Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rabbitmq-server for openSUSE:Factory
checked in at 2021-10-23 00:51:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rabbitmq-server (Old)
and /work/SRC/openSUSE:Factory/.rabbitmq-server.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rabbitmq-server"
Sat Oct 23 00:51:10 2021 rev:73 rq:926845 version:3.9.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/rabbitmq-server/rabbitmq-server.changes
2021-10-20 20:24:59.629404354 +0200
+++
/work/SRC/openSUSE:Factory/.rabbitmq-server.new.1890/rabbitmq-server.changes
2021-10-23 00:51:51.881144860 +0200
@@ -1,0 +2,8 @@
+Thu Oct 21 08:16:10 UTC 2021 - Johannes Segitz <[email protected]>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+ * harden_rabbitmq-server.service.patch
+ Modified:
+ * rabbitmq-server.service
+
+-------------------------------------------------------------------
New:
----
harden_rabbitmq-server.service.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rabbitmq-server.spec ++++++
--- /var/tmp/diff_new_pack.XJgeB4/_old 2021-10-23 00:51:52.553145158 +0200
+++ /var/tmp/diff_new_pack.XJgeB4/_new 2021-10-23 00:51:52.557145159 +0200
@@ -54,6 +54,7 @@
Source6: rabbitmq-server.service
Source7:
https://raw.githubusercontent.com/rabbitmq/rabbitmq-packaging/v%{version}/RPMS/Fedora/rabbitmq-server.tmpfiles
Source8: README.SUSE
+Patch0: harden_rabbitmq-server.service.patch
BuildRequires: elixir
# https://www.rabbitmq.com/which-erlang.html
BuildRequires: erlang >= 23.2
@@ -130,6 +131,7 @@
%prep
%setup -q
cp %{SOURCE8} .
+%patch0 -p1
%build
# Make elixir happy with Unicode
++++++ harden_rabbitmq-server.service.patch ++++++
Index: rabbitmq-server-3.9.8/deps/rabbit/docs/rabbitmq-server.service.example
===================================================================
--- rabbitmq-server-3.9.8.orig/deps/rabbit/docs/rabbitmq-server.service.example
+++ rabbitmq-server-3.9.8/deps/rabbit/docs/rabbitmq-server.service.example
@@ -5,6 +5,19 @@ After=network.target [email protected]
Wants=network.target [email protected]
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=notify
User=rabbitmq
Group=rabbitmq
++++++ rabbitmq-server.service ++++++
--- /var/tmp/diff_new_pack.XJgeB4/_old 2021-10-23 00:51:52.625145189 +0200
+++ /var/tmp/diff_new_pack.XJgeB4/_new 2021-10-23 00:51:52.629145191 +0200
@@ -4,6 +4,19 @@
BindsTo=epmd.service
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=notify
User=rabbitmq
Group=rabbitmq
