diff --git a/harden_spice-vdagentd.service.patch b/harden_spice-vdagentd.service.patch new file mode 100644 index 0000000..596cbf8 --- /dev/null +++ b/harden_spice-vdagentd.service.patch @@ -0,0 +1,22 @@ +Index: spice-vdagent-0.21.0/data/spice-vdagentd.service +=================================================================== +--- spice-vdagent-0.21.0.orig/data/spice-vdagentd.service ++++ spice-vdagent-0.21.0/data/spice-vdagentd.service +@@ -9,6 +9,17 @@ EnvironmentFile=-/etc/sysconfig/spice-vd + ExecStart=/usr/sbin/spice-vdagentd $SPICE_VDAGENTD_EXTRA_ARGS + PIDFile=/run/spice-vdagentd/spice-vdagentd.pid + PrivateTmp=true ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++ProtectHome=true ++ProtectHostname=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectKernelLogs=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + Restart=on-failure + + [Install] diff --git a/spice-vdagent-0.21.0.tar.bz2 b/spice-vdagent-0.21.0.tar.bz2 deleted file mode 100644 index 5bae9bb..0000000 --- a/spice-vdagent-0.21.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fd575fd23c54fa5a7ff5d66069638510a669c332c5f86082cfb39a7d03a31259 -size 164103 diff --git a/spice-vdagent-0.21.0.tar.bz2.sig b/spice-vdagent-0.21.0.tar.bz2.sig deleted file mode 100644 index 4389f58..0000000 Binary files a/spice-vdagent-0.21.0.tar.bz2.sig and /dev/null differ diff --git a/spice-vdagent-0.22.1.tar.bz2 b/spice-vdagent-0.22.1.tar.bz2 new file mode 100644 index 0000000..f829326 --- /dev/null +++ b/spice-vdagent-0.22.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:93b0d15aca4762cc7d379b179a7101149dbaed62b72112fffb2b3e90b11687a0 +size 165560 diff --git a/spice-vdagent.changes b/spice-vdagent.changes index a663153..db0daf7 100644 --- a/spice-vdagent.changes +++ b/spice-vdagent.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Fri Feb 11 11:25:16 MST 2022 - carnold@suse.com + +- Update to version 0.22.1. Features and Issues addressed: + * !40 - Handle side mouse buttons + * !39 - Set retry limit to connect to vdagentd and improve logging error + * !35 - Fix deprecation warning + * !37 - Provide systemd spice-vdagent.service + Do not process X11 events in vdagent_x11_create + Drop upstream signature file as having "No public key" + +------------------------------------------------------------------- +Thu Dec 16 16:05:34 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_spice-vdagentd.service.patch + ------------------------------------------------------------------- Fri Jan 15 16:51:11 UTC 2021 - Bruce Rogers diff --git a/spice-vdagent.spec b/spice-vdagent.spec index 4f30d8e..cdc76b3 100644 --- a/spice-vdagent.spec +++ b/spice-vdagent.spec @@ -1,7 +1,7 @@ # # spec file for package spice-vdagent # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # Copyright (c) 2014 B1 Systems GmbH, Vohburg, Germany. # # All modifications and additions to the file contributed by third parties @@ -21,15 +21,15 @@ %bcond_with session_info_test Name: spice-vdagent -Version: 0.21.0 +Version: 0.22.1 Release: 0 Summary: Agent for Spice guests License: GPL-3.0-or-later Group: System/Daemons URL: http://spice-space.org/ Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2 -Source1: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2.sig Source2: %{name}.keyring +Patch0: harden_spice-vdagentd.service.patch BuildRequires: alsa-devel >= 1.0.22 BuildRequires: desktop-file-utils @@ -65,6 +65,7 @@ Features: %prep %setup -q +%patch0 -p1 %build autoreconf @@ -116,6 +117,7 @@ fi %{_udevrulesdir}/70-spice-vdagentd.rules %{_unitdir}/spice-vdagentd.service %{_unitdir}/spice-vdagentd.socket +%{_prefix}/lib/systemd/user/spice-vdagent.service %{_tmpfilesdir}/spice-vdagentd.conf %{_bindir}/spice-vdagent %{_sbindir}/spice-vdagentd