Hello community,
here is the log from the commit of package ecryptfs-utils.1928 for
openSUSE:12.3:Update checked in at 2013-08-14 14:55:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/ecryptfs-utils.1928 (Old)
and /work/SRC/openSUSE:12.3:Update/.ecryptfs-utils.1928.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ecryptfs-utils.1928"
Changes:
--------
New Changes file:
--- /dev/null 2013-07-23 23:44:04.804033756 +0200
+++
/work/SRC/openSUSE:12.3:Update/.ecryptfs-utils.1928.new/ecryptfs-utils.changes
2013-08-14 14:55:10.000000000 +0200
@@ -0,0 +1,264 @@
+-------------------------------------------------------------------
+Tue Aug 6 08:06:23 UTC 2013 - [email protected]
+
+- update to 103
+- move -pie/-fpie into separate patch
+- update ecryptfs-setup-swap-SuSE.patch for systmd and fstab
+ without UUID lables (bnc#814098)
+- remove ecryptfs-utils.security.patch, fixed upstream
+- add PreReq: permissions
+- removed unpackaged doc
+
+-------------------------------------------------------------------
+Wed Jul 11 11:48:24 UTC 2012 - [email protected]
+
+- also supply MS_NODEV to avoid exposing device files
+ if someone got them on the encrypted media.
+
+-------------------------------------------------------------------
+Tue Jul 10 14:03:27 UTC 2012 - [email protected]
+
+- point the desktop link to the right .desktop file
+- build mount.ecryptfs_private with -pie/-fpie
+
+-------------------------------------------------------------------
+Wed Jul 4 11:08:11 UTC 2012 - [email protected]
+
+- hook pam_ecryptfs into pam session and auth bnc#755475
+
+-------------------------------------------------------------------
+Thu Jun 21 06:19:46 UTC 2012 - [email protected]
+
+- added security improvements to mount.ecryptfs_private
+ and pam_ecryptfs (bnc#740110)
+
+-------------------------------------------------------------------
+Fri Apr 6 15:33:03 UTC 2012 - [email protected]
+
+- patch so ecryptfs-setup-swap executes boot.crypto
+
+-------------------------------------------------------------------
+Wed Mar 28 14:47:13 UTC 2012 - [email protected]
+
+- updated to 96
+ - bugfixes
+ - testsuite added
+ - ecryptfs-verify utility added
+ - write-read test utility
+- mark /sbin/mount.eccryptfs_private as setuidable (bnc#745584 , bnc#740110)
+
+-------------------------------------------------------------------
+Fri Sep 30 20:07:57 UTC 2011 - [email protected]
+
+- add libtool as buildrequire to make the spec file more reliable
+
+-------------------------------------------------------------------
+Tue Sep 20 15:32:22 CEST 2011 - [email protected]
+
+- Updated to 92
+ * Fix umask issue introduced by last security update
+ * some bugfixes
+
+-------------------------------------------------------------------
+Sun Sep 18 17:17:12 UTC 2011 - [email protected]
+
+- Remove redundant/obsolete tags/sections from specfile
+ (cf. packaging guidelines)
+- Put make call in the right spot
+- Use %_smp_mflags for parallel build
+
+-------------------------------------------------------------------
+Thu Aug 11 17:25:21 CEST 2011 - [email protected]
+
+- Updated to 90
+ Fixed several security issues:
+ * CVE-2011-1831 - Race condition when checking mountpoint during mount.
+ * CVE-2011-1832 - Race condition when checking mountpoint during unmount.
+ * CVE-2011-1833 - Race condition when checking source during mount.
+ * CVE-2011-1834 - Improper mtab handling allowing corruption due to resource
+ limits, signals, etc.
+ * CVE-2011-1835 - Key poisoning in ecryptfs-setup-private due to insecure
temp
+ directory.
+ * CVE-2011-1836 - ecryptfs-recover-private mounts directly in /tmp
+ * CVE-2011-1837 - Predictable lock counter name and associated races.
