commit elfutils for openSUSE:Factory

Mon, 20 Sep 2021 14:33:33 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package elfutils for openSUSE:Factory 
checked in at 2021-09-20 23:32:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/elfutils (Old)
 and      /work/SRC/openSUSE:Factory/.elfutils.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "elfutils"

Mon Sep 20 23:32:23 2021 rev:90 rq:918955 version:0.185

Changes:
--------
--- /work/SRC/openSUSE:Factory/elfutils/elfutils-debuginfod.changes     
2021-09-06 15:57:51.069297681 +0200
+++ /work/SRC/openSUSE:Factory/.elfutils.new.1899/elfutils-debuginfod.changes   
2021-09-20 23:33:20.099187053 +0200
@@ -1,0 +2,6 @@
+Tue Sep 14 14:14:57 UTC 2021 - Martin Li??ka <mli...@suse.cz>
+
+- Add harden_debuginfod.service.patch as
+  Automatic systemd hardening effort by the security team.
+
+-------------------------------------------------------------------

New:
----
  harden_debuginfod.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ elfutils-debuginfod.spec ++++++
--- /var/tmp/diff_new_pack.9BF7Zb/_old  2021-09-20 23:33:21.307188545 +0200
+++ /var/tmp/diff_new_pack.9BF7Zb/_new  2021-09-20 23:33:21.311188550 +0200
@@ -30,6 +30,7 @@
 Source3:        elfutils.keyring
 Patch0:         disable-run-readelf-self-test.patch
 Patch1:         tests-Allow-an-extra-pthread_kill-frame-in-backtrace.patch
+Patch2:         harden_debuginfod.service.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison



++++++ harden_debuginfod.service.patch ++++++
Index: elfutils-0.185/config/debuginfod.service
===================================================================
--- elfutils-0.185.orig/config/debuginfod.service
+++ elfutils-0.185/config/debuginfod.service
@@ -12,6 +12,19 @@ ExecStart=/usr/bin/debuginfod -d /var/ca
 # Stopping can take a long time if scanning of large archives is in progress
 TimeoutStopSec=60
 PrivateTmp=yes
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 
 [Install]
 WantedBy=multi-user.target

Reply via email to