Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lapdog for openSUSE:Factory checked in at 2021-10-01 22:29:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lapdog (Old) and /work/SRC/openSUSE:Factory/.lapdog.new.2443 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lapdog" Fri Oct 1 22:29:06 2021 rev:3 rq:922512 version:1.1 Changes: -------- --- /work/SRC/openSUSE:Factory/lapdog/lapdog.changes 2017-11-17 11:00:34.699461136 +0100 +++ /work/SRC/openSUSE:Factory/.lapdog.new.2443/lapdog.changes 2021-10-01 22:29:23.501411543 +0200 @@ -1,0 +2,6 @@ +Thu Sep 30 07:40:55 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_lapdog.service.patch + +------------------------------------------------------------------- New: ---- harden_lapdog.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lapdog.spec ++++++ --- /var/tmp/diff_new_pack.dAqL3d/_old 2021-10-01 22:29:23.937412350 +0200 +++ /var/tmp/diff_new_pack.dAqL3d/_new 2021-10-01 22:29:23.941412356 +0200 @@ -26,6 +26,7 @@ Source0: https://github.com/ltworf/lapdog/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz # PATCH-FIX-UPSTREAM lapdog-1.1-pass_cxxflags.patch -- include flags passed via command line -- [email protected] Patch0: lapdog-1.1-pass_cxxflags.patch +Patch1: harden_lapdog.service.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: systemd-rpm-macros @@ -45,6 +46,7 @@ %patch0 -p1 sed -e '/CHANGELOG/d' -e '/init.d/d' \ -e 's|/lib/systemd/system/|%{_unitdir}|' -i CMakeLists.txt +%patch1 -p1 %build %cmake ++++++ harden_lapdog.service.patch ++++++ Index: lapdog-1.1/init/lapdog.service =================================================================== --- lapdog-1.1.orig/init/lapdog.service +++ lapdog-1.1/init/lapdog.service @@ -2,6 +2,19 @@ Description=A LAN device presence checker [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=simple PIDFile=/run/lapdog.pid ExecStart=/usr/sbin/lapdog
