commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2020-08-20 22:35:38 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new.3399 (New) Package is "ecryptfs-utils" Thu Aug 20 22:35:38 2020 rev:51 rq:828245 version:111 Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2018-02-21 14:14:01.156684301 +0100 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new.3399/ecryptfs-utils.changes 2020-08-20 22:35:49.416177447 +0200 @@ -1,0 +2,6 @@ +Tue Aug 18 15:21:46 UTC 2020 - Dominique Leuenberger + +- Fix wrong usage of %{_libexecdir} for systemd owned paths below + %{_prefix}/lib. + +--- Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.Z7Y8mR/_old 2020-08-20 22:35:51.388178351 +0200 +++ /var/tmp/diff_new_pack.Z7Y8mR/_new 2020-08-20 22:35:51.392178353 +0200 @@ -1,7 +1,7 @@ # # spec file for package ecryptfs-utils # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -21,9 +21,9 @@ Version:111 Release:0 Summary:Userspace Utilities for ecryptfs -License:GPL-2.0 +License:GPL-2.0-only Group: Productivity/Security -Url:http://ecryptfs.org/ +URL:http://ecryptfs.org/ Source0: http://launchpad.net/ecryptfs/trunk/%{version}/+download/ecryptfs-utils_%{version}.orig.tar.gz Source1:baselibs.conf Source2:ecryptfs-mount-private.png @@ -114,8 +114,8 @@ find %{buildroot} -type f -name "*.la" -delete -print #we need ecryptfs kernel module -mkdir -p %{buildroot}%{_libexecdir}/modules-load.d/ -echo -e "# ecryptfs module is needed before ecryptfs mount, so mount helper can \n# check for file name encryption support\necryptfs" >%{buildroot}%{_libexecdir}/modules-load.d/ecryptfs.conf +mkdir -p %{buildroot}%{_prefix}/lib/modules-load.d/ +echo -e "# ecryptfs module is needed before ecryptfs mount, so mount helper can \n# check for file name encryption support\necryptfs" >%{buildroot}%{_prefix}/lib/modules-load.d/ecryptfs.conf %verifyscript %verify_permissions -e /sbin/mount.ecryptfs_private @@ -153,8 +153,8 @@ #{python_sitelib}/ecryptfs-utils #{python_sitearch}/ecryptfs-utils %{_datadir}/applications/*.desktop -%dir %{_libexecdir}/modules-load.d -%{_libexecdir}/modules-load.d/* +%dir %{_prefix}/lib/modules-load.d +%{_prefix}/lib/modules-load.d/* %files -n %{lname} %defattr(-, root, root)
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2018-02-21 14:13:57 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is "ecryptfs-utils" Wed Feb 21 14:13:57 2018 rev:50 rq:578631 version:111 Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2017-11-15 16:59:09.901033809 +0100 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2018-02-21 14:14:01.156684301 +0100 @@ -1,0 +2,6 @@ +Wed Feb 21 09:53:30 UTC 2018 - meiss...@suse.com + +- drop python2 support (needs to be replaced by python3 support) + (bsc#1081587) + +--- Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.NYxjs5/_old 2018-02-21 14:14:02.516635325 +0100 +++ /var/tmp/diff_new_pack.NYxjs5/_new 2018-02-21 14:14:02.516635325 +0100 @@ -1,7 +1,7 @@ # # spec file for package ecryptfs-utils # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -47,8 +47,8 @@ BuildRequires: pam-devel BuildRequires: pkcs11-helper-devel BuildRequires: pkg-config -BuildRequires: python-devel -BuildRequires: swig +#BuildRequires: python3-devel +#BuildRequires: swig BuildRequires: trousers-devel BuildRequires: update-desktop-files Requires(pre): pam-config @@ -85,6 +85,7 @@ %configure \ --docdir=%{_defaultdocdir}/%{name} \ --disable-static \ + --disable-pywrap \ --enable-tspi \ --enable-pkcs11-helper \ --with-pamdir=/%{_lib}/security @@ -149,8 +150,8 @@ %{_libdir}/ecryptfs* %{_datadir}/ecryptfs-utils /%{_lib}/security/pam_ecryptfs.so -%{python_sitelib}/ecryptfs-utils -%{python_sitearch}/ecryptfs-utils +#{python_sitelib}/ecryptfs-utils +#{python_sitearch}/ecryptfs-utils %{_datadir}/applications/*.desktop %dir %{_libexecdir}/modules-load.d %{_libexecdir}/modules-load.d/*
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2017-11-15 16:59:05 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is "ecryptfs-utils" Wed Nov 15 16:59:05 2017 rev:49 rq:541775 version:111 Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2017-03-12 20:04:55.733870513 +0100 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2017-11-15 16:59:09.901033809 +0100 @@ -1,0 +2,18 @@ +Tue Nov 14 10:25:45 UTC 2017 - meiss...@suse.com + +- The license is GPL-2.0 (without + / or later) + +--- +Tue Nov 7 14:27:25 UTC 2017 - vci...@suse.com + +- Update to 111 + * upstream provides no changelog +- add ecryptfs-utils-openssl11.patch to support build with + OpenSSL 1.1 (bsc#1066937) + +--- +Tue Nov 7 14:18:15 UTC 2017 - vci...@suse.com + +- drop validate-mount-destination-fs-type.patch (upstream) + +--- Old: ecryptfs-utils_108.orig.tar.gz validate-mount-destination-fs-type.patch New: ecryptfs-utils-openssl11.patch ecryptfs-utils_111.orig.tar.gz Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.cpPZha/_old 2017-11-15 16:59:12.768928801 +0100 +++ /var/tmp/diff_new_pack.cpPZha/_new 2017-11-15 16:59:12.772928654 +0100 @@ -18,10 +18,10 @@ %define lname libecryptfs1 Name: ecryptfs-utils -Version:108 +Version:111 Release:0 Summary:Userspace Utilities for ecryptfs -License:GPL-2.0+ +License:GPL-2.0 Group: Productivity/Security Url:http://ecryptfs.org/ Source0: http://launchpad.net/ecryptfs/trunk/%{version}/+download/ecryptfs-utils_%{version}.orig.tar.gz @@ -31,7 +31,7 @@ Patch0: ecryptfs-setup-swap-SuSE.patch # PATCH-FIX-OPENSUSE build with -fpie/-pie Patch1: ecryptfs-utils-src-utils-Makefile.patch -Patch2: validate-mount-destination-fs-type.patch +Patch2: ecryptfs-utils-openssl11.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: fdupes @@ -77,7 +77,7 @@ %setup -q %patch0 -p1 %patch1 -p1 -%patch2 -p1 +%patch2 -p0 %build export RPM_OPT_FLAGS="%{optflags} -fno-strict-aliasing" ++ ecryptfs-utils-openssl11.patch ++ === modified file 'src/key_mod/ecryptfs_key_mod_openssl.c' --- src/key_mod/ecryptfs_key_mod_openssl.c 2013-10-25 19:45:09 + +++ src/key_mod/ecryptfs_key_mod_openssl.c 2017-06-02 18:27:28 + @@ -41,6 +41,7 @@ #include #include #include +#include #include #include #include @@ -55,6 +56,19 @@ char *passphrase; }; +#if OPENSSL_VERSION_NUMBER < 0x1010L +static void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) +{ + if (n != NULL) + *n = r->n; + if (e != NULL) + *e = r->e; + if (d != NULL) + *d = r->d; +} +#endif + static void ecryptfs_openssl_destroy_openssl_data(struct openssl_data *openssl_data) { @@ -142,6 +156,7 @@ { int len, nbits, ebits, i; int nbytes, ebytes; + const BIGNUM *key_n, *key_e; unsigned char *hash; unsigned char *data = NULL; int rc = 0; @@ -152,11 +167,13 @@ rc = -ENOMEM; goto out; } - nbits = BN_num_bits(key->n); + RSA_get0_key(key, _n, NULL, NULL); + nbits = BN_num_bits(key_n); nbytes = nbits / 8; if (nbits % 8) nbytes++; - ebits = BN_num_bits(key->e); + RSA_get0_key(key, NULL, _e, NULL); + ebits = BN_num_bits(key_e); ebytes = ebits / 8; if (ebits % 8) ebytes++; @@ -179,11 +196,13 @@ data[i++] = '\02'; data[i++] = (nbits >> 8); data[i++] = nbits; - BN_bn2bin(key->n, &(data[i])); + RSA_get0_key(key, _n, NULL, NULL); + BN_bn2bin(key_n, &(data[i])); i += nbytes; data[i++] = (ebits >> 8); data[i++] = ebits; - BN_bn2bin(key->e, &(data[i])); + RSA_get0_key(key, NULL, _e, NULL); + BN_bn2bin(key_e, &(data[i])); i += ebytes; SHA1(data, len + 3, hash); to_hex(sig, (char *)hash, ECRYPTFS_SIG_SIZE); @@ -278,7 +297,9 @@ BIO *in = NULL; int rc; + #if OPENSSL_VERSION_NUMBER < 0x1010L CRYPTO_malloc_init(); + #endif ERR_load_crypto_strings(); OpenSSL_add_all_algorithms();
