Revisions of fscrypt
buildservice-autocommit
accepted
request 1172978
from
Dirk Mueller (dirkmueller)
(revision 23)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 22)
- update to 0.3.5: * Upgraded various dependencies, resolving two security alerts from GitHub. * `fscrypt` now requires Go 1.18 or later to build. * `fscrypt` now provides a better error message when it's asked to operate on a locked regular file. * Made some improvements to the documentation. - drop pam-specs from main package - use pam_moduledir script (CVE-2022-25328, command injection). * Make pam_fscrypt ignore system users completely. - refresh 346.patch with final merged state - add 346.patch (bsc#1195623) * Improved the documentation. - spec-cleaner run
buildservice-autocommit
accepted
request 1072103
from
Factory Maintainer (factory-maintainer)
(revision 21)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 20)
- add baselibs
Dirk Mueller (dirkmueller)
committed
(revision 19)
- move to pam_vendordir
buildservice-autocommit
accepted
request 1065972
from
Dirk Mueller (dirkmueller)
(revision 18)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 17)
- add fscrypt pam configuration - drop pam-specs from main package
buildservice-autocommit
accepted
request 1062205
from
Dirk Mueller (dirkmueller)
(revision 16)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 15)
Dirk Mueller (dirkmueller)
accepted
request 1062173
from
Marcus Rueckert (darix)
(revision 14)
- update to 0.3.4: - fscrypt now requires Go 1.16 or later to build. - pam_fscrypt now supports the option unlock_only to disable locking of directories on logout. - Fixed a bug where the number of CPUs used in the passphrase hash would be calculated incorrectly on systems with more than 255 CPUs. - Added support for AES-256-HCTR2 filenames encryption. - Directories are now synced immediately after an encryption policy is applied, reducing the chance of an inconsistency after a sudden crash. - Added Lustre to the list of allowed filesystems. - Added a NEWS.md file that contains the release notes, and backfilled it from the GitHub release notes.
Dominique Leuenberger (dimstar_suse)
accepted
request 960298
from
Dirk Mueller (dirkmueller)
(revision 13)
initialized devel package after accepting 960298
buildservice-autocommit
accepted
request 960298
from
Dirk Mueller (dirkmueller)
(revision 12)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 11)
- use pam_moduledir
Dirk Mueller (dirkmueller)
committed
(revision 10)
- update to 0.3.3: * Correctly handle malicious mountpoint paths in the fscrypt bash completion script (CVE-2022-25328, command injection). * Validate the size, type, and owner (for login protectors) of policy and protector files (CVE-2022-25327, denial of service). * Make the fscrypt metadata directories non-world-writable by default (CVE-2022-25326, denial of service). * When running as a non-root user, ignore policy and protector files that aren't owned by the user or by root. * Also require that the metadata directories themselves and the mountpoint root directory be owned by the user or by root. * Make policy and protector files mode 0600 rather than 0644. * Make all relevant files owned by the user when root encrypts a directory with a user's login protector, not just the the login protector itself. * Make pam_fscrypt ignore system users completely. - drop 346.patch: upstream
Dirk Mueller (dirkmueller)
committed
(revision 9)
- refresh 346.patch with final merged state
Dirk Mueller (dirkmueller)
committed
(revision 8)
Dirk Mueller (dirkmueller)
committed
(revision 7)
- add 346.patch (bsc#1195623)
Dirk Mueller (dirkmueller)
committed
(revision 6)
Dirk Mueller (dirkmueller)
committed
(revision 5)
- update to 0.3.2: * Made linked protectors (e.g., login protectors used on a non-root filesystem) more reliable when a filesystem UUID changes. * Made login protectors be owned by the user when they are created as root, so that the user has permission to update them later. * Made fscrypt work when the root directory is a btrfs filesystem. * Made pam_fscrypt start warning when a user's login protector is getting de-synced due to their password being changed by root. * Support reading the key for raw key protectors from standard input. * Made fscrypt metadata remove-protector-from-policy work even if the protector is no longer accessible. * Made fscrypt stop trying to access irrelevant filesystems. * Improved the documentation.
Dirk Mueller (dirkmueller)
committed
(revision 4)
- spec-cleaner run
Displaying revisions 1 - 20 of 23