Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package triggerhappy for openSUSE:Factory checked in at 2021-11-30 23:15:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/triggerhappy (Old) and /work/SRC/openSUSE:Factory/.triggerhappy.new.31177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "triggerhappy" Tue Nov 30 23:15:54 2021 rev:2 rq:934589 version:0.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/triggerhappy/triggerhappy.changes 2020-09-25 16:30:48.703851903 +0200 +++ /work/SRC/openSUSE:Factory/.triggerhappy.new.31177/triggerhappy.changes 2021-12-02 02:27:47.572081121 +0100 @@ -1,0 +2,6 @@ +Thu Nov 25 13:49:27 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_triggerhappy.service.patch + +------------------------------------------------------------------- New: ---- harden_triggerhappy.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ triggerhappy.spec ++++++ --- /var/tmp/diff_new_pack.q4IOpE/_old 2021-12-02 02:27:47.932079879 +0100 +++ /var/tmp/diff_new_pack.q4IOpE/_new 2021-12-02 02:27:47.932079879 +0100 @@ -1,7 +1,7 @@ # # spec file for package triggerhappy # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -20,11 +20,12 @@ Version: 0.5.0 Release: 0 Summary: Lightweight hotkey daemon -License: GPL-3.0+ +License: GPL-3.0-or-later Group: System/Base -Url: https://github.com/wertarbyte/triggerhappy +URL: https://github.com/wertarbyte/triggerhappy Source: https://github.com/wertarbyte/triggerhappy/archive/release/0.5.0.tar.gz -Patch: 0001-Fix-systemd-service.patch +Patch0: 0001-Fix-systemd-service.patch +Patch1: harden_triggerhappy.service.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -41,7 +42,8 @@ %prep %setup -q -n %{name}-release-%{version} -%patch -p1 +%patch0 -p1 +%patch1 -p1 %build make %{?_smp_mflags} ++++++ harden_triggerhappy.service.patch ++++++ Index: triggerhappy-release-0.5.0/systemd/triggerhappy.service =================================================================== --- triggerhappy-release-0.5.0.orig/systemd/triggerhappy.service +++ triggerhappy-release-0.5.0/systemd/triggerhappy.service @@ -3,6 +3,17 @@ Description=triggerhappy global hotkey d After=local-fs.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStart=/usr/sbin/thd --triggers /etc/triggerhappy/triggers.d/ --socket /run/thd.socket --user nobody --deviceglob /dev/input/event* [Install]
