commit Radicale for openSUSE:Factory

Mon, 23 Jan 2023 09:32:08 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package Radicale for openSUSE:Factory 
checked in at 2023-01-23 18:31:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/Radicale (Old)
 and      /work/SRC/openSUSE:Factory/.Radicale.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "Radicale"

Mon Jan 23 18:31:26 2023 rev:10 rq:1060254 version:3.1.8

Changes:
--------
--- /work/SRC/openSUSE:Factory/Radicale/Radicale.changes        2022-07-22 
19:21:30.988687860 +0200
+++ /work/SRC/openSUSE:Factory/.Radicale.new.32243/Radicale.changes     
2023-01-23 18:31:50.808018782 +0100
@@ -1,0 +2,5 @@
+Sun Jan 15 10:06:31 UTC 2023 - Ákos Szőts <szots...@gmail.com>
+
+- Security fortifications (provided by systemd)
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ Radicale.spec ++++++
--- /var/tmp/diff_new_pack.tovIEy/_old  2023-01-23 18:31:52.488029151 +0100
+++ /var/tmp/diff_new_pack.tovIEy/_new  2023-01-23 18:31:52.492029176 +0100
@@ -1,8 +1,8 @@
 #
 # spec file for package Radicale
 #
-# Copyright (c) 2022 SUSE LLC
-# Copyright (c) 2012-2022 Ákos Szőts <szots...@gmail.com>
+# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2012-2023 Ákos Szőts <szots...@gmail.com>
 # Copyright (c) 2011 Marcus Rueckert <da...@opensu.se>
 #
 # All modifications and additions to the file contributed by third parties

++++++ radicale.service ++++++
--- /var/tmp/diff_new_pack.tovIEy/_old  2023-01-23 18:31:52.540029472 +0100
+++ /var/tmp/diff_new_pack.tovIEy/_new  2023-01-23 18:31:52.544029497 +0100
@@ -14,16 +14,37 @@
 RestartSec=2
 # Deny other users access to the calendar data
 UMask=0027
+
 # Additional security settings
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+DevicePolicy=closed
+IPAccounting=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateIPC=true
 PrivateTmp=true
-ProtectSystem=strict
+PrivateUsers=true
+ProcSubset=pid
+ProtectClock=true
+ProtectControlGroups=true
 ProtectHome=true
-PrivateDevices=true
-ProtectKernelTunables=true
+ProtectHostname=true
+ProtectKernelLogs=true
 ProtectKernelModules=true
-ProtectControlGroups=true
-NoNewPrivileges=true
+ProtectKernelTunables=true
+ProtectProc=invisible
+ProtectSystem=strict
+ReadOnlyPaths=/
 ReadWritePaths=/var/lib/radicale/collections
+RemoveIPC=true
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
 
 [Install]
 WantedBy=multi-user.target

Reply via email to