Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package connman for openSUSE:Factory checked 
in at 2022-02-01 16:59:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/connman (Old)
 and      /work/SRC/openSUSE:Factory/.connman.new.1898 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "connman"

Tue Feb  1 16:59:50 2022 rev:11 rq:950446 version:1.41

Changes:
--------
--- /work/SRC/openSUSE:Factory/connman/connman.changes  2021-12-23 
17:53:49.583721978 +0100
+++ /work/SRC/openSUSE:Factory/.connman.new.1898/connman.changes        
2022-02-01 16:59:59.644875391 +0100
@@ -1,0 +2,15 @@
+Tue Feb 01 12:57:25 UTC 2022 - Daniel Wagner <daniel.wag...@suse.com>
+
+- Update to 1.41: (bsc#1194177, bsc#1194176, bsc#1194175)
+  * Fix issue with RTNL netlink message alignment.
+  * Fix issue with dnsproxy and timeout for TCP feature. (CVE-2022-23097, 
CVE-2022-23096)
+  * Fix issue with dnsproxy and busy loop in TCP server. (CVE-2022-23098)
+  * Fix issue with WiFi connection with no passphrase.
+  * Add support for wpa_supplicant and WPA3-SAE functionality.
+  * Add support for D-Bus ObjectManager interface.
+- Renamed downstream patches to separate them from upstream patches
+  * Rename 0001-connman-1.35-service.patch to 0100-connman-1.35-service.patch
+  * Rename harden_connman-vpn.service.patch to 
0101-harden_connman-vpn.service.patch
+  * Rename harden_connman-wait-online.service.patch to 
0102-harden_connman-wait-online.service.patch
+
+-------------------------------------------------------------------

Old:
----
  0001-connman-1.35-service.patch
  connman-1.40.tar.sign
  connman-1.40.tar.xz
  harden_connman-vpn.service.patch
  harden_connman-wait-online.service.patch

New:
----
  0100-connman-1.35-service.patch
  0101-harden_connman-vpn.service.patch
  0102-harden_connman-wait-online.service.patch
  connman-1.41.tar.sign
  connman-1.41.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ connman.spec ++++++
--- /var/tmp/diff_new_pack.HtwmAS/_old  2022-02-01 17:00:00.308870721 +0100
+++ /var/tmp/diff_new_pack.HtwmAS/_new  2022-02-01 17:00:00.312870693 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package connman
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
 %define tist_working           1
 %endif
 Name:           connman
-Version:        1.40
+Version:        1.41
 Release:        0
 Summary:        Connection Manager
 License:        GPL-2.0-only
@@ -36,9 +36,10 @@
 Source1:        
http://www.kernel.org/pub/linux/network/connman/connman-%{version}.tar.sign
 Source2:        connman.keyring
 # PATCH-FIX-OPENSUSE -- Greate symlink to network.service
-Patch0:         0001-connman-1.35-service.patch
-Patch1:         harden_connman-vpn.service.patch
-Patch2:         harden_connman-wait-online.service.patch
+# downstream patches
+Patch100:       0100-connman-1.35-service.patch
+Patch101:       0101-harden_connman-vpn.service.patch
+Patch102:       0102-harden_connman-wait-online.service.patch
 BuildRequires:  dhcp
 BuildRequires:  openvpn
 BuildRequires:  pkgconfig
@@ -89,7 +90,6 @@
 %description plugin-hh2serial-gps
 Provides HH2Serial GPS device support for Connman (Connection Manager).
 %endif
-#-------------------------------------
 
 %if %{openconnect_present}
 %package plugin-openconnect
@@ -104,8 +104,7 @@
 %description plugin-openconnect
 Provides OpenConnect support for Connman (Connection Manager).
 OpenConnect is an open client for Cisco(TM) AnyConnect(TM) VPN.
-#-------------------------------------
-%endif #openconnect_present
+%endif
 
 %package plugin-vpnc
 Summary:        VPNC plugin for connman
@@ -117,8 +116,6 @@
 %description plugin-vpnc
 Provides VPNC support for Connman (Connection Manager).
 