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2017-03-12 20:04:54 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is "ecryptfs-utils" Sun Mar 12 20:04:54 2017 rev:48 rq:478022 version:108 Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2016-01-23 01:16:34.0 +0100 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2017-03-12 20:04:55.733870513 +0100 @@ -1,0 +2,6 @@ +Thu Mar 9 18:47:05 UTC 2017 - sfal...@opensuse.org + +- Edited %files section to clear unpackaged files builderror in + openSUSE:Factory + +--- Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.WmDPl6/_old 2017-03-12 20:04:56.609746574 +0100 +++ /var/tmp/diff_new_pack.WmDPl6/_new 2017-03-12 20:04:56.613746008 +0100 @@ -1,7 +1,7 @@ # # spec file for package ecryptfs-utils # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -137,6 +137,7 @@ %files -f %{name}.lang %defattr(-, root, root) %doc COPYING NEWS README THANKS doc/ecryptfs-faq.html +%{_docdir}/%{name} %{_bindir}/* /sbin/mount.ecryptfs /sbin/umount.ecryptfs
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2016-01-23 01:16:28 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is "ecryptfs-utils" Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2015-10-20 00:06:15.0 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2016-01-23 01:16:34.0 +0100 @@ -1,0 +2,7 @@ +Wed Jan 20 16:31:19 UTC 2016 - meiss...@suse.com + +- validate-mount-destination-fs-type.patch: A local user could have + escalated privileges by mounting over special filesystems (bsc#962052 + CVE-2016-1572) + +--- New: validate-mount-destination-fs-type.patch Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.Q3W7rU/_old 2016-01-23 01:16:35.0 +0100 +++ /var/tmp/diff_new_pack.Q3W7rU/_new 2016-01-23 01:16:35.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package ecryptfs-utils # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,6 +31,7 @@ Patch0: ecryptfs-setup-swap-SuSE.patch # PATCH-FIX-OPENSUSE build with -fpie/-pie Patch1: ecryptfs-utils-src-utils-Makefile.patch +Patch2: validate-mount-destination-fs-type.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: fdupes @@ -76,6 +77,7 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build export RPM_OPT_FLAGS="%{optflags} -fno-strict-aliasing" ++ validate-mount-destination-fs-type.patch ++ >From 8fcdb9ef8406cd05c45acef6210a3bfa0831e857 Mon Sep 17 00:00:00 2001 From: Tyler HicksDate: Thu, 7 Jan 2016 19:39:14 -0600 Subject: [PATCH] mount.ecryptfs_private: Validate mount destination fs type Refuse to mount over non-standard filesystems. Mounting over certain types filesystems is a red flag that the user is doing something devious, such as mounting over the /proc/self symlink target with malicious content in order to confuse programs that may attempt to parse those files. (LP: #1530566) https://launchpad.net/bugs/1530566 --- debian/changelog | 8 + src/utils/mount.ecryptfs_private.c | 61 ++ 2 files changed, 69 insertions(+) Index: ecryptfs-utils-108/src/utils/mount.ecryptfs_private.c === --- ecryptfs-utils-108.orig/src/utils/mount.ecryptfs_private.c +++ ecryptfs-utils-108/src/utils/mount.ecryptfs_private.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include @@ -220,6 +221,62 @@ err: return NULL; } +static int check_cwd_f_type() +{ + /** +* This is *not* a list of compatible lower filesystems list for +* eCryptfs. This is a list of filesystems that we reasonably expect to +* see mount.ecryptfs_private users mounting on top of. In other words, +* the filesystem type of the 'target' parameter of mount(2). +* +* This whitelist is to prevent malicious mount.ecryptfs_private users +* from mounting over filesystem types such as PROC_SUPER_MAGIC to +* deceive other programs with a crafted /proc/self/*. See +* https://launchpad.net/bugs/1530566 for more details. +*/ + __SWORD_TYPE f_type_whitelist[] = { + 0x61756673 /* AUFS_SUPER_MAGIC */, + 0x9123683E /* BTRFS_SUPER_MAGIC */, + 0x00C36400 /* CEPH_SUPER_MAGIC */, + 0xFF534D42 /* CIFS_MAGIC_NUMBER */, + 0xF15F /* ECRYPTFS_SUPER_MAGIC */, + 0xEF53 /* EXT[234]_SUPER_MAGIC */, + 0xF2F52010 /* F2FS_SUPER_MAGIC */, + 0x65735546 /* FUSE_SUPER_MAGIC */, + 0x01161970 /* GFS2_MAGIC */, + 0x3153464A /* JFS_SUPER_MAGIC */, + 0x564C /* NCP_SUPER_MAGIC */, + 0x6969 /* NFS_SUPER_MAGIC */, + 0x3434 /* NILFS_SUPER_MAGIC */, + 0x5346544E /* NTFS_SB_MAGIC */, + 0x794C7630 /* OVERLAYFS_SUPER_MAGIC */, + 0x52654973 /* REISERFS_SUPER_MAGIC */, + 0x73717368 /* SQUASHFS_MAGIC */, + 0x01021994 /* TMPFS_MAGIC */, + 0x58465342 /* XFS_SB_MAGIC */, + 0x2FC12FC1 /* ZFS_SUPER_MAGIC */, +
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2015-10-19 22:52:26 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is "ecryptfs-utils" Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2015-10-08 08:26:22.0 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2015-10-20 00:06:15.0 +0200 @@ -1,0 +2,6 @@ +Sat Oct 17 08:13:38 UTC 2015 - mplus...