Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package osmo-bsc for openSUSE:Factory checked in at 2021-10-15 23:03:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/osmo-bsc (Old) and /work/SRC/openSUSE:Factory/.osmo-bsc.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "osmo-bsc" Fri Oct 15 23:03:35 2021 rev:6 rq:925166 version:1.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/osmo-bsc/osmo-bsc.changes 2020-06-18 10:30:06.377195004 +0200 +++ /work/SRC/openSUSE:Factory/.osmo-bsc.new.1890/osmo-bsc.changes 2021-10-15 23:03:49.386091453 +0200 @@ -1,0 +2,6 @@ +Wed Oct 13 13:45:44 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_osmo-bsc.service.patch + +------------------------------------------------------------------- New: ---- harden_osmo-bsc.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ osmo-bsc.spec ++++++ --- /var/tmp/diff_new_pack.EkFL6e/_old 2021-10-15 23:03:51.438092916 +0200 +++ /var/tmp/diff_new_pack.EkFL6e/_new 2021-10-15 23:03:51.438092916 +0200 @@ -28,6 +28,7 @@ URL: https://osmocom.org/projects/openbsc/wiki/Osmo-bsc Source: %{name}-%{version}.tar.xz Patch0: 0001-handorer.h-Fix-compilation-with-gcc-10.patch +Patch1: harden_osmo-bsc.service.patch BuildRequires: automake >= 1.9 BuildRequires: libtool >= 2 BuildRequires: pkgconfig >= 0.20 @@ -90,6 +91,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %build echo "%{version}" >.tarball-version ++++++ harden_osmo-bsc.service.patch ++++++ Index: osmo-bsc-1.6.0/contrib/systemd/osmo-bsc.service =================================================================== --- osmo-bsc-1.6.0.orig/contrib/systemd/osmo-bsc.service +++ osmo-bsc-1.6.0/contrib/systemd/osmo-bsc.service @@ -3,6 +3,17 @@ Description=Osmocom Base Station Control Wants=osmo-mgw.service [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=simple Restart=always ExecStart=/usr/bin/osmo-bsc -c /etc/osmocom/osmo-bsc.cfg -s
