Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package transmission for openSUSE:Factory checked in at 2021-11-29 17:28:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/transmission (Old) and /work/SRC/openSUSE:Factory/.transmission.new.31177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "transmission" Mon Nov 29 17:28:20 2021 rev:92 rq:934074 version:3.00 Changes: -------- --- /work/SRC/openSUSE:Factory/transmission/transmission.changes 2020-11-09 13:58:22.355838328 +0100 +++ /work/SRC/openSUSE:Factory/.transmission.new.31177/transmission.changes 2021-12-02 02:27:46.436085042 +0100 @@ -1,0 +2,6 @@ +Thu Nov 25 09:30:38 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_transmission-daemon.service.patch + +------------------------------------------------------------------- New: ---- harden_transmission-daemon.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ transmission.spec ++++++ --- /var/tmp/diff_new_pack.2KFMa8/_old 2021-12-02 02:27:46.868083551 +0100 +++ /var/tmp/diff_new_pack.2KFMa8/_new 2021-12-02 02:27:46.872083537 +0100 @@ -27,6 +27,7 @@ Source0: https://github.com/%{name}/%{name}-releases/raw/master/%{name}-%{version}.tar.xz Source1: transmission-qt.desktop Source3: README.openSUSE +Patch0: harden_transmission-daemon.service.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: intltool @@ -121,6 +122,7 @@ %prep %setup cp %{SOURCE3} . +%patch0 -p1 %build autoreconf -fi ++++++ harden_transmission-daemon.service.patch ++++++ Index: transmission-3.00/daemon/transmission-daemon.service =================================================================== --- transmission-3.00.orig/daemon/transmission-daemon.service +++ transmission-3.00/daemon/transmission-daemon.service @@ -3,6 +3,18 @@ Description=Transmission BitTorrent Daem After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions User=transmission Type=notify ExecStart=/usr/bin/transmission-daemon -f --log-error