@suse.com + +- Update to 108 + * This release does not have a changelog. + +--- Old: ecryptfs-utils_106.orig.tar.gz New: ecryptfs-utils_108.orig.tar.gz Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.00eUsH/_old 2015-10-20 00:06:16.0 +0200 +++ /var/tmp/diff_new_pack.00eUsH/_new 2015-10-20 00:06:16.0 +0200 @@ -18,7 +18,7 @@ %define lname libecryptfs1 Name: ecryptfs-utils -Version:106 +Version:108 Release:0 Summary:Userspace Utilities for ecryptfs License:GPL-2.0+ ++ ecryptfs-setup-swap-SuSE.patch ++ --- /var/tmp/diff_new_pack.00eUsH/_old 2015-10-20 00:06:16.0 +0200 +++ /var/tmp/diff_new_pack.00eUsH/_new 2015-10-20 00:06:16.0 +0200 @@ -1,7 +1,7 @@ -Index: ecryptfs-utils-106/src/utils/ecryptfs-setup-swap +Index: ecryptfs-utils-108/src/utils/ecryptfs-setup-swap === ecryptfs-utils-106.orig/src/utils/ecryptfs-setup-swap -+++ ecryptfs-utils-106/src/utils/ecryptfs-setup-swap +--- ecryptfs-utils-108.orig/src/utils/ecryptfs-setup-swap ecryptfs-utils-108/src/utils/ecryptfs-setup-swap @@ -37,23 +37,20 @@ warn() { usage() { echo @@ -28,17 +28,17 @@ *) usage ;; -@@ -149,7 +146,8 @@ i=0 - for swap in $swaps; do - info `gettext "Setting up swap:"` "[$swap]" +@@ -151,7 +148,8 @@ for swap in $swaps; do uuid=$(blkid -o value -s UUID $swap) -- for target in "UUID=$uuid" $swap; do -+ suse_swap=$(grep swap /etc/fstab |cut -d' ' -f1) -+ for target in "UUID=$uuid" $swap $suse_swap; do + # /etc/fstab might use a symlink like /dev/mapper/ubuntu--vg-swap_1 + links=$(for d in $(udevadm info --query=symlink -n $swap); do echo /dev/$d; done) +- for target in "UUID=$uuid" $swap $links; do ++ suse_swap=$(grep swap /etc/fstab |cut -d' ' -f1) ++ for target in "UUID=$uuid" $swap $links $suse_swap; do if [ -n "$target" ] && grep -qs "^$target\s\+" /etc/fstab; then sed -i "s:^$target\s\+:\#$target :" /etc/fstab warn "Commented out your unencrypted swap from /etc/fstab" -@@ -181,3 +179,4 @@ if [ "$NO_RELOAD" != 1 ]; then +@@ -201,3 +199,4 @@ if [ "$NO_RELOAD" != 1 ]; then fi info `gettext "Successfully encrypted swap!"` ++ ecryptfs-utils_106.orig.tar.gz -> ecryptfs-utils_108.orig.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ecryptfs-utils-106/configure new/ecryptfs-utils-108/configure --- old/ecryptfs-utils-106/configure2015-03-12 00:34:23.0 +0100 +++ new/ecryptfs-utils-108/configure2015-08-06 19:46:17.0 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for ecryptfs-utils 106. +# Generated by GNU Autoconf 2.69 for ecryptfs-utils 108. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='ecryptfs-utils' PACKAGE_TARNAME='ecryptfs-utils' -PACKAGE_VERSION='106' -PACKAGE_STRING='ecryptfs-utils 106' +PACKAGE_VERSION='108' +PACKAGE_STRING='ecryptfs-utils 108' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1472,7 +1472,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ecryptfs-utils 106 to adapt to many kinds of systems. +\`configure' configures ecryptfs-utils 108 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1543,7 +1543,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ecryptfs-utils 106:";; + short | recursive ) echo "Configuration of ecryptfs-utils 108:";; esac cat <<\_ACEOF @@ -1696,7 +1696,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version;
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2015-10-08 08:26:20 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is "ecryptfs-utils" Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2015-05-15 07:43:24.0 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2015-10-08 08:26:22.0 +0200 @@ -1,0 +2,14 @@ +Fri Oct 2 19:55:18 UTC 2015 - mplus...@suse.com + +- Do not ship .la files + +--- +Wed Sep 30 14:30:56 UTC 2015 - mplus...@suse.com + +- Cleanup spec file with spec-cleaner +- Update autotool dependencies +- Split library and devel packages +- Use desktop file macros +- Use fdupes to reduce duplicities + +--- Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.qfZ14e/_old 2015-10-08 08:26:23.0 +0200 +++ /var/tmp/diff_new_pack.qfZ14e/_new 2015-10-08 08:26:23.0 +0200 @@ -16,21 +16,24 @@ # +%define lname libecryptfs1 Name: ecryptfs-utils -Url:http://ecryptfs.org/ +Version:106 +Release:0 Summary:Userspace Utilities for ecryptfs License:GPL-2.0+ Group: Productivity/Security -Version:106 -Release:0 -Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz +Url:http://ecryptfs.org/ +Source0: http://launchpad.net/ecryptfs/trunk/%{version}/+download/ecryptfs-utils_%{version}.orig.tar.gz Source1:baselibs.conf Source2:ecryptfs-mount-private.png # PATCH-FIX-OPENSUSE fix for systemd and no UUID in fstab Patch0: ecryptfs-setup-swap-SuSE.patch # PATCH-FIX-OPENSUSE build with -fpie/-pie Patch1: ecryptfs-utils-src-utils-Makefile.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: fdupes BuildRequires: gtk2-devel BuildRequires: intltool BuildRequires: keyutils-devel @@ -42,89 +45,121 @@ BuildRequires: pam-config BuildRequires: pam-devel BuildRequires: pkcs11-helper-devel +BuildRequires: pkg-config BuildRequires: python-devel BuildRequires: swig BuildRequires: trousers-devel BuildRequires: update-desktop-files Requires(pre): pam-config -PreReq: permissions +Requires(pre): permissions +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description A stacked cryptographic filesystem for Linux. +%package -n %{lname} +Summary:Shared library for %{name} +Group: System/Libraries + +%description -n %{lname} +A stacked cryptographic filesystem for Linux. + +%package devel +Summary:Development files for %{name} +Group: Development/Languages/C and C++ +Requires: %{lname} = %{version} + +%description devel +A stacked cryptographic filesystem for Linux. + %prep %setup -q %patch0 -p1 %patch1 -p1 %build -export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" -autoreconf -i -f +export RPM_OPT_FLAGS="%{optflags} -fno-strict-aliasing" +autoreconf -fiv %configure \ - --docdir=%_defaultdocdir/%{name} \ + --docdir=%{_defaultdocdir}/%{name} \ --disable-static \ --enable-tspi \ --enable-pkcs11-helper \ - --with-pamdir=/%_lib/security + --with-pamdir=/%{_lib}/security make %{?_smp_mflags} %check -make check +make %{?_smp_mflags} check %install -%makeinstall -mkdir -p $RPM_BUILD_ROOT/%{_datadir}/applications -install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.png -printf "Encoding=UTF-8\n" >>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop -printf "Encoding=UTF-8\n" >>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop -printf "Icon=%{_datadir}/%{name}/ecryptfs-mount-private.png\n" >>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop -printf "Icon=%{_datadir}/%{name}/ecryptfs-mount-private.png\n" >>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop -sed -i 's|^_||' $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop -sed -i 's|^_||' $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop -mv $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop $RPM_BUILD_ROOT/%{_datadir}/applications -%suse_update_desktop_file $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop +make DESTDIR=%{buildroot} install %{?_smp_mflags} +mkdir -p
