commit ecryptfs-utils.1928 for openSUSE:12.3:Update
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package ecryptfs-utils.1928 for openSUSE:12.3:Update checked in at 2013-08-14 14:55:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/ecryptfs-utils.1928 (Old) and /work/SRC/openSUSE:12.3:Update/.ecryptfs-utils.1928.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ecryptfs-utils.1928" Changes: -------- New Changes file: --- /dev/null 2013-07-23 23:44:04.804033756 +0200 +++ /work/SRC/openSUSE:12.3:Update/.ecryptfs-utils.1928.new/ecryptfs-utils.changes 2013-08-14 14:55:10.000000000 +0200 @@ -0,0 +1,264 @@ +------------------------------------------------------------------- +Tue Aug 6 08:06:23 UTC 2013 - darin@darins.net + +- update to 103 +- move -pie/-fpie into separate patch +- update ecryptfs-setup-swap-SuSE.patch for systmd and fstab + without UUID lables (bnc#814098) +- remove ecryptfs-utils.security.patch, fixed upstream +- add PreReq: permissions +- removed unpackaged doc + +------------------------------------------------------------------- +Wed Jul 11 11:48:24 UTC 2012 - meissner@suse.com + +- also supply MS_NODEV to avoid exposing device files + if someone got them on the encrypted media. + +------------------------------------------------------------------- +Tue Jul 10 14:03:27 UTC 2012 - meissner@suse.com + +- point the desktop link to the right .desktop file +- build mount.ecryptfs_private with -pie/-fpie + +------------------------------------------------------------------- +Wed Jul 4 11:08:11 UTC 2012 - meissner@suse.com + +- hook pam_ecryptfs into pam session and auth bnc#755475 + +------------------------------------------------------------------- +Thu Jun 21 06:19:46 UTC 2012 - meissner@suse.com + +- added security improvements to mount.ecryptfs_private + and pam_ecryptfs (bnc#740110) + +------------------------------------------------------------------- +Fri Apr 6 15:33:03 UTC 2012 - darin@darins.net + +- patch so ecryptfs-setup-swap executes boot.crypto + +------------------------------------------------------------------- +Wed Mar 28 14:47:13 UTC 2012 - meissner@suse.com + +- updated to 96 + - bugfixes + - testsuite added + - ecryptfs-verify utility added + - write-read test utility +- mark /sbin/mount.eccryptfs_private as setuidable (bnc#745584 , bnc#740110) + +------------------------------------------------------------------- +Fri Sep 30 20:07:57 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Tue Sep 20 15:32:22 CEST 2011 - meissner@suse.de + +- Updated to 92 + * Fix umask issue introduced by last security update + * some bugfixes + +------------------------------------------------------------------- +Sun Sep 18 17:17:12 UTC 2011 - jengelh@medozas.de + +- Remove redundant/obsolete tags/sections from specfile + (cf. packaging guidelines) +- Put make call in the right spot +- Use %_smp_mflags for parallel build + +------------------------------------------------------------------- +Thu Aug 11 17:25:21 CEST 2011 - meissner@suse.de + +- Updated to 90 + Fixed several security issues: + * CVE-2011-1831 - Race condition when checking mountpoint during mount. + * CVE-2011-1832 - Race condition when checking mountpoint during unmount. + * CVE-2011-1833 - Race condition when checking source during mount. + * CVE-2011-1834 - Improper mtab handling allowing corruption due to resource + limits, signals, etc. + * CVE-2011-1835 - Key poisoning in ecryptfs-setup-private due to insecure temp + directory. + * CVE-2011-1836 - ecryptfs-recover-private mounts directly in /tmp + * CVE-2011-1837 - Predictable lock counter name and associated races. + + New ecryptfs-find binary to find by inode. + +------------------------------------------------------------------- +Mon Apr 18 17:06:50 CEST 2011 - meissner@suse.de + +- Updated to 87 + * src/utils/ecryptfs-setup-private: update the Private.* selinux + contexts + * src/utils/ecryptfs-setup-private: + - add -p to mkdir, address noise for a non-error + - must insert keys during testing phase, since we remove keys on + unmount now, LP: #725862 + * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in + interactive mode, LP: #667331 +- Updated to 86 + * src/pam_ecryptfs/pam_ecryptfs.c: + - check if this file exists and ask the user for the wrapping passphrase + if it does + - eliminate both ecryptfs_pam_wrapping_independent_set() and + ecryptfs_pam_automount_set() and replace with a reusable + file_exists_dotecryptfs() function + * src/utils/mount.ecryptfs_private.c: + - support multiple, user configurable private directories by way of + a