commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2020-08-20 22:35:38
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new.3399 (New)
Package is "ecryptfs-utils"
Thu Aug 20 22:35:38 2020 rev:51 rq:828245 version:111
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2018-02-21 14:14:01.156684301 +0100
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new.3399/ecryptfs-utils.changes
2020-08-20 22:35:49.416177447 +0200
@@ -1,0 +2,6 @@
+Tue Aug 18 15:21:46 UTC 2020 - Dominique Leuenberger
+
+- Fix wrong usage of %{_libexecdir} for systemd owned paths below
+ %{_prefix}/lib.
+
+---
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.Z7Y8mR/_old 2020-08-20 22:35:51.388178351 +0200
+++ /var/tmp/diff_new_pack.Z7Y8mR/_new 2020-08-20 22:35:51.392178353 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ecryptfs-utils
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -21,9 +21,9 @@
Version:111
Release:0
Summary:Userspace Utilities for ecryptfs
-License:GPL-2.0
+License:GPL-2.0-only
Group: Productivity/Security
-Url:http://ecryptfs.org/
+URL:http://ecryptfs.org/
Source0:
http://launchpad.net/ecryptfs/trunk/%{version}/+download/ecryptfs-utils_%{version}.orig.tar.gz
Source1:baselibs.conf
Source2:ecryptfs-mount-private.png
@@ -114,8 +114,8 @@
find %{buildroot} -type f -name "*.la" -delete -print
#we need ecryptfs kernel module
-mkdir -p %{buildroot}%{_libexecdir}/modules-load.d/
-echo -e "# ecryptfs module is needed before ecryptfs mount, so mount helper
can \n# check for file name encryption support\necryptfs"
>%{buildroot}%{_libexecdir}/modules-load.d/ecryptfs.conf
+mkdir -p %{buildroot}%{_prefix}/lib/modules-load.d/
+echo -e "# ecryptfs module is needed before ecryptfs mount, so mount helper
can \n# check for file name encryption support\necryptfs"
>%{buildroot}%{_prefix}/lib/modules-load.d/ecryptfs.conf
%verifyscript
%verify_permissions -e /sbin/mount.ecryptfs_private
@@ -153,8 +153,8 @@
#{python_sitelib}/ecryptfs-utils
#{python_sitearch}/ecryptfs-utils
%{_datadir}/applications/*.desktop
-%dir %{_libexecdir}/modules-load.d
-%{_libexecdir}/modules-load.d/*
+%dir %{_prefix}/lib/modules-load.d
+%{_prefix}/lib/modules-load.d/*
%files -n %{lname}
%defattr(-, root, root)
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2018-02-21 14:13:57
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
Package is "ecryptfs-utils"
Wed Feb 21 14:13:57 2018 rev:50 rq:578631 version:111
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2017-11-15 16:59:09.901033809 +0100
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2018-02-21 14:14:01.156684301 +0100
@@ -1,0 +2,6 @@
+Wed Feb 21 09:53:30 UTC 2018 - meiss...@suse.com
+
+- drop python2 support (needs to be replaced by python3 support)
+ (bsc#1081587)
+
+---
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.NYxjs5/_old 2018-02-21 14:14:02.516635325 +0100
+++ /var/tmp/diff_new_pack.NYxjs5/_new 2018-02-21 14:14:02.516635325 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ecryptfs-utils
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -47,8 +47,8 @@
BuildRequires: pam-devel
BuildRequires: pkcs11-helper-devel
BuildRequires: pkg-config
-BuildRequires: python-devel
-BuildRequires: swig
+#BuildRequires: python3-devel
+#BuildRequires: swig
BuildRequires: trousers-devel
BuildRequires: update-desktop-files
Requires(pre): pam-config
@@ -85,6 +85,7 @@
%configure \
--docdir=%{_defaultdocdir}/%{name} \
--disable-static \
+ --disable-pywrap \
--enable-tspi \
--enable-pkcs11-helper \
--with-pamdir=/%{_lib}/security
@@ -149,8 +150,8 @@
%{_libdir}/ecryptfs*
%{_datadir}/ecryptfs-utils
/%{_lib}/security/pam_ecryptfs.so
-%{python_sitelib}/ecryptfs-utils
-%{python_sitearch}/ecryptfs-utils
+#{python_sitelib}/ecryptfs-utils
+#{python_sitearch}/ecryptfs-utils
%{_datadir}/applications/*.desktop
%dir %{_libexecdir}/modules-load.d
%{_libexecdir}/modules-load.d/*
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2017-11-15 16:59:05
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
Package is "ecryptfs-utils"
Wed Nov 15 16:59:05 2017 rev:49 rq:541775 version:111
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2017-03-12 20:04:55.733870513 +0100
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2017-11-15 16:59:09.901033809 +0100
@@ -1,0 +2,18 @@
+Tue Nov 14 10:25:45 UTC 2017 - meiss...@suse.com
+
+- The license is GPL-2.0 (without + / or later)
+
+---
+Tue Nov 7 14:27:25 UTC 2017 - vci...@suse.com
+
+- Update to 111
+ * upstream provides no changelog
+- add ecryptfs-utils-openssl11.patch to support build with
+ OpenSSL 1.1 (bsc#1066937)
+
+---
+Tue Nov 7 14:18:15 UTC 2017 - vci...@suse.com
+
+- drop validate-mount-destination-fs-type.patch (upstream)
+
+---
Old:
ecryptfs-utils_108.orig.tar.gz
validate-mount-destination-fs-type.patch
New:
ecryptfs-utils-openssl11.patch
ecryptfs-utils_111.orig.tar.gz
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.cpPZha/_old 2017-11-15 16:59:12.768928801 +0100
+++ /var/tmp/diff_new_pack.cpPZha/_new 2017-11-15 16:59:12.772928654 +0100
@@ -18,10 +18,10 @@
%define lname libecryptfs1
Name: ecryptfs-utils
-Version:108
+Version:111
Release:0
Summary:Userspace Utilities for ecryptfs
-License:GPL-2.0+
+License:GPL-2.0
Group: Productivity/Security
Url:http://ecryptfs.org/
Source0:
http://launchpad.net/ecryptfs/trunk/%{version}/+download/ecryptfs-utils_%{version}.orig.tar.gz
@@ -31,7 +31,7 @@
Patch0: ecryptfs-setup-swap-SuSE.patch
# PATCH-FIX-OPENSUSE build with -fpie/-pie
Patch1: ecryptfs-utils-src-utils-Makefile.patch
-Patch2: validate-mount-destination-fs-type.patch
+Patch2: ecryptfs-utils-openssl11.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: fdupes
@@ -77,7 +77,7 @@
%setup -q
%patch0 -p1
%patch1 -p1
-%patch2 -p1
+%patch2 -p0
%build
export RPM_OPT_FLAGS="%{optflags} -fno-strict-aliasing"
++ ecryptfs-utils-openssl11.patch ++
=== modified file 'src/key_mod/ecryptfs_key_mod_openssl.c'
--- src/key_mod/ecryptfs_key_mod_openssl.c 2013-10-25 19:45:09 +
+++ src/key_mod/ecryptfs_key_mod_openssl.c 2017-06-02 18:27:28 +
@@ -41,6 +41,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -55,6 +56,19 @@
char *passphrase;
};
+#if OPENSSL_VERSION_NUMBER < 0x1010L
+static void RSA_get0_key(const RSA *r,
+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+ if (n != NULL)
