sledp1o-cryptconfig

Optional update for cryptconfig and util-linux-crypto

Optional update for cryptconfig and util-linux-crypto

SLE10 SP1 Update for cryptconfigand others cryptconfig,util-linux-crypto added (subpackage of) cryptconfig: ------------------------------- * Fri Mar 16 2007 - jhargadon@suse.de - added translations * Mon Mar 12 2007 - crivera@suse.de - Implement pam_sm_open_session() and pam_sm_close_session() for pam_cryptpass. This lets us hook into the session stack, before pam_mount, to verify that the authtok being used can decrypt the image key. If it can't then we can prompt for the key password and sync the two. This provides a much nicer experience for users of non-local auth mechanisms. This fixes 253683. - Make root the owner of the unencrypted home directory. This is to avoid confusion if the user logs in from a service that doesn't have pam_mount in the stack. This fixes 245698. - Add a flag, --remove-data, that will remove the data in the user's unencrypted home directory after it's been copied to the encrypted image. - Move the list of passwd services to cryptconfig.conf and add gnome-passwd to the default list. - Add pam_cryptpass.so to the pam session stack before pam_mount to ensure that the key file is in sync with the user's password. This fixes 253683. * Wed Feb 21 2007 - crivera@suse.de - Remove 'su' from the list of pam config files to edit. This fixes Bug 245702. - Add a check against a key file size threshold to avoid interger overflow attacks. This helps fix 243881. - Replace chown and g_stat with fchown and fstat to avoid potential symlink issues. This helps fix 243881. - Use "--" to prevent user's from adding additional command-line options to apps that we exec. This helps fix 243881. - Use flock() to avoid races if multiple instances cryptconfig are running. - Set our umask to 077. This helps fix 243881. - Use 64-bit versions of lseek when creating and enlarging images. This fixes bugzilla #245632. * Mon Feb 12 2007 - crivera@suse.de - Search for the full path when looking for the loop device an image is using. - Make get_passphrase() stop reading input when it encounters a new line. This allows cryptconfig to be a little more scriptable and allows the new unit tests to work. - Correctly check the return value when adding a key file to an image. - Only call luks_close() if we've actually setup a map device. - Don't allow encrypted home directories for the root user. - Add a mount flag to the open command to allow images to be unlocked and mounted. - A few more minor fixes. * Tue Jan 23 2007 - crivera@suse.de - Escape the '\' characters in user names when writing to pam_mount.conf. This allows encrypted directories to work with Active Directory. This fixes bug 237929. - Set our umask to 022. - Merge a patch from dgollub to fix a file creation bug. - Add O_TRUNC in crappy_rename() when copying across devices. - Move the pam services list to cryptconf.conf instead of depending on an internal list. This will allow people to enable encrypted home dirs with other pam services. - Use 256 bytes of random data when generating a key instead of 64. This is why we depend on pam_mount-0.18-29.6. * Tue Jan 16 2007 - crivera@suse.de - Fix a small automake build issue. * Fri Jan 12 2007 - maw@suse.de - Feature update (more fate #253) - Remove cryptconfig-pam_moddir.patch which is now upstream. * Tue Jan 09 2007 - ro@suse.de - fix lib64 issue: teach configure about PAM_MODDIR - work around automake problem * Mon Jan 08 2007 - maw@suse.de - Initial import into autobuild (fate #253). ------------------------------- added (subpackage of) util-linux-crypto: ------------------------------- * Thu Dec 21 2006 - jhargadon@suse.de - submitting package from the 10.2 branch to sle10-sp (fate #253) * Fri Oct 13 2006 - mkoenig@suse.de - fix build failure due to missing pthreads * Wed Sep 13 2006 - hvogel@suse.de - use the LUKS version of cryptsetup - split -devel subpackage for libcryptsetup - remove patches because they are in the new cryptsetup * cryptsetup-0.1-static.patch * cryptsetup-0.1-retval.patch * cryptsetup-0.1-dmi.exists.patch * cryptsetup-0.1-timeout.patch - use man page from the new cryptsetup * Tue May 16 2006 - hvogel@suse.de - Fix cryptsetup to work when the device does not exist yet [#175931] * Wed Jan 25 2006 - mls@suse.de - converted neededforbuild to BuildRequires * Mon Dec 19 2005 - mmj@suse.de - Remove symlinks to hashalot we don't want * Thu Oct 13 2005 - hvogel@suse.de - Fix uninitialized var in dmconvert. Add * dmconvert-0.2-uninitialized.patch - Fix return value in cryptsetup. Add * cryptsetup-0.1-retval.patch * Wed Jun 29 2005 - hvogel@suse.de - Link cryptsetup static so it can be in /sbin and you can get /usr over nfs or even crypted * Mon May 09 2005 - hvogel@suse.de - New package, Version 2.12q ------------------------------- SLE10 