Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ebtables for openSUSE:Factory checked in at 2021-11-15 00:06:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ebtables (Old) and /work/SRC/openSUSE:Factory/.ebtables.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ebtables" Mon Nov 15 00:06:15 2021 rev:48 rq:930813 version:2.0.11 Changes: -------- --- /work/SRC/openSUSE:Factory/ebtables/ebtables.changes 2020-09-04 10:56:04.474525723 +0200 +++ /work/SRC/openSUSE:Factory/.ebtables.new.1890/ebtables.changes 2021-11-15 00:06:19.771601297 +0100 @@ -1,0 +2,17 @@ +Thu Nov 11 08:36:14 UTC 2021 - Danilo Spinella <[email protected]> + +- Add build dependency on libalternatives +- Run spec-cleaner + +------------------------------------------------------------------- +Fri Oct 15 07:30:28 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * ebtables.service + +------------------------------------------------------------------- +Fri Aug 20 18:06:09 UTC 2021 - Stefan Schubert <[email protected]> + +- Use libalternatives instead of update-alternatives. + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ebtables.spec ++++++ --- /var/tmp/diff_new_pack.0KW0WE/_old 2021-11-15 00:06:20.331601753 +0100 +++ /var/tmp/diff_new_pack.0KW0WE/_new 2021-11-15 00:06:20.335601757 +0100 @@ -1,7 +1,7 @@ # # spec file for package ebtables # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,11 +16,15 @@ # +%if 0%{?suse_version} > 1500 +%bcond_without libalternatives +%else +%bcond_with libalternatives +%endif #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} - %define _fillupdir /var/adm/fillup-templates + %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif - Name: ebtables Version: 2.0.11 Release: 0 @@ -29,8 +33,8 @@ Group: Productivity/Networking/Security URL: http://ebtables.sf.net/ #Git-Clone: git://git.netfilter.org/ebtables -Source0: http://ftp.netfilter.org/pub/ebtables/ebtables-%version.tar.gz -Source1: http://ftp.netfilter.org/pub/ebtables/ebtables-%version.tar.gz.sig +Source0: http://ftp.netfilter.org/pub/ebtables/ebtables-%{version}.tar.gz +Source1: http://ftp.netfilter.org/pub/ebtables/ebtables-%{version}.tar.gz.sig Source2: ebtables.keyring Source3: ebtables.service Source4: ebtables.systemd @@ -40,10 +44,14 @@ BuildRequires: xz Requires: netcfg >= 11.6 Requires(pre): %fillup_prereq -BuildRoot: %{_tmppath}/%{name}-%{version}-build -Requires(post): update-alternatives -Requires(postun): update-alternatives %{?systemd_ordering} +%if %{with libalternatives} +BuildRequires: alts +Requires: alts +%else +Requires(post): update-alternatives +Requires(postun):update-alternatives +%endif %description A firewalling tool to transparently filter network traffic passing a @@ -77,7 +85,7 @@ # The way ebtables is built requires ASNEEDED=0 forever [bnc#567267] export SUSE_ASNEEDED=0 %configure -make %{?_smp_mflags} +%make_build %install # The way ebtables is built requires ASNEEDED=0 forever [bnc#567267] @@ -86,33 +94,63 @@ %make_install mkdir -p %{buildroot}%{_fillupdir} mkdir -p %{buildroot}%{_unitdir} -install -p %_sourcedir/ebtables.service %{buildroot}%{_unitdir}/ +install -p %{_sourcedir}/ebtables.service %{buildroot}%{_unitdir}/ sed -i "s|@LIBEXECDIR@|%{_libexecdir}|g" %{buildroot}%{_unitdir}/*.service chmod -x %{buildroot}%{_unitdir}/*.service mkdir -p %{buildroot}%{_libexecdir} -install -m0755 %_sourcedir/ebtables.systemd %{buildroot}%{_libexecdir}/%{name}-helper +install -m0755 %{_sourcedir}/ebtables.systemd %{buildroot}%{_libexecdir}/%{name}-helper ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} touch %{buildroot}%{_fillupdir}/sysconfig.%{name}.filter touch %{buildroot}%{_fillupdir}/sysconfig.%{name}.nat touch %{buildroot}%{_fillupdir}/sysconfig.