commit veyon for openSUSE:Factory

Mon, 10 Jan 2022 14:54:31 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package veyon for openSUSE:Factory checked 
in at 2022-01-10 23:53:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/veyon (Old)
 and      /work/SRC/openSUSE:Factory/.veyon.new.1892 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "veyon"

Mon Jan 10 23:53:41 2022 rev:13 rq:945356 version:4.7.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/veyon/veyon.changes      2021-12-05 
22:46:47.981507523 +0100
+++ /work/SRC/openSUSE:Factory/.veyon.new.1892/veyon.changes    2022-01-10 
23:54:19.352842162 +0100
@@ -1,0 +2,6 @@
+Wed Jan  5 08:41:33 UTC 2022 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_veyon.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_veyon.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ veyon.spec ++++++
--- /var/tmp/diff_new_pack.UpYNBZ/_old  2022-01-10 23:54:19.856842603 +0100
+++ /var/tmp/diff_new_pack.UpYNBZ/_new  2022-01-10 23:54:19.860842607 +0100
@@ -23,6 +23,7 @@
 License:        GPL-2.0-or-later
 URL:            https://veyon.io/
 Source:         
https://github.com/veyon/veyon/releases/download/v%{version}/veyon-%{version}-src.tar.bz2
+Patch0:        harden_veyon.service.patch
 BuildRequires:  cmake
 BuildRequires:  cyrus-sasl-devel
 BuildRequires:  gcc-c++

++++++ harden_veyon.service.patch ++++++
Index: veyon-4.7.0/service/veyon.service.in
===================================================================
--- veyon-4.7.0.orig/service/veyon.service.in
+++ veyon-4.7.0/service/veyon.service.in
@@ -6,6 +6,17 @@ Requires=dbus.service systemd-logind.ser
 Documentation=man:veyon-service(1)
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=@CMAKE_INSTALL_PREFIX@/bin/veyon-service
 Type=simple
 Restart=always

Reply via email to