Date: Tuesday, May 18, 2021 @ 08:15:28 Author: dvzrv Revision: 936211
upgpkg: mailman3 3.3.4-2: Rebuild to switch to python-sqlalchemy1.3. Upstream does not yet support python-sqlalchemy >= 1.4. Order all instructions in mailman3.service alphabetically. Do not ignore AF_NETLINK in RestrictAddressFamilies (https://bugs.archlinux.org/task/69627). Modified: mailman3/trunk/PKGBUILD mailman3/trunk/mailman3.service ------------------+ PKGBUILD | 9 +++++---- mailman3.service | 32 +++++++++++++++++--------------- 2 files changed, 22 insertions(+), 19 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2021-05-18 08:10:54 UTC (rev 936210) +++ PKGBUILD 2021-05-18 08:15:28 UTC (rev 936211) @@ -3,16 +3,17 @@ _name=mailman pkgname=mailman3 pkgver=3.3.4 -pkgrel=1 +pkgrel=2 pkgdesc="The GNU mailing list manager" arch=('any') url="https://www.list.org/"; license=('GPL3') +# mailman3 does not support python-sqlalchemy >= 1.4 https://gitlab.com/mailman/mailman/-/issues/899 depends=('gunicorn' 'python-aiosmtpd' 'python-alembic' 'python-atpublic' 'python-authheaders' 'python-authres' 'python-click' 'python-dateutil' 'python-dnspython' 'python-falcon' 'python-flufl.bounce' 'python-flufl.i18n' 'python-flufl-lock' 'python-importlib_resources' 'python-lazr.config' -'python-passlib' 'python-requests' 'python-sqlalchemy' 'python-zope-component' +'python-passlib' 'python-requests' 'python-sqlalchemy1.3' 'python-zope-component' 'python-zope-configuration' 'python-zope-event' 'python-zope-interface') checkdepends=('python-flufl.testing' 'python-nose2' 'python-psycopg2' 'python-pymysql' 'python-pytest') @@ -39,7 +40,7 @@ "${pkgname}.tmpfiles") sha512sums=('52d7e8355744730f608605b05bc9c977c3e4daf22a78267b1ea6cd3922b2826d3f70dd61a591f13633fc7cbcc536b6d56a2076c00752a6590964cbd4e1aec3cc' 'SKIP' - 'a1f5167f81a1ae74d6caecf3c99df9d6edddeeb2f07d61454fd0b3563aab952f76d2aa1642552855a4ccb620a7de34c2717d976f12b49dcd781ce0c32e7d6161' + '5773eae02dee11b83eb73ba81bca98d9d0a22fa3175d53172d17bbc0e9821360a4d562b6f42a3bb55c2f0c0b5b50ab84ee82da4cf8b3ff38555a378687dcde3c' '734e0cdf1198f6609a5e41312c48c5c4e492ba5b9acc3af4cd302a6ed148933396333077932e25aedfc50ff3f68b1d4898137193bdadaf71e23045ec8e96be10' '5d7ccba8cf1262ab052078f2188ded15e43e1201302c7c24ce763efef9789ec99d8ea9a19e8fbd9bc5a38f47a162fe5cf4b0ade284894cb57af66350f23507bc' 'e610060021d6f2ebeb4ffb5b37d448efdd44154ace6f228a316e9712799dc620611953401f705bb76d1046b769b6e8316c9b1d143e535110e383a7762d866669' @@ -50,7 +51,7 @@ '6f4b51fd5eb34ac974b3312c34eb1437d9435cfd50f0cb89db02b94ce514bceca2c6dc7cb172b79b2d6a23d68e7ea391ec58dbd9899938c0fe88c03c67c521b9') b2sums=('d0c8ba6dd0df481915397b55521c9a524b44bbdb7c4efe789c6fe92c1383950b6107a76db43337b7a310a7d97eb3931a4289566271ac5b6360645ec8d316230a' 'SKIP' - 'b4a5795a2798c2e2a2aa5ff8672572a6272963efd48613427d849fa0c6f6062af79710c44ae0c256e07524cce2315efbbed2571e1f64dd3ef906bcea18f3b889' + '3efaa4559bcf54b322f4a21ee3000f5b2bea72dad2f9f436967f5c4d4ed8046bc08f8e31457991e63252237134f3f7d2f9e7e7862ebc211aeef11d506ded4440' 'a9d8be785d3d1a1bbe8899658bec67cfcae8a13d21ef8e873f66a52008e9a3814ed731ac7e9eb787b6565acb00b46a050d58d3dcabdc649c0797e1b55622ec21' 'b0d764dd4f7017c2d5b76e8a52b0c8d75e35b0b0d9025609853d389f8fa0732ea902549ef168f988bf845370cf67aeb7d439af8dec1997127522055b11e64000' 'dde11f2aa4e5279ab2570a9bc96176707723a9208374b5db03c43fad5ec695936a8ae0df531cd0277173bb3d2df4e4070995edff711563fb3b50f7e8e1020ec9' Modified: mailman3.service =================================================================== --- mailman3.service 2021-05-18 08:10:54 UTC (rev 936210) +++ mailman3.service 2021-05-18 08:15:28 UTC (rev 936211) @@ -4,38 +4,40 @@ After=network.target [Service] -User=mailman +CapabilityBoundingSet=CAP_NET_BIND_SERVICE ExecStart=/usr/bin/mailman start -f ExecReload=/usr/bin/mailman restart ExecStop=/usr/bin/mailman stop -Type=forking +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true PIDFile=/run/mailman/master.pid +PrivateDevices=true PrivateTmp=true -ProtectSystem=strict +ProtectClock=true +ProtectControlGroups=true ProtectHome=true -PrivateDevices=true -ProtectKernelTunables=true -ProtectControlGroups=true -NoNewPrivileges=true -MemoryDenyWriteExecute=true -LockPersonality=true -CapabilityBoundingSet=CAP_NET_BIND_SERVICE ProtectHostname=true ProtectKernelLogs=true ProtectKernelModules=true +ProtectKernelTunables=true +ProtectProc=invisible +ProtectSystem=strict RemoveIPC=true -RestrictAddressFamilies=~AF_PACKET AF_NETLINK +RestrictAddressFamilies=~AF_PACKET RestrictNamespaces=true RestrictRealtime=true RestrictSUIDSGID=true +ReadOnlyPaths=/etc/mailman.cfg -/etc/mailman.d +ReadWritePaths=/var/lock/mailman /var/spool/mailman +RuntimeDirectory=mailman +StateDirectory=mailman SystemCallArchitectures=native SystemCallFilter=@system-service SystemCallFilter=~@resources -ReadWritePaths=/var/lock/mailman /var/spool/mailman -ReadOnlyPaths=/etc/mailman.cfg -/etc/mailman.d -RuntimeDirectory=mailman -StateDirectory=mailman LogsDirectory=mailman +Type=forking +User=mailman [Install] WantedBy=multi-user.target