+
+ New ecryptfs-find binary to find by inode.
+
+-------------------------------------------------------------------
+Mon Apr 18 17:06:50 CEST 2011 - [email protected]
+
+- Updated to 87
+ * src/utils/ecryptfs-setup-private: update the Private.* selinux
+ contexts
+ * src/utils/ecryptfs-setup-private:
+ - add -p to mkdir, address noise for a non-error
+ - must insert keys during testing phase, since we remove keys on
+ unmount now, LP: #725862
+ * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
+ interactive mode, LP: #667331
+- Updated to 86
+ * src/pam_ecryptfs/pam_ecryptfs.c:
+ - check if this file exists and ask the user for the wrapping passphrase
+ if it does
+ - eliminate both ecryptfs_pam_wrapping_independent_set() and
+ ecryptfs_pam_automount_set() and replace with a reusable
+ file_exists_dotecryptfs() function
+ * src/utils/mount.ecryptfs_private.c:
+ - support multiple, user configurable private directories by way of
+ a command line "alias" argument
+ - this "alias" references a configuration file by the name of:
+ $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
+ as well as $HOME/.ecryptfs/alias.sig, in the same format as
+ Private.sig
+ - if no argument specified, the utility operates in legacy mode,
+ defaulting to "Private"
+ - rename variables, s/dev/src/ and s/mnt/dest/
+ - add a read_config() function
+ - add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
+ - this is half of the fix to LP: #615657
+ * doc/manpage/mount.ecryptfs_private.1: document these changes
+ * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
+ - allow umount.ecryptfs_private to succeed when the key is no
+ longer in user keyring.
+- Updated to 85
+ * src/utils/ecryptfs-recover-private: clean sigs of invalid characters
+ * src/utils/mount.ecryptfs_private.c:
+ - fix bug LP: #313812, clear used keys on unmount
+ - add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
+ umount.ecryptfs behave similarly
+ - use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
+ * src/utils/ecryptfs-migrate-home:
+ - support user databases outside of /etc/passwd, LP: #627506
+- Updated to 84
+ * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
+ * debian/rules, debian/control:
+ - disable the gpg key module, as it's not yet functional
+ - clean up unneeded build-deps
+ - also, not using opencryptoki either
+ * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
+ email by Jon 'maddog' Hall
+ * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
+ po/POTFILES.in, src/utils/ecryptfs-recover-private,
+ src/utils/Makefile.am: add a utility to simplify data recovery
+ of an encrypted private directory from a Live ISO, LP: #689969
+
+-------------------------------------------------------------------
+Sat Apr 10 15:39:27 UTC 2010 - [email protected]
+
+- Fix build with adding requires on mozilla-nss-devel and python-devel.
+- Fix package list.
+
+-------------------------------------------------------------------
+Thu Mar 18 13:33:43 CET 2010 - [email protected]
+
+- Updated to 83
+ - lots of bugfixes
+ - improvements
+
+-------------------------------------------------------------------
+Sun Jan 31 22:03:16 UTC 2010 - [email protected]
+
+- Package baselibs.conf
+
+-------------------------------------------------------------------
+Thu Jun 25 12:37:06 CEST 2009 - [email protected]
+
+- Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164).
