Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package pcsc-lite for openSUSE:Factory checked in at 2021-10-30 23:13:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pcsc-lite (Old) and /work/SRC/openSUSE:Factory/.pcsc-lite.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pcsc-lite" Sat Oct 30 23:13:33 2021 rev:90 rq:927923 version:1.9.4 Changes: -------- --- /work/SRC/openSUSE:Factory/pcsc-lite/pcsc-lite.changes 2021-10-11 16:48:44.646179974 +0200 +++ /work/SRC/openSUSE:Factory/.pcsc-lite.new.1890/pcsc-lite.changes 2021-10-30 23:14:35.999097150 +0200 @@ -1,0 +2,6 @@ +Mon Oct 18 13:25:25 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_pcscd.service.patch + +------------------------------------------------------------------- New: ---- harden_pcscd.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pcsc-lite.spec ++++++ --- /var/tmp/diff_new_pack.klmwNR/_old 2021-10-30 23:14:36.511097562 +0200 +++ /var/tmp/diff_new_pack.klmwNR/_new 2021-10-30 23:14:36.515097565 +0200 @@ -40,6 +40,7 @@ Source7: https://pcsclite.apdu.fr/files/%{name}-%{version}.tar.bz2.asc Source8: %{name}.keyring Patch0: systemd-service.patch +Patch1: harden_pcscd.service.patch BuildRequires: gcc BuildRequires: libtool BuildRequires: pkg-config @@ -109,6 +110,7 @@ %setup -q %patch0 -p1 cp -a %{SOURCE1} %{SOURCE2} %{SOURCE6} . +%patch1 -p1 %build %configure \ ++++++ harden_pcscd.service.patch ++++++ Index: pcsc-lite-1.9.4/etc/pcscd.service.in =================================================================== --- pcsc-lite-1.9.4.orig/etc/pcscd.service.in +++ pcsc-lite-1.9.4/etc/pcscd.service.in @@ -4,6 +4,17 @@ Requires=pcscd.socket Documentation=man:pcscd(8) [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Environment="PCSCD_OPTIONS=" EnvironmentFile=-/etc/sysconfig/pcscd ExecStart=@sbindir_exp@/pcscd --foreground $PCSCD_OPTIONS
