Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package hostapd for openSUSE:Factory checked in at 2021-11-29 17:28:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hostapd (Old) and /work/SRC/openSUSE:Factory/.hostapd.new.31177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "hostapd" Mon Nov 29 17:28:28 2021 rev:45 rq:934178 version:2.9 Changes: -------- --- /work/SRC/openSUSE:Factory/hostapd/hostapd.changes 2021-11-22 23:07:09.305333866 +0100 +++ /work/SRC/openSUSE:Factory/.hostapd.new.31177/hostapd.changes 2021-12-02 02:14:23.506820505 +0100 @@ -1,0 +2,12 @@ +Fri Nov 26 20:52:19 UTC 2021 - Clemens Famulla-Conrad <cfamullaconrad@suse.com> + +- Fix AppArmor profile -- allow access to /etc/ssl/openssl.cnf + (bsc#1192959) + +------------------------------------------------------------------- +Fri Oct 15 07:29:27 UTC 2021 - Johannes Segitz <jsegitz@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * hostapd.service + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor-usr.sbin.hostapd ++++++ --- /var/tmp/diff_new_pack.mKF7PH/_old 2021-12-02 02:14:24.102818687 +0100 +++ /var/tmp/diff_new_pack.mKF7PH/_new 2021-12-02 02:14:24.102818687 +0100 @@ -17,7 +17,7 @@ # grant read access to config files /etc/hostapd.* r, - + /etc/ssl/openssl.cnf r, /etc/libnl/classid r, @{PROC}/sys/net/ipv*/conf/*/arp_accept w, ++++++ hostapd.service ++++++ --- /var/tmp/diff_new_pack.mKF7PH/_old 2021-12-02 02:14:24.150818541 +0100 +++ /var/tmp/diff_new_pack.mKF7PH/_new 2021-12-02 02:14:24.150818541 +0100 @@ -3,6 +3,17 @@ After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStart=/usr/sbin/hostapd /etc/hostapd.conf ExecReload=/bin/kill -HUP $MAINPID