+ *n = r->n;
+ if (e != NULL)
+ *e = r->e;
+ if (d != NULL)
+ *d = r->d;
+}
+#endif
+
static void
ecryptfs_openssl_destroy_openssl_data(struct openssl_data *openssl_data)
{
@@ -142,6 +156,7 @@
{
int len, nbits, ebits, i;
int nbytes, ebytes;
+ const BIGNUM *key_n, *key_e;
unsigned char *hash;
unsigned char *data = NULL;
int rc = 0;
@@ -152,11 +167,13 @@
rc = -ENOMEM;
goto out;
}
- nbits = BN_num_bits(key->n);
+ RSA_get0_key(key, _n, NULL, NULL);
+ nbits = BN_num_bits(key_n);
nbytes = nbits / 8;
if (nbits % 8)
nbytes++;
- ebits = BN_num_bits(key->e);
+ RSA_get0_key(key, NULL, _e, NULL);
+ ebits = BN_num_bits(key_e);
ebytes = ebits / 8;
if (ebits % 8)
ebytes++;
@@ -179,11 +196,13 @@
data[i++] = '\02';
data[i++] = (nbits >> 8);
data[i++] = nbits;
- BN_bn2bin(key->n, &(data[i]));
+ RSA_get0_key(key, _n, NULL, NULL);
+ BN_bn2bin(key_n, &(data[i]));
i += nbytes;
data[i++] = (ebits >> 8);
data[i++] = ebits;
- BN_bn2bin(key->e, &(data[i]));
+ RSA_get0_key(key, NULL, _e, NULL);
+ BN_bn2bin(key_e, &(data[i]));
i += ebytes;
SHA1(data, len + 3, hash);
to_hex(sig, (char *)hash, ECRYPTFS_SIG_SIZE);
@@ -278,7 +297,9 @@
BIO *in = NULL;
int rc;
+ #if OPENSSL_VERSION_NUMBER < 0x1010L
CRYPTO_malloc_init();
+ #endif
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2017-03-12 20:04:54
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
Package is "ecryptfs-utils"
Sun Mar 12 20:04:54 2017 rev:48 rq:478022 version:108
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2016-01-23 01:16:34.0 +0100
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2017-03-12 20:04:55.733870513 +0100
@@ -1,0 +2,6 @@
+Thu Mar 9 18:47:05 UTC 2017 - sfal...@opensuse.org
+
+- Edited %files section to clear unpackaged files builderror in
+ openSUSE:Factory
+
+---
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.WmDPl6/_old 2017-03-12 20:04:56.609746574 +0100
+++ /var/tmp/diff_new_pack.WmDPl6/_new 2017-03-12 20:04:56.613746008 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ecryptfs-utils
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -137,6 +137,7 @@
%files -f %{name}.lang
%defattr(-, root, root)
%doc COPYING NEWS README THANKS doc/ecryptfs-faq.html
+%{_docdir}/%{name}
%{_bindir}/*
/sbin/mount.ecryptfs
/sbin/umount.ecryptfs
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2016-01-23 01:16:28
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
Package is "ecryptfs-utils"
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2015-10-20 00:06:15.0 +0200
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2016-01-23 01:16:34.0 +0100
@@ -1,0 +2,7 @@
+Wed Jan 20 16:31:19 UTC 2016 - meiss...@suse.com
+
+- validate-mount-destination-fs-type.patch: A local user could have
+ escalated privileges by mounting over special filesystems (bsc#962052
+ CVE-2016-1572)
+
+---
New:
validate-mount-destination-fs-type.patch
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.Q3W7rU/_old 2016-01-23 01:16:35.0 +0100
+++ /var/tmp/diff_new_pack.Q3W7rU/_new 2016-01-23 01:16:35.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ecryptfs-utils
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -31,6 +31,7 @@
Patch0: ecryptfs-setup-swap-SuSE.patch
# PATCH-FIX-OPENSUSE build with -fpie/-pie
Patch1: ecryptfs-utils-src-utils-Makefile.patch
+Patch2: validate-mount-destination-fs-type.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: fdupes
@@ -76,6 +77,7 @@
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
export RPM_OPT_FLAGS="%{optflags} -fno-strict-aliasing"
++ validate-mount-destination-fs-type.patch ++
>From 8fcdb9ef8406cd05c45acef6210a3bfa0831e857 Mon Sep 17 00:00:00 2001
From: Tyler Hicks
Date: Thu, 7 Jan 2016 19:39:14 -0600
Subject: [PATCH] mount.ecryptfs_private: Validate mount destination fs type
Refuse to mount over non-standard filesystems. Mounting over
certain types filesystems is a red flag that the user is doing
something devious, such as mounting over the /proc/self symlink
target with malicious content in order to confuse programs that may
attempt to parse those files. (LP: #1530566)
https://launchpad.net/bugs/1530566
---
debian/changelog | 8 +
src/utils/mount.ecryptfs_private.c | 61 ++
2 files changed, 69 insertions(+)
Index: ecryptfs-utils-108/src/utils/mount.ecryptfs_private.c
===
--- ecryptfs-utils-108.orig/src/utils/mount.ecryptfs_private.c
+++ ecryptfs-utils-108/src/utils/mount.ecryptfs_private.c
@@ -30,6 +30,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -220,6 +221,62 @@ err:
return NULL;
}
+static int check_cwd_f_type()
+{
+ /**
+* This is *not* a list of compatible lower filesystems list for
+* eCryptfs. This is a list of filesystems that we reasonably expect to
+* see mount.ecryptfs_private users mounting on top of. In other words,
+* the filesystem type of the 'target' parameter of mount(2).
+*
+* This whitelist is to prevent malicious mount.ecryptfs_private users
+* from mounting over filesystem types such as PROC_SUPER_MAGIC to
+* deceive other programs with a crafted /proc/self/*. See
+* https://launchpad.net/bugs/1530566 for more details.
+*/
+ __SWORD_TYPE f_type_whitelist[] = {
+ 0x61756673 /* AUFS_SUPER_MAGIC */,
+ 0x9123683E /* BTRFS_SUPER_MAGIC */,
+ 0x00C36400 /* CEPH_SUPER_MAGIC */,
+ 0xFF534D42 /* CIFS_MAGIC_NUMBER */,
+ 0xF15F /* ECRYPTFS_SUPER_MAGIC */,
+ 0xEF53 /* EXT[234]_SUPER_MAGIC */,
+ 0xF2F52010 /* F2FS_SUPER_MAGIC */,
+ 0x65735546 /* FUSE_SUPER_MAGIC */,
+ 0x01161970 /* GFS2_MAGIC */,
+ 0x3153464A /* JFS_SUPER_MAGIC */,
+ 0x564C /* NCP_SUPER_MAGIC */,
+ 0x6969 /* NFS_SUPER_MAGIC */,
+ 0x3434 /* NILFS_SUPER_MAGIC */,
+ 0x5346544E /* NTFS_SB_MAGIC */,
+ 0x794C7630 /* OVERLAYFS_SUPER_MAGIC */,
+ 0x52654973 /* REISERFS_SUPER_MAGIC */,
+ 0x73717368 /* SQUASHFS_MAGIC */,
+ 0x01021994 /* TMPFS_MAGIC */,
+ 0x58465342 /* XFS_SB_MAGIC */,
+ 0x2FC12FC1 /* ZFS_SUPER_MAGIC */,
+
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2015-10-19 22:52:26
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
Package is "ecryptfs-utils"
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2015-10-08 08:26:22.0 +0200
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2015-10-20 00:06:15.0 +0200
@@ -1,0 +2,6 @@
+Sat Oct 17 08:13:38 UTC 2015 - mplus...@suse.com
+
+- Update to 108
+ * This release does not have a changelog.
