diff --git a/README.md b/README.md index 5e361bd..439b202 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ If you have constrained bandwidth, you may set an upper limit for the bit rate o In addition to being a streaming media server, Airsonic works very well as a local jukebox. The intuitive web interface, as well as search and index facilities, are optimized for efficient browsing through large media libraries. Airsonic also comes with an integrated Podcast receiver, with many of the same features as you find in iTunes. -**Shipped version:** 10.5.0 +**Shipped version:** 10.6.1 ## Screenshots diff --git a/conf/app.src b/conf/app.src index e3469e7..af99f60 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/airsonic/airsonic/releases/download/v10.5.0/airsonic.war -SOURCE_SUM=588e5362351406ac7e4eafede4fe3dae7b1e24eac6b6c330f51f413cfa184a5a +SOURCE_URL=https://github.com/airsonic/airsonic/releases/download/v10.6.1/airsonic.war +SOURCE_SUM=6b8bf98a5288fe982ead0c99489a66cbeb8b880fa2ab4fc86d9e07944e4cf335 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=false SOURCE_IN_SUBDIR=false diff --git a/conf/systemd.service b/conf/systemd.service index 333c7d9..da45966 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -20,5 +20,40 @@ ExecStart=/usr/bin/java \ User=__APP__ Group=__APP__ +# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html +# for details +DevicePolicy=closed +DeviceAllow=char-alsa rw +NoNewPrivileges=yes +PrivateTmp=yes +PrivateUsers=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap +ReadWritePaths=__FINALPATH__ + +# You can uncomment the following line if you're not using the jukebox +# This will prevent airsonic from accessing any real (physical) devices +#PrivateDevices=yes + +# You can change the following line to `strict` instead of `full` +# if you don't want airsonic to be able to +# write anything on your filesystem outside of AIRSONIC_HOME. +ProtectSystem=full + +# You can uncomment the following line if you don't have any media +# in /home/…. This will prevent airsonic from ever reading/writing anything there. +#ProtectHome=true + +# You can uncomment the following line if you're not using the OpenJDK. +# This will prevent processes from having a memory zone that is both writeable +# and executeable, making hacker's lifes a bit harder. +#MemoryDenyWriteExecute=yes + + [Install] WantedBy=multi-user.target \ No newline at end of file diff --git a/manifest.json b/manifest.json index 31202d3..1371a7c 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Stream and manage your music collection", "fr": "Streamez et gérez votre collection de musique" }, - "version": "10.5.0~ynh3", + "version": "10.6.1~ynh1", "url": "http://airsonic.github.io", "license": "GPL-3.0-or-later", "maintainer": {