Hello community, here is the log from the commit of package aaa_base for openSUSE:Factory checked in at 2013-08-13 11:04:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aaa_base (Old) and /work/SRC/openSUSE:Factory/.aaa_base.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aaa_base" Changes: -------- --- /work/SRC/openSUSE:Factory/aaa_base/aaa_base.changes 2013-06-28 15:58:08.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.aaa_base.new/aaa_base.changes 2013-08-13 11:04:23.000000000 +0200 @@ -1,0 +2,7 @@ +Wed Aug 7 18:04:21 UTC 2013 - [email protected] + +- avoid leaking kernel address information to userspace by using + kernel.kptr_restrict=1 sysctl +- bash.bashrc: source vte.sh if existing (bnc#827248) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aaa_base-13.1.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aaa_base-13.1/files/etc/bash.bashrc new/aaa_base-13.1/files/etc/bash.bashrc --- old/aaa_base-13.1/files/etc/bash.bashrc 2013-06-28 09:48:18.000000000 +0200 +++ new/aaa_base-13.1/files/etc/bash.bashrc 2013-08-07 20:03:55.000000000 +0200 @@ -304,6 +304,13 @@ ;; esac +# Source /etc/profile.d/vte.sh, which improvies usage of VTE based terminals. +# It is vte.sh's responsibility to 'not load' when it's not applicable (not inside a VTE term) +# If you want to 'disable' this functionality, set the sticky bit on /etc/profile.d/vte.sh +if test -r /etc/profile.d/vte.sh -a ! -k /etc/profile.d/vte.sh; then + . /etc/profile.d/vte.sh +fi + # # Just in case the user excutes a command with ssh or sudo # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aaa_base-13.1/files/usr/lib/sysctl.d/50-default.conf new/aaa_base-13.1/files/usr/lib/sysctl.d/50-default.conf --- old/aaa_base-13.1/files/usr/lib/sysctl.d/50-default.conf 2013-06-28 09:48:18.000000000 +0200 +++ new/aaa_base-13.1/files/usr/lib/sysctl.d/50-default.conf 2013-08-07 20:03:55.000000000 +0200 @@ -49,3 +49,6 @@ # enable hard- and symlink protection (bnc#821585) fs.protected_hardlinks = 1 fs.protected_symlinks = 1 + +# restrict printed kernel ptrs (bnc#833774) +kernel.kptr_restrict = 1 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
