forked from pool/parsec
Guillaume GARDET
fad872c73b
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/925351 OBS-URL: https://build.opensuse.org/package/show/security/parsec?expand=0&rev=16
92 lines
3.6 KiB
Plaintext
92 lines
3.6 KiB
Plaintext
-------------------------------------------------------------------
|
|
Thu Dec 9 11:05:48 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Fix /run/parsec permission to 755. This is enough for all
|
|
users to access the service - boo#1193484 - CVE-2021-36781
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 15 07:01:37 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
|
|
* harden_parsec.service.patch
|
|
Modified:
|
|
* parsec.service
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 27 10:18:08 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Allow access to /run/parsec to all users
|
|
- Requires rust 1.53+ (now also available in 15.3/15-SP3 via Update)
|
|
which allow to enable same features accross distros
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 6 07:01:27 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Update to 0.8.0:
|
|
* Changelog: https://github.com/parallaxsecond/parsec/compare/0.7.2...0.8.0
|
|
- Drop upstream patch:
|
|
* parsec-fix-old-rust.patch
|
|
- Disable 'trusted-service-provider' as it currently fails to build
|
|
- Disable 'jwt-svid-authenticator' (SPIFFE-based authenticator)
|
|
on Leap, as it cannot be compiled with rust 1.43.1
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 30 11:36:56 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Fix build with old rust used in Leap 15.3/SLE15-SP3.
|
|
* parsec-fix-old-rust.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 14 14:54:32 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Requires 'tpm2-0-tss' as it holds the udev rule to make /dev/tpm*
|
|
owned by tss user
|
|
- Requires 'libtss2-tcti-device0' as it is required to start parsec
|
|
with TPM support
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 7 07:42:24 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Enable all authenticators which adds 'direct-authenticator'
|
|
- Add CryptoAuthLib template (disabled) in config.toml
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 1 10:19:21 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Make 'parsec' user part of 'tss' group to access /dev/tpm* devices
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 31 16:02:31 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Update to 0.7.2:
|
|
* Changelog: https://github.com/parallaxsecond/parsec/compare/0.6.0...0.7.2
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 30 13:20:44 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Recommends 'opensc' as it is used to initialize HSM keys (PKCS#11 backend)
|
|
- Add PKCS#11 template (disabled) in config.toml
|
|
- Disable Tpm backend by default in config.toml
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 13 14:19:05 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Enable 'all-providers' which adds 'pkcs11-provider' compared to
|
|
previous config
|
|
- Drop unneeded patch:
|
|
* pkcs11-libloading-issue.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 23 15:10:32 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Update to 0.6.0
|
|
- Update config.toml
|
|
- Add patch:
|
|
* pkcs11-libloading-issue.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 16 16:07:51 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Initiale version 0.5.0
|
|
|