commit fluidsynth for openSUSE:Factory

Source-Sync Mon, 20 Sep 2021 14:32:20 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package fluidsynth for openSUSE:Factory 
checked in at 2021-09-20 23:31:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/fluidsynth (Old)
 and      /work/SRC/openSUSE:Factory/.fluidsynth.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "fluidsynth"

Mon Sep 20 23:31:53 2021 rev:61 rq:918962 version:2.2.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/fluidsynth/fluidsynth.changes    2021-07-18 
23:44:55.483057339 +0200
+++ /work/SRC/openSUSE:Factory/.fluidsynth.new.1899/fluidsynth.changes  
2021-09-20 23:32:06.575096221 +0200
@@ -1,0 +2,8 @@
+Tue Sep 14 09:59:43 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_fluidsynth.service.patch
+  Modified:
+  * fluidsynth.service
+
+-------------------------------------------------------------------

New:
----
  harden_fluidsynth.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ fluidsynth.spec ++++++
--- /var/tmp/diff_new_pack.TnOh9p/_old  2021-09-20 23:32:07.139096918 +0200
+++ /var/tmp/diff_new_pack.TnOh9p/_new  2021-09-20 23:32:07.139096918 +0200
@@ -28,6 +28,7 @@
 Source1:        %{name}.conf
 Source2:        %{name}.service
 Source1000:     baselibs.conf
+Patch0:        harden_fluidsynth.service.patch
 BuildRequires:  cmake >= 3.1.0
 BuildRequires:  gcc-c++
 BuildRequires:  ladspa-devel
@@ -71,7 +72,7 @@
 This package contains the shared library for Fluidsynth.
 
 %prep
-%autosetup
+%autosetup -p1
 
 %build
 %cmake \

++++++ fluidsynth.service ++++++
--- /var/tmp/diff_new_pack.TnOh9p/_old  2021-09-20 23:32:07.191096982 +0200
+++ /var/tmp/diff_new_pack.TnOh9p/_new  2021-09-20 23:32:07.191096982 +0200
@@ -4,6 +4,17 @@
 After=sound.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+# end of automatic additions 
 User=fluidsynth
 Group=audio
 EnvironmentFile=-/etc/sysconfig/fluidsynth

++++++ harden_fluidsynth.service.patch ++++++
Index: fluidsynth-2.2.2/fluidsynth.service.in
===================================================================
--- fluidsynth-2.2.2.orig/fluidsynth.service.in
+++ fluidsynth-2.2.2/fluidsynth.service.in
@@ -4,6 +4,17 @@ Documentation=man:fluidsynth(1)
 After=sound.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+# end of automatic additions 
 Type=notify
 NotifyAccess=main
 EnvironmentFile=@FLUID_DAEMON_ENV_FILE@

commit fluidsynth for openSUSE:Factory

Reply via email to