Accepting request 919835 from filesystems
OBS-URL: https://build.opensuse.org/request/show/919835 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/e2fsprogs?expand=0&rev=121
This commit is contained in:
commit
5cbfc67189
Binary file not shown.
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:86d1580facdd49f2e0e6b027e26b1e6c48af538762dc40aeed2a87153c1f11b7
|
||||
size 7024896
|
BIN
e2fsprogs-1.46.4.tar.sign
Normal file
BIN
e2fsprogs-1.46.4.tar.sign
Normal file
Binary file not shown.
3
e2fsprogs-1.46.4.tar.xz
Normal file
3
e2fsprogs-1.46.4.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:b11042533c1b1dcf17512f0da48e05b0c573dada1dd8b762864d10f4dc399713
|
||||
size 7035200
|
@ -1,3 +1,23 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 15 09:16:54 UTC 2021 - Jan Kara <jack@suse.cz>
|
||||
|
||||
- Update to 1.46.4:
|
||||
* Default to 256-byte inodes for all filesystems, not only larger ones
|
||||
* Bigalloc is considered supported now for small cluster sizes
|
||||
* E2fsck and e2image fixes for quota feature
|
||||
* Fix mke2fs creation of filesystem into non-existent file
|
||||
- libss-add-newer-libreadline.so.8-to-dlopen-path.patch: libss: add newer
|
||||
libreadline.so.8 to dlopen path (bsc#1189453)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 14 07:03:07 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
|
||||
* harden_e2scrub@.service.patch
|
||||
* harden_e2scrub_all.service.patch
|
||||
* harden_e2scrub_fail@.service.patch
|
||||
* harden_e2scrub_reap.service.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 2 20:47:09 UTC 2021 - Jan Kara <jack@suse.cz>
|
||||
|
||||
|
@ -66,7 +66,7 @@ Conflicts: libcom_err2-mini
|
||||
Conflicts: libcom_err-mini-devel
|
||||
%endif
|
||||
#
|
||||
Version: 1.46.3
|
||||
Version: 1.46.4
|
||||
Release: 0
|
||||
Summary: Utilities for the Second Extended File System
|
||||
License: GPL-2.0-only
|
||||
@ -89,6 +89,11 @@ Source5: https://thunk.org/tytso/tytso-key.asc#/%{name}.keyring
|
||||
Patch3: libcom_err-compile_et_permissions.patch
|
||||
Patch4: e2fsprogs-1.42-implicit_fortify_decl.patch
|
||||
Patch5: e2fsprogs-1.42-ext2fsh_implicit.patch
|
||||
Patch6: harden_e2scrub@.service.patch
|
||||
Patch7: harden_e2scrub_all.service.patch
|
||||
Patch8: harden_e2scrub_fail@.service.patch
|
||||
Patch9: harden_e2scrub_reap.service.patch
|
||||
Patch10: libss-add-newer-libreadline.so.8-to-dlopen-path.patch
|
||||
# Do not suppress make commands
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
@ -253,6 +258,11 @@ Development files for the com_err error message display library. Static librarie
|
||||
%patch4
|
||||
%patch5
|
||||
cp %{SOURCE2} .
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
|
||||
%build
|
||||
%global _lto_cflags %{_lto_cflags} -ffat-lto-objects
|
||||
|
20
harden_e2scrub@.service.patch
Normal file
20
harden_e2scrub@.service.patch
Normal file
@ -0,0 +1,20 @@
|
||||
Index: e2fsprogs-1.46.4/scrub/e2scrub@.service.in
|
||||
===================================================================
|
||||
--- e2fsprogs-1.46.4.orig/scrub/e2scrub@.service.in
|
||||
+++ e2fsprogs-1.46.4/scrub/e2scrub@.service.in
|
||||
@@ -10,6 +10,15 @@ PrivateNetwork=true
|
||||
ProtectSystem=true
|
||||
ProtectHome=read-only
|
||||
PrivateTmp=yes
|
||||
+# added automatically, for details please see
|
||||
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||
+ProtectHostname=true
|
||||
+ProtectClock=true
|
||||
+ProtectKernelTunables=true
|
||||
+ProtectKernelLogs=true
|
||||
+ProtectControlGroups=true
|
||||
+RestrictRealtime=true
|
||||
+# end of automatic additions
|
||||
AmbientCapabilities=CAP_SYS_ADMIN CAP_SYS_RAWIO
|
||||
NoNewPrivileges=yes
|
||||
User=root
|
23
harden_e2scrub_all.service.patch
Normal file
23
harden_e2scrub_all.service.patch
Normal file
@ -0,0 +1,23 @@
|
||||
Index: e2fsprogs-1.46.3/scrub/e2scrub_all.service.in
|
||||
===================================================================
|
||||
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_all.service.in
|
||||
+++ e2fsprogs-1.46.3/scrub/e2scrub_all.service.in
|
||||
