Overview

File fscrypt.changes of Package fscrypt

-------------------------------------------------------------------
Thu May  9 18:53:43 UTC 2024 - Dirk Müller <dmueller@suse.com>

- update to 0.3.5:
  * Upgraded various dependencies, resolving two security alerts
    from GitHub.
  * `fscrypt` now requires Go 1.18 or later to build.
  * `fscrypt` now provides a better error message when it's asked
    to operate on a locked regular file.
  * Made some improvements to the documentation.

-------------------------------------------------------------------
Wed Mar  8 11:28:28 UTC 2023 - Dirk Müller <dmueller@suse.com>

- move to pam_vendordir
- add baselibs

-------------------------------------------------------------------
Wed Feb 15 13:58:22 UTC 2023 - Dirk Müller <dmueller@suse.com>

- add fscrypt pam configuration
- drop pam-specs from main package

-------------------------------------------------------------------
Tue Jan 31 07:27:28 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>

- update to 0.3.4:
  - fscrypt now requires Go 1.16 or later to build.
  - pam_fscrypt now supports the option unlock_only to disable
    locking of directories on logout.
  - Fixed a bug where the number of CPUs used in the passphrase
    hash would be calculated incorrectly on systems with more than
    255 CPUs.
  - Added support for AES-256-HCTR2 filenames encryption.
  - Directories are now synced immediately after an encryption
    policy is applied, reducing the chance of an inconsistency
    after a sudden crash.
  - Added Lustre to the list of allowed filesystems.
  - Added a NEWS.md file that contains the release notes, and
    backfilled it from the GitHub release notes.

-------------------------------------------------------------------
Tue Mar  8 21:10:23 UTC 2022 - Dirk Müller <dmueller@suse.com>

- use pam_moduledir

-------------------------------------------------------------------
Thu Feb 24 12:38:24 UTC 2022 - Dirk Müller <dmueller@suse.com>

- update to 0.3.3:
  * Correctly handle malicious mountpoint paths in the fscrypt bash completion
    script (CVE-2022-25328, command injection).
  * Validate the size, type, and owner (for login protectors) of policy and
    protector files (CVE-2022-25327, denial of service).
  * Make the fscrypt metadata directories non-world-writable by default
    (CVE-2022-25326, denial of service).
  * When running as a non-root user, ignore policy and protector files that
    aren't owned by the user or by root.
  * Also require that the metadata directories themselves and the mountpoint
    root directory be owned by the user or by root.
  * Make policy and protector files mode 0600 rather than 0644.
  * Make all relevant files owned by the user when root encrypts a directory
    with a user's login protector, not just the the login protector itself.
  * Make pam_fscrypt ignore system users completely.
- drop 346.patch: upstream

-------------------------------------------------------------------
Wed Feb 23 22:28:47 UTC 2022 - Dirk Müller <dmueller@suse.com>

- refresh 346.patch with final merged state

-------------------------------------------------------------------
Tue Feb 22 15:39:10 UTC 2022 - Dirk Müller <dmueller@suse.com>

- add 346.patch (bsc#1195623)

-------------------------------------------------------------------
Thu Feb 10 20:16:40 UTC 2022 - Dirk Müller <dmueller@suse.com>

- update to 0.3.2:
  * Made linked protectors (e.g., login protectors used on a non-root filesystem)
    more reliable when a filesystem UUID changes.
  * Made login protectors be owned by the user when they are created as root, so
    that the user has permission to update them later.
  * Made fscrypt work when the root directory is a btrfs filesystem.
  * Made pam_fscrypt start warning when a user's login protector is getting
    de-synced due to their password being changed by root.
  * Support reading the key for raw key protectors from standard input.
  * Made fscrypt metadata remove-protector-from-policy work even if the protector
    is no longer accessible.
  * Made fscrypt stop trying to access irrelevant filesystems.
  * Improved the documentation.

-------------------------------------------------------------------
Fri Feb  4 21:42:05 UTC 2022 - Dirk Müller <dmueller@suse.com>

- spec-cleaner run

-------------------------------------------------------------------
Wed Oct 20 10:18:41 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- Update to 0.3.1
  https://github.com/google/fscrypt/releases/tag/v0.3.1

-------------------------------------------------------------------
Thu Apr  1 10:42:36 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- Update to 0.3.0
  https://github.com/google/fscrypt/releases/tag/v0.3.0

-------------------------------------------------------------------
Mon Mar 29 11:32:11 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- Update to 0.2.9
  https://github.com/google/fscrypt/releases/tag/v0.2.9
  https://github.com/google/fscrypt/releases/tag/v0.2.8

-------------------------------------------------------------------
Tue Mar 24 23:46:58 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>

- initial package
openSUSE Build Service is sponsored by
Places