Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package connman for openSUSE:Factory checked in at 2021-12-23 17:53:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/connman (Old) and /work/SRC/openSUSE:Factory/.connman.new.2520 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "connman" Thu Dec 23 17:53:36 2021 rev:10 rq:940531 version:1.40 Changes: -------- --- /work/SRC/openSUSE:Factory/connman/connman.changes 2021-09-10 23:41:56.410599535 +0200 +++ /work/SRC/openSUSE:Factory/.connman.new.2520/connman.changes 2021-12-23 17:53:49.583721978 +0100 @@ -1,0 +2,12 @@ +Fri Nov 26 14:14:41 UTC 2021 - Danilo Spinella <danilo.spine...@suse.com> + +- connman-nmcompat manages D-Bus permissions for NetworkManager service. + However, these rules are different than the ones NetworkManager setup. + Allow the installation of only either of them. Fixes bsc#1192827 + +------------------------------------------------------------------- +Fri Oct 15 12:11:29 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Drop ProtectClock hardening, can cause issues if other device acceess is needed + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ connman.spec ++++++ --- /var/tmp/diff_new_pack.CoqEq4/_old 2021-12-23 17:53:50.159722334 +0100 +++ /var/tmp/diff_new_pack.CoqEq4/_new 2021-12-23 17:53:50.163722337 +0100 @@ -77,7 +77,6 @@ %description doc Documentation in form of man pages for Connman (Connection Manager). - ############################## #Plugins ############################## @@ -118,6 +117,7 @@ %description plugin-vpnc Provides VPNC support for Connman (Connection Manager). + #------------------------------------- %package plugin-openvpn Summary: OpenVPN plugin for connman @@ -129,6 +129,7 @@ %description plugin-openvpn Provides OpenVPN support for Connman (Connection Manager). + #------------------------------------- %package plugin-pptp Summary: PPTP plugin for connman @@ -138,6 +139,7 @@ %description plugin-pptp Provides PPTP support for Connman (Connection Manager). + #------------------------------------- %package plugin-wireguard Summary: WireGuard plugin for connman @@ -167,6 +169,7 @@ %description plugin-l2tp Provides L2TP (Layer 2 Tunneling Protocol) support for Connman (Connection Manager). + #------------------------------------- %package plugin-iospm Summary: Intel OSPM plugin for connman @@ -178,6 +181,7 @@ %description plugin-iospm Provides Intel OSPM support for Connman (Connection Manager). + #------------------------------------- %package test Summary: Test and example scripts for connman @@ -187,15 +191,20 @@ %description test Provides test and example scripts for Connman (Connection Manager). + #------------------------------------- %package nmcompat Summary: NetworkManager compatibility for connman Group: System/Daemons Requires: %{name} >= %{version} +# This package install D-Bus rules that are different than the ones from +# NetworkManager, only allow the installation of one of them +Conflicts: NetworkManager %description nmcompat Provides NetworkManager compatibility for Connman (Connection Manager). + #------------------------------------- %package plugin-polkit Summary: PolicyKit plugin for connman @@ -207,6 +216,7 @@ %description plugin-polkit Provides PolicyKit support for Connman (Connection Manager). + #------------------------------------- %package client Summary: Client script for connman ++++++ harden_connman-vpn.service.patch ++++++ --- /var/tmp/diff_new_pack.CoqEq4/_old 2021-12-23 17:53:50.215722369 +0100 +++ /var/tmp/diff_new_pack.CoqEq4/_new 2021-12-23 17:53:50.219722371 +0100 @@ -2,14 +2,13 @@ =================================================================== --- connman-1.40.orig/vpn/connman-vpn.service.in +++ connman-1.40/vpn/connman-vpn.service.in -@@ -9,6 +9,16 @@ StandardOutput=null +@@ -9,6 +9,15 @@ StandardOutput=null CapabilityBoundingSet=CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_CHOWN CAP_FOWNER ProtectHome=read-only ProtectSystem=full +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true ++++++ harden_connman-wait-online.service.patch ++++++ --- /var/tmp/diff_new_pack.CoqEq4/_old 2021-12-23 17:53:50.227722377 +0100 +++ /var/tmp/diff_new_pack.CoqEq4/_new 2021-12-23 17:53:50.231722379 +0100 @@ -2,7 +2,7 @@ =================================================================== --- connman-1.40.orig/src/connman-wait-online.service.in +++ connman-1.40/src/connman-wait-online.service.in -@@ -7,6 +7,18 @@ DefaultDependencies=no +@@ -7,6 +7,17 @@ DefaultDependencies=no Conflicts=shutdown.target [Service] @@ -11,7 +11,6 @@ +ProtectSystem=full +ProtectHome=true +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true