%{!?python3: %global python3 %{__python3}} Name: rpmlint Version: 2.5.0 Release: 0.20240423120041437589.pr1227.854.g532599c3%{?dist} Summary: Tool for checking common errors in RPM packages License: GPLv2+ URL: https://github.com/rpm-software-management/rpmlint Source0: rpmlint-2.5.0.tar.gz BuildArch: noarch BuildRequires: python3-devel %if 0%{?suse_version} # Unfortunately, these don't get pulled in automatically... BuildRequires: python-rpm-macros BuildRequires: python3-setuptools # For tests BuildRequires: python3-python-magic BuildRequires: python3-pybeam BuildRequires: python3-pyenchant BuildRequires: python3-pytest BuildRequires: python3-pytest-cov BuildRequires: python3-pytest-xdist BuildRequires: python3-pyxdg BuildRequires: python3-rpm BuildRequires: python3-tomli BuildRequires: python3-tomli-w BuildRequires: python3-zstandard BuildRequires: python3-packaging %else BuildRequires: python3dist(setuptools) # For tests BuildRequires: python3dist(file-magic) BuildRequires: python3dist(pybeam) BuildRequires: python3dist(pyenchant) BuildRequires: python3dist(pytest) BuildRequires: python3dist(pytest-cov) BuildRequires: python3dist(pytest-xdist) BuildRequires: python3dist(pyxdg) BuildRequires: python3dist(rpm) BuildRequires: (python3dist(tomli) if python3 < 3.11) BuildRequires: python3dist(tomli-w) BuildRequires: python3dist(zstandard) BuildRequires: python3dist(packaging) %endif # Rest of the test dependencies BuildRequires: dash BuildRequires: /usr/bin/appstream-util BuildRequires: /usr/bin/checkbashisms BuildRequires: /usr/bin/desktop-file-validate # required for the systemd test BuildRequires: rpm_macro(_unitdir) %if 0%{?suse_version} BuildRequires: myspell-en_US BuildRequires: myspell-cs_CZ BuildRequires: myspell-fr_FR %else BuildRequires: hunspell-en BuildRequires: hunspell-cs BuildRequires: hunspell-fr %endif %if 0%{?fedora} || 0%{?rhel} >= 8 BuildRequires: glibc-langpack-en %endif %if 0%{?suse_version} BuildRequires: glibc-locale-base %endif %if 0%{?mageia} BuildRequires: locales-en %endif Requires: /bin/bash Requires: /usr/bin/appstream-util Requires: /usr/bin/bzip2 Requires: /usr/bin/checkbashisms Requires: /usr/bin/cpio Requires: /usr/bin/desktop-file-validate Requires: /usr/bin/groff Requires: /usr/bin/gtbl Requires: /usr/bin/ldd Requires: /usr/bin/man Requires: /usr/bin/perl Requires: /usr/bin/readelf Requires: /usr/bin/xz Requires: /usr/bin/zstd # Enable Python dependency generation %{?python_enable_dependency_generator} %description rpmlint is a tool for checking common errors in RPM packages. Binary and source packages as well as spec files can be checked. %prep %autosetup -n rpmlint-2.5.0 %build %py3_build %install %py3_install %check %python3 -m pytest %files %license COPYING %doc README* %{_bindir}/rpmlint %{_bindir}/rpmdiff %{python3_sitelib}/rpmlint* %changelog * Tue Apr 23 2024 Packit - 2.5.0-0.20240423120041437589.pr1227.854.g532599c3 - dbus-services: remove deepin-api entry until packaging issues are resolved (Matthias Gerstner) - whitelistings: drop no longer needed KDE5 whitelistings (Matthias Gerstner) - dbus-services: drop no longer present nfs-ganesha entry (Matthias Gerstner) - whitelistings: drop no longer needed pam_dbus entries (Matthias Gerstner) - pam-modules: whitelist pam_oslogin_admin.so (bsc#1222457) (Matthias Gerstner) - Revert "pam-modules: whitelist pam_lastlog2 now moved to util-linux (bsc#1222329)" (Matthias Gerstner) - dbus-services: whitelist dnf5daemon-server (bsc#1218327) (Matthias Gerstner) - pam-modules: whitelist pam_lastlog2 now moved to util-linux (bsc#1222329) (Matthias Gerstner) - Clarify what the real intent is of this check (Marcus Rückert) - dbus-services: power-profiles-daemon: reinstate legacy D-Bus whitelisting (bsc#1219957) (Matthias Gerstner) - Revert "dbus-services: Still provide old GDM whitelisting (bsc#1218922)" (Filippo Bonazzi) - openSUSE: Add netdata user/group (Mia Herkt) - Add forgejo group and user (Pi-Cla) - remove comment in setup.cfg (Luz Marina Montilla Marín) - dbus-services: power-profiles-daemon (bsc#1219956) (#1197) (Wolfgang Frisch) - test: mocked package in test_xinetd.py (Chaitanya Bisht) - SpecCheck: Add no-%check-section warning (Daniel Garcia Moreno) - Bump upper bound of suse_version to include ALP & current Factory (Dan Čermák) - test: add mocks folder and mocks for duplicates check (afrid18) - dbus-services: Still provide old GDM whitelisting (bsc#1218922) (Filippo Bonazzi) - dbus-services: whitelist sddm-kcm6 (bsc#1217188) (Matthias Gerstner) - whitelistings: merge redundant systemd vs. systemd-mini entries (Matthias Gerstner) - pam-modules: also whitelisted pam_system_loadkey for systemd-mini (bsc#1220249) (Matthias Gerstner) - dbus-services: adjust gdm whitelisting (bsc#1218922) (Matthias Gerstner) - pkg: remove unicode type reference in is_utf8_bytestr exception (danigm) - Refactored the is_utf8_bytestr function (Chaitanya Bisht) - readme: More specific title for building section (danigm) - test: imporve fixtures in test_duplicates.py (afrid18) - dbus-services: whitelist drkonqi KDE6 update (bsc#1220190) (Matthias Gerstner) - Add building documentation (Chaitanya Bisht) - pam-modules: whitelist pam_systemd_loadkey.so (bsc#1220249) (Matthias Gerstner) - Update README.md (Chaitanya Bisht) - dbus-services: whitelist kde-inotify-survey with KDE6 changes (bsc#1217191) (Matthias Gerstner) - dbus-services whitelist: adjust kde6 digests after fix in kauth6 (bsc#1220215) (Matthias Gerstner) - CI: Reenable mageia-cauldron in packit (Daniel Garcia Moreno) - test: Add tests to check non-standard-dir-perm (Daniel Garcia Moreno) - SpecCheck: Add patch-macro-old-format check (Daniel Garcia Moreno) - BinariesCheck: do not mark as binary eBPF ELF files (Daniel Garcia Moreno) - dbus-services: update systemd-homed (DeactivateAllHomes method, bsc#1219916) (Matthias Gerstner) - dbus-services: whitelist plasma6-workspace fontinst service (bsc#1217186) (Matthias Gerstner) - dbus-services: whitelist powerdevil6 (bsc#1217187) (Matthias Gerstner) - dbus-services: whitelist plasma6-disks (bsc#1217185) (Matthias Gerstner) - dbus-services: whitelist plasma6-desktop kcmclock (bsc#1217184) (Matthias Gerstner) - pam-modules: whitelist pam_kwallet6 (bsc#1217183) (Matthias Gerstner) - dbus-services: whitelist libksysguard6-plugins (bsc#1217182) (Matthias Gerstner) - change pyproject ruff config to toplevel (afrid18) - zypper-plugins: adjust libzypp-plugin-appdata to new content (bsc#1219873) (Matthias Gerstner) - dbus-services: whitelist kinfocenter6 (bsc#1217179) (Matthias Gerstner) - dbus-services: whitelist kf6-kauth (bsc#1217178) (Matthias Gerstner) - SUIDPermissionsCheck: support new /usr/share/permissions/packages.d dir (Matthias Gerstner) - SystemIstallCheck: Allow %service_del_postun_without_restart macro usage (Daniel Garcia Moreno) - sysctl-whitelist: update YAMA config (bsc#1219656) (Wolfgang Frisch) - users-groups: add groups for usbauth-notifier (Wolfgang Frisch) - cron-whitelist: patch2mail now uses systemd-timers (Wolfgang Frisch) - Register greeter user and group (Filippo Bonazzi) - test: Lazy load mock packages (Daniel Garcia Moreno) - test: Improve name of mock packages (Daniel Garcia Moreno) - pam-modules: whitelist pam_canonicalize_user (bsc#1219358) (Matthias Gerstner) - sendmail: permissions moved from /etc to /usr/share/permissions (bsc#1219339) (Wolfgang Frisch) - Fix the errors and suggestions to the flake8 command (Luz Marina Montilla Marín) - Clean all tests file (Luz Marina Montilla Marín) - config: Do not filter python-leftover-require for fedora (Daniel Garcia Moreno) - Fix misspelled variable: ENGLISH_ENVIROMENT to ENGLISH_ENVIRONMENT (Luz Marina Montilla Marín) - Clean tests file (Luz Marina Montilla Marín) - sendmail: permissions moved from /etc to /usr/share/permissions (bsc#1219339) (Wolfgang Frisch) - Move rpm2cpio to one line (Daniel Garcia Moreno) - test_file_digest: cover new glob features in package and path names (Matthias Gerstner) - PythonCheck: Check for python deps like python3.12dist(foo) (Daniel Garcia Moreno) - config: Filter python require checks for Fedora (Daniel Garcia Moreno) - sysctl-whitelist: use new package glob pattern (Matthias Gerstner) - FileDigestCheck: support glob patterns in package names (Matthias Gerstner) - FileDigestCheck: make glob patterns in filenames explicit (Matthias Gerstner) - sysctl-whitelist: add another package name for kubernetes1.29 (bsc#1219168) (Matthias Gerstner) - check: Implement reset method in checks (Daniel Garcia Moreno) - Disable Mageia CI builds due to system problem (Daniel Garcia Moreno) - check: Implement reset method in checks (Daniel Garcia Moreno) - test: Add another test for patch-not-applied (Daniel Garcia Moreno) - read rpm package directly with open() while extracting (Mikhail Campos Guadamuz) - remove redundant TODO comments; checking is handled with check_output() pretty well now (Mikhail Campos Guadamuz) - leave rpm2cpio