Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2012-07-12 14:46:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ecryptfs-utils", Maintainer is "meiss...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2012-07-06 09:37:01.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2012-07-12 14:46:50.000000000 +0200
@@ -1,0 +2,12 @@
+Wed Jul 11 11:48:24 UTC 2012 - meiss...@suse.com
+
+- also supply MS_NODEV to avoid exposing device files
+ if someone got them on the encrypted media.
+
+-------------------------------------------------------------------
+Tue Jul 10 14:03:27 UTC 2012 - meiss...@suse.com
+
+- point the desktop link to the right .desktop file
+- build mount.ecryptfs_private with -pie/-fpie
+
+-------------------------------------------------------------------
New:
----
ecryptfs-correct-desktop.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ecryptfs-utils.spec ++++++
--- /var/tmp/diff_new_pack.j6pDvH/_old 2012-07-12 14:46:51.000000000 +0200
+++ /var/tmp/diff_new_pack.j6pDvH/_new 2012-07-12 14:46:51.000000000 +0200
@@ -27,6 +27,7 @@
Source1: baselibs.conf
Patch0: ecryptfs-setup-swap-SuSE.patch
Patch1: ecryptfs-utils.security.patch
+Patch2: ecryptfs-correct-desktop.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gtk2-devel
BuildRequires: intltool
@@ -52,6 +53,7 @@
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
++++++ ecryptfs-correct-desktop.patch ++++++
Index: ecryptfs-utils-96/src/utils/ecryptfs-setup-private
===================================================================
--- ecryptfs-utils-96.orig/src/utils/ecryptfs-setup-private
+++ ecryptfs-utils-96/src/utils/ecryptfs-setup-private
@@ -340,7 +340,7 @@ echo
mkdir -m 700 -p "$CRYPTDIR" || error "$(gettext 'Could not create crypt
directory')" "[$CRYPTDIR]"
mkdir -m 700 -p "$MOUNTPOINT" || error "$(gettext 'Could not create mount
directory')" "[$MOUNTPOINT]"
ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt
"$MOUNTPOINT"/README.txt
-ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
"$MOUNTPOINT"/Access-Your-Private-Data.desktop
+ln -sf /usr/share/applications/ecryptfs-mount-private.desktop
"$MOUNTPOINT"/Access-Your-Private-Data.desktop
chmod 500 "$MOUNTPOINT"
# Setup ~/.ecryptfs directory
++++++ ecryptfs-utils.security.patch ++++++
--- /var/tmp/diff_new_pack.j6pDvH/_old 2012-07-12 14:46:51.000000000 +0200
+++ /var/tmp/diff_new_pack.j6pDvH/_new 2012-07-12 14:46:51.000000000 +0200
@@ -256,7 +256,7 @@
}
/* Perform mount */
- if (mount(src, ".", FSTYPE, 0, opt) == 0) {
-+ if (mount(src, ".", FSTYPE, MS_NOSUID, opt) == 0) {
++ if (mount(src, ".", FSTYPE, MS_NOSUID|MS_NODEV, opt) == 0) {
if (update_mtab(src, dest, opt) != 0) {
goto fail;
}
@@ -268,3 +268,17 @@
/* Since we're doing a lazy unmount anyway, just unmount the
current
* directory. This avoids a lot of complexity in dealing with
race
+Index: ecryptfs-utils-96/src/utils/Makefile.am
+===================================================================
+--- ecryptfs-utils-96.orig/src/utils/Makefile.am
++++ ecryptfs-utils-96/src/utils/Makefile.am
+@@ -58,7 +58,9 @@ ecryptfs_generate_tpm_key_CFLAGS = $(AM_
+ ecryptfs_generate_tpm_key_LDADD = $(TSPI_LIBS)
+
+ mount_ecryptfs_private_SOURCES = mount.ecryptfs_private.c
++mount_ecryptfs_private_CFLAGS = $(AM_CFLAGS) -fpie
+ mount_ecryptfs_private_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
$(KEYUTILS_LIBS)
++mount_ecryptfs_private_LDFLAGS = -pie
+
+ ecryptfs_stat_SOURCES = ecryptfs-stat.c
+ ecryptfs_stat_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