@@ -6,6 +6,18 @@ ConditionCapability=CAP_SYS_RAWIO
|
||||
Documentation=man:e2scrub_all(8)
|
||||
|
||||
[Service]
|
||||
+# added automatically, for details please see
|
||||
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||
+ProtectSystem=full
|
||||
+ProtectHome=true
|
||||
+ProtectHostname=true
|
||||
+ProtectClock=true
|
||||
+ProtectKernelTunables=true
|
||||
+ProtectKernelModules=true
|
||||
+ProtectKernelLogs=true
|
||||
+ProtectControlGroups=true
|
||||
+RestrictRealtime=true
|
||||
+# end of automatic additions
|
||||
Type=oneshot
|
||||
Environment=SERVICE_MODE=1
|
||||
ExecStart=@root_sbindir@/e2scrub_all
|
23
harden_e2scrub_fail@.service.patch
Normal file
23
harden_e2scrub_fail@.service.patch
Normal file
@ -0,0 +1,23 @@
|
||||
Index: e2fsprogs-1.46.3/scrub/e2scrub_fail@.service.in
|
||||
===================================================================
|
||||
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_fail@.service.in
|
||||
+++ e2fsprogs-1.46.3/scrub/e2scrub_fail@.service.in
|
||||
@@ -3,6 +3,18 @@ Description=Online ext4 Metadata Check F
|
||||
Documentation=man:e2scrub(8)
|
||||
|
||||
[Service]
|
||||
+# added automatically, for details please see
|
||||
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||
+ProtectSystem=full
|
||||
+ProtectHome=true
|
||||
+ProtectHostname=true
|
||||
+ProtectClock=true
|
||||
+ProtectKernelTunables=true
|
||||
+ProtectKernelModules=true
|
||||
+ProtectKernelLogs=true
|
||||
+ProtectControlGroups=true
|
||||
+RestrictRealtime=true
|
||||
+# end of automatic additions
|
||||
Type=oneshot
|
||||
ExecStart=@pkglibdir@/e2scrub_fail "%I"
|
||||
User=mail
|
21
harden_e2scrub_reap.service.patch
Normal file
21
harden_e2scrub_reap.service.patch
Normal file
@ -0,0 +1,21 @@
|
||||
Index: e2fsprogs-1.46.3/scrub/e2scrub_reap.service.in
|
||||
===================================================================
|
||||
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_reap.service.in
|
||||
+++ e2fsprogs-1.46.3/scrub/e2scrub_reap.service.in
|
||||
@@ -11,6 +11,16 @@ PrivateNetwork=true
|
||||
ProtectSystem=true
|
||||
ProtectHome=read-only
|
||||
PrivateTmp=yes
|
||||
+# added automatically, for details please see
|
||||
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||
+ProtectHostname=true
|
||||
+ProtectClock=true
|
||||
+ProtectKernelTunables=true
|
||||
+ProtectKernelModules=true
|
||||
+ProtectKernelLogs=true
|
||||
+ProtectControlGroups=true
|
||||
+RestrictRealtime=true
|
||||
+# end of automatic additions
|
||||
AmbientCapabilities=CAP_SYS_ADMIN CAP_SYS_RAWIO
|
||||
NoNewPrivileges=yes
|
||||
User=root
|
29
libss-add-newer-libreadline.so.8-to-dlopen-path.patch
Normal file
29
libss-add-newer-libreadline.so.8-to-dlopen-path.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From 0a60ee129b9137a9a5cd49c4dd15247830a7f319 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Kara <jack@suse.cz>
|
||||
Date: Fri, 20 Aug 2021 18:12:04 +0200
|
||||
Subject: [PATCH] libss: add newer libreadline.so.8 to dlopen path
|
||||
|
||||
OpenSUSE Tumbleweed now has libreadline.so.8. Add it to the list of libs
|
||||
to look for.
|
||||
|
||||
Signed-off-by: Jan Kara <jack@suse.cz>
|
||||
---
|
||||
lib/ss/get_readline.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/ss/get_readline.c b/lib/ss/get_readline.c
|
||||
index 11c72b3387d1..aa1615747934 100644
|
||||
--- a/lib/ss/get_readline.c
|
||||
+++ b/lib/ss/get_readline.c
|
||||
@@ -37,7 +37,7 @@ static void ss_release_readline(ss_data *info)
|
||||
#endif
|
||||
|
||||
/* Libraries we will try to use for readline/editline functionality */
|
||||
-#define DEFAULT_LIBPATH "libreadline.so.7:libreadline.so.6:libreadline.so.5:libreadline.so.4:libreadline.so:libedit.so.2:libedit.so:libeditline.so.0:libeditline.so"
|
||||
+#define DEFAULT_LIBPATH "libreadline.so.8:libreadline.so.7:libreadline.so.6:libreadline.so.5:libreadline.so.4:libreadline.so:libedit.so.2:libedit.so:libeditline.so.0:libeditline.so"
|
||||
|
||||
#ifdef HAVE_DLOPEN
|
||||
void ss_get_readline(int sci_idx)
|
||||
--
|
||||
2.26.2
|
||||
|
Loading…
Reference in New Issue
Block a user