Accepting request 960298 from filesystems

baserev update by copy to link target OBS-URL: https://build.opensuse.org/request/show/960298 OBS-URL: https://build.opensuse.org/package/show/filesystems/fscrypt?expand=0&rev=12
2022-03-09 17:47:33 +00:00 · 2022-03-09 17:47:33 +00:00 · b144e2532a
commit b144e2532a
6 changed files with 187 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
 ## Default LFS
 *.7z filter=lfs diff=lfs merge=lfs -text
 *.bsp filter=lfs diff=lfs merge=lfs -text
 *.bz2 filter=lfs diff=lfs merge=lfs -text
 *.gem filter=lfs diff=lfs merge=lfs -text
 *.gz filter=lfs diff=lfs merge=lfs -text
 *.jar filter=lfs diff=lfs merge=lfs -text
 *.lz filter=lfs diff=lfs merge=lfs -text
 *.lzma filter=lfs diff=lfs merge=lfs -text
 *.obscpio filter=lfs diff=lfs merge=lfs -text
 *.oxt filter=lfs diff=lfs merge=lfs -text
 *.pdf filter=lfs diff=lfs merge=lfs -text
 *.png filter=lfs diff=lfs merge=lfs -text
 *.rpm filter=lfs diff=lfs merge=lfs -text
 *.tbz filter=lfs diff=lfs merge=lfs -text
 *.tbz2 filter=lfs diff=lfs merge=lfs -text
 *.tgz filter=lfs diff=lfs merge=lfs -text
 *.ttf filter=lfs diff=lfs merge=lfs -text
 *.txz filter=lfs diff=lfs merge=lfs -text
 *.whl filter=lfs diff=lfs merge=lfs -text
 *.xz filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 .osc
--- a/fscrypt-0.3.3.tar.gz
+++ b/fscrypt-0.3.3.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:7485232dc4c48d8db262e0280b34b3c869e7b6f41f8ee8601ebfe04297796410
 size 167020
--- a/fscrypt.changes
+++ b/fscrypt.changes
@ -0,0 +1,80 @@
 -------------------------------------------------------------------
 Tue Mar  8 21:10:23 UTC 2022 - Dirk Müller <dmueller@suse.com>
 - use pam_moduledir 
 -------------------------------------------------------------------
 Thu Feb 24 12:38:24 UTC 2022 - Dirk Müller <dmueller@suse.com>
 - update to 0.3.3:
  * Correctly handle malicious mountpoint paths in the fscrypt bash completion
    script (CVE-2022-25328, command injection).  
  * Validate the size, type, and owner (for login protectors) of policy and
    protector files (CVE-2022-25327, denial of service).
  * Make the fscrypt metadata directories non-world-writable by default
    (CVE-2022-25326, denial of service).
  * When running as a non-root user, ignore policy and protector files that
    aren't owned by the user or by root.
  * Also require that the metadata directories themselves and the mountpoint
    root directory be owned by the user or by root.
  * Make policy and protector files mode 0600 rather than 0644.
  * Make all relevant files owned by the user when root encrypts a directory
    with a user's login protector, not just the the login protector itself.
  * Make pam_fscrypt ignore system users completely. 
 - drop 346.patch: upstream
 -------------------------------------------------------------------
 Wed Feb 23 22:28:47 UTC 2022 - Dirk Müller <dmueller@suse.com>
 - refresh 346.patch with final merged state 
 -------------------------------------------------------------------
 Tue Feb 22 15:39:10 UTC 2022 - Dirk Müller <dmueller@suse.com>
 - add 346.patch (bsc#1195623) 
 -------------------------------------------------------------------
 Thu Feb 10 20:16:40 UTC 2022 - Dirk Müller <dmueller@suse.com>
 - update to 0.3.2:
  * Made linked protectors (e.g., login protectors used on a non-root filesystem)
    more reliable when a filesystem UUID changes.
  * Made login protectors be owned by the user when they are created as root, so
    that the user has permission to update them later.
