Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2012-07-12 14:46:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ecryptfs-utils", Maintainer is "meissner@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2012-07-06 09:37:01.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2012-07-12 14:46:50.000000000 +0200 @@ -1,0 +2,12 @@ +Wed Jul 11 11:48:24 UTC 2012 - meissner@suse.com + +- also supply MS_NODEV to avoid exposing device files + if someone got them on the encrypted media. + +------------------------------------------------------------------- +Tue Jul 10 14:03:27 UTC 2012 - meissner@suse.com + +- point the desktop link to the right .desktop file +- build mount.ecryptfs_private with -pie/-fpie + +------------------------------------------------------------------- New: ---- ecryptfs-correct-desktop.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ecryptfs-utils.spec ++++++ --- /var/tmp/diff_new_pack.j6pDvH/_old 2012-07-12 14:46:51.000000000 +0200 +++ /var/tmp/diff_new_pack.j6pDvH/_new 2012-07-12 14:46:51.000000000 +0200 @@ -27,6 +27,7 @@ Source1: baselibs.conf Patch0: ecryptfs-setup-swap-SuSE.patch Patch1: ecryptfs-utils.security.patch +Patch2: ecryptfs-correct-desktop.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gtk2-devel BuildRequires: intltool @@ -52,6 +53,7 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" ++++++ ecryptfs-correct-desktop.patch ++++++ Index: ecryptfs-utils-96/src/utils/ecryptfs-setup-private =================================================================== --- ecryptfs-utils-96.orig/src/utils/ecryptfs-setup-private +++ ecryptfs-utils-96/src/utils/ecryptfs-setup-private @@ -340,7 +340,7 @@ echo mkdir -m 700 -p "$CRYPTDIR" || error "$(gettext 'Could not create crypt directory')" "[$CRYPTDIR]" mkdir -m 700 -p "$MOUNTPOINT" || error "$(gettext 'Could not create mount directory')" "[$MOUNTPOINT]" ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt "$MOUNTPOINT"/README.txt -ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop "$MOUNTPOINT"/Access-Your-Private-Data.desktop +ln -sf /usr/share/applications/ecryptfs-mount-private.desktop "$MOUNTPOINT"/Access-Your-Private-Data.desktop chmod 500 "$MOUNTPOINT" # Setup ~/.ecryptfs directory ++++++ ecryptfs-utils.security.patch ++++++ --- /var/tmp/diff_new_pack.j6pDvH/_old 2012-07-12 14:46:51.000000000 +0200 +++ /var/tmp/diff_new_pack.j6pDvH/_new 2012-07-12 14:46:51.000000000 +0200 @@ -256,7 +256,7 @@ } /* Perform mount */ - if (mount(src, ".", FSTYPE, 0, opt) == 0) { -+ if (mount(src, ".", FSTYPE, MS_NOSUID, opt) == 0) { ++ if (mount(src, ".", FSTYPE, MS_NOSUID|MS_NODEV, opt) == 0) { if (update_mtab(src, dest, opt) != 0) { goto fail; } @@ -268,3 +268,17 @@ /* Since we're doing a lazy unmount anyway, just unmount the current * directory. This avoids a lot of complexity in dealing with race +Index: ecryptfs-utils-96/src/utils/Makefile.am +=================================================================== +--- ecryptfs-utils-96.orig/src/utils/Makefile.am ++++ ecryptfs-utils-96/src/utils/Makefile.am +@@ -58,7 +58,9 @@ ecryptfs_generate_tpm_key_CFLAGS = $(AM_ + ecryptfs_generate_tpm_key_LDADD = $(TSPI_LIBS) + + mount_ecryptfs_private_SOURCES = mount.ecryptfs_private.c ++mount_ecryptfs_private_CFLAGS = $(AM_CFLAGS) -fpie + mount_ecryptfs_private_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la $(KEYUTILS_LIBS) ++mount_ecryptfs_private_LDFLAGS = -pie + + ecryptfs_stat_SOURCES = ecryptfs-stat.c + ecryptfs_stat_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org