Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package man for openSUSE:Factory checked in
at 2021-10-11 15:30:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/man (Old)
and /work/SRC/openSUSE:Factory/.man.new.2443 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "man"
Mon Oct 11 15:30:27 2021 rev:88 rq:923541 version:2.9.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/man/man.changes 2021-08-16 10:14:01.942922130
+0200
+++ /work/SRC/openSUSE:Factory/.man.new.2443/man.changes 2021-10-11
15:30:41.486755911 +0200
@@ -1,0 +2,8 @@
+Wed Oct 6 11:41:21 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+ * harden_man-db.service.patch
+ Modified:
+ * man-db-create.service
+
+-------------------------------------------------------------------
New:
----
harden_man-db.service.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ man.spec ++++++
--- /var/tmp/diff_new_pack.S2tdVS/_old 2021-10-11 15:30:42.398757373 +0200
+++ /var/tmp/diff_new_pack.S2tdVS/_new 2021-10-11 15:30:42.398757373 +0200
@@ -57,6 +57,7 @@
# PATCH-FEATURE-OPENSUSE -- Add documentation about man0 section (header files)
Patch9: man-db-2.6.3-man0.dif
Patch10: man-db-2.9.4-alternitive.dif
+Patch11: harden_man-db.service.patch
BuildRequires: automake
BuildRequires: flex
BuildRequires: gdbm-devel
@@ -110,6 +111,7 @@
%patch9 -b .s10
%patch10 -b .libalernative
rm -f configure
+%patch11 -p1
%build
%global optflags %{optflags} -funroll-loops -pipe -Wall
++++++ harden_man-db.service.patch ++++++
Index: man-db-2.9.4/init/systemd/man-db.service.in
===================================================================
--- man-db-2.9.4.orig/init/systemd/man-db.service.in
+++ man-db-2.9.4/init/systemd/man-db.service.in
@@ -4,6 +4,19 @@ Documentation=man:mandb(8)
ConditionACPower=true
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=oneshot
# Recover from deletion, per FHS.
ExecStart=+/usr/bin/install -d -o @cache_top_owner@ -g @cache_top_owner@ -m
0755 /var/cache/man
++++++ man-db-create.service ++++++
--- /var/tmp/diff_new_pack.S2tdVS/_old 2021-10-11 15:30:42.482757508 +0200
+++ /var/tmp/diff_new_pack.S2tdVS/_new 2021-10-11 15:30:42.486757514 +0200
@@ -8,6 +8,19 @@
ConditionPathExists=!/var/cache/man/index.db
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/mandb --quiet --create