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2015-05-15 07:43:15 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is ecryptfs-utils Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2014-09-05 09:34:46.0 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2015-05-15 07:43:24.0 +0200 @@ -1,0 +2,8 @@ +Mon May 11 14:39:00 UTC 2015 - meiss...@suse.com + +- updated to 106 + - new passphrase wrapping method, including the salt to fix +CVE-2014-9687 / bsc#920160 + - various bugfixes + +--- Old: ecryptfs-utils_104.orig.tar.gz New: ecryptfs-utils_106.orig.tar.gz Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.WHOlMa/_old 2015-05-15 07:43:25.0 +0200 +++ /var/tmp/diff_new_pack.WHOlMa/_new 2015-05-15 07:43:25.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package ecryptfs-utils # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ Summary:Userspace Utilities for ecryptfs License:GPL-2.0+ Group: Productivity/Security -Version:104 +Version:106 Release:0 Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz Source1:baselibs.conf ++ ecryptfs-setup-swap-SuSE.patch ++ --- /var/tmp/diff_new_pack.WHOlMa/_old 2015-05-15 07:43:25.0 +0200 +++ /var/tmp/diff_new_pack.WHOlMa/_new 2015-05-15 07:43:25.0 +0200 @@ -1,6 +1,8 @@ ecryptfs-utils-103/src/utils/ecryptfs-setup-swap 2013-08-05 10:44:55.61890 -0400 -+++ ecryptfs-utils-103/src/utils/ecryptfs-setup-swap.mod 2013-08-05 10:54:16.966419219 -0400 -@@ -37,23 +37,20 @@ +Index: ecryptfs-utils-106/src/utils/ecryptfs-setup-swap +=== +--- ecryptfs-utils-106.orig/src/utils/ecryptfs-setup-swap ecryptfs-utils-106/src/utils/ecryptfs-setup-swap +@@ -37,23 +37,20 @@ warn() { usage() { echo echo `gettext Usage:` @@ -26,26 +28,18 @@ *) usage ;; -@@ -149,7 +146,8 @@ +@@ -149,7 +146,8 @@ i=0 for swap in $swaps; do info `gettext Setting up swap:` [$swap] uuid=$(blkid -o value -s UUID $swap) - for target in UUID=$uuid $swap; do + suse_swap=$(grep swap /etc/fstab |cut -d' ' -f1) -+ for target in $suse_swap $swap; do - if [ -n $target ] grep -qs ^$target /etc/fstab; then - sed -i s:^$target :\#$target : /etc/fstab ++ for target in UUID=$uuid $swap $suse_swap; do + if [ -n $target ] grep -qs ^$target\s\+ /etc/fstab; then + sed -i s:^$target\s\+:\#$target : /etc/fstab warn Commented out your unencrypted swap from /etc/fstab -@@ -166,7 +164,6 @@ - # Add fstab entry - echo /dev/mapper/cryptswap$i none swap sw 0 0 /etc/fstab - done -- - if [ $NO_RELOAD != 1 ]; then - # Turn swap off - swapoff -a -@@ -179,3 +176,4 @@ +@@ -181,3 +179,4 @@ if [ $NO_RELOAD != 1 ]; then fi - info `gettext Successfully setup encrypted swap!` + info `gettext Successfully encrypted swap!` +info This will take effect after reboot ++ ecryptfs-utils_104.orig.tar.gz - ecryptfs-utils_106.orig.tar.gz ++ 3467 lines of diff (skipped)
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2014-09-05 09:34:24 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is ecryptfs-utils Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2014-08-20 10:51:46.0 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2014-09-05 09:34:46.0 +0200 @@ -1,0 +2,6 @@ +Thu Sep 4 13:13:07 UTC 2014 - da...@darins.net + +- update to 104 + - lots of bugfixes, apparently from static code checking + +--- Old: ecryptfs-utils_103.orig.tar.gz New: ecryptfs-utils_104.orig.tar.gz Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.sTbXCd/_old 2014-09-05 09:34:47.0 +0200 +++ /var/tmp/diff_new_pack.sTbXCd/_new 2014-09-05 09:34:47.0 +0200 @@ -17,11 +17,11 @@ Name: ecryptfs-utils -Url:https://launchpad.net/ecryptfs +Url:http://ecryptfs.org/ Summary:Userspace Utilities for ecryptfs License:GPL-2.0+ Group: Productivity/Security -Version:103 +Version:104 Release:0 Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz Source1:baselibs.conf ++ ecryptfs-utils_103.orig.tar.gz - ecryptfs-utils_104.orig.tar.gz ++ 13836 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2014-08-20 10:51:16 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is ecryptfs-utils Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2013-08-18 22:29:40.0 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2014-08-20 10:51:46.0 +0200 @@ -1,0 +2,13 @@ +Fri Aug 8 10:56:20 UTC 2014 - fcro...@suse.com + +- Drop ecryptfs-correct-desktop.patch and ensure + ecryptfs-mount-private.desktop is properly generated and + installed in a program specific location (ecryptfs-setup-private + will take care of creating the right symlink) and not in + /usr/share/applications by default. +- Add ecryptfs-mount-private.png (from Fedora) +- Create tmpfiles.d to ensure ecryptfs module is autoloaded at + start. +- Fix category on ecryptfs-setup-private.desktop. + +--- Old: ecryptfs-correct-desktop.patch New: ecryptfs-mount-private.png Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.rONMLQ/_old 2014-08-20 10:51:48.0 +0200 +++ /var/tmp/diff_new_pack.rONMLQ/_new 2014-08-20 10:51:48.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package ecryptfs-utils # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,11 +25,11 @@ Release:0 Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz Source1:baselibs.conf +Source2:ecryptfs-mount-private.png # PATCH-FIX-OPENSUSE fix for systemd and no UUID in fstab Patch0: ecryptfs-setup-swap-SuSE.patch # PATCH-FIX-OPENSUSE build with -fpie/-pie Patch1: ecryptfs-utils-src-utils-Makefile.patch -Patch2: ecryptfs-correct-desktop.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gtk2-devel BuildRequires: intltool @@ -56,7 +56,6 @@ %setup -q %patch0 -p1 %patch1 -p1 -%patch2 -p1 %build export RPM_OPT_FLAGS=$RPM_OPT_FLAGS -fno-strict-aliasing @@ -74,12 +73,23 @@ %install %makeinstall -mkdir -p $RPM_BUILD_ROOT/%{_datadir}/applications/ -mv $RPM_BUILD_ROOT/%{_datadir}/ecryptfs-utils/*desktop $RPM_BUILD_ROOT/%{_datadir}/applications/ -%suse_update_desktop_file ecryptfs-mount-private -%suse_update_desktop_file ecryptfs-setup-private +mkdir -p $RPM_BUILD_ROOT/%{_datadir}/applications +install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.png +printf Encoding=UTF-8\n $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop +printf Encoding=UTF-8\n $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop +printf Icon=%{_datadir}/%{name}/ecryptfs-mount-private.png\n $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop +printf Icon=%{_datadir}/%{name}/ecryptfs-mount-private.png\n $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop +sed -i 's|^_||' $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop +sed -i 's|^_||' $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop +mv $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop $RPM_BUILD_ROOT/%{_datadir}/applications +%suse_update_desktop_file $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop +%suse_update_desktop_file -r ecryptfs-setup-private System Security %find_lang %{name} +#we need ecryptfs kernel module +mkdir -p $RPM_BUILD_ROOT/usr/lib/modules-load.d/ +echo -e # ecryptfs module is needed before ecryptfs mount, so mount helper can \n# check for file name encryption support\necryptfs $RPM_BUILD_ROOT/usr/lib/modules-load.d/ecryptfs.conf + %verifyscript %verify_permissions -e /sbin/mount.ecryptfs_private @@ -113,6 +123,8 @@ /%_lib/security/pam_ecryptfs.so %{python_sitelib}/ecryptfs-utils %{python_sitearch}/ecryptfs-utils -%{_datadir}/applications/ecryptfs-* +%{_datadir}/applications/*.desktop +%dir /usr/lib/modules-load.d +/usr/lib/modules-load.d/* %changelog -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2013-08-18 22:29:39 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is ecryptfs-utils Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2013-08-06 12:41:13.0 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2013-08-18 22:29:40.0 +0200 @@ -1,0 +2,5 @@ +Thu Aug 15 19:41:04 UTC 2013 - da...