Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: pam-fscrypt | Distribution: openSUSE Tumbleweed |
Version: 0.3.5 | Vendor: openSUSE |
Release: 1.3 | Build date: Thu May 9 20:53:43 2024 |
Group: System/Base | Build host: reproducible |
Size: 5512236 | Source RPM: fscrypt-0.3.5-1.3.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://github.com/google/fscrypt | |
Summary: Go tool for managing Linux filesystem encryption (the pam module) |
fscrypt is a high-level tool for the management of Linux filesystem encryption. This tool manages metadata, key generation, key wrapping, PAM integration, and provides a uniform interface for creating and modifying encrypted directories. This package holds the pam module for fscrypt.
Apache-2.0
* Thu May 09 2024 Dirk Müller <dmueller@suse.com> - update to 0.3.5: * Upgraded various dependencies, resolving two security alerts from GitHub. * `fscrypt` now requires Go 1.18 or later to build. * `fscrypt` now provides a better error message when it's asked to operate on a locked regular file. * Made some improvements to the documentation. * Wed Mar 08 2023 Dirk Müller <dmueller@suse.com> - move to pam_vendordir - add baselibs * Wed Feb 15 2023 Dirk Müller <dmueller@suse.com> - add fscrypt pam configuration - drop pam-specs from main package * Tue Jan 31 2023 Marcus Rueckert <mrueckert@suse.de> - update to 0.3.4: - fscrypt now requires Go 1.16 or later to build. - pam_fscrypt now supports the option unlock_only to disable locking of directories on logout. - Fixed a bug where the number of CPUs used in the passphrase hash would be calculated incorrectly on systems with more than 255 CPUs. - Added support for AES-256-HCTR2 filenames encryption. - Directories are now synced immediately after an encryption policy is applied, reducing the chance of an inconsistency after a sudden crash. - Added Lustre to the list of allowed filesystems. - Added a NEWS.md file that contains the release notes, and backfilled it from the GitHub release notes. * Tue Mar 08 2022 Dirk Müller <dmueller@suse.com> - use pam_moduledir * Thu Feb 24 2022 Dirk Müller <dmueller@suse.com> - update to 0.3.3: * Correctly handle malicious mountpoint paths in the fscrypt bash completion script (CVE-2022-25328, command injection). * Validate the size, type, and owner (for login protectors) of policy and protector files (CVE-2022-25327, denial of service). * Make the fscrypt metadata directories non-world-writable by default (CVE-2022-25326, denial of service). * When running as a non-root user, ignore policy and protector files that aren't owned by the user or by root. * Also require that the metadata directories themselves and the mountpoint root directory be owned by the user or by root. * Make policy and protector files mode 0600 rather than 0644. * Make all relevant files owned by the user when root encrypts a directory with a user's login protector, not just the the login protector itself. * Make pam_fscrypt ignore system users completely. - drop 346.patch: upstream * Wed Feb 23 2022 Dirk Müller <dmueller@suse.com> - refresh 346.patch with final merged state * Tue Feb 22 2022 Dirk Müller <dmueller@suse.com> - add 346.patch (bsc#1195623) * Thu Feb 10 2022 Dirk Müller <dmueller@suse.com> - update to 0.3.2: * Made linked protectors (e.g., login protectors used on a non-root filesystem) more reliable when a filesystem UUID changes. * Made login protectors be owned by the user when they are created as root, so that the user has permission to update them later. * Made fscrypt work when the root directory is a btrfs filesystem. * Made pam_fscrypt start warning when a user's login protector is getting de-synced due to their password being changed by root. * Support reading the key for raw key protectors from standard input. * Made fscrypt metadata remove-protector-from-policy work even if the protector is no longer accessible. * Made fscrypt stop trying to access irrelevant filesystems. * Improved the documentation. * Fri Feb 04 2022 Dirk Müller <dmueller@suse.com> - spec-cleaner run
/usr/lib/pam.d/fscrypt /usr/lib/security/pam_fscrypt.so /usr/share/licenses/pam-fscrypt /usr/share/licenses/pam-fscrypt/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Jan 12 02:11:34 2025