Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package iputils for openSUSE:Factory checked in at 2021-09-26 21:48:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/iputils (Old) and /work/SRC/openSUSE:Factory/.iputils.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "iputils" Sun Sep 26 21:48:35 2021 rev:60 rq:921099 version:20210722 Changes: -------- --- /work/SRC/openSUSE:Factory/iputils/iputils.changes 2021-07-26 17:37:53.510108863 +0200 +++ /work/SRC/openSUSE:Factory/.iputils.new.1899/iputils.changes 2021-09-26 21:49:24.478829201 +0200 @@ -1,0 +2,6 @@ +Wed Sep 22 14:49:53 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_rdisc.service.patch + +------------------------------------------------------------------- New: ---- harden_rdisc.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ iputils.spec ++++++ --- /var/tmp/diff_new_pack.S66Soe/_old 2021-09-26 21:49:24.902829725 +0200 +++ /var/tmp/diff_new_pack.S66Soe/_new 2021-09-26 21:49:24.906829730 +0200 @@ -24,6 +24,7 @@ Group: Productivity/Networking/Other URL: https://github.com/iputils/iputils Source0: https://github.com/iputils/iputils/archive/%{version}.tar.gz +Patch0: harden_rdisc.service.patch BuildRequires: docbook5-xsl-stylesheets BuildRequires: docbook_5 BuildRequires: iproute2 ++++++ harden_rdisc.service.patch ++++++ Index: iputils-20210722/systemd/rdisc.service.in =================================================================== --- iputils-20210722.orig/systemd/rdisc.service.in +++ iputils-20210722/systemd/rdisc.service.in @@ -20,6 +20,12 @@ ProtectKernelModules=yes MemoryDenyWriteExecute=yes RestrictRealtime=yes RestrictNamespaces=yes +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHostname=true +ProtectClock=true +ProtectKernelLogs=true +# end of automatic additions SystemCallArchitectures=native LockPersonality=yes NoNewPrivileges=yes