@darins.net + +- fix %postun to not run pam-config on update (bnc#814098, bnc#834993) + +--- Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.yRhIQh/_old 2013-08-18 22:29:40.0 +0200 +++ /var/tmp/diff_new_pack.yRhIQh/_new 2013-08-18 22:29:40.0 +0200 @@ -90,7 +90,9 @@ %postun /sbin/ldconfig -/usr/sbin/pam-config -d --ecryptfs +if [ $1 -eq 0 ]; then + /usr/sbin/pam-config -d --ecryptfs +fi %files -f %{name}.lang %defattr(-, root, root) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2013-08-06 12:04:28 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is ecryptfs-utils Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2012-07-12 14:46:50.0 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2013-08-06 12:41:13.0 +0200 @@ -1,0 +2,11 @@ +Mon Aug 5 18:41:01 UTC 2013 - da...@darins.net + +- update to 103 +- move -pie/-fpie into separate patch +- update ecryptfs-setup-swap-SuSE.patch for systmd and fstab + without UUID lables +- remove ecryptfs-utils.security.patch, fixed upstream +- add PreReq: permissions +- removed unpackaged doc + +--- Old: ecryptfs-utils.security.patch ecryptfs-utils_96.orig.tar.gz New: ecryptfs-utils-src-utils-Makefile.patch ecryptfs-utils_103.orig.tar.gz Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.8HsFb0/_old 2013-08-06 12:41:14.0 +0200 +++ /var/tmp/diff_new_pack.8HsFb0/_new 2013-08-06 12:41:14.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package ecryptfs-utils # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,12 +21,14 @@ Summary:Userspace Utilities for ecryptfs License:GPL-2.0+ Group: Productivity/Security -Version:96 +Version:103 Release:0 Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz Source1:baselibs.conf +# PATCH-FIX-OPENSUSE fix for systemd and no UUID in fstab Patch0: ecryptfs-setup-swap-SuSE.patch -Patch1: ecryptfs-utils.security.patch +# PATCH-FIX-OPENSUSE build with -fpie/-pie +Patch1: ecryptfs-utils-src-utils-Makefile.patch Patch2: ecryptfs-correct-desktop.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gtk2-devel @@ -45,6 +47,7 @@ BuildRequires: trousers-devel BuildRequires: update-desktop-files Requires(pre): pam-config +PreReq: permissions %description A stacked cryptographic filesystem for Linux. @@ -91,7 +94,7 @@ %files -f %{name}.lang %defattr(-, root, root) -%doc COPYING NEWS README THANKS doc/ecryptfs-faq.html doc/ecryptfs-pam-doc.txt +%doc COPYING NEWS README THANKS doc/ecryptfs-faq.html /usr/include/ecryptfs.h %{_prefix}/bin/* /sbin/mount.ecryptfs ++ ecryptfs-setup-swap-SuSE.patch ++ --- /var/tmp/diff_new_pack.8HsFb0/_old 2013-08-06 12:41:14.0 +0200 +++ /var/tmp/diff_new_pack.8HsFb0/_new 2013-08-06 12:41:14.0 +0200 @@ -1,11 +1,51 @@ ecryptfs-utils-96/src/utils/ecryptfs-setup-swap2011-12-13 18:01:38.0 -0500 -+++ ecryptfs-utils-96/src/utils/ecryptfs-setup-swap-mod2012-04-06 11:24:50.083041485 -0400 -@@ -172,7 +172,7 @@ - swapoff -a +--- ecryptfs-utils-103/src/utils/ecryptfs-setup-swap 2013-08-05 10:44:55.61890 -0400 ecryptfs-utils-103/src/utils/ecryptfs-setup-swap.mod 2013-08-05 10:54:16.966419219 -0400 +@@ -37,23 +37,20 @@ + usage() { + echo + echo `gettext Usage:` +- echo $0 [-f|--force] [-n|--no-reload] ++ echo $0 [-f|--force] + echo + exit 1 + } - # Restart cryptdisks -- /etc/init.d/cryptdisks restart -+ /etc/init.d/boot.crypto restart + # Handle command line options + FORCE=0 ++NO_RELOAD=1 + while [ ! -z $1 ]; do + case $1 in + -f|--force) + FORCE=1 + shift 1 + ;; +- -n|--no-reload) +- NO_RELOAD=1 +- shift 1 +- ;; + *) + usage + ;; +@@ -149,7 +146,8 @@ + for swap in $swaps; do + info `gettext Setting up swap:` [$swap] + uuid=$(blkid -o value -s UUID $swap) +- for target in UUID=$uuid $swap; do ++ suse_swap=$(grep swap /etc/fstab |cut -d' ' -f1) ++ for target in $suse_swap $swap; do + if [ -n $target ] grep -qs ^$target /etc/fstab; then + sed -i s:^$target :\#$target : /etc/fstab + warn Commented out your unencrypted swap from /etc/fstab +@@ -166,7 +164,6 @@ + # Add fstab entry + echo /dev/mapper/cryptswap$i none
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2012-07-12 14:46:48 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is ecryptfs-utils, Maintainer is meiss...@suse.com Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2012-07-06 09:37:01.0 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2012-07-12 14:46:50.0 +0200 @@ -1,0 +2,12 @@ +Wed Jul 11 11:48:24 UTC 2012 - meiss...@suse.com + +- also supply MS_NODEV to avoid exposing device files + if someone got them on the encrypted media. + +--- +Tue Jul 10 14:03:27 UTC 2012 - meiss...@suse.com + +- point the desktop link to the right .desktop file +- build mount.ecryptfs_private with -pie/-fpie + +--- New: ecryptfs-correct-desktop.patch Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.j6pDvH/_old 2012-07-12 14:46:51.0 +0200 +++ /var/tmp/diff_new_pack.j6pDvH/_new 2012-07-12 14:46:51.0 +0200 @@ -27,6 +27,7 @@ Source1:baselibs.conf Patch0: ecryptfs-setup-swap-SuSE.patch Patch1: ecryptfs-utils.security.patch +Patch2: ecryptfs-correct-desktop.