-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-8664 2010-05-17 17:45:41 --------------------------------------------------------------------------------
Name : libHX Product : Fedora 13 Version : 3.4 Release : 1.fc13 URL : http://sourceforge.net/projects/libhx/ Summary : General-purpose library for typical low-level operations Description : A library for: - rbtree with key-value pair extension - deques (double-ended queues) (Stacks (LIFO) / Queues (FIFOs)) - platform independent opendir-style directory access - platform independent dlopen-style shared library access - auto-storage strings with direct access - command line option (argv) parser - shconfig-style config file parser - platform independent random number generator with transparent /dev/urandom support - various string, memory and zvec ops -------------------------------------------------------------------------------- Update Information: For pam_mount: Notes: - see doc/bugs.txt for cryptsetup behavior that impacts pam_mount users since version 2.0 Fixes: - umount.crypt: fix use of a wrong field for smtab/cmtab staleness check - umount.crypt had erroneously mounted instead of umounted - mount.crypt: fix memory scribble crash when crypto device could not be initialized - mount.crypt: do not fail when unlocking key slot other than #0 - fusermount is now called with supplementary groups initialized - rdconf: do not warn about missing fskeyhash when no fskey specified - mount: prefer sysv mount API over bsd - pmt-ehd: reword help text for -k option - pmt-ehd: apply default value for -k option - pmt-ehd: fix fskey generation which was pegged at 256 bits - pmt-ehd: avoid needless overtruncation/sparsifying - pmt-ehd: zero LUKS header to avoid setup failure of PLAIN volume Changes: - pmt-ehd: speed up writing random data - pmt-ehd: reword help text for -k option - mount.crypt: ignore cmtab update errors - mount.crypt: add support for keyfile passthru using -ofsk_cipher=none - doc: document mount.crypt's -o hash option - mount.crypt: warn on ignored options Fixes: - config: rdconf1 static data had unclosed %(if) tags - config: rdconf1 static data had extraneous %(OPTIONS) parameter Changes: - mount.crypt: make use of libcryptsetup - cmtab is now stored below localstatedir (usually /var/run) - use HXformat2. This invalidates old constructs like %(before=\"-o\"...), which need to be replaced with the new syntax. (See below.) In general, the old syntax was only used by commands Note to updaters: As the old syntax %(after=...) %(before=...) %(ifempty=...) %(ifnempty=...) %(lower=...) %(upper=...) only appeared in commands, and commands are not part of the default config file anymore since v1.0~15^2~15, there should be little worry. The configuration options in question are <cifsmount>, <cryptmount>, <cryptumount>, <fd0ssh>, <fsck>, <fusemount>, <fuseumount>, <lclmount>, <nfsmount>, <ncpmount>, <ncpumount>, <pmvarrun>, <smbmount>, <smbumount> <umount> and should normally not be needed in pam_mount.conf.xml. Changes: - cope better with cryptsetup's assumption that keysize=256 - augment doc/bugs.txt about caveats with cryptsetup create Fixes: - avoid a mlock(NULL) when there is no auth token Changes: - print error code when mkmountpoint failed - print warning when cmtab is not creatable Changes: - update for libHX 3.4 Fixes: - do decrease the login refcount on logout when no volumes are defined Fixes: - avoid multi-free of auth token when pam_mount is rerun in a PAM stack - avoid NULL dereference when there is an empty line in mtab For cryptsetup: - Fix device alignment ioctl calls parameters. - Fix activate_by_* API calls to handle NULL device name as documented. - Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile. - Support --key-file/-d option for luksFormat. - Fix description of --key-file and add --verbose and --debug options to man page. - Add verbose log level and move unlocking message there. - Remove device even if underlying device disappeared. - Fix (deprecated) reload device command to accept new device argument. - Fix luksClose operation for stacked DM devices. - Fix automatic dm-crypt module loading. - Escape hyphens in man page. - Try to use pkgconfig for device mapper library. - Detect old dm-crypt module and disable LUKS suspend/resume. - Fix apitest to work on older systems. - Allow no hash specification in plain device constructor. - Fix luksOpen reading of passphrase on stdin (if "-" keyfile specified). - Fix isLuks to initialise crypto backend (blkid instead is suggested anyway). - Fix package config to use proper package version. - Avoid class C++ keyword in library header. - Detect and use devmapper udev support if available (disable by --disable-udev). - Prefer some device paths in status display. - Support device topology detectionfor data alignment. - Do not verify unlocking passphrase in luksAddKey command. - Properly initialise crypto backend in header backup/restore commands. - Fix udev support for old libdevmapper with not compatible definition. -------------------------------------------------------------------------------- ChangeLog: * Sun May 16 2010 Till Maas <[email protected]> - 3.4-1 - Update to new release -------------------------------------------------------------------------------- References: [ 1 ] Bug #608400 - pam_mount-2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=608400 [ 2 ] Bug #599609 - use mount -t crypt instead of mount.crypt for pam_mount crypt volumes for selinux support https://bugzilla.redhat.com/show_bug.cgi?id=599609 [ 3 ] Bug #610885 - update cryptsetup-luks to 1.1.2 for pam_mount https://bugzilla.redhat.com/show_bug.cgi?id=610885 [ 4 ] Bug #570315 - pmt-ehd has problems has problems creating large loopback containers https://bugzilla.redhat.com/show_bug.cgi?id=570315 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libHX' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
