- Adjust harden_squid.service.patch to resolve boo#1193938

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=244
This commit is contained in:
Martin Pluskal 2021-12-22 14:26:08 +00:00 committed by Git OBS Bridge
parent da562559a5
commit c791b32bc9
3 changed files with 12 additions and 10 deletions

View File

@ -1,15 +1,14 @@
Index: squid-5.2/tools/systemd/squid.service
Index: squid-5.3/tools/systemd/squid.service
===================================================================
--- squid-5.2.orig/tools/systemd/squid.service
+++ squid-5.2/tools/systemd/squid.service
@@ -11,6 +11,19 @@ Documentation=man:squid(8)
--- squid-5.3.orig/tools/systemd/squid.service
+++ squid-5.3/tools/systemd/squid.service
@@ -11,6 +11,18 @@ Documentation=man:squid(8)
After=network.target network-online.target nss-lookup.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Wed Dec 22 14:03:32 UTC 2021 - Martin Pluskal <mpluskal@suse.com>
- Adjust harden_squid.service.patch to resolve boo#1193938
-------------------------------------------------------------------
Sat Dec 11 09:36:41 UTC 2021 - Dirk Müller <dmueller@suse.com>

View File

@ -69,15 +69,14 @@ BuildRequires: pkgconfig(tdb)
Requires(pre): permissions
Recommends: logrotate
Provides: http_proxy
%if 0%{suse_version} <= 1500
%{?systemd_ordering}
%if 0%{?suse_version} <= 1500
# due to package rename
# Wed Aug 15 17:40:30 UTC 2012
# remove this after SLE15
Provides: %{name}3 = %{version}
Obsoletes: %{name}3 < %{version}
%endif
%{?systemd_ordering}
%if 0%{?suse_version} >= 1500
BuildRequires: sysuser-shadow
BuildRequires: sysuser-tools
@ -236,7 +235,6 @@ make check %{?_smp_mflags}
%if 0%{?suse_version} >= 1500
%pre -f squid.pre
%else
%pre
# we need this group for /usr/sbin/pinger
getent group %{name} >/dev/null || %{_sbindir}/groupadd -g 31 -r %{name}