Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package neard for openSUSE:Factory checked in at 2021-10-13 18:06:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/neard (Old) and /work/SRC/openSUSE:Factory/.neard.new.2443 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "neard" Wed Oct 13 18:06:15 2021 rev:10 rq:925018 version:0.16 Changes: -------- --- /work/SRC/openSUSE:Factory/neard/neard.changes 2020-09-17 15:07:58.236888314 +0200 +++ /work/SRC/openSUSE:Factory/.neard.new.2443/neard.changes 2021-10-13 18:10:08.699656285 +0200 @@ -1,0 +2,8 @@ +Mon Oct 11 07:29:41 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_neard.service.patch + Modified: + * neard.service + +------------------------------------------------------------------- New: ---- harden_neard.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ neard.spec ++++++ --- /var/tmp/diff_new_pack.xUkLCP/_old 2021-10-13 18:10:09.135656969 +0200 +++ /var/tmp/diff_new_pack.xUkLCP/_new 2021-10-13 18:10:09.139656975 +0200 @@ -29,6 +29,7 @@ Source1: neard.service Source2: 99-neard.rules Patch1: neard-0.13-fix-dbus_send_destination_config.patch +Patch2: harden_neard.service.patch BuildRequires: automake BuildRequires: check-devel BuildRequires: libtool @@ -62,6 +63,7 @@ %prep %setup -q %patch1 -p1 +%patch2 -p1 %build autoreconf -fiv ++++++ harden_neard.service.patch ++++++ Index: neard-0.16/src/neard.service.in =================================================================== --- neard-0.16.orig/src/neard.service.in +++ neard-0.16/src/neard.service.in @@ -3,6 +3,18 @@ Description=neard service Documentation=man:neard(8) [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=dbus BusName=org.neard ExecStart=@pkglibexecdir@/neard -n ++++++ neard.service ++++++ --- /var/tmp/diff_new_pack.xUkLCP/_old 2021-10-13 18:10:09.199657069 +0200 +++ /var/tmp/diff_new_pack.xUkLCP/_new 2021-10-13 18:10:09.199657069 +0200 @@ -3,6 +3,18 @@ Documentation=man:neard(8) [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=dbus BusName=org.neard ExecStart=/usr/lib/nfc/neard -n
