commit xf86-input-wacom for openSUSE:Factory

Source-Sync Mon, 17 Jan 2022 13:52:22 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package xf86-input-wacom for 
openSUSE:Factory checked in at 2022-01-17 22:33:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xf86-input-wacom (Old)
 and      /work/SRC/openSUSE:Factory/.xf86-input-wacom.new.1892 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "xf86-input-wacom"

Mon Jan 17 22:33:53 2022 rev:36 rq:946704 version:0.40.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/xf86-input-wacom/xf86-input-wacom.changes        
2021-05-10 15:38:59.329660306 +0200
+++ 
/work/SRC/openSUSE:Factory/.xf86-input-wacom.new.1892/xf86-input-wacom.changes  
    2022-01-17 22:33:57.966240561 +0100
@@ -1,0 +2,6 @@
+Mon Jan 10 09:55:03 UTC 2022 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_wacom-inputattach@.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_wacom-inputattach@.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ xf86-input-wacom.spec ++++++
--- /var/tmp/diff_new_pack.zyboIt/_old  2022-01-17 22:33:58.454240884 +0100
+++ /var/tmp/diff_new_pack.zyboIt/_new  2022-01-17 22:33:58.458240886 +0100
@@ -29,6 +29,7 @@
 Patch9:         n_03-Log-PRESSURE-low-level-events.patch
 Patch10:        n_04-Log-BUTTON-HIGH-LEVEL-events.patch
 Patch12:        n_disable-touchscreen.patch
+Patch13:       harden_wacom-inputattach@.service.patch
 # For directory ownership
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@@ -78,6 +79,7 @@
 %patch9 -p1
 %patch10 -p1
 %patch12 -p1
+%patch13 -p1
 
 %build
 autoreconf -fi

++++++ harden_wacom-inputattach@.service.patch ++++++
Index: xf86-input-wacom-0.40.0/conf/wacom-inputatt...@.service.in
===================================================================
--- xf86-input-wacom-0.40.0.orig/conf/wacom-inputatt...@.service.in
+++ xf86-input-wacom-0.40.0/conf/wacom-inputatt...@.service.in
@@ -2,6 +2,17 @@
 Description=inputattach for Wacom ISDv4-compatible serial devices
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=simple
 ExecStart=__BIN_PREFIX__/isdv4-serial-inputattach /dev/%I
 Restart=on-success

commit xf86-input-wacom for openSUSE:Factory

Reply via email to