Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package upmpdcli for openSUSE:Factory checked in at 2021-12-06 23:59:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/upmpdcli (Old) and /work/SRC/openSUSE:Factory/.upmpdcli.new.31177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "upmpdcli" Mon Dec 6 23:59:59 2021 rev:6 rq:935919 version:1.5.11 Changes: -------- --- /work/SRC/openSUSE:Factory/upmpdcli/upmpdcli.changes 2021-04-15 16:58:46.886803807 +0200 +++ /work/SRC/openSUSE:Factory/.upmpdcli.new.31177/upmpdcli.changes 2021-12-07 00:01:13.160174574 +0100 @@ -1,0 +2,6 @@ +Fri Nov 26 08:42:11 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_upmpdcli.service.patch + +------------------------------------------------------------------- New: ---- harden_upmpdcli.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ upmpdcli.spec ++++++ --- /var/tmp/diff_new_pack.VgdXDy/_old 2021-12-07 00:01:13.740172522 +0100 +++ /var/tmp/diff_new_pack.VgdXDy/_new 2021-12-07 00:01:13.748172494 +0100 @@ -23,6 +23,7 @@ License: GPL-2.0-or-later URL: https://www.lesbonscomptes.com/updmpdcli Source0: https://www.lesbonscomptes.com/upmpdcli/downloads/upmpdcli-%{version}.tar.gz +Patch0: harden_upmpdcli.service.patch BuildRequires: gcc-c++ BuildRequires: pkgconfig BuildRequires: systemd-rpm-macros @@ -42,7 +43,7 @@ on Android tablets or phones. %prep -%autosetup +%autosetup -p1 %build %configure ++++++ harden_upmpdcli.service.patch ++++++ Index: upmpdcli-1.5.11/systemd/upmpdcli.service =================================================================== --- upmpdcli-1.5.11.orig/systemd/upmpdcli.service +++ upmpdcli-1.5.11/systemd/upmpdcli.service @@ -4,6 +4,19 @@ After=network-online.target mpd.service Wants=network-online.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=simple # ExecStartPre=/bin/sleep 30 # Note: if start fails check with "systemctl status upmpdcli"