+
+---
Old:
ecryptfs-utils_106.orig.tar.gz
New:
ecryptfs-utils_108.orig.tar.gz
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.00eUsH/_old 2015-10-20 00:06:16.0 +0200
+++ /var/tmp/diff_new_pack.00eUsH/_new 2015-10-20 00:06:16.0 +0200
@@ -18,7 +18,7 @@
%define lname libecryptfs1
Name: ecryptfs-utils
-Version:106
+Version:108
Release:0
Summary:Userspace Utilities for ecryptfs
License:GPL-2.0+
++ ecryptfs-setup-swap-SuSE.patch ++
--- /var/tmp/diff_new_pack.00eUsH/_old 2015-10-20 00:06:16.0 +0200
+++ /var/tmp/diff_new_pack.00eUsH/_new 2015-10-20 00:06:16.0 +0200
@@ -1,7 +1,7 @@
-Index: ecryptfs-utils-106/src/utils/ecryptfs-setup-swap
+Index: ecryptfs-utils-108/src/utils/ecryptfs-setup-swap
===
ecryptfs-utils-106.orig/src/utils/ecryptfs-setup-swap
-+++ ecryptfs-utils-106/src/utils/ecryptfs-setup-swap
+--- ecryptfs-utils-108.orig/src/utils/ecryptfs-setup-swap
ecryptfs-utils-108/src/utils/ecryptfs-setup-swap
@@ -37,23 +37,20 @@ warn() {
usage() {
echo
@@ -28,17 +28,17 @@
*)
usage
;;
-@@ -149,7 +146,8 @@ i=0
- for swap in $swaps; do
- info `gettext "Setting up swap:"` "[$swap]"
+@@ -151,7 +148,8 @@ for swap in $swaps; do
uuid=$(blkid -o value -s UUID $swap)
-- for target in "UUID=$uuid" $swap; do
-+ suse_swap=$(grep swap /etc/fstab |cut -d' ' -f1)
-+ for target in "UUID=$uuid" $swap $suse_swap; do
+ # /etc/fstab might use a symlink like /dev/mapper/ubuntu--vg-swap_1
+ links=$(for d in $(udevadm info --query=symlink -n $swap); do echo
/dev/$d; done)
+- for target in "UUID=$uuid" $swap $links; do
++ suse_swap=$(grep swap /etc/fstab |cut -d' ' -f1)
++ for target in "UUID=$uuid" $swap $links $suse_swap; do
if [ -n "$target" ] && grep -qs "^$target\s\+" /etc/fstab; then
sed -i "s:^$target\s\+:\#$target :" /etc/fstab
warn "Commented out your unencrypted swap from
/etc/fstab"
-@@ -181,3 +179,4 @@ if [ "$NO_RELOAD" != 1 ]; then
+@@ -201,3 +199,4 @@ if [ "$NO_RELOAD" != 1 ]; then
fi
info `gettext "Successfully encrypted swap!"`
++ ecryptfs-utils_106.orig.tar.gz -> ecryptfs-utils_108.orig.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ecryptfs-utils-106/configure
new/ecryptfs-utils-108/configure
--- old/ecryptfs-utils-106/configure2015-03-12 00:34:23.0 +0100
+++ new/ecryptfs-utils-108/configure2015-08-06 19:46:17.0 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for ecryptfs-utils 106.
+# Generated by GNU Autoconf 2.69 for ecryptfs-utils 108.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
# Identity of this package.
PACKAGE_NAME='ecryptfs-utils'
PACKAGE_TARNAME='ecryptfs-utils'
-PACKAGE_VERSION='106'
-PACKAGE_STRING='ecryptfs-utils 106'
+PACKAGE_VERSION='108'
+PACKAGE_STRING='ecryptfs-utils 108'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1472,7 +1472,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures ecryptfs-utils 106 to adapt to many kinds of systems.
+\`configure' configures ecryptfs-utils 108 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1543,7 +1543,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of ecryptfs-utils 106:";;
+ short | recursive ) echo "Configuration of ecryptfs-utils 108:";;
esac
cat <<\_ACEOF
@@ -1696,7 +1696,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version;
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2015-10-08 08:26:20
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
Package is "ecryptfs-utils"
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2015-05-15 07:43:24.0 +0200
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2015-10-08 08:26:22.0 +0200
@@ -1,0 +2,14 @@
+Fri Oct 2 19:55:18 UTC 2015 - mplus...@suse.com
+
+- Do not ship .la files
+
+---
+Wed Sep 30 14:30:56 UTC 2015 - mplus...@suse.com
+
+- Cleanup spec file with spec-cleaner
+- Update autotool dependencies
+- Split library and devel packages
+- Use desktop file macros
+- Use fdupes to reduce duplicities
+
+---
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.qfZ14e/_old 2015-10-08 08:26:23.0 +0200
+++ /var/tmp/diff_new_pack.qfZ14e/_new 2015-10-08 08:26:23.0 +0200
@@ -16,21 +16,24 @@
#
+%define lname libecryptfs1
Name: ecryptfs-utils
-Url:http://ecryptfs.org/
+Version:106
+Release:0
Summary:Userspace Utilities for ecryptfs
License:GPL-2.0+
Group: Productivity/Security
-Version:106
-Release:0
-Source0:
http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz
+Url:http://ecryptfs.org/
+Source0:
http://launchpad.net/ecryptfs/trunk/%{version}/+download/ecryptfs-utils_%{version}.orig.tar.gz
Source1:baselibs.conf
Source2:ecryptfs-mount-private.png
# PATCH-FIX-OPENSUSE fix for systemd and no UUID in fstab
Patch0: ecryptfs-setup-swap-SuSE.patch
# PATCH-FIX-OPENSUSE build with -fpie/-pie
Patch1: ecryptfs-utils-src-utils-Makefile.patch
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: fdupes
BuildRequires: gtk2-devel
BuildRequires: intltool
BuildRequires: keyutils-devel
@@ -42,89 +45,121 @@
BuildRequires: pam-config
BuildRequires: pam-devel
BuildRequires: pkcs11-helper-devel
+BuildRequires: pkg-config
BuildRequires: python-devel
BuildRequires: swig
BuildRequires: trousers-devel
BuildRequires: update-desktop-files
Requires(pre): pam-config
-PreReq: permissions
+Requires(pre): permissions
+BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
A stacked cryptographic filesystem for Linux.
+%package -n %{lname}
+Summary:Shared library for %{name}
+Group: System/Libraries
+
+%description -n %{lname}
+A stacked cryptographic filesystem for Linux.
+
+%package devel
+Summary:Development files for %{name}
+Group: Development/Languages/C and C++
+Requires: %{lname} = %{version}
+
+%description devel
+A stacked cryptographic filesystem for Linux.
