Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package hsqldb for openSUSE:Factory checked in at 2021-09-26 21:48:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hsqldb (Old) and /work/SRC/openSUSE:Factory/.hsqldb.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hsqldb" Sun Sep 26 21:48:35 2021 rev:29 rq:921056 version:2.4.1 Changes: -------- --- /work/SRC/openSUSE:Factory/hsqldb/hsqldb.changes 2020-12-28 10:29:57.734808798 +0100 +++ /work/SRC/openSUSE:Factory/.hsqldb.new.1899/hsqldb.changes 2021-09-26 21:49:23.662828192 +0200 @@ -1,0 +2,6 @@ +Wed Sep 22 08:34:22 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_hsqldb.service.patch + +------------------------------------------------------------------- New: ---- harden_hsqldb.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hsqldb.spec ++++++ --- /var/tmp/diff_new_pack.YlMBSI/_old 2021-09-26 21:49:24.206828864 +0200 +++ /var/tmp/diff_new_pack.YlMBSI/_new 2021-09-26 21:49:24.210828869 +0200 @@ -1,7 +1,7 @@ # # spec file for package hsqldb # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -46,6 +46,7 @@ Patch1: %{name}-cmdline.patch # Jdk10's javadoc ends up in error when a remote url cannot be reached Patch2: hsqldb-2.4.1-javadoc10.patch +Patch3: harden_hsqldb.service.patch BuildRequires: ant BuildRequires: fdupes BuildRequires: glassfish-servlet-api @@ -129,6 +130,7 @@ %patch0 -p1 %patch1 -p1 %patch2 -p2 +%patch3 -p2 %build pushd build ++++++ harden_hsqldb.service.patch ++++++ Index: hsqldb-2.4.1/hsqldb/sample/hsqldb.service =================================================================== --- hsqldb-2.4.1.orig/hsqldb/sample/hsqldb.service +++ hsqldb-2.4.1/hsqldb/sample/hsqldb.service @@ -17,6 +17,19 @@ Description=HyperSQL Database Server After=socket.service [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions # TODO! Change these paths to point to the absolute path of the "hsqldb.init" # script in your HyperSQL distribution: ExecStart=/local/hsqldb-2.3.4/sample/hsqldb.init start
