-------------------------------------------------------------------
Mon May 9 16:55:47 UTC 2022 - Peter Varkoly <varkoly@suse.com>
- Update to version 2.4:
* (bsc#1186226) - (CVE-2019-18906) client side password hashing is equivalent to clear text password storage
* Fix authentication on all places.
* Fix sysconfig variable name.
* First step to use plain text password instead of hashed password.
* Move repository into the SUSE github organization
* decorate readme with more usage instructions
* in RPC server, if client comes from localhost, remember its ipv4 localhost address instead of ipv6 address
* Test clear expired commands in TestDB_UpdateSeenFlag
* tell a record to clear expired pending commands upon saving a command result; introduce pending commands RPC test case
* avoid hard coding 127.0.0.1 in host ID of alive message test; let system administrator mount and unmount disks by issuing these two commands on key server.
-------------------------------------------------------------------
Wed Jul 21 16:02:08 UTC 2021 - Paolo Perego <paolo.perego@suse.com>
- Fixed build errors adding a "go mod init"
- Binaries are now compiled with PIE support
- Also client service is symlinked so to avoid warnings
-------------------------------------------------------------------
Wed Aug 19 09:54:56 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %{_udevrulesdir} instead of abusing %{_libexecdir}.
-------------------------------------------------------------------
Mon Feb 3 12:13:56 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- BuildRequire pkgconfig(systemd|udev) instead of systemd and udev:
Allow OBS to shortcut through -mini flavors.
- Name the rpmlintrc file according the policy: cryptctl-rpmlintrc.
-------------------------------------------------------------------
Thu Nov 23 13:44:21 UTC 2017 - rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
-------------------------------------------------------------------
Mon Oct 23 14:26:02 UTC 2017 - hguo@suse.com
- Add previously missing systemd service cryptctl-client.service
into RPM content, continue with bsc#1056082.
-------------------------------------------------------------------
Mon Aug 28 13:37:13 UTC 2017 - hguo@suse.com
- Upgrade to upstream release 2.3 that brings a new feature to allow
system administrators to issue mount/umount commands to client
computers via key server. (bsc#1056082)
-------------------------------------------------------------------
Wed Jun 7 12:11:50 UTC 2017 - hguo@suse.com
- Upgrade to upstream release 2.2 that brings important enhancements
in effort of implementing fate#322979:
* System administrator may now optionally turn off TLS certificate
verification on KMIP server. Note that, certificate verification
is enforced by default.
* Improve handling of boolean answers from interactive command line.
* Improve error handling in KMIP client.
-------------------------------------------------------------------
Thu Jun 1 13:00:57 UTC 2017 - hguo@suse.com
- Upgrade to upstream release 2.1 that brings important enhancements
in effort of implementing fate#322979:
* Improve KMIP compatibility with key prefix names and proper
serialisation of authentication header.
* Fail over KMIP connection using a server list.
* Destroy key on KMIP after its tracking record is erased from DB.
-------------------------------------------------------------------
Thu May 11 14:00:39 UTC 2017 - hguo@suse.com
- Upgrade to upstream release 2.0 that brings a protocol evolution
together with several new features:
* Optionally utilise an external KMIP-v1.3 compatible service to
store actual encryption key.
* Optionally verify client identity before serving its key requests.
* Password is hashed before transmitting over TLS-secured channel.
* Fix an issue that previously allowed a malicious administrator
to craft RPC request to overwrite files outside of key database.
Implemented accordint to fate#322979 and fate#322293.
-------------------------------------------------------------------
Fri Apr 28 08:32:46 UTC 2017 - hguo@suse.com
- Upgrade to 1.99pre that introduces a library for decoding, encoding,
and serialisation operations of KMIP v1.3 for fate#322979.
-------------------------------------------------------------------
Wed Nov 16 14:45:31 UTC 2016 - hguo@suse.com
- Upgrade to 1.2.6 for accumulated bug fixes (bsc#1006219):
* Prevent user from attempting to encrypt a disk with mounted
partitions, or an existing encrypted+opened disk.
* Ensure CA path input is an absolute path.
* Fix two mistakes in handling of timeout input.
* Fix minor formatting issue in manual page.
* Suppress consecutive failure messages in the journal of
ReportAlive and AutoOnlineUnlockFS routines.
-------------------------------------------------------------------
Fri Sep 16 09:37:42 UTC 2016 - hguo@suse.com
- Implement mandatory enhancements:
* Do not allow encrypting a remote file system.
* Implement command for erasing an encrypted file system.
- Bump version to 1.2.5 for fate#320367.
-------------------------------------------------------------------
Fri Sep 2 14:36:01 UTC 2016 - hguo@suse.com
- Implement mandatory enhancements:
* Make workflow across all sub-commands consistent in invocation
style.
* Implement auto-unlocking of encrypted disks.
* Show key record usage and details on demand.
- Bump version to 1.2.4 for fate#320367.
-------------------------------------------------------------------
Thu Aug 18 14:44:23 UTC 2016 - hguo@suse.com
- Implement mandatory enhancements:
* Remove necessity for a backup directory to be involved for
encryption routine.
* Optimise certificate generation prompts.
* Remove unused error messages and fix several of their typos.
* Remove unnecessary safety checks.
* Make the encryption routine work with btrfs and LVM.
- Bump version to 1.2.3 fate#320367.
-------------------------------------------------------------------
Wed Aug 3 14:13:05 UTC 2016 - hguo@suse.com
- Upon request, generate a self-signed TLS certificate for
experimental purposes.
- Bump version to 1.2.2 fate#320367.
-------------------------------------------------------------------
Mon Aug 1 13:50:48 UTC 2016 - hguo@suse.com
- Implement mandatory features:
* Encrypt empty directory skips backup steps.
* Explain key revocation and TLS mechanisms in manual page.
- Bump version to 1.2.1 fate#320367.
-------------------------------------------------------------------
Mon Jul 11 12:07:09 UTC 2016 - hguo@suse.com
- Implement mandatory features:
* List and edit key records
* Unlock file system via key record file
* Use custom options to mount unlocked file system
Enhance usability:
* Make encryption procedure's pre-check more thorough
* Improve overall command prompts
- Bump version to 1.2 fate#320367.
-------------------------------------------------------------------
Fri Jul 1 14:30:10 UTC 2016 - hguo@suse.com
- A preview version with most of the desired functions implemented:
* Key database
* Key RPC server
* Client encryption and decryption routines
Bump version to 1.1
fate#320367.
-------------------------------------------------------------------
Wed Jun 8 10:22:03 UTC 2016 - hguo@suse.com
- First version, only to help with building ISOs.
Implement fate#320367.