+
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%build
-export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
-autoreconf -i -f
+export RPM_OPT_FLAGS="%{optflags} -fno-strict-aliasing"
+autoreconf -fiv
%configure \
- --docdir=%_defaultdocdir/%{name} \
+ --docdir=%{_defaultdocdir}/%{name} \
--disable-static \
--enable-tspi \
--enable-pkcs11-helper \
- --with-pamdir=/%_lib/security
+ --with-pamdir=/%{_lib}/security
make %{?_smp_mflags}
%check
-make check
+make %{?_smp_mflags} check
%install
-%makeinstall
-mkdir -p $RPM_BUILD_ROOT/%{_datadir}/applications
-install -m644 %{SOURCE2}
$RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.png
-printf "Encoding=UTF-8\n"
>>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop
-printf "Encoding=UTF-8\n"
>>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop
-printf "Icon=%{_datadir}/%{name}/ecryptfs-mount-private.png\n"
>>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop
-printf "Icon=%{_datadir}/%{name}/ecryptfs-mount-private.png\n"
>>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop
-sed -i 's|^_||'
$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop
-sed -i 's|^_||'
$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop
-mv $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop
$RPM_BUILD_ROOT/%{_datadir}/applications
-%suse_update_desktop_file
$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop
+make DESTDIR=%{buildroot} install %{?_smp_mflags}
+mkdir -p
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2015-05-15 07:43:15
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
Package is ecryptfs-utils
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2014-09-05 09:34:46.0 +0200
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2015-05-15 07:43:24.0 +0200
@@ -1,0 +2,8 @@
+Mon May 11 14:39:00 UTC 2015 - meiss...@suse.com
+
+- updated to 106
+ - new passphrase wrapping method, including the salt to fix
+CVE-2014-9687 / bsc#920160
+ - various bugfixes
+
+---
Old:
ecryptfs-utils_104.orig.tar.gz
New:
ecryptfs-utils_106.orig.tar.gz
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.WHOlMa/_old 2015-05-15 07:43:25.0 +0200
+++ /var/tmp/diff_new_pack.WHOlMa/_new 2015-05-15 07:43:25.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ecryptfs-utils
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
Summary:Userspace Utilities for ecryptfs
License:GPL-2.0+
Group: Productivity/Security
-Version:104
+Version:106
Release:0
Source0:
http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz
Source1:baselibs.conf
++ ecryptfs-setup-swap-SuSE.patch ++
--- /var/tmp/diff_new_pack.WHOlMa/_old 2015-05-15 07:43:25.0 +0200
+++ /var/tmp/diff_new_pack.WHOlMa/_new 2015-05-15 07:43:25.0 +0200
@@ -1,6 +1,8 @@
ecryptfs-utils-103/src/utils/ecryptfs-setup-swap 2013-08-05
10:44:55.61890 -0400
-+++ ecryptfs-utils-103/src/utils/ecryptfs-setup-swap.mod 2013-08-05
10:54:16.966419219 -0400
-@@ -37,23 +37,20 @@
+Index: ecryptfs-utils-106/src/utils/ecryptfs-setup-swap
+===
+--- ecryptfs-utils-106.orig/src/utils/ecryptfs-setup-swap
ecryptfs-utils-106/src/utils/ecryptfs-setup-swap
+@@ -37,23 +37,20 @@ warn() {
usage() {
echo
echo `gettext Usage:`
@@ -26,26 +28,18 @@
*)
usage
;;
-@@ -149,7 +146,8 @@
+@@ -149,7 +146,8 @@ i=0
for swap in $swaps; do
info `gettext Setting up swap:` [$swap]
uuid=$(blkid -o value -s UUID $swap)
- for target in UUID=$uuid $swap; do
+ suse_swap=$(grep swap /etc/fstab |cut -d' ' -f1)
-+ for target in $suse_swap $swap; do
- if [ -n $target ] grep -qs ^$target /etc/fstab; then
- sed -i s:^$target :\#$target : /etc/fstab
++ for target in UUID=$uuid $swap $suse_swap; do
+ if [ -n $target ] grep -qs ^$target\s\+ /etc/fstab; then
+ sed -i s:^$target\s\+:\#$target : /etc/fstab
warn Commented out your unencrypted swap from
/etc/fstab
-@@ -166,7 +164,6 @@
- # Add fstab entry
- echo /dev/mapper/cryptswap$i none swap sw 0 0 /etc/fstab
- done
--
- if [ $NO_RELOAD != 1 ]; then
- # Turn swap off
- swapoff -a
-@@ -179,3 +176,4 @@
+@@ -181,3 +179,4 @@ if [ $NO_RELOAD != 1 ]; then
fi
- info `gettext Successfully setup encrypted swap!`
+ info `gettext Successfully encrypted swap!`
+info This will take effect after reboot
++ ecryptfs-utils_104.orig.tar.gz - ecryptfs-utils_106.orig.tar.gz ++
3467 lines of diff (skipped)
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2014-09-05 09:34:24 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is ecryptfs-utils Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2014-08-20 10:51:46.0 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2014-09-05 09:34:46.0 +0200 @@ -1,0 +2,6 @@ +Thu Sep 4 13:13:07 UTC 2014 - da...@darins.net + +- update to 104 + - lots of bugfixes, apparently from static code checking + +--- Old: ecryptfs-utils_103.orig.tar.gz New: ecryptfs-utils_104.orig.tar.gz Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.sTbXCd/_old 2014-09-05 09:34:47.0 +0200 +++ /var/tmp/diff_new_pack.sTbXCd/_new 2014-09-05 09:34:47.0 +0200 @@ -17,11 +17,11 @@ Name: ecryptfs-utils -Url:https://launchpad.net/ecryptfs +Url:http://ecryptfs.org/ Summary:Userspace Utilities for ecryptfs License:GPL-2.0+ Group: Productivity/Security -Version:103 +Version:104 Release:0 Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz Source1:baselibs.conf ++ ecryptfs-utils_103.orig.tar.gz - ecryptfs-utils_104.orig.tar.gz ++ 13836 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2014-08-20 10:51:16
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
Package is ecryptfs-utils
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2013-08-18 22:29:40.0 +0200
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2014-08-20 10:51:46.0 +0200
@@ -1,0 +2,13 @@
+Fri Aug 8 10:56:20 UTC 2014 - fcro...@suse.com
+
+- Drop ecryptfs-correct-desktop.patch and ensure
+ ecryptfs-mount-private.desktop is properly generated and
+ installed in a program specific location (ecryptfs-setup-private
+ will take care of creating the right symlink) and not in
+ /usr/share/applications by default.
+- Add ecryptfs-mount-private.png (from Fedora)
+- Create tmpfiles.d to ensure ecryptfs module is autoloaded at
+ start.
+- Fix category on ecryptfs-setup-private.desktop.
+
+---
Old:
ecryptfs-correct-desktop.patch
New:
ecryptfs-mount-private.png
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.rONMLQ/_old 2014-08-20 10:51:48.0 +0200
+++ /var/tmp/diff_new_pack.rONMLQ/_new 2014-08-20 10:51:48.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ecryptfs-utils
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -25,11 +25,11 @@
Release:0
Source0:
http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz
Source1:baselibs.conf
+Source2:ecryptfs-mount-private.png
# PATCH-FIX-OPENSUSE fix for systemd and no UUID in fstab
Patch0: ecryptfs-setup-swap-SuSE.patch
# PATCH-FIX-OPENSUSE build with -fpie/-pie
Patch1: ecryptfs-utils-src-utils-Makefile.patch
-Patch2: ecryptfs-correct-desktop.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gtk2-devel
