Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package netlabel for openSUSE:Factory checked in at 2022-02-15 23:57:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/netlabel (Old) and /work/SRC/openSUSE:Factory/.netlabel.new.1956 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "netlabel" Tue Feb 15 23:57:38 2022 rev:7 rq:954720 version:0.21 Changes: -------- --- /work/SRC/openSUSE:Factory/netlabel/netlabel.changes 2016-12-03 18:27:48.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.netlabel.new.1956/netlabel.changes 2022-02-15 23:58:03.840342360 +0100 @@ -1,0 +2,6 @@ +Fri Oct 15 07:25:57 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_netlabel.service.patch + +------------------------------------------------------------------- New: ---- harden_netlabel.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ netlabel.spec ++++++ --- /var/tmp/diff_new_pack.6aNowI/_old 2022-02-15 23:58:04.308343653 +0100 +++ /var/tmp/diff_new_pack.6aNowI/_new 2022-02-15 23:58:04.312343664 +0100 @@ -1,7 +1,7 @@ # # spec file for package netlabel # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -21,9 +21,9 @@ Version: 0.21 Release: 0 Summary: Explicit labeled networking for Linux -License: GPL-2.0 +License: GPL-2.0-only Group: Productivity/Networking/Security -Url: https://github.com/netlabel/netlabel_tools/wiki +URL: https://github.com/netlabel/netlabel_tools/wiki Source0: https://github.com/netlabel/netlabel_tools/releases/download/v%{version}/netlabel_tools-%{version}.tar.gz BuildRequires: doxygen BuildRequires: pkg-config @@ -31,6 +31,7 @@ BuildRequires: pkgconfig(libnl-3.0) # PATCH-FIX-OPENSUSE netlabel_tools-0.20-service.diff [email protected] Patch1: netlabel_tools-0.20-service.diff +Patch2: harden_netlabel.service.patch %description Explicit labeled networking for Linux @@ -59,6 +60,7 @@ %prep %setup -q -n netlabel_tools-%{version} %patch1 -p0 +%patch2 -p1 %build %configure --with-systemdsystemunitdir=%_unitdir ++++++ harden_netlabel.service.patch ++++++ Index: netlabel_tools-0.21/netlabelctl/netlabel.service =================================================================== --- netlabel_tools-0.21.orig/netlabelctl/netlabel.service +++ netlabel_tools-0.21/netlabelctl/netlabel.service @@ -6,6 +6,17 @@ Before=libvirtd.service Before=network.service [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=oneshot RemainAfterExit=yes ExecStart=/usr/sbin/netlabel-config load
