Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package bitlbee for openSUSE:Factory checked in at 2021-08-28 22:29:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bitlbee (Old) and /work/SRC/openSUSE:Factory/.bitlbee.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bitlbee" Sat Aug 28 22:29:35 2021 rev:13 rq:914764 version:3.6 Changes: -------- --- /work/SRC/openSUSE:Factory/bitlbee/bitlbee.changes 2020-07-16 12:17:55.970933177 +0200 +++ /work/SRC/openSUSE:Factory/.bitlbee.new.1899/bitlbee.changes 2021-08-28 22:29:57.134027565 +0200 @@ -1,0 +2,8 @@ +Wed Aug 25 08:20:54 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s). Added patch(es): + * harden_bitlbee.service.patch + Modified: + * bitlbee.service-suse.in + +------------------------------------------------------------------- New: ---- harden_bitlbee.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bitlbee.spec ++++++ --- /var/tmp/diff_new_pack.YZPmF7/_old 2021-08-28 22:29:57.622028108 +0200 +++ /var/tmp/diff_new_pack.YZPmF7/_new 2021-08-28 22:29:57.626028112 +0200 @@ -27,6 +27,7 @@ URL: http://www.bitlbee.org/ Source: http://get.bitlbee.org/src/bitlbee-%{version}.tar.gz Source2: %{name}.service-suse.in +Patch0: harden_bitlbee.service.patch BuildRequires: fdupes BuildRequires: glibc-devel BuildRequires: gnutls-devel @@ -82,6 +83,7 @@ %prep %setup -q +%patch0 -p1 # make it verbose! find . -name Makefile -exec sed -i.orig 's|@$(CC)|$(CC)|;s|@$(LD)|$(LD)|' {} + ++++++ bitlbee.service-suse.in ++++++ --- /var/tmp/diff_new_pack.YZPmF7/_old 2021-08-28 22:29:57.662028152 +0200 +++ /var/tmp/diff_new_pack.YZPmF7/_new 2021-08-28 22:29:57.662028152 +0200 @@ -14,6 +14,19 @@ After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=read-only +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking ExecStartPre=/usr/bin/mkdir -p /run/bitlbee ExecStartPre=/usr/bin/chown bitlbee.bitlbee /run/bitlbee ++++++ harden_bitlbee.service.patch ++++++ Index: bitlbee-3.6/init/bitlbee.service.in =================================================================== --- bitlbee-3.6.orig/init/bitlbee.service.in +++ bitlbee-3.6/init/bitlbee.service.in @@ -2,6 +2,19 @@ Description=BitlBee IRC/IM gateway [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=read-only +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStart=@sbindir@bitlbee -F -n KillMode=process
