commit ssdp-responder for openSUSE:Factory

Fri, 26 Nov 2021 15:53:40 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package ssdp-responder for openSUSE:Factory 
checked in at 2021-11-27 00:51:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ssdp-responder (Old)
 and      /work/SRC/openSUSE:Factory/.ssdp-responder.new.1895 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ssdp-responder"

Sat Nov 27 00:51:31 2021 rev:4 rq:934004 version:1.7

Changes:
--------
--- /work/SRC/openSUSE:Factory/ssdp-responder/ssdp-responder.changes    
2020-06-24 15:48:15.160245656 +0200
+++ /work/SRC/openSUSE:Factory/.ssdp-responder.new.1895/ssdp-responder.changes  
2021-11-27 00:52:23.570580718 +0100
@@ -1,0 +2,6 @@
+Tue Nov 23 15:22:24 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_ssdpd.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_ssdpd.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ssdp-responder.spec ++++++
--- /var/tmp/diff_new_pack.fAU77J/_old  2021-11-27 00:52:23.910579544 +0100
+++ /var/tmp/diff_new_pack.fAU77J/_new  2021-11-27 00:52:23.914579530 +0100
@@ -26,6 +26,7 @@
 URL:            https://github.com/troglobit/ssdp-responder
 #Git-Clone:     https://github.com/troglobit/ssdp-responder.git
 Source:         
https://github.com/troglobit/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:        harden_ssdpd.service.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 %{?systemd_requires}
@@ -40,6 +41,7 @@
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 autoreconf -fiv

++++++ harden_ssdpd.service.patch ++++++
Index: ssdp-responder-1.7/ssdpd.service.in
===================================================================
--- ssdp-responder-1.7.orig/ssdpd.service.in
+++ ssdp-responder-1.7/ssdpd.service.in
@@ -6,6 +6,19 @@ After=network-online.target
 Requires=network-online.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=simple
 ExecStart=@SBINDIR@/ssdpd -sn

Reply via email to