commit nginx for openSUSE:Factory

Wed, 20 Oct 2021 11:23:39 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package nginx for openSUSE:Factory checked 
in at 2021-10-20 20:22:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nginx (Old)
 and      /work/SRC/openSUSE:Factory/.nginx.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "nginx"

Wed Oct 20 20:22:53 2021 rev:71 rq:925491 version:1.21.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/nginx/nginx.changes      2021-09-16 
23:16:43.583925935 +0200
+++ /work/SRC/openSUSE:Factory/.nginx.new.1890/nginx.changes    2021-10-20 
20:23:11.569337649 +0200
@@ -1,0 +2,11 @@
+Fri Oct 15 14:23:41 UTC 2021 - Callum Farmer <[email protected]>
+
+- Add CONFIG parameter to %sysusers_generate_pre
+
+-------------------------------------------------------------------
+Mon Oct 11 09:26:39 UTC 2021 - Johannes Segitz <[email protected]>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * nginx.service
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ nginx.spec ++++++
--- /var/tmp/diff_new_pack.wI23H3/_old  2021-10-20 20:23:12.133337997 +0200
+++ /var/tmp/diff_new_pack.wI23H3/_new  2021-10-20 20:23:12.133337997 +0200
@@ -133,7 +133,7 @@
 %{ngx_configure}
 
 %make_build
-%sysusers_generate_pre %{SOURCE9} nginx
+%sysusers_generate_pre %{SOURCE9} nginx nginx.conf
 
 %install
 %make_install



++++++ nginx.service ++++++
--- /var/tmp/diff_new_pack.wI23H3/_old  2021-10-20 20:23:12.217338050 +0200
+++ /var/tmp/diff_new_pack.wI23H3/_new  2021-10-20 20:23:12.221338052 +0200
@@ -12,6 +12,19 @@
 TimeoutStopSec=5
 KillMode=mixed
 PrivateTmp=true
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=read-only
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 
 [Install]
 WantedBy=multi-user.target

Reply via email to