as fallback for distros which do not have rpm2archive available yet (Mikhail Campos Guadamuz) - fix warnings about import order, attempt 2 (Mikhail Campos Guadamuz) - fix warnings about import order (Mikhail Campos Guadamuz) - Fixes for nsafe shell command (Mikhail Campos Guadamuz) - Drop rpm2cpio usage entirely (Mikhail Campos Guadamuz) - Fix digester for cronie whitelisting (bsc#1218756) (Filippo Bonazzi) - Adding support for RPM packages containing files greater than 4GB (Mikhail Campos Guadamuz) - cron-whitelist: adjust cronie-anacron again (bsc#1218756) (Matthias Gerstner) - systemd-tmpfiles whitelist: adjust package name for libtss-fapi (Callum Farmer) - dbus-services: certmonger: .conf renamed (bsc#1218616) (Wolfgang Frisch) - lint: Reset all checks for each package (Daniel García Moreno) - pam-modules: separate standard PAM module that have been already reviewed (Matthias Gerstner) - cron-whitelist: update cronie-anacron digest (bsc#1218107) (Matthias Gerstner) - SUIDPermissionsCheck: fix broken warnings and harmonize code (Matthias Gerstner) - Fix Aeon/Kalpa whitelisting distinct filenames (bsc#1217706, bsc#1217707) (Filippo Bonazzi) - polkit rules whitelisting: add gamemode rules (bsc#1217915) (Matthias Gerstner) - test: Extend tag tests to check 'W: missing-dependency-on' (Daniel Garcia Moreno) - polkit-rules, sudoers: add plasma-branding-Kalpa for special wheel group handling (bsc#1217707, bsc#1217706) (Matthias Gerstner) - cron-whitelist: remove obsolete opa-ff entries (Wolfgang Frisch) - cron-whitelist: remove obsolete logdigest entries (Wolfgang Frisch) - FileDigestCheck: Filter minor versions in shebangs. (Wolfgang Frisch) - fix readelf output encoding handling of errors (Carlos Rodriguez-Fernandez) - Ignore (and escape) symbols that are not valid utf8 (Dirk Müller) - Revert "Disable Mageia CI builds due to system problem" (Daniel Garcia Moreno) - Disable Mageia CI builds due to system problem (Daniel Garcia Moreno) - polkit-rules-whitelist: self auth as admin (bsc#1215652) (Wolfgang Frisch) - polkit-rules-whitelist: self auth as admin (bsc#1215652) (Wolfgang Frisch) - pam-modules: remove no longer packaged pam_oslogin_admin.so (Matthias Gerstner) - cron-whitelist: remove tmpwatch which migrated to systemd timers (bsc#1115458) (Matthias Gerstner) - cron-whitelist: drop sarg which as been replaced by systemd timers (Matthias Gerstner) - pam-modules: whitelist pam-himmelblau (bsc#1215355) (Matthias Gerstner) - dbus-services: whitelist passim service (bsc#1216434) (Matthias Gerstner) - CI: Add systemd-rpm-macros package (Daniel Garcia Moreno) - zypper-plugins: whitelist zypp-boot-plugin (bsc#1215988) (Matthias Gerstner) - Add pgadmin user/group (Antonio Larrosa) - dbus-services: adjust to etc -> usr move in thermald (bsc#1215873) (Matthias Gerstner) - dbus-services: remove obsolete entry for sysprof (Wolfgang Frisch) - Whitelist dbus service and configuration for policycoreutils-dbus (bsc#1213435) (Filippo Bonazzi) - polkit-rules-whitelist: add fudo rules (bsc#1215948) (Matthias Gerstner) - Add whitelisting for 90-kubeadm.conf (bsc#1215542) (Filippo Bonazzi) - sysctl-whitelist: remove old microos-tools entry (Wolfgang Frisch) - dbus-services: sddm-qt6 whitelisting (bsc#1215441) (Wolfgang Frisch) - dbus-services: update tukitd (bsc#1215216) (Wolfgang Frisch) - polkit, sudoers whitelist: add gnome-branding-Aeon (bsc#1215276) (Matthias Gerstner) - FileDigestCheck: do not use hash as variable name (Daniel Garcia Moreno) - FileDigestCheck: Adapt fstrings to python3.12 check (Daniel Garcia Moreno) - dbus-services: keep old deepin names around until rename is complete (bsc#1214101) (Matthias Gerstner) - whitelists: adjust package for systemd-homed components (bsc#1213692) (Matthias Gerstner) - Add missing dependency to rpmlint spec (Dan Čermák) - Update search regexes for %service_* macros (Dan Čermák) - Don't skip systemd scriptlet test on Fedora (Dan Čermák) - Improve systemd scriptlet test name (Dan Čermák) - bsc#1213292: adjust timesync1 dbus whitelisting (Filippo Bonazzi) - dbus-services: drop whitelisting that was never put into production (Matthias Gerstner) - cron-whitelist: drop dead suse-texlive entry (Matthias Gerstner) - pam-modules: drop dead pam_opie entry (sr#1065964) (Matthias Gerstner) - dbus-services: drop no longer needed dinstaller services (bsc#1208394) (Matthias Gerstner) - dbus-services: remove no longer packaged mumble-server (bsc#1209338) (Matthias Gerstner) - dbus-services: