Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lirc for openSUSE:Factory checked in at 2023-05-23 14:53:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lirc (Old) and /work/SRC/openSUSE:Factory/.lirc.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lirc" Tue May 23 14:53:19 2023 rev:77 rq:1088316 version:0.10.1 Changes: -------- --- /work/SRC/openSUSE:Factory/lirc/lirc.changes 2022-10-04 20:37:01.644856737 +0200 +++ /work/SRC/openSUSE:Factory/.lirc.new.1533/lirc.changes 2023-05-23 14:53:29.470109594 +0200 @@ -1,0 +2,6 @@ +Wed May 3 14:13:16 UTC 2023 - Johannes Segitz <jseg...@suse.com> + +- Remove ProtectClock hardening. This causes more pain then it + helps (bsc#1200577) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lirc.spec ++++++ --- /var/tmp/diff_new_pack.nqfWLn/_old 2023-05-23 14:53:30.118113428 +0200 +++ /var/tmp/diff_new_pack.nqfWLn/_new 2023-05-23 14:53:30.122113452 +0200 @@ -1,7 +1,7 @@ # # spec file for package lirc # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ harden_irexec.service.patch ++++++ --- /var/tmp/diff_new_pack.nqfWLn/_old 2023-05-23 14:53:30.158113666 +0200 +++ /var/tmp/diff_new_pack.nqfWLn/_new 2023-05-23 14:53:30.162113689 +0200 @@ -2,14 +2,13 @@ =================================================================== --- lirc-0.10.1.orig/systemd/irexec.service +++ lirc-0.10.1/systemd/irexec.service -@@ -5,6 +5,16 @@ Documentation=http://lirc.org/html/confi +@@ -5,6 +5,15 @@ Documentation=http://lirc.org/html/confi Description=Handle events from IR remotes decoded by lircd(8) [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true ++++++ harden_lircd-uinput.service.patch ++++++ --- /var/tmp/diff_new_pack.nqfWLn/_old 2023-05-23 14:53:30.178113784 +0200 +++ /var/tmp/diff_new_pack.nqfWLn/_new 2023-05-23 14:53:30.182113807 +0200 @@ -2,14 +2,13 @@ =================================================================== --- lirc-0.10.1.orig/systemd/lircd-uinput.service +++ lirc-0.10.1/systemd/lircd-uinput.service -@@ -5,6 +5,16 @@ Documentation=http://lirc.org/html/confi +@@ -5,6 +5,15 @@ Documentation=http://lirc.org/html/confi Description=Forward LIRC button presses as uinput events [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true ++++++ harden_lircd.service.patch ++++++ --- /var/tmp/diff_new_pack.nqfWLn/_old 2023-05-23 14:53:30.194113878 +0200 +++ /var/tmp/diff_new_pack.nqfWLn/_new 2023-05-23 14:53:30.198113902 +0200 @@ -1,13 +1,14 @@ ---- lirc-0.10.1.orig/systemd/lircd.service 2021-11-13 20:42:43.204519438 +0100 -+++ lirc-0.10.1/systemd/lircd.service 2021-11-13 20:47:54.182189779 +0100 -@@ -6,6 +6,20 @@ Wants=lircd-setup.service +Index: lirc-0.10.1/systemd/lircd.service +=================================================================== +--- lirc-0.10.1.orig/systemd/lircd.service ++++ lirc-0.10.1/systemd/lircd.service +@@ -6,6 +6,16 @@ Wants=lircd-setup.service After=network.target lircd-setup.service [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true @@ -15,9 +16,6 @@ +RestrictRealtime=true +# end of automatic additions +# -+# ProtectClock=true from above blocks all device accesses, allow input device access again -+DeviceAllow=char-input -+# Type=simple ExecStart=/usr/sbin/lircd --nodaemon ; User=lirc ++++++ harden_lircmd.service.patch ++++++ --- /var/tmp/diff_new_pack.nqfWLn/_old 2023-05-23 14:53:30.210113973 +0200 +++ /var/tmp/diff_new_pack.nqfWLn/_new 2023-05-23 14:53:30.214113997 +0200 @@ -2,14 +2,13 @@ =================================================================== --- lirc-0.10.1.orig/systemd/lircmd.service +++ lirc-0.10.1/systemd/lircmd.service -@@ -5,6 +5,16 @@ Documentation=http://lirc.org/html/confi +@@ -5,6 +5,15 @@ Documentation=http://lirc.org/html/confi Description=Convert IR remotes button presses to mouse movements and clicks [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true