+
+-------------------------------------------------------------------
+Fri Oct 24 13:58:01 CEST 2008 - [email protected]
+
+- Upgraded to version 61
+ - starts of filename encryption
+ - bugfixes
+
+-------------------------------------------------------------------
+Fri Sep 19 11:55:34 CEST 2008 - [email protected]
+
+- Upgraded to version 58
+ - config file changes yet again
+ - some documentation fixes
+ - some TPM related fixes
+
+-------------------------------------------------------------------
+Sat Aug 23 10:45:52 CEST 2008 - [email protected]
+
+- Upgraded to version 56
+ - more manpages
+ - changed configfile format
+
+-------------------------------------------------------------------
+Fri Jul 11 22:41:55 CEST 2008 - [email protected]
+
+- Upgraded to version 50
+ - another manpage
+ - bugfixes
+ - fixed kernel netlink interface
+
++++ 67 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:12.3:Update/.ecryptfs-utils.1928.new/ecryptfs-utils.changes
New:
----
baselibs.conf
ecryptfs-correct-desktop.patch
ecryptfs-setup-swap-SuSE.patch
ecryptfs-utils-src-utils-Makefile.patch
ecryptfs-utils.changes
ecryptfs-utils.spec
ecryptfs-utils_103.orig.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ecryptfs-utils.spec ++++++
#
# spec file for package ecryptfs-utils
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: ecryptfs-utils
Url: https://launchpad.net/ecryptfs
Summary: Userspace Utilities for ecryptfs
License: GPL-2.0+
Group: Productivity/Security
Version: 103
Release: 0
Source0:
http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz
Source1: baselibs.conf
# PATCH-FIX-OPENSUSE fix for systemd and no UUID in fstab
Patch0: ecryptfs-setup-swap-SuSE.patch
# PATCH-FIX-OPENSUSE build with -fpie/-pie
Patch1: ecryptfs-utils-src-utils-Makefile.patch
Patch2: ecryptfs-correct-desktop.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gtk2-devel
BuildRequires: intltool
BuildRequires: keyutils-devel
BuildRequires: keyutils-libs
BuildRequires: libgcrypt-devel
BuildRequires: libtool
BuildRequires: mozilla-nss-devel
BuildRequires: openssl-devel
BuildRequires: pam-config
BuildRequires: pam-devel
BuildRequires: pkcs11-helper-devel
BuildRequires: python-devel
BuildRequires: swig
BuildRequires: trousers-devel
BuildRequires: update-desktop-files
Requires(pre): pam-config
PreReq: permissions
%description
A stacked cryptographic filesystem for Linux.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%build
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
autoreconf -i -f
%configure \
--docdir=%_defaultdocdir/%{name} \
--disable-static \
--enable-tspi \
--enable-pkcs11-helper \
--with-pamdir=/%_lib/security
make %{?_smp_mflags}
%check
make check
%install
%makeinstall
mkdir -p $RPM_BUILD_ROOT/%{_datadir}/applications/
mv $RPM_BUILD_ROOT/%{_datadir}/ecryptfs-utils/*desktop
$RPM_BUILD_ROOT/%{_datadir}/applications/
%suse_update_desktop_file ecryptfs-mount-private
%suse_update_desktop_file ecryptfs-setup-private
%find_lang %{name}
%verifyscript
%verify_permissions -e /sbin/mount.ecryptfs_private
%post
/sbin/ldconfig
%set_permissions /sbin/mount.ecryptfs_private
/usr/sbin/pam-config -a --ecryptfs
%postun
/sbin/ldconfig
/usr/sbin/pam-config -d --ecryptfs
%files -f %{name}.lang
%defattr(-, root, root)
%doc COPYING NEWS README THANKS doc/ecryptfs-faq.html
/usr/include/ecryptfs.h
%{_prefix}/bin/*
/sbin/mount.ecryptfs
