Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gpsd for openSUSE:Factory checked in at 2021-10-13 18:01:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpsd (Old) and /work/SRC/openSUSE:Factory/.gpsd.new.2443 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpsd" Wed Oct 13 18:01:55 2021 rev:57 rq:921732 version:3.23.1 Changes: -------- --- /work/SRC/openSUSE:Factory/gpsd/gpsd.changes 2021-08-12 09:02:13.190098031 +0200 +++ /work/SRC/openSUSE:Factory/.gpsd.new.2443/gpsd.changes 2021-10-13 18:01:58.494887895 +0200 @@ -1,0 +2,42 @@ +Mon Sep 27 10:44:40 UTC 2021 - Dirk Stoecker <opens...@dstoecker.de> + +- Set ProtectClock to false or gpsd will not start + +------------------------------------------------------------------- +Wed Sep 22 17:29:34 UTC 2021 - Arjen de Korte <suse+bu...@de-korte.org> + +- Don't use gpsd version in patches (will break with every update) + % harden_gpsd.service.patch + % harden_gpsdctl@.service.patch + +------------------------------------------------------------------- +Wed Sep 22 07:07:20 UTC 2021 - Arjen de Korte <suse+bu...@de-korte.org> + +- Update to version 3.23.1 + * Improve ubx cycle detection. + * Add quirks for Jackson Labs nonstandard NMEA + * Change STATUS_NO_FIX to STATUS_UNK to avoid confusion with fix + mode. + * Change STATUS_FIX to STATUS_GPS to avoid confusion with fix + mode. + * Change STATUS_DGPS_FIX to STATUS_DGPS to avoid confusion with + fix mode. + * Split SOURCE_ACM from SOURCE_USB. ACM has no speeds. + * Add speeds 1 mbps, 1.152 mbps, 1.5 mbps, and higher. When libc + supports them. + * Improve autobaud. + * Add new u-blox M10 messages. + * Fix u-blox M6, M7 initialization issues. + * Various ubxtool and gpxlogger updates. + * Add mtk3301_speed_switcher() + * No API, ABI changes. + * Fallback to "python3" if "python" not found. + +------------------------------------------------------------------- +Mon Sep 20 15:34:40 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_gpsd.service.patch + * harden_gpsdctl@.service.patch + +------------------------------------------------------------------- @@ -726 +767,0 @@ - Old: ---- gpsd-3.23.tar.xz gpsd-3.23.tar.xz.sig New: ---- gpsd-3.23.1.tar.xz gpsd-3.23.1.tar.xz.sig harden_gpsd.service.patch harden_gpsdctl@.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpsd.spec ++++++ --- /var/tmp/diff_new_pack.gdiAcc/_old 2021-10-13 18:01:59.318889186 +0200 +++ /var/tmp/diff_new_pack.gdiAcc/_new 2021-10-13 18:01:59.322889193 +0200 @@ -22,7 +22,7 @@ %define _udevdir %(pkg-config --variable udevdir udev) %bcond_without python2 Name: gpsd -Version: 3.23 +Version: 3.23.1 Release: 0 Summary: Service daemon for mediating access to a GPS License: BSD-3-Clause @@ -34,6 +34,8 @@ Source3: sysconfig.gpsd Source98: https://download-mirror.savannah.gnu.org/releases/gpsd/%{name}-%{version}.tar.xz.sig Source99: %{name}.keyring +Patch0: harden_gpsd.service.patch +Patch1: harden_gpsdctl@.service.patch BuildRequires: chrpath BuildRequires: fdupes BuildRequires: gcc-c++ @@ -163,10 +165,17 @@ %if %{with python2} mkdir -p %{name}-%{version}/python2 tar -xf %{SOURCE0} -C %{name}-%{version}/python2 +pushd %{name}-%{version}/python2/%{name}-%{version} +%patch0 +%patch1 +popd %endif mkdir -p %{name}-%{version}/python3 tar -xf %{SOURCE0} -C %{name}-%{version}/python3 -cd %{name}-%{version} +pushd %{name}-%{version}/python3/%{name}-%{version} +%patch0 +%patch1 +popd %build # LTO fails on aarch64 (version 3.22, May 2021) ++++++ gpsd-3.23.tar.xz -> gpsd-3.23.1.tar.xz ++++++ ++++ 16607 lines of diff (skipped) ++++++ harden_gpsd.service.patch ++++++ Index: systemd/gpsd.service.in =================================================================== --- systemd/gpsd.service.in +++ systemd/gpsd.service.in @@ -5,6 +5,18 @@ Requires=gpsd.socket After=chronyd.service [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=false +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking EnvironmentFile=-/etc/default/gpsd EnvironmentFile=-/etc/sysconfig/gpsd ++++++ harden_gpsdctl@.service.patch ++++++ Index: systemd/gpsd...@.service.in =================================================================== --- systemd/gpsd...@.service.in +++ systemd/gpsd...@.service.in @@ -5,6 +5,18 @@ BindsTo=dev-%i.device After=dev-%i.device [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=false +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=oneshot Environment="GPSD_SOCKET=@RUNDIR@/gpsd.sock" EnvironmentFile=-/etc/default/gpsd
