commit fonehome for openSUSE:Factory

Tue, 19 Apr 2022 00:58:39 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package fonehome for openSUSE:Factory 
checked in at 2022-04-19 09:58:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/fonehome (Old)
 and      /work/SRC/openSUSE:Factory/.fonehome.new.1941 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "fonehome"

Tue Apr 19 09:58:25 2022 rev:15 rq:970605 version:1.2.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/fonehome/fonehome.changes        2021-11-04 
16:10:35.261082510 +0100
+++ /work/SRC/openSUSE:Factory/.fonehome.new.1941/fonehome.changes      
2022-04-19 09:58:29.747582307 +0200
@@ -1,0 +2,8 @@
+Mon Apr 18 00:27:46 UTC 2022 - Archie Cobbs <archie.co...@gmail.com>
+
+- Upgrade to version 1.2.2
+  + Added some systemd unit hardening directives
+  + Ignore errors from kill(1) during shutdown
+  + Remove harden_fonehome.service.patch, now integrated
+
+-------------------------------------------------------------------

Old:
----
  fonehome-1.2.1.tar.gz
  harden_fonehome.service.patch

New:
----
  fonehome-1.2.2.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ fonehome.spec ++++++
--- /var/tmp/diff_new_pack.sWBo5A/_old  2022-04-19 09:58:30.167582853 +0200
+++ /var/tmp/diff_new_pack.sWBo5A/_new  2022-04-19 09:58:30.175582863 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package fonehome
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 # Copyright (c) 2012 Archie L. Cobbs <arc...@dellroad.org>
 #
 # All modifications and additions to the file contributed by third parties
@@ -39,14 +39,13 @@
 %define authkeys_comment    restrict what %{username} user can do
 %define authkeys_options    
no-X11-forwarding,no-agent-forwarding,no-pty,permitopen="0.0.0.0:9",command="sleep
 99999d"
 Name:           fonehome
-Version:        1.2.1
+Version:        1.2.2
 Release:        0
 Summary:        Remote access to machines behind firewalls
 License:        Apache-2.0
 Group:          System/Daemons
 URL:            https://github.com/archiecobbs/%{name}/
 Source:         %{name}-%{version}.tar.gz
-Patch0:         harden_fonehome.service.patch
 Requires:       bc
 Requires:       findutils
 Requires:       openssh
@@ -72,7 +71,6 @@
 
 %prep
 %setup -q
-%patch0 -p1
 
 # Avoid "Unknown key name 'XXX' in section 'Service', ignoring." warnings from 
systemd on older releases
 %if 0%{?is_opensuse} && 0%{?sle_version} < 150300

++++++ fonehome-1.2.1.tar.gz -> fonehome-1.2.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fonehome-1.2.1/CHANGES new/fonehome-1.2.2/CHANGES
--- old/fonehome-1.2.1/CHANGES  2021-06-22 19:29:09.000000000 +0200
+++ new/fonehome-1.2.2/CHANGES  2022-04-18 02:25:33.000000000 +0200
@@ -1,3 +1,8 @@
+Version 1.2.2 Released April 17, 2022
+
+    - Added some systemd unit hardening directives
+    - Ignore errors from kill(1) during shutdown
+
 Version 1.2.1 Released June 22, 2021
 
     - Substitute spaces for newlines when logging errors
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fonehome-1.2.1/src/scripts/fonehome.sh 
new/fonehome-1.2.2/src/scripts/fonehome.sh
--- old/fonehome-1.2.1/src/scripts/fonehome.sh  2021-06-22 19:29:09.000000000 
+0200
+++ new/fonehome-1.2.2/src/scripts/fonehome.sh  2022-04-18 02:25:33.000000000 
+0200
@@ -206,10 +206,12 @@
     done
 }
 
-# This function is used to ensure the subshells are killed when this script is 
killed
+# This function is used to ensure the subshells are killed when this script is 
killed.
+# During system shutdown, they may already be dead, so ignore "No such 
process" errors from kill(1).
 killshells()
 {
-    jobs -p | sed 's/^/-/g' | xargs -r kill --
+    set +e
+    jobs -p | sed 's/^/-/g' | xargs -r kill -- 2>/dev/null
     log info shutting down
     wait
     exit
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fonehome-1.2.1/src/unit/fonehome.service 
new/fonehome-1.2.2/src/unit/fonehome.service
--- old/fonehome-1.2.1/src/unit/fonehome.service        2021-06-22 
19:29:09.000000000 +0200
+++ new/fonehome-1.2.2/src/unit/fonehome.service        2022-04-18 
02:25:33.000000000 +0200
@@ -9,5 +9,17 @@
 Restart=always
 RestartSec=30s
 
+# Security hardening
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+
 [Install]
 WantedBy=multi-user.target

Reply via email to