Dominique Leuenberger 2021-09-21 19:12:15 +00:00 committed by Git OBS Bridge
commit 5cbfc67189
11 changed files with 150 additions and 4 deletions

Binary file not shown.

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:86d1580facdd49f2e0e6b027e26b1e6c48af538762dc40aeed2a87153c1f11b7
size 7024896

BIN
e2fsprogs-1.46.4.tar.sign Normal file

Binary file not shown.

3
e2fsprogs-1.46.4.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b11042533c1b1dcf17512f0da48e05b0c573dada1dd8b762864d10f4dc399713
size 7035200

View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Wed Sep 15 09:16:54 UTC 2021 - Jan Kara <jack@suse.cz>
- Update to 1.46.4:
* Default to 256-byte inodes for all filesystems, not only larger ones
* Bigalloc is considered supported now for small cluster sizes
* E2fsck and e2image fixes for quota feature
* Fix mke2fs creation of filesystem into non-existent file
- libss-add-newer-libreadline.so.8-to-dlopen-path.patch: libss: add newer
libreadline.so.8 to dlopen path (bsc#1189453)
-------------------------------------------------------------------
Tue Sep 14 07:03:07 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_e2scrub@.service.patch
* harden_e2scrub_all.service.patch
* harden_e2scrub_fail@.service.patch
* harden_e2scrub_reap.service.patch
-------------------------------------------------------------------
Mon Aug 2 20:47:09 UTC 2021 - Jan Kara <jack@suse.cz>

View File

@ -66,7 +66,7 @@ Conflicts: libcom_err2-mini
Conflicts: libcom_err-mini-devel
%endif
#
Version: 1.46.3
Version: 1.46.4
Release: 0
Summary: Utilities for the Second Extended File System
License: GPL-2.0-only
@ -89,6 +89,11 @@ Source5: https://thunk.org/tytso/tytso-key.asc#/%{name}.keyring
Patch3: libcom_err-compile_et_permissions.patch
Patch4: e2fsprogs-1.42-implicit_fortify_decl.patch
Patch5: e2fsprogs-1.42-ext2fsh_implicit.patch
Patch6: harden_e2scrub@.service.patch
Patch7: harden_e2scrub_all.service.patch
Patch8: harden_e2scrub_fail@.service.patch
Patch9: harden_e2scrub_reap.service.patch
Patch10: libss-add-newer-libreadline.so.8-to-dlopen-path.patch
# Do not suppress make commands
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -253,6 +258,11 @@ Development files for the com_err error message display library. Static librarie
%patch4
%patch5
cp %{SOURCE2} .
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%build
%global _lto_cflags %{_lto_cflags} -ffat-lto-objects

View File

@ -0,0 +1,20 @@
Index: e2fsprogs-1.46.4/scrub/e2scrub@.service.in
===================================================================
--- e2fsprogs-1.46.4.orig/scrub/e2scrub@.service.in
+++ e2fsprogs-1.46.4/scrub/e2scrub@.service.in
@@ -10,6 +10,15 @@ PrivateNetwork=true
ProtectSystem=true
ProtectHome=read-only
PrivateTmp=yes
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
AmbientCapabilities=CAP_SYS_ADMIN CAP_SYS_RAWIO
NoNewPrivileges=yes
User=root

View File

@ -0,0 +1,23 @@
Index: e2fsprogs-1.46.3/scrub/e2scrub_all.service.in
===================================================================
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_all.service.in
+++ e2fsprogs-1.46.3/scrub/e2scrub_all.service.in
@@ -6,6 +6,18 @@ ConditionCapability=CAP_SYS_RAWIO
Documentation=man:e2scrub_all(8)
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=oneshot
Environment=SERVICE_MODE=1
ExecStart=@root_sbindir@/e2scrub_all

View File

@ -0,0 +1,23 @@
Index: e2fsprogs-1.46.3/scrub/e2scrub_fail@.service.in
===================================================================
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_fail@.service.in
+++ e2fsprogs-1.46.3/scrub/e2scrub_fail@.service.in
@@ -3,6 +3,18 @@ Description=Online ext4 Metadata Check F
Documentation=man:e2scrub(8)
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=oneshot
ExecStart=@pkglibdir@/e2scrub_fail "%I"
User=mail

View File

@ -0,0 +1,21 @@
Index: e2fsprogs-1.46.3/scrub/e2scrub_reap.service.in
===================================================================
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_reap.service.in
+++ e2fsprogs-1.46.3/scrub/e2scrub_reap.service.in
@@ -11,6 +11,16 @@ PrivateNetwork=true
ProtectSystem=true
ProtectHome=read-only
PrivateTmp=yes
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
AmbientCapabilities=CAP_SYS_ADMIN CAP_SYS_RAWIO
NoNewPrivileges=yes
User=root

View File

@ -0,0 +1,29 @@
From 0a60ee129b9137a9a5cd49c4dd15247830a7f319 Mon Sep 17 00:00:00 2001
From: Jan Kara <jack@suse.cz>
Date: Fri, 20 Aug 2021 18:12:04 +0200
Subject: [PATCH] libss: add newer libreadline.so.8 to dlopen path
OpenSUSE Tumbleweed now has libreadline.so.8. Add it to the list of libs
to look for.
Signed-off-by: Jan Kara <jack@suse.cz>
---
lib/ss/get_readline.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/ss/get_readline.c b/lib/ss/get_readline.c
index 11c72b3387d1..aa1615747934 100644
--- a/lib/ss/get_readline.c
+++ b/lib/ss/get_readline.c
@@ -37,7 +37,7 @@ static void ss_release_readline(ss_data *info)
#endif
/* Libraries we will try to use for readline/editline functionality */
-#define DEFAULT_LIBPATH "libreadline.so.7:libreadline.so.6:libreadline.so.5:libreadline.so.4:libreadline.so:libedit.so.2:libedit.so:libeditline.so.0:libeditline.so"
+#define DEFAULT_LIBPATH "libreadline.so.8:libreadline.so.7:libreadline.so.6:libreadline.so.5:libreadline.so.4:libreadline.so:libedit.so.2:libedit.so:libeditline.so.0:libeditline.so"
#ifdef HAVE_DLOPEN
void ss_get_readline(int sci_idx)
--
2.26.2