commit hiawatha for openSUSE:Factory

Fri, 11 Feb 2022 14:09:09 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package hiawatha for openSUSE:Factory 
checked in at 2022-02-11 23:07:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/hiawatha (Old)
 and      /work/SRC/openSUSE:Factory/.hiawatha.new.1956 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "hiawatha"

Fri Feb 11 23:07:28 2022 rev:29 rq:953280 version:10.11

Changes:
--------
--- /work/SRC/openSUSE:Factory/hiawatha/hiawatha.changes        2020-10-27 
19:01:40.358862318 +0100
+++ /work/SRC/openSUSE:Factory/.hiawatha.new.1956/hiawatha.changes      
2022-02-11 23:08:57.626868041 +0100
@@ -1,0 +2,8 @@
+Wed Sep 22 08:03:45 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_hiawatha.service.patch
+  Modified:
+  * hiawatha.service
+
+-------------------------------------------------------------------

New:
----
  harden_hiawatha.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ hiawatha.spec ++++++
--- /var/tmp/diff_new_pack.zMe0tK/_old  2022-02-11 23:08:58.162869591 +0100
+++ /var/tmp/diff_new_pack.zMe0tK/_new  2022-02-11 23:08:58.166869603 +0100
@@ -32,6 +32,7 @@
 Source2:        %{name}.service
 Source102:      %{name}.firewalld
 Source103:      %{name}-ssl.firewalld
+Patch0:        harden_hiawatha.service.patch
 BuildRequires:  cmake >= 3.0
 BuildRequires:  firewall-macros
 BuildRequires:  gcc-c++
@@ -74,6 +75,7 @@
 %setup -q
 # Remove bundled source for mbedtls, we use system version
 rm -rv mbedtls
+%patch0 -p1
 
 # mbedtls 2.7.0 and its backward comaptybility...
 %if "%{mbedtls_version}" >= "2.7.0"

++++++ harden_hiawatha.service.patch ++++++
Index: hiawatha-10.11/extra/debian/hiawatha.service
===================================================================
--- hiawatha-10.11.orig/extra/debian/hiawatha.service
+++ hiawatha-10.11/extra/debian/hiawatha.service
@@ -3,6 +3,19 @@ Description=Hiawatha webserver
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=forking
 PIDFile=/var/run/hiawatha.pid
 ExecStartPre=/usr/sbin/wigwam -q

++++++ hiawatha.service ++++++
--- /var/tmp/diff_new_pack.zMe0tK/_old  2022-02-11 23:08:58.250869846 +0100
+++ /var/tmp/diff_new_pack.zMe0tK/_new  2022-02-11 23:08:58.250869846 +0100
@@ -3,6 +3,19 @@
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=simple
 SyslogIdentifier=hiawatha
 ExecStartPre=/usr/sbin/wigwam ; /usr/sbin/hiawatha -k

Reply via email to