TN}zޑ0]!)Wi){iR&}RHE2' wUԜV9%2A]1.Crfl7Xo4Jb0 %PB@{@Q (yz