commit fail2ban for openSUSE:Factory

Source-Sync Tue, 21 Sep 2021 12:15:04 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2021-09-21 21:13:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and      /work/SRC/openSUSE:Factory/.fail2ban.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "fail2ban"

Tue Sep 21 21:13:16 2021 rev:62 rq:920602 version:0.11.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes        2021-08-25 
20:59:26.945063448 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new.1899/fail2ban.changes      
2021-09-21 21:14:09.766707853 +0200
@@ -1,0 +2,6 @@
+Tue Sep 14 07:47:32 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_fail2ban.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_fail2ban.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ fail2ban.spec ++++++
--- /var/tmp/diff_new_pack.bCvwPe/_old  2021-09-21 21:14:10.278708432 +0200
+++ /var/tmp/diff_new_pack.bCvwPe/_new  2021-09-21 21:14:10.282708437 +0200
@@ -51,6 +51,7 @@
 Patch300:       fail2ban-opensuse-service-sfw.patch
 # PATCH-FIX-UPSTREAM fail2ban-0.11.2-upstream-patch-for-CVE-2021-32749.patch 
jweberho...@weberhofer.at -- fixes CVE-2021-32749
 Patch400:       fail2ban-0.11.2-upstream-patch-for-CVE-2021-32749.patch
+Patch401:       harden_fail2ban.service.patch
 
 BuildRequires:  fdupes
 BuildRequires:  logrotate
@@ -137,6 +138,7 @@
 %patch300 -p1
 %endif
 %patch400 -p1
+%patch401 -p1
 
 rm     config/paths-arch.conf \
        config/paths-debian.conf \


++++++ harden_fail2ban.service.patch ++++++
Index: fail2ban-0.11.2/files/fail2ban.service.in
===================================================================
--- fail2ban-0.11.2.orig/files/fail2ban.service.in
+++ fail2ban-0.11.2/files/fail2ban.service.in
@@ -5,6 +5,18 @@ After=network.target iptables.service fi
 PartOf=firewalld.service ipset.service nftables.service
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=simple
 EnvironmentFile=-/etc/sysconfig/fail2ban
 Environment="PYTHONNOUSERSITE=1"

commit fail2ban for openSUSE:Factory

Reply via email to