commit tvheadend for openSUSE:Factory

Wed, 01 Dec 2021 17:28:02 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package tvheadend for openSUSE:Factory 
checked in at 2021-11-29 17:28:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tvheadend (Old)
 and      /work/SRC/openSUSE:Factory/.tvheadend.new.31177 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "tvheadend"

Mon Nov 29 17:28:44 2021 rev:13 rq:934561 version:4.2.8

Changes:
--------
--- /work/SRC/openSUSE:Factory/tvheadend/tvheadend.changes      2020-06-12 
21:47:04.932862133 +0200
+++ /work/SRC/openSUSE:Factory/.tvheadend.new.31177/tvheadend.changes   
2021-12-02 02:27:51.856066339 +0100
@@ -1,0 +2,6 @@
+Thu Nov 25 15:22:11 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_tvheadend.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_tvheadend.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ tvheadend.spec ++++++
--- /var/tmp/diff_new_pack.eXMdo8/_old  2021-12-02 02:27:52.424064379 +0100
+++ /var/tmp/diff_new_pack.eXMdo8/_new  2021-12-02 02:27:52.424064379 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package tvheadend
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 # Copyright (c) 2016 Packman Team <pack...@links2linux.de>
 #
 # All modifications and additions to the file contributed by third parties
@@ -39,6 +39,7 @@
 Patch2:         %{name}-fix-service-dependency.patch
 # PATCH-FIX-UPSTREAM -- fix unsufficient configure checks when using LTO 
(check optimized away)
 Patch3:         fix_configure_checks_with_LTO.patch
+Patch4:         harden_tvheadend.service.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  pkgconfig
@@ -69,6 +70,7 @@
 %setup -q
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 sed -e "s/-u \([^ ]*\) -g \([^ ]*\)/-u %{htsuser} -g %{htsgroup}/" -i 
rpm/%{name}.sysconfig
 sed -e '/^TVH_ARGS/cTVH_ARGS="-C"' -i debian/%{name}.default

++++++ harden_tvheadend.service.patch ++++++
Index: tvheadend-4.2.8/rpm/tvheadend.service
===================================================================
--- tvheadend-4.2.8.orig/rpm/tvheadend.service
+++ tvheadend-4.2.8/rpm/tvheadend.service
@@ -3,6 +3,17 @@ Description=Tvheadend - a TV streaming s
 After=network.target auditd.service
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 EnvironmentFile=/etc/sysconfig/tvheadend
 ExecStart=/usr/bin/tvheadend -f -p /run/tvheadend.pid $OPTIONS
 PIDFile=/run/tvheadend.pid

Reply via email to