Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package deepin-turbo for openSUSE:Factory checked in at 2021-09-14 21:14:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/deepin-turbo (Old) and /work/SRC/openSUSE:Factory/.deepin-turbo.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "deepin-turbo" Tue Sep 14 21:14:24 2021 rev:6 rq:918800 version:0.0.5 Changes: -------- --- /work/SRC/openSUSE:Factory/deepin-turbo/deepin-turbo.changes 2021-04-17 00:01:25.269561518 +0200 +++ /work/SRC/openSUSE:Factory/.deepin-turbo.new.1899/deepin-turbo.changes 2021-09-14 21:14:36.268417681 +0200 @@ -1,0 +2,7 @@ +Fri Sep 3 07:29:27 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_deepin-turbo-booster-desktop.service.patch + * harden_deepin-turbo-booster-dtkwidget.service.patch + +------------------------------------------------------------------- New: ---- harden_deepin-turbo-booster-desktop.service.patch harden_deepin-turbo-booster-dtkwidget.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ deepin-turbo.spec ++++++ --- /var/tmp/diff_new_pack.U0fyKF/_old 2021-09-14 21:14:36.744418148 +0200 +++ /var/tmp/diff_new_pack.U0fyKF/_new 2021-09-14 21:14:36.748418153 +0200 @@ -26,6 +26,8 @@ Url: https://github.com/linuxdeepin/deepin-turbo Group: Productivity/Graphics/Convertors Source: https://github.com/linuxdeepin/deepin-turbo/archive/%{version}/%{name}-%{version}.tar.gz +Patch0: harden_deepin-turbo-booster-desktop.service.patch +Patch1: harden_deepin-turbo-booster-dtkwidget.service.patch BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(dbus-1) BuildRequires: pkgconfig(dtkwidget) @@ -56,6 +58,8 @@ %prep %setup -q -n %{name}-%{version} +%patch0 -p1 +%patch1 -p1 %build %cmake ++++++ harden_deepin-turbo-booster-desktop.service.patch ++++++ Index: deepin-turbo-0.0.5/src/booster-desktop/deepin-turbo-booster-desktop.service =================================================================== --- deepin-turbo-0.0.5.orig/src/booster-desktop/deepin-turbo-booster-desktop.service +++ deepin-turbo-0.0.5/src/booster-desktop/deepin-turbo-booster-desktop.service @@ -3,6 +3,19 @@ Description=desktop application launch b After=display-manager.service [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=notify ExecStart=/usr/lib/deepin-turbo/booster-desktop --systemd Restart=always ++++++ harden_deepin-turbo-booster-dtkwidget.service.patch ++++++ Index: deepin-turbo-0.0.5/src/booster-dtkwidget/deepin-turbo-booster-dtkwidget.service =================================================================== --- deepin-turbo-0.0.5.orig/src/booster-dtkwidget/deepin-turbo-booster-dtkwidget.service +++ deepin-turbo-0.0.5/src/booster-dtkwidget/deepin-turbo-booster-dtkwidget.service @@ -3,6 +3,19 @@ Description=DTK widget application launc After=display-manager.service [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=notify ExecStart=/usr/lib/deepin-turbo/booster-dtkwidget --systemd Restart=always