rename com.deepin.api to org.deepin.dde (bsc#1211376) (Matthias Gerstner) - sudoers-whitelist: adjust monitoring-plugins-smart (bsc#1211003) (Matthias Gerstner) - sysctl-whitelist: add kubernetes1.27 (bsc#1210951) (Wolfgang Frisch) - port to get_tested_path instead of testpath (Martin Liska) - pam-modules: whitelist pam_wtmpdb (bsc#1209963) (Matthias Gerstner) - pam-modules: Move pam_timestamp, pam_issue and pam-userdb (bsc#1210371) (Johannes Segitz) - flake8: fix C419 Unnecessary list comprehension passed to any() prevents short-circuiting (Martin Liska) - dbus-services: add libproxy whitelisting (bsc#1209376) (Matthias Gerstner) - pytest: use tmp_path mock instead of tmpdir (Martin Liska) - pam-module whitelist: add lastlog2 (bsc#1209238) (Wolfgang Frisch) - Fix TW CI due to the new flake8 release. (Martin Liska) - sysctl-whitelist: add further kubernetes versions (bsc#1209363) (Matthias Gerstner) - SpecCheck: allow more %suse_version value comparisons (Jan Engelhardt) - d-bus services: add kde-inotify-survey (bsc#1208689) (Wolfgang Frisch) - Add missing newline at the end of TOML files. (Martin Liska) - polkit-rules-whitelist: adjust libvirt-daemon rule to new sub-package (bsc#1208876) (Matthias Gerstner) - DbusPolicyCheck: use existing dbus-policy-missing-allow (Matthias Gerstner) - openSUSE/users-groups: kismet (bsc#1207654) (Wolfgang Frisch) - dbus-service: adjust sssd-dbus infopipe whitelisting to /usr (bsc#1207586) (Matthias Gerstner) - d-bus services: adjust NetworkManager-fortisslvpn from /etc to /usr (Wolfgang Frisch) - dbus-services: adjust pulseaudio to new /usr path (bsc#1207584) (Matthias Gerstner) - SymlinkExceptions: also exclude systemd-mini (Matthias Gerstner) - FileDigestCheck: allow multiple package names in ghost/symlink exceptions (Matthias Gerstner) - FileDigestCheck: support exceptions to symlink restrictions (Matthias Gerstner) - Revert "temporarily drop badness for sysctl-file-* errors" (Matthias Gerstner) - temporarily drop badness for sysctl-file-* errors (Martin Liska) - openSUSE: new whitelisting restriction for sysctl drop-in files (bsc#1174722) (Matthias Gerstner) - zypper-plugins whitelist: adjust libzypp-plugin-appdata (bsc#1206836) (Matthias Gerstner) - Update D-Bus whitelisting for NetworkManager-libreswan (bsc#1206757) (Wolfgang Frisch) - zypper-plugins: complement test whitelisting by a mismatching entry (Matthias Gerstner) - Update openSUSE's licenses.toml (Pi-Cla) - Franklin Street address is ok (Benson Muite) - openSUSE: new whitelisting restriction for zypper plugins (bsc#1204314) (Matthias Gerstner) - Update D-Bus whitelisting for NetworkManager-iodine (bsc#1206756) (Wolfgang Frisch) - Files in /etc/pam.d/ should be moved to /usr (Stefan Schubert) - pam-modules: pam_unix: adjust package name to pam (bsc#1206485) (Matthias Gerstner) - dbus-services: sddm: adjust to configuration file moved from /etc to /usr/share (Matthias Gerstner) - dbus-services: whitelist transaction-update-notifier (bsc#1206163) (Matthias Gerstner) - dbus-services: /etc -> /usr move for lightdm whitelisting (bsc#1205939) (Matthias Gerstner) - pam-modules whitelist: add pam_saslauthd (bsc#1205459) (Matthias Gerstner) - dbus-services: whitelist experimental YaST installer D-Bus backend (bsc#1202059) (Matthias Gerstner) - Remove Python entries from Filelist checks. (Daniel Garcia Moreno) - SpecCheck: Add python_sitelib glob check (Martin Liska) - dbus-service whitelist: move NetworkManager-openconnect to /usr (bsc#1204795) (Matthias Gerstner) - Whitelist /var/spool/mail in postfix-bdb (bsc#1179574) (Peter Varkoly) - dbus-services: document recent follow-up review of cups helpers (Matthias Gerstner) - FileDigestCheck: print digest hint for all possible filter types (Matthias Gerstner) - geoclue2: move dbus system.d file to /usr (bsc#1204054) (Filippo Bonazzi) - iio-sensor-proxy: move dbus system.d file to /usr (bsc#1204055) (Filippo Bonazzi) - gdm: move dbus system.d file to /usr (bsc#1204052) (Filippo Bonazzi) - sendmail: whitelisting for new systemd-tmpfiles entries for /run, /run/sendmail (bsc#1203340) (Paolo Perego) - Fix flake8 issue. (Martin Liska) - Fix test. (Martin Liska) - dbus-services: adjust tuned entry to path move to /usr (bsc#1202339) (Matthias Gerstner) - dbus-services: autofs: file digests (bsc#1203362) (Wolfgang Frisch) - fix bugzilla url as novell.com is dead (Martin Liska) - dbus-services: autofs: move from /etc to /usr (Wolfgang Frisch) - Whitelist /var/spool/mail in postfix, sendmail and exim (bsc#1179574) (Ludwig Nussel) - dbus-services: adjust/extend kdiskmark whitelisting (bsc#1202725) (Matthias Gerstner) - Increase badness for missing-hash-section check. (Martin Liska) - dbus-services: whitelist systemd-experimental: systemd-oomd (bsc#1202454) (Matthias Gerstner) - dbus-services: adjust to system-config-printer /etc -> /usr move (bsc#1202340) (Matthias Gerstner) - dbus-services: adjust to cups-pk-helper /etc -> /usr move (bsc#1202338) (Matthias Gerstner) - Whitelist gromox (bsc#1200165) (Filippo Bonazzi) - resolve some flake8 simplify issues (Martin Liska) - Port 2 usages of toml library to tomli. (Martin Liska) - Port TOML configs to tomli library (Martin Liska) - dbus-services: really adjust location from etc -> usr (Matthias Gerstner) - Revert "Add temporary workaround for systemd package." (Martin Liska) - Add skipping capability for openSUSE rpmlint package. (Martin Liska) - digest whitelists: remove now redundant sha256 algorithm specification (Matthias Gerstner) - FileDigestCheck: use sha256 digest algorithm by default (Matthias Gerstner) - dbus-services: adjust to PackageKit etc -> usr config file move (bsc#1201347) (Matthias Gerstner) - dbus-services: adjust to cups etc -> usr config file move (bsc#1201346) (Matthias Gerstner) - dbus-services: adjust to avahi etc -> usr config file move (bsc#1201345) (Matthias Gerstner) - whitelistings: fill in some missing metadata (Matthias Gerstner) - Improve syntax validation for digests. (Martin Liska) - systemd-tmpfiles: drop version from libtss2-fapi1 filename (Matthias Gerstner) - Add temporary workaround for systemd package. (Martin Liska) - Fix dbus-services config file. (Martin Liska) - dbus-services: adjust power-profiles-daemon to new path (bsc#1201125) (Matthias Gerstner) - systemd-tmpfiles whitelisting: also ignore -mini variants of systemd and udev (Matthias Gerstner) - dbus-services: move wpa_supplicant.conf to /usr (Wolfgang Frisch) - dbus-services: move dnsmasq.conf to /usr (Wolfgang Frisch) - systemd-tmpfiles check: raise badness to 10000 for strict config (Matthias Gerstner) - systemd-tmpfiles: whitelist currenty set of affected packages (Matthias Gerstner) - SystemdTmpfilesCheck: compare normalized lines for whitelistings (Matthias Gerstner) - polkit-rules: whitelist geoclue (bsc#1199767) (Matthias Gerstner) - Report binary in shlib-policy-name-error error (Martin Liska) - Remove extra prints from tests. (Martin Liska) - dbus-services: whitelist kinfocenter5 (bsc#1199735) (Wolfgang Frisch) - SystemdTmpfilesCheck: add additional unit test for parsing logic (Matthias Gerstner) - SystemdTmpfilesCheck: fix invalid member accesses (Matthias Gerstner) - tests: add coverage for new SystemdTmpfilesCheck (Matthias Gerstner) - pkg.py: FakePkg: support addition of ghost files (Matthias Gerstner) - SystemdTmpfilesCheck: new check to restrict systemd-tmpfiles configuration (Matthias Gerstner) - dbus-services: adjust bluez whitelisting to /usr (bsc#1199207) (Matthias Gerstner) - Fix wrong git merge conflict resolution. (Martin Liska) - dbus-services: update tukitd config hash to latest reviewed version (bsc#1196149 bsc#1197810 (Wolfgang Frisch) - dbus-services: remove dead gypsy whitelisting (Matthias Gerstner) - dbus-services.toml: adjust whitelisting for switcheroo-control (bsc#1199065) (Matthias Gerstner) - Remove empty line after loop. (Martin Liska) - dbus-services: remove gconf-polkit entry which is no longer shipped in Factory (Matthias Gerstner) - sudoers-whitelist: add another integration test whitelisting entry (Matthias Gerstner) - sudoers whitelist: add preliminary ceph whitelisting (bsc#1196141) (Matthias Gerstner) - Port opensuse checks. (Martin Liska) - sudoers whitelist: add test entry for rpmlint-integration-test OBS package (Matthias Gerstner) - new whitelist restriction for /etc/sudoers.d (bsc#1172785) (Matthias Gerstner) - dbus-services: whitelist usbguard (bsc#1196621) (Matthias Gerstner) - dbus-services: add missing config whitelist for tukitd (bsc#1196149) (Johannes Segitz) - dbus services: adjust to accountsservice path move (bsc#1197354) (Matthias Gerstner) - dbus services: NetworkManager-vpnc config locations (bsc#1197053) (Matthias Gerstner) - dbus services: adjust NetworkManager-pptp config locations (bsc#1197054) (Matthias Gerstner) - test_whitelist_syntax: extend the check to cover also digest entry structure (Matthias Gerstner) - dbus whitelist: fix nodigests