/sbin/umount.ecryptfs
/sbin/umount.ecryptfs_private
%verify(not mode) /sbin/mount.ecryptfs_private
%{_libdir}/libecryptfs*
%{_libdir}/pkgconfig/libecryptfs.pc
%{_mandir}/man1/*ecryptfs*
%{_mandir}/man7/ecryptfs*
%{_mandir}/man8/*ecryptfs*
%{_libdir}/ecryptfs*
%{_datadir}/ecryptfs-utils
/%_lib/security/pam_ecryptfs.so
%{python_sitelib}/ecryptfs-utils
%{python_sitearch}/ecryptfs-utils
%{_datadir}/applications/ecryptfs-*
%changelog
++++++ baselibs.conf ++++++
ecryptfs-utils
supplements "packageand(ecryptfs-utils:pam-<targettype>)"
++++++ ecryptfs-correct-desktop.patch ++++++
Index: ecryptfs-utils-96/src/utils/ecryptfs-setup-private
===================================================================
--- ecryptfs-utils-96.orig/src/utils/ecryptfs-setup-private
+++ ecryptfs-utils-96/src/utils/ecryptfs-setup-private
@@ -340,7 +340,7 @@ echo
mkdir -m 700 -p "$CRYPTDIR" || error "$(gettext 'Could not create crypt
directory')" "[$CRYPTDIR]"
mkdir -m 700 -p "$MOUNTPOINT" || error "$(gettext 'Could not create mount
directory')" "[$MOUNTPOINT]"
ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt
"$MOUNTPOINT"/README.txt
-ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
"$MOUNTPOINT"/Access-Your-Private-Data.desktop
+ln -sf /usr/share/applications/ecryptfs-mount-private.desktop
"$MOUNTPOINT"/Access-Your-Private-Data.desktop
chmod 500 "$MOUNTPOINT"
# Setup ~/.ecryptfs directory
++++++ ecryptfs-setup-swap-SuSE.patch ++++++
--- ecryptfs-utils-103/src/utils/ecryptfs-setup-swap 2013-08-05
10:44:55.618908888 -0400
+++ ecryptfs-utils-103/src/utils/ecryptfs-setup-swap.mod 2013-08-05
10:54:16.966419219 -0400
@@ -37,23 +37,20 @@
usage() {
echo
echo `gettext "Usage:"`
- echo " $0 [-f|--force] [-n|--no-reload]"
+ echo " $0 [-f|--force]"
echo
exit 1
}
# Handle command line options
FORCE=0
+NO_RELOAD=1
while [ ! -z "$1" ]; do
case "$1" in
-f|--force)
FORCE=1
shift 1
;;
- -n|--no-reload)
- NO_RELOAD=1
- shift 1
- ;;
*)
usage
;;
@@ -149,7 +146,8 @@
for swap in $swaps; do
info `gettext "Setting up swap:"` "[$swap]"
uuid=$(blkid -o value -s UUID $swap)
- for target in "UUID=$uuid" $swap; do
+ suse_swap=$(grep swap /etc/fstab |cut -d' ' -f1)
+ for target in $suse_swap $swap; do
if [ -n "$target" ] && grep -qs "^$target " /etc/fstab; then
sed -i "s:^$target :\#$target :" /etc/fstab
warn "Commented out your unencrypted swap from
/etc/fstab"
@@ -166,7 +164,6 @@
# Add fstab entry
echo "/dev/mapper/cryptswap$i none swap sw 0 0" >> /etc/fstab
done
-
if [ "$NO_RELOAD" != 1 ]; then
# Turn swap off
swapoff -a
@@ -179,3 +176,4 @@
fi
info `gettext "Successfully setup encrypted swap!"`
+info "This will take effect after reboot"
++++++ ecryptfs-utils-src-utils-Makefile.patch ++++++
Index: ecryptfs-utils-96/src/utils/Makefile.am
===================================================================
--- ecryptfs-utils-96.orig/src/utils/Makefile.am
+++ ecryptfs-utils-96/src/utils/Makefile.am
@@ -58,7 +58,9 @@ ecryptfs_generate_tpm_key_CFLAGS = $(AM_
ecryptfs_generate_tpm_key_LDADD = $(TSPI_LIBS)
mount_ecryptfs_private_SOURCES = mount.ecryptfs_private.c
+mount_ecryptfs_private_CFLAGS = $(AM_CFLAGS) -fpie
mount_ecryptfs_private_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
$(KEYUTILS_LIBS)
+mount_ecryptfs_private_LDFLAGS = -pie
ecryptfs_stat_SOURCES = ecryptfs-stat.c
ecryptfs_stat_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
