commit connman for openSUSE:Factory

Source-Sync Fri, 10 Sep 2021 14:42:54 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package connman for openSUSE:Factory checked 
in at 2021-09-10 23:41:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/connman (Old)
 and      /work/SRC/openSUSE:Factory/.connman.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "connman"

Fri Sep 10 23:41:31 2021 rev:9 rq:917966 version:1.40

Changes:
--------
--- /work/SRC/openSUSE:Factory/connman/connman.changes  2021-08-27 
21:45:19.638070575 +0200
+++ /work/SRC/openSUSE:Factory/.connman.new.1899/connman.changes        
2021-09-10 23:41:56.410599535 +0200
@@ -1,0 +2,7 @@
+Mon Aug 30 08:28:08 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s). Added patch(es):
+  * harden_connman-vpn.service.patch
+  * harden_connman-wait-online.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_connman-vpn.service.patch
  harden_connman-wait-online.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ connman.spec ++++++
--- /var/tmp/diff_new_pack.Wkkxuv/_old  2021-09-10 23:41:56.962600122 +0200
+++ /var/tmp/diff_new_pack.Wkkxuv/_new  2021-09-10 23:41:56.966600127 +0200
@@ -37,6 +37,8 @@
 Source2:        connman.keyring
 # PATCH-FIX-OPENSUSE -- Greate symlink to network.service
 Patch0:         0001-connman-1.35-service.patch
+Patch1:         harden_connman-vpn.service.patch
+Patch2:         harden_connman-wait-online.service.patch
 BuildRequires:  dhcp
 BuildRequires:  openvpn
 BuildRequires:  pkgconfig
@@ -217,6 +219,8 @@
 %prep
 %setup -q -n connman-%{version}
 %patch0 -p1
+%patch1 -p1
+%patch2 -p1
 
 %build
 # Using i586 repository, so explicitly forward it to CC.


++++++ harden_connman-vpn.service.patch ++++++
Index: connman-1.40/vpn/connman-vpn.service.in
===================================================================
--- connman-1.40.orig/vpn/connman-vpn.service.in
+++ connman-1.40/vpn/connman-vpn.service.in
@@ -9,6 +9,16 @@ StandardOutput=null
 CapabilityBoundingSet=CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW 
CAP_SETGID CAP_SETUID CAP_CHOWN CAP_FOWNER
 ProtectHome=read-only
 ProtectSystem=full
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 
 [Install]
 WantedBy=multi-user.target
++++++ harden_connman-wait-online.service.patch ++++++
Index: connman-1.40/src/connman-wait-online.service.in
===================================================================
--- connman-1.40.orig/src/connman-wait-online.service.in
+++ connman-1.40/src/connman-wait-online.service.in
@@ -7,6 +7,18 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=oneshot
 ExecStart=@sbindir@/connmand-wait-online
 RemainAfterExit=yes

commit connman for openSUSE:Factory

Reply via email to