BuildRequires: intltool
@@ -56,7 +56,6 @@
%setup -q
%patch0 -p1
%patch1 -p1
-%patch2 -p1
%build
export RPM_OPT_FLAGS=$RPM_OPT_FLAGS -fno-strict-aliasing
@@ -74,12 +73,23 @@
%install
%makeinstall
-mkdir -p $RPM_BUILD_ROOT/%{_datadir}/applications/
-mv $RPM_BUILD_ROOT/%{_datadir}/ecryptfs-utils/*desktop
$RPM_BUILD_ROOT/%{_datadir}/applications/
-%suse_update_desktop_file ecryptfs-mount-private
-%suse_update_desktop_file ecryptfs-setup-private
+mkdir -p $RPM_BUILD_ROOT/%{_datadir}/applications
+install -m644 %{SOURCE2}
$RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.png
+printf Encoding=UTF-8\n
$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop
+printf Encoding=UTF-8\n
$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop
+printf Icon=%{_datadir}/%{name}/ecryptfs-mount-private.png\n
$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop
+printf Icon=%{_datadir}/%{name}/ecryptfs-mount-private.png\n
$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop
+sed -i 's|^_||'
$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop
+sed -i 's|^_||'
$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop
+mv $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop
$RPM_BUILD_ROOT/%{_datadir}/applications
+%suse_update_desktop_file
$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop
+%suse_update_desktop_file -r ecryptfs-setup-private System Security
%find_lang %{name}
+#we need ecryptfs kernel module
+mkdir -p $RPM_BUILD_ROOT/usr/lib/modules-load.d/
+echo -e # ecryptfs module is needed before ecryptfs mount, so mount helper
can \n# check for file name encryption support\necryptfs
$RPM_BUILD_ROOT/usr/lib/modules-load.d/ecryptfs.conf
+
%verifyscript
%verify_permissions -e /sbin/mount.ecryptfs_private
@@ -113,6 +123,8 @@
/%_lib/security/pam_ecryptfs.so
%{python_sitelib}/ecryptfs-utils
%{python_sitearch}/ecryptfs-utils
-%{_datadir}/applications/ecryptfs-*
+%{_datadir}/applications/*.desktop
+%dir /usr/lib/modules-load.d
+/usr/lib/modules-load.d/*
%changelog
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2013-08-18 22:29:39
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
Package is ecryptfs-utils
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2013-08-06 12:41:13.0 +0200
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2013-08-18 22:29:40.0 +0200
@@ -1,0 +2,5 @@
+Thu Aug 15 19:41:04 UTC 2013 - da...@darins.net
+
+- fix %postun to not run pam-config on update (bnc#814098, bnc#834993)
+
+---
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.yRhIQh/_old 2013-08-18 22:29:40.0 +0200
+++ /var/tmp/diff_new_pack.yRhIQh/_new 2013-08-18 22:29:40.0 +0200
@@ -90,7 +90,9 @@
%postun
/sbin/ldconfig
-/usr/sbin/pam-config -d --ecryptfs
+if [ $1 -eq 0 ]; then
+ /usr/sbin/pam-config -d --ecryptfs
+fi
%files -f %{name}.lang
%defattr(-, root, root)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2013-08-06 12:04:28
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
Package is ecryptfs-utils
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2012-07-12 14:46:50.0 +0200
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2013-08-06 12:41:13.0 +0200
@@ -1,0 +2,11 @@
+Mon Aug 5 18:41:01 UTC 2013 - da...@darins.net
+
+- update to 103
+- move -pie/-fpie into separate patch
+- update ecryptfs-setup-swap-SuSE.patch for systmd and fstab
+ without UUID lables
+- remove ecryptfs-utils.security.patch, fixed upstream
+- add PreReq: permissions
+- removed unpackaged doc
+
+---
Old:
ecryptfs-utils.security.patch
ecryptfs-utils_96.orig.tar.gz
New:
ecryptfs-utils-src-utils-Makefile.patch
ecryptfs-utils_103.orig.tar.gz
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.8HsFb0/_old 2013-08-06 12:41:14.0 +0200
+++ /var/tmp/diff_new_pack.8HsFb0/_new 2013-08-06 12:41:14.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ecryptfs-utils
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,12 +21,14 @@
Summary:Userspace Utilities for ecryptfs
License:GPL-2.0+
Group: Productivity/Security
-Version:96
+Version:103
Release:0
Source0:
http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz
Source1:baselibs.conf
+# PATCH-FIX-OPENSUSE fix for systemd and no UUID in fstab
Patch0: ecryptfs-setup-swap-SuSE.patch
-Patch1: ecryptfs-utils.security.patch
+# PATCH-FIX-OPENSUSE build with -fpie/-pie
+Patch1: ecryptfs-utils-src-utils-Makefile.patch
Patch2: ecryptfs-correct-desktop.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gtk2-devel
@@ -45,6 +47,7 @@
BuildRequires: trousers-devel
BuildRequires: update-desktop-files
Requires(pre): pam-config
+PreReq: permissions
%description
A stacked cryptographic filesystem for Linux.
@@ -91,7 +94,7 @@
%files -f %{name}.lang
%defattr(-, root, root)
-%doc COPYING NEWS README THANKS doc/ecryptfs-faq.html doc/ecryptfs-pam-doc.txt
+%doc COPYING NEWS README THANKS doc/ecryptfs-faq.html
/usr/include/ecryptfs.h
%{_prefix}/bin/*
/sbin/mount.ecryptfs
++ ecryptfs-setup-swap-SuSE.patch ++
--- /var/tmp/diff_new_pack.8HsFb0/_old 2013-08-06 12:41:14.0 +0200
+++ /var/tmp/diff_new_pack.8HsFb0/_new 2013-08-06 12:41:14.0 +0200
@@ -1,11 +1,51 @@
ecryptfs-utils-96/src/utils/ecryptfs-setup-swap2011-12-13
18:01:38.0 -0500
-+++ ecryptfs-utils-96/src/utils/ecryptfs-setup-swap-mod2012-04-06
11:24:50.083041485 -0400
-@@ -172,7 +172,7 @@
- swapoff -a
+--- ecryptfs-utils-103/src/utils/ecryptfs-setup-swap 2013-08-05
10:44:55.61890 -0400
ecryptfs-utils-103/src/utils/ecryptfs-setup-swap.mod 2013-08-05
10:54:16.966419219 -0400
+@@ -37,23 +37,20 @@
+ usage() {
+ echo
+ echo `gettext Usage:`
+- echo $0 [-f|--force] [-n|--no-reload]
++ echo $0 [-f|--force]
+ echo
+ exit 1
+ }
- # Restart cryptdisks
-- /etc/init.d/cryptdisks restart
-+ /etc/init.d/boot.crypto restart
+ # Handle command line options
+ FORCE=0
++NO_RELOAD=1
+ while [ ! -z $1 ]; do
+ case $1 in
+ -f|--force)
+ FORCE=1
+ shift 1
+ ;;
+- -n|--no-reload)
+- NO_RELOAD=1
+- shift 1
+- ;;
+ *)
+ usage
+ ;;
+@@ -149,7 +146,8 @@
+ for swap in $swaps; do
+ info `gettext Setting up swap:` [$swap]
+ uuid=$(blkid -o value -s UUID $swap)
+- for target in UUID=$uuid $swap; do
++ suse_swap=$(grep swap /etc/fstab |cut -d' ' -f1)
++ for target in $suse_swap $swap; do
+ if [ -n $target ] grep -qs ^$target /etc/fstab; then
+ sed -i s:^$target :\#$target : /etc/fstab
+ warn Commented out your unencrypted swap from
/etc/fstab
+@@ -166,7 +164,6 @@
+ # Add fstab entry
+ echo /dev/mapper/cryptswap$i none
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2012-07-12 14:46:48
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
Package is ecryptfs-utils, Maintainer is meiss...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2012-07-06 09:37:01.0 +0200
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2012-07-12 14:46:50.0 +0200
@@ -1,0 +2,12 @@
+Wed Jul 11 11:48:24 UTC 2012 - meiss...@suse.com
+
+- also supply MS_NODEV to avoid exposing device files
+ if someone got them on the encrypted media.
