commit libzypp-plugin-appdata for openSUSE:Factory

Source-Sync Tue, 12 Oct 2021 12:50:16 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libzypp-plugin-appdata for 
openSUSE:Factory checked in at 2021-10-12 21:48:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libzypp-plugin-appdata (Old)
 and      /work/SRC/openSUSE:Factory/.libzypp-plugin-appdata.new.2443 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libzypp-plugin-appdata"

Tue Oct 12 21:48:46 2021 rev:23 rq:924739 version:1.0.1+git.20180426

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/libzypp-plugin-appdata/libzypp-plugin-appdata.changes
    2020-09-09 17:46:40.202413319 +0200
+++ 
/work/SRC/openSUSE:Factory/.libzypp-plugin-appdata.new.2443/libzypp-plugin-appdata.changes
  2021-10-12 21:50:05.471935099 +0200
@@ -1,0 +2,6 @@
+Tue Oct  5 09:12:00 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_appstream-sync-cache.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_appstream-sync-cache.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libzypp-plugin-appdata.spec ++++++
--- /var/tmp/diff_new_pack.zUw1Hh/_old  2021-10-12 21:50:05.963935803 +0200
+++ /var/tmp/diff_new_pack.zUw1Hh/_new  2021-10-12 21:50:05.967935809 +0200
@@ -25,6 +25,7 @@
 URL:            https://wiki.gnome.org/Design/Apps/Software
 Source0:        openSUSE-appstream-%{version}.tar.xz
 Source99:       libzypp-plugin-appdata-rpmlintrc
+Patch0:        harden_appstream-sync-cache.service.patch
 # appstreamcli is provided by the AppStream package. Let's pull it in when 
available, but ignore its absence
 Recommends:     AppStream
 # appstream-glib >= 0.3.6 is the first to correctly to appstream-util 
uninstall in /var/cache
@@ -59,6 +60,7 @@
 
 %prep
 %setup -q -n openSUSE-appstream-%{version}
+%patch0 -p1
 
 %build
 

++++++ harden_appstream-sync-cache.service.patch ++++++
Index: openSUSE-appstream-1.0.1+git.20180426/appstream-sync-cache.service
===================================================================
--- openSUSE-appstream-1.0.1+git.20180426.orig/appstream-sync-cache.service
+++ openSUSE-appstream-1.0.1+git.20180426/appstream-sync-cache.service
@@ -4,6 +4,19 @@ After=local-fs.target
 ConditionDirectoryNotEmpty=!/var/cache/app-info/xmls
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=forking
 ExecStart=/usr/bin/zypper appstream-cache

commit libzypp-plugin-appdata for openSUSE:Factory

Reply via email to