commit shairport-sync for openSUSE:Factory

Source-Sync Sun, 21 Nov 2021 14:55:34 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package shairport-sync for openSUSE:Factory 
checked in at 2021-11-21 23:52:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/shairport-sync (Old)
 and      /work/SRC/openSUSE:Factory/.shairport-sync.new.1895 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "shairport-sync"

Sun Nov 21 23:52:06 2021 rev:11 rq:932747 version:3.3.8

Changes:
--------
--- /work/SRC/openSUSE:Factory/shairport-sync/shairport-sync.changes    
2021-08-19 10:02:00.207192127 +0200
+++ /work/SRC/openSUSE:Factory/.shairport-sync.new.1895/shairport-sync.changes  
2021-11-21 23:52:34.602176605 +0100
@@ -1,0 +2,6 @@
+Wed Nov 17 08:08:53 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_shairport-sync.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_shairport-sync.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ shairport-sync.spec ++++++
--- /var/tmp/diff_new_pack.k9GENe/_old  2021-11-21 23:52:35.138174877 +0100
+++ /var/tmp/diff_new_pack.k9GENe/_new  2021-11-21 23:52:35.142174864 +0100
@@ -29,6 +29,7 @@
 # PATCH-FIX-OPENSUSE drop-user-config.patch hillw...@opensuse.org -- Move 
configuring user account to rpm spec.
 # Move configuring user account to rpm spec.
 Patch0:         drop-user-config.patch
+Patch1:        harden_shairport-sync.service.patch
 BuildRequires:  fdupes
 BuildRequires:  firewall-macros
 BuildRequires:  gcc-c++
@@ -66,6 +67,7 @@
 %setup -q
 %patch0 -p1
 cp %{SOURCE2} .
+%patch1 -p1
 
 %build
 autoreconf -i -f

++++++ harden_shairport-sync.service.patch ++++++
Index: shairport-sync-3.3.8/scripts/shairport-sync.service.in
===================================================================
--- shairport-sync-3.3.8.orig/scripts/shairport-sync.service.in
+++ shairport-sync-3.3.8/scripts/shairport-sync.service.in
@@ -7,6 +7,17 @@ Wants=network-online.target
 After=network.target network-online.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=@prefix@/bin/shairport-sync
 User=shairport-sync
 Group=shairport-sync

commit shairport-sync for openSUSE:Factory

Reply via email to