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gtk2-devel BuildRequires: intltool @@ -52,6 +53,7 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build export RPM_OPT_FLAGS=$RPM_OPT_FLAGS -fno-strict-aliasing ++ ecryptfs-correct-desktop.patch ++ Index: ecryptfs-utils-96/src/utils/ecryptfs-setup-private === --- ecryptfs-utils-96.orig/src/utils/ecryptfs-setup-private +++ ecryptfs-utils-96/src/utils/ecryptfs-setup-private @@ -340,7 +340,7 @@ echo mkdir -m 700 -p $CRYPTDIR || error $(gettext 'Could not create crypt directory') [$CRYPTDIR] mkdir -m 700 -p $MOUNTPOINT || error $(gettext 'Could not create mount directory') [$MOUNTPOINT] ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt $MOUNTPOINT/README.txt -ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop $MOUNTPOINT/Access-Your-Private-Data.desktop +ln -sf /usr/share/applications/ecryptfs-mount-private.desktop $MOUNTPOINT/Access-Your-Private-Data.desktop chmod 500 $MOUNTPOINT # Setup ~/.ecryptfs directory ++ ecryptfs-utils.security.patch ++ --- /var/tmp/diff_new_pack.j6pDvH/_old 2012-07-12 14:46:51.0 +0200 +++ /var/tmp/diff_new_pack.j6pDvH/_new 2012-07-12 14:46:51.0 +0200 @@ -256,7 +256,7 @@ } /* Perform mount */ - if (mount(src, ., FSTYPE, 0, opt) == 0) { -+ if (mount(src, ., FSTYPE, MS_NOSUID, opt) == 0) { ++ if (mount(src, ., FSTYPE, MS_NOSUID|MS_NODEV, opt) == 0) { if (update_mtab(src, dest, opt) != 0) { goto fail; } @@ -268,3 +268,17 @@ /* Since we're doing a lazy unmount anyway, just unmount the current * directory. This avoids a lot of complexity in dealing with race +Index: ecryptfs-utils-96/src/utils/Makefile.am +=== +--- ecryptfs-utils-96.orig/src/utils/Makefile.am ecryptfs-utils-96/src/utils/Makefile.am +@@ -58,7 +58,9 @@ ecryptfs_generate_tpm_key_CFLAGS = $(AM_ + ecryptfs_generate_tpm_key_LDADD = $(TSPI_LIBS) + + mount_ecryptfs_private_SOURCES = mount.ecryptfs_private.c ++mount_ecryptfs_private_CFLAGS = $(AM_CFLAGS) -fpie + mount_ecryptfs_private_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la $(KEYUTILS_LIBS) ++mount_ecryptfs_private_LDFLAGS = -pie + + ecryptfs_stat_SOURCES = ecryptfs-stat.c + ecryptfs_stat_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2012-07-06 09:37:00 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is ecryptfs-utils, Maintainer is meiss...@suse.com Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2012-04-12 09:21:27.0 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2012-07-06 09:37:01.0 +0200 @@ -1,0 +2,11 @@ +Wed Jul 4 11:08:11 UTC 2012 - meiss...@suse.com + +- hook pam_ecryptfs into pam session and auth bnc#755475 + +--- +Thu Jun 21 06:19:46 UTC 2012 - meiss...@suse.com + +- added security improvements to mount.ecryptfs_private + and pam_ecryptfs (bnc#740110) + +--- New: ecryptfs-utils.security.patch Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.SE06Jg/_old 2012-07-06 09:37:04.0 +0200 +++ /var/tmp/diff_new_pack.SE06Jg/_new 2012-07-06 09:37:04.0 +0200 @@ -26,6 +26,7 @@ Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz Source1:baselibs.conf Patch0: ecryptfs-setup-swap-SuSE.patch +Patch1: ecryptfs-utils.security.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gtk2-devel BuildRequires: intltool @@ -35,12 +36,14 @@ BuildRequires: libtool BuildRequires: mozilla-nss-devel BuildRequires: openssl-devel +BuildRequires: pam-config BuildRequires: pam-devel BuildRequires: pkcs11-helper-devel BuildRequires: python-devel BuildRequires: swig BuildRequires: trousers-devel BuildRequires: update-desktop-files +Requires(pre): pam-config %description A stacked cryptographic filesystem for Linux. @@ -48,6 +51,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %build export RPM_OPT_FLAGS=$RPM_OPT_FLAGS -fno-strict-aliasing @@ -77,8 +81,11 @@ %post /sbin/ldconfig %set_permissions /sbin/mount.ecryptfs_private +/usr/sbin/pam-config -a --ecryptfs -%postun -p /sbin/ldconfig +%postun +/sbin/ldconfig +/usr/sbin/pam-config -d --ecryptfs %files -f %{name}.lang %defattr(-, root, root) ++ ecryptfs-utils.security.patch ++ Index: ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c === --- ecryptfs-utils-96.orig/src/pam_ecryptfs/pam_ecryptfs.c +++ ecryptfs-utils-96/src/pam_ecryptfs/pam_ecryptfs.c @@ -32,13 +32,17 @@ #include unistd.h #include errno.h #include syslog.h +#include limits.h #include pwd.h #include sys/types.h #include sys/wait.h #include sys/types.h #include sys/stat.h +#include sys/fsuid.h +#include grp.h #include fcntl.h #include security/pam_modules.h +#include security/pam_ext.h #include ../include/ecryptfs.h #define PRIVATE_DIR Private @@ -119,9 +123,11 @@ static int wrap_passphrase_if_necessary( PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { - uid_t uid = 0; + uid_t uid = 0, oeuid = 0; + long ngroups_max = sysconf(_SC_NGROUPS_MAX); + gid_t gid = 0, oegid = 0, groups[ngroups_max+1]; + int ngids = 0; char *homedir = NULL; - uid_t saved_uid = 0; const char *username; char *passphrase = NULL; char salt[ECRYPTFS_SALT_SIZE]; @@ -139,12 +145,25 @@ PAM_EXTERN int pam_sm_authenticate(pam_h pwd = getpwnam(username); if (pwd) { uid = pwd-pw_uid; + gid = pwd-pw_gid; homedir = pwd-pw_dir; } } else { syslog(LOG_ERR, pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%ld]\n, username, rc); goto out; } + + if ((oeuid = geteuid()) 0 || (oegid = getegid()) 0 || + (ngids = getgroups(sizeof(groups)/sizeof(gid_t), groups)) 0) { + syslog(LOG_ERR, pam_ecryptfs: geteuid error); + goto outnouid; + } + + if (setegid(gid) 0 || setgroups(1, gid) 0 || seteuid(uid) 0) { + syslog(LOG_ERR, pam_ecryptfs: seteuid error); + goto out; + } + if (!file_exists_dotecryptfs(homedir, auto-mount)) goto out; private_mnt = ecryptfs_fetch_private_mnt(homedir); @@ -158,13 +177,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_h load ecryptfs module if not loaded already */ if
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2012-04-12 09:21:07 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is ecryptfs-utils, Maintainer is meiss...@suse.com Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2012-03-29 11:36:53.0 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2012-04-12 09:21:27.0 +0200 @@ -1,0 +2,5 @@ +Fri Apr 6 15:33:03 UTC 2012 - da...@darins.net + +- patch so ecryptfs-setup-swap executes boot.crypto + +--- New: ecryptfs-setup-swap-SuSE.patch Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.yZXxQc/_old 2012-04-12 09:21:28.0 +0200 +++ /var/tmp/diff_new_pack.yZXxQc/_new 2012-04-12 09:21:28.0 +0200 @@ -25,6 +25,7 @@ Release:0 Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz Source1:baselibs.conf +Patch0: ecryptfs-setup-swap-SuSE.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gtk2-devel BuildRequires: intltool @@ -46,6 +47,7 @@ %prep %setup -q +%patch0 -p1 %build export RPM_OPT_FLAGS=$RPM_OPT_FLAGS -fno-strict-aliasing ++ ecryptfs-setup-swap-SuSE.patch ++ --- ecryptfs-utils-96/src/utils/ecryptfs-setup-swap 2011-12-13 18:01:38.0 -0500 +++ ecryptfs-utils-96/src/utils/ecryptfs-setup-swap-mod 2012-04-06 11:24:50.083041485 -0400 @@ -172,7 +172,7 @@ swapoff -a # Restart cryptdisks - /etc/init.d/cryptdisks restart + /etc/init.d/boot.crypto restart # Turn the swap on swapon -a -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2012-03-29 11:36:52 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is ecryptfs-utils, Maintainer is meiss...