SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for cryptctl-2.4-31.7.x86_64.rpm :

* Mon May 09 2022 Peter Varkoly - Update to version 2.4:
* (bsc#1186226) - (CVE-2019-18906) client side password hashing is equivalent to clear text password storage
* Fix authentication on all places.
* Fix sysconfig variable name.
* First step to use plain text password instead of hashed password.
* Move repository into the SUSE github organization
* decorate readme with more usage instructions
* in RPC server, if client comes from localhost, remember its ipv4 localhost address instead of ipv6 address
* Test clear expired commands in TestDB_UpdateSeenFlag
* tell a record to clear expired pending commands upon saving a command result; introduce pending commands RPC test case
* avoid hard coding 127.0.0.1 in host ID of alive message test; let system administrator mount and unmount disks by issuing these two commands on key server.
* Wed Jul 21 2021 Paolo Perego - Fixed build errors adding a \"go mod init\"- Binaries are now compiled with PIE support- Also client service is symlinked so to avoid warnings
* Wed Aug 19 2020 Dominique Leuenberger - Use %{_udevrulesdir} instead of abusing %{_libexecdir}.
* Mon Feb 03 2020 Dominique Leuenberger - BuildRequire pkgconfig(systemd|udev) instead of systemd and udev: Allow OBS to shortcut through -mini flavors.- Name the rpmlintrc file according the policy: cryptctl-rpmlintrc.
* Thu Nov 23 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
* Mon Oct 23 2017 hguoAATTsuse.com- Add previously missing systemd service cryptctl-client.service into RPM content, continue with bsc#1056082.
* Mon Aug 28 2017 hguoAATTsuse.com- Upgrade to upstream release 2.3 that brings a new feature to allow system administrators to issue mount/umount commands to client computers via key server. (bsc#1056082)
* Wed Jun 07 2017 hguoAATTsuse.com- Upgrade to upstream release 2.2 that brings important enhancements in effort of implementing fate#322979:
* System administrator may now optionally turn off TLS certificate verification on KMIP server. Note that, certificate verification is enforced by default.
* Improve handling of boolean answers from interactive command line.
* Improve error handling in KMIP client.
* Thu Jun 01 2017 hguoAATTsuse.com- Upgrade to upstream release 2.1 that brings important enhancements in effort of implementing fate#322979:
* Improve KMIP compatibility with key prefix names and proper serialisation of authentication header.
* Fail over KMIP connection using a server list.
* Destroy key on KMIP after its tracking record is erased from DB.
* Thu May 11 2017 hguoAATTsuse.com- Upgrade to upstream release 2.0 that brings a protocol evolution together with several new features:
* Optionally utilise an external KMIP-v1.3 compatible service to store actual encryption key.
* Optionally verify client identity before serving its key requests.
* Password is hashed before transmitting over TLS-secured channel.
* Fix an issue that previously allowed a malicious administrator to craft RPC request to overwrite files outside of key database. Implemented accordint to fate#322979 and fate#322293.
  
ICM