forked from pool/fscrypt
Dirk Mueller
45aa177c0a
OBS-URL: https://build.opensuse.org/package/show/filesystems/fscrypt?expand=0&rev=20
111 lines
4.6 KiB
Plaintext
111 lines
4.6 KiB
Plaintext
-------------------------------------------------------------------
|
|
Wed Mar 8 11:28:28 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- move to pam_vendordir
|
|
- add baselibs
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 15 13:58:22 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- add fscrypt pam configuration
|
|
- drop pam-specs from main package
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 31 07:27:28 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- update to 0.3.4:
|
|
- fscrypt now requires Go 1.16 or later to build.
|
|
- pam_fscrypt now supports the option unlock_only to disable
|
|
locking of directories on logout.
|
|
- Fixed a bug where the number of CPUs used in the passphrase
|
|
hash would be calculated incorrectly on systems with more than
|
|
255 CPUs.
|
|
- Added support for AES-256-HCTR2 filenames encryption.
|
|
- Directories are now synced immediately after an encryption
|
|
policy is applied, reducing the chance of an inconsistency
|
|
after a sudden crash.
|
|
- Added Lustre to the list of allowed filesystems.
|
|
- Added a NEWS.md file that contains the release notes, and
|
|
backfilled it from the GitHub release notes.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 8 21:10:23 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- use pam_moduledir
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 24 12:38:24 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- update to 0.3.3:
|
|
* Correctly handle malicious mountpoint paths in the fscrypt bash completion
|
|
script (CVE-2022-25328, command injection).
|
|
* Validate the size, type, and owner (for login protectors) of policy and
|
|
protector files (CVE-2022-25327, denial of service).
|
|
* Make the fscrypt metadata directories non-world-writable by default
|
|
(CVE-2022-25326, denial of service).
|
|
* When running as a non-root user, ignore policy and protector files that
|
|
aren't owned by the user or by root.
|
|
* Also require that the metadata directories themselves and the mountpoint
|
|
root directory be owned by the user or by root.
|
|
* Make policy and protector files mode 0600 rather than 0644.
|
|
* Make all relevant files owned by the user when root encrypts a directory
|
|
with a user's login protector, not just the the login protector itself.
|
|
* Make pam_fscrypt ignore system users completely.
|
|
- drop 346.patch: upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 23 22:28:47 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- refresh 346.patch with final merged state
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 22 15:39:10 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- add 346.patch (bsc#1195623)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 10 20:16:40 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- update to 0.3.2:
|
|
* Made linked protectors (e.g., login protectors used on a non-root filesystem)
|
|
more reliable when a filesystem UUID changes.
|
|
* Made login protectors be owned by the user when they are created as root, so
|
|
that the user has permission to update them later.
|
|
* Made fscrypt work when the root directory is a btrfs filesystem.
|
|
* Made pam_fscrypt start warning when a user's login protector is getting
|
|
de-synced due to their password being changed by root.
|
|
* Support reading the key for raw key protectors from standard input.
|
|
* Made fscrypt metadata remove-protector-from-policy work even if the protector
|
|
is no longer accessible.
|
|
* Made fscrypt stop trying to access irrelevant filesystems.
|
|
* Improved the documentation.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 4 21:42:05 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- spec-cleaner run
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 20 10:18:41 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 0.3.1
|
|
https://github.com/google/fscrypt/releases/tag/v0.3.1
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 1 10:42:36 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 0.3.0
|
|
https://github.com/google/fscrypt/releases/tag/v0.3.0
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 29 11:32:11 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 0.2.9
|
|
https://github.com/google/fscrypt/releases/tag/v0.2.9
|
|
https://github.com/google/fscrypt/releases/tag/v0.2.8
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 24 23:46:58 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- initial package
|