Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package connman for openSUSE:Factory checked in at 2022-02-01 16:59:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/connman (Old) and /work/SRC/openSUSE:Factory/.connman.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "connman" Tue Feb 1 16:59:50 2022 rev:11 rq:950446 version:1.41 Changes: -------- --- /work/SRC/openSUSE:Factory/connman/connman.changes 2021-12-23 17:53:49.583721978 +0100 +++ /work/SRC/openSUSE:Factory/.connman.new.1898/connman.changes 2022-02-01 16:59:59.644875391 +0100 @@ -1,0 +2,15 @@ +Tue Feb 01 12:57:25 UTC 2022 - Daniel Wagner <daniel.wag...@suse.com> + +- Update to 1.41: (bsc#1194177, bsc#1194176, bsc#1194175) + * Fix issue with RTNL netlink message alignment. + * Fix issue with dnsproxy and timeout for TCP feature. (CVE-2022-23097, CVE-2022-23096) + * Fix issue with dnsproxy and busy loop in TCP server. (CVE-2022-23098) + * Fix issue with WiFi connection with no passphrase. + * Add support for wpa_supplicant and WPA3-SAE functionality. + * Add support for D-Bus ObjectManager interface. +- Renamed downstream patches to separate them from upstream patches + * Rename 0001-connman-1.35-service.patch to 0100-connman-1.35-service.patch + * Rename harden_connman-vpn.service.patch to 0101-harden_connman-vpn.service.patch + * Rename harden_connman-wait-online.service.patch to 0102-harden_connman-wait-online.service.patch + +------------------------------------------------------------------- Old: ---- 0001-connman-1.35-service.patch connman-1.40.tar.sign connman-1.40.tar.xz harden_connman-vpn.service.patch harden_connman-wait-online.service.patch New: ---- 0100-connman-1.35-service.patch 0101-harden_connman-vpn.service.patch 0102-harden_connman-wait-online.service.patch connman-1.41.tar.sign connman-1.41.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ connman.spec ++++++ --- /var/tmp/diff_new_pack.HtwmAS/_old 2022-02-01 17:00:00.308870721 +0100 +++ /var/tmp/diff_new_pack.HtwmAS/_new 2022-02-01 17:00:00.312870693 +0100 @@ -1,7 +1,7 @@ # # spec file for package connman # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ %define tist_working 1 %endif Name: connman -Version: 1.40 +Version: 1.41 Release: 0 Summary: Connection Manager License: GPL-2.0-only @@ -36,9 +36,10 @@ Source1: http://www.kernel.org/pub/linux/network/connman/connman-%{version}.tar.sign Source2: connman.keyring # PATCH-FIX-OPENSUSE -- Greate symlink to network.service -Patch0: 0001-connman-1.35-service.patch -Patch1: harden_connman-vpn.service.patch -Patch2: harden_connman-wait-online.service.patch +# downstream patches +Patch100: 0100-connman-1.35-service.patch +Patch101: 0101-harden_connman-vpn.service.patch +Patch102: 0102-harden_connman-wait-online.service.patch BuildRequires: dhcp BuildRequires: openvpn BuildRequires: pkgconfig @@ -89,7 +90,6 @@ %description plugin-hh2serial-gps Provides HH2Serial GPS device support for Connman (Connection Manager). %endif -#------------------------------------- %if %{openconnect_present} %package plugin-openconnect @@ -104,8 +104,7 @@ %description plugin-openconnect Provides OpenConnect support for Connman (Connection Manager). OpenConnect is an open client for Cisco(TM) AnyConnect(TM) VPN. -#------------------------------------- -%endif #openconnect_present +%endif %package plugin-vpnc Summary: VPNC plugin for connman @@ -117,8 +116,6 @@ %description plugin-vpnc Provides VPNC support for Connman (Connection Manager). - -#------------------------------------- %package plugin-openvpn Summary: OpenVPN plugin for connman Group: System/Daemons @@ -129,8 +126,6 @@ %description plugin-openvpn Provides OpenVPN support for Connman (Connection Manager). - -#------------------------------------- %package plugin-pptp Summary: PPTP plugin for connman Group: System/Daemons @@ -139,8 +134,6 @@ %description plugin-pptp Provides PPTP support for Connman (Connection Manager). - -#------------------------------------- %package plugin-wireguard Summary: WireGuard plugin for connman Group: System/Daemons @@ -149,7 +142,7 @@ %description plugin-wireguard Provides WireGuard network support for Connman (Connection Manager). -#------------------------------------- + %if %{tist_working} %package plugin-tist Summary: TIST plugin for connman @@ -158,8 +151,7 @@ %description plugin-tist Provides TI Shared Transport support for Connman (Connection Manager). -%endif # tist_working -#------------------------------------- +%endif %package plugin-l2tp Summary: L2TP plugin for connman @@ -169,8 +161,6 @@ %description plugin-l2tp Provides L2TP (Layer 2 Tunneling Protocol) support for Connman (Connection Manager). - -#------------------------------------- %package plugin-iospm Summary: Intel OSPM plugin for connman Group: System/Daemons @@ -181,8 +171,6 @@ %description plugin-iospm Provides Intel OSPM support for Connman (Connection Manager). - -#------------------------------------- %package test Summary: Test and example scripts for connman Group: System/Daemons @@ -191,8 +179,6 @@ %description test Provides test and example scripts for Connman (Connection Manager). - -#------------------------------------- %package nmcompat Summary: NetworkManager compatibility for connman Group: System/Daemons @@ -204,8 +190,6 @@ %description nmcompat Provides NetworkManager compatibility for Connman (Connection Manager). - -#------------------------------------- %package plugin-polkit Summary: PolicyKit plugin for connman Group: System/Daemons @@ -216,8 +200,6 @@ %description plugin-polkit Provides PolicyKit support for Connman (Connection Manager). - -#------------------------------------- %package client Summary: Client script for connman Group: System/Daemons @@ -227,10 +209,7 @@ Provides client interface for Connman (Connection Manager). %prep -%setup -q -n connman-%{version} -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 +%autosetup -p1 -n connman-%{version} %build # Using i586 repository, so explicitly forward it to CC. ++++++ 0001-connman-1.35-service.patch -> 0100-connman-1.35-service.patch ++++++ ++++++ 0101-harden_connman-vpn.service.patch ++++++ Index: connman-1.40/vpn/connman-vpn.service.in =================================================================== --- connman-1.40.orig/vpn/connman-vpn.service.in +++ connman-1.40/vpn/connman-vpn.service.in @@ -9,6 +9,15 @@ StandardOutput=null CapabilityBoundingSet=CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_CHOWN CAP_FOWNER ProtectHome=read-only ProtectSystem=full +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions [Install] WantedBy=multi-user.target ++++++ 0102-harden_connman-wait-online.service.patch ++++++ Index: connman-1.40/src/connman-wait-online.service.in =================================================================== --- connman-1.40.orig/src/connman-wait-online.service.in +++ connman-1.40/src/connman-wait-online.service.in @@ -7,6 +7,17 @@ DefaultDependencies=no Conflicts=shutdown.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=oneshot ExecStart=@sbindir@/connmand-wait-online RemainAfterExit=yes ++++++ connman-1.40.tar.xz -> connman-1.41.tar.xz ++++++ ++++ 4066 lines of diff (skipped)