Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ipmiutil for openSUSE:Factory checked in at 2021-09-25 00:35:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ipmiutil (Old) and /work/SRC/openSUSE:Factory/.ipmiutil.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ipmiutil" Sat Sep 25 00:35:41 2021 rev:20 rq:921362 version:3.1.7 Changes: -------- --- /work/SRC/openSUSE:Factory/ipmiutil/ipmiutil.changes 2021-05-13 22:18:38.443567316 +0200 +++ /work/SRC/openSUSE:Factory/.ipmiutil.new.1899/ipmiutil.changes 2021-09-25 00:36:35.799204680 +0200 @@ -1,0 +2,9 @@ +Wed Sep 22 14:47:30 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_ipmi_port.service.patch + * harden_ipmiutil_asy.service.patch + * harden_ipmiutil_evt.service.patch + * harden_ipmiutil_wdt.service.patch + +------------------------------------------------------------------- New: ---- harden_ipmi_port.service.patch harden_ipmiutil_asy.service.patch harden_ipmiutil_evt.service.patch harden_ipmiutil_wdt.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ipmiutil.spec ++++++ --- /var/tmp/diff_new_pack.N2aNpK/_old 2021-09-25 00:36:36.231205131 +0200 +++ /var/tmp/diff_new_pack.N2aNpK/_new 2021-09-25 00:36:36.235205135 +0200 @@ -26,6 +26,10 @@ Group: System/Management URL: http://ipmiutil.sourceforge.net Source: https://sourceforge.net/projects/ipmiutil/files/%{name}-%{version}.tar.gz +Patch0: harden_ipmi_port.service.patch +Patch1: harden_ipmiutil_asy.service.patch +Patch2: harden_ipmiutil_evt.service.patch +Patch3: harden_ipmiutil_wdt.service.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc @@ -67,6 +71,10 @@ %prep %setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 %build autoreconf -fiv ++++++ harden_ipmi_port.service.patch ++++++ Index: ipmiutil-3.1.7/scripts/ipmi_port.service =================================================================== --- ipmiutil-3.1.7.orig/scripts/ipmi_port.service +++ ipmiutil-3.1.7/scripts/ipmi_port.service @@ -3,6 +3,18 @@ Description=ipmiutil ipmi_port service After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking PIDFile=/run/ipmi_port.pid EnvironmentFile=/usr/share/ipmiutil/ipmiutil.env ++++++ harden_ipmiutil_asy.service.patch ++++++ Index: ipmiutil-3.1.7/scripts/ipmiutil_asy.service =================================================================== --- ipmiutil-3.1.7.orig/scripts/ipmiutil_asy.service +++ ipmiutil-3.1.7/scripts/ipmiutil_asy.service @@ -3,6 +3,18 @@ Description=ipmiutil Async Bridge Agent After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking PIDFile=/run/ipmiutil_asy.pid EnvironmentFile=/usr/share/ipmiutil/ipmiutil.env ++++++ harden_ipmiutil_evt.service.patch ++++++ Index: ipmiutil-3.1.7/scripts/ipmiutil_evt.service =================================================================== --- ipmiutil-3.1.7.orig/scripts/ipmiutil_evt.service +++ ipmiutil-3.1.7/scripts/ipmiutil_evt.service @@ -3,6 +3,18 @@ Description=ipmiutil Event Daemon After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking PIDFile=/run/ipmiutil_evt.pid EnvironmentFile=/usr/share/ipmiutil/ipmiutil.env ++++++ harden_ipmiutil_wdt.service.patch ++++++ Index: ipmiutil-3.1.7/scripts/ipmiutil_wdt.service =================================================================== --- ipmiutil-3.1.7.orig/scripts/ipmiutil_wdt.service +++ ipmiutil-3.1.7/scripts/ipmiutil_wdt.service @@ -3,6 +3,18 @@ Description=ipmiutil Watchdog Timer Serv After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStart=/usr/share/ipmiutil/ipmiutil_wdt start ExecStop=/usr/share/ipmiutil/ipmiutil_wdt stop ExecReload=/usr/share/ipmiutil/ipmiutil_wdt restart