+
+---
+Tue Jul 10 14:03:27 UTC 2012 - meiss...@suse.com
+
+- point the desktop link to the right .desktop file
+- build mount.ecryptfs_private with -pie/-fpie
+
+---
New:
ecryptfs-correct-desktop.patch
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.j6pDvH/_old 2012-07-12 14:46:51.0 +0200
+++ /var/tmp/diff_new_pack.j6pDvH/_new 2012-07-12 14:46:51.0 +0200
@@ -27,6 +27,7 @@
Source1:baselibs.conf
Patch0: ecryptfs-setup-swap-SuSE.patch
Patch1: ecryptfs-utils.security.patch
+Patch2: ecryptfs-correct-desktop.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gtk2-devel
BuildRequires: intltool
@@ -52,6 +53,7 @@
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
export RPM_OPT_FLAGS=$RPM_OPT_FLAGS -fno-strict-aliasing
++ ecryptfs-correct-desktop.patch ++
Index: ecryptfs-utils-96/src/utils/ecryptfs-setup-private
===
--- ecryptfs-utils-96.orig/src/utils/ecryptfs-setup-private
+++ ecryptfs-utils-96/src/utils/ecryptfs-setup-private
@@ -340,7 +340,7 @@ echo
mkdir -m 700 -p $CRYPTDIR || error $(gettext 'Could not create crypt
directory') [$CRYPTDIR]
mkdir -m 700 -p $MOUNTPOINT || error $(gettext 'Could not create mount
directory') [$MOUNTPOINT]
ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt
$MOUNTPOINT/README.txt
-ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
$MOUNTPOINT/Access-Your-Private-Data.desktop
+ln -sf /usr/share/applications/ecryptfs-mount-private.desktop
$MOUNTPOINT/Access-Your-Private-Data.desktop
chmod 500 $MOUNTPOINT
# Setup ~/.ecryptfs directory
++ ecryptfs-utils.security.patch ++
--- /var/tmp/diff_new_pack.j6pDvH/_old 2012-07-12 14:46:51.0 +0200
+++ /var/tmp/diff_new_pack.j6pDvH/_new 2012-07-12 14:46:51.0 +0200
@@ -256,7 +256,7 @@
}
/* Perform mount */
- if (mount(src, ., FSTYPE, 0, opt) == 0) {
-+ if (mount(src, ., FSTYPE, MS_NOSUID, opt) == 0) {
++ if (mount(src, ., FSTYPE, MS_NOSUID|MS_NODEV, opt) == 0) {
if (update_mtab(src, dest, opt) != 0) {
goto fail;
}
@@ -268,3 +268,17 @@
/* Since we're doing a lazy unmount anyway, just unmount the
current
* directory. This avoids a lot of complexity in dealing with
race
+Index: ecryptfs-utils-96/src/utils/Makefile.am
+===
+--- ecryptfs-utils-96.orig/src/utils/Makefile.am
ecryptfs-utils-96/src/utils/Makefile.am
+@@ -58,7 +58,9 @@ ecryptfs_generate_tpm_key_CFLAGS = $(AM_
+ ecryptfs_generate_tpm_key_LDADD = $(TSPI_LIBS)
+
+ mount_ecryptfs_private_SOURCES = mount.ecryptfs_private.c
++mount_ecryptfs_private_CFLAGS = $(AM_CFLAGS) -fpie
+ mount_ecryptfs_private_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
$(KEYUTILS_LIBS)
++mount_ecryptfs_private_LDFLAGS = -pie
+
+ ecryptfs_stat_SOURCES = ecryptfs-stat.c
+ ecryptfs_stat_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2012-07-06 09:37:00
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
Package is ecryptfs-utils, Maintainer is meiss...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2012-04-12 09:21:27.0 +0200
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2012-07-06 09:37:01.0 +0200
@@ -1,0 +2,11 @@
+Wed Jul 4 11:08:11 UTC 2012 - meiss...@suse.com
+
+- hook pam_ecryptfs into pam session and auth bnc#755475
+
+---
+Thu Jun 21 06:19:46 UTC 2012 - meiss...@suse.com
+
+- added security improvements to mount.ecryptfs_private
+ and pam_ecryptfs (bnc#740110)
+
+---
New:
ecryptfs-utils.security.patch
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.SE06Jg/_old 2012-07-06 09:37:04.0 +0200
+++ /var/tmp/diff_new_pack.SE06Jg/_new 2012-07-06 09:37:04.0 +0200
@@ -26,6 +26,7 @@
Source0:
http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz
Source1:baselibs.conf
Patch0: ecryptfs-setup-swap-SuSE.patch
+Patch1: ecryptfs-utils.security.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gtk2-devel
BuildRequires: intltool
@@ -35,12 +36,14 @@
BuildRequires: libtool
BuildRequires: mozilla-nss-devel
BuildRequires: openssl-devel
+BuildRequires: pam-config
BuildRequires: pam-devel
BuildRequires: pkcs11-helper-devel
BuildRequires: python-devel
BuildRequires: swig
BuildRequires: trousers-devel
BuildRequires: update-desktop-files
+Requires(pre): pam-config
%description
A stacked cryptographic filesystem for Linux.
@@ -48,6 +51,7 @@
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
%build
export RPM_OPT_FLAGS=$RPM_OPT_FLAGS -fno-strict-aliasing
@@ -77,8 +81,11 @@
%post
/sbin/ldconfig
%set_permissions /sbin/mount.ecryptfs_private
+/usr/sbin/pam-config -a --ecryptfs
-%postun -p /sbin/ldconfig
+%postun
+/sbin/ldconfig
+/usr/sbin/pam-config -d --ecryptfs
%files -f %{name}.lang
%defattr(-, root, root)
++ ecryptfs-utils.security.patch ++
Index: ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c
===
--- ecryptfs-utils-96.orig/src/pam_ecryptfs/pam_ecryptfs.c
+++ ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c
@@ -32,13 +32,17 @@
#include unistd.h
#include errno.h
#include syslog.h
+#include limits.h
#include pwd.h
#include sys/types.h
#include sys/wait.h
#include sys/types.h
#include sys/stat.h
+#include sys/fsuid.h
+#include grp.h
#include fcntl.h
#include security/pam_modules.h
+#include security/pam_ext.h
#include ../include/ecryptfs.h
#define PRIVATE_DIR Private
@@ -119,9 +123,11 @@ static int wrap_passphrase_if_necessary(
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
- uid_t uid = 0;
+ uid_t uid = 0, oeuid = 0;
+ long ngroups_max = sysconf(_SC_NGROUPS_MAX);
+ gid_t gid = 0, oegid = 0, groups[ngroups_max+1];
+ int ngids = 0;
char *homedir = NULL;
- uid_t saved_uid = 0;
const char *username;
char *passphrase = NULL;
char salt[ECRYPTFS_SALT_SIZE];
@@ -139,12 +145,25 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
pwd = getpwnam(username);
if (pwd) {
uid = pwd-pw_uid;
+ gid = pwd-pw_gid;
homedir = pwd-pw_dir;
}
} else {
syslog(LOG_ERR, pam_ecryptfs: Error getting passwd info for
user [%s]; rc = [%ld]\n, username, rc);
goto out;
}
+
+ if ((oeuid = geteuid()) 0 || (oegid = getegid()) 0 ||
+ (ngids = getgroups(sizeof(groups)/sizeof(gid_t), groups)) 0) {
+ syslog(LOG_ERR, pam_ecryptfs: geteuid error);
+ goto outnouid;
+ }
+
+ if (setegid(gid) 0 || setgroups(1, gid) 0 || seteuid(uid) 0) {
+ syslog(LOG_ERR, pam_ecryptfs: seteuid error);
+ goto out;
+ }
+
if (!file_exists_dotecryptfs(homedir, auto-mount))
goto out;
private_mnt = ecryptfs_fetch_private_mnt(homedir);
@@ -158,13 +177,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
load ecryptfs module if not loaded already */
if
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2012-04-12 09:21:07
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
Package is ecryptfs-utils, Maintainer is meiss...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2012-03-29 11:36:53.0 +0200
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2012-04-12 09:21:27.0 +0200
@@ -1,0 +2,5 @@
+Fri Apr 6 15:33:03 UTC 2012 - da...@darins.net
+
+- patch so ecryptfs-setup-swap executes boot.crypto
+
+---
New:
ecryptfs-setup-swap-SuSE.patch
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.yZXxQc/_old 2012-04-12 09:21:28.0 +0200
+++ /var/tmp/diff_new_pack.yZXxQc/_new 2012-04-12 09:21:28.0 +0200
@@ -25,6 +25,7 @@
Release:0
Source0:
http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz
Source1:baselibs.conf
+Patch0: ecryptfs-setup-swap-SuSE.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gtk2-devel
BuildRequires: intltool
@@ -46,6 +47,7 @@
%prep
%setup -q
+%patch0 -p1
%build
export RPM_OPT_FLAGS=$RPM_OPT_FLAGS -fno-strict-aliasing
