Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lldpd for openSUSE:Factory checked in at 2021-10-06 19:49:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lldpd (Old) and /work/SRC/openSUSE:Factory/.lldpd.new.2443 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lldpd" Wed Oct 6 19:49:54 2021 rev:19 rq:923441 version:1.0.12 Changes: -------- --- /work/SRC/openSUSE:Factory/lldpd/lldpd.changes 2021-08-23 10:09:52.832126703 +0200 +++ /work/SRC/openSUSE:Factory/.lldpd.new.2443/lldpd.changes 2021-10-06 19:50:02.352059675 +0200 @@ -1,0 +2,6 @@ +Tue Oct 5 14:13:15 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_lldpd.service.patch + +------------------------------------------------------------------- New: ---- harden_lldpd.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lldpd.spec ++++++ --- /var/tmp/diff_new_pack.lM7B3J/_old 2021-10-06 19:50:02.840059860 +0200 +++ /var/tmp/diff_new_pack.lM7B3J/_new 2021-10-06 19:50:02.844059861 +0200 @@ -38,6 +38,7 @@ Source1: lldpd.sysconfig Source2: https://media.luffy.cx/files/lldpd/%{name}-%{version}.tar.gz.gpg#/%{name}-%{version}.tar.gz.asc Source3: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x95A42FE8353525F9#/%{name}.keyring +Patch0: harden_lldpd.service.patch BuildRequires: net-snmp-devel BuildRequires: openssl-devel BuildRequires: pkgconfig ++++++ harden_lldpd.service.patch ++++++ Index: lldpd-1.0.12/src/daemon/lldpd.service.in =================================================================== --- lldpd-1.0.12.orig/src/daemon/lldpd.service.in +++ lldpd-1.0.12/src/daemon/lldpd.service.in @@ -16,6 +16,13 @@ ProtectHome=yes ProtectKernelTunables=no ProtectControlGroups=yes ProtectKernelModules=yes +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHostname=true +ProtectClock=true +ProtectKernelLogs=true +RestrictRealtime=true +# end of automatic additions #ProtectSystem=full [Install]
