------------------------------------------------------------------- Mon Jan 18 12:18:21 UTC 2016 - meissner@suse.com - validate-mount-destination-fs-type.patch: Fixed mounting over specific system mounts that could be used to escalate privileges by local users. (bsc#962052 CVE-2016-1572) - ecryptfs-utils-CVE-2014-9687.patch: Do not use a default salt to encrypt the mount passphrase, which would make it easier for attackers to obtain user passwords via a brute force attack. (bsc#920160 CVE-2014-9687) ------------------------------------------------------------------- Tue Apr 19 16:53:00 CEST 2012 - meissner@suse.de - use getent instead of grep /etc/passwd for the passwd line (bnc#745372) - Added /sbin/ to the mount.ecryptfs binaries (bnc#745581) - make it suid root ready (will be given by permissions package) (bnc#745584) - Fixed some implicit warnings to make stuff work better on 64bit. (bnc#745825) ------------------------------------------------------------------- Mon Dec 12 14:11:38 CET 2011 - meissner@suse.de - Fixed umask of /etc/mtab.tmp and get / drop group rights before/after failed mounting. bnc#735342 / CVE-2011-3145 ------------------------------------------------------------------- Thu Aug 4 11:05:16 CEST 2011 - meissner@suse.de - Security update to fix various race conditions that might allow privilege escalation (bnc#709771) * CVE-2011-1831: Race condition when checking mountpoint during mount. * CVE-2011-1832: Race condition when checking mountpoint during unmount. * CVE-2011-1834: Improper mtab handling allowing corruption due to resource limits, signals, etc. * CVE-2011-1833: Race condition when checking source during mount. ------------------------------------------------------------------- Wed Dec 2 16:41:47 CET 2009 - meissner@suse.de - fixed 'des3_ede128' incorrect display bnc#480881 ------------------------------------------------------------------- Fri Oct 24 13:58:01 CEST 2008 - meissner@suse.de - Upgraded to version 61 - starts of filename encryption - bugfixes ------------------------------------------------------------------- Fri Sep 19 11:55:34 CEST 2008 - meissner@suse.de - Upgraded to version 58 - config file changes yet again - some documentation fixes - some TPM related fixes ------------------------------------------------------------------- Sat Aug 23 10:45:52 CEST 2008 - meissner@suse.de - Upgraded to version 56 - more manpages - changed configfile format ------------------------------------------------------------------- Fri Jul 11 22:41:55 CEST 2008 - meissner@suse.de - Upgraded to version 50 - another manpage - bugfixes - fixed kernel netlink interface ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support ------------------------------------------------------------------- Thu Apr 3 11:27:39 CEST 2008 - meissner@suse.de - Upgraded to version 41 - typo fixed in manpage - enabled TPM support (tspi) - enabled PKCS11 support ------------------------------------------------------------------- Mon Feb 25 22:25:31 CET 2008 - meissner@suse.de - Upgraded to version 40 - more manpages - some new features - lots of bugfixes ------------------------------------------------------------------- Fri Aug 3 10:51:14 CEST 2007 - meissner@suse.de - fixed pam module path for ia64 and s390x too. ------------------------------------------------------------------- Sun Jul 29 11:28:25 CEST 2007 - meissner@suse.de - fixed pam module path ------------------------------------------------------------------- Fri Jul 27 11:59:37 CEST 2007 - meissner@suse.de - uphgraded to version 18. - TPM support (not yet enabled) - added PAM module ------------------------------------------------------------------- Tue Mar 20 15:21:00 CET 2007 - meissner@suse.de - build on IA64 - fixed compiler warnings ------------------------------------------------------------------- Tue Mar 6 14:20:50 CET 2007 - meissner@suse.de - fixed build on lib64 ------------------------------------------------------------------- Mon Mar 5 12:31:00 CET 2007 - meissner@suse.de - upgraded to version 10. - unlisted enhancements and bugfixes. ------------------------------------------------------------------- Thu Dec 14 16:17:01 CET 2006 - meissner@suse.de - use lib64 correctly. - fixed "is used uninitialized" warnings. ------------------------------------------------------------------- Tue Dec 5 11:59:54 CET 2006 - meissner@suse.de - initial checkin of version 5. - userland utilities to control ecryptfs filesystems