SP1 Update for cryptconfigand others cryptconfig,util-linux-crypto added (subpackage of) cryptconfig: ------------------------------- * Fri Mar 16 2007 - jhargadon@suse.de - added translations * Mon Mar 12 2007 - crivera@suse.de - Implement pam_sm_open_session() and pam_sm_close_session() for pam_cryptpass. This lets us hook into the session stack, before pam_mount, to verify that the authtok being used can decrypt the image key. If it can't then we can prompt for the key password and sync the two. This provides a much nicer experience for users of non-local auth mechanisms. This fixes 253683. - Make root the owner of the unencrypted home directory. This is to avoid confusion if the user logs in from a service that doesn't have pam_mount in the stack. This fixes 245698. - Add a flag, --remove-data, that will remove the data in the user's unencrypted home directory after it's been copied to the encrypted image. - Move the list of passwd services to cryptconfig.conf and add gnome-passwd to the default list. - Add pam_cryptpass.so to the pam session stack before pam_mount to ensure that the key file is in sync with the user's password. This fixes 253683. * Wed Feb 21 2007 - crivera@suse.de - Remove 'su' from the list of pam config files to edit. This fixes Bug 245702. - Add a check against a key file size threshold to avoid interger overflow attacks. This helps fix 243881. - Replace chown and g_stat with fchown and fstat to avoid potential symlink issues. This helps fix 243881. - Use "--" to prevent user's from adding additional command-line options to apps that we exec. This helps fix 243881. - Use flock() to avoid races if multiple instances cryptconfig are running. - Set our umask to 077. This helps fix 243881. - Use 64-bit versions of lseek when creating and enlarging images. This fixes bugzilla #245632. * Mon Feb 12 2007 - crivera@suse.de - Search for the full path when looking for the loop device an image is using. - Make get_passphrase() stop reading input when it encounters a new line. This allows cryptconfig to be a little more scriptable and allows the new unit tests to work. - Correctly check the return value when adding a key file to an image. - Only call luks_close() if we've actually setup a map device. - Don't allow encrypted home directories for the root user. - Add a mount flag to the open command to allow images to be unlocked and mounted. - A few more minor fixes. * Tue Jan 23 2007 - crivera@suse.de - Escape the '\' characters in user names when writing to pam_mount.conf. This allows encrypted directories to work with Active Directory. This fixes bug 237929. - Set our umask to 022. - Merge a patch from dgollub to fix a file creation bug. - Add O_TRUNC in crappy_rename() when copying across devices. - Move the pam services list to cryptconf.conf instead of depending on an internal list. This will allow people to enable encrypted home dirs with other pam services. - Use 256 bytes of random data when generating a key instead of 64. This is why we depend on pam_mount-0.18-29.6. * Tue Jan 16 2007 - crivera@suse.de - Fix a small automake build issue. * Fri Jan 12 2007 - maw@suse.de - Feature update (more fate #253) - Remove cryptconfig-pam_moddir.patch which is now upstream. * Tue Jan 09 2007 - ro@suse.de - fix lib64 issue: teach configure about PAM_MODDIR - work around automake problem * Mon Jan 08 2007 - maw@suse.de - Initial import into autobuild (fate #253). ------------------------------- added (subpackage of) util-linux-crypto: ------------------------------- * Thu Dec 21 2006 - jhargadon@suse.de - submitting package from the 10.2 branch to sle10-sp (fate #253) * Fri Oct 13 2006 - mkoenig@suse.de - fix build failure due to missing pthreads * Wed Sep 13 2006 - hvogel@suse.de - use the LUKS version of cryptsetup - split -devel subpackage for libcryptsetup - remove patches because they are in the new cryptsetup * cryptsetup-0.1-static.patch * cryptsetup-0.1-retval.patch * cryptsetup-0.1-dmi.exists.patch * cryptsetup-0.1-timeout.patch - use man page from the new cryptsetup * Tue May 16 2006 - hvogel@suse.de - Fix cryptsetup to work when the device does not exist yet [#175931] * Wed Jan 25 2006 - mls@suse.de - converted neededforbuild to BuildRequires * Mon Dec 19 2005 - mmj@suse.de - Remove symlinks to hashalot we don't want * Thu Oct 13 2005 - hvogel@suse.de - Fix uninitialized var in dmconvert. Add * dmconvert-0.2-uninitialized.patch - Fix return value in cryptsetup. Add * cryptsetup-0.1-retval.patch * Wed Jun 29 2005 - hvogel@suse.de - Link cryptsetup static so it can be in /sbin and you can get /usr over nfs or even crypted * Mon May 09 2005 - hvogel@suse.de - New package, Version 2.12q ------------------------------- optional cryptconfig i586 44c8ddba873ccc2eef5dd649c63ca183807c3fda util-linux-crypto i586 d9b22e70e7e42aa3bb08a9d11fa9ce099dbd69af