SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for pam-fscrypt-0.3.4-bp156.3.12.x86_64.rpm :

* Wed Mar 08 2023 Dirk Müller - move to pam_vendordir- add baselibs
* Wed Feb 15 2023 Dirk Müller - add fscrypt pam configuration- drop pam-specs from main package
* Tue Jan 31 2023 Marcus Rueckert - update to 0.3.4: - fscrypt now requires Go 1.16 or later to build. - pam_fscrypt now supports the option unlock_only to disable locking of directories on logout. - Fixed a bug where the number of CPUs used in the passphrase hash would be calculated incorrectly on systems with more than 255 CPUs. - Added support for AES-256-HCTR2 filenames encryption. - Directories are now synced immediately after an encryption policy is applied, reducing the chance of an inconsistency after a sudden crash. - Added Lustre to the list of allowed filesystems. - Added a NEWS.md file that contains the release notes, and backfilled it from the GitHub release notes.
* Tue Mar 08 2022 Dirk Müller - use pam_moduledir
* Thu Feb 24 2022 Dirk Müller - update to 0.3.3:
* Correctly handle malicious mountpoint paths in the fscrypt bash completion script (CVE-2022-25328, command injection).
* Validate the size, type, and owner (for login protectors) of policy and protector files (CVE-2022-25327, denial of service).
* Make the fscrypt metadata directories non-world-writable by default (CVE-2022-25326, denial of service).
* When running as a non-root user, ignore policy and protector files that aren\'t owned by the user or by root.
* Also require that the metadata directories themselves and the mountpoint root directory be owned by the user or by root.
* Make policy and protector files mode 0600 rather than 0644.
* Make all relevant files owned by the user when root encrypts a directory with a user\'s login protector, not just the the login protector itself.
* Make pam_fscrypt ignore system users completely.- drop 346.patch: upstream
* Wed Feb 23 2022 Dirk Müller - refresh 346.patch with final merged state
* Tue Feb 22 2022 Dirk Müller - add 346.patch (bsc#1195623)
* Thu Feb 10 2022 Dirk Müller - update to 0.3.2:
* Made linked protectors (e.g., login protectors used on a non-root filesystem) more reliable when a filesystem UUID changes.
* Made login protectors be owned by the user when they are created as root, so that the user has permission to update them later.
* Made fscrypt work when the root directory is a btrfs filesystem.
* Made pam_fscrypt start warning when a user\'s login protector is getting de-synced due to their password being changed by root.
* Support reading the key for raw key protectors from standard input.
* Made fscrypt metadata remove-protector-from-policy work even if the protector is no longer accessible.
* Made fscrypt stop trying to access irrelevant filesystems.
* Improved the documentation.
* Fri Feb 04 2022 Dirk Müller - spec-cleaner run
* Wed Oct 20 2021 Marcus Rueckert - Update to 0.3.1 https://github.com/google/fscrypt/releases/tag/v0.3.1
* Thu Apr 01 2021 Marcus Rueckert - Update to 0.3.0 https://github.com/google/fscrypt/releases/tag/v0.3.0
* Mon Mar 29 2021 Marcus Rueckert - Update to 0.2.9 https://github.com/google/fscrypt/releases/tag/v0.2.9 https://github.com/google/fscrypt/releases/tag/v0.2.8
* Tue Mar 24 2020 Marcus Rueckert - initial package
 
ICM