whitelisting, should contain the path (Matthias Gerstner) - D-Bus whitelistings: kpmcore: don't couple service file to digest (Matthias Gerstner) - D-Bus services whitelist: add kpmcore (bsc#1178848) (Matthias Gerstner) - dbus-services whitelist: add test whitelisting to cover dbus-file-parse-error (Matthias Gerstner) - tests: add test that verifies security whitelisting syntax (Matthias Gerstner) - security whitelistings: harmonize bug list syntax (Matthias Gerstner) - FileDigestCheck: configure digest filter type per whitelisting entry (Matthias Gerstner) - FileDigestCheck: also assert that a path key is present (Matthias Gerstner) - dbus-services: adjust nm-priv-helper path (bsc#1194799) (Matthias Gerstner) - pam-modules: whitelist pam-fscrypt (bsc#1195623) (Matthias Gerstner) - dbus-services: whitelist nvme-stas (bsc#1195236) (Matthias Gerstner) - FileDigestCheck: enable XML filtered digests for D-Bus services (Matthias Gerstner) - FileDigestCheck: emit special {group}-file-parse-error if XML is bad (Matthias Gerstner) - dbus-services: whitelist tukitd (bsc#1196149) (Wolfgang Frisch) - dbus-services: whitelist kcron helper (Thomas Leroy) - dbus-services: adjust ModemManager path (bsc#1196170) (Matthias Gerstner) - dbus-services: fix wrongly named note field (Matthias Gerstner) - Speed up FileDigestCheck. (Martin Liska) - Revert "Speed up FileDigestCheck." (Martin Liška) - Speed up FileDigestCheck. (Martin Liska) - FileDigestCheck: implement support for file digest filtering (Matthias Gerstner) - tests: add test case for FileDigestGroup with multiple package names (Matthias Gerstner) - FileDigestCheck: support additional `packages = ["pkg1", "pkg2"]` syntax (Matthias Gerstner) - FileDigestCheck: refactor digest group parsing and normalization (Matthias Gerstner) - FileMetadataCheck: support additional `packages = ["pkg1", "pkg2"]` syntax (Matthias Gerstner) - whitelists: replace accidentally added tabs by spaces (Matthias Gerstner) - pam-modules: remove now outdated entry for modules that moved into pam_unix (Matthias Gerstner) - dbus-services: whitelist NetworkManager nm-priv-helper (bsc#1194799) (Matthias Gerstner) - pam module whitelist: adjust package name for pam_winbind (bsc#1194573) (Matthias Gerstner) - fix connman-nmcompat whitelisting (bsc#1192827) - resides in a sub-package (Matthias Gerstner) - Make missing-call-to-setgroups-before-setuid only warning. (Martin Liska) - dbus-services whitelist: add connman nm compatibility interface (bsc#1192827) (Matthias Gerstner) - Sort input .rpm files so that the output is stable. (Martin Liska) - dbus-services: fix package name for setroubleshoot entries (Matthias Gerstner) - duplicate postfix entry for postfix-bdb, whitelistings are tied to pacakges in rpmlint2 and need to be there for every package (Johannes Segitz) - polkit-rules-whitelist: follow-up whitelisting for gnome-initial-setup (bsc#1192542) (Matthias Gerstner) - dbus-services: add setroubleshoot whitelisting (bsc#1186344) (Matthias Gerstner) - permissions-whitelist: update texlive-filesystem digests (Matthias Gerstner) - permissions-whitelist: update sendmail digests (Matthias Gerstner) - dbus-services: adjust wicked whitelisting to new paths (bsc#1192033) (Matthias Gerstner) - security whitelistings: test whitelistings for file-digest-mismatch errors (Matthias Gerstner) - scoring.toml: fix alphabetical order of permissions-file errors (Matthias Gerstner) - security whitelistings: add badness for file-digest-mismatch errors (Matthias Gerstner) - Fix -r argument. (Martin Liska) - opensuse.toml: add permissions-parse-error to BlockedFilters (Matthias Gerstner) - dbus-services: adjust digest for test whitelisting (need a different file there) (Matthias Gerstner) - polkit-rules-whitelist: fix package name for test whitelisting (Matthias Gerstner) - Whitelisting pam_u2f module (bsc#1190790) (Paolo Perego) - Drop badness of shlib-policy-name-error for now. (Martin Liska) - Adding whitelisting for pam_ssh_agent_auth. bsc#1190983 (Paolo Perego) - Enable shlib-policy-name-error error. (Martin Liska) - dbus-services whitelisting: add power-profiles-daemon (bsc#1189900) (Matthias Gerstner) - security whitelistings: add whitelistings for OBS integration test package (Matthias Gerstner) - PolkitCheck: be robust against dead symlinks in actions directory (Matthias Gerstner) - SUIDPermissionsCheck: remove unused permissions-ghostfile error (Matthias Gerstner) - *-file-ghost descriptions: fix