command line "alias" argument + - this "alias" references a configuration file by the name of: + $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format, + as well as $HOME/.ecryptfs/alias.sig, in the same format as + Private.sig + - if no argument specified, the utility operates in legacy mode, + defaulting to "Private" + - rename variables, s/dev/src/ and s/mnt/dest/ + - add a read_config() function + - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR + - this is half of the fix to LP: #615657 + * doc/manpage/mount.ecryptfs_private.1: document these changes + * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c: + - allow umount.ecryptfs_private to succeed when the key is no + longer in user keyring. +- Updated to 85 + * src/utils/ecryptfs-recover-private: clean sigs of invalid characters + * src/utils/mount.ecryptfs_private.c: + - fix bug LP: #313812, clear used keys on unmount + - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from + umount.ecryptfs behave similarly + - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek + * src/utils/ecryptfs-migrate-home: + - support user databases outside of /etc/passwd, LP: #627506 +- Updated to 84 + * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139 + * debian/rules, debian/control: + - disable the gpg key module, as it's not yet functional + - clean up unneeded build-deps + - also, not using opencryptoki either + * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by + email by Jon 'maddog' Hall + * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am, + po/POTFILES.in, src/utils/ecryptfs-recover-private, + src/utils/Makefile.am: add a utility to simplify data recovery + of an encrypted private directory from a Live ISO, LP: #689969 + +------------------------------------------------------------------- +Sat Apr 10 15:39:27 UTC 2010 - aj@suse.de + +- Fix build with adding requires on mozilla-nss-devel and python-devel. +- Fix package list. + +------------------------------------------------------------------- +Thu Mar 18 13:33:43 CET 2010 - meissner@suse.de + +- Updated to 83 + - lots of bugfixes + - improvements + +------------------------------------------------------------------- +Sun Jan 31 22:03:16 UTC 2010 - jengelh@medozas.de + +- Package baselibs.conf + +------------------------------------------------------------------- +Thu Jun 25 12:37:06 CEST 2009 - sbrabec@suse.cz + +- Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164). + +------------------------------------------------------------------- +Fri Oct 24 13:58:01 CEST 2008 - meissner@suse.de + +- Upgraded to version 61 + - starts of filename encryption + - bugfixes + +------------------------------------------------------------------- +Fri Sep 19 11:55:34 CEST 2008 - meissner@suse.de + +- Upgraded to version 58 + - config file changes yet again + - some documentation fixes + - some TPM related fixes + +------------------------------------------------------------------- +Sat Aug 23 10:45:52 CEST 2008 - meissner@suse.de + +- Upgraded to version 56 + - more manpages + - changed configfile format + +------------------------------------------------------------------- +Fri Jul 11 22:41:55 CEST 2008 - meissner@suse.de + +- Upgraded to version 50 + - another manpage + - bugfixes + - fixed kernel netlink interface + ++++ 67 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.ecryptfs-utils.1928.new/ecryptfs-utils.changes New: ---- baselibs.conf ecryptfs-correct-desktop.patch ecryptfs-setup-swap-SuSE.patch ecryptfs-utils-src-utils-Makefile.patch ecryptfs-utils.changes ecryptfs-utils.spec ecryptfs-utils_103.orig.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ecryptfs-utils.spec ++++++ # # spec file for package ecryptfs-utils # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: ecryptfs-utils Url: https://launchpad.net/ecryptfs Summary: Userspace Utilities for ecryptfs License: GPL-2.0+ Group: Productivity/Security Version: 103 Release: 0 Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%versi... Source1: baselibs.conf # PATCH-FIX-OPENSUSE fix for systemd and no UUID in fstab Patch0: ecryptfs-setup-swap-SuSE.patch # PATCH-FIX-OPENSUSE build with -fpie/-pie Patch1: ecryptfs-utils-src-utils-Makefile.patch Patch2: ecryptfs-correct-desktop.