Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package oidentd for openSUSE:Factory checked in at 2021-10-15 23:03:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/oidentd (Old) and /work/SRC/openSUSE:Factory/.oidentd.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "oidentd" Fri Oct 15 23:03:47 2021 rev:24 rq:925223 version:2.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/oidentd/oidentd.changes 2021-01-27 18:58:55.296497145 +0100 +++ /work/SRC/openSUSE:Factory/.oidentd.new.1890/oidentd.changes 2021-10-15 23:04:04.482102216 +0200 @@ -1,0 +2,16 @@ +Thu Oct 14 09:10:39 UTC 2021 - Samu Voutilainen <[email protected]> + +- Remove unsupported hardening flags when using old version + with old systemd. +- Removed [email protected] as this package is using own + service instead of upstream one, which also has same security switches. + +------------------------------------------------------------------- +Wed Oct 13 06:34:00 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * [email protected] + Modified: + * [email protected] + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ oidentd.spec ++++++ --- /var/tmp/diff_new_pack.ebalab/_old 2021-10-15 23:04:04.998102584 +0200 +++ /var/tmp/diff_new_pack.ebalab/_new 2021-10-15 23:04:05.002102586 +0200 @@ -32,12 +32,12 @@ License: GPL-2.0-or-later Group: Productivity/Networking/System URL: https://oidentd.janikrabe.com/ -Source: https://ftp.janikrabe.com/pub/oidentd/releases/%{version}/oidentd-%{version}.tar.xz +Source: https://files.janikrabe.com/pub/oidentd/releases/%{version}/oidentd-%{version}.tar.xz Source1: sysconfig.oidentd Source2: rc.oidentd Source3: [email protected] Source4: oidentd.socket -Source5: https://ftp.janikrabe.com/pub/oidentd/releases/%{version}/oidentd-%{version}.tar.xz.asc +Source5: https://files.janikrabe.com/pub/oidentd/releases/%{version}/oidentd-%{version}.tar.xz.asc # https://janikrabe.com/key.asc Source6: %{name}.keyring BuildRequires: automake @@ -63,6 +63,17 @@ %prep %setup -q +# Avoid "Unknown key name 'XXX' in section 'Service', ignoring." warnings from systemd on older releases +%if 0%{?sle_version} +%if 0%{?sle_version} < 150300 + sed -r -i '/^(Protect(Hostname|KernelLogs|Clock))=/d' %{_sourcedir}/[email protected] +%if 0%{?sle_version} < 150200 + sed -r -i '/^(Protect(Home|Hostname|KernelLogs|Clock)|PrivateMounts)=/d' %{_sourcedir}/[email protected] +%endif +%endif +%endif +# / sle_version + %build CFLAGS="%{optflags} -fgnu89-inline" autoreconf --install --force ++++++ [email protected] ++++++ --- /var/tmp/diff_new_pack.ebalab/_old 2021-10-15 23:04:05.054102624 +0200 +++ /var/tmp/diff_new_pack.ebalab/_new 2021-10-15 23:04:05.054102624 +0200 @@ -5,6 +5,18 @@ [Service] Type=simple PrivateDevices=true +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions EnvironmentFile=/etc/sysconfig/oidentd ExecStart=/usr/sbin/oidentd -I -u nobody -g nobody --foreground --nosyslog $OIDENTD_OPTIONS StandardInput=socket
