commit dbxtool for openSUSE:Factory

Wed, 01 Sep 2021 12:38:12 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package dbxtool for openSUSE:Factory checked 
in at 2021-09-01 21:37:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dbxtool (Old)
 and      /work/SRC/openSUSE:Factory/.dbxtool.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "dbxtool"

Wed Sep  1 21:37:23 2021 rev:4 rq:915508 version:8

Changes:
--------
--- /work/SRC/openSUSE:Factory/dbxtool/dbxtool.changes  2020-09-22 
21:11:50.119963724 +0200
+++ /work/SRC/openSUSE:Factory/.dbxtool.new.1899/dbxtool.changes        
2021-09-01 21:37:52.948927541 +0200
@@ -1,0 +2,6 @@
+Wed Sep  1 12:26:55 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s). Added patch(es):
+  * harden_dbxtool.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_dbxtool.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ dbxtool.spec ++++++
--- /var/tmp/diff_new_pack.OzrUXL/_old  2021-09-01 21:37:53.388928070 +0200
+++ /var/tmp/diff_new_pack.OzrUXL/_new  2021-09-01 21:37:53.392928075 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package dbxtool
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,6 +27,7 @@
 Requires:       efivar >= 26-1
 Source0:        
https://github.com/rhboot/dbxtool/releases/download/dbxtool-%version/dbxtool-%version.tar.bz2
 Patch0:         dbxtool-fixes.patch
+Patch1:         harden_dbxtool.service.patch
 %systemd_requires
 
 %description
@@ -35,6 +36,7 @@
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 make CFLAGS="%optflags"

++++++ harden_dbxtool.service.patch ++++++
Index: dbxtool-8/src/dbxtool.service
===================================================================
--- dbxtool-8.orig/src/dbxtool.service
+++ dbxtool-8/src/dbxtool.service
@@ -6,5 +6,17 @@ ConditionPathExists=/sys/firmware/efi/ef
 WantedBy=multi-user.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 RemainAfterExit=yes
 ExecStart=/usr/bin/dbxtool -a /usr/share/dbxtool/ -q -f

Reply via email to