fscrypt-0.3.5-1.4 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

fscrypt is a high-level tool for the management of Linux filesystem encryption.
This tool manages metadata, key generation, key wrapping, PAM integration, and
provides a uniform interface for creating and modifying encrypted directories.

Provides

• fscrypt
• fscrypt(s390-64)

Requires

• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.2)(64bit)
• libc.so.6(GLIBC_2.2.4)(64bit)
• libc.so.6(GLIBC_2.3.2)(64bit)
• libc.so.6(GLIBC_2.32)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libpam.so.0()(64bit)
• libpam.so.0(LIBPAM_1.0)(64bit)
• libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit)
• pam-fscrypt = 0.3.5
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1

License

Apache-2.0

Changelog

* Thu May 09 2024 Dirk Müller <dmueller@suse.com>
  - update to 0.3.5:
    * Upgraded various dependencies, resolving two security alerts
      from GitHub.
    * `fscrypt` now requires Go 1.18 or later to build.
    * `fscrypt` now provides a better error message when it's asked
      to operate on a locked regular file.
    * Made some improvements to the documentation.
* Wed Mar 08 2023 Dirk Müller <dmueller@suse.com>
  - move to pam_vendordir
  - add baselibs
* Wed Feb 15 2023 Dirk Müller <dmueller@suse.com>
  - add fscrypt pam configuration
  - drop pam-specs from main package
* Tue Jan 31 2023 Marcus Rueckert <mrueckert@suse.de>
  - update to 0.3.4:
    - fscrypt now requires Go 1.16 or later to build.
    - pam_fscrypt now supports the option unlock_only to disable
      locking of directories on logout.
    - Fixed a bug where the number of CPUs used in the passphrase
      hash would be calculated incorrectly on systems with more than
      255 CPUs.
    - Added support for AES-256-HCTR2 filenames encryption.
    - Directories are now synced immediately after an encryption
      policy is applied, reducing the chance of an inconsistency
      after a sudden crash.
    - Added Lustre to the list of allowed filesystems.
    - Added a NEWS.md file that contains the release notes, and
      backfilled it from the GitHub release notes.
* Tue Mar 08 2022 Dirk Müller <dmueller@suse.com>
  - use pam_moduledir
* Thu Feb 24 2022 Dirk Müller <dmueller@suse.com>
  - update to 0.3.3:
    * Correctly handle malicious mountpoint paths in the fscrypt bash completion
      script (CVE-2022-25328, command injection).
    * Validate the size, type, and owner (for login protectors) of policy and
      protector files (CVE-2022-25327, denial of service).
    * Make the fscrypt metadata directories non-world-writable by default
      (CVE-2022-25326, denial of service).
    * When running as a non-root user, ignore policy and protector files that
      aren't owned by the user or by root.
    * Also require that the metadata directories themselves and the mountpoint
      root directory be owned by the user or by root.
    * Make policy and protector files mode 0600 rather than 0644.
    * Make all relevant files owned by the user when root encrypts a directory
      with a user's login protector, not just the the login protector itself.
    * Make pam_fscrypt ignore system users completely.
  - drop 346.patch: upstream
* Wed Feb 23 2022 Dirk Müller <dmueller@suse.com>
  - refresh 346.patch with final merged state
* Tue Feb 22 2022 Dirk Müller <dmueller@suse.com>
  - add 346.patch (bsc#1195623)
* Thu Feb 10 2022 Dirk Müller <dmueller@suse.com>
  - update to 0.3.2:
    * Made linked protectors (e.g., login protectors used on a non-root filesystem)
      more reliable when a filesystem UUID changes.
    * Made login protectors be owned by the user when they are created as root, so
      that the user has permission to update them later.
    * Made fscrypt work when the root directory is a btrfs filesystem.
    * Made pam_fscrypt start warning when a user's login protector is getting
      de-synced due to their password being changed by root.
    * Support reading the key for raw key protectors from standard input.
    * Made fscrypt metadata remove-protector-from-policy work even if the protector
      is no longer accessible.
    * Made fscrypt stop trying to access irrelevant filesystems.
    * Improved the documentation.
* Fri Feb 04 2022 Dirk Müller <dmueller@suse.com>
  - spec-cleaner run

Files

/usr/bin/fscrypt
/usr/share/bash-completion/completions/fscrypt
/usr/share/doc/packages/fscrypt
/usr/share/doc/packages/fscrypt/README.md
/usr/share/licenses/fscrypt
/usr/share/licenses/fscrypt/LICENSE

Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Oct 22 23:18:26 2025