texts that are for some reason incomplete (Matthias Gerstner) - SUIDPermissionsCheck: be robust against dead symlinks in permissions.d (Matthias Gerstner) - dbus-services: add oddjob-mkhomedir which got lost during migration (Matthias Gerstner) - Remove deprecated pam-deprecated entry (Cathy Hu) - Revert "Skip lto-no-text-in-archive for 2 archives in gcc." (Martin Liska) - skip %ghost files in SUIDPermissionsCheck. This allows packages to %ghost files that are managed by e.g. tmpfiles.d and rpm -v to work properly (Johannes Segitz) - Copied additional systemd whitelistings to match systemd-mini (Johannes Segitz) - systemd-mini also ships pam_systemd.so. Now with the whitelist tied to binary packages it needs its own entry (Johannes Segitz) - reference correct binary rpm for pam_systemd_home (Johannes Segitz) - Update pam-modules.toml (Paolo Perego) - whitelist pam_systemd_home.so for systemd-experimental. This was not audited (Johannes Segitz) - Remove deprecated entries for filesystem package in world-writable whitelist (Cathy Hu) - Update opensuse.toml (Paolo Perego) - Create FileDigestCheck.py (Paolo Perego) - Update opensuse.toml (Paolo Perego) - Update FileDigestCheck.py (Paolo Perego) - Remove malcontent whitelisting for polkit (Cathy Hu) - Remove storeBackup entry from cron-whitelist.toml (Cathy Hu) - Rename fprintd to wicked in dbus config (Cathy Hu) - Sync and fix dbus whitelisting entries (Cathy Hu) - Add mechanism to whitelist %ghost'ed files that are present in whitelists. This is a rare case and should only be necesary for special packages like polkit-default-privs (Johannes Segitz) - dbus-services: whitelisting for low-memory-monitor (bsc#1189899) (Matthias Gerstner) - whitelistings: harmonize bug number prefixes by changing bnc# to bsc# (Matthias Gerstner) - Skip lto-no-text-in-archive for 2 archives in gcc. (Martin Liska) - dbus-services whitelist: use correct camel-case package names (Matthias Gerstner) - pam-modules.toml: remove unnecessary empty bug fields (Matthias Gerstner) - pam-modules.toml: replace "legacy: not audited" comments where inappropriate (Matthias Gerstner) - pam-modules whitelist: synchronize from last state in rpmlint 1 (Matthias Gerstner) - polkit-rules-whitelist: sync with latest state in polkit-default-privs (Matthias Gerstner) - dbus-services: replace "not audited" comment by more suitable "import" comment (Matthias Gerstner) - dbus-services whitelist: synchronize with the last state of rpmlint1 (Matthias Gerstner) - cron-whitelist: cronie: add incremental whitelist for minor change (bsc#1190521) (Matthias Gerstner) - FileDigestCheck: remove -digest- from error names where unnecessary (Matthias Gerstner) - FileDigestCheck: remove _check_filetypes only doing one pass over files (Matthias Gerstner) - scoring-strict: downgrade permissions-missing-postin badness (Matthias Gerstner) - SUIDPermissionsCheck: ignore static permission entries (Matthias Gerstner) - FileDigestCheck: print out the encountered digest on unauthorized files (Matthias Gerstner) - FileDigestCheck: refactor _is_valid_digest() (Matthias Gerstner) - permissions-suseconfig-obsolete: this was from SLE-11 times, drop remains (Matthias Gerstner) - openSUSE config: complete BlockedFilters for all mandatory whitelistings (Matthias Gerstner) - FileDigestCheck: don't follow symlinks where this is not necessary (Matthias Gerstner) - cleanup: remove suse-dbus-unauthorized-service error / check (Matthias Gerstner) - errors: remove permissions-unauthorized-file (Matthias Gerstner) - descriptions: add some missing and improve existing whitelisting errors (Matthias Gerstner) - scoring: add badness (especially in strict case) for missing whitelistings (Matthias Gerstner) - Whitelisting checks: make all missing whitelistings errors (Matthias Gerstner) - PolkitCheck: use new path in /usr/etc by default (Matthias Gerstner) - Fix coding style of a config file. (Martin Liska) - KMP policy: support legacy 'packageand' directive in Supplements. (Martin Liska) - Replace description variable recursively. (Martin Liska) - Add missing [Scoring] section in TOML file. (Martin Liska) - Come up with --mini-mode option. (Martin Liska) - Add tests for globbing (Cathy Hu) - Rename /usr/lib*/ and /lib* to * (Cathy Hu) - Migrate pam-modules.toml to FileDigestCheck (Cathy Hu) - Add globbing for paths used in FileDigestCheck config (Cathy Hu) - Add tests for nodigests option in FileDigestCheck (Cathy Hu) - Remove DBusServicesCheck (Cathy Hu) - Port dbus-service.toml to FileDigestCheck config (Cathy Hu) - Add compact format for skip algorithm in FileDigestCheck (Cathy Hu) - Rename scoring-strict.toml using .override. (Martin Liska) - Add scoring-strict openSUSE config. (Martin Liska) - Add BlockedFilters. (Martin Liska) - Update scoring for openSUSE. (Martin Liska) - Add test for permissions.d whitelisted packages (Cathy Hu) - Readd permissions.d whitelisting (Cathy Hu) - Add test for file-digest-mismatch error (Cathy Hu) - Replace error variable with resetting error_digests (Cathy Hu) - Rewrite parts of FileDigestCheck (Cathy Hu) - Remove not needed assert from a test. (Martin Liska) - Remove deprecated entries in device-files-whitelist.toml (Cathy Hu) - Remove deprecated bind-chrootenv entry (Cathy Hu) - Remove entries for deprecated cacti and atop-daemon (Cathy Hu) - Remove config number check (Cathy Hu) - Fix opensuse config (Cathy Hu) - Move opensuse specific checks into opensuse.toml (Cathy Hu) - Remove found_no feature (Cathy Hu) - Remove polkit-cant-acquire-privilege add_info (Cathy Hu) - Remove polkit-cant-acquire-privilege description (Cathy Hu) - Improve wording in PolkitCheck description (Cathy Hu) - Rename polkit-unauthorized-privilege to polkit-user-privilege (Cathy Hu) - Replace found_undef with found_no (Cathy Hu) - Add comments to PolkitCheck.py (Cathy Hu) - Fix style issues (Cathy Hu) - Remove custom package polkit privs check feature (Cathy Hu) - Change undefined action setting from '??' to 'no' (Cathy Hu) - Fix descriptions (Cathy Hu) - Enable PolkitCheck (Cathy Hu) - Remove descriptions for PolkitCheck that are covered by FileDigestCheck (Cathy Hu) - Add PolkitCheck descriptions (Cathy Hu) - Fix style issues (Cathy Hu) - Fix style issues (Cathy Hu) - Add Polkit tests (Cathy Hu) - Fix bugs in PolkitCheck.py (Cathy Hu) - Fix bug (Cathy Hu) - Add PolkitCheck (Cathy Hu) - Adjust cli test (Cathy Hu) - Add polkit rules whitelist (Cathy Hu) - Enhance PermissionsEntry constructor (Cathy Hu) - Move descriptions to Variable.toml (Cathy Hu) - Fix style issues (Cathy Hu) - Fix style issues (Cathy Hu) - Transform strings to fstrings (Cathy Hu) - Remove parantesis around asserts (Cathy Hu) - Fix style issues (Cathy Hu) - Adjust number of suse configs in test (Cathy Hu) - Remove unused variable (Cathy Hu) - Refactor SUIDPermissionsCheck (Cathy Hu) - Add tests for SUIDPermissionsCheck (Cathy Hu) - Add SUIDPermissionsCheck (Cathy Hu) - Adjust permissions.py to flake8 styleguide (Cathy Hu) - Add reusable code for permissions check (Cathy Hu) - Add permissions.d whitelist (Cathy Hu) - Add error descriptions for SUIDPermissionsCheck (Cathy Hu) - Move AUDIT_BUG_URL into seperate description file (Cathy Hu) - Small fixes (Cathy Hu) - Add dbus error description in test/test_filter.py (Cathy Hu) - Add suse- prefix to DBusServicesCheck errors (Cathy Hu) - Add check for ghosts in PAMModulesCheck (Cathy Hu) - Add DBusServicesCheck (Cathy Hu) - Adjust suse config test config count (Cathy Hu) - Port world writable whitelist (Cathy Hu) - Port device files whitelistings (Cathy Hu) - Port cron whitelists (Cathy Hu) - Revert "Add rc* compat simlink checking wrt #227" (Martin Liska) - test_file_digest: adjust test to new description message (Matthias Gerstner) - descriptions: add descriptions for new FileDigest and FileMetadata based checks (Matthias Gerstner) - Correct filter in WorldWritableCheck. (Martin Liska) - Add 2 FileMetadataCheck checks. (Martin Liska) - tests: add tests with better coverage of FileDigestsCheck (Matthias Gerstner) - Add --permissive by default for now. (Martin Liska) - Automatically load rpmlintrc files. (Martin Liska) - Add one test_file_digest test that uses FakePkg. (Martin Liska) - Skip test_systemd_install.py on Fedora distro. (Martin Liska) - Replace assert with an exception in FileDigestCheck. (Martin Liska) - Add FileDigestCheck. (Martin Liska) - Ignore obs:// prefix in invalid-url check (#557). (Martin Liska) - Never print rpm2cpio stderr. (Martin Liska) - Add SUSE-specific checks to scoring. (Martin Liska) - Enable opensuse branch checks. (Martin Liska) - Branding policy check #371 (Tomáš Chvátal) - KMP Check #371 (Tomáš Chvátal) - Add rc* compat simlink checking wrt #227 (Tomáš Chvátal) - Add FilelistCheck from openSUSE/rpmlint-checks (#227). (Martin Liska) - Add SystemdInstallCheck from openSUSE/rpmlint-checks (#227). (Martin Liska) - Add SUSE version checks in spec files (#292). (Martin Liska)