++ ecryptfs-setup-swap-SuSE.patch ++
--- ecryptfs-utils-96/src/utils/ecryptfs-setup-swap 2011-12-13
18:01:38.0 -0500
+++ ecryptfs-utils-96/src/utils/ecryptfs-setup-swap-mod 2012-04-06
11:24:50.083041485 -0400
@@ -172,7 +172,7 @@
swapoff -a
# Restart cryptdisks
- /etc/init.d/cryptdisks restart
+ /etc/init.d/boot.crypto restart
# Turn the swap on
swapon -a
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2012-03-29 11:36:52
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
Package is ecryptfs-utils, Maintainer is meiss...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2011-10-05 11:08:09.0 +0200
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2012-03-29 11:36:53.0 +0200
@@ -1,0 +2,10 @@
+Wed Mar 28 14:47:13 UTC 2012 - meiss...@suse.com
+
+- updated to 96
+ - bugfixes
+ - testsuite added
+ - ecryptfs-verify utility added
+ - write-read test utility
+- mark /sbin/mount.eccryptfs_private as setuidable (bnc#745584 , bnc#740110)
+
+---
Old:
ecryptfs-utils_92.orig.tar.gz
New:
ecryptfs-utils_96.orig.tar.gz
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.I4auVG/_old 2012-03-29 11:36:58.0 +0200
+++ /var/tmp/diff_new_pack.I4auVG/_new 2012-03-29 11:36:58.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ecryptfs-utils
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,20 +16,30 @@
#
-
Name: ecryptfs-utils
Url:https://launchpad.net/ecryptfs
+Summary:Userspace Utilities for ecryptfs
License:GPL-2.0+
Group: Productivity/Security
-Summary:Userspace Utilities for ecryptfs
-Version:92
-Release:1
+Version:96
+Release:0
Source0:
http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz
Source1:baselibs.conf
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-BuildRequires: gtk2-devel intltool keyutils-devel keyutils-libs
libgcrypt-devel mozilla-nss-devel openssl-devel pam-devel pkcs11-helper-devel
python-devel trousers-devel
-BuildRequires: update-desktop-files
+BuildRequires: gtk2-devel
+BuildRequires: intltool
+BuildRequires: keyutils-devel
+BuildRequires: keyutils-libs
+BuildRequires: libgcrypt-devel
BuildRequires: libtool
+BuildRequires: mozilla-nss-devel
+BuildRequires: openssl-devel
+BuildRequires: pam-devel
+BuildRequires: pkcs11-helper-devel
+BuildRequires: python-devel
+BuildRequires: swig
+BuildRequires: trousers-devel
+BuildRequires: update-desktop-files
%description
A stacked cryptographic filesystem for Linux.
@@ -59,7 +69,12 @@
%suse_update_desktop_file ecryptfs-setup-private
%find_lang %{name}
-%post -p /sbin/ldconfig
+%verifyscript
+%verify_permissions -e /sbin/mount.ecryptfs_private
+
+%post
+/sbin/ldconfig
+%set_permissions /sbin/mount.ecryptfs_private
%postun -p /sbin/ldconfig
@@ -68,7 +83,10 @@
%doc COPYING NEWS README THANKS doc/ecryptfs-faq.html doc/ecryptfs-pam-doc.txt
/usr/include/ecryptfs.h
%{_prefix}/bin/*
-/sbin/*
+/sbin/mount.ecryptfs
+/sbin/umount.ecryptfs
+/sbin/umount.ecryptfs_private
+%verify(not mode) /sbin/mount.ecryptfs_private
%{_libdir}/libecryptfs*
%{_libdir}/pkgconfig/libecryptfs.pc
%{_mandir}/man1/*ecryptfs*
++ ecryptfs-utils_92.orig.tar.gz - ecryptfs-utils_96.orig.tar.gz ++
12207 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2011-12-06 18:07:44 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is ecryptfs-utils, Maintainer is meiss...@suse.com Changes: Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.VWzW8y/_old 2011-12-06 18:13:17.0 +0100 +++ /var/tmp/diff_new_pack.VWzW8y/_new 2011-12-06 18:13:17.0 +0100 @@ -19,7 +19,7 @@ Name: ecryptfs-utils Url:https://launchpad.net/ecryptfs -License:GPLv2+ +License:GPL-2.0+ Group: Productivity/Security Summary:Userspace Utilities for ecryptfs Version:92 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at Wed Oct 5 11:08:08 CEST 2011.
--- openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2011-09-23
01:56:07.0 +0200
+++ /mounts/work_src_done/STABLE/ecryptfs-utils/ecryptfs-utils.changes
2011-09-30 22:12:16.0 +0200
@@ -1,0 +2,5 @@
+Fri Sep 30 20:07:57 UTC 2011 - co...@suse.com
+
+- add libtool as buildrequire to make the spec file more reliable
+
+---
calling whatdependson for head-i586
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.ZkUxnM/_old 2011-10-05 11:08:05.0 +0200
+++ /var/tmp/diff_new_pack.ZkUxnM/_new 2011-10-05 11:08:05.0 +0200
@@ -29,6 +29,7 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gtk2-devel intltool keyutils-devel keyutils-libs
libgcrypt-devel mozilla-nss-devel openssl-devel pam-devel pkcs11-helper-devel
python-devel trousers-devel
BuildRequires: update-desktop-files
+BuildRequires: libtool
%description
A stacked cryptographic filesystem for Linux.
continue with q...
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at Wed Sep 21 17:03:32 CEST 2011.
--- ecryptfs-utils/ecryptfs-utils.changes 2011-08-11 17:27:36.0
+0200
+++ /mounts/work_src_done/STABLE/ecryptfs-utils/ecryptfs-utils.changes
2011-09-20 15:33:30.0 +0200
@@ -1,0 +2,15 @@
+Tue Sep 20 15:32:22 CEST 2011 - meiss...@suse.de
+
+- Updated to 92
+ * Fix umask issue introduced by last security update
+ * some bugfixes
+
+---
+Sun Sep 18 17:17:12 UTC 2011 - jeng...@medozas.de
+
+- Remove redundant/obsolete tags/sections from specfile
+ (cf. packaging guidelines)
+- Put make call in the right spot
+- Use %_smp_mflags for parallel build
+
+---
calling whatdependson for head-i586
Old:
ecryptfs-utils_90.orig.tar.gz
New:
ecryptfs-utils_92.orig.tar.gz
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.td7d2Z/_old 2011-09-21 17:03:26.0 +0200
+++ /var/tmp/diff_new_pack.td7d2Z/_new 2011-09-21 17:03:26.0 +0200
@@ -15,16 +15,14 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
Name: ecryptfs-utils
Url:https://launchpad.net/ecryptfs
License:GPLv2+
Group: Productivity/Security
-AutoReqProv:on
Summary:Userspace Utilities for ecryptfs
-Version:90
+Version:92
Release:1
Source0:
http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz
Source1:baselibs.conf
@@ -35,16 +33,6 @@
%description
A stacked cryptographic filesystem for Linux.
-
-
-Authors:
-
-Mike Halcrow designed and implemented eCryptfs, which is a fork from
-Cryptfs. Erez Zadok, along with the fileystem research lab at Stony
-Brook University, designed and implemented Cryptfs. Michael
-C. Thompson has contributed a substantial amount of code to the
-project.
-
%prep
%setup -q
@@ -57,9 +45,9 @@
--enable-tspi \
--enable-pkcs11-helper \
--with-pamdir=/%_lib/security
+make %{?_smp_mflags}
%check
-make
make check
%install
@@ -70,9 +58,6 @@
%suse_update_desktop_file ecryptfs-setup-private
%find_lang %{name}
-%clean
-rm -rf $RPM_BUILD_ROOT
-
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
++ ecryptfs-utils_90.orig.tar.gz - ecryptfs-utils_92.orig.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ecryptfs-utils-90/Makefile.in
new/ecryptfs-utils-92/Makefile.in
--- old/ecryptfs-utils-90/Makefile.in 2011-08-10 15:36:29.0 +0200
+++ new/ecryptfs-utils-92/Makefile.in 2011-09-01 23:23:43.0 +0200
@@ -217,6 +217,8 @@
MSGMERGE = @MSGMERGE@
NM = @NM@
NMEDIT = @NMEDIT@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_LIBS = @NSS_LIBS@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ecryptfs-utils-90/configure
new/ecryptfs-utils-92/configure
--- old/ecryptfs-utils-90/configure 2011-08-10 15:36:28.0 +0200
+++ new/ecryptfs-utils-92/configure 2011-09-01 23:23:41.0 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for ecryptfs-utils 90.