-
-#-------------------------------------
 %package plugin-openvpn
 Summary:        OpenVPN plugin for connman
 Group:          System/Daemons
@@ -129,8 +126,6 @@
 %description plugin-openvpn
 Provides OpenVPN support for Connman (Connection Manager).
 
-
-#-------------------------------------
 %package plugin-pptp
 Summary:        PPTP plugin for connman
 Group:          System/Daemons
@@ -139,8 +134,6 @@
 %description plugin-pptp
 Provides PPTP support for Connman (Connection Manager).
 
-
-#-------------------------------------
 %package plugin-wireguard
 Summary:        WireGuard plugin for connman
 Group:          System/Daemons
@@ -149,7 +142,7 @@
 %description plugin-wireguard
 Provides WireGuard network support for Connman (Connection Manager).
 
-#-------------------------------------
+
 %if %{tist_working}
 %package plugin-tist
 Summary:        TIST plugin for connman
@@ -158,8 +151,7 @@
 
 %description plugin-tist
 Provides TI Shared Transport support for Connman (Connection Manager).
-%endif # tist_working
-#-------------------------------------
+%endif
 
 %package plugin-l2tp
 Summary:        L2TP plugin for connman
@@ -169,8 +161,6 @@
 %description plugin-l2tp
 Provides L2TP (Layer 2 Tunneling Protocol) support for Connman (Connection 
Manager).
 
-
-#-------------------------------------
 %package plugin-iospm
 Summary:        Intel OSPM plugin for connman
 Group:          System/Daemons
@@ -181,8 +171,6 @@
 %description plugin-iospm
 Provides Intel OSPM support for Connman (Connection Manager).
 
-
-#-------------------------------------
 %package test
 Summary:        Test and example scripts for connman
 Group:          System/Daemons
@@ -191,8 +179,6 @@
 %description test
 Provides test and example scripts for Connman (Connection Manager).
 
-
-#-------------------------------------
 %package nmcompat
 Summary:        NetworkManager compatibility for connman
 Group:          System/Daemons
@@ -204,8 +190,6 @@
 %description nmcompat
 Provides NetworkManager compatibility for Connman (Connection Manager).
 
-
-#-------------------------------------
 %package plugin-polkit
 Summary:        PolicyKit plugin for connman
 Group:          System/Daemons
@@ -216,8 +200,6 @@
 %description plugin-polkit
 Provides PolicyKit support for Connman (Connection Manager).
 
-
-#-------------------------------------
 %package client
 Summary:        Client script for connman
 Group:          System/Daemons
@@ -227,10 +209,7 @@
 Provides client interface for Connman (Connection Manager).
 
 %prep
-%setup -q -n connman-%{version}
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
+%autosetup -p1 -n connman-%{version}
 
 %build
 # Using i586 repository, so explicitly forward it to CC.

++++++ 0001-connman-1.35-service.patch -> 0100-connman-1.35-service.patch ++++++

++++++ 0101-harden_connman-vpn.service.patch ++++++
Index: connman-1.40/vpn/connman-vpn.service.in
===================================================================
--- connman-1.40.orig/vpn/connman-vpn.service.in
+++ connman-1.40/vpn/connman-vpn.service.in
@@ -9,6 +9,15 @@ StandardOutput=null
 CapabilityBoundingSet=CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW 
CAP_SETGID CAP_SETUID CAP_CHOWN CAP_FOWNER
 ProtectHome=read-only
 ProtectSystem=full
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 
 [Install]
 WantedBy=multi-user.target

++++++ 0102-harden_connman-wait-online.service.patch ++++++
Index: connman-1.40/src/connman-wait-online.service.in
===================================================================
--- connman-1.40.orig/src/connman-wait-online.service.in
+++ connman-1.40/src/connman-wait-online.service.in
@@ -7,6 +7,17 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=oneshot
 ExecStart=@sbindir@/connmand-wait-online
 RemainAfterExit=yes

++++++ connman-1.40.tar.xz -> connman-1.41.tar.xz ++++++
++++ 4066 lines of diff (skipped)

Reply via email to