Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package samplicator for openSUSE:Factory
checked in at 2021-11-20 02:39:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/samplicator (Old)
and /work/SRC/openSUSE:Factory/.samplicator.new.1895 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "samplicator"
Sat Nov 20 02:39:00 2021 rev:3 rq:932324 version:1.3.8rc1+git.20171112
Changes:
--------
--- /work/SRC/openSUSE:Factory/samplicator/samplicator.changes 2019-02-27
15:08:39.902401048 +0100
+++ /work/SRC/openSUSE:Factory/.samplicator.new.1895/samplicator.changes
2021-11-20 02:40:06.392588830 +0100
@@ -1,0 +2,8 @@
+Tue Nov 16 12:33:00 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+ * harden_samplicator.service.patch
+ Modified:
+ * samplicator.service
+
+-------------------------------------------------------------------
New:
----
harden_samplicator.service.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ samplicator.spec ++++++
--- /var/tmp/diff_new_pack.xYQccS/_old 2021-11-20 02:40:06.864587273 +0100
+++ /var/tmp/diff_new_pack.xYQccS/_new 2021-11-20 02:40:06.868587260 +0100
@@ -28,6 +28,7 @@
Source2: %{name}.sysconfig
Source3: samplicator.8
Source4: samplicator.conf.example
+Patch0: harden_samplicator.service.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -40,6 +41,7 @@
%prep
%setup -q
+%patch0 -p1
%build
autoreconf -fiv
++++++ harden_samplicator.service.patch ++++++
Index: samplicator-1.3.8rc1+git.20171112/samplicator.service
===================================================================
--- samplicator-1.3.8rc1+git.20171112.orig/samplicator.service
+++ samplicator-1.3.8rc1+git.20171112/samplicator.service
@@ -11,6 +11,19 @@ Description=Samplicator
After=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
ExecStart=/opt/samplicator/bin/samplicate -S -c
/opt/samplicator/etc/samplicator.conf -p 162 -d 0 -f
++++++ samplicator.service ++++++
--- /var/tmp/diff_new_pack.xYQccS/_old 2021-11-20 02:40:06.996586837 +0100
+++ /var/tmp/diff_new_pack.xYQccS/_new 2021-11-20 02:40:06.996586837 +0100
@@ -3,6 +3,19 @@
After=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
EnvironmentFile=/etc/sysconfig/samplicator
ExecStart=/usr/sbin/samplicate -c /etc/samplicator.conf -d 0 -f
$SAMPLICATOR_OPTIONS=""
