Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package quagga for openSUSE:Factory checked in at 2022-06-30 13:18:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/quagga (Old)
and /work/SRC/openSUSE:Factory/.quagga.new.1548 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "quagga"
Thu Jun 30 13:18:24 2022 rev:56 rq:985928 version:1.2.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/quagga/quagga.changes 2019-04-26 22:55:33.145272517 +0200
+++ /work/SRC/openSUSE:Factory/.quagga.new.1548/quagga.changes 2022-06-30 13:18:30.837540204 +0200
@@ -1,0 +2,25 @@
+Wed Jun 29 09:31:14 UTC 2022 - Stefan Schubert
+
+- Moved logrotate files from user specific directory /etc/logrotate.d
+ to vendor specific directory /usr/etc/logrotate.d.
+
+-------------------------------------------------------------------
+Thu Oct 21 07:17:41 UTC 2021 - Johannes Segitz
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+ * harden_bgpd.service.patch
+ * harden_isisd.service.patch
+ * harden_ospf6d.service.patch
+ * harden_ospfd.service.patch
+ * harden_ripd.service.patch
+ * harden_ripngd.service.patch
+ * harden_zebra.service.patch
+
+-------------------------------------------------------------------
+Fri Apr 9 20:02:44 UTC 2021 - Cristian Rodr��guez
+
+- Avoid using libpcre-posix, which is intended for systems without
+ a working regex.h, symbols clash with libc and undefined behaviour
+ may ensue.
+
+-------------------------------------------------------------------
New:
----
harden_bgpd.service.patch
harden_isisd.service.patch
harden_ospf6d.service.patch
harden_ospfd.service.patch
harden_ripd.service.patch
harden_ripngd.service.patch
harden_zebra.service.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ quagga.spec ++++++
--- /var/tmp/diff_new_pack.7feF1g/_old 2022-06-30 13:18:31.621540792 +0200
+++ /var/tmp/diff_new_pack.7feF1g/_new 2022-06-30 13:18:31.625540795 +0200
@@ -1,7 +1,7 @@
#
# spec file for package quagga
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -30,7 +30,6 @@
%bcond_without irdp
%bcond_with isis
%bcond_with isis_topology
-%bcond_without pcre
%if %{defined _rundir}
%define quagga_statedir %{_rundir}/%{name}
%else
@@ -42,7 +41,7 @@
Summary: Routing Software for BGP, OSPF and RIP
License: LGPL-2.1-or-later
Group: Productivity/Networking/Routing
-Url: http://www.quagga.net
+URL: http://www.quagga.net
Source: http://download.savannah.gnu.org/releases/quagga/%{name}-%{version}.tar.gz
Source1: %{name}-SUSE.tar.bz2
Source2: %{name}.pam
@@ -57,6 +56,13 @@
Patch1: %{name}-add-ospf6_main-return-value.patch
Patch2: %{name}-add-table_test-return-value.patch
Patch3: 0001-systemd-change-the-WantedBy-target.patch
+Patch4: harden_bgpd.service.patch
+Patch5: harden_isisd.service.patch
+Patch6: harden_ospf6d.service.patch
+Patch7: harden_ospfd.service.patch
+Patch8: harden_ripd.service.patch
+Patch9: harden_ripngd.service.patch
+Patch10: harden_zebra.service.patch
BuildRequires: autoconf >= 2.6
BuildRequires: automake >= 1.6
BuildRequires: c-ares-devel
@@ -73,9 +79,6 @@
Provides: zebra = %{version}
Obsoletes: zebra < %{version}
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-%if %{with pcre}
-BuildRequires: pcre-devel
-%endif
%if 0%{?suse_version} > 1220
BuildRequires: makeinfo
%endif
@@ -149,6 +152,13 @@
%patch1 -p 1
%patch2 -p 1
%patch3 -p 1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
%build
export CFLAGS="%{optflags} -fno-strict-aliasing"
@@ -171,9 +181,7 @@
%if %{with irdp}
--enable-irdp \
%endif
- %if %{with pcre}
- --enable-pcreposix \
- %endif
+ --disable-pcreposix \
--sysconfdir=%{_sysconfdir}/quagga \
--localstatedir=%{quagga_statedir} \
--enable-multipath=0
@@ -183,7 +191,12 @@
rm -r doc/quagga.info
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
-install -d %{buildroot}%{_sysconfdir}/{init.d,quagga,pam.d,logrotate.d}
+install -d %{buildroot}%{_sysconfdir}/{init.d,quagga,pam.d}
+%if 0%{?suse_version} > 1500
+install -d %{buildroot}%{_distconfdir}/logrotate.d
+%else
+install -d %{buildroot}%{_sysconfdir}/logrotate.d
