Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package g810-led for openSUSE:Factory checked in at 2021-09-20 23:33:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/g810-led (Old) and /work/SRC/openSUSE:Factory/.g810-led.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "g810-led" Mon Sep 20 23:33:06 2021 rev:5 rq:920179 version:0.4.2 Changes: -------- --- /work/SRC/openSUSE:Factory/g810-led/g810-led.changes 2020-05-26 17:21:14.656222973 +0200 +++ /work/SRC/openSUSE:Factory/.g810-led.new.1899/g810-led.changes 2021-09-20 23:34:45.103292067 +0200 @@ -1,0 +2,7 @@ +Thu Sep 16 07:34:53 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_g810-led-reboot.service.patch + * harden_g810-led.service.patch + +------------------------------------------------------------------- New: ---- harden_g810-led-reboot.service.patch harden_g810-led.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ g810-led.spec ++++++ --- /var/tmp/diff_new_pack.WzlXFb/_old 2021-09-20 23:34:45.527292591 +0200 +++ /var/tmp/diff_new_pack.WzlXFb/_new 2021-09-20 23:34:45.531292596 +0200 @@ -24,6 +24,8 @@ Group: Hardware/Other URL: https://github.com/MatMoul/g810-led/wiki Source0: https://github.com/MatMoul/g810-led/archive/v%{version}/%{name}-%{version}.tar.gz +Patch0: harden_g810-led-reboot.service.patch +Patch1: harden_g810-led.service.patch BuildRequires: gcc-c++ BuildRequires: libhidapi-devel BuildRequires: pkgconfig @@ -45,6 +47,8 @@ %prep %setup -q +%patch0 -p1 +%patch1 -p1 %build %make_build ++++++ harden_g810-led-reboot.service.patch ++++++ Index: g810-led-0.4.2/systemd/g810-led-reboot.service =================================================================== --- g810-led-0.4.2.orig/systemd/g810-led-reboot.service +++ g810-led-0.4.2/systemd/g810-led-reboot.service @@ -5,6 +5,18 @@ Before=shutdown.target reboot.target hal [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStart=/usr/bin/g810-led -p /etc/g810-led/reboot Type=oneshot RemainAfterExit=yes ++++++ harden_g810-led.service.patch ++++++ Index: g810-led-0.4.2/systemd/g810-led.service =================================================================== --- g810-led-0.4.2.orig/systemd/g810-led.service +++ g810-led-0.4.2/systemd/g810-led.service @@ -2,6 +2,18 @@ Description=Set Logitech G810 Led Profile [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStart=/usr/bin/g810-led -p /etc/g810-led/profile Type=oneshot RemainAfterExit=yes
