commit xdmsc for openSUSE:Factory

Wed, 12 Jan 2022 15:23:42 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package xdmsc for openSUSE:Factory checked 
in at 2022-01-13 00:22:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xdmsc (Old)
 and      /work/SRC/openSUSE:Factory/.xdmsc.new.1892 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "xdmsc"

Thu Jan 13 00:22:29 2022 rev:19 rq:945821 version:0.6

Changes:
--------
--- /work/SRC/openSUSE:Factory/xdmsc/xdmsc.changes      2017-12-23 
12:20:04.229874454 +0100
+++ /work/SRC/openSUSE:Factory/.xdmsc.new.1892/xdmsc.changes    2022-01-13 
00:23:25.103975498 +0100
@@ -1,0 +2,6 @@
+Mon Jan 10 09:37:35 UTC 2022 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_xdmsc@.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_xdmsc@.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ xdmsc.spec ++++++
--- /var/tmp/diff_new_pack.fCPDmi/_old  2022-01-13 00:23:26.523976520 +0100
+++ /var/tmp/diff_new_pack.fCPDmi/_new  2022-01-13 00:23:26.527976523 +0100
@@ -31,6 +31,7 @@
 License:        GPL-2.0
 Group:          System/X11/Utilities
 Source:         Xterminal-%{version}.tar.gz
+Patch0:        harden_xdmsc@.service.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 
@@ -44,6 +45,7 @@
 
 %prep
 %setup -n Xterminal-%{version}
+%patch0 -p1
 
 %build
     make -f Makefile.Linux compile

++++++ harden_xdmsc@.service.patch ++++++
Index: Xterminal-0.6/xdmsc@.service
===================================================================
--- Xterminal-0.6.orig/xdmsc@.service
+++ Xterminal-0.6/xdmsc@.service
@@ -12,6 +12,19 @@ After=remote-fs.target dbus.socket syste
 ConditionPathExists=/dev/tty0
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=/usr/lib/xdmsc/rx %I
 Restart=always
 RestartSec=0

Reply via email to