commit leafnode for openSUSE:Factory

Source-Sync Tue, 05 Oct 2021 13:34:48 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package leafnode for openSUSE:Factory 
checked in at 2021-10-05 22:34:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/leafnode (Old)
 and      /work/SRC/openSUSE:Factory/.leafnode.new.2443 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "leafnode"

Tue Oct  5 22:34:02 2021 rev:15 rq:923300 version:2.0.0+git.1527241185.66da754

Changes:
--------
--- /work/SRC/openSUSE:Factory/leafnode/leafnode.changes        2021-07-10 
22:55:05.491485781 +0200
+++ /work/SRC/openSUSE:Factory/.leafnode.new.2443/leafnode.changes      
2021-10-05 22:34:34.138944138 +0200
@@ -1,0 +2,6 @@
+Mon Oct  4 07:23:03 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_leafnode@.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_leafnode@.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ leafnode.spec ++++++
--- /var/tmp/diff_new_pack.1A3p4m/_old  2021-10-05 22:34:34.590944924 +0200
+++ /var/tmp/diff_new_pack.1A3p4m/_new  2021-10-05 22:34:34.594944931 +0200
@@ -37,6 +37,7 @@
 # PATCH-FEATURE-UPSTREAM name-of-file.patch bsc#1115443 mc...@suse.com
 # Replace /etc/cron.daily/leafnode with systemd timer
 Patch0:         systemd-timers.patch
+Patch1:        harden_leafnode@.service.patch
 BuildRequires:  autoconf >= 2.68
 BuildRequires:  automake
 BuildRequires:  gettext

++++++ harden_leafnode@.service.patch ++++++
Index: leafnode-2.0.0+git.1527241185.66da754/systemd/leafn...@.service.in
===================================================================
--- leafnode-2.0.0+git.1527241185.66da754.orig/systemd/leafn...@.service.in
+++ leafnode-2.0.0+git.1527241185.66da754/systemd/leafn...@.service.in
@@ -3,6 +3,19 @@ Description=NNTP server for small sites
 Documentation=man:leafnode(8)
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=@sbindir@/leafnode
 StandardInput=socket
 User=news

commit leafnode for openSUSE:Factory

Reply via email to