commit biboumi for openSUSE:Factory

Tue, 17 Aug 2021 23:57:25 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package biboumi for openSUSE:Factory checked 
in at 2021-08-18 08:55:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/biboumi (Old)
 and      /work/SRC/openSUSE:Factory/.biboumi.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "biboumi"

Wed Aug 18 08:55:52 2021 rev:5 rq:912409 version:9.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/biboumi/biboumi.changes  2021-06-02 
22:12:48.596068577 +0200
+++ /work/SRC/openSUSE:Factory/.biboumi.new.1899/biboumi.changes        
2021-08-18 08:56:38.262923701 +0200
@@ -1,0 +2,6 @@
+Wed Aug 11 12:39:22 UTC 2021 - Johannes Segitz <[email protected]>
+
+- Added hardening to systemd service(s). Added patch(es):
+  * harden_biboumi.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_biboumi.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ biboumi.spec ++++++
--- /var/tmp/diff_new_pack.72OLFY/_old  2021-08-18 08:56:38.730923150 +0200
+++ /var/tmp/diff_new_pack.72OLFY/_new  2021-08-18 08:56:38.734923145 +0200
@@ -27,6 +27,7 @@
 Source0:        
https://git.louiz.org/biboumi/snapshot/biboumi-%{version}.tar.xz
 # PATCH-FEATURE-UPSTREAM do-not-require-git.patch -- Only add git target if 
file is missing
 Patch0:         do-not-require-git.patch
+Patch1:         harden_biboumi.service.patch
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
 BuildRequires:  libgcrypt-devel

++++++ harden_biboumi.service.patch ++++++
Index: biboumi-9.0/unit/biboumi.service.cmake
===================================================================
--- biboumi-9.0.orig/unit/biboumi.service.cmake
+++ biboumi-9.0/unit/biboumi.service.cmake
@@ -4,6 +4,19 @@ Documentation=man:biboumi(1) https://bib
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=${SYSTEMD_SERVICE_TYPE}
 ExecStart=${CMAKE_INSTALL_PREFIX}/bin/biboumi /etc/biboumi/biboumi.cfg
 ExecReload=/bin/kill -s USR1 $MAINPID

Reply via email to