[arch-commits] Commit in matterbridge/trunk (PKGBUILD matterbridge.service)

Bruno Pagani archange at archlinux.org
Thu Apr 9 22:04:57 UTC 2020 

    Date: Thursday, April 9, 2020 @ 22:04:57
  Author: archange
Revision: 613057

upgpkg: matterbridge 1.17.2-1

Also enhance security of matterbridge.service

Modified:
  matterbridge/trunk/PKGBUILD
  matterbridge/trunk/matterbridge.service

----------------------+
 PKGBUILD             |    6 +++---
 matterbridge.service |   27 ++++++++++++++++++---------
 2 files changed, 21 insertions(+), 12 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-04-09 21:55:15 UTC (rev 613056)
+++ PKGBUILD	2020-04-09 22:04:57 UTC (rev 613057)
@@ -1,7 +1,7 @@
 # Maintainer: Bruno Pagani <archange at archlinux.org>
 
 pkgname=matterbridge
-pkgver=1.17.1
+pkgver=1.17.2
 pkgrel=1
 pkgdesc="Multi-protocols (IRC/XMPP/Mattermost/Slack/Matrix/etc) bridge"
 arch=(x86_64)
@@ -13,9 +13,9 @@
 source=(${pkgname}-${pkgver}.tar.gz::"${url}/archive/v${pkgver}.tar.gz"
         ${pkgname}-${pkgver}.tar.gz.asc::"${url}/releases/download/v${pkgver}/v${pkgver}.tar.gz.asc"
         matterbridge.service)
-sha256sums=('66c70c51e30ec5a6f21ffa084d86a3ade3575f82a1e33dc5ef167fba57d0c075'
+sha256sums=('5580fadac3c5ded1c458ab12e93483338b0b076c868b0ceea9786112bca3621e'
             'SKIP'
-            '89e52388054d3c83199ccbfe8f2dc02a6ae02ec1a2d024460b11464324a1fb9b')
+            '2b2953aab3dd943750e2095497d733949963d994d826548e3d046ec4975b68df')
 validpgpkeys=(CC7D978417C1AEA1E4CDD7240E41AB4BF4C610B4) # wim <wim at 42.be>
 
 prepare() {

Modified: matterbridge.service
===================================================================
--- matterbridge.service	2020-04-09 21:55:15 UTC (rev 613056)
+++ matterbridge.service	2020-04-09 22:04:57 UTC (rev 613057)
@@ -8,20 +8,29 @@
 ExecStart=/usr/bin/matterbridge -conf /etc/matterbridge.toml
 Type=simple
 CapabilityBoundingSet=
-NoNewPrivileges=True
+AmbientCapabilities=
+NoNewPrivileges=true
+#SecureBits=
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+PrivateNetwork=false
 PrivateUsers=true
-PrivateDevices=true
-PrivateTmp=true
-ProtectHome=true
-ProtectSystem=strict
-ProtectControlGroups=yes
+ProtectHostname=true
+ProtectClock=true
 ProtectKernelTunables=true
-ProtectKernelModules=yes
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=true
+MemoryDenyWriteExecute=true
 LockPersonality=true
-MemoryDenyWriteExecute=true
 RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallFilter=@system-service
 SystemCallArchitectures=native
-SystemCallFilter=@system-service
 
 [Install]
 WantedBy=multi-user.target

More information about the arch-commits mailing list