commit ckb-next for openSUSE:Factory

Thu, 26 Aug 2021 14:16:53 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package ckb-next for openSUSE:Factory 
checked in at 2021-08-26 23:15:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ckb-next (Old)
 and      /work/SRC/openSUSE:Factory/.ckb-next.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ckb-next"

Thu Aug 26 23:15:16 2021 rev:12 rq:914391 version:0.4.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/ckb-next/ckb-next.changes        2021-06-07 
22:44:54.892628438 +0200
+++ /work/SRC/openSUSE:Factory/.ckb-next.new.1899/ckb-next.changes      
2021-08-26 23:16:34.528185347 +0200
@@ -1,0 +2,6 @@
+Thu Aug 26 07:23:55 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s). Added patch(es):
+  * harden_ckb-next-daemon.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_ckb-next-daemon.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ckb-next.spec ++++++
--- /var/tmp/diff_new_pack.LTVNsB/_old  2021-08-26 23:16:35.032184920 +0200
+++ /var/tmp/diff_new_pack.LTVNsB/_new  2021-08-26 23:16:35.036184917 +0200
@@ -34,6 +34,7 @@
 Patch4:         ckb-next-udev.patch
 # PATCH-FIX-UPSTREAM 422.patch boo#1135528
 Patch5:         422.patch
+Patch6:         harden_ckb-next-daemon.service.patch
 BuildRequires:  ImageMagick
 BuildRequires:  cmake
 BuildRequires:  hicolor-icon-theme

++++++ harden_ckb-next-daemon.service.patch ++++++
Index: ckb-next-0.4.4/linux/systemd/ckb-next-daemon.service.in
===================================================================
--- ckb-next-0.4.4.orig/linux/systemd/ckb-next-daemon.service.in
+++ ckb-next-0.4.4/linux/systemd/ckb-next-daemon.service.in
@@ -5,6 +5,17 @@
 Description=Corsair Keyboards and Mice Daemon
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=@CMAKE_INSTALL_LIBEXECDIR@/ckb-next-daemon
 Restart=on-failure

Reply via email to