lp:ubuntu/vivid-proposed/ecryptfs-utils
- Get this branch:
- bzr branch lp:ubuntu/vivid-proposed/ecryptfs-utils
Branch merges
Related bugs
Related blueprints
Branch information
Recent revisions
- 48. By Martin Pitt
-
* Add setup-swap-
check-links. patch: When commenting out existing swap, also
consider device symlinks like /dev/mapper/ubuntu- -vg-swap_ 1 or
/dev/disks/by- uuid/ into account. Fixes broken cryptswap under LVM and
manual setups. (LP: #1453738)
* debian/ecryptfs- utils.postinst: On upgrade, uncomment underlying
unencrypted swap partitions that are referred to by a device link when
crypttab and fstab have a "cryptswap*" device referring to them. - 47. By Martin Pitt
-
* Add setup-swap-
mark-gpt- noauto. patch: In ecryptfs- setup-swap, mark the
"fake" underlying unencrypted swap partition as no-auto Without that, the
swap partition gets auto-activated under systemd as it cannot be told
apart from a real unencrypted swap partition.
* debian/ecryptfs- utils.postinst: Fix existing GPT installations with
cryptswap1 and an offset= for the above issue. (LP: #1447282) - 46. By Dustin Kirkland
-
[ Dustin Kirkland ]
* scripts/release.sh:
- a few more release script improvements, build the source
package for the Ubuntu development distro
* debian/control:
- build depend on distro-info, which we use in our release script
* vivid[ Tyler Hicks ]
* src/libecryptfs/key_management .c:
- Fix a regression when reading version 1 wrapped passphrase files. A
return code indicating success was always returned even when an error
was encountered. The impact is low since the error situation is still
caught when validating either the wrapping password's signature or the
wrapped passphrase's signature. Thanks to László Böszörményi for
catching this mistake.
- Reject empty passphrases passed into ecryptfs_wrap_passphrase ()
* src/libecryptfs/main.c:
- Reject empty wrapping passphrases passed into generate_passphrase_ sig() - 45. By Dustin Kirkland
-
[ Dustin Kirkland and Martin Pitt ]
* debian/ecryptfs- utils.postinst: LP: #953875
- detect and clean up after nonexisting cryptswap devices[ Tyler Hicks ]
* tests/userspace/Makefile. am: Fix the 'make check' failure present in the
ecryptfs-utils-105 release tarball. The failure was due to the automake
file not specifying that some data files should be distributed as part
of the v1-to-v2-wrapped- passphrase test, causing the test to fail due to
the missing files.[ Dustin Kirkland ]
* scripts/release.sh:
- ensure that we try a binary build as part of the release process
- make sure we're in the original working directory when we release
- remove the -x option, too noisy
* vivid
* vivid
* vivid - 44. By Dustin Kirkland
-
[ Dustin Kirkland ]
* doc/manpage/ecryptfs. 7: LP: #1267640
- fix inconsistency in man page for passphrase_passwd_ file format
* doc/manpage/ecryptfs- setup-private. 1, src/utils/ ecryptfs- setup-
private, src/utils/ecryptfs- setup-swap: LP: #1420424
- use /dev/random rather than /dev/urandom for long lived keys
* src/utils/ecryptfs- setup-private:
- use /dev/urandom for our testing, as we read a lot of info
* src/utils/ecryptfs- setup-swap: LP: #953875, #1086140
- fix a whitespace bug in a grep, that might cause us to not
comment out the old swap space in /etc/fstab
- offset the start of the encrypted swap space by 1KB, which
ensures that we don't overwrite the UUID label on the header
of the partition
- use the aes-xts block cipher, and plain64 initialization vector,
which are current best practice here
- fixed a grammar nitpick[ Colin King ]
* src/libecryptfs/key_management .c, src/utils/ mount.ecryptfs. c:
- A couple of minor fixes: Fix a memory leak and handle out of memory
error, as found by using cppcheck.
* src/utils/mount.ecryptfs. c
- fix potential double free on yesno if get_string_stdin exits early
without allocating a new buffer and we free yesno on the exit clean
up path.
