Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package e2fsprogs for openSUSE:Factory checked in at 2021-09-21 21:12:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/e2fsprogs (Old) and /work/SRC/openSUSE:Factory/.e2fsprogs.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "e2fsprogs" Tue Sep 21 21:12:15 2021 rev:121 rq:919835 version:1.46.4 Changes: -------- --- /work/SRC/openSUSE:Factory/e2fsprogs/e2fsprogs.changes 2021-08-07 17:57:18.450797898 +0200 +++ /work/SRC/openSUSE:Factory/.e2fsprogs.new.1899/e2fsprogs.changes 2021-09-21 21:12:20.546584338 +0200 @@ -1,0 +2,20 @@ +Wed Sep 15 09:16:54 UTC 2021 - Jan Kara <[email protected]> + +- Update to 1.46.4: + * Default to 256-byte inodes for all filesystems, not only larger ones + * Bigalloc is considered supported now for small cluster sizes + * E2fsck and e2image fixes for quota feature + * Fix mke2fs creation of filesystem into non-existent file +- libss-add-newer-libreadline.so.8-to-dlopen-path.patch: libss: add newer + libreadline.so.8 to dlopen path (bsc#1189453) + +------------------------------------------------------------------- +Tue Sep 14 07:03:07 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * [email protected] + * harden_e2scrub_all.service.patch + * [email protected] + * harden_e2scrub_reap.service.patch + +------------------------------------------------------------------- Old: ---- e2fsprogs-1.46.3.tar.sign e2fsprogs-1.46.3.tar.xz New: ---- e2fsprogs-1.46.4.tar.sign e2fsprogs-1.46.4.tar.xz [email protected] harden_e2scrub_all.service.patch [email protected] harden_e2scrub_reap.service.patch libss-add-newer-libreadline.so.8-to-dlopen-path.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ e2fsprogs.spec ++++++ --- /var/tmp/diff_new_pack.O9GhhB/_old 2021-09-21 21:12:21.422585328 +0200 +++ /var/tmp/diff_new_pack.O9GhhB/_new 2021-09-21 21:12:21.426585333 +0200 @@ -66,7 +66,7 @@ Conflicts: libcom_err-mini-devel %endif # -Version: 1.46.3 +Version: 1.46.4 Release: 0 Summary: Utilities for the Second Extended File System License: GPL-2.0-only @@ -89,6 +89,11 @@ Patch3: libcom_err-compile_et_permissions.patch Patch4: e2fsprogs-1.42-implicit_fortify_decl.patch Patch5: e2fsprogs-1.42-ext2fsh_implicit.patch +Patch6: [email protected] +Patch7: harden_e2scrub_all.service.patch +Patch8: [email protected] +Patch9: harden_e2scrub_reap.service.patch +Patch10: libss-add-newer-libreadline.so.8-to-dlopen-path.patch # Do not suppress make commands BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -253,6 +258,11 @@ %patch4 %patch5 cp %{SOURCE2} . +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 %build %global _lto_cflags %{_lto_cflags} -ffat-lto-objects ++++++ e2fsprogs-1.46.3.tar.xz -> e2fsprogs-1.46.4.tar.xz ++++++ /work/SRC/openSUSE:Factory/e2fsprogs/e2fsprogs-1.46.3.tar.xz /work/SRC/openSUSE:Factory/.e2fsprogs.new.1899/e2fsprogs-1.46.4.tar.xz differ: char 27, line 1 ++++++ [email protected] ++++++ Index: e2fsprogs-1.46.4/scrub/[email protected] =================================================================== --- e2fsprogs-1.46.4.orig/scrub/[email protected] +++ e2fsprogs-1.46.4/scrub/[email protected] @@ -10,6 +10,15 @@ PrivateNetwork=true ProtectSystem=true ProtectHome=read-only PrivateTmp=yes +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions AmbientCapabilities=CAP_SYS_ADMIN CAP_SYS_RAWIO NoNewPrivileges=yes User=root ++++++ harden_e2scrub_all.service.patch ++++++ Index: e2fsprogs-1.46.3/scrub/e2scrub_all.service.in =================================================================== --- e2fsprogs-1.46.3.orig/scrub/e2scrub_all.service.in +++ e2fsprogs-1.46.3/scrub/e2scrub_all.service.in @@ -6,6 +6,18 @@ ConditionCapability=CAP_SYS_RAWIO Documentation=man:e2scrub_all(8) [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=oneshot Environment=SERVICE_MODE=1 ExecStart=@root_sbindir@/e2scrub_all ++++++ [email protected] ++++++ Index: e2fsprogs-1.46.3/scrub/[email protected] =================================================================== --- e2fsprogs-1.46.3.orig/scrub/[email protected] +++ e2fsprogs-1.46.3/scrub/[email protected] @@ -3,6 +3,18 @@ Description=Online ext4 Metadata Check F Documentation=man:e2scrub(8) [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=oneshot ExecStart=@pkglibdir@/e2scrub_fail "%I" User=mail ++++++ harden_e2scrub_reap.service.patch ++++++ Index: e2fsprogs-1.46.3/scrub/e2scrub_reap.service.in =================================================================== --- e2fsprogs-1.46.3.orig/scrub/e2scrub_reap.service.in +++ e2fsprogs-1.46.3/scrub/e2scrub_reap.service.in @@ -11,6 +11,16 @@ PrivateNetwork=true ProtectSystem=true ProtectHome=read-only PrivateTmp=yes +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions AmbientCapabilities=CAP_SYS_ADMIN CAP_SYS_RAWIO NoNewPrivileges=yes User=root ++++++ libss-add-newer-libreadline.so.8-to-dlopen-path.patch ++++++ >From 0a60ee129b9137a9a5cd49c4dd15247830a7f319 Mon Sep 17 00:00:00 2001 From: Jan Kara <[email protected]> Date: Fri, 20 Aug 2021 18:12:04 +0200 Subject: [PATCH] libss: add newer libreadline.so.8 to dlopen path OpenSUSE Tumbleweed now has libreadline.so.8. Add it to the list of libs to look for. Signed-off-by: Jan Kara <[email protected]> --- lib/ss/get_readline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ss/get_readline.c b/lib/ss/get_readline.c index 11c72b3387d1..aa1615747934 100644 --- a/lib/ss/get_readline.c +++ b/lib/ss/get_readline.c @@ -37,7 +37,7 @@ static void ss_release_readline(ss_data *info) #endif /* Libraries we will try to use for readline/editline functionality */ -#define DEFAULT_LIBPATH "libreadline.so.7:libreadline.so.6:libreadline.so.5:libreadline.so.4:libreadline.so:libedit.so.2:libedit.so:libeditline.so.0:libeditline.so" +#define DEFAULT_LIBPATH "libreadline.so.8:libreadline.so.7:libreadline.so.6:libreadline.so.5:libreadline.so.4:libreadline.so:libedit.so.2:libedit.so:libeditline.so.0:libeditline.so" #ifdef HAVE_DLOPEN void ss_get_readline(int sci_idx) -- 2.26.2
