Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package touchegg for openSUSE:Factory checked in at 2022-02-15 23:57:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/touchegg (Old) and /work/SRC/openSUSE:Factory/.touchegg.new.1956 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "touchegg" Tue Feb 15 23:57:51 2022 rev:6 rq:955107 version:2.0.10 Changes: -------- --- /work/SRC/openSUSE:Factory/touchegg/touchegg.changes 2021-06-14 23:11:46.216824696 +0200 +++ /work/SRC/openSUSE:Factory/.touchegg.new.1956/touchegg.changes 2022-02-15 23:58:19.632385966 +0100 @@ -1,0 +2,6 @@ +Thu Nov 25 08:35:23 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_touchegg.service.patch + +------------------------------------------------------------------- New: ---- harden_touchegg.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ touchegg.spec ++++++ --- /var/tmp/diff_new_pack.DL1Mtf/_old 2022-02-15 23:58:20.160387424 +0100 +++ /var/tmp/diff_new_pack.DL1Mtf/_new 2022-02-15 23:58:20.168387446 +0100 @@ -24,6 +24,7 @@ Group: Hardware/Other URL: https://github.com/JoseExposito/touchegg Source: https://github.com/JoseExposito/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz +Patch0: harden_touchegg.service.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: hicolor-icon-theme @@ -49,6 +50,7 @@ %prep %setup -q +%patch0 -p1 %build %cmake ++++++ harden_touchegg.service.patch ++++++ Index: touchegg-2.0.10/installation/touchegg.service.in =================================================================== --- touchegg-2.0.10.orig/installation/touchegg.service.in +++ touchegg-2.0.10/installation/touchegg.service.in @@ -3,6 +3,17 @@ Description=Touch??gg Daemon Documentation=https://github.com/JoseExposito/touchegg/tree/master/installation#readme [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=simple Group=input ExecStart=@CMAKE_INSTALL_FULL_BINDIR@/touchegg --daemon
