Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package collectd for openSUSE:Factory
checked in at 2021-09-01 21:37:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/collectd (Old)
and /work/SRC/openSUSE:Factory/.collectd.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "collectd"
Wed Sep 1 21:37:09 2021 rev:40 rq:915478 version:5.12.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/collectd/collectd.changes 2021-07-20
15:39:55.629522071 +0200
+++ /work/SRC/openSUSE:Factory/.collectd.new.1899/collectd.changes
2021-09-01 21:37:33.688904366 +0200
@@ -1,0 +2,14 @@
+Wed Sep 1 11:14:56 UTC 2021 - Christian V??gl <christian.vo...@suse.com>
+
+- Disabled the mqtt plugin for SLES and the modbus plugin for
+ everything except Tumpleweed as the dependencies are not met in
+ those distributions
+- Added the modbus plugin as dependency to plugins-all
+
+-------------------------------------------------------------------
+Mon Aug 30 08:09:48 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s). Added patch(es):
+ * harden_collectd.service.patch
+
+-------------------------------------------------------------------
New:
----
harden_collectd.service.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ collectd.spec ++++++
--- /var/tmp/diff_new_pack.eQ4cvt/_old 2021-09-01 21:37:34.200904982 +0200
+++ /var/tmp/diff_new_pack.eQ4cvt/_new 2021-09-01 21:37:34.200904982 +0200
@@ -64,6 +64,7 @@
Patch8: 9e36cd85a2bb_sigrok_Update_to_support_libsigrok_0_4.patch
# PATCH-FIX-OPENSUSE avoid-pg-config.patch avoid pg_config if possible
Patch11: avoid-pg-config.patch
+Patch12: harden_collectd.service.patch
# for /etc/apache2/... ownership (rpmlint):
BuildRequires: apache2
BuildRequires: autoconf
@@ -109,8 +110,12 @@
BuildRequires: pkgconfig(libmemcached)
BuildRequires: pkgconfig(libmicrohttpd)
BuildRequires: pkgconfig(libmnl)
+%if 0%{?suse_version} > 1500
BuildRequires: pkgconfig(libmodbus)
+%endif
+%if 0%{?is_opensuse}
BuildRequires: pkgconfig(libmosquitto)
+%endif
BuildRequires: pkgconfig(libnotify)
BuildRequires: pkgconfig(liboping)
BuildRequires: pkgconfig(libpq)
@@ -295,6 +300,7 @@
%description plugin-memcachec
Optional %{name} plugin to sample memcached statistics.
+%if 0%{?suse_version} > 1500
%package plugin-modbus
Summary: TCP Modbus Plugin for %{name}
Group: System/Monitoring
@@ -302,7 +308,9 @@
%description plugin-modbus
Optional %{name} plugin to communicate with TCP Modbus devices.
+%endif
+%if 0%{?is_opensuse}
%package plugin-mqtt
Summary: MQTT Plugin for %{name}
Group: System/Monitoring
@@ -310,6 +318,7 @@
%description plugin-mqtt
Optional %{name} plugin to send and receive MQTT messages.
+%endif
%package plugin-pinba
Summary: Pinba Collector Plugin for %{name}
@@ -482,7 +491,12 @@
Requires: %{name}-plugin-lua = %{version}-%{release}
Requires: %{name}-plugin-mcelog = %{version}-%{release}
Requires: %{name}-plugin-memcachec = %{version}-%{release}
+%if 0%{?suse_version} > 1500
+Requires: %{name}-plugin-modbus = %{version}-%{release}
+%endif
+%if 0%{?is_opensuse}
Requires: %{name}-plugin-mqtt = %{version}-%{release}
+%endif
Requires: %{name}-plugin-mysql = %{version}-%{release}
Requires: %{name}-plugin-notify-desktop = %{version}-%{release}
Requires: %{name}-plugin-openldap = %{version}-%{release}
@@ -558,6 +572,7 @@
%patch8 -p1
%endif
%patch11 -p1
+%patch12 -p1
sed -i 's|@@VERSION@@|%{version}|g' configure.ac
@@ -815,13 +830,17 @@
%{_libdir}/collectd/memcachec.so
%{_libdir}/collectd/memcachec.la
+%if 0%{?suse_version} > 1500
%files plugin-modbus
%{_libdir}/collectd/modbus.so
%{_libdir}/collectd/modbus.la
+%endif
+%if 0%{?is_opensuse}
%files plugin-mqtt
%{_libdir}/collectd/mqtt.so
%{_libdir}/collectd/mqtt.la
+%endif
%if 0%{?sle_version} < 150000 || 0%{?is_opensuse}
++++++ harden_collectd.service.patch ++++++
Index: collectd-5.12.0/contrib/systemd.collectd.service
===================================================================
--- collectd-5.12.0.orig/contrib/systemd.collectd.service
+++ collectd-5.12.0/contrib/systemd.collectd.service
@@ -5,6 +5,19 @@ After=local-fs.target network-online.tar
Requires=local-fs.target network-online.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
ExecStart=/usr/sbin/collectd
EnvironmentFile=-/etc/sysconfig/collectd
EnvironmentFile=-/etc/default/collectd
