------------------------------------------------------------------- Tue Sep 20 15:32:22 CEST 2011 - meissner@suse.de - Updated to 92 * Fix umask issue introduced by last security update * some bugfixes ------------------------------------------------------------------- Sun Sep 18 17:17:12 UTC 2011 - jengelh@medozas.de - Remove redundant/obsolete tags/sections from specfile (cf. packaging guidelines) - Put make call in the right spot - Use %_smp_mflags for parallel build ------------------------------------------------------------------- Thu Aug 11 17:25:21 CEST 2011 - meissner@suse.de - Updated to 90 Fixed several security issues: * CVE-2011-1831 - Race condition when checking mountpoint during mount. * CVE-2011-1832 - Race condition when checking mountpoint during unmount. * CVE-2011-1833 - Race condition when checking source during mount. * CVE-2011-1834 - Improper mtab handling allowing corruption due to resource limits, signals, etc. * CVE-2011-1835 - Key poisoning in ecryptfs-setup-private due to insecure temp directory. * CVE-2011-1836 - ecryptfs-recover-private mounts directly in /tmp * CVE-2011-1837 - Predictable lock counter name and associated races. New ecryptfs-find binary to find by inode. ------------------------------------------------------------------- Mon Apr 18 17:06:50 CEST 2011 - meissner@suse.de - Updated to 87 * src/utils/ecryptfs-setup-private: update the Private.* selinux contexts * src/utils/ecryptfs-setup-private: - add -p to mkdir, address noise for a non-error - must insert keys during testing phase, since we remove keys on unmount now, LP: #725862 * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in interactive mode, LP: #667331 - Updated to 86 * src/pam_ecryptfs/pam_ecryptfs.c: - check if this file exists and ask the user for the wrapping passphrase if it does - eliminate both ecryptfs_pam_wrapping_independent_set() and ecryptfs_pam_automount_set() and replace with a reusable file_exists_dotecryptfs() function * src/utils/mount.ecryptfs_private.c: - support multiple, user configurable private directories by way of a command line "alias" argument - this "alias" references a configuration file by the name of: $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format, as well as $HOME/.ecryptfs/alias.sig, in the same format as Private.sig - if no argument specified, the utility operates in legacy mode, defaulting to "Private" - rename variables, s/dev/src/ and s/mnt/dest/ - add a read_config() function - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR - this is half of the fix to LP: #615657 * doc/manpage/mount.ecryptfs_private.1: document these changes * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c: - allow umount.ecryptfs_private to succeed when the key is no longer in user keyring. - Updated to 85 * src/utils/ecryptfs-recover-private: clean sigs of invalid characters * src/utils/mount.ecryptfs_private.c: - fix bug LP: #313812, clear used keys on unmount - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from umount.ecryptfs behave similarly - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek * src/utils/ecryptfs-migrate-home: - support user databases outside of /etc/passwd, LP: #627506 - Updated to 84 * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139 * debian/rules, debian/control: - disable the gpg key module, as it's not yet functional - clean up unneeded build-deps - also, not using opencryptoki either * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by email by Jon 'maddog' Hall * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am, po/POTFILES.in, src/utils/ecryptfs-recover-private, src/utils/Makefile.am: add a utility to simplify data recovery of an encrypted private directory from a Live ISO, LP: #689969 ------------------------------------------------------------------- Sat Apr 10 15:39:27 UTC 2010 - aj@suse.de - Fix build with adding requires on mozilla-nss-devel and python-devel. - Fix package list. ------------------------------------------------------------------- Thu Mar 18 13:33:43 CET 2010 - meissner@suse.de - Updated to 83 - lots of bugfixes - improvements ------------------------------------------------------------------- Sun Jan 31 22:03:16 UTC 2010 - jengelh@medozas.de - Package baselibs.conf ------------------------------------------------------------------- Thu Jun 25 12:37:06 CEST 2009 - sbrabec@suse.cz - Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164). ------------------------------------------------------------------- Fri Oct 24 13:58:01 CEST 2008 - meissner@suse.de - Upgraded to version 61 - starts of filename encryption - bugfixes ------------------------------------------------------------------- Fri Sep 19 11:55:34 CEST 2008 - meissner@suse.de - Upgraded to version 58 - config file changes yet again - some documentation fixes - some TPM related fixes ------------------------------------------------------------------- Sat Aug 23 10:45:52 CEST 2008 - meissner@suse.de - Upgraded to version 56 - more manpages - changed configfile format ------------------------------------------------------------------- Fri Jul 11 22:41:55 CEST 2008 - meissner@suse.de - Upgraded to version 50 - another manpage - bugfixes - fixed kernel netlink interface ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support ------------------------------------------------------------------- Thu Apr 3 11:27:39 CEST 2008 - meissner@suse.de - Upgraded to version 41 - typo fixed in manpage - enabled TPM support (tspi) - enabled PKCS11 support ------------------------------------------------------------------- Mon Feb 25 22:25:31 CET 2008 - meissner@suse.de - Upgraded to version 40 - more manpages - some new features - lots of bugfixes ------------------------------------------------------------------- Fri Aug 3 10:51:14 CEST 2007 - meissner@suse.de - fixed pam module path for ia64 and s390x too. ------------------------------------------------------------------- Sun Jul 29 11:28:25 CEST 2007 - meissner@suse.de - fixed pam module path ------------------------------------------------------------------- Fri Jul 27 11:59:37 CEST 2007 - meissner@suse.de - uphgraded to version 18. - TPM support (not yet enabled) - added PAM module ------------------------------------------------------------------- Tue Mar 20 15:21:00 CET 2007 - meissner@suse.de - build on IA64 - fixed compiler warnings ------------------------------------------------------------------- Tue Mar 6 14:20:50 CET 2007 - meissner@suse.de - fixed build on lib64 ------------------------------------------------------------------- Mon Mar 5 12:31:00 CET 2007 - meissner@suse.de - upgraded to version 10. - unlisted enhancements and bugfixes. ------------------------------------------------------------------- Thu Dec 14 16:17:01 CET 2006 - meissner@suse.de - use lib64 correctly. - fixed "is used uninitialized" warnings. ------------------------------------------------------------------- Tue Dec 5 11:59:54 CET 2006 - meissner@suse.de - initial checkin of version 5. - userland utilities to control ecryptfs filesystems