@suse.com Changes: --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2011-10-05 11:08:09.0 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2012-03-29 11:36:53.0 +0200 @@ -1,0 +2,10 @@ +Wed Mar 28 14:47:13 UTC 2012 - meiss...@suse.com + +- updated to 96 + - bugfixes + - testsuite added + - ecryptfs-verify utility added + - write-read test utility +- mark /sbin/mount.eccryptfs_private as setuidable (bnc#745584 , bnc#740110) + +--- Old: ecryptfs-utils_92.orig.tar.gz New: ecryptfs-utils_96.orig.tar.gz Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.I4auVG/_old 2012-03-29 11:36:58.0 +0200 +++ /var/tmp/diff_new_pack.I4auVG/_new 2012-03-29 11:36:58.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package ecryptfs-utils # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,20 +16,30 @@ # - Name: ecryptfs-utils Url:https://launchpad.net/ecryptfs +Summary:Userspace Utilities for ecryptfs License:GPL-2.0+ Group: Productivity/Security -Summary:Userspace Utilities for ecryptfs -Version:92 -Release:1 +Version:96 +Release:0 Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz Source1:baselibs.conf BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: gtk2-devel intltool keyutils-devel keyutils-libs libgcrypt-devel mozilla-nss-devel openssl-devel pam-devel pkcs11-helper-devel python-devel trousers-devel -BuildRequires: update-desktop-files +BuildRequires: gtk2-devel +BuildRequires: intltool +BuildRequires: keyutils-devel +BuildRequires: keyutils-libs +BuildRequires: libgcrypt-devel BuildRequires: libtool +BuildRequires: mozilla-nss-devel +BuildRequires: openssl-devel +BuildRequires: pam-devel +BuildRequires: pkcs11-helper-devel +BuildRequires: python-devel +BuildRequires: swig +BuildRequires: trousers-devel +BuildRequires: update-desktop-files %description A stacked cryptographic filesystem for Linux. @@ -59,7 +69,12 @@ %suse_update_desktop_file ecryptfs-setup-private %find_lang %{name} -%post -p /sbin/ldconfig +%verifyscript +%verify_permissions -e /sbin/mount.ecryptfs_private + +%post +/sbin/ldconfig +%set_permissions /sbin/mount.ecryptfs_private %postun -p /sbin/ldconfig @@ -68,7 +83,10 @@ %doc COPYING NEWS README THANKS doc/ecryptfs-faq.html doc/ecryptfs-pam-doc.txt /usr/include/ecryptfs.h %{_prefix}/bin/* -/sbin/* +/sbin/mount.ecryptfs +/sbin/umount.ecryptfs +/sbin/umount.ecryptfs_private +%verify(not mode) /sbin/mount.ecryptfs_private %{_libdir}/libecryptfs* %{_libdir}/pkgconfig/libecryptfs.pc %{_mandir}/man1/*ecryptfs* ++ ecryptfs-utils_92.orig.tar.gz - ecryptfs-utils_96.orig.tar.gz ++ 12207 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2011-12-06 18:07:44 Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) Package is ecryptfs-utils, Maintainer is meiss...@suse.com Changes: Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.VWzW8y/_old 2011-12-06 18:13:17.0 +0100 +++ /var/tmp/diff_new_pack.VWzW8y/_new 2011-12-06 18:13:17.0 +0100 @@ -19,7 +19,7 @@ Name: ecryptfs-utils Url:https://launchpad.net/ecryptfs -License:GPLv2+ +License:GPL-2.0+ Group: Productivity/Security Summary:Userspace Utilities for ecryptfs Version:92 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at Wed Oct 5 11:08:08 CEST 2011. --- openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2011-09-23 01:56:07.0 +0200 +++ /mounts/work_src_done/STABLE/ecryptfs-utils/ecryptfs-utils.changes 2011-09-30 22:12:16.0 +0200 @@ -1,0 +2,5 @@ +Fri Sep 30 20:07:57 UTC 2011 - co...@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +--- calling whatdependson for head-i586 Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.ZkUxnM/_old 2011-10-05 11:08:05.0 +0200 +++ /var/tmp/diff_new_pack.ZkUxnM/_new 2011-10-05 11:08:05.0 +0200 @@ -29,6 +29,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gtk2-devel intltool keyutils-devel keyutils-libs libgcrypt-devel mozilla-nss-devel openssl-devel pam-devel pkcs11-helper-devel python-devel trousers-devel BuildRequires: update-desktop-files +BuildRequires: libtool %description A stacked cryptographic filesystem for Linux. continue with q... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at Wed Sep 21 17:03:32 CEST 2011. --- ecryptfs-utils/ecryptfs-utils.changes 2011-08-11 17:27:36.0 +0200 +++ /mounts/work_src_done/STABLE/ecryptfs-utils/ecryptfs-utils.changes 2011-09-20 15:33:30.0 +0200 @@ -1,0 +2,15 @@ +Tue Sep 20 15:32:22 CEST 2011 - meiss...@suse.de + +- Updated to 92 + * Fix umask issue introduced by last security update + * some bugfixes + +--- +Sun Sep 18 17:17:12 UTC 2011 - jeng...@medozas.de + +- Remove redundant/obsolete tags/sections from specfile + (cf. packaging guidelines) +- Put make call in the right spot +- Use %_smp_mflags for parallel build + +--- calling whatdependson for head-i586 Old: ecryptfs-utils_90.orig.tar.gz New: ecryptfs-utils_92.orig.tar.gz Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.td7d2Z/_old 2011-09-21 17:03:26.0 +0200 +++ /var/tmp/diff_new_pack.td7d2Z/_new 2011-09-21 17:03:26.0 +0200 @@ -15,16 +15,14 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: ecryptfs-utils Url:https://launchpad.net/ecryptfs License:GPLv2+ Group: Productivity/Security -AutoReqProv:on Summary:Userspace Utilities for ecryptfs -Version:90 +Version:92 Release:1 Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz Source1:baselibs.conf @@ -35,16 +33,6 @@ %description A stacked cryptographic filesystem for Linux. - - -Authors: - -Mike Halcrow designed and implemented eCryptfs, which is a fork from -Cryptfs. Erez Zadok, along with the fileystem research lab at Stony -Brook University, designed and implemented Cryptfs. Michael -C. Thompson has contributed a substantial amount of code to the -project. - %prep %setup -q @@ -57,9 +45,9 @@ --enable-tspi \ --enable-pkcs11-helper \ --with-pamdir=/%_lib/security +make %{?_smp_mflags} %check -make make check %install @@ -70,9 +58,6 @@ %suse_update_desktop_file ecryptfs-setup-private %find_lang %{name} -%clean -rm -rf $RPM_BUILD_ROOT - %post -p /sbin/ldconfig %postun -p /sbin/ldconfig ++ ecryptfs-utils_90.orig.tar.gz - ecryptfs-utils_92.orig.