Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sysprof for openSUSE:Factory checked in at 2021-12-12 21:27:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sysprof (Old) and /work/SRC/openSUSE:Factory/.sysprof.new.2520 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sysprof" Sun Dec 12 21:27:22 2021 rev:25 rq:939443 version:3.42.1 Changes: -------- --- /work/SRC/openSUSE:Factory/sysprof/sysprof.changes 2021-11-06 18:17:53.380880166 +0100 +++ /work/SRC/openSUSE:Factory/.sysprof.new.2520/sysprof.changes 2021-12-12 21:27:47.656348109 +0100 @@ -1,0 +2,7 @@ +Wed Nov 24 10:43:35 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_sysprof2.service.patch + * harden_sysprof3.service.patch + +------------------------------------------------------------------- New: ---- harden_sysprof2.service.patch harden_sysprof3.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sysprof.spec ++++++ --- /var/tmp/diff_new_pack.XHRHBz/_old 2021-12-12 21:27:48.064348351 +0100 +++ /var/tmp/diff_new_pack.XHRHBz/_new 2021-12-12 21:27:48.068348353 +0100 @@ -36,6 +36,8 @@ Group: Development/Tools/Debuggers URL: https://wiki.gnome.org/Apps/Sysprof Source0: https://download.gnome.org/sources/sysprof/3.42/sysprof-%{version}.tar.xz +Patch0: harden_sysprof2.service.patch +Patch1: harden_sysprof3.service.patch BuildRequires: c++_compiler BuildRequires: itstool ++++++ harden_sysprof2.service.patch ++++++ Index: sysprof-3.42.1/src/sysprofd/sysprof2.service.in =================================================================== --- sysprof-3.42.1.orig/src/sysprofd/sysprof2.service.in +++ sysprof-3.42.1/src/sysprofd/sysprof2.service.in @@ -2,6 +2,18 @@ Description=Sysprof Daemon [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=dbus BusName=org.gnome.Sysprof2 ExecStart=@sysprofdprivdir@/sysprofd ++++++ harden_sysprof3.service.patch ++++++ Index: sysprof-3.42.1/src/sysprofd/sysprof3.service.in =================================================================== --- sysprof-3.42.1.orig/src/sysprofd/sysprof3.service.in +++ sysprof-3.42.1/src/sysprofd/sysprof3.service.in @@ -2,6 +2,18 @@ Description=Sysprof Daemon [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=dbus BusName=org.gnome.Sysprof3 ExecStart=@sysprofdprivdir@/sysprofd
