Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sblim-sfcb for openSUSE:Factory checked in at 2021-12-08 00:00:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sblim-sfcb (Old) and /work/SRC/openSUSE:Factory/.sblim-sfcb.new.31177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sblim-sfcb" Wed Dec 8 00:00:06 2021 rev:61 rq:936267 version:1.4.9 Changes: -------- --- /work/SRC/openSUSE:Factory/sblim-sfcb/sblim-sfcb.changes 2020-11-26 23:16:25.917085976 +0100 +++ /work/SRC/openSUSE:Factory/.sblim-sfcb.new.31177/sblim-sfcb.changes 2021-12-08 00:00:36.231564577 +0100 @@ -1,0 +2,6 @@ +Tue Nov 16 15:09:24 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_sblim-sfcb.service.patch + +------------------------------------------------------------------- New: ---- harden_sblim-sfcb.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sblim-sfcb.spec ++++++ --- /var/tmp/diff_new_pack.kGic8w/_old 2021-12-08 00:00:37.195561278 +0100 +++ /var/tmp/diff_new_pack.kGic8w/_new 2021-12-08 00:00:37.195561278 +0100 @@ -1,7 +1,7 @@ # # spec file for package sblim-sfcb # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -81,6 +81,7 @@ Patch27: 0027-Makefile.am-add-autoconfiscate.sh-to-dist.patch Patch28: 0028-allow-requests-with-Content-Type-set-to-text-xml.patch Patch29: no_tlsv1_config.patch +Patch30: harden_sblim-sfcb.service.patch Provides: cim-server Provides: cimserver @@ -176,6 +177,7 @@ %patch27 -p1 %patch28 -p1 %patch29 -p1 +%patch30 -p1 export PATCH_GET=0 ++++++ harden_sblim-sfcb.service.patch ++++++ Index: sblim-sfcb-1.4.9/sblim-sfcb.service.pre.in =================================================================== --- sblim-sfcb-1.4.9.orig/sblim-sfcb.service.pre.in +++ sblim-sfcb-1.4.9/sblim-sfcb.service.pre.in @@ -3,6 +3,19 @@ Description=Small Footprint CIM Broker S After=syslog.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStartPre=${exec_prefix}/share/sfcb/gen_ssl_certs.sh ExecStart=${exec_prefix}/sbin/sfcbd
