Accepting request 960298 from filesystems

baserev update by copy to link target OBS-URL: https://build.opensuse.org/request/show/960298 OBS-URL: https://build.opensuse.org/package/show/filesystems/fscrypt?expand=0&rev=12
2022-03-09 17:47:33 +00:00 · 2022-03-09 17:47:33 +00:00 · b144e2532a
commit b144e2532a
6 changed files with 187 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/fscrypt-0.3.3.tar.gz
+++ b/fscrypt-0.3.3.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7485232dc4c48d8db262e0280b34b3c869e7b6f41f8ee8601ebfe04297796410
+size 167020
--- a/fscrypt.changes
+++ b/fscrypt.changes
@ -0,0 +1,80 @@
+-------------------------------------------------------------------
+Tue Mar  8 21:10:23 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- use pam_moduledir 
+
+-------------------------------------------------------------------
+Thu Feb 24 12:38:24 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.3.3:
+  * Correctly handle malicious mountpoint paths in the fscrypt bash completion
+    script (CVE-2022-25328, command injection).  
+  * Validate the size, type, and owner (for login protectors) of policy and
+    protector files (CVE-2022-25327, denial of service).
+  * Make the fscrypt metadata directories non-world-writable by default
+    (CVE-2022-25326, denial of service).
+  * When running as a non-root user, ignore policy and protector files that
+    aren't owned by the user or by root.
+  * Also require that the metadata directories themselves and the mountpoint
+    root directory be owned by the user or by root.
+  * Make policy and protector files mode 0600 rather than 0644.
+  * Make all relevant files owned by the user when root encrypts a directory
+    with a user's login protector, not just the the login protector itself.
+  * Make pam_fscrypt ignore system users completely. 
+- drop 346.patch: upstream
+
+-------------------------------------------------------------------
+Wed Feb 23 22:28:47 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- refresh 346.patch with final merged state 
+
+-------------------------------------------------------------------
+Tue Feb 22 15:39:10 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- add 346.patch (bsc#1195623) 
+
+-------------------------------------------------------------------
+Thu Feb 10 20:16:40 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.3.2:
+  * Made linked protectors (e.g., login protectors used on a non-root filesystem)
+    more reliable when a filesystem UUID changes.
+  * Made login protectors be owned by the user when they are created as root, so
+    that the user has permission to update them later.
+  * Made fscrypt work when the root directory is a btrfs filesystem.
+  * Made pam_fscrypt start warning when a user's login protector is getting
+    de-synced due to their password being changed by root.
+  * Support reading the key for raw key protectors from standard input.
+  * Made fscrypt metadata remove-protector-from-policy work even if the protector
+    is no longer accessible.
+  * Made fscrypt stop trying to access irrelevant filesystems.
+  * Improved the documentation. 
+
+-------------------------------------------------------------------
+Fri Feb  4 21:42:05 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- spec-cleaner run 
+
+-------------------------------------------------------------------
+Wed Oct 20 10:18:41 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 0.3.1
+  https://github.com/google/fscrypt/releases/tag/v0.3.1
+
+-------------------------------------------------------------------
+Thu Apr  1 10:42:36 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 0.3.0
+  https://github.com/google/fscrypt/releases/tag/v0.3.0
+
+-------------------------------------------------------------------
+Mon Mar 29 11:32:11 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 0.2.9
+  https://github.com/google/fscrypt/releases/tag/v0.2.9
+  https://github.com/google/fscrypt/releases/tag/v0.2.8
+
+-------------------------------------------------------------------
+Tue Mar 24 23:46:58 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- initial package
--- a/fscrypt.spec
+++ b/fscrypt.spec
@ -0,0 +1,77 @@
+#
+# spec file for package fscrypt
+#
+# Copyright (c) 2022 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           fscrypt
+Version:        0.3.3
+Release:        0
+Summary:        Go tool for managing Linux filesystem encryption
+License:        Apache-2.0
+Group:          System/Base
+URL:            https://github.com/google/fscrypt
+Source:         https://github.com/google/fscrypt/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source1:        vendor.tar.xz
+BuildRequires:  golang-packaging
+BuildRequires:  m4
+BuildRequires:  pam-devel
+BuildRequires:  pkgconfig
+BuildRequires:  golang(API) >= 1.14
+BuildRequires:  pkgconfig(bash-completion)
+Requires:       pam-fscrypt = %{version}
+
+%description
+fscrypt is a high-level tool for the management of Linux filesystem encryption.
+This tool manages metadata, key generation, key wrapping, PAM integration, and
+provides a uniform interface for creating and modifying encrypted directories.
+
+%package -n pam-fscrypt
+#
+Summary:        Go tool for managing Linux filesystem encryption (the pam module)
+Group:          System/Base
+Requires(pre):  fscrypt = %{version}
+
+%description -n pam-fscrypt
+fscrypt is a high-level tool for the management of Linux filesystem encryption.
+This tool manages metadata, key generation, key wrapping, PAM integration, and
+provides a uniform interface for creating and modifying encrypted directories.
+
+This package holds the pam module for fscrypt.
+
+%prep
+%autosetup -p1 -a 1
+
+%build
+%global make_args GO_FLAGS="-mod=vendor -buildmode=pie" PAM_MODULE_DIR="%{_pam_moduledir}" PREFIX="%{_prefix}"
+%make_build %{make_args}
+
+%install
+%make_install %{make_args}
+chmod a-x %{buildroot}%{_datadir}/pam-configs/fscrypt
+
+%files
+%license LICENSE
+%doc README.md
+%{_bindir}/fscrypt
+%dir %{_datadir}/pam-configs/
+%{_datadir}/pam-configs/fscrypt
+%{_datadir}/bash-completion/completions/fscrypt
+
+%files -n pam-fscrypt
+%license LICENSE
+%{_pam_moduledir}/pam_fscrypt.so
+
+%changelog
--- a/vendor.tar.xz
+++ b/vendor.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f887f28478f3480a0a62115a1e0343191e96c0bcd537c3858bd7283c510bbd9a
+size 1044684