Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pam-fscrypt-0.3.5-1.3 RPM for i586

From OpenSuSE Ports Tumbleweed for i586

Name: pam-fscrypt Distribution: openSUSE Tumbleweed
Version: 0.3.5 Vendor: openSUSE
Release: 1.3 Build date: Thu May 9 20:53:43 2024
Group: System/Base Build host: reproducible
Size: 5512236 Source RPM: fscrypt-0.3.5-1.3.src.rpm
Packager: http://bugs.opensuse.org
Url: https://github.com/google/fscrypt
Summary: Go tool for managing Linux filesystem encryption (the pam module)
fscrypt is a high-level tool for the management of Linux filesystem encryption.
This tool manages metadata, key generation, key wrapping, PAM integration, and
provides a uniform interface for creating and modifying encrypted directories.

This package holds the pam module for fscrypt.

Provides

Requires

License

Apache-2.0

Changelog

* Thu May 09 2024 Dirk Müller <dmueller@suse.com>
  - update to 0.3.5:
    * Upgraded various dependencies, resolving two security alerts
      from GitHub.
    * `fscrypt` now requires Go 1.18 or later to build.
    * `fscrypt` now provides a better error message when it's asked
      to operate on a locked regular file.
    * Made some improvements to the documentation.
* Wed Mar 08 2023 Dirk Müller <dmueller@suse.com>
  - move to pam_vendordir
  - add baselibs
* Wed Feb 15 2023 Dirk Müller <dmueller@suse.com>
  - add fscrypt pam configuration
  - drop pam-specs from main package
* Tue Jan 31 2023 Marcus Rueckert <mrueckert@suse.de>
  - update to 0.3.4:
    - fscrypt now requires Go 1.16 or later to build.
    - pam_fscrypt now supports the option unlock_only to disable
      locking of directories on logout.
    - Fixed a bug where the number of CPUs used in the passphrase
      hash would be calculated incorrectly on systems with more than
      255 CPUs.
    - Added support for AES-256-HCTR2 filenames encryption.
    - Directories are now synced immediately after an encryption
      policy is applied, reducing the chance of an inconsistency
      after a sudden crash.
    - Added Lustre to the list of allowed filesystems.
    - Added a NEWS.md file that contains the release notes, and
      backfilled it from the GitHub release notes.
* Tue Mar 08 2022 Dirk Müller <dmueller@suse.com>
  - use pam_moduledir
* Thu Feb 24 2022 Dirk Müller <dmueller@suse.com>
  - update to 0.3.3:
    * Correctly handle malicious mountpoint paths in the fscrypt bash completion
      script (CVE-2022-25328, command injection).
    * Validate the size, type, and owner (for login protectors) of policy and
      protector files (CVE-2022-25327, denial of service).
    * Make the fscrypt metadata directories non-world-writable by default
      (CVE-2022-25326, denial of service).
    * When running as a non-root user, ignore policy and protector files that
      aren't owned by the user or by root.
    * Also require that the metadata directories themselves and the mountpoint
      root directory be owned by the user or by root.
    * Make policy and protector files mode 0600 rather than 0644.
    * Make all relevant files owned by the user when root encrypts a directory
      with a user's login protector, not just the the login protector itself.
    * Make pam_fscrypt ignore system users completely.
  - drop 346.patch: upstream
* Wed Feb 23 2022 Dirk Müller <dmueller@suse.com>
  - refresh 346.patch with final merged state
* Tue Feb 22 2022 Dirk Müller <dmueller@suse.com>
  - add 346.patch (bsc#1195623)
* Thu Feb 10 2022 Dirk Müller <dmueller@suse.com>
  - update to 0.3.2:
    * Made linked protectors (e.g., login protectors used on a non-root filesystem)
      more reliable when a filesystem UUID changes.
    * Made login protectors be owned by the user when they are created as root, so
      that the user has permission to update them later.
    * Made fscrypt work when the root directory is a btrfs filesystem.
    * Made pam_fscrypt start warning when a user's login protector is getting
      de-synced due to their password being changed by root.
    * Support reading the key for raw key protectors from standard input.
    * Made fscrypt metadata remove-protector-from-policy work even if the protector
      is no longer accessible.
    * Made fscrypt stop trying to access irrelevant filesystems.
    * Improved the documentation.
* Fri Feb 04 2022 Dirk Müller <dmueller@suse.com>
  - spec-cleaner run

Files

/usr/lib/pam.d/fscrypt
/usr/lib/security/pam_fscrypt.so
/usr/share/licenses/pam-fscrypt
/usr/share/licenses/pam-fscrypt/LICENSE


Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Jan 12 02:11:34 2025