Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ndppd for openSUSE:Factory checked in at 2021-10-12 22:47:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ndppd (Old) and /work/SRC/openSUSE:Factory/.ndppd.new.2443 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ndppd" Tue Oct 12 22:47:46 2021 rev:3 rq:924937 version:0.2.5.43 Changes: -------- --- /work/SRC/openSUSE:Factory/ndppd/ndppd.changes 2019-01-24 14:11:56.171464832 +0100 +++ /work/SRC/openSUSE:Factory/.ndppd.new.2443/ndppd.changes 2021-10-12 22:47:48.308942235 +0200 @@ -1,0 +2,6 @@ +Mon Oct 11 07:23:40 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_ndppd.service.patch + +------------------------------------------------------------------- New: ---- harden_ndppd.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ndppd.spec ++++++ --- /var/tmp/diff_new_pack.FdinYa/_old 2021-10-12 22:47:48.816943009 +0200 +++ /var/tmp/diff_new_pack.FdinYa/_new 2021-10-12 22:47:48.820943015 +0200 @@ -27,6 +27,7 @@ #Source: https://github.com/DanielAdolfsson/%%{name}/archive/%%{version}.tar.gz#/%%{name}-%%{version}.tar.gz Source: %{name}-%{version}.tar.xz Source1: ndppd-tmpfiles.conf +Patch0: harden_ndppd.service.patch BuildRequires: gcc-c++ BuildRequires: pkgconfig BuildRequires: systemd-rpm-macros @@ -44,6 +45,7 @@ %prep %setup -q +%patch0 -p1 %build export CXXFLAGS='%{optflags}' ++++++ harden_ndppd.service.patch ++++++ Index: ndppd-0.2.5.43/ndppd.service =================================================================== --- ndppd-0.2.5.43.orig/ndppd.service +++ ndppd-0.2.5.43/ndppd.service @@ -3,6 +3,18 @@ Description=NDP Proxy Daemon After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStart=/usr/sbin/ndppd -d -p /var/run/ndppd/ndppd.pid Type=forking PIDFile=/var/run/ndppd/ndppd.pid
