Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lighttpd for openSUSE:Factory checked in at 2022-02-03 23:16:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lighttpd (Old) and /work/SRC/openSUSE:Factory/.lighttpd.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lighttpd" Thu Feb 3 23:16:54 2022 rev:51 rq:951357 version:1.4.64 Changes: -------- --- /work/SRC/openSUSE:Factory/lighttpd/lighttpd.changes 2022-01-23 12:17:02.351926087 +0100 +++ /work/SRC/openSUSE:Factory/.lighttpd.new.1898/lighttpd.changes 2022-02-03 23:18:57.955597286 +0100 @@ -1,0 +2,6 @@ +Thu Feb 3 08:21:55 UTC 2022 - Johannes Segitz <jseg...@suse.com> + +- Set ProtectHome to read-only, otherwise access to the users public_html can + break (bsc#1195465) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ harden_lighttpd.service.patch ++++++ --- /var/tmp/diff_new_pack.HlpdxW/_old 2022-02-03 23:18:58.639592618 +0100 +++ /var/tmp/diff_new_pack.HlpdxW/_new 2022-02-03 23:18:58.643592590 +0100 @@ -1,7 +1,7 @@ -Index: lighttpd-1.4.59/doc/systemd/lighttpd.service +Index: lighttpd-1.4.64/doc/systemd/lighttpd.service =================================================================== ---- lighttpd-1.4.59.orig/doc/systemd/lighttpd.service -+++ lighttpd-1.4.59/doc/systemd/lighttpd.service +--- lighttpd-1.4.64.orig/doc/systemd/lighttpd.service ++++ lighttpd-1.4.64/doc/systemd/lighttpd.service @@ -3,6 +3,19 @@ Description=Lighttpd Daemon After=network-online.target @@ -9,7 +9,7 @@ +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full -+ProtectHome=true ++ProtectHome=read-only +PrivateDevices=true +ProtectHostname=true +ProtectClock=true
