commit frr for openSUSE:Factory

Tue, 28 Sep 2021 10:17:34 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package frr for openSUSE:Factory checked in 
at 2021-09-28 19:16:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/frr (Old)
 and      /work/SRC/openSUSE:Factory/.frr.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "frr"

Tue Sep 28 19:16:31 2021 rev:14 rq:921883 version:7.5.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/frr/frr.changes  2021-04-24 23:10:05.519474463 
+0200
+++ /work/SRC/openSUSE:Factory/.frr.new.1899/frr.changes        2021-09-28 
19:17:25.160247152 +0200
@@ -1,0 +2,6 @@
+Thu Sep 16 07:12:55 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_frr.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_frr.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ frr.spec ++++++
--- /var/tmp/diff_new_pack.g7uFf1/_old  2021-09-28 19:17:25.608247667 +0200
+++ /var/tmp/diff_new_pack.g7uFf1/_new  2021-09-28 19:17:25.612247672 +0200
@@ -42,6 +42,7 @@
 Source:         
https://github.com/FRRouting/frr/archive/%{name}-%{version}.tar.gz
 Source1:        %{name}-tmpfiles.d
 Patch1:         0001-disable-zmq-test.patch
+Patch2:        harden_frr.service.patch
 BuildRequires:  %{python_module Sphinx}
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module pytest}
@@ -182,6 +183,7 @@
 %prep
 %setup -q -n %{name}-%{name}-%{version}
 %patch1 -p1
+%patch2 -p1
 
 %build
 # GCC LTO objects must be "fat" to avoid assembly errors

++++++ harden_frr.service.patch ++++++
Index: frr-frr-7.5.1/tools/frr.service
===================================================================
--- frr-frr-7.5.1.orig/tools/frr.service
+++ frr-frr-7.5.1/tools/frr.service
@@ -7,6 +7,16 @@ Before=network.target
 OnFailure=heartbeat-failed@%n.service
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectClock=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Nice=-5
 Type=forking
 NotifyAccess=all

Reply via email to