File cryptctl.changes of Package cryptctl

Overview Repositories Revisions Requests Users Attributes Meta

File cryptctl.changes of Package cryptctl

-------------------------------------------------------------------
Mon May  9 16:55:47 UTC 2022 - Peter Varkoly <varkoly@suse.com>

- Update to version 2.4:
  * (bsc#1186226) - (CVE-2019-18906) client side password hashing is equivalent to clear text password storage
  * Fix authentication on all places.
  * Fix sysconfig variable name.
  * First step to use plain text password instead of hashed password.
  * Move repository into the SUSE github organization
  * decorate readme with more usage instructions
  * in RPC server, if client comes from localhost, remember its ipv4 localhost address instead of ipv6 address
  * Test clear expired commands in TestDB_UpdateSeenFlag
  * tell a record to clear expired pending commands upon saving a command result; introduce pending commands RPC test case
  * avoid hard coding 127.0.0.1 in host ID of alive message test; let system administrator mount and unmount disks by issuing these two commands on key server.

-------------------------------------------------------------------
Wed Jul 21 16:02:08 UTC 2021 - Paolo Perego <paolo.perego@suse.com>

- Fixed build errors adding a "go mod init"
- Binaries are now compiled with PIE support
- Also client service is symlinked so to avoid warnings

-------------------------------------------------------------------
Wed Aug 19 09:54:56 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>

- Use %{_udevrulesdir} instead of abusing %{_libexecdir}.

-------------------------------------------------------------------
Mon Feb  3 12:13:56 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>

- BuildRequire pkgconfig(systemd|udev) instead of systemd and udev:
  Allow OBS to shortcut through -mini flavors.
- Name the rpmlintrc file according the policy: cryptctl-rpmlintrc.

-------------------------------------------------------------------
Thu Nov 23 13:44:21 UTC 2017 - rbrown@suse.com

- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)

-------------------------------------------------------------------
Mon Oct 23 14:26:02 UTC 2017 - hguo@suse.com

- Add previously missing systemd service cryptctl-client.service
  into RPM content, continue with bsc#1056082.

-------------------------------------------------------------------
Mon Aug 28 13:37:13 UTC 2017 - hguo@suse.com

- Upgrade to upstream release 2.3 that brings a new feature to allow
  system administrators to issue mount/umount commands to client
  computers via key server. (bsc#1056082)

-------------------------------------------------------------------
Wed Jun  7 12:11:50 UTC 2017 - hguo@suse.com

- Upgrade to upstream release 2.2 that brings important enhancements
  in effort of implementing fate#322979:
  * System administrator may now optionally turn off TLS certificate
    verification on KMIP server. Note that, certificate verification
    is enforced by default.
  * Improve handling of boolean answers from interactive command line.
  * Improve error handling in KMIP client.

-------------------------------------------------------------------
Thu Jun  1 13:00:57 UTC 2017 - hguo@suse.com

- Upgrade to upstream release 2.1 that brings important enhancements
  in effort of implementing fate#322979:
  * Improve KMIP compatibility with key prefix names and proper
    serialisation of authentication header.
  * Fail over KMIP connection using a server list.
  * Destroy key on KMIP after its tracking record is erased from DB.

-------------------------------------------------------------------
Thu May 11 14:00:39 UTC 2017 - hguo@suse.com

- Upgrade to upstream release 2.0 that brings a protocol evolution
  together with several new features:
  * Optionally utilise an external KMIP-v1.3 compatible service to
    store actual encryption key.
  * Optionally verify client identity before serving its key requests.
  * Password is hashed before transmitting over TLS-secured channel.
  * Fix an issue that previously allowed a malicious administrator
    to craft RPC request to overwrite files outside of key database.
  Implemented accordint to fate#322979 and fate#322293.

-------------------------------------------------------------------
Fri Apr 28 08:32:46 UTC 2017 - hguo@suse.com

- Upgrade to 1.99pre that introduces a library for decoding, encoding,
  and serialisation operations of KMIP v1.3 for fate#322979.

-------------------------------------------------------------------
Wed Nov 16 14:45:31 UTC 2016 - hguo@suse.com

- Upgrade to 1.2.6 for accumulated bug fixes (bsc#1006219):
  * Prevent user from attempting to encrypt a disk with mounted
    partitions, or an existing encrypted+opened disk.
  * Ensure CA path input is an absolute path.
  * Fix two mistakes in handling of timeout input.
  * Fix minor formatting issue in manual page.
  * Suppress consecutive failure messages in the journal of
    ReportAlive and AutoOnlineUnlockFS routines.

-------------------------------------------------------------------
Fri Sep 16 09:37:42 UTC 2016 - hguo@suse.com

- Implement mandatory enhancements:
  * Do not allow encrypting a remote file system.
  * Implement command for erasing an encrypted file system.
- Bump version to 1.2.5 for fate#320367.

-------------------------------------------------------------------
Fri Sep  2 14:36:01 UTC 2016 - hguo@suse.com

- Implement mandatory enhancements:
  * Make workflow across all sub-commands consistent in invocation
    style.
  * Implement auto-unlocking of encrypted disks.
  * Show key record usage and details on demand.
- Bump version to 1.2.4 for fate#320367.

-------------------------------------------------------------------
Thu Aug 18 14:44:23 UTC 2016 - hguo@suse.com

- Implement mandatory enhancements:
  * Remove necessity for a backup directory to be involved for
    encryption routine.
  * Optimise certificate generation prompts.
  * Remove unused error messages and fix several of their typos.
  * Remove unnecessary safety checks.
  * Make the encryption routine work with btrfs and LVM.
- Bump version to 1.2.3 fate#320367.

-------------------------------------------------------------------
Wed Aug  3 14:13:05 UTC 2016 - hguo@suse.com

- Upon request, generate a self-signed TLS certificate for
  experimental purposes.
- Bump version to 1.2.2 fate#320367.

-------------------------------------------------------------------
Mon Aug  1 13:50:48 UTC 2016 - hguo@suse.com

- Implement mandatory features:
  * Encrypt empty directory skips backup steps.
  * Explain key revocation and TLS mechanisms in manual page.
- Bump version to 1.2.1 fate#320367.

-------------------------------------------------------------------
Mon Jul 11 12:07:09 UTC 2016 - hguo@suse.com

- Implement mandatory features:
  * List and edit key records
  * Unlock file system via key record file
  * Use custom options to mount unlocked file system
  Enhance usability:
  * Make encryption procedure's pre-check more thorough
  * Improve overall command prompts
- Bump version to 1.2 fate#320367.

-------------------------------------------------------------------
Fri Jul  1 14:30:10 UTC 2016 - hguo@suse.com

- A preview version with most of the desired functions implemented:
  * Key database
  * Key RPC server
  * Client encryption and decryption routines
  Bump version to 1.1
  fate#320367.

-------------------------------------------------------------------
Wed Jun  8 10:22:03 UTC 2016 - hguo@suse.com

- First version, only to help with building ISOs.
  Implement fate#320367.

Places

File cryptctl.changes of Package cryptctl

Places