* src/libecryptfs/cmd_ln_ parser. c
- remove redundant if / goto statement that does nothing.[ Anders Kaseorg ]
* src/pam_ecryptfs/ pam_ecryptfs. c: exit (not return) from forked child on
error (LP: #1323421)[ Tyler Hicks ]
* Introduce the version 2 wrapped-passphrase file format. It adds the
ability to combine a randomly generated salt with the wrapping password
(typically, a user's login password) prior to performing key
strengthening. The version 2 file format is considered to be a
intermediate step in strengthening the wrapped-passphrase files of
existing encrypted home/private users. Support for reading/writing version
2 wrapped-passphrase files and transparent migration, through
pam_ecryptfs, from version 1 to version 2 files is considered safe enough
to backport to stable distro releases. The libecryptfs ABI around
wrapped-passphrase file handling is not broken.
- CVE-2014-9687
* Run wrap-unwrap.sh test as part of the make check target.
* Add a new test, called v1-to-v2-wrapped- passphrase. sh, which is suitable
for the make check target and verifies v1 to v2 wrapped-passphrase file
migration.
* Create a temporary file when creating a new wrapped-passphrase file and
copy it to its final destination after the file has been fully synced to
disk (LP: #1020902) - 43. By Dustin Kirkland
-
[ Dustin Kirkland ]
Userspace fixes for LP: #345544, CVE-2009-0787
* src/utils/ecryptfs- rewrite- file: new script, to rewrite a file,
forcing it to be re-encrypted when written to disk
* doc/manpage/ecryptfs- rewrite- file.1: documentation added Unrelated fixes in this release
* src/utils/ecryptfs- mount-private, src/utils/ ecryptfs- setup-private,
src/utils/ecryptfs- setup-swap: use head/line for prompting and reading
input[ Michal Hlavinka ]
* ecryptfs-setup-private: don't fail with syntax error when kernel
module not loaded
* *.desktop: make desktop files standards compliant
* umount.ecryptfs: don't sigsegv when arguments are missing - 42. By Dustin Kirkland
-
[ Dustin Kirkland ]
* src/utils/ecryptfs- [u]mount- private: print message about cd $PWD,
LP: #332331
* doc/manpage/*: manpage updates
* debian/ecryptfs- utils.prerm: prevent removal of ecryptfs-utils
package, if in use, LP: #331085
* src/utils/ecryptfs- setup-private:
- allow for LDAP-based logins, LP: #317307
- add --noautomount, --noautoumount options, LP: #301759[ Tyler Hicks ]
* src/libecryptfs/cipher_ list.c: ignore unknown ciphers, LP: #335632
* doc/manpage/ecryptfs. 7: add key sig mount options info, LP: #329491
* src/utils/mount.ecryptfs. c: scrub unknown option [ James Dupin ]
* doc/manpage/fr/*: initial cut at french manpages[ Michal Hlavinka ]
* src/libecryptfs/module_ mgr.c: fix mount parameter handling on
interactive mounting, LP: #331948 - 41. By Dustin Kirkland
-
debian/
ecryptfs- utils.prerm: perform some cursory checks, to ensure that
there are no obvious, current users of ecryptfs before allowing package
removal, LP: #331085 - 40. By Dustin Kirkland
-
Upstream changes
[ Dustin Kirkland ]
* src/utils/ecryptfs- setup-swap: a first cut at a script that helps setup
encrypted swap
* debian/control: suggest cryptsetup[ Michal Hlavinka ]
* improve interactive mode of mount.ecryptfs - 39. By Dustin Kirkland
-
* New upstream release, dropped all patches (included upstream)
[ Michal Hlavinka ]
* Auto module loading improvements
* Fix nss passphrase (un)wrapping
* Fix error handling when wrapping passphrase is too long
* Use %m instead of strerror(errno) everywhere
* Make the code compile with -Werror[ Tyler Hicks ]
* umount.ecryptfs wrapper, clears keys[ Dustin Kirkland ]
* Add a trailing newline to passphrase printing
* Hack around glibc/kernel mlock limit issue, LP: #329176
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/vivid/ecryptfs-utils