%{name}.broute -rm -rfv %{buildroot}%{_initrddir} +rm -rfv %{buildroot}%{_initddir} # not used rm -f "%{buildroot}/%{_sysconfdir}/ebtables-config" for i in ebtables ebtables-restore ebtables-save; do - ln -fsv "/etc/alternatives/$i" "%{buildroot}/%{_sbindir}/$i" +%if ! %{with libalternatives} + ln -fsv "%{_sysconfdir}/alternatives/$i" "%{buildroot}/%{_sbindir}/$i" +%else + ln -fsv %{_bindir}/alts "%{buildroot}/%{_sbindir}/$i" +%endif done -echo ".so ebtables-legacy.8" >"%buildroot/%_mandir/man8/ebtables.8" +echo ".so ebtables-legacy.8" >"%{buildroot}/%{_mandir}/man8/ebtables.8" # no headers to make use of it -rm -f "%buildroot/%_libdir/libebtc.la" "%buildroot/%_libdir/libebtc.so" +rm -f "%{buildroot}/%{_libdir}/libebtc.la" "%{buildroot}/%{_libdir}/libebtc.so" + +%if %{with libalternatives} +mkdir -p %{buildroot}%{_datadir}/libalternatives/ebtables +cat > %{buildroot}%{_datadir}/libalternatives/ebtables/1.conf <<EOF +binary=%{_sbindir}/ebtables-legacy +group=ebtables, ebtables-restore, ebtables-save +EOF +mkdir -p %{buildroot}%{_datadir}/libalternatives/ebtables-restore +cat > %{buildroot}%{_datadir}/libalternatives/ebtables-restore/1.conf <<EOF +binary=%{_sbindir}/ebtables-legacy-restore +group=ebtables, ebtables-restore, ebtables-save +EOF +mkdir -p %{buildroot}%{_datadir}/libalternatives/ebtables-save +cat > %{buildroot}%{_datadir}/libalternatives/ebtables-save/1.conf <<EOF +binary=%{_sbindir}/ebtables-legacy-save +group=ebtables, ebtables-restore, ebtables-save +EOF +%endif %pre +%if %{with libalternatives} +# removing old update-alternatives entries +if [ "$1" -gt 0 ] && [ -f %{_sbindir}/update-alternatives ] ; then + update-alternatives --remove ebtables "%{_sbindir}/ebtables-legacy" +fi +%endif %service_add_pre %{name}.service %post +%if ! %{with libalternatives} update-alternatives --force \ --install "%{_sbindir}/ebtables" ebtables "%{_sbindir}/ebtables-legacy" 1 \ --slave "%{_sbindir}/ebtables-restore" ebtables-restore "%{_sbindir}/ebtables-legacy-restore" \ --slave "%{_sbindir}/ebtables-save" ebtables-save "%{_sbindir}/ebtables-legacy-save" +%endif %service_add_post %{name}.service %fillup_only @@ -120,24 +158,35 @@ %service_del_preun %{name}.service %postun +%if ! %{with libalternatives} if test "$1" = 0; then update-alternatives --remove ebtables "%{_sbindir}/ebtables-legacy" fi +%endif %service_del_postun %{name}.service %post -n libebtc0 -p /sbin/ldconfig %postun -n libebtc0 -p /sbin/ldconfig %files -%defattr(-,root,root) %license COPYING %doc ChangeLog -%{_mandir}/man8/ebtables*.8* +%{_mandir}/man8/ebtables*.8%{?ext_man} %{_libexecdir}/%{name}-helper %{_unitdir}/%{name}.service +%if ! %{with libalternatives} %ghost %{_sysconfdir}/alternatives/ebtables %ghost %{_sysconfdir}/alternatives/ebtables-restore %ghost %{_sysconfdir}/alternatives/ebtables-save +%else +%dir %{_datadir}/libalternatives +%dir %{_datadir}/libalternatives/ebtables +%dir %{_datadir}/libalternatives/ebtables-restore +%dir %{_datadir}/libalternatives/ebtables-save +%{_datadir}/libalternatives/ebtables/1.conf +%{_datadir}/libalternatives/ebtables-restore/1.conf +%{_datadir}/libalternatives/ebtables-save/1.conf +%endif %ghost %{_fillupdir}/sysconfig.%{name}.filter %ghost %{_fillupdir}/sysconfig.%{name}.nat %ghost %{_fillupdir}/sysconfig.%{name}.broute @@ -147,6 +196,6 @@ %{_sbindir}/rcebtables %files -n libebtc0 -%_libdir/libebtc.so.0* +%{_libdir}/libebtc.so.0* %changelog ++++++ ebtables.service ++++++ --- /var/tmp/diff_new_pack.0KW0WE/_old 2021-11-15 00:06:20.387601798 +0100 +++ /var/tmp/diff_new_pack.0KW0WE/_new 2021-11-15 00:06:20.387601798 +0100 @@ -2,6 +2,14 @@ Description=Ethernet Bridge Filtering tables [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=oneshot RemainAfterExit=yes ExecStart=@LIBEXECDIR@/ebtables-helper start
