commit libratbag for openSUSE:Factory

Fri, 15 Oct 2021 14:05:32 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libratbag for openSUSE:Factory 
checked in at 2021-10-15 23:04:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libratbag (Old)
 and      /work/SRC/openSUSE:Factory/.libratbag.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libratbag"

Fri Oct 15 23:04:37 2021 rev:13 rq:925532 version:0.16

Changes:
--------
--- /work/SRC/openSUSE:Factory/libratbag/libratbag.changes      2021-06-25 
15:02:07.908209678 +0200
+++ /work/SRC/openSUSE:Factory/.libratbag.new.1890/libratbag.changes    
2021-10-15 23:05:11.186149771 +0200
@@ -1,0 +2,6 @@
+Fri Oct 15 07:05:09 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_ratbagd.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_ratbagd.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libratbag.spec ++++++
--- /var/tmp/diff_new_pack.CcvEiH/_old  2021-10-15 23:05:11.842150239 +0200
+++ /var/tmp/diff_new_pack.CcvEiH/_new  2021-10-15 23:05:11.842150239 +0200
@@ -27,6 +27,7 @@
 Source:         %{name}-%{version}.tar.xz
 Patch1:         shebang-env.diff
 Patch2:         install-daemon-into-sbindir.patch
+Patch3:         harden_ratbagd.service.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  json-glib-devel
@@ -101,6 +102,7 @@
 %prep
 %setup -q
 %patch -P 1 -P 2 -p1
+%patch3 -p1
 
 %build
 %meson -Ddocumentation=false -Ddbus-group=games \

++++++ harden_ratbagd.service.patch ++++++
Index: libratbag-0.16/ratbagd/ratbagd.service.in
===================================================================
--- libratbag-0.16.orig/ratbagd/ratbagd.service.in
+++ libratbag-0.16/ratbagd/ratbagd.service.in
@@ -2,6 +2,17 @@
 Description=Daemon to introspect and modify configurable mice
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=dbus
 BusName=org.freedesktop.ratbag1
 ExecStart=@sbindir@/ratbagd

Reply via email to