Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package e2fsprogs for openSUSE:Factory checked in at 2021-10-20 20:22:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/e2fsprogs (Old) and /work/SRC/openSUSE:Factory/.e2fsprogs.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "e2fsprogs" Wed Oct 20 20:22:41 2021 rev:123 rq:925637 version:1.46.4 Changes: -------- --- /work/SRC/openSUSE:Factory/e2fsprogs/e2fsprogs.changes 2021-10-08 22:04:34.408513262 +0200 +++ /work/SRC/openSUSE:Factory/.e2fsprogs.new.1890/e2fsprogs.changes 2021-10-20 20:22:46.733322319 +0200 @@ -1,0 +2,5 @@ +Fri Oct 15 12:11:41 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Drop ProtectClock hardening, can cause issues if other device acceess is needed + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ harden_e2scrub@.service.patch ++++++ --- /var/tmp/diff_new_pack.4OBcJ9/_old 2021-10-20 20:22:47.673322898 +0200 +++ /var/tmp/diff_new_pack.4OBcJ9/_new 2021-10-20 20:22:47.673322898 +0200 @@ -2,14 +2,13 @@ =================================================================== --- e2fsprogs-1.46.4.orig/scrub/e2sc...@.service.in +++ e2fsprogs-1.46.4/scrub/e2sc...@.service.in -@@ -10,6 +10,15 @@ PrivateNetwork=true +@@ -10,6 +10,14 @@ PrivateNetwork=true ProtectSystem=true ProtectHome=read-only PrivateTmp=yes +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelLogs=true +ProtectControlGroups=true ++++++ harden_e2scrub_all.service.patch ++++++ --- /var/tmp/diff_new_pack.4OBcJ9/_old 2021-10-20 20:22:47.681322904 +0200 +++ /var/tmp/diff_new_pack.4OBcJ9/_new 2021-10-20 20:22:47.681322904 +0200 @@ -2,7 +2,7 @@ =================================================================== --- e2fsprogs-1.46.3.orig/scrub/e2scrub_all.service.in +++ e2fsprogs-1.46.3/scrub/e2scrub_all.service.in -@@ -6,6 +6,18 @@ ConditionCapability=CAP_SYS_RAWIO +@@ -6,6 +6,17 @@ ConditionCapability=CAP_SYS_RAWIO Documentation=man:e2scrub_all(8) [Service] @@ -11,7 +11,6 @@ +ProtectSystem=full +ProtectHome=true +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true ++++++ harden_e2scrub_fail@.service.patch ++++++ --- /var/tmp/diff_new_pack.4OBcJ9/_old 2021-10-20 20:22:47.689322909 +0200 +++ /var/tmp/diff_new_pack.4OBcJ9/_new 2021-10-20 20:22:47.689322909 +0200 @@ -2,7 +2,7 @@ =================================================================== --- e2fsprogs-1.46.3.orig/scrub/e2scrub_f...@.service.in +++ e2fsprogs-1.46.3/scrub/e2scrub_f...@.service.in -@@ -3,6 +3,18 @@ Description=Online ext4 Metadata Check F +@@ -3,6 +3,17 @@ Description=Online ext4 Metadata Check F Documentation=man:e2scrub(8) [Service] @@ -11,7 +11,6 @@ +ProtectSystem=full +ProtectHome=true +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true ++++++ harden_e2scrub_reap.service.patch ++++++ --- /var/tmp/diff_new_pack.4OBcJ9/_old 2021-10-20 20:22:47.697322914 +0200 +++ /var/tmp/diff_new_pack.4OBcJ9/_new 2021-10-20 20:22:47.697322914 +0200 @@ -2,14 +2,13 @@ =================================================================== --- e2fsprogs-1.46.3.orig/scrub/e2scrub_reap.service.in +++ e2fsprogs-1.46.3/scrub/e2scrub_reap.service.in -@@ -11,6 +11,16 @@ PrivateNetwork=true +@@ -11,6 +11,15 @@ PrivateNetwork=true ProtectSystem=true ProtectHome=read-only PrivateTmp=yes +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true
