commit znc for openSUSE:Factory

Wed, 12 Jan 2022 15:23:48 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package znc for openSUSE:Factory checked in 
at 2022-01-13 00:22:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/znc (Old)
 and      /work/SRC/openSUSE:Factory/.znc.new.1892 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "znc"

Thu Jan 13 00:22:30 2022 rev:26 rq:945820 version:1.8.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/znc/znc.changes  2020-09-09 18:09:37.191617564 
+0200
+++ /work/SRC/openSUSE:Factory/.znc.new.1892/znc.changes        2022-01-13 
00:23:26.691976641 +0100
@@ -1,0 +2,6 @@
+Tue Jan 11 11:28:18 UTC 2022 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_znc.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_znc.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ znc.spec ++++++
--- /var/tmp/diff_new_pack.dqUqaE/_old  2022-01-13 00:23:27.099976935 +0100
+++ /var/tmp/diff_new_pack.dqUqaE/_new  2022-01-13 00:23:27.103976938 +0100
@@ -26,6 +26,7 @@
 Source0:        https://znc.in/releases/%{name}-%{version}.tar.gz
 Source1:        https://znc.in/releases/%{name}-%{version}.tar.gz.sig
 Source2:        %{name}.keyring
+Patch0:        harden_znc.service.patch
 BuildRequires:  cmake >= 3.1
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
@@ -106,6 +107,7 @@
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %cmake \

++++++ harden_znc.service.patch ++++++
Index: znc-1.8.2/znc.service.in
===================================================================
--- znc-1.8.2.orig/znc.service.in
+++ znc-1.8.2/znc.service.in
@@ -3,6 +3,19 @@ Description=ZNC, an advanced IRC bouncer
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=@CMAKE_INSTALL_FULL_BINDIR@/znc -f
 User=znc

Reply via email to