File permissions.spec of Package permissions.13185

#
# spec file for package permissions
#
# Copyright (c) 2019 SUSE LLC.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# icecream 0


BuildRequires:  libcap-devel

Name:           permissions
Version:        2015.09.28.1626
Release:        0
Provides:       aaa_base:/etc/permissions
PreReq:         %fillup_prereq
Summary:        SUSE Linux Default Permissions
# Maintained in github by the security team. 
License:        GPL-2.0-or-later
Group:          Productivity/Security
Source:         permissions-%{version}.tar.bz2
Patch0:         permission-squid-pinger-caps.patch
Patch1:         bsc975352-make-chage-sgid.patch
Patch2:         permissions-suexec-bsc951765.patch
Patch3:         permissions-gst-ptp-helper-960173.patch
Patch4:         permissions-qemu-bridge-helper-988279.patch
Patch5:         permissions-suexec-bsc962060.patch
Patch6:         permissions-shadow-bsc979282.patch
Patch7:         permissions-suexec2-is-symlink.patch
Patch8:         permissions-singularity-setuidroot.patch
Patch9:         permissions-singularity-setuidroot2.patch
Patch10:        permissions-singularity-start-suid.patch
Patch11:        permissions-authbind.patch
Patch12:        permissions-fix-error-output.patch
Patch13:        permissions-fix-btmp-permissions.patch
Patch14:        bsc1110797_amanda.patch
Patch15:        0016-chkstat-fix-privesc-CVE-2019-3690.patch
Patch16:        0017-squid-pinger-owner-fix-CVE-2019-3688.patch
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
URL:            http://github.com/openSUSE/permissions

%description
Permission settings of files and directories depending on the
local security settings. The local security setting (easy, secure,
or paranoid) can be configured in /etc/sysconfig/security.

%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p0
%patch16 -p0

%build
make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0

%install
make DESTDIR="$RPM_BUILD_ROOT" install

%post
%{fillup_only -n security}
# apply all potentially changed permissions
/usr/bin/chkstat --system

%files
%defattr(-,root,root,-)
%config /etc/permissions
%config /etc/permissions.easy
%config /etc/permissions.secure
%config /etc/permissions.paranoid
%config(noreplace) /etc/permissions.local
%{_bindir}/chkstat
%{_mandir}/man5/permissions.5*
%{_mandir}/man8/chkstat.8*
/var/adm/fillup-templates/sysconfig.security

%changelog