+# Generated by GNU Autoconf 2.68 for ecryptfs-utils 92.
#
#
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -567,8 +567,8 @@
# Identity of this package.
PACKAGE_NAME='ecryptfs-utils'
PACKAGE_TARNAME='ecryptfs-utils'
-PACKAGE_VERSION='90'
-PACKAGE_STRING='ecryptfs-utils 90'
+PACKAGE_VERSION='92'
+PACKAGE_STRING='ecryptfs-utils 92'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -695,6 +695,8 @@
TSPI_CFLAGS
PKCS11_HELPER_LIBS
PKCS11_HELPER_CFLAGS
+NSS_LIBS
+NSS_CFLAGS
OPENSSL_LIBS
OPENSSL_CFLAGS
KEYUTILS_LIBS
@@ -885,6 +887,8 @@
KEYUTILS_LIBS
OPENSSL_CFLAGS
OPENSSL_LIBS
+NSS_CFLAGS
+NSS_LIBS
PKCS11_HELPER_CFLAGS
PKCS11_HELPER_LIBS
TSPI_CFLAGS
@@ -1435,7 +1439,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat _ACEOF
-\`configure' configures ecryptfs-utils 90 to adapt to many kinds of systems.
+\`configure' configures ecryptfs-utils 92 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1506,7 +1510,7 @@
if test -n $ac_init_help; then
case $ac_init_help in
- short | recursive ) echo Configuration of ecryptfs-utils 90:;;
+ short | recursive ) echo Configuration of ecryptfs-utils 92:;;
esac
cat \_ACEOF
@@ -1576,6 +1580,8 @@
C compiler
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at Fri Aug 12 13:24:19 CEST 2011. --- ecryptfs-utils/ecryptfs-utils.changes 2011-04-18 17:09:01.0 +0200 +++ /mounts/work_src_done/STABLE/ecryptfs-utils/ecryptfs-utils.changes 2011-08-11 17:27:36.0 +0200 @@ -1,0 +2,17 @@ +Thu Aug 11 17:25:21 CEST 2011 - meiss...@suse.de + +- Updated to 90 + Fixed several security issues: + * CVE-2011-1831 - Race condition when checking mountpoint during mount. + * CVE-2011-1832 - Race condition when checking mountpoint during unmount. + * CVE-2011-1833 - Race condition when checking source during mount. + * CVE-2011-1834 - Improper mtab handling allowing corruption due to resource +limits, signals, etc. + * CVE-2011-1835 - Key poisoning in ecryptfs-setup-private due to insecure temp +directory. + * CVE-2011-1836 - ecryptfs-recover-private mounts directly in /tmp + * CVE-2011-1837 - Predictable lock counter name and associated races. + + New ecryptfs-find binary to find by inode. + +--- calling whatdependson for head-i586 Old: ecryptfs-utils_87.orig.tar.gz New: ecryptfs-utils_90.orig.tar.gz Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.Bl1Eqy/_old 2011-08-12 13:24:01.0 +0200 +++ /var/tmp/diff_new_pack.Bl1Eqy/_new 2011-08-12 13:24:01.0 +0200 @@ -24,7 +24,7 @@ Group: Productivity/Security AutoReqProv:on Summary:Userspace Utilities for ecryptfs -Version:87 +Version:90 Release:1 Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz Source1:baselibs.conf ++ ecryptfs-utils_87.orig.tar.gz - ecryptfs-utils_90.orig.tar.gz ++ 18222 lines of diff (skipped) Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at Mon Jun 6 13:56:34 CEST 2011.
--- ecryptfs-utils/ecryptfs-utils.changes 2010-04-10 17:40:48.0
+0200
+++ /mounts/work_src_done/STABLE/ecryptfs-utils/ecryptfs-utils.changes
2011-04-18 17:09:01.0 +0200
@@ -1,0 +2,58 @@
+Mon Apr 18 17:06:50 CEST 2011 - meiss...@suse.de
+
+- Updated to 87
+ * src/utils/ecryptfs-setup-private: update the Private.* selinux
+contexts
+ * src/utils/ecryptfs-setup-private:
+- add -p to mkdir, address noise for a non-error
+- must insert keys during testing phase, since we remove keys on
+ unmount now, LP: #725862
+ * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in
+interactive mode, LP: #667331
+- Updated to 86
+ * src/pam_ecryptfs/pam_ecryptfs.c:
+- check if this file exists and ask the user for the wrapping passphrase
+ if it does
+- eliminate both ecryptfs_pam_wrapping_independent_set() and
+ ecryptfs_pam_automount_set() and replace with a reusable
+ file_exists_dotecryptfs() function
+ * src/utils/mount.ecryptfs_private.c:
+- support multiple, user configurable private directories by way of
+ a command line alias argument
+- this alias references a configuration file by the name of:
+ $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format,
+ as well as $HOME/.ecryptfs/alias.sig, in the same format as
+ Private.sig
+- if no argument specified, the utility operates in legacy mode,
+ defaulting to Private
+- rename variables, s/dev/src/ and s/mnt/dest/
+- add a read_config() function
+- add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR
+- this is half of the fix to LP: #615657
+ * doc/manpage/mount.ecryptfs_private.1: document these changes
+ * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c:
+- allow umount.ecryptfs_private to succeed when the key is no
+ longer in user keyring.
+- Updated to 85
+ * src/utils/ecryptfs-recover-private: clean sigs of invalid characters
+ * src/utils/mount.ecryptfs_private.c:
+- fix bug LP: #313812, clear used keys on unmount
+- add ecryptfs_unlink_sigs to the mount opts, so that unmounts from
+ umount.ecryptfs behave similarly
+- use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek
+ * src/utils/ecryptfs-migrate-home:
+- support user databases outside of /etc/passwd, LP: #627506
+- Updated to 84
+ * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139
+ * debian/rules, debian/control:
+- disable the gpg key module, as it's not yet functional
+- clean up unneeded build-deps
+- also, not using opencryptoki either
+ * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by
+email by Jon 'maddog' Hall
+ * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am,
+po/POTFILES.in, src/utils/ecryptfs-recover-private,
+src/utils/Makefile.am: add a utility to simplify data recovery
+of an encrypted private directory from a Live ISO, LP: #689969
+
+---
calling whatdependson for head-i586
Old:
ecryptfs-utils_83.orig.tar.gz
New:
ecryptfs-utils_87.orig.tar.gz
Other differences:
--
++ ecryptfs-utils.spec ++
--- /var/tmp/diff_new_pack.iwioJt/_old 2011-06-06 13:55:48.0 +0200
+++ /var/tmp/diff_new_pack.iwioJt/_new 2011-06-06 13:55:48.0 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package ecryptfs-utils (Version 83)
+# spec file for package ecryptfs-utils
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,8 +24,8 @@
Group: Productivity/Security
AutoReqProv:on
Summary:Userspace Utilities for ecryptfs
-Version:83
-Release:2
+Version:87
+Release:1
Source0:
http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz
Source1:baselibs.conf
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++ ecryptfs-utils_83.orig.tar.gz - ecryptfs-utils_87.orig.tar.gz ++
4269 lines of diff (skipped)
retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/ecryptfs-utils-83/configure.ac new/ecryptfs-utils-87/configure.ac
---