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ecryptfs-utils-90/Makefile.in new/ecryptfs-utils-92/Makefile.in --- old/ecryptfs-utils-90/Makefile.in 2011-08-10 15:36:29.0 +0200 +++ new/ecryptfs-utils-92/Makefile.in 2011-09-01 23:23:43.0 +0200 @@ -217,6 +217,8 @@ MSGMERGE = @MSGMERGE@ NM = @NM@ NMEDIT = @NMEDIT@ +NSS_CFLAGS = @NSS_CFLAGS@ +NSS_LIBS = @NSS_LIBS@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ecryptfs-utils-90/configure new/ecryptfs-utils-92/configure --- old/ecryptfs-utils-90/configure 2011-08-10 15:36:28.0 +0200 +++ new/ecryptfs-utils-92/configure 2011-09-01 23:23:41.0 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for ecryptfs-utils 90. +# Generated by GNU Autoconf 2.68 for ecryptfs-utils 92. # # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -567,8 +567,8 @@ # Identity of this package. PACKAGE_NAME='ecryptfs-utils' PACKAGE_TARNAME='ecryptfs-utils' -PACKAGE_VERSION='90' -PACKAGE_STRING='ecryptfs-utils 90' +PACKAGE_VERSION='92' +PACKAGE_STRING='ecryptfs-utils 92' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -695,6 +695,8 @@ TSPI_CFLAGS PKCS11_HELPER_LIBS PKCS11_HELPER_CFLAGS +NSS_LIBS +NSS_CFLAGS OPENSSL_LIBS OPENSSL_CFLAGS KEYUTILS_LIBS @@ -885,6 +887,8 @@ KEYUTILS_LIBS OPENSSL_CFLAGS OPENSSL_LIBS +NSS_CFLAGS +NSS_LIBS PKCS11_HELPER_CFLAGS PKCS11_HELPER_LIBS TSPI_CFLAGS @@ -1435,7 +1439,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat _ACEOF -\`configure' configures ecryptfs-utils 90 to adapt to many kinds of systems. +\`configure' configures ecryptfs-utils 92 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1506,7 +1510,7 @@ if test -n $ac_init_help; then case $ac_init_help in - short | recursive ) echo Configuration of ecryptfs-utils 90:;; + short | recursive ) echo Configuration of ecryptfs-utils 92:;; esac cat \_ACEOF @@ -1576,6 +1580,8 @@ C compiler
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at Fri Aug 12 13:24:19 CEST 2011. --- ecryptfs-utils/ecryptfs-utils.changes 2011-04-18 17:09:01.0 +0200 +++ /mounts/work_src_done/STABLE/ecryptfs-utils/ecryptfs-utils.changes 2011-08-11 17:27:36.0 +0200 @@ -1,0 +2,17 @@ +Thu Aug 11 17:25:21 CEST 2011 - meiss...@suse.de + +- Updated to 90 + Fixed several security issues: + * CVE-2011-1831 - Race condition when checking mountpoint during mount. + * CVE-2011-1832 - Race condition when checking mountpoint during unmount. + * CVE-2011-1833 - Race condition when checking source during mount. + * CVE-2011-1834 - Improper mtab handling allowing corruption due to resource +limits, signals, etc. + * CVE-2011-1835 - Key poisoning in ecryptfs-setup-private due to insecure temp +directory. + * CVE-2011-1836 - ecryptfs-recover-private mounts directly in /tmp + * CVE-2011-1837 - Predictable lock counter name and associated races. + + New ecryptfs-find binary to find by inode. + +--- calling whatdependson for head-i586 Old: ecryptfs-utils_87.orig.tar.gz New: ecryptfs-utils_90.orig.tar.gz Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.Bl1Eqy/_old 2011-08-12 13:24:01.0 +0200 +++ /var/tmp/diff_new_pack.Bl1Eqy/_new 2011-08-12 13:24:01.0 +0200 @@ -24,7 +24,7 @@ Group: Productivity/Security AutoReqProv:on Summary:Userspace Utilities for ecryptfs -Version:87 +Version:90 Release:1 Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz Source1:baselibs.conf ++ ecryptfs-utils_87.orig.tar.gz - ecryptfs-utils_90.orig.tar.gz ++ 18222 lines of diff (skipped) Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at Mon Jun 6 13:56:34 CEST 2011. --- ecryptfs-utils/ecryptfs-utils.changes 2010-04-10 17:40:48.0 +0200 +++ /mounts/work_src_done/STABLE/ecryptfs-utils/ecryptfs-utils.changes 2011-04-18 17:09:01.0 +0200 @@ -1,0 +2,58 @@ +Mon Apr 18 17:06:50 CEST 2011 - meiss...@suse.de + +- Updated to 87 + * src/utils/ecryptfs-setup-private: update the Private.* selinux +contexts + * src/utils/ecryptfs-setup-private: +- add -p to mkdir, address noise for a non-error +- must insert keys during testing phase, since we remove keys on + unmount now, LP: #725862 + * src/utils/ecryptfs_rewrap_passphrase.c: confirm passphrases in +interactive mode, LP: #667331 +- Updated to 86 + * src/pam_ecryptfs/pam_ecryptfs.c: +- check if this file exists and ask the user for the wrapping passphrase + if it does +- eliminate both ecryptfs_pam_wrapping_independent_set() and + ecryptfs_pam_automount_set() and replace with a reusable + file_exists_dotecryptfs() function + * src/utils/mount.ecryptfs_private.c: +- support multiple, user configurable private directories by way of + a command line alias argument +- this alias references a configuration file by the name of: + $HOME/.ecryptfs/alias.conf, which is in an fstab(5) format, + as well as $HOME/.ecryptfs/alias.sig, in the same format as + Private.sig +- if no argument specified, the utility operates in legacy mode, + defaulting to Private +- rename variables, s/dev/src/ and s/mnt/dest/ +- add a read_config() function +- add an alias char* to replace the #defined ECRYPTFS_PRIVATE_DIR +- this is half of the fix to LP: #615657 + * doc/manpage/mount.ecryptfs_private.1: document these changes + * src/libecryptfs/main.c, src/utils/mount.ecryptfs_private.c: +- allow umount.ecryptfs_private to succeed when the key is no + longer in user keyring. +- Updated to 85 + * src/utils/ecryptfs-recover-private: clean sigs of invalid characters + * src/utils/mount.ecryptfs_private.c: +- fix bug LP: #313812, clear used keys on unmount +- add ecryptfs_unlink_sigs to the mount opts, so that unmounts from + umount.ecryptfs behave similarly +- use ecryptfs_remove_auth_tok_from_keyring() on the sig and sig_fnek + * src/utils/ecryptfs-migrate-home: +- support user databases outside of /etc/passwd, LP: #627506 +- Updated to 84 + * src/desktop/ecryptfs-record-passphrase: fix typo, LP: #524139 + * debian/rules, debian/control: +- disable the gpg key module, as it's not yet functional +- clean up unneeded build-deps +- also, not using opencryptoki either + * doc/manpage/ecryptfs.7: fix minor documentation bug, reported by +email by Jon 'maddog' Hall + * doc/manpage/ecryptfs-recover-private.1, doc/manpage/Makefile.am, +po/POTFILES.in, src/utils/ecryptfs-recover-private, +src/utils/Makefile.am: add a utility to simplify data recovery +of an encrypted private directory from a Live ISO, LP: #689969 + +--- calling whatdependson for head-i586 Old: ecryptfs-utils_83.orig.tar.gz New: ecryptfs-utils_87.orig.tar.gz Other differences: -- ++ ecryptfs-utils.spec ++ --- /var/tmp/diff_new_pack.iwioJt/_old 2011-06-06 13:55:48.0 +0200 +++ /var/tmp/diff_new_pack.iwioJt/_new 2011-06-06 13:55:48.0 +0200 @@ -1,7 +1,7 @@ # -# spec file for package ecryptfs-utils (Version 83) +# spec file for package ecryptfs-utils # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,8 +24,8 @@ Group: Productivity/Security AutoReqProv:on Summary:Userspace Utilities for ecryptfs -Version:83 -Release:2 +Version:87 +Release:1 Source0: http://launchpad.net/ecryptfs/trunk/%version/+download/ecryptfs-utils_%version.orig.tar.gz Source1:baselibs.conf BuildRoot: %{_tmppath}/%{name}-%{version}-build ++ ecryptfs-utils_83.orig.tar.gz - ecryptfs-utils_87.orig.tar.gz ++ 4269 lines of diff (skipped) retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ecryptfs-utils-83/configure.ac new/ecryptfs-utils-87/configure.ac ---