Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2022-02-07 23:36:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "krb5" Mon Feb 7 23:36:47 2022 rev:158 rq:949613 version:1.19.2 Changes: -------- --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2021-09-30 23:44:41.116557994 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.1898/krb5-mini.changes 2022-02-07 23:36:48.370964298 +0100 @@ -1,0 +2,12 @@ +Thu Jan 27 22:21:52 UTC 2022 - David Mulder <dmul...@suse.com> + +- Resolve "Credential cache directory /run/user/0/krb5cc does not + exist while opening default credentials cache" by using a kernel + keyring instead of a dir cache; (bsc#1109830); + +------------------------------------------------------------------- +Thu Sep 30 14:14:23 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd services; (bsc#1181400); + +------------------------------------------------------------------- krb5.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-mini.spec ++++++ --- /var/tmp/diff_new_pack.HB5w22/_old 2022-02-07 23:36:49.534956462 +0100 +++ /var/tmp/diff_new_pack.HB5w22/_new 2022-02-07 23:36:49.542956409 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5-mini # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed krb5.spec: same change ++++++ vendor-files.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/kadmind.service new/vendor-files/kadmind.service --- old/vendor-files/kadmind.service 2021-04-22 17:08:21.183354742 +0200 +++ new/vendor-files/kadmind.service 2022-01-28 09:54:02.000000000 +0100 @@ -4,6 +4,19 @@ ConditionPathExists=!/var/lib/kerberos/krb5kdc/kpropd.acl [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking PIDFile=/run/kadmind.pid EnvironmentFile=-/etc/sysconfig/kadmind diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/kpropd.service new/vendor-files/kpropd.service --- old/vendor-files/kpropd.service 2020-06-12 11:00:22.397684719 +0200 +++ new/vendor-files/kpropd.service 2022-01-28 09:54:38.000000000 +0100 @@ -4,6 +4,19 @@ ConditionPathExists=/var/lib/kerberos/krb5kdc/kpropd.acl [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking ExecStart=/usr/sbin/kpropd -S diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/krb5.conf new/vendor-files/krb5.conf --- old/vendor-files/krb5.conf 2018-04-25 21:03:10.934582446 +0200 +++ new/vendor-files/krb5.conf 2022-01-27 23:20:17.000000000 +0100 @@ -9,6 +9,7 @@ dns_canonicalize_hostname = false rdns = false # default_realm = EXAMPLE.COM + default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/krb5kdc.service new/vendor-files/krb5kdc.service --- old/vendor-files/krb5kdc.service 2021-04-22 17:08:50.902979482 +0200 +++ new/vendor-files/krb5kdc.service 2022-01-28 09:55:07.000000000 +0100 @@ -3,6 +3,19 @@ After=network.target slapd.service [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking PIDFile=/run/krb5kdc.pid EnvironmentFile=-/etc/sysconfig/krb5kdc