+%endif
%if %{with systemd}
install -d %{buildroot}%{_unitdir}
install -p -m 0644 redhat/zebra.service %{buildroot}%{_unitdir}/zebra.service
@@ -218,7 +231,11 @@
install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/quagga
install -d -m 0750 %{buildroot}%{_localstatedir}/log/quagga
install -d -m 0751 %{buildroot}%{quagga_statedir}
+%if 0%{?suse_version} > 1500
+install -m 0644 %{SOURCE7} %{buildroot}%{_distconfdir}/logrotate.d/quagga
+%else
install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/quagga
+%endif
rm -f %{buildroot}%{_sysconfdir}/quagga/*.sample*
cat > %{buildroot}%{_sysconfdir}/quagga/zebra.conf << __EOF__
!hostname quagga
@@ -287,7 +304,11 @@
%{_sbindir}/*
%dir %attr(750,quagga,quagga) %{_sysconfdir}/quagga/
%config(noreplace) %attr(640,quagga,quagga) %{_sysconfdir}/%{name}/*.conf
+%if 0%{?suse_version} > 1500
+%{_distconfdir}/logrotate.d/*
+%else
%config(noreplace) %{_sysconfdir}/logrotate.d/*
+%endif
%{_fillupdir}/sysconfig.quagga
%if %{with systemd}
%{_unitdir}/*.service
++++++ harden_bgpd.service.patch ++++++
Index: quagga-1.2.4/redhat/bgpd.service
===================================================================
--- quagga-1.2.4.orig/redhat/bgpd.service
+++ quagga-1.2.4/redhat/bgpd.service
@@ -8,6 +8,17 @@ ConditionPathExists=/etc/quagga/bgpd.con
Documentation=man:bgpd
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/run/quagga/bgpd.pid
EnvironmentFile=/etc/sysconfig/quagga
++++++ harden_isisd.service.patch ++++++
Index: quagga-1.2.4/redhat/isisd.service
===================================================================
--- quagga-1.2.4.orig/redhat/isisd.service
+++ quagga-1.2.4/redhat/isisd.service
@@ -8,6 +8,17 @@ ConditionPathExists=/etc/quagga/isisd.co
Documentation=man:isisd
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/run/quagga/isisd.pid
EnvironmentFile=/etc/sysconfig/quagga
++++++ harden_ospf6d.service.patch ++++++
Index: quagga-1.2.4/redhat/ospf6d.service
===================================================================
--- quagga-1.2.4.orig/redhat/ospf6d.service
+++ quagga-1.2.4/redhat/ospf6d.service
@@ -8,6 +8,17 @@ ConditionPathExists=/etc/quagga/ospf6d.c
Documentation=man:ospf6d
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/run/quagga/ospf6d.pid
EnvironmentFile=/etc/sysconfig/quagga
++++++ harden_ospfd.service.patch ++++++
Index: quagga-1.2.4/redhat/ospfd.service
===================================================================
--- quagga-1.2.4.orig/redhat/ospfd.service
+++ quagga-1.2.4/redhat/ospfd.service
@@ -8,6 +8,17 @@ ConditionPathExists=/etc/quagga/ospfd.co
Documentation=man:ospfd
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/run/quagga/ospfd.pid
EnvironmentFile=/etc/sysconfig/quagga
++++++ harden_ripd.service.patch ++++++
Index: quagga-1.2.4/redhat/ripd.service
===================================================================
--- quagga-1.2.4.orig/redhat/ripd.service
+++ quagga-1.2.4/redhat/ripd.service
@@ -8,6 +8,17 @@ ConditionPathExists=/etc/quagga/ripd.con
Documentation=man:ripd
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/run/quagga/ripd.pid
EnvironmentFile=/etc/sysconfig/quagga
++++++ harden_ripngd.service.patch ++++++
Index: quagga-1.2.4/redhat/ripngd.service
===================================================================
--- quagga-1.2.4.orig/redhat/ripngd.service
+++ quagga-1.2.4/redhat/ripngd.service
@@ -8,6 +8,17 @@ ConditionPathExists=/etc/quagga/ripngd.c
Documentation=man:ripngd
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/run/quagga/zebra.pid
EnvironmentFile=/etc/sysconfig/quagga
++++++ harden_zebra.service.patch ++++++
Index: quagga-1.2.4/redhat/zebra.service
===================================================================
--- quagga-1.2.4.orig/redhat/zebra.service
+++ quagga-1.2.4/redhat/zebra.service
@@ -6,6 +6,17 @@ ConditionPathExists=/etc/quagga/zebra.co
Documentation=man:zebra
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/run/quagga/zebra.pid
EnvironmentFile=-/etc/sysconfig/quagga