From c791b32bc93ed9734276ef4d3c3fd919e98e51ab9ab75a84ff331ca604c4199c Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Wed, 22 Dec 2021 14:26:08 +0000 Subject: [PATCH] - Adjust harden_squid.service.patch to resolve boo#1193938 OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=244 --- harden_squid.service.patch | 11 +++++------ squid.changes | 5 +++++ squid.spec | 6 ++---- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/harden_squid.service.patch b/harden_squid.service.patch index 69b25e3..8ef276e 100644 --- a/harden_squid.service.patch +++ b/harden_squid.service.patch @@ -1,15 +1,14 @@ -Index: squid-5.2/tools/systemd/squid.service +Index: squid-5.3/tools/systemd/squid.service =================================================================== ---- squid-5.2.orig/tools/systemd/squid.service -+++ squid-5.2/tools/systemd/squid.service -@@ -11,6 +11,19 @@ Documentation=man:squid(8) +--- squid-5.3.orig/tools/systemd/squid.service ++++ squid-5.3/tools/systemd/squid.service +@@ -11,6 +11,18 @@ Documentation=man:squid(8) After=network.target network-online.target nss-lookup.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full -+ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true @@ -18,7 +17,7 @@ Index: squid-5.2/tools/systemd/squid.service +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true -+# end of automatic additions ++# end of automatic additions Type=notify PIDFile=/var/run/squid.pid ExecStartPre=/usr/sbin/squid --foreground -z diff --git a/squid.changes b/squid.changes index 3a7e122..27c7f94 100644 --- a/squid.changes +++ b/squid.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Dec 22 14:03:32 UTC 2021 - Martin Pluskal + +- Adjust harden_squid.service.patch to resolve boo#1193938 + ------------------------------------------------------------------- Sat Dec 11 09:36:41 UTC 2021 - Dirk Müller diff --git a/squid.spec b/squid.spec index f800d64..b7556fb 100644 --- a/squid.spec +++ b/squid.spec @@ -69,15 +69,14 @@ BuildRequires: pkgconfig(tdb) Requires(pre): permissions Recommends: logrotate Provides: http_proxy -%if 0%{suse_version} <= 1500 +%{?systemd_ordering} +%if 0%{?suse_version} <= 1500 # due to package rename # Wed Aug 15 17:40:30 UTC 2012 # remove this after SLE15 Provides: %{name}3 = %{version} Obsoletes: %{name}3 < %{version} %endif - -%{?systemd_ordering} %if 0%{?suse_version} >= 1500 BuildRequires: sysuser-shadow BuildRequires: sysuser-tools @@ -236,7 +235,6 @@ make check %{?_smp_mflags} %if 0%{?suse_version} >= 1500 %pre -f squid.pre %else - %pre # we need this group for /usr/sbin/pinger getent group %{name} >/dev/null || %{_sbindir}/groupadd -g 31 -r %{name}