Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package veyon for openSUSE:Factory checked in at 2022-01-10 23:53:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/veyon (Old) and /work/SRC/openSUSE:Factory/.veyon.new.1892 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "veyon" Mon Jan 10 23:53:41 2022 rev:13 rq:945356 version:4.7.0 Changes: -------- --- /work/SRC/openSUSE:Factory/veyon/veyon.changes 2021-12-05 22:46:47.981507523 +0100 +++ /work/SRC/openSUSE:Factory/.veyon.new.1892/veyon.changes 2022-01-10 23:54:19.352842162 +0100 @@ -1,0 +2,6 @@ +Wed Jan 5 08:41:33 UTC 2022 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_veyon.service.patch + +------------------------------------------------------------------- New: ---- harden_veyon.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ veyon.spec ++++++ --- /var/tmp/diff_new_pack.UpYNBZ/_old 2022-01-10 23:54:19.856842603 +0100 +++ /var/tmp/diff_new_pack.UpYNBZ/_new 2022-01-10 23:54:19.860842607 +0100 @@ -23,6 +23,7 @@ License: GPL-2.0-or-later URL: https://veyon.io/ Source: https://github.com/veyon/veyon/releases/download/v%{version}/veyon-%{version}-src.tar.bz2 +Patch0: harden_veyon.service.patch BuildRequires: cmake BuildRequires: cyrus-sasl-devel BuildRequires: gcc-c++ ++++++ harden_veyon.service.patch ++++++ Index: veyon-4.7.0/service/veyon.service.in =================================================================== --- veyon-4.7.0.orig/service/veyon.service.in +++ veyon-4.7.0/service/veyon.service.in @@ -6,6 +6,17 @@ Requires=dbus.service systemd-logind.ser Documentation=man:veyon-service(1) [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStart=@CMAKE_INSTALL_PREFIX@/bin/veyon-service Type=simple Restart=always