Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tayga for openSUSE:Factory checked in at 2025-09-17 16:44:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tayga (Old) and /work/SRC/openSUSE:Factory/.tayga.new.27445 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tayga" Wed Sep 17 16:44:21 2025 rev:6 rq:1305296 version:0.9.5 Changes: -------- --- /work/SRC/openSUSE:Factory/tayga/tayga.changes 2024-11-03 07:18:36.786445499 +0100 +++ /work/SRC/openSUSE:Factory/.tayga.new.27445/tayga.changes 2025-09-17 16:44:49.204357858 +0200 @@ -1,0 +2,28 @@ +Sun Aug 10 02:20:15 UTC 2025 - Marcus Rueckert <[email protected]> + +- force newer gcc to fix build on 15.x + +------------------------------------------------------------------- +Sun Aug 10 02:17:09 UTC 2025 - Marcus Rueckert <[email protected]> + +- disable 32bit architectures + +------------------------------------------------------------------- +Sun Aug 10 02:15:03 UTC 2025 - Marcus Rueckert <[email protected]> + +- drop our own copy of tayga.service and apply our hardening to the + upstream unit files + - adds harden-services.patch + +------------------------------------------------------------------- +Sun Aug 10 01:58:47 UTC 2025 - Marcus Rueckert <[email protected]> + +- Update to 0.9.5 + Upstream moved to https://github.com/apalrd/tayga + https://github.com/apalrd/tayga/releases/tag/0.9.5 + https://github.com/apalrd/tayga/releases/tag/0.9.4 +- drop patches + tayga-obey-cflags.diff + tayga-fix-gcc14.patch + +------------------------------------------------------------------- Old: ---- tayga-0.9.2.tar.bz2 tayga-fix-gcc14.patch tayga-obey-cflags.diff tayga.service New: ---- harden-services.patch tayga-0.9.5.tar.gz ----------(Old B)---------- Old: tayga-obey-cflags.diff tayga-fix-gcc14.patch Old:- drop patches tayga-obey-cflags.diff tayga-fix-gcc14.patch ----------(Old E)---------- ----------(New B)---------- New: upstream unit files - adds harden-services.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tayga.spec ++++++ --- /var/tmp/diff_new_pack.ujQfmc/_old 2025-09-17 16:44:50.028392425 +0200 +++ /var/tmp/diff_new_pack.ujQfmc/_new 2025-09-17 16:44:50.028392425 +0200 @@ -1,7 +1,7 @@ # # spec file for package tayga # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,21 +16,23 @@ # +%if 0%{?suse_version} == 1500 +%global force_gcc_version 14 +%endif + Name: tayga -Version: 0.9.2 +Version: 0.9.5 Release: 0 Summary: Out-of-kernel stateless NAT64 implementation License: GPL-2.0-or-later Group: Productivity/Networking/Other URL: http://www.litech.org/tayga/ -Source0: http://www.litech.org/tayga/%{name}-%{version}.tar.bz2 +Source0: https://github.com/apalrd/tayga/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: tayga_setup_tun Source2: tayga_destroy_tun -Source3: tayga.service -Patch0: tayga-obey-cflags.diff -Patch1: tayga-fix-gcc14.patch -BuildRequires: autoconf -BuildRequires: automake +Patch: harden-services.patch +ExcludeArch: %{arm} %{i586} +BuildRequires: gcc%{?force_gcc_version} %description TAYGA is an out-of-kernel stateless NAT64 implementation for Linux that uses @@ -43,16 +45,18 @@ sed -i 's|%{_localstatedir}/db/tayga|%{_localstatedir}/lib/tayga|g' tayga.conf.example %build -autoreconf -fiv -%configure -%make_build +%make_build CFLAGS="%{optflags}" V=1 RELEASE=1 CC="gcc%{?force_gcc_version:-%{force_gcc_version}}" %install -%make_install -mv %{buildroot}%{_sysconfdir}/tayga.conf{.example,} +#make_install install -d %{buildroot}%{_var}/lib/tayga -install -m 0755 %{SOURCE1} %{SOURCE2} %{buildroot}%{_sbindir} -install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/tayga.service +install -d %{buildroot}%{_sysconfdir}/tayga + +install -D -m 0644 tayga.conf.example %{buildroot}%{_sysconfdir}/tayga.conf +install -D -m 0755 -t %{buildroot}%{_sbindir} tayga %{SOURCE1} %{SOURCE2} +install -D -m 0644 -t %{buildroot}%{_unitdir}/ tayga.service [email protected] +install -D -m 0644 -t %{buildroot}%{_mandir}/man5/ *.5 +install -D -m 0644 -t %{buildroot}%{_mandir}/man8/ *.8 ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rctayga %pre @@ -68,10 +72,12 @@ %service_del_postun tayga.service %files -%license COPYING -%doc README +%license LICENSE +%doc README.md +%doc *.sh %config(noreplace) %{_sysconfdir}/tayga.conf -%dir %{_var}/lib/tayga +%dir %{_sysconfdir}/tayga/ +%dir %{_var}/lib/tayga/ %{_sbindir}/tayga %{_sbindir}/rctayga %{_sbindir}/tayga_setup_tun @@ -79,4 +85,5 @@ %{_mandir}/man5/tayga.conf.5%{?ext_man} %{_mandir}/man8/tayga.8%{?ext_man} %{_unitdir}/tayga.service +%{_unitdir}/[email protected] ++++++ harden-services.patch ++++++ Index: tayga-0.9.5/tayga.service =================================================================== --- tayga-0.9.5.orig/tayga.service +++ tayga-0.9.5/tayga.service @@ -1,11 +1,24 @@ [Unit] Description=Simple, no-fuss NAT64 -After=network.target +After=syslog.target network.target firewall.target [Service] Type=simple -PrivateTmp=true +ExecStartPre=/usr/sbin/tayga_setup_tun ExecStart=/usr/sbin/tayga -d --config /etc/tayga.conf +ExecStopPost=/usr/sbin/tayga_destroy_tun +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +PrivateTmp=true +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions [Install] WantedBy=multi-user.target Index: tayga-0.9.5/[email protected] =================================================================== --- tayga-0.9.5.orig/[email protected] +++ tayga-0.9.5/[email protected] @@ -1,6 +1,6 @@ [Unit] -Description=Simple, no-fuss NAT64 -After=network.target +Description=Simple, no-fuss NAT64 instance %i +After=syslog.target network.target firewall.target [Service] # To set up an extra tayga service instance, create a new tayga config in @@ -9,8 +9,19 @@ After=network.target # systemctl enable [email protected] Type=simple -PrivateTmp=true ExecStart=/usr/sbin/tayga -d --config /etc/tayga/%i.conf +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +PrivateTmp=true +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions [Install] WantedBy=multi-user.target