  * Made fscrypt work when the root directory is a btrfs filesystem.
  * Made pam_fscrypt start warning when a user's login protector is getting
    de-synced due to their password being changed by root.
  * Support reading the key for raw key protectors from standard input.
  * Made fscrypt metadata remove-protector-from-policy work even if the protector
    is no longer accessible.
  * Made fscrypt stop trying to access irrelevant filesystems.
  * Improved the documentation. 
 -------------------------------------------------------------------
 Fri Feb  4 21:42:05 UTC 2022 - Dirk Müller <dmueller@suse.com>
 - spec-cleaner run 
 -------------------------------------------------------------------
 Wed Oct 20 10:18:41 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
 - Update to 0.3.1
  https://github.com/google/fscrypt/releases/tag/v0.3.1
 -------------------------------------------------------------------
 Thu Apr  1 10:42:36 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
 - Update to 0.3.0
  https://github.com/google/fscrypt/releases/tag/v0.3.0
 -------------------------------------------------------------------
 Mon Mar 29 11:32:11 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
 - Update to 0.2.9
  https://github.com/google/fscrypt/releases/tag/v0.2.9
  https://github.com/google/fscrypt/releases/tag/v0.2.8
 -------------------------------------------------------------------
 Tue Mar 24 23:46:58 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
 - initial package
--- a/fscrypt.spec
+++ b/fscrypt.spec
@ -0,0 +1,77 @@
 #
 # spec file for package fscrypt
 #
 # Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
 # upon. The license for this file, and modifications and additions to the
 # file, is the same license as for the pristine package itself (unless the
 # license for the pristine package is not an Open Source License, in which
 # case the license is the MIT License). An "Open Source License" is a
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 Name:           fscrypt
 Version:        0.3.3
 Release:        0
 Summary:        Go tool for managing Linux filesystem encryption
 License:        Apache-2.0
 Group:          System/Base
 URL:            https://github.com/google/fscrypt
 Source:         https://github.com/google/fscrypt/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        vendor.tar.xz
 BuildRequires:  golang-packaging
 BuildRequires:  m4
 BuildRequires:  pam-devel
 BuildRequires:  pkgconfig
 BuildRequires:  golang(API) >= 1.14
 BuildRequires:  pkgconfig(bash-completion)
 Requires:       pam-fscrypt = %{version}
 %description
 fscrypt is a high-level tool for the management of Linux filesystem encryption.
 This tool manages metadata, key generation, key wrapping, PAM integration, and
 provides a uniform interface for creating and modifying encrypted directories.
 %package -n pam-fscrypt
 #
 Summary:        Go tool for managing Linux filesystem encryption (the pam module)
 Group:          System/Base
 Requires(pre):  fscrypt = %{version}
 %description -n pam-fscrypt
 fscrypt is a high-level tool for the management of Linux filesystem encryption.
 This tool manages metadata, key generation, key wrapping, PAM integration, and
 provides a uniform interface for creating and modifying encrypted directories.
 This package holds the pam module for fscrypt.
 %prep
 %autosetup -p1 -a 1
 %build
 %global make_args GO_FLAGS="-mod=vendor -buildmode=pie" PAM_MODULE_DIR="%{_pam_moduledir}" PREFIX="%{_prefix}"
 %make_build %{make_args}
 %install
 %make_install %{make_args}
 chmod a-x %{buildroot}%{_datadir}/pam-configs/fscrypt
 %files
 %license LICENSE
 %doc README.md
 %{_bindir}/fscrypt
 %dir %{_datadir}/pam-configs/
 %{_datadir}/pam-configs/fscrypt
 %{_datadir}/bash-completion/completions/fscrypt
 %files -n pam-fscrypt
 %license LICENSE
 %{_pam_moduledir}/pam_fscrypt.so
 %changelog
--- a/vendor.tar.xz
+++ b/vendor.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:f887f28478f3480a0a62115a1e0343191e96c0bcd537c3858bd7283c510bbd9a
 size 1044684