Overview Repositories Revisions Requests Users Attributes Meta

Revisions of fscrypt

buildservice-autocommit accepted request 1172978 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 23) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 22) 
- update to 0.3.5:
  * Upgraded various dependencies, resolving two security alerts
    from GitHub.
  * `fscrypt` now requires Go 1.18 or later to build.
  * `fscrypt` now provides a better error message when it's asked
    to operate on a locked regular file.
  * Made some improvements to the documentation.
- drop pam-specs from main package
- use pam_moduledir
    script (CVE-2022-25328, command injection).
  * Make pam_fscrypt ignore system users completely.
- refresh 346.patch with final merged state
- add 346.patch (bsc#1195623)
  * Improved the documentation.
- spec-cleaner run
buildservice-autocommit accepted request 1072103 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 21) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 20) 
- add baselibs
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 19) 
- move to pam_vendordir
buildservice-autocommit accepted request 1065972 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 18) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 17) 
- add fscrypt pam configuration
- drop pam-specs from main package
buildservice-autocommit accepted request 1062205 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 16) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 15)
Dirk Mueller's avatar Dirk Mueller (dirkmueller) accepted request 1062173 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 14) 
- update to 0.3.4:
  - fscrypt now requires Go 1.16 or later to build.
  - pam_fscrypt now supports the option unlock_only to disable
    locking of directories on logout.
  - Fixed a bug where the number of CPUs used in the passphrase
    hash would be calculated incorrectly on systems with more than
    255 CPUs.
  - Added support for AES-256-HCTR2 filenames encryption.
  - Directories are now synced immediately after an encryption
    policy is applied, reducing the chance of an inconsistency
    after a sudden crash.
  - Added Lustre to the list of allowed filesystems.
  - Added a NEWS.md file that contains the release notes, and
    backfilled it from the GitHub release notes.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 960298 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 13) 
initialized devel package after accepting 960298
buildservice-autocommit accepted request 960298 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 12) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 11) 
- use pam_moduledir
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 10) 
- update to 0.3.3:
  * Correctly handle malicious mountpoint paths in the fscrypt bash completion
    script (CVE-2022-25328, command injection).  
  * Validate the size, type, and owner (for login protectors) of policy and
    protector files (CVE-2022-25327, denial of service).
  * Make the fscrypt metadata directories non-world-writable by default
    (CVE-2022-25326, denial of service).
  * When running as a non-root user, ignore policy and protector files that
    aren't owned by the user or by root.
  * Also require that the metadata directories themselves and the mountpoint
    root directory be owned by the user or by root.
  * Make policy and protector files mode 0600 rather than 0644.
  * Make all relevant files owned by the user when root encrypts a directory
    with a user's login protector, not just the the login protector itself.
  * Make pam_fscrypt ignore system users completely. 
- drop 346.patch: upstream
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 9) 
- refresh 346.patch with final merged state
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 8)
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 7) 
- add 346.patch (bsc#1195623)
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 6)
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 5) 
- update to 0.3.2:
  * Made linked protectors (e.g., login protectors used on a non-root filesystem)
    more reliable when a filesystem UUID changes.
  * Made login protectors be owned by the user when they are created as root, so
    that the user has permission to update them later.
  * Made fscrypt work when the root directory is a btrfs filesystem.
  * Made pam_fscrypt start warning when a user's login protector is getting
    de-synced due to their password being changed by root.
  * Support reading the key for raw key protectors from standard input.
  * Made fscrypt metadata remove-protector-from-policy work even if the protector
    is no longer accessible.
  * Made fscrypt stop trying to access irrelevant filesystems.
  * Improved the documentation.
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 4) 
- spec-cleaner run
Displaying revisions 1 - 20 of 23
openSUSE Build Service is sponsored by
Places