commit motion for openSUSE:Factory

Mon, 11 Oct 2021 06:34:18 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package motion for openSUSE:Factory checked 
in at 2021-10-11 15:31:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/motion (Old)
 and      /work/SRC/openSUSE:Factory/.motion.new.2443 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "motion"

Mon Oct 11 15:31:44 2021 rev:10 rq:924527 version:4.3.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/motion/motion.changes    2020-12-23 
14:21:49.697760585 +0100
+++ /work/SRC/openSUSE:Factory/.motion.new.2443/motion.changes  2021-10-11 
15:32:41.346948074 +0200
@@ -1,0 +2,6 @@
+Wed Oct  6 15:21:55 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_motion.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_motion.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ motion.spec ++++++
--- /var/tmp/diff_new_pack.8jxttV/_old  2021-10-11 15:32:41.746948715 +0200
+++ /var/tmp/diff_new_pack.8jxttV/_new  2021-10-11 15:32:41.750948721 +0200
@@ -28,6 +28,7 @@
 Source0:        
https://github.com/Motion-Project/motion/archive/release-%{version}.tar.gz
 Source1:        motion-service
 Source2:        motion-sysconfig
+Patch0:        harden_motion.service.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libjpeg-devel
@@ -56,6 +57,7 @@
 
 %prep
 %setup -q -n motion-release-%version
+%patch0 -p1
 
 %build
 autoreconf -i -f

++++++ harden_motion.service.patch ++++++
Index: motion-release-4.3.2/data/motion.service.in
===================================================================
--- motion-release-4.3.2.orig/data/motion.service.in
+++ motion-release-4.3.2/data/motion.service.in
@@ -23,6 +23,17 @@ Documentation=man:motion(1)
 After=local-fs.target network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 User=motion
 EnvironmentFile=-/etc/default/motion
 # The the sleep on the following line is needed with systemd version

Reply via email to