commit mbpfan for openSUSE:Factory

Fri, 21 Jan 2022 23:19:42 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package mbpfan for openSUSE:Factory checked 
in at 2022-01-22 08:18:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mbpfan (Old)
 and      /work/SRC/openSUSE:Factory/.mbpfan.new.1938 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mbpfan"

Sat Jan 22 08:18:36 2022 rev:2 rq:948021 version:2.2.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/mbpfan/mbpfan.changes    2020-12-29 
15:48:56.484372535 +0100
+++ /work/SRC/openSUSE:Factory/.mbpfan.new.1938/mbpfan.changes  2022-01-22 
08:19:29.350376111 +0100
@@ -1,0 +2,6 @@
+Fri Oct 15 07:27:56 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_mbpfan.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_mbpfan.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mbpfan.spec ++++++
--- /var/tmp/diff_new_pack.diYAa9/_old  2022-01-22 08:19:29.710373686 +0100
+++ /var/tmp/diff_new_pack.diYAa9/_new  2022-01-22 08:19:29.714373659 +0100
@@ -23,6 +23,7 @@
 License:        GPL-3.0-only
 URL:            https://github.com/linux-on-mac/mbpfan
 Source0:        
https://github.com/linux-on-mac/mbpfan/archive/v%{version}/%{name}-%{version}.tar.gz
+Patch0:        harden_mbpfan.service.patch
 BuildRequires:  gcc
 BuildRequires:  make
 BuildRequires:  systemd-rpm-macros
@@ -44,6 +45,7 @@
 
 %prep
 %setup -q
+%patch0 -p1
 
 
 %build

++++++ harden_mbpfan.service.patch ++++++
Index: mbpfan-2.2.1/mbpfan.service
===================================================================
--- mbpfan-2.2.1.orig/mbpfan.service
+++ mbpfan-2.2.1/mbpfan.service
@@ -4,6 +4,17 @@ After=syslog.target
 After=sysinit.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=simple
 ExecStart=/usr/sbin/mbpfan -f
 ExecReload=/usr/bin/kill -HUP $MAINPID

Reply via email to