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gtk2-devel BuildRequires: intltool BuildRequires: keyutils-devel BuildRequires: keyutils-libs BuildRequires: libgcrypt-devel BuildRequires: libtool BuildRequires: mozilla-nss-devel BuildRequires: openssl-devel BuildRequires: pam-config BuildRequires: pam-devel BuildRequires: pkcs11-helper-devel BuildRequires: python-devel BuildRequires: swig BuildRequires: trousers-devel BuildRequires: update-desktop-files Requires(pre): pam-config PreReq: permissions %description A stacked cryptographic filesystem for Linux. %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %build export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" autoreconf -i -f %configure \ --docdir=%_defaultdocdir/%{name} \ --disable-static \ --enable-tspi \ --enable-pkcs11-helper \ --with-pamdir=/%_lib/security make %{?_smp_mflags} %check make check %install %makeinstall mkdir -p $RPM_BUILD_ROOT/%{_datadir}/applications/ mv $RPM_BUILD_ROOT/%{_datadir}/ecryptfs-utils/*desktop $RPM_BUILD_ROOT/%{_datadir}/applications/ %suse_update_desktop_file ecryptfs-mount-private %suse_update_desktop_file ecryptfs-setup-private %find_lang %{name} %verifyscript %verify_permissions -e /sbin/mount.ecryptfs_private %post /sbin/ldconfig %set_permissions /sbin/mount.ecryptfs_private /usr/sbin/pam-config -a --ecryptfs %postun /sbin/ldconfig /usr/sbin/pam-config -d --ecryptfs %files -f %{name}.lang %defattr(-, root, root) %doc COPYING NEWS README THANKS doc/ecryptfs-faq.html /usr/include/ecryptfs.h %{_prefix}/bin/* /sbin/mount.ecryptfs /sbin/umount.ecryptfs /sbin/umount.ecryptfs_private %verify(not mode) /sbin/mount.ecryptfs_private %{_libdir}/libecryptfs* %{_libdir}/pkgconfig/libecryptfs.pc %{_mandir}/man1/*ecryptfs* %{_mandir}/man7/ecryptfs* %{_mandir}/man8/*ecryptfs* %{_libdir}/ecryptfs* %{_datadir}/ecryptfs-utils /%_lib/security/pam_ecryptfs.so %{python_sitelib}/ecryptfs-utils %{python_sitearch}/ecryptfs-utils %{_datadir}/applications/ecryptfs-* %changelog ++++++ baselibs.conf ++++++ ecryptfs-utils supplements "packageand(ecryptfs-utils:pam-<targettype>)" ++++++ ecryptfs-correct-desktop.patch ++++++ Index: ecryptfs-utils-96/src/utils/ecryptfs-setup-private =================================================================== --- ecryptfs-utils-96.orig/src/utils/ecryptfs-setup-private +++ ecryptfs-utils-96/src/utils/ecryptfs-setup-private @@ -340,7 +340,7 @@ echo mkdir -m 700 -p "$CRYPTDIR" || error "$(gettext 'Could not create crypt directory')" "[$CRYPTDIR]" mkdir -m 700 -p "$MOUNTPOINT" || error "$(gettext 'Could not create mount directory')" "[$MOUNTPOINT]" ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt "$MOUNTPOINT"/README.txt -ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop "$MOUNTPOINT"/Access-Your-Private-Data.desktop +ln -sf /usr/share/applications/ecryptfs-mount-private.desktop "$MOUNTPOINT"/Access-Your-Private-Data.desktop chmod 500 "$MOUNTPOINT" # Setup ~/.ecryptfs directory ++++++ ecryptfs-setup-swap-SuSE.patch ++++++ --- ecryptfs-utils-103/src/utils/ecryptfs-setup-swap 2013-08-05 10:44:55.618908888 -0400 +++ ecryptfs-utils-103/src/utils/ecryptfs-setup-swap.mod 2013-08-05 10:54:16.966419219 -0400 @@ -37,23 +37,20 @@ usage() { echo echo `gettext "Usage:"` - echo " $0 [-f|--force] [-n|--no-reload]" + echo " $0 [-f|--force]" echo exit 1 } # Handle command line options FORCE=0 +NO_RELOAD=1 while [ ! -z "$1" ]; do case "$1" in -f|--force) FORCE=1 shift 1 ;; - -n|--no-reload) - NO_RELOAD=1 - shift 1 - ;; *) usage ;; @@ -149,7 +146,8 @@ for swap in $swaps; do info `gettext "Setting up swap:"` "[$swap]" uuid=$(blkid -o value -s UUID $swap) - for target in "UUID=$uuid" $swap; do + suse_swap=$(grep swap /etc/fstab |cut -d' ' -f1) + for target in $suse_swap $swap; do if [ -n "$target" ] && grep -qs "^$target " /etc/fstab; then sed -i "s:^$target :\#$target :" /etc/fstab warn "Commented out your unencrypted swap from /etc/fstab" @@ -166,7 +164,6 @@ # Add fstab entry echo "/dev/mapper/cryptswap$i none swap sw 0 0" >> /etc/fstab done - if [ "$NO_RELOAD" != 1 ]; then # Turn swap off swapoff -a @@ -179,3 +176,4 @@ fi info `gettext "Successfully setup encrypted swap!"` +info "This will take effect after reboot" ++++++ ecryptfs-utils-src-utils-Makefile.patch ++++++ Index: ecryptfs-utils-96/src/utils/Makefile.am =================================================================== --- ecryptfs-utils-96.orig/src/utils/Makefile.am +++ ecryptfs-utils-96/src/utils/Makefile.am @@ -58,7 +58,9 @@ ecryptfs_generate_tpm_key_CFLAGS = $(AM_ ecryptfs_generate_tpm_key_LDADD = $(TSPI_LIBS) mount_ecryptfs_private_SOURCES = mount.ecryptfs_private.c +mount_ecryptfs_private_CFLAGS = $(AM_CFLAGS) -fpie mount_ecryptfs_private_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la $(KEYUTILS_LIBS) +mount_ecryptfs_private_LDFLAGS = -pie ecryptfs_stat_SOURCES = ecryptfs-